1. 被动信息搜集

(1)被动信息搜集

  • 公开渠道可获得的信息;
  • 与目标系统不产生直接交互;
  • 尽量避免留下痕迹;

(2)搜集的内容

IP地址段、域名信息、邮件地址、文档图片数据、公司地址、公司组织架构、联系电话/传真号码、人员姓名/职务、公开的商业信息等;

2. 信息收集——DNS

(1)DNS解析流程:

本机的网络配置中会指定一个本地DNS服务器,当发起网络请求时,主机先问问本地DNS服务器,DNS服务器返回对应域名的ip地址。

以请求www.baidu.com为例:

  1. 本地的DNS服务器一开始是不知道www.baidu.com的IP地址,它会去问根域服务器(即.域);
  2. 根域服务器只解析13个根域名服务器,所以不会直接www.baidu.com返回的IP地址,而是会返回.com域的域名服务器的地址,让本地域名服务器去问.com服务器;
  3. 本地DNS服务器去问.com服务器,但是.com服务器也不知道www.baidu.com的IP地址,但是会返回一个存储了baidu.com这个域名的服务器的地址,让本地服务器去问baidu.com域名服务器;
  4. 本地服务器就去问记录了baidu.com域名服务器,问它知不知道www.baidu.com对应的ip地址是多少。这个服务器一查,确实有一个域名是baidu.com的主机进行了A记录解析(即www.baidu.com),对应着一个ip地址,它会将ip地址返回给本地DNS服务器;
  5. 本地服务器拿到这个ip,先在本地缓存一份,然后再把www.baidu.com对应的ip地址返回给请求的主机;
  6. 这时候,当有其他主机问本地DNS服务器www.baidu.com对应的ip是多少时,本地DNS服务器发现自己的缓存中有这条记录,就会直接返回www.baidu.com的ip。
  7. 主机和本地服务器之间的查询称为递归查询,而本地服务器与各种域名服务器之间的查询称为迭代查询。

(2)DNS的域名记录:

  • A记录:主机记录,是使用最广泛的DNS记录;(比如说,www.baidu.com可以创建多个A记录,对应多台物理服务器的IP地址,可以实现基本的流量均衡!)
  • NS记录:也称为域名服务器记录,用于说明这个区域有哪些DNS服务器承担解析的任务;
  • SOA记录:起始授权机构记录,SOA记录说明了在众多NS记录里那一台才是主DNS服务器;
  • MX记录:邮件交换记录,MX记录是无可或缺的,比如:A用户向B用户发送一封邮件,那么他需要向DNS查询B的MX记录,DNS定位到了B的MX记录后反馈给A用户,然后A用户把邮件投递到B用户的MX记录服务器里!
  • Cname记录:别名记录;
  • PTR记录:反向地址解析记录,作用是把IP地址解析为域名。DNS的反向区域负责从IP到域名的解析,因此如果要创建PTR记录,必须在反向区域中创建。

(3)DNS信息收集——nslookup

3.1> 非交互式

root@root:~# nslookup sina.com
Server:     192.168.37.2
Address:    192.168.37.2#53Non-authoritative answer:
Name:   sina.com
Address: 66.102.251.33root@root:~# nslookup -type=mx sina.com
Server:     192.168.37.2
Address:    192.168.37.2#53Non-authoritative answer:                                     # 10表示优先级,相比5优先级较低
sina.com    mail exchanger = 10 freemx3.sinamail.sina.com.cn.
sina.com    mail exchanger = 5 freemx1.sinamail.sina.com.cn.
sina.com    mail exchanger = 10 freemx2.sinamail.sina.com.cn.Authoritative answers can be found from:

3.2> 交互式

root@root:~# nslookup
> server                    #本地DNS
Default server: 192.168.37.2
Address: 192.168.37.2#53
> sina.com
Server:     192.168.37.2
Address:    192.168.37.2#53Non-authoritative answer:
Name:   sina.com
Address: 66.102.251.33
> set type=mx
> sina.com
Server:     192.168.37.2
Address:    192.168.37.2#53Non-authoritative answer:
sina.com    mail exchanger = 10 freemx2.sinamail.sina.com.cn.
sina.com    mail exchanger = 5 freemx1.sinamail.sina.com.cn.
sina.com    mail exchanger = 10 freemx3.sinamail.sina.com.cn.

