TryThis0ne - Hacking Challenges!

Password:

	Home


	Register

	News

	Security DB

	TryThis Gallery

	Medals

	Links

	Toolz

	Login

	About

Trythis0ne

File not found. Should I fake it? (Y/N)- Unknown

Article name: Help for the Who iZ? level (wrote by cp77fk4r).

:[Level: Who-iZ]:

Ok, there are many ways to reach information about
a server. In this challenges we need to get four
differents values, IPadd', Nameserver (Domain),
Hostname (Hoster) and the HTTPv.

Lets start, IP address we can get with pinging.
just: ping TARGET and we can see the data of the
packets that the ICMP send and received.

Nameserver/Domain we can get with the NSLOOKUP
service, NSLOOKUP is a nice tool that help us to
mapping the the "sub-servers" in our target. we
can choose what we want to record by changing the
RRT to what we want. RRT it's a ResourceRecordType,
and the default resource record type is A (IP address),
there are other options such a MX (Mail Exchanger),
NS (name server), UID (User Identifier) and more,
the complete list available Here.


Ok, we need the name server, so it's goes like
that:

[Start=>Run=>CMD=>NSLOOKUP]

> set querytype=NS
> set root=TARGET.COM
> TARGET.COM

the output will be like that:

TARGET.com nameserver = name1.TARGET.com
TARGET.com nameserver = name2.TARGET.com
.
.
.


After we got the nameserver, we need to get the
Host name, to do that, we need to get deeper.
for that, we need to find a good Whois service,
the most familiar is GoDaddy, it will send a 
whois query, and by looking at the Administrative 
Contact, or at the we can realize who is the hoster
and what his name.

The last detail that we need is the version of
the HTTP service that running on the server, to
do that, we just need to send an HTTP request to
the target and look at the recieved packets, we
can do that simply with telnet,

just connect to the server on port 80, do some
bad GET request and look at the 400 error syntax,
it's goes like that:

[Start=>Run=>CMD=>telnet]


Welcome to Microsoft Telnet Client

Escape Character is 'CTRL+]'

Microsoft Telnet> o
( to ) TARGET.com 80
Connecting To TARGET.com...

now type:
GET /bla HTTP   <- [bad GET-HTTP request]
{RETURN}
{RETURN}

and the output will be something like that:
[The output will be different in differents servers]

HTTP/xxx 400 Bad Request
Content-Type: text/html
Date: Sat, 17 May 2008 21:57:31 GMT
Connection: close
Content-Length: 20

<h1>Bad Request</h1>

Connection to host lost.


By looking at the first line, we can see the
version of the HTTP :)



Written by cp77fk4r [17/5/08]

Back
TryThis0ne - Hacking Challenges.

There are 13406 accounts in this site.

90700 People has logged on to this site.

Design By SBD