DNS Analysis

Google and Web Performance

Well, we should accept that Google is working hard to improve user experience on web. They have proved with their search engine, soon then launch Gmail as super fast web mail that allowed more storage for users and so many other initiatives that includes spdy alternative http protocol.

Few months back they launched Public DNS Service which claimed to be Super FAST dns server publicly available.

Google DNS Servers : 8.8.8.8 & 8.8.4.4

[Keep Reading…]

Introduction

Fierce is a very lightweight scanner – written by RSnake in perl.. that helps you locate IP space hostnames against specified targeted domain name. It provides different techniques to gather information about your victim. This tool starts with zone transfer technique and quickly switch into brute force mode if zone transfer feature is restricted.

As you know, we are using World most favourite penetration testing distribution BackTrack Linux 5 😉 and this application is by default available in the distro.

Let see its different usage. I will be analyzing alibaba.com DNS records.

Fierce Usage :

Jump into the application folder

cd /pentest/enumeration/dns/fierce

Usage:

perl fierce.pl [-dns example.com] [OPTIONS]

Some known usage :

-threads ( by default it run using a single thread )
-file ( save output to a file. )
-range ( this is awsome, scan internal ip range.. but it can be only use with -dnsserver option )

In our case 😉

perl fierce -dns alibaba.com -threads 5 -file alibaba-dns.output

You should see the following output :

Now logging to alibaba-dns.output
DNS Servers for alibaba.com:
nshz.alibabaonline.com
nsp2.alibabaonline.com
ns8.alibabaonline.com
nsp.alibabaonline.com
Trying zone transfer first…
Testing nshz.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp2.alibabaonline.com
Request timed out or transfer not allowed.
Testing ns8.alibabaonline.com
Request timed out or transfer not allowed.
Testing nsp.alibabaonline.com
Request timed out or transfer not allowed.
Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way… brute force
Checking for wildcard DNS…
** Found 97326869336.alibaba.com at 67.215.65.132.
** High probability of wildcard DNS.
Now performing 1895 test(s)…
205.204.112.6 ad.alibaba.com
205.204.112.1 au.alibaba.com
205.204.112.1 cache.alibaba.com
110.75.203.17 billing.alibaba.com
205.204.112.1 co.alibaba.com
110.75.197.7 cn.alibaba.com
205.204.116.17 channel.alibaba.com
205.204.124.3 crm.alibaba.com
—- Bingooo!! bla bla bla hundreds of thousands of records.