注:一般情况下,采用不同的DNS服务器得到的结果是不一样的,因为现在都采用智能DNS,根据终端用户的地址确定返回的服务器IP,以提升访问速度。

(4)DNS信息收集——Dig

4.1> Dig信息收集

dig @8.8.8.8 sina.com;        #dig @指定DNS服务器   要收集的域名

dig @8.8.8.8 sina.com any;

dig @8.8.8.8 sina.com mx;

root@root:~# dig @8.8.8.8 sina.com; <<>> DiG 9.11.3-1-Debian <<>> @8.8.8.8 sina.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55687
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sina.com.          IN  A;; ANSWER SECTION:
sina.com.       59  IN  A   66.102.251.33;; Query time: 125 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 07 16:18:16 CST 2019
;; MSG SIZE  rcvd: 53root@root:~# dig @8.8.8.8 sina.com any; <<>> DiG 9.11.3-1-Debian <<>> @8.8.8.8 sina.com any
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8037
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sina.com.          IN  ANY;; ANSWER SECTION:
sina.com.       59  IN  A   66.102.251.33
sina.com.       59  IN  TXT "v=spf1 include:spf.sinamail.sina.com.cn -all"
sina.com.       299 IN  SOA ns1.sina.com.cn. zhihao.staff.sina.com.cn. 2005042601 900 300 604800 300
sina.com.       21599   IN  NS  ns2.sina.com.
sina.com.       21599   IN  NS  ns2.sina.com.cn.
sina.com.       21599   IN  NS  ns3.sina.com.cn.
sina.com.       21599   IN  NS  ns4.sina.com.cn.
sina.com.       21599   IN  NS  ns1.sina.com.cn.
sina.com.       21599   IN  NS  ns1.sina.com.
sina.com.       21599   IN  NS  ns4.sina.com.
sina.com.       21599   IN  NS  ns3.sina.com.
sina.com.       59  IN  MX  5 freemx1.sinamail.sina.com.cn.
sina.com.       59  IN  MX  10 freemx2.sinamail.sina.com.cn.
sina.com.       59  IN  MX  10 freemx3.sinamail.sina.com.cn.;; Query time: 125 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 07 16:18:31 CST 2019
;; MSG SIZE  rcvd: 395root@root:~# dig @8.8.8.8 sina.com mx; <<>> DiG 9.11.3-1-Debian <<>> @8.8.8.8 sina.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35085
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sina.com.          IN  MX;; ANSWER SECTION:
sina.com.       59  IN  MX  10 freemx2.sinamail.sina.com.cn.
sina.com.       59  IN  MX  10 freemx3.sinamail.sina.com.cn.
sina.com.       59  IN  MX  5 freemx1.sinamail.sina.com.cn.;; Query time: 176 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 07 16:19:47 CST 2019
;; MSG SIZE  rcvd: 129

4.2> 反向查询

dig +noall +answer -x 8.8.8.8           #dig  +noall(什么也不显示) +answer(只显示answer信息) -x(反向解析) IP地址

dig +noall +answer -x 114.114.114.114

root@root:~# dig +noall +answer -x 8.8.8.8
8.8.8.8.in-addr.arpa.   5   IN  PTR google-public-dns-a.google.com.
root@root:~# dig +noall +answer -x 114.114.114.114
114.114.114.114.in-addr.arpa. 5 IN  PTR public1.114dns.com.

4.3> bind版本信息

dig +noall +answer txt chaos VERSION.BIND @ns4.sina.com.      #chaos类中的txt记录

dig +noall +answer txt chaos VERSION.BIND @ns2.baidu.com.

root@root:~# dig +noall +answer txt chaos VERSION.BIND @ns4.sina.com.
VERSION.BIND.       0   CH  TXT "  "
root@root:~# dig +noall +answer txt chaos VERSION.BIND @ns2.baidu.com.
VERSION.BIND.       0   CH  TXT "baidu dns"

