Penetration Testing mailing list archives
Re: Several Domains
From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 12 Dec 2008 03:07:30 -0600
"Ahmed Zaki" <ahmedmzaki () gmail com> writes:
Thanks for your reply . Apparently its my fault I should have made my question clearer. Your target is Company X . The ip of the mail server turned to be xxx.xxx.xxx.xxx and that when used to do a reverse DNS lookup gave mail.companyx.com , mail.companyx-fs.com, mail.companyx.com.fs , mail.companyxfs.com . As a pentester how would you go about identifying the actual domain name that is being used internally .
One trick is that you can often gather some info by sending a mail to the domain using an invalid To: address and scrutinizing the headers in the bounce that often comes back. Rinse and repeat for each possible domain. If they have a web site that generates outbound mail in any fashion (confirmations to a request for contact for example), then scrutinizing Received headers from that mail can sometimes yield internal server names. You can't account for all possible uses of alias FQDN's internally, of course, but then there's also the question of "what's the use of divining the one true canonical name, anyway?" After all, the IP is really where the rubber meets the road in terms of attempting to compromise the mail server. That said, however the alias domain names are usually useful for giving hints on which domains may be valid for delivery on that server. Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Security Trends Report from Cenzic Stay Ahead of the Hacker Curve! Get the latest Q2 2008 Trends Report now www.cenzic.com/landing/trends-report ------------------------------------------------------------------------
Current thread:
- Several Domains Ahmed Zaki (Dec 11)
- Re: Several Domains tony_l_turner (Dec 11)
- Message not available
- RE: Several Domains Ahmed Zaki (Dec 11)
- Re: Several Domains Todd Haverkos (Dec 12)
- Re: Several Domains Tim Brown (Dec 12)
- Re: Several Domains David Howe (Dec 12)
- Re: Several Domains Adam Thompson (Dec 12)
- Re: Several Domains ArcSighter (Dec 12)
- RE: Several Domains Ahmed Zaki (Dec 11)