Home page logo

pen-test logo Penetration Testing mailing list archives

Re: anonymous Zonetransfer (AXFR) exploatation
From: Volker Tanger <vtlists () wyae de>
Date: Tue, 18 Mar 2008 20:49:38 +0100


On Tue, 18 Mar 2008 17:09:19 +0200
Radu Oprisan <radu () securesystems ro> wrote:

LordDoskias wrote:
The best thing that I can think if to use the information obtained 
from the zone transfer. Perhaps some "private" hosts will come up
that you can look into? To my mind AXFR transfers should be
considered as part of the  reconnaissance stage of a pen-test.

Actually, they were, a long time ago.

...and some still are. You might be lucky, you might be not.

The Fierce DNS bruteforcer tries an AXFR first, and if not successful,
it DNS-bruteforces a domain. Thus it covers both approaches with one

But I am time and again surprised how often an AXFR request still is




Volker Tanger    http://www.wyae.de/volker.tanger/
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]