Home page logo

pen-test logo Penetration Testing mailing list archives

Re: anonymous Zonetransfer (AXFR) exploatation
From: Radu Oprisan <radu () securesystems ro>
Date: Wed, 19 Mar 2008 02:52:45 +0200

Ok, ok, so i used the verb in the wrong way :).
I was just amazed at "should be considered". I myself still try it from time to time, but in this part of the world (yeah, i know Romania has a bad reputation) it seldom works. So, let's stick to the matter at hand: i agree, it should be part of a standard pen-test if there are no specific laws against using it even in test conditions.

Radu Oprisan

Jason Thompson wrote:
Were? I still do them and find axfr's allowed... not a lot, but for
the 10 seconds it takes to check there's been a few times where I've
downloaded an AD domains' worth of hosts. Even just getting a list of
hosts with a few interesting CNAME entries can give you a few
potential targets or point to domains you weren't previously aware of.


On Tue, Mar 18, 2008 at 11:09 AM, Radu Oprisan <radu () securesystems ro> wrote:
LordDoskias wrote:
 > The best thing that I can think if to use the information obtained
 > from the zone transfer. Perhaps some "private" hosts will come up that
 > you can look into? To my mind AXFR transfers should be considered as
 > part of the  reconnaissance stage of a pen-test.

 Actually, they were, a long time ago.

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]