From: Jimi Thompson (jimit@myrealbox.com)
Date: Fri Nov 28 2003 - 00:40:14 EST
This should be a simple one. Set your DNS server to the DNS server that
they are using and run dig or nslookup to do a reverse look up (IP to
name). Once you get the name then you can do a forward lookup to get
the IP. The downside that you are going to have to find out what DNS
service they are using to provide name resolution.
Do they host their own web site?
Do they host anything on their own network (email, etc) that requires
them to regiser a domain name/
If so, you can consult the "WHOIS" database to find out who their name
service is.
Short of that, I'd try social engineering the name of the name service.
Jimi
Thomas Kerbl wrote:
> Hello,
>
> I'm searching for a way to find DynDns names to existing IPs. We are
> working on a pen-test for a customer, who has a dynamic IP that
> changes every day, and it is hard for us to keep track of their
> Gateway. We simulate an attacker without intern knowledge, so we
> cannot simple ask for a dyndns name. Social Engineering would be easy,
> but I'm locking for a technical way to do it. We already tried obvious
> names like companyname.dyndns.org and similar DNS names.
>
> To try to summarize the problem:
>
> 1) We assume the company uses the DynDns service (or a similar service).
> 2) We got the actual valid IP through social engineering.
> 3) We want to find the dyndns name of this IP to keep track.
>
> Is there a Database hostet by dyndns (or similar service) we can
> consult? Or is there a way to do a reverse lookup on the IP?
>
> thanks a lot for any pointers,
> Thomas Kerbl
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:42 EDT