Ok, there are many ways to reach information about
a server. In this challenges we need to get four
differents values, IPadd', Nameserver (Domain),
Hostname (Hoster) and the HTTPv.
Lets start, IP address we can get with pinging.
just: ping TARGET and we can see the data of the
packets that the ICMP send and received.
Nameserver/Domain we can get with the NSLOOKUP
service, NSLOOKUP is a nice tool that help us to
mapping the the "sub-servers" in our target. we
can choose what we want to record by changing the
RRT to what we want. RRT it's a ResourceRecordType,
and the default resource record type is A (IP address),
there are other options such a MX (Mail Exchanger),
NS (name server), UID (User Identifier) and more,
the complete list available Here.
Ok, we need the name server, so it's goes like
> set querytype=NS
> set root=TARGET.COM
the output will be like that:
TARGET.com nameserver = name1.TARGET.com
TARGET.com nameserver = name2.TARGET.com
After we got the nameserver, we need to get the
Host name, to do that, we need to get deeper.
for that, we need to find a good Whois service,
the most familiar is GoDaddy, it will send a
whois query, and by looking at the Administrative
Contact, or at the we can realize who is the hoster
and what his name.
The last detail that we need is the version of
the HTTP service that running on the server, to
do that, we just need to send an HTTP request to
the target and look at the recieved packets, we
can do that simply with telnet,
just connect to the server on port 80, do some
bad GET request and look at the 400 error syntax,
it's goes like that:
Welcome to Microsoft Telnet Client
Escape Character is 'CTRL+]'
Microsoft Telnet> o
( to ) TARGET.com 80
Connecting To TARGET.com...
GET /bla HTTP <- [bad GET-HTTP request]
and the output will be something like that:
[The output will be different in differents servers]
HTTP/xxx 400 Bad Request
Date: Sat, 17 May 2008 21:57:31 GMT
Connection to host lost.
By looking at the first line, we can see the
version of the HTTP :)
Written by cp77fk4r [17/5/08]