Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: anonymous Zonetransfer (AXFR) exploatation
From: LordDoskias <lorddoskias () gmail com>
Date: Thu, 13 Mar 2008 15:46:19 +0200

xx yy wrote:
During some research I came across some server that have anonymous Zonetransfer (AXFR) allowed.

Is there a working attack for a DNS server that has anonymous Zonetransfer (AXFR) allowed ?
I will appreciate any detailed description of what can be done to dig deeper into this potential vulnerability.
Also if anyone knows of some good resources for AXFR exploatation please share.

Thanks






__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


The best thing that I can think if to use the information obtained from the zone transfer. Perhaps some "private" hosts will come up that you can look into? To my mind AXFR transfers should be considered as part of the reconnaissance stage of a pen-test.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault