Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Several Domains
From: ArcSighter <arcsighter () gmail com>
Date: Fri, 12 Dec 2008 09:06:50 -0500

Hash: SHA1

Ahmed Zaki wrote:
Thanks for your reply . 

Apparently its my fault I should have made my question clearer. 

Your target is Company X . The ip of the mail server turned to be
xxx.xxx.xxx.xxx and that when used to do a reverse DNS lookup gave
mail.companyx.com , mail.companyx-fs.com, mail.companyx.com.fs ,
mail.companyxfs.com . As a pentester how would you go about identifying the
actual domain name that is being used internally . 

I am not asking for networking FACTS here,  I am rather asking the
pentesters out there about their past experiences thus I identify myself as
a noob.

I hope this is clearer .

The actual domain name that is being used internally? It depends of what
status you're in the pentest. If, as usual, you're outside the DMZ or
LAN, it won't be possible by just digging into dns records, because in a
 non-stupid configuration, the external dns won't be authoritative on
the LAN zone, in fact, it will contain no clue about this LAN at all;
its records would be only the servers at the DMZ and the forwarders
info. You could try zone transfer or others against that nameserver but
you won't get any possitive results, I think. You have to get INTO the
internal network, if what you're interested is the PDC/BDC names.
Actually, do you known Paterva?

Version: GnuPG v1.4.6 (GNU/Linux)


This list is sponsored by: Cenzic

Security Trends Report from Cenzic
Stay Ahead of the Hacker Curve!
Get the latest Q2 2008 Trends Report now


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]