.

How does reverse ip domain check up tool works?

<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Aug 30, 2011 11:51 am

How does reverse ip domain check up tool works?

I am sure most of the pen-testers here has used this tool

"reverse ip domain check-up"

(i.e when we enter the ip address or one of the web-sites name,it displays the name of all the web-sites hosted in it the ip address)

I have been trying to understand the working logic behind this,
but unfortunately i couldn't find it.


i just want to know the working logic of this tool..

As usual i  have got some questions regarding this:

1)Is it possible for us to determine the number of web-sites running on a web-server manually?if yes how ?

2) To which level  we can trust these information?

3)how does this thing work?

hope i will know the  working logic soon :)
Last edited by manoj9372 on Tue Aug 30, 2011 11:54 am, edited 1 time in total.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Aug 30, 2011 12:23 pm

Re: How does reverse ip domain check up tool works?

If that's a specific tool name, I haven't used it.  I'm assuming, however, that it does reverse lookups against DNS name servers, to get all hosts resolving to the given IP, or IP's in the address range of the host. 

I often run python and bash scripts to do the same, querying name servers for a given domain, then reverse-resolving the IP's for their assigned blocks, against the name servers.  (So yes to #1, you could do it, for yourself, without a pre-canned tool / manually)

#2 - sure you can trust it.  Worst case, they're webservers.  Once you get their hostnames, visit them, to confirm.

#3 - again, reverse name resolution from the name servers

It's one of the MANY things you MIGHT do, during OSCP study (as well as in live pentesting...)
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Aug 30, 2011 5:47 pm

Re: How does reverse ip domain check up tool works?

There will of course, in most cases even be a reverse DNS record (PTR, which means Pointer most likely), which uses the IP-address and points to a hostname.

Read up on what x.x.x.x.in-addr.arpa addresses are  ;) (Pretty much not the direct answer you were looking for, but valuable information.)
I'm an InterN0T'er
<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Aug 30, 2011 9:32 pm

Re: How does reverse ip domain check up tool works?

  Code:
If that's a specific tool name, I haven't used it.  I'm assuming, however, that it does reverse lookups against DNS name servers, to get all hosts resolving to the given IP, or IP's in the address range of the host. 


i have been talking about this tool "hayabusa"
  Code:
http://www.yougetsignal.com/tools/web-sites-on-web-server/


  Code:
I often run python and bash scripts to do the same, querying name servers for a given domain, then reverse-resolving the IP's for their assigned blocks, against the name servers.  (So yes to #1, you could do it, for yourself, without a pre-canned tool / manually)


i would like to see such scripts/code,do you have any publicly available scripts,got any ?

  Code:
#2 - sure you can trust it.  Worst case, they're webservers.  Once you get their hostnames, visit them, to confirm.

#3 - again, reverse name resolution from the name servers


we have been speaking about reverse dns look-up and all for findind them,but they had mentioned like this

  Code:
Data is gathered from search engine results, which are not guaranteed to be complete.


That is why i had asked about the accuracy of the results :)

I think they are doing a simple thing in a very complex manner,may be there should be some reasons...

  Code:
It's one of the MANY things you MIGHT do, during OSCP study (as well as in live pentesting...)


Thanks for the hint :)

  Code:
There will of course, in most cases even be a reverse DNS record (PTR, which means Pointer most likely), which uses the IP-address and points to a hostname.

Read up on what x.x.x.x.in-addr.arpa addresses are  Wink (Pretty much not the direct answer you were looking for, but valuable information.)


yes maxe ,it is not the direct answer i am looking for,
may be i should digg this a lot deeper... :)


between if you got any simple public scripts for this ,pass here :)
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Thu Sep 01, 2011 2:48 pm

Re: How does reverse ip domain check up tool works?

Yes, BackTrack => /pentest

I think there's something in the "enumeration" directory you may find interesting, and there's also another directory named "dns" somewhere with some nice scripts with the tools you would probably need.

There's a few nice online tools as well, domaintools.com is one of them.

fierce.pl (a dns script), is in particular very useful. It's written by the author of ha.ckers.org afaik, and once when I was all into information gathering, I often used this script along with a few others I can't remember right now.

Here's a thread I found on the InterN0T forums, I pasted the contents here so you could read it faster (without magnets  ;D jk, troll logic humor  ;) )
[DNS] Information Gathering 4
Hello there,


Today i finally completed the last and final guide about gathering
informations with DNS. It took quite sometime, as i also gathered
more informations than usual thus more scripts as well.

External Link:
http://guides.intern0t.net/dns4.php

Tools in this Video:
NSLookup - This is implemented in both Win32 and *Nix
fierce.pl - A good script for performing fast zone-transfer / axfr requests.
host & dig - Useful *Nix tools even though they can run on Win32 as well.
fpdns.pl - The best script to determine version and nameserver type.
dns-grind.pl - Personally it is the best to perform bruteforcing, though fierce can be used too.

Additional Information:
To achieve host and dig in a Win32 environment, you will have to either
get them yourself, or download ISC BIND, as they distrobute it as well.

With fierce, fpdns and dns-grind, you need to have Net::DNS to be able
to run them, thus with fpdns you need to "install" the fingerprint file 100%
manually. This can be quite tricky for some people

To run perl on Windows, you could try install ActiveState's Perl, even
though some of the script creators says you shouldn't or their scripts
might not work then, because i'm proud to say that they do


I hope you enjoyed the last video guide about DNS.

~ MaXe # 0.0.127.in-addr.arpa

PS: You can install Net::DNS via CPAN : )


Reference:
http://forum.intern0t.net/offensive-gui ... g-4-a.html


Tool Links:
http://ha.ckers.org/fierce/
http://www.isc.org/index.pl
http://code.google.com/p/fpdns/
http://pentestmonkey.net/tools/dns-grind/
I'm an InterN0T'er
<<

DNStrails

Newbie
Newbie

Posts: 1

Joined: Fri Dec 16, 2011 1:06 pm

Post Fri Dec 16, 2011 1:13 pm

Re: How does reverse ip domain check up tool works?

manoj9372 wrote:(i.e when we enter the ip address or one of the web-sites name,it displays the name of all the web-sites hosted in it the ip address)

I have been trying to understand the working logic behind this,
but unfortunately i couldn't find it.


There are two main ways this can be accomplished -- the easy way and the hard way.  The easy way is simply connecting to a search engine that lets you search by IP address.  The hard way is to do DNS lookups on all the domains you can find (which can involve a huge database).

I've done it the hard way (www.DNStrails.com), and chose that way because it is the most reliable (I don't have to worry that Google or Bing is going to stop allowing queries), and fastest.

The only way to find out what domains are on a website are to somehow find those domains (you can get a list of all the domains on gTLDs; search engines find many more as well as subdomains on the pages they visit).  Occasionally, people will set up the reverse DNS for the IP of their server to have records for all websites the server handles, but that is rare.

The trust is based on the source of the information.  You can easily verify that the information displayed is correct (e.g. do a DNS lookup of the website to make sure it matches the IP you entered).  But what you do not know is what is not displayed to you (e.g. if there are domains that are hosted on the IP, but not shown; for example, subdomains or domains on ccTLDs).

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software