From: Volker Tanger (vtlists@wyae.de)
Date: Tue Mar 18 2008 - 14:49:38 EST
Greetings!
On Tue, 18 Mar 2008 17:09:19 +0200
Radu Oprisan <radu@securesystems.ro> wrote:
> LordDoskias wrote:
> > The best thing that I can think if to use the information obtained
> > from the zone transfer. Perhaps some "private" hosts will come up
> > that you can look into? To my mind AXFR transfers should be
> > considered as part of the reconnaissance stage of a pen-test.
>
> Actually, they were, a long time ago.
...and some still are. You might be lucky, you might be not.
The Fierce DNS bruteforcer tries an AXFR first, and if not successful,
it DNS-bruteforces a domain. Thus it covers both approaches with one
tool.
But I am time and again surprised how often an AXFR request still is
successful.
Bye
Volker
-- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists@wyae.de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:28 EDT