Re: anonymous Zonetransfer (AXFR) exploatation

From: Radu Oprisan (radu@securesystems.ro)
Date: Tue Mar 18 2008 - 19:52:45 EST


Ok, ok, so i used the verb in the wrong way :).
I was just amazed at "should be considered". I myself still try it from
time to time, but in this part of the world (yeah, i know Romania has a
bad reputation) it seldom works.
So, let's stick to the matter at hand: i agree, it should be part of a
standard pen-test if there are no specific laws against using it even in
test conditions.

Cheers,
Radu Oprisan

Jason Thompson wrote:
> Were? I still do them and find axfr's allowed... not a lot, but for
> the 10 seconds it takes to check there's been a few times where I've
> downloaded an AD domains' worth of hosts. Even just getting a list of
> hosts with a few interesting CNAME entries can give you a few
> potential targets or point to domains you weren't previously aware of.
>
> -J
>
> On Tue, Mar 18, 2008 at 11:09 AM, Radu Oprisan <radu@securesystems.ro> wrote:
>
>> LordDoskias wrote:
>> >>
>> >>
>> > The best thing that I can think if to use the information obtained
>> > from the zone transfer. Perhaps some "private" hosts will come up that
>> > you can look into? To my mind AXFR transfers should be considered as
>> > part of the reconnaissance stage of a pen-test.
>>
>>
>> Actually, they were, a long time ago.
>>
>>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT