滲透測試-情報收集:被動信息收集
黑客筆記第二季:本系列實驗均採用黑客筆記在線靶場,非請勿試,被我抓到看我不打死你。
實驗環境:
黑客筆記博客:www.hackbiji.top黑客筆記社區:bbs.hackbiji.top
黑客筆記靶場:gun.hackbiji.top歡迎提建議,共同進步!
1.whois查詢
一上來,首先上whois查詢域名,發現沒啥信息,可以看出我購買域名的日期是2018年2月15日,唯一有價值的信息是域名伺服器directi.com,去谷歌查了一下,正是我購買域名的那家公司的服務。
sh-3.2# whois hackbiji.top
Domain Name: hackbiji.top
Registry Domain ID: D20180215G10001G_41080561-top
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: http://publicdomainregistry.com
Updated Date: 2018-02-15T05:34:55Z
Creation Date: 2018-02-15T05:34:52Z
Registry Expiry Date: 2019-02-15T05:34:52Z
Registrar: PDR Ltd
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +91.2013775952
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C20171017C_22889816-top
Registrant Name: Domain Admin
Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org)
Registrant Street: 10 Corporate Drive
Registrant City: Burlington
Registrant State/Province: MA
Registrant Postal Code: 01803
Registrant Country: US
Registrant Phone: +1.8022274003
Registrant Phone Ext: +1
Registrant Fax:
Registrant Fax Ext:
Registrant Email: contact@privacyprotect.org
Registry Admin ID: C20171017C_22889816-top
Admin Name: Domain Admin
Admin Organization: Privacy Protect, LLC (PrivacyProtect.org)
Admin Street: 10 Corporate Drive
Admin City: Burlington
Admin State/Province: MA
Admin Postal Code: 01803
Admin Country: US
Admin Phone: +1.8022274003
Admin Phone Ext: +1
Admin Fax:
Admin Fax Ext:
Admin Email: contact@privacyprotect.org
Registry Tech ID: C20171017C_22889816-top
Tech Name: Domain Admin
Tech Organization: Privacy Protect, LLC (PrivacyProtect.org)
Tech Street: 10 Corporate Drive
Tech City: Burlington
Tech State/Province: MA
Tech Postal Code: 01803
Tech Country: US
Tech Phone: +1.8022274003
Tech Phone Ext: +1
Tech Fax:
Tech Fax Ext:
Tech Email: contact@privacyprotect.org
Name Server: dns4.directi.com
Name Server: dns3.directi.com
Name Server: dns2.directi.com
Name Server: dns1.directi.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-09-18T15:23:49Z <<<
2.Netcraft查詢
接下來,上Netcraft查詢一下(https://searchdns.netcraft.com/)
可以看出www.hackbiji.top的網站信息是黑客筆記,並且郵箱是我的郵箱,也可以看出是github.com的web服務,以及IP地址等信息。
再看看黑客筆記在線靶場gun.hackbiji.top ,同樣可以看到我的郵箱,也可以看出是nginx的web服務,以及IP地址等信息。
3.nslookup查詢
再看看nslookup,可以看出我的黑客筆記博客網站其實是isgt93.github.io, 也可以看出和上面查詢結果一樣的IP地址,如何利用這個IP地址呢?下回分析。
sh-3.2# nslookup
> hackbiji.top
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: hackbiji.top
Address: 192.30.252.153
Name: hackbiji.top
Address: 192.30.252.154
> www.hackbiji.top
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
www.hackbiji.top canonical name = isgt93.github.io.
isgt93.github.io canonical name = sni.github.map.fastly.net.
Name: sni.github.map.fastly.net
Address: 185.199.111.153
Name: sni.github.map.fastly.net
Address: 185.199.109.153
Name: sni.github.map.fastly.net
Address: 185.199.110.153
Name: sni.github.map.fastly.net
Address: 185.199.108.153
> gun.hackbiji.top
Server: 192.168.0.1
Address: 192.168.0.1#53
Non-authoritative answer:
Name: gun.hackbiji.top
Address: 207.174.213.34
> bbs.hackbiji.top
Server: 192.168.1.1
Address: 192.168.1.1#53
Non-authoritative answer:
Name: bbs.hackbiji.top
Address: 207.174.213.34
>
推薦閱讀:
TAG:網路安全 | 滲透測試 | 黑客(Hacker) |