4.4> DNS追踪

dig +trace www.sina.com

#DNS追踪: 根域——.com域——sina.com域——www.sina.com;

root@root:~# dig +trace www.sina.com; <<>> DiG 9.11.3-1-Debian <<>> +trace www.sina.com
;; global options: +cmd
.           5   IN  NS  j.root-servers.net.
.           5   IN  NS  m.root-servers.net.
.           5   IN  NS  c.root-servers.net.
.           5   IN  NS  l.root-servers.net.
.           5   IN  NS  f.root-servers.net.
.           5   IN  NS  b.root-servers.net.
.           5   IN  NS  h.root-servers.net.
.           5   IN  NS  a.root-servers.net.
.           5   IN  NS  g.root-servers.net.
.           5   IN  NS  k.root-servers.net.
.           5   IN  NS  e.root-servers.net.
.           5   IN  NS  d.root-servers.net.
.           5   IN  NS  i.root-servers.net.
.           5   IN  RRSIG   NS 8 0 518400 20190418050000 20190405040000 25266 . VNWzDcvX06igl5CFfUiI17m1zagzlUYd2+RSepxu/XU+4KXcPgCe0ZdT kUqePg9vudkrlyVutXe4kpv8WRuP30EKVDEt8kU0V+TxAfjUjYiR5lmd u8FuB+eIkbT5yT5NcS4xuY1W5nRdRTvTIgHUqWC2NZ2IrCVwlTcHLnra qbegu9rWlxrYh5kc6FS9/WLdCAHFxH+LIqqaPl7hHFA4PwJ0AgzYf4v2 Fz+SUX6te4AYdj/D3pBPnccoKYQp5gOinNHrYkxfDy3R6hVSpKq7d1bG ERheOLVqkD8vG9dAb21wu1vha+SBkVY9nRVm9A2ujdMEPA90zAUs0G4p 6RzW0A==
;; Received 525 bytes from 192.168.37.2#53(192.168.37.2) in 116 mscom.          172800  IN  NS  l.gtld-servers.net.
com.            172800  IN  NS  i.gtld-servers.net.
com.            172800  IN  NS  k.gtld-servers.net.
com.            172800  IN  NS  d.gtld-servers.net.
com.            172800  IN  NS  g.gtld-servers.net.
com.            172800  IN  NS  h.gtld-servers.net.
com.            172800  IN  NS  a.gtld-servers.net.
com.            172800  IN  NS  c.gtld-servers.net.
com.            172800  IN  NS  j.gtld-servers.net.
com.            172800  IN  NS  b.gtld-servers.net.
com.            172800  IN  NS  e.gtld-servers.net.
com.            172800  IN  NS  m.gtld-servers.net.
com.            172800  IN  NS  f.gtld-servers.net.
com.            86400   IN  DS  30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com.            86400   IN  RRSIG   DS 8 1 86400 20190420050000 20190407040000 25266 . xJfyk0apzGEdqqnqJplDAclMAYiD4rWQJmaEXHa0k1NvKFHV40Yp+SEN 1o8bXA2KXDqdxRZjwr6YD79EOHYEXNIffuD3sUnINkej7+T/vMb2tY5t KmHtMVeMgxHGRW3G9MeCl9CVGAOsEiGg6olpongBPed8pnOiUmPNYJ5b AJng4pH8r4RDt1EMPnT6PKaLZ8eA0l+RxwAILBzE3LnMQmcInl2ou/Em Vsn4vVplISs7vsn5PvHTig0bZ4pehajnr0/HeSDqlkPJSPh0uscicrx1 8n0DWF01Erqh/FEWHj39Nz3QHclFZmzQOFIGexZph2Da0zxvYPhM8IZO WaK1qQ==
;; Received 1200 bytes from 199.9.14.201#53(b.root-servers.net) in 307 mssina.com.      172800  IN  NS  ns1.sina.com.cn.
sina.com.       172800  IN  NS  ns2.sina.com.cn.
sina.com.       172800  IN  NS  ns3.sina.com.cn.
sina.com.       172800  IN  NS  ns1.sina.com.
sina.com.       172800  IN  NS  ns2.sina.com.
sina.com.       172800  IN  NS  ns4.sina.com.
sina.com.       172800  IN  NS  ns3.sina.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A  NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190413044428 20190406033428 16883 com. KDKyKhfEhyxmB3esZoOugsRqNEbqOD4m7st+H+2lroRIpaKyGflx2DPN yorfB62+ox6whk+X9/+fITemoMGaXd4O58PuvunOfVdKyVpkp/Lw2fqd X//PtaGqQ51ZSy6iGY7V945u+FDcDG8NFjBvhCABaSNIUKIct7lnYd+2 7v8=
TGAG8VMC6NS5VVK68CIGRJ6Q414N2KB2.com. 86400 IN NSEC3 1 1 0 - TGAINT5FJN61NLBMD25JONRMDSP6IECS  NS DS RRSIG
TGAG8VMC6NS5VVK68CIGRJ6Q414N2KB2.com. 86400 IN RRSIG NSEC3 8 2 86400 20190412070141 20190405055141 16883 com. LNdjTr/cbvHkj3SBeJalnT8Gr3MOHk8kvbWQd+DzjW3PkI2uG4v09Uvz FUQb0woExj+UcLU4Kh8zMFMzwqoObwu1SIqHMWxMxb/l3qf3apCxKRaP /ZsQ+Tr0STZh5D5ZVIX+XCcUmj8WksTbdOx5sMKNuz2m30d6pEi3rxOn iWw=
;; Received 727 bytes from 192.26.92.30#53(c.gtld-servers.net) in 246 mswww.sina.com.       60  IN  CNAME   us.sina.com.cn.
us.sina.com.cn.     60  IN  CNAME   spool.grid.sinaedge.com.
;; Received 103 bytes from 123.125.29.99#53(ns3.sina.com.cn) in 81 ms

