Re: how to check for hostnames of wildcard-domains

From: thomas springer (tuevsec@gmx.net)
Date: Wed Feb 15 2006 - 06:50:49 EST


A great hint, thank you. This works, but not always:
To stay with isgay:
root@tuevsec ~ # dig A "pentestcheck.isgay.com"
; <<>> DiG 9.3.1 <<>> A pentestcheck.isgay.com
[comments deleted]
;; QUESTION SECTION:
;pentestcheck.isgay.com. IN A

;; ANSWER SECTION:
pentestcheck.isgay.com. 14400 IN CNAME isgay.com.
isgay.com. 14400 IN A 66.249.137.17

This works as expected and shows that "pentestcheck.isgay.com" is a
cname-alias. Lets go for another one:

; <<>> DiG 9.3.1 <<>> A pentestcheck.serversniff.net
;; QUESTION SECTION:
;pentestcheck.serversniff.net. IN A

;; ANSWER SECTION:
pentestcheck.serversniff.net. 1800 IN A 85.214.17.152

Hey - this (nonexistant) Hostname has an A-Record. EVERY
hostname.serversniff.net has an A-Record.
How can I separate an EXISTING hostname (with a REAL A-Record) from a
wildcard-A-Record here?

Any more hints?

tom

A. Ramos wrote:

>>Is there a way to distinguish the *.dom.tld-matching from a real
>>existing A-Record using a ns-lookup alone?
>>
>>
>
>http://www.faqs.org/rfcs/rfc1034.html
>
>A * label appearing in a query name has no special effect, but can be
>used to test for wildcards in an authoritative zone; such a query is the
>only way to get a response containing RRs with an owner name with * in
>it. The result of such a query should not be cached.
>
># host -t a "*.unsec.net"
>Host *.unsec.net not found: 3(NXDOMAIN)
>
>f# host -t a "*.isgay.com"
>*.isgay.com is an alias for isgay.com.
>isgay.com has address 66.249.137.17
>*.isgay.com is an alias for isgay.com.
>*.isgay.com is an alias for isgay.com.
>isgay.com mail is handled by 0 isgay.com.
>
>
>--
>A. Ramos <aka dab>
>mailto: <aramosf@unsec.net>
>http://www.unsec.net
>
>
>------------------------------------------------------------------------------
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>futile against web application hacking. Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www.securityfocus.com/sponsor/pen-test_050831
>-------------------------------------------------------------------------------
>
>
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT