Now i will try to gathering information from www.is2c-dojo.com and www.spentera.com.
i use some tool of backtrack.
- first i will gathering information from www.is2c-dojo.com
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl is2c-dojo.com
dnsenum.pl VERSION:1.2.2
----- is2c-dojo.com -----
Host's addresses:
__________________
is2c-dojo.com 12 IN A 108.162.199.180
is2c-dojo.com 12 IN A 108.162.199.80
Name Servers:
______________
rita.ns.cloudflare.com 9686 IN A 173.245.58.140
rita.ns.cloudflare.com 9686 IN A 173.245.58.212
ivan.ns.cloudflare.com 41386 IN A 173.245.59.120
Mail (MX) Servers:
___________________
aspmx.l.google.com 74 IN A 209.85.225.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for is2c-dojo.com on rita.ns.cloudflare.com ...
AXFR record query failed: SERVFAIL
Unable to obtain Server Version for rita.ns.cloudflare.com : SERVFAIL
Trying Zone Transfer for is2c-dojo.com on ivan.ns.cloudflare.com ...
AXFR record query failed: SERVFAIL
Unable to obtain Server Version for ivan.ns.cloudflare.com : SERVFAIL
brute force file not specified, bay.
root@bt:~# nmap is2c-dojo.com
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-09-07 21:25 WIT
Nmap scan report for is2c-dojo.com (108.162.199.180)
Host is up (0.12s latency).
Other addresses for is2c-dojo.com (not scanned): 108.162.199.80
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 131.59 seconds
root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v www.is2c-dojo.com
after i used some tools, i got some information about host's addresses, name servers, mail servers, port, etc.
- second, i will gathering information from www.spentera.com
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl spentera.com
dnsenum.pl VERSION:1.2.2
----- spentera.com -----
Host's addresses:
__________________
spentera.com 300 IN A 108.162.195.84
spentera.com 300 IN A 108.162.195.184
Name Servers:
______________
spentera.com NS record query failed: query timed out
root@bt:/pentest/enumeration/dns/dnsenum# ./dnsenum.pl spentera.com
dnsenum.pl VERSION:1.2.2
----- spentera.com -----
Host's addresses:
__________________
spentera.com 159 IN A 108.162.195.84
spentera.com 159 IN A 108.162.195.184
Name Servers:
______________
dina.ns.cloudflare.com 8205 IN A 173.245.58.107
Mail (MX) Servers:
___________________
alt2.aspmx.l.google.com 71 IN A 173.194.73.26
aspmx3.googlemail.com 66 IN A 173.194.73.26
aspmx2.googlemail.com 111 IN A 173.194.68.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for spentera.com on dina.ns.cloudflare.com ...
AXFR record query failed: SERVFAIL
Unable to obtain Server Version for dina.ns.cloudflare.com : SERVFAIL
Trying Zone Transfer for spentera.com on art.ns.cloudflare.com ...
AXFR record query failed: SERVFAIL
Unable to obtain Server Version for art.ns.cloudflare.com : SERVFAIL
brute force file not specified, bay.
root@bt:~# nmap spentera.com
Starting Nmap 5.61TEST4 ( http://nmap.org ) at 2012-09-07 22:05 WIT
Nmap scan report for spentera.com (108.162.195.84)
Host is up (0.065s latency).
Other addresses for spentera.com (not scanned): 108.162.195.184
Not shown: 997 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
8080/tcp open http-proxy
Nmap done: 1 IP address (1 host up) scanned in 9.67 seconds
root@bt:/pentest/enumeration/web/whatweb# ./whatweb -v www.spentera.com
after i used some tools, i got some information about host's addresses, name servers, mail servers, port, etc.
INFORMATION PASSIVE
now i will try to gathering information using www.netcraft.com
first, for www. is2c-dojo.com
second, for www.spentera.com
based on two picture above, i got some information about ip addresses, name server, etc.
try using whatweb and see the result :D
ReplyDelete