WEB渗透测试(一)被动信息收集1(DNS信息收集、DNS字典爆破、DNS注册信息)
2024-05-17 00:05:48
被动信息收集1
>被动信息收集
>域名系统DNS
>DNS信息收集——nslookup
>DNS信息收集—>dig
>DNS区域传输
>DNS字典爆破
>DNS注册信息
>被动信息收集
- 公开渠道可获得的信息
- 与目标系统不进行直接交互
- 尽量避免留下一切痕迹
- 信息收集内容:IP地址、域名信息、邮件地址、文档图片数据、公司地址、公司组织架构、联系电话/传真号码、人员姓名/职务、目标系统使用的技术架构、公开的商业信息等
- 信息用途:用信息描述目标、社会工程学攻击、发现、物理缺口
>域名系统DNS
- DNS(Domain Name System)域名系统
- 将域名和IP地址相互映射(正向解析:域名—>IP地址)
- 端口:TCP/UDP 53
- 目前,每级域名长度<=63,域名总长度<=253
- 记录类型:A(主机记录)、CNAME(别名记录)、MX(邮件交换记录)、NS(域名服务器记录)、PTR(邮件交换中的反向地址解析)、AAA(IPv6主机记录)、SRV(服务位置记录)、NAPTR(正则表达方式映射域名)等
- FQND(Fully Qualified Domain Name)完全合格域名/全称域名,指主机名加上全路径(全路径列出了序列中的所有域成员)
如:百度的域名为baidu.con,FQND为www.baidu.com
- DNS服务器解析流程
>DNS信息收集——nslookup
- nslookup,查询DNS记录、监测DNS服务器是否能正确实现域名解析
- 交互式界面
root@xuer:~# nslookup
> server
Default server: 192.168.10.2
Address: 192.168.10.2#53
> sina.com
Server: 192.168.10.2
Address: 192.168.10.2#53Non-authoritative answer:
Name: sina.com
Address: 66.102.251.33
> set type=mx
> sina.com
Server: 192.168.10.2
Address: 192.168.10.2#53Non-authoritative answer:
sina.com mail exchanger = 10 freemx2.sinamail.sina.com.cn.
sina.com mail exchanger = 10 freemx3.sinamail.sina.com.cn. #5,10表示优先级
sina.com mail exchanger = 5 freemx1.sinamail.sina.com.cn. #优先级5高于10Authoritative answers can be found from:
- 直接解析
nslookup -type=ns sina.com
nslookup -q=ns sina.com # -type参数与-p参数,都可指定记录类型
root@xuer:~# nslookup -type=ns sina.com
Server: 192.168.10.2
Address: 192.168.10.2#53Non-authoritative answer:
sina.com nameserver = ns1.sina.com.cn.
sina.com nameserver = ns3.sina.com.
sina.com nameserver = ns3.sina.com.cn.
sina.com nameserver = ns2.sina.com.cn.
sina.com nameserver = ns2.sina.com.
sina.com nameserver = ns4.sina.com.
sina.com nameserver = ns4.sina.com.cn.
sina.com nameserver = ns1.sina.com.Authoritative answers can be found from:root@xuer:~# nslookup -q=ns sina.com
Server: 192.168.10.2
Address: 192.168.10.2#53Non-authoritative answer:
sina.com nameserver = ns2.sina.com.cn.
sina.com nameserver = ns2.sina.com.
sina.com nameserver = ns4.sina.com.
sina.com nameserver = ns1.sina.com.cn.
sina.com nameserver = ns3.sina.com.
sina.com nameserver = ns1.sina.com.
sina.com nameserver = ns3.sina.com.cn.
sina.com nameserver = ns4.sina.com.cn.Authoritative answers can be found from:>DNS信息收集——dig
- 解析特定域名记录的域名
dig @8.8.8.8 mx sina.com
root@xuer:~# dig @8.8.8.8 mx sina.com ; <<>> DiG 9.11.3-1-Debian <<>> @8.8.8.8 sina.com mx
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35085
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;sina.com. IN MX;; ANSWER SECTION:
sina.com. 59 IN MX 10 freemx2.sinamail.sina.com.cn.
sina.com. 59 IN MX 10 freemx3.sinamail.sina.com.cn.
sina.com. 59 IN MX 5 freemx1.sinamail.sina.com.cn.;; Query time: 176 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sun Apr 07 16:19:47 CST 2019
;; MSG SIZE rcvd: 129
- 解析某DNS全部域名
dig @8.8.8.8 sina.com any #dig @DNS服务器 域名
root@xuer:~# dig @8.8.8.8 mx sina.com; <<>> DiG 9.10.3-P4-Debian <<>> @8.8.8.8 mx sina.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61484
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;sina.com. IN MX;; ANSWER SECTION:
sina.com. 60 IN MX 10 freemx2.sinamail.sina.com.cn.
sina.com. 60 IN MX 5 freemx1.sinamail.sina.com.cn.
sina.com. 60 IN MX 10 freemx3.sinamail.sina.com.cn.;; Query time: 63 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Tue Apr 23 16:39:59 CST 2019
;; MSG SIZE rcvd: 129- 筛选过滤解析(筛选出answer项)
dig +noall +answer @8.8.8.8 sina.com any
root@xuer:~# dig +noall +answer @8.8.8.8 sina.com any
sina.com. 59 IN A 66.102.251.33
sina.com. 59 IN TXT "v=spf1 include:spf.sinamail.sina.com.cn -all"
sina.com. 299 IN SOA ns1.sina.com.cn. zhihao.staff.sina.com.cn. 2005042601 900 300 604800 300
sina.com. 21599 IN NS ns2.sina.com.
sina.com. 21599 IN NS ns2.sina.com.cn.
sina.com. 21599 IN NS ns3.sina.com.cn.
sina.com. 21599 IN NS ns4.sina.com.cn.
sina.com. 21599 IN NS ns1.sina.com.cn.
sina.com. 21599 IN NS ns1.sina.com.
sina.com. 21599 IN NS ns4.sina.com.
sina.com. 21599 IN NS ns3.sina.com.
sina.com. 59 IN MX 5 freemx1.sinamail.sina.com.cn.
sina.com. 59 IN MX 10 freemx2.sinamail.sina.com.cn.
sina.com. 59 IN MX 10 freemx3.sinamail.sina.com.cn.- 反向查询
dig +noall +answer -x 8.8.8.8 #dig +noall(什么也不显示) +answer(只显示answer信息) -x(反向解析) IP地址
dig +noall +answer -x 114.114.114.114
root@xuer:~# dig +noall +answer -x 8.8.8.8
8.8.8.8.in-addr.arpa. 5 IN PTR google-public-dns-a.google.com.
root@xuer:~# dig +noall +answer -x 114.114.114.114
114.114.114.114.in-addr.arpa. 5 IN PTR public1.114dns.com.- Bind信息版本
dig +noall +answer txt chaos VERSION.BIND @ns3.dnsv4.com
dig +noall +answer txt chaos VERSION.BIND @ns4.sina.com.
dig +noall +answer txt chaos VERSION.BIND @ns2.baidu.com.
root@xuer:~# dig +noall +answer txt chaos VERSION.BIND @ns3.dnsv4.com
VERSION.BIND. 0 CH TXT "1.1.1711.01"
root@xuer:~# dig +noall +answer txt chaos VERSION.BIND @ns4.sina.com.
VERSION.BIND. 0 CH TXT " "
root@xuer:~# dig +noall +answer txt chaos VERSION.BIND @ns2.baidu.com.
VERSION.BIND. 0 CH TXT "baidu dns"
- DNS追踪(递归与迭代查询)
dig +trace sina.com #根域——.com域——sina.com域——www.sina.com
root@xuer:~# dig +trace sina.com
;; Warning: Message parser reports malformed message packet.; <<>> DiG 9.10.3-P4-Debian <<>> +trace sina.com
;; global options: +cmd
. 5 IN NS d.root-servers.net.
. 5 IN NS l.root-servers.net.
. 5 IN NS j.root-servers.net.
. 5 IN NS m.root-servers.net.
. 5 IN NS c.root-servers.net.
. 5 IN NS a.root-servers.net.
. 5 IN NS i.root-servers.net.
. 5 IN NS f.root-servers.net.
. 5 IN NS h.root-servers.net.
. 5 IN NS b.root-servers.net.
. 5 IN NS k.root-servers.net.
. 5 IN NS e.root-servers.net.
. 5 IN NS g.root-servers.net.
;; Received 512 bytes from 192.168.10.2#53(192.168.10.2) in 85 mscom. 172800 IN NS h.gtld-servers.net.
com. 172800 IN NS d.gtld-servers.net.
com. 172800 IN NS a.gtld-servers.net.
com. 172800 IN NS i.gtld-servers.net.
com. 172800 IN NS c.gtld-servers.net.
com. 172800 IN NS k.gtld-servers.net.
com. 172800 IN NS m.gtld-servers.net.
com. 172800 IN NS f.gtld-servers.net.
com. 172800 IN NS b.gtld-servers.net.
com. 172800 IN NS j.gtld-servers.net.
com. 172800 IN NS l.gtld-servers.net.
com. 172800 IN NS g.gtld-servers.net.
com. 172800 IN NS e.gtld-servers.net.
com. 86400 IN DS 30909 8 2 E2D3C916F6DEEAC73294E8268FB5885044A833FC5459588F4A9184CF C41A5766
com. 86400 IN RRSIG DS 8 1 86400 20190505050000 20190422040000 25266 . j2mlpUL+0e0pKViD6DvLdC8FymlBVzT2TFyCHevc2vZotFcsxESsfc2i JThJGW4GtCfKHAzud8FLWibTdp8YmePd478XXzQ88zgS3vHcbErnGcvX nL441qccNwvnpv3diKZ6F5PyjbbsV2OcpD1bzVmJE3NEy2AuDYqBrXG7 5SsSHCyLISXeF5OMASFT3SVNq0HfqJ1hxp4Os+MFhKnd2DSp/Wld1sK2 W4eeBt6ceBm4NouIvzPFz63kI9qk2p8lswe5es3tbhPwxWDNdhpXX/Cd pxaU+AsUGsq6SAl7zJdVaXaYlxfJpVFz+wrrksoGK2JeDbPRTrPrtb8Y OQq1cw==
;; Received 1168 bytes from 192.112.36.4#53(g.root-servers.net) in 204 mssina.com. 172800 IN NS ns1.sina.com.cn.
sina.com. 172800 IN NS ns2.sina.com.cn.
sina.com. 172800 IN NS ns3.sina.com.cn.
sina.com. 172800 IN NS ns1.sina.com.
sina.com. 172800 IN NS ns2.sina.com.
sina.com. 172800 IN NS ns4.sina.com.
sina.com. 172800 IN NS ns3.sina.com.
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN NSEC3 1 1 0 - CK0Q1GIN43N1ARRC9OSM6QPQR81H5M9A NS SOA RRSIG DNSKEY NSEC3PARAM
CK0POJMG874LJREF7EFN8430QVIT8BSM.com. 86400 IN RRSIG NSEC3 8 2 86400 20190429044545 20190422033545 3800 com. I7ZicA+yc/vhrcFDvhWKgDnobDmIBvVTQdjupvBoULcng9u9DKXjXc8u 5ixqO0CQMnogd9XRhyVT6+yu7YZiG6KHYUxnHSZcvyhnnMiJzCS1Olxx SjPsMHTnnCW8KQHHtNCAJHu7BLYINnSoRh7RqxYPqmo4JzZTwWZG9mcE MLw=
TGAG8VMC6NS5VVK68CIGRJ6Q414N2KB2.com. 86400 IN NSEC3 1 1 0 - TGAIBD36C6B9GMU6EB96HFA3PBUKS49B NS DS RRSIG
TGAG8VMC6NS5VVK68CIGRJ6Q414N2KB2.com. 86400 IN RRSIG NSEC3 8 2 86400 20190428053823 20190421042823 3800 com. jpAQ2wa1a/GCx6S0I/V19jmKpT4uax6LIoa9G2p++0dPkfdL+PBUjeVG ngKU+s4Tq/KcHZNH4EAXl5EnS9PYbQ2u1xvIX42P8T8D/MrGig78xHCx gBNIq/rDCRwa3z8incfWc6bWS/dCZExtwzGoXrUbWusQlAWoJJsh6dtB N60=
;; Received 723 bytes from 192.48.79.30#53(j.gtld-servers.net) in 321 mssina.com. 60 IN A 66.102.251.33
sina.com. 86400 IN NS ns1.sina.com.cn.
sina.com. 86400 IN NS ns3.sina.com.cn.
sina.com. 86400 IN NS ns1.sina.com.
sina.com. 86400 IN NS ns3.sina.com.
sina.com. 86400 IN NS ns2.sina.com.
sina.com. 86400 IN NS ns4.sina.com.
sina.com. 86400 IN NS ns4.sina.com.cn.
sina.com. 86400 IN NS ns2.sina.com.cn.
;; Received 336 bytes from 114.134.80.145#53(ns2.sina.com) in 237 ms
>DNS区域传输
- 区域传输:将一个区域文件复制到多个DNS服务器上的过程
- 该功能能够完成DNS服务器之间的数据库同步,一般只发生在DNS服务器之间
- 若DNS区域传输存在漏洞,则可利用DNS区域传输来查看目标的记录(必须知道DNS服务器)
- 采用 dig @域名服务器 域名 传输方法axfr (AXFR(Request for full zone transfer))同步数据库记录;
dig @ns1.sina.com sina.com axfr
host -T -l sina.com ns1.sina.com
root@xuer:~# dig @ns1.sina.com sina.com axfr
; <<>> DiG 9.11.3-1-Debian <<>> @ns1.sina.com sina.com axfr
; (1 server found)
;; global options: +cmd
; Transfer failed.root@xuer:~# host -T -l sina.com ns1.sina.com
Using domain server:
Name: ns1.sina.com
Address: 114.134.80.144#53
Aliases: Host sina.com not found: 5(REFUSED)
; Transfer failed.>DNS字典爆破
- fierce
dpkg -L fierce #查询系统中与fierce相关文件(dpkg是进行包管理的)
fierce -dnsserver 8.8.8.8 -dns sina.com -wordlist hosts.txt # -dnsserver指定DNS服务器 -dns指定所查域 -wordlist指定字典
root@xuer:~# dpkg -L fierce
/.
/usr
/usr/bin
/usr/bin/fierce
/usr/share
/usr/share/doc
/usr/share/doc/fierce
/usr/share/doc/fierce/changelog.Debian.gz
/usr/share/doc/fierce/copyright
/usr/share/fierce
/usr/share/fierce/hosts.txt #fierce爆破字典
root@xuer:~# fierce -dnsserver 8.8.8.8 -dns sina.com -wordlist hosts.txt
DNS Servers for sina.com:ns4.sina.com.cnns2.sina.comns3.sina.com.cnns1.sina.comns4.sina.comns3.sina.comns2.sina.com.cnns1.sina.com.cnTrying zone transfer first...Unsuccessful in zone transfer (it was worth a shot)
Okay, trying the good old fashioned way... brute force
Can't open hosts.txt or the default wordlist
Exiting...
- dnsenum
dpkg -L dnsenum #查询系统中与dnsenum相关的文件
dnsenum -f /usr/share/dnsenum/dns.txt -dnsserver 8.8.8.8 sina.com -o sina.xml # -f指定字典 -dnsserver指定DNS服务器
root@xuer:~# dpkg -L dnsenum
/.
/usr
/usr/bin
/usr/bin/dnsenum
/usr/share
/usr/share/dnsenum
/usr/share/dnsenum/dns.txt
/usr/share/doc
/usr/share/doc/dnsenum
/usr/share/doc/dnsenum/README.md
/usr/share/doc/dnsenum/changelog.Debian.gz
/usr/share/doc/dnsenum/copyright
root@xuer:~# dnsenum -f /usr/share/dnsenum/dns.txt -dnsserver 8.8.8.8 sina.com -o sina.xml
Smartmatch is experimental at /usr/bin/dnsenum line 698.
Smartmatch is experimental at /usr/bin/dnsenum line 698.
dnsenum VERSION:1.2.4----- sina.com -----Host's addresses:
__________________sina.com. 4 IN A 66.102.251.33Name Servers:
______________ns1.sina.com.cn. 338 IN A 202.106.184.166
ns3.sina.com. 523 IN A 180.149.138.199
ns2.sina.com.cn. 2524 IN A 180.149.138.199
ns4.sina.com.cn. 162 IN A 121.14.1.22
ns4.sina.com. 1726 IN A 123.125.29.99
ns2.sina.com. 1670 IN A 114.134.80.145
ns1.sina.com. 1280 IN A 114.134.80.144
ns3.sina.com.cn. 2872 IN A 123.125.29.99Mail (MX) Servers:
___________________freemx3.sinamail.sina.com.cn. 60 IN A 39.156.6.104
freemx1.sinamail.sina.com.cn. 55 IN A 39.156.6.104
freemx2.sinamail.sina.com.cn. 60 IN A 121.14.32.117Trying Zone Transfers and getting Bind Versions:
_________________________________________________Trying Zone Transfer for sina.com on ns1.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns3.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns2.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns4.sina.com.cn ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns4.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns2.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns1.sina.com ...
AXFR record query failed: REFUSEDTrying Zone Transfer for sina.com on ns3.sina.com.cn ...
AXFR record query failed: REFUSEDBrute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________ads.sina.com. 60 IN CNAME ww1.sinaimg.cn.w.alikunlun.com.
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.233
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.229
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.230
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.226
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.227
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.232
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.228
ww1.sinaimg.cn.w.alikunlun.com. 46 IN A 111.19.237.231
blog.sina.com. 60 IN CNAME blog.sina.com.cn.
blog.sina.com.cn. 30 IN CNAME blogx.sina.com.cn.
blogx.sina.com.cn. 17 IN A 49.7.37.126
client.sina.com. 60 IN A 66.102.251.24
.......
- dnsmap
dpkg -L dnsmap #查询系统中与dnsmap相关的文件
dnsmap sina.com -w /usr/share/dnsmap/wordlist_TLAs.txt
root@xuer:~# dpkg -L dnsmap
/.
