lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: keydet89 at yahoo.com (Harlan Carvey)
Subject: How to obtain hostname lists

None of this is really magic, and is publicly
available via a variety of sources...

> I would like to know what techniques can Intruders
> use to obtain a lists 
> of hostname and attack them with exploits code?
> For example, a huge list like:
> www.foo.com
> www.bar.com

Scanning, mostly.  Also, DNS zone transfers, but many
times it's just plugging a class C or B address range
into a scanner and hitting enter.

> And so on. Also, they can have a lists with certain
> criteria in common 
> (os, httpdver) and do a more selective attack. I
> want to know how they 
> can obtain hostnames asnd create a huge database for
> potencial host victims?

Besides the usual scanning techniques, throw Googling
and searches via Netcraft for httpd's into the mix.


=====
------------------------------------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/
------------------------------------------------------------------------

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