As you know, we are using World most favourite penetration testing distribution BackTrack Linux 5 ;-) and this application is by default available in the distro. Let see its different usage. I will be analyzing alibaba.com DNS records. Fierce Usage : Jump into the application folder cd /pentest/enumeration/dns/fierce Usage: perl fierce.pl [-dns example.com] [OPTIONS] Some known usage : -threads ( by default it run using a single thread ) -file ( save output to a file. ) -range ( this is awsome, scan internal ip range.. but it can be only use with -dnsserver option ) In our case ;-) perl fierce -dns alibaba.com -threads 5 -file alibaba-dns.output You should see the following output : Now logging to alibaba-dns.output DNS Servers for alibaba.com: nshz.alibabaonline.com nsp2.alibabaonline.com ns8.alibabaonline.com nsp.alibabaonline.com Trying zone transfer first… Testing nshz.alibabaonline.com Request timed out or transfer not allowed. Testing nsp2.alibabaonline.com Request timed out or transfer not allowed. Testing ns8.alibabaonline.com Request timed out or transfer not allowed. Testing nsp.alibabaonline.com Request timed out or transfer not allowed. Unsuccessful in zone transfer (it was worth a shot) Okay, trying the good old fashioned way… brute force Checking for wildcard DNS… ** Found 97326869336.alibaba.com at 67.215.65.132. ** High probability of wildcard DNS. Now performing 1895 test(s)… 205.204.112.6 ad.alibaba.com 205.204.112.1 au.alibaba.com 205.204.112.1 cache.alibaba.com 110.75.203.17 billing.alibaba.com 205.204.112.1 co.alibaba.com 110.75.197.7 cn.alibaba.com 205.204.116.17 channel.alibaba.com 205.204.124.3 crm.alibaba.com —- Bingooo!! bla bla bla hundreds of thousands of records.
I really love this blog nice work
ReplyDelete