/usr
/usr/share
/usr/share/doc
/usr/share/doc/dnsmap
/usr/share/doc/dnsmap/README.txt.gz
/usr/share/doc/dnsmap/TODO.txt
/usr/share/doc/dnsmap/changelog.gz
/usr/share/doc/dnsmap/use_cases.txt
/usr/share/doc/dnsmap/CREDITS.txt
/usr/share/doc/dnsmap/copyright
/usr/share/doc/dnsmap/changelog.Debian.gz
/usr/share/dnsmap
/usr/share/dnsmap/wordlist_TLAs.txt
/usr/bin
/usr/bin/dnsmap-bulk.sh
/usr/bin/dnsmap
root@xuer:~# dnsmap sina.com -w /usr/share/dnsmap/wordlist_TLAs.txt
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)[+] searching (sub)domains for sina.com using /usr/share/dnsmap/wordlist_TLAs.txt
[+] using maximum random delay of 10 millisecond(s) between requestsads.sina.com
IP address #1: 111.19.237.230
IP address #2: 111.19.237.226
IP address #3: 111.19.237.229
IP address #4: 111.19.237.231
IP address #5: 111.19.237.228
IP address #6: 111.19.237.227
IP address #7: 111.19.237.233
IP address #8: 111.19.237.232
......>DNS注册信息
whois baidu.com #查询baidu.com的注册信息
whois -h whois.apnic.net 192.0.43.10 #查看域名相关信息
root@xuer:~# whois baidu.comDomain Name: BAIDU.COMRegistry Domain ID: 11181110_DOMAIN_COM-VRSNRegistrar WHOIS Server: whois.markmonitor.comRegistrar URL: http://www.markmonitor.comUpdated Date: 2019-01-25T04:08:55ZCreation Date: 1999-10-11T11:05:17ZRegistry Expiry Date: 2026-10-11T11:05:17ZRegistrar: MarkMonitor Inc.Registrar IANA ID: 292Registrar Abuse Contact Email: abusecomplaints@markmonitor.comRegistrar Abuse Contact Phone: +1.2083895740Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibitedDomain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibitedDomain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibitedDomain Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibitedDomain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibitedDomain Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibitedName Server: NS1.BAIDU.COMName Server: NS2.BAIDU.COMName Server: NS3.BAIDU.COMName Server: NS4.BAIDU.COMName Server: NS7.BAIDU.COMDNSSEC: unsignedURL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2019-04-22T13:36:00Z <<<For more information on Whois status codes, please visit https://icann.org/eppNOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Domain Name: baidu.com
Registry Domain ID: 11181110_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2019-01-24T20:00:51-0800
Creation Date: 1999-10-11T04:05:17-0700
Registrar Registration Expiration Date: 2026-10-11T00:00:00-0700
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints@markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited)
Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited)
Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited)
Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited)
Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited)
Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited)
Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Registrant State/Province: Beijing
Registrant Country: CN
Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Admin State/Province: Beijing
Admin Country: CN
Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd.
Tech State/Province: Beijing
Tech Country: CN
Name Server: ns7.baidu.com
Name Server: ns3.baidu.com
Name Server: ns2.baidu.com
Name Server: ns4.baidu.com
Name Server: ns1.baidu.com
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019-04-22T06:26:30-0700 <<<For more information on WHOIS status codes, please visit:https://www.icann.org/resources/pages/epp-status-codesIf you wish to contact this domain’s Registrant, Administrative, or Technical
contact, and such email address is not visible above, you may do so via our web
form, pursuant to ICANN’s Temporary Specification. To verify that you are not a
robot, please enter your email address to receive a link to a page that
facilitates email communication with the relevant contact(s).Web-based WHOIS:https://domains.markmonitor.com/whoisIf you have a legitimate interest in viewing the non-public WHOIS details, send
your request and the reasons for your request to whoisrequest@markmonitor.com
and specify the domain name in the subject line. We will review that request and
may ask for supporting documentation and explanation.The data in MarkMonitor’s WHOIS database is provided for information purposes,
and to assist persons in obtaining information about or related to a domain
name’s registration record. While MarkMonitor believes the data to be accurate,
the data is provided "as is" with no guarantee or warranties regarding its
accuracy.By submitting a WHOIS query, you agree that you will use this data only for
lawful purposes and that, under no circumstances will you use this data to:(1) allow, enable, or otherwise support the transmission by email, telephone,
or facsimile of mass, unsolicited, commercial advertising, or spam; or(2) enable high volume, automated, or electronic processes that send queries,
data, or email to MarkMonitor (or its systems) or the domain name contacts (or
its systems).MarkMonitor.com reserves the right to modify these terms at any time.By submitting this query, you agree to abide by this policy.MarkMonitor is the Global Leader in Online Brand Protection.MarkMonitor Domain Management(TM)
MarkMonitor Brand Protection(TM)
MarkMonitor AntiCounterfeiting(TM)
MarkMonitor AntiPiracy(TM)
MarkMonitor AntiFraud(TM)
Professional and Managed ServicesVisit MarkMonitor at https://www.markmonitor.com
Contact us at +1.8007459229
In Europe, at +44.02032062220
--
root@xuer:~# whois -h whois.apnic.net 192.0.43.10
% [whois.apnic.net]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html% Information related to '192.0.0.0 - 192.255.255.255'% Abuse contact for '192.0.0.0 - 192.255.255.255' is 'helpdesk@apnic.net'inetnum: 192.0.0.0 - 192.255.255.255
netname: ERX-NETBLOCK
descr: Early registration addresses
remarks: ------------------------------------------------------
remarks: Important:
remarks:
remarks: Networks in this range were allocated by InterNIC
remarks: prior to the formation of Regional Internet
remarks: Registries (RIRs): AfriNIC, APNIC, ARIN, LACNIC and RIPE NCC.
remarks:
remarks: Address ranges from this historical space have now
remarks: been transferred to the appropriate RIR database.
remarks:
remarks: If your search has returned this record, it means the
remarks: address range is not administered by APNIC.
remarks:
remarks: Instead, please search one of the following databases:
remarks:
remarks: - AfriNIC (Africa)
remarks: website: http://www.afrinic.net/
remarks: command line: whois.afrinic.net
remarks:
remarks: - ARIN (Northern America)
remarks: website: http://www.arin.net/
remarks: command line: whois.arin.net
remarks:
remarks: - LACNIC (Latin America and the Carribean)
remarks: website: http://www.lacnic.net/
remarks: command line: whois.lacnic.net
remarks:
remarks: - RIPE NCC (Europe)
remarks: website: http://www.ripe.net/
remarks: command line: whois.ripe.net
remarks:
remarks: For information on the Early Registration Transfer
remarks: (ERX) project, see:
remarks:
remarks: http://www.apnic.net/db/erx
remarks:
remarks: ------------------------------------------------------
country: AU
admin-c: IANA1-AP
tech-c: IANA1-AP
mnt-by: APNIC-HM
mnt-lower: APNIC-HM
status: ALLOCATED PORTABLE
last-modified: 2015-08-28T00:31:46Z
source: APNIC
mnt-irt: IRT-APNIC-APirt: IRT-APNIC-AP
address: Brisbane, Australia
e-mail: helpdesk@apnic.net
abuse-mailbox: helpdesk@apnic.net
admin-c: HM20-AP
tech-c: NO4-AP
auth: # Filtered
remarks: APNIC is a Regional Internet Registry.
remarks: We do not operate the referring network and
remarks: are unable to investigate complaints of network abuse.
remarks: For information about IRT, see www.apnic.net/irt
mnt-by: APNIC-HM
last-modified: 2019-02-14T05:37:22Z
source: APNICrole: Internet Assigned Numbers Authority
address: see http://www.iana.org.
admin-c: IANA1-AP
tech-c: IANA1-AP
nic-hdl: IANA1-AP
remarks: For more information on IANA services
remarks: go to IANA web site at http://www.iana.org.
mnt-by: MAINT-APNIC-AP
last-modified: 2018-06-22T22:34:30Z
source: APNIC% This query was served by the APNIC Whois Service version 1.88.15-46 (WHOIS-NODE3)WEB渗透测试(一)被动信息收集1(DNS信息收集、DNS字典爆破、DNS注册信息)相关推荐
- Kali linux 学习笔记(七)被动信息收集——DNS(nslookup、dig、区域传输、字典爆破、注册信息) 2020.2.17
前言 被动信息收集定义可认为如下: 公开渠道可获得的信息 与目标系统不产生直接交互 尽量避免留下一切痕迹 有两个最早的官方文件如下: 美国军方:http://www.fas.org/irp/doddi ...
- 渗透测试-最全Web 渗透测试信息搜集-CheckList
干货 | 最全Web 渗透测试信息搜集-CheckList 文章目录 干货 | 最全Web 渗透测试信息搜集-CheckList 前言 1.获取真实IP 2.如何判断是否是CDN 使用ping域名判断 ...
- 学完可入狱:《Web渗透测试-基于Kali Linux》经典黑客入门教程
特别说明 此教程为纯技术分享!严禁利用本书所提到的漏洞和技术进行非法攻击,本书的目的决不是为那些怀有不良动机的人提供及技术支持!也不承担因为技术被滥用所产生的连带责任! 前言 网络江湖,风起云涌,攻防 ...
- 软件测试:web渗透测试怎样入门!讲透了...
一.简介 1.web渗透测试概述 渗透测试:模拟恶意黑客的攻击方法,来评估计算机网络系统安全的一种评估方法. web渗透测试:只针对web应用的渗透测试 2.常见web安全漏洞 1.输入输出验证不充分 ...
- Web渗透测试对靶机注入shell(phpMyAdmin)
Web渗透测试对靶机注入shell 文章目录 Web渗透测试对靶机注入shell 1.寻找目标信息 netdiscover扫描 nmap扫描 利用御剑后台进行扫描 2.对登录页面进行暴力破解 启动bu ...
- Kali Linux Web 渗透测试秘籍 第三章 爬虫和蜘蛛
第三章 爬虫和蜘蛛 作者:Gilberto Najera-Gutierrez 译者:飞龙 协议:CC BY-NC-SA 4.0 简介 渗透测试可以通过多种途径完成,例如黑盒.灰盒和白盒.黑盒测试在测试 ...
- Web渗透测试常规套路
注:文章首发自合天智汇微信公众平台 0x01:本篇文章旨在给小白白们做一次有关web渗透的科普,其中涉及到的套路.工具可能在如今XX狗.XX盾当道的社会已不再适用,但是其中涉及的思想永远不会过时,其中 ...
- web渗透测试实战-SQLMAP
一.实验项目名称 web渗透测试实战-SQLMAP 二.实验目的及要求 熟悉SQL注入漏洞原理 熟悉SQLMAP工具使用. 1.获取数据库信息:数据库漏洞.数据库名.数据库版本等 python sql ...
- Kali Linux Web渗透测试手册(第二版) - 1.3 - 靶机的安装
Kali Linux Web渗透测试手册(第二版) - 1.3 - 靶机的安装 一.配置KALI Linux和渗透测试环境 在这一章,我们将覆盖以下内容: 在Windows和Linux上安装Virt ...
最新文章
- ACL2022引入滚动审稿机制,Deadline不足一个月啦
- 【狼】unity3d point light 个数限制更改
- 5、CSS 外边距合并
- python PyQt5 QtWidgets.QWidget.size()函数 QSize
- 项目范围管理——知识要点
- FreeEIM V 2.8.9.8 改善计划
- Hibernate框架 简述
- @AspectJ中的几种通知方式详解
- SubscriptionState分析
- 70. 爬楼梯(JavaScript 完全背包)
- Log4net之开始使用
- virtualenv -- python虚拟沙盒
- 量化交易实战【1】自己搭建一个的股票交易回测框架,并通过均线择时策略进行回测
- F12下载网页视频(开放网页)
- Android:插值器(Interpolator)和估值器(TypeEvaluator)的理解和使用
- 高中数学立体几何高考真题解题技巧(名师总结)
- nandwrite 参数
- USB无线网卡共享台式机接入ADSL无线上网
- 【人工智能】2028:AI创造了哪些工作?未来10年21个核心工作岗位 。
- LeetCode买卖股票之一:基本套路(122)