From: LordDoskias (lorddoskias@gmail.com)
Date: Thu Mar 13 2008 - 08:46:19 EST
xx yy wrote:
> During some research I came across some server that have anonymous Zonetransfer (AXFR) allowed.
>
> Is there a working attack for a DNS server that has anonymous Zonetransfer (AXFR) allowed ?
>
> I will appreciate any detailed description of what can be done to dig deeper into this potential vulnerability.
> Also if anyone knows of some good resources for AXFR exploatation please share.
>
> Thanks
>
>
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
The best thing that I can think if to use the information obtained from
the zone transfer. Perhaps some "private" hosts will come up that you
can look into? To my mind AXFR transfers should be considered as part of
the reconnaissance stage of a pen-test.
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:27 EDT