Kali渗透(一)—-信息收集之域名(WHOIS)

摘要

一、信息收集分类

信息收集的方法可归为两类:

1.主动式收集:主动式收集是通过直接发起与被测目标网络之间的互动来获取相关信息,例如,ICMP ping或者TCP端口扫描。

2.被动式收集:被动式收集则是通过第三方服务来获取目标网络的相关信息,例如使用谷歌搜索引擎等。

二、域名信息收集 

whios是个标准的互联网协议,可用于收集网络注册,注册域名,IP地址和自治系统的信息,whios数据库记录有该域名的DNS服务器信息和注册人的联系信息。

三、示例

默认安装的kali中带有whois的客户端,如需查询某一域名的whois信息,可在终端中使用下述whois命令:

root@kali:~# whois baidu.com  Whois Server Version 2.0  Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.     Domain Name: BAIDU.COM    Registrar: MARKMONITOR INC.    Sponsoring Registrar IANA ID: 292    Whois Server: whois.markmonitor.com    Referral URL: http://www.markmonitor.com    Name Server: DNS.BAIDU.COM    Name Server: NS2.BAIDU.COM    Name Server: NS3.BAIDU.COM    Name Server: NS4.BAIDU.COM    Name Server: NS7.BAIDU.COM    Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited    Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited    Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited    Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited    Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited    Updated Date: 10-sep-2015    Creation Date: 11-oct-1999    Expiration Date: 11-oct-2017  >>> Last update of whois database: Wed, 05 Apr 2017 02:56:21 GMT <<<  For more information on Whois status codes, please visit https://icann.org/epp  NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar.  Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration.  TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability.  VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time.  The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: baidu.com Registry Domain ID: 11181110_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2017-02-13T01:04:21-0800 Creation Date: 1999-10-11T04:05:17-0700 Registrar Registration Expiration Date: 2017-10-11T00:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited) Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited) Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited) Registry Registrant ID:  Registrant Name: Domain Admin Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Registrant Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Registrant City: Beijing Registrant State/Province: Beijing Registrant Postal Code: 100085 Registrant Country: CN Registrant Phone: +86.1059928888 Registrant Phone Ext:  Registrant Fax: +86.1059928888 Registrant Fax Ext:  Registrant Email: domainmaster@baidu.com Registry Admin ID:  Admin Name: Domain Admin Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Admin Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Admin City: Beijing Admin State/Province: Beijing Admin Postal Code: 100085 Admin Country: CN Admin Phone: +86.1059928888 Admin Phone Ext:  Admin Fax: +86.1059928888 Admin Fax Ext:  Admin Email: domainmaster@baidu.com Registry Tech ID:  Tech Name: Domain Admin Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Tech Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Tech City: Beijing Tech State/Province: Beijing Tech Postal Code: 100085 Tech Country: CN Tech Phone: +86.1059928888 Tech Phone Ext:  Tech Fax: +86.1059928888 Tech Fax Ext:  Tech Email: domainmaster@baidu.com Name Server: ns4.baidu.com Name Server: ns3.baidu.com Name Server: dns.baidu.com Name Server: ns7.baidu.com Name Server: ns2.baidu.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2017-04-04T19:54:32-0700 <<<  The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record.  MarkMonitor.com does not guarantee its accuracy.  By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to:  (1) allow, enable, or otherwise support the transmission of mass unsolicited,      commercial advertising or solicitations via e-mail (spam); or  (2) enable high volume, automated, electronic processes that apply to      MarkMonitor.com (or its systems). MarkMonitor.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.  MarkMonitor is the Global Leader in Online Brand Protection.  MarkMonitor Domain Management(TM) MarkMonitor Brand Protection(TM) MarkMonitor AntiPiracy(TM) MarkMonitor AntiFraud(TM) Professional and Managed Services  Visit MarkMonitor at http://www.markmonitor.com Contact us at +1.8007459229 In Europe, at +44.02032062220  For more information on Whois status codes, please visit  https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en --

可以从这返回的结果中获取DNS服务器的信息以及域名的注册人的联系方式,这些信息会在渗透测试的后续阶段发挥作用,当然也可以通过一些在线的工具进行查询:

站长之家: http://whois.chinaz.com/

全球WHOIS查询: https://www.whois365.com/cn/

爱站: http://www.aizhan.com/

阿里云: https://whois.aliyun.com/whois/domain/

一、信息收集分类

信息收集的方法可归为两类:

