Menu


Trythis0ne
If at first you do not succeed, blame your computer. If at first you don’t succeed, work for Microsoft. - Unknown
Article name: Help for the Who iZ? level (wrote by cp77fk4r).
:[Level: Who-iZ]:
Ok, there are many ways to reach information about a server. In this challenges we need to get four differents values, IPadd', Nameserver (Domain), Hostname (Hoster) and the HTTPv. Lets start, IP address we can get with pinging. just: ping TARGET and we can see the data of the packets that the ICMP send and received. Nameserver/Domain we can get with the NSLOOKUP service, NSLOOKUP is a nice tool that help us to mapping the the "sub-servers" in our target. we can choose what we want to record by changing the RRT to what we want. RRT it's a ResourceRecordType, and the default resource record type is A (IP address), there are other options such a MX (Mail Exchanger), NS (name server), UID (User Identifier) and more, the complete list available Here. Ok, we need the name server, so it's goes like that: [Start=>Run=>CMD=>NSLOOKUP] > set querytype=NS > set root=TARGET.COM > TARGET.COM the output will be like that: TARGET.com nameserver = name1.TARGET.com TARGET.com nameserver = name2.TARGET.com . . . After we got the nameserver, we need to get the Host name, to do that, we need to get deeper. for that, we need to find a good Whois service, the most familiar is GoDaddy, it will send a whois query, and by looking at the Administrative Contact, or at the we can realize who is the hoster and what his name. The last detail that we need is the version of the HTTP service that running on the server, to do that, we just need to send an HTTP request to the target and look at the recieved packets, we can do that simply with telnet, just connect to the server on port 80, do some bad GET request and look at the 400 error syntax, it's goes like that: [Start=>Run=>CMD=>telnet] Welcome to Microsoft Telnet Client Escape Character is 'CTRL+]' Microsoft Telnet> o ( to ) TARGET.com 80 Connecting To TARGET.com... now type: GET /bla HTTP <- [bad GET-HTTP request] {RETURN} {RETURN} and the output will be something like that: [The output will be different in differents servers] HTTP/xxx 400 Bad Request Content-Type: text/html Date: Sat, 17 May 2008 21:57:31 GMT Connection: close Content-Length: 20 <h1>Bad Request</h1> Connection to host lost. By looking at the first line, we can see the version of the HTTP :)
Written by cp77fk4r [17/5/08]
Back
TryThis0ne - Hacking Challenges.
TryThis0ne 2005-2014© :: Codingr :: B~HFH :: cp77fk4r :: There are 12770 accounts in this site. 89206 People has logged on to this site. Design By SBD