(5)DNS区域传输

将一个区域文件复制到多个DNS服务器上的过程叫做区域传输,这个功能能够完成DNS服务器之间的数据库同步,一般只发生在DNS服务器之间。

如果DNS区域传输存在漏洞,我们就可以利用DNS区域传输来查看目标的记录,首先我们要先知道一个域名服务器,因为域名服务器有所有主机的记录;采用 dig @域名服务器 域名 传输方法axfr (AXFR(Request for full zone transfer))同步数据库记录;

dig @ns1.sina.com sina.com axfr

host -T -l sina.com ns1.sina.com

root@root:~# dig @ns1.sina.com sina.com axfr; <<>> DiG 9.11.3-1-Debian <<>> @ns1.sina.com sina.com axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.
root@root:~# host -T -l sina.com ns1.sina.com
Using domain server:
Name: ns1.sina.com
Address: 114.134.80.144#53
Aliases: Host sina.com not found: 5(REFUSED)
; Transfer failed.

(6)DNS字典爆破

一般情况下,都不能直接与域名服务器进行同步。得到想要的主机记录,这时候就可以使用DNS字典爆破,拿一个字典一个一个尝试,把对应的域名的解析记录全部暴力尝试出来。

6.1> fierce

dpkg -L fierce   #dpkg是进行包管理的,可以搜索出系统中与fierce相关的文件

fierce -dnsserver 8.8.8.8 -dns sina.com.cn -wordlist /usr/share/fierce/hosts.txt       # -dnsserver指定DNS服务器  -dns指定要查询的域  -wordlist指定字典

root@root:~# dpkg -L fierce
/.
/usr
/usr/bin
/usr/bin/fierce
/usr/share
/usr/share/doc
/usr/share/doc/fierce
/usr/share/doc/fierce/changelog.Debian.gz
/usr/share/doc/fierce/copyright
/usr/share/fierce
/usr/share/fierce/hosts.txt
root@root:~# fierce -dnsserver 8.8.8.8 -dns sina.com.cn -wordlist /usr/share/fierce/hosts.txt
DNS Servers for sina.com.cn:ns4.sina.com.cnns2.sina.com.cnns3.sina.com.cnns1.sina.com.cnTrying zone transfer first...Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute forceChecking for wildcard DNS...
Nope. Good.
Now performing 2280 test(s)...
123.126.45.14   1.sina.com.cn
123.126.45.75   8.sina.com.cn
123.126.45.68   a.sina.com.cn
123.138.60.191  a1.sina.com.cn
123.138.60.191  a2.sina.com.cn
......

6.2> dnsenum

dpkg -L dnsenum     #查询系统中与dnsenum相关的文件

dnsenum -f /usr/share/dnsenum/dns.txt -dnsserver 8.8.8.8 sina.com -o sina.xml     # -dnsserver指定DNS服务器    -f指定字典

root@root:~# dpkg -L dnsenum     #查询系统中与dnsenum相关的文件
/.
/usr
/usr/bin
/usr/bin/dnsenum
/usr/share
/usr/share/dnsenum
/usr/share/dnsenum/dns.txt
/usr/share/doc
/usr/share/doc/dnsenum
/usr/share/doc/dnsenum/README.md
/usr/share/doc/dnsenum/changelog.Debian.gz
/usr/share/doc/dnsenum/copyright
root@root:~# dnsenum -f /usr/share/dnsenum/dns.txt -dnsserver 8.8.8.8 sina.com -o sina.xml
Smartmatch is experimental at /usr/bin/dnsenum line 698.
Smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum VERSION:1.2.4-----   sina.com   -----Host's addresses:
__________________sina.com.                                4        IN    A        66.102.251.33Name Servers:
______________ns1.sina.com.cn.                         338      IN    A        202.106.184.166
ns3.sina.com.                            523      IN    A        180.149.138.199
ns2.sina.com.cn.                         2524     IN    A        180.149.138.199
ns4.sina.com.cn.                         162      IN    A        121.14.1.22
ns4.sina.com.                            1726     IN    A        123.125.29.99
ns2.sina.com.                            1670     IN    A        114.134.80.145
ns1.sina.com.                            1280     IN    A        114.134.80.144
ns3.sina.com.cn.                         2872     IN    A        123.125.29.99Mail (MX) Servers:
___________________freemx3.sinamail.sina.com.cn.            60       IN    A        39.156.6.104
freemx1.sinamail.sina.com.cn.            55       IN    A        39.156.6.104
freemx2.sinamail.sina.com.cn.            60       IN    A        121.14.32.117Trying Zone Transfers and getting Bind Versions:
_________________________________________________Trying Zone Transfer for sina.com on ns1.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns3.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns2.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns4.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns4.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns2.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns1.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns3.sina.com.cn ...
AXFR record query failed: REFUSEDBrute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________ads.sina.com.                            60       IN    CNAME    ww1.sinaimg.cn.w.alikunlun.com.
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.233
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.229
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.230
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.226
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.227
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.232
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.228
ww1.sinaimg.cn.w.alikunlun.com.          46       IN    A        111.19.237.231
blog.sina.com.                           60       IN    CNAME    blog.sina.com.cn.
blog.sina.com.cn.                        30       IN    CNAME    blogx.sina.com.cn.
blogx.sina.com.cn.                       17       IN    A        49.7.37.126
client.sina.com.                         60       IN    A        66.102.251.24
.......

6.3> dnsmap

dpkg -L dnsmap      #查询系统中与dnsmap相关的文件

dnsmap sina.com -w /usr/share/dnsmap/wordlist_TLAs.txt

root@root:~# dpkg -L dnsmap
/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/dnsmap
/usr/share/doc/dnsmap/README.txt.gz
/usr/share/doc/dnsmap/TODO.txt
/usr/share/doc/dnsmap/changelog.gz
/usr/share/doc/dnsmap/use_cases.txt
/usr/share/doc/dnsmap/CREDITS.txt
/usr/share/doc/dnsmap/copyright
/usr/share/doc/dnsmap/changelog.Debian.gz
/usr/share/dnsmap
/usr/share/dnsmap/wordlist_TLAs.txt
/usr/bin
/usr/bin/dnsmap-bulk.sh
/usr/bin/dnsmap
root@root:~# dnsmap sina.com -w /usr/share/dnsmap/wordlist_TLAs.txt
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)[+] searching (sub)domains for sina.com using /usr/share/dnsmap/wordlist_TLAs.txt
[+] using maximum random delay of 10 millisecond(s) between requestsads.sina.com
IP address #1: 111.19.237.230
IP address #2: 111.19.237.226
IP address #3: 111.19.237.229
IP address #4: 111.19.237.231
IP address #5: 111.19.237.228
IP address #6: 111.19.237.227
IP address #7: 111.19.237.233
IP address #8: 111.19.237.232
......