1.主动式收集:主动式收集是通过直接发起与被测目标网络之间的互动来获取相关信息,例如,ICMP ping或者TCP端口扫描。

2.被动式收集:被动式收集则是通过第三方服务来获取目标网络的相关信息,例如使用谷歌搜索引擎等。

二、域名信息收集 

whios是个标准的互联网协议,可用于收集网络注册,注册域名,IP地址和自治系统的信息,whios数据库记录有该域名的DNS服务器信息和注册人的联系信息。

三、示例

默认安装的kali中带有whois的客户端,如需查询某一域名的whois信息,可在终端中使用下述whois命令:

root@kali:~# whois baidu.com  Whois Server Version 2.0  Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information.     Domain Name: BAIDU.COM    Registrar: MARKMONITOR INC.    Sponsoring Registrar IANA ID: 292    Whois Server: whois.markmonitor.com    Referral URL: http://www.markmonitor.com    Name Server: DNS.BAIDU.COM    Name Server: NS2.BAIDU.COM    Name Server: NS3.BAIDU.COM    Name Server: NS4.BAIDU.COM    Name Server: NS7.BAIDU.COM    Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited    Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited    Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited    Status: serverDeleteProhibited https://icann.org/epp#serverDeleteProhibited    Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited    Status: serverUpdateProhibited https://icann.org/epp#serverUpdateProhibited    Updated Date: 10-sep-2015    Creation Date: 11-oct-1999    Expiration Date: 11-oct-2017  >>> Last update of whois database: Wed, 05 Apr 2017 02:56:21 GMT <<<  For more information on Whois status codes, please visit https://icann.org/epp  NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar.  Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration.  TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability.  VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time.  The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. Domain Name: baidu.com Registry Domain ID: 11181110_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2017-02-13T01:04:21-0800 Creation Date: 1999-10-11T04:05:17-0700 Registrar Registration Expiration Date: 2017-10-11T00:00:00-0700 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints@markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited (https://www.icann.org/epp#clientUpdateProhibited) Domain Status: clientTransferProhibited (https://www.icann.org/epp#clientTransferProhibited) Domain Status: clientDeleteProhibited (https://www.icann.org/epp#clientDeleteProhibited) Domain Status: serverUpdateProhibited (https://www.icann.org/epp#serverUpdateProhibited) Domain Status: serverTransferProhibited (https://www.icann.org/epp#serverTransferProhibited) Domain Status: serverDeleteProhibited (https://www.icann.org/epp#serverDeleteProhibited) Registry Registrant ID:  Registrant Name: Domain Admin Registrant Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Registrant Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Registrant City: Beijing Registrant State/Province: Beijing Registrant Postal Code: 100085 Registrant Country: CN Registrant Phone: +86.1059928888 Registrant Phone Ext:  Registrant Fax: +86.1059928888 Registrant Fax Ext:  Registrant Email: domainmaster@baidu.com Registry Admin ID:  Admin Name: Domain Admin Admin Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Admin Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Admin City: Beijing Admin State/Province: Beijing Admin Postal Code: 100085 Admin Country: CN Admin Phone: +86.1059928888 Admin Phone Ext:  Admin Fax: +86.1059928888 Admin Fax Ext:  Admin Email: domainmaster@baidu.com Registry Tech ID:  Tech Name: Domain Admin Tech Organization: Beijing Baidu Netcom Science Technology Co., Ltd. Tech Street: 3F Baidu Campus No.10, Shangdi 10th Street Haidian District Tech City: Beijing Tech State/Province: Beijing Tech Postal Code: 100085 Tech Country: CN Tech Phone: +86.1059928888 Tech Phone Ext:  Tech Fax: +86.1059928888 Tech Fax Ext:  Tech Email: domainmaster@baidu.com Name Server: ns4.baidu.com Name Server: ns3.baidu.com Name Server: dns.baidu.com Name Server: ns7.baidu.com Name Server: ns2.baidu.com DNSSEC: unsigned URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/ >>> Last update of WHOIS database: 2017-04-04T19:54:32-0700 <<<  The Data in MarkMonitor.com's WHOIS database is provided by MarkMonitor.com for information purposes, and to assist persons in obtaining information about or related to a domain name registration record.  MarkMonitor.com does not guarantee its accuracy.  By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to:  (1) allow, enable, or otherwise support the transmission of mass unsolicited,      commercial advertising or solicitations via e-mail (spam); or  (2) enable high volume, automated, electronic processes that apply to      MarkMonitor.com (or its systems). MarkMonitor.com reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.  MarkMonitor is the Global Leader in Online Brand Protection.  MarkMonitor Domain Management(TM) MarkMonitor Brand Protection(TM) MarkMonitor AntiPiracy(TM) MarkMonitor AntiFraud(TM) Professional and Managed Services  Visit MarkMonitor at http://www.markmonitor.com Contact us at +1.8007459229 In Europe, at +44.02032062220  For more information on Whois status codes, please visit  https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en --

可以从这返回的结果中获取DNS服务器的信息以及域名的注册人的联系方式,这些信息会在渗透测试的后续阶段发挥作用,当然也可以通过一些在线的工具进行查询:

站长之家: http://whois.chinaz.com/

全球WHOIS查询: https://www.whois365.com/cn/

爱站: http://www.aizhan.com/

阿里云: https://whois.aliyun.com/whois/domain/

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: