Home page logo

pen-test logo Penetration Testing mailing list archives

Re: anonymous Zonetransfer (AXFR) exploatation
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Tue, 18 Mar 2008 19:48:12 +0000

On 18/03/2008, Radu Oprisan <radu () securesystems ro> wrote:
LordDoskias wrote:
 > The best thing that I can think if to use the information obtained
 > from the zone transfer. Perhaps some "private" hosts will come up that
 > you can look into? To my mind AXFR transfers should be considered as
 > part of the  reconnaissance stage of a pen-test.

Actually, they were, a long time ago.

Hmmm.. of course, everybody should know not to allow AXFR, but in
practice you will find a lot of systems which do.

(Murphy's law implies that if a misconfiguration is possible, it
exists somewhere on the internet. I got a complaint to abuse@ once
because we were "attacking" someone's domain controller on port 123.
Turns out he had promoted it to a stratum 1 NTP server and was seeing
a standard ntpd exchange being dropped by his firewall. Nothing
surprises me any more.)

Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]