(7)DNS注册信息

whois sina.com   #查询sina.com的注册信息

root@root:~# whois sina.comDomain Name: SINA.COMRegistry Domain ID: 2243615_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.paycenter.com.cnRegistrar URL: http://www.xinnet.comUpdated Date: 2018-12-20T09:17:25ZCreation Date: 1998-09-16T04:00:00ZRegistry Expiry Date: 2021-09-15T04:00:00ZRegistrar: Xin Net Technology CorporationRegistrar IANA ID: 120Registrar Abuse Contact Email: supervision@xinnet.comRegistrar Abuse Contact Phone: +86.1087127926Domain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibitedDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibitedDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibitedName Server: NS1.SINA.COMName Server: NS1.SINA.COM.CNName Server: NS2.SINA.COMName Server: NS2.SINA.COM.CNName Server: NS3.SINA.COMName Server: NS3.SINA.COM.CNName Server: NS4.SINA.COMDNSSEC: unsignedURL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-04-07T10:59:21Z <<<For more information on Whois status codes, please visit https://icann.org/eppNOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name:sina.com
Registry Domain ID:
Registrar WHOIS Server:whois.paycenter.com.cn
Registrar URL:http://www.xinnet.com
Updated Date:2018-09-12T01:18:05.00Z
Creation Date:1998-09-15T20:00:00.00Z
Registrar Registration Expiration Date:2021-09-14T20:00:00.00Z
Registrar:XINNET TECHNOLOGY CORPORATION
Registrar IANA ID:120
Registrar Abuse Contact Email:supervision@xinnet.com
Registrar Abuse Contact Phone:+86.1087128064
Reseller:
Domain Status:
Registry Registrant ID:
Registrant Name:
Registrant Organization:
Registrant Street:
Registrant City:
Registrant State/Province:
Registrant Postal Code:
Registrant Country:
Registrant Phone:
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Registry Admin ID:
Admin Name:
Admin Organization:
Admin Street:
Admin City:
Admin State/Province:
Admin PostalCode:
Admin Country:
Admin Phone:
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Registry Tech ID:
Tech Name:
Tech Organization:
Tech Street:
Tech City:
Tech State/Province:
Tech PostalCode:
Tech Country:
Tech Phone:
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Name Server:ns1.sina.com.cn
Name Server:ns2.sina.com.cn
Name Server:ns3.sina.com.cn
Name Server:ns1.sina.com
Name Server:ns4.sina.com
Name Server:ns3.sina.com
DNSSEC:unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-04-07T10:59:39.00Z <<<: For more information on Whois status codes, please visit https://icann.org/eppThe Data in Paycenter's WHOIS database is provided by Paycenter
for information purposes, and to assist persons in obtaining
information about or related to a domain name registration record.
Paycenter does not guarantee its accuracy.  By submitting
a WHOIS query, you agree that you will use this Data only
for lawful purposes and that,
under no circumstances will you use this Data to:
(1) allow, enable, or otherwise support the transmission
of mass unsolicited, commercial advertising or solicitations
via e-mail (spam); or
(2) enable high volume, automated, electronic processes that
apply to Paycenter or its systems.
Paycenter reserves the right to modify these terms at any time.
By submitting this query, you agree to abide by this policy.!!

Kali Linux渗透测试之被动信息收集(一)——nslookup、dig、DNS区域传输、DNS字典爆破、DNS注册信息相关推荐

  1. Kali linux 学习笔记(七)被动信息收集——DNS(nslookup、dig、区域传输、字典爆破、注册信息) 2020.2.17

    前言 被动信息收集定义可认为如下: 公开渠道可获得的信息 与目标系统不产生直接交互 尽量避免留下一切痕迹 有两个最早的官方文件如下: 美国军方:http://www.fas.org/irp/doddi ...

  2. Kali Linux渗透测试之被动信息收集(一)——nslookup、dig、DNS区域传输,DNS字典爆破,DNS注册信息

    一.被动信息收集 1.被动信息搜集 公开渠道可获得信息: 与目标系统不产生直接交互: 尽量避免留下痕迹: 2.搜集的内容 IP地址段,域名信息,邮件地址,文档图片数据,公司地址,公司组织架构.联系电话 ...

