lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
From: roelof at sensepost.com (Roelof Temmingh)
Subject: Verisign abusing .COM/.NET - nothing new..

Hi all,

Abusing a TLD is nothing new...it's just recently that Verisign has done
it with .com and .net. There are many other TLDs that are "sucked up".
Sub TLDs also get sucked in...I am not listing them all here. Hereby some
of the TLD A record suckers:

.cc  206.253.214.101
.sh  194.205.62.62
.cx  219.88.106.80
.td  146.101.245.154
.tm  194.205.62.42
.tv  65.201.175.144
.mp  202.128.12.163
.ws  216.35.187.246
.ph  203.119.4.6
.io  194.205.62.107

and now:

.com  64.94.110.11
.net  64.94.110.11

Also - the list change every day - don't ever hard code any of this -
rather look at the attached PERL script to do it in real time.

Furthermore - many TLD's MX records also get sucked in.

Attached is a PERL module that we have been using for a while within our
BigRed Security Assessment Console that will expand any number of
domains to all their TLDs. For instance, after running the PERL script on
sensepost.com it returns sensepost.co.za, sensepost.com and
sensepost.co.uk. It weeds out all the other A and MX "suckers". It works
99% - every now and again one or two template domains slips in (especially
where dynamic DNS is used, or entries are changed rapidly).

The PERL script works as a stand-alone script - you don't need to purchase
the BigRed framework to use it. Tested on FreeBSD - it called nslookup
externally - so maybe just look at the call itself if you are not getting
joy. Also - please set the nameserver. The default one in there should
work fine but could be a bit slow.

Enjoy,
Roelof.

=====================
Roelof Temmingh
roelof@...sepost.com
+27 12 667 4737
GMT+2
=====================

-------------- next part --------------
A non-text attachment was scrubbed...
Name: exp-tld2-public.pl
Type: application/x-perl
Size: 9136 bytes
Desc: 
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030917/7b5c21b1/exp-tld2-public.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