  3. Kali Linux 渗透测试之被动信息收集(三)——Recon-NG框架

    Recon-NG框架 (1)Recon-NG框架简介 Recon-NG是由python编写的一个开源的Web侦查(信息收集)框架,命令格式与msf一致: Recon-NG框架是一个全特性的工具,使用它 ...

  4. kali linux之被动信息收集(dns信息收集,区域传输,字典爆破)

    公开可获取的信息,不与目标系统产生交互,避免留下痕迹 下图来自美军方 pdf链接:http://www.fas.org/irp/doddir/army/atp2-22-9.pdf 信息收集内容(可利用 ...

  5. kali linux渗透测试之漏洞扫描

    主题内容就是进行漏洞扫描 文章目录 前言 一.Nikto 1.Nikto漏洞扫描介绍 2.Nikto使用 二.Nessus 1.Nessus介绍 2.安装nessus 3.nessus的简单使用 3. ...

  6. Kali Linux渗透测试之提权(二)——WCE、Fgdump、Mimikatz

    1. Windows身份认证的过程 在登录目标系统时,会将输入的密码进行lmhash和nthash加密: 然后将加密后的密码与SAM账户数据库进行比对,如果比对匹配,则成功登录操作系统: 如果是远端的 ...

  7. Kali Linux渗透测试之端口扫描(一)——UDP、TCP、隐蔽端口扫描、全连接端口扫描

    端口扫描 二.三.四层发现的目的就是发现存活的IP,在存活的IP上面,展开进一步的扫描,及端口扫描,发现存活主机上存在着哪些开放的端口,端口后面就对应着各种各样的应用程序,应用程序的漏洞都是通过端口体 ...

  8. kali linux 渗透测试学习笔记——被动信息收集

    kali linux 渗透测试学习笔记--linux 被动信息收集 被动信息收集 被动信息收集 公开渠道可获得的信息 已公开的信息,通过互联网等渠道去获得 与目标系统不产生直接交互 不对目标访问,扫描 ...

  9. Kali Linux渗透测试——信息收集

    笔记内容参考安全牛课堂苑房弘老师的Kali Linux渗透测试教程 渗透测试标准(PTES:http://www.pentest-standard.org)的七个阶段: 1.前期交互阶段:讨论确定渗透 ...

最新文章

  1. linux阿波罗配置文件放在哪,Apollo阿波罗配置中心
  2. Java中获取近七天的日期(包含今天)
  3. vue里ref ($refs)用法
  4. 计算机网络之物理层:6、传输介质
  5. sqlserver 只有函数和扩展存储过程才能从函数内部执行
  6. eureka hostname作用_springcloud使用Eureka实现服务治理替代dubbo加zookeeper
  7. Windows7之SSH,安装OpenSSH实现SSH客户端及服务
  8. Atitit React的相关概念东东 attilax总结
  9. 软考软件设计师下午真题-面向对象的程序设计与实现-装饰设计模式(2012年上半年试题六))Java代码讲解
  10. matlab时频工具箱简介,matlab时频分析工具箱下载_matlab时频分析工具箱官方下载-太平洋下载中心...
  11. excel 筛选重复项_列表项的Excel筛选器:2011年“鲨鱼周”
  12. 什么是SVG及使用方式
  13. 2022年11月骨传导耳机排名,骨传导蓝牙耳机品牌怎么选?
  14. flink Table Api 理论篇
  15. 日常技术积累-ARM中RO/RW/ZI
  16. MySQL-查询权限索引约束
  17. 与、或、非、同或、异或、蕴含的表示 C/C++
  18. Vue 前后端交互基础
  19. android canvans 画3d,Canvas 3D梯形
  20. Excel拆分同一单元格的两行内容为两行(备忘记录)

热门文章

  1. iOS-Appstore上App下架后用另一个新账号上架
  2. 健身场馆应用软件提供商
  3. c语言:赋值运算符与赋值表达式
  4. 使用win10自带的手机投屏功能
  5. 程序员笔试题---国信证券
  6. 请用python代码表示什么_深度解析什么是二维码?用Python 5行代码生成个性二维码...
  7. 如何自定义设置虚拟机的的IP地址
  8. 联合办公空间该如何继续发展?
  9. 三种方法Python读取文件指定行,来看看你用过没?
  10. “PS”制作海报总结(一)