tag:blogger.com,1999:blog-13756280.post7484678487237022950..comments2024-02-08T03:44:23.780-08:00Comments on Jeremiah Grossman: How to find your websites (Road to Website Security part 1)Jeremiah Grossmanhttp://www.blogger.com/profile/05017778127841311186noreply@blogger.comBlogger15125tag:blogger.com,1999:blog-13756280.post-34036933278051183872016-10-31T20:23:05.010-07:002016-10-31T20:23:05.010-07:00This is a great post on getting started. Fortunate...This is a great post on getting started. Fortunately I was in IT for a few years so I have had some experience with WordPress and website design. My husband recently joined the military and we have our first baby on the way. The goal is to be able to be a stay at home mom, but if I could supplement with something like a blog that would be great! One major thing I am struggling with determining is the theme of my blog. I have so many interests that don’t really fit together. I am a personal trainer so fitness and nutrition are a big part of my life and I love passing tips and healthy recipes along, but I am also a DIYer, so I feel I could provide instruction on certain projects, etc. is it appropriate to have a blog of many topics?<br />Regards<br /><a href="http://www.crazyask.com" rel="nofollow">Crazyask</a> <a href="http://www.deepwebsiteslinks.com" rel="nofollow">Deep web Links</a> <a href="http://www.thedarkweblinks.com" rel="nofollow">the DarkWeb</a><br />Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-41869905715810546652007-06-20T11:09:00.000-07:002007-06-20T11:09:00.000-07:00Another useful way of finding what virtual hosts a...Another useful way of finding what virtual hosts are on a given machine, is to use MSN search's 'ip:' prefix. This would sure be a handy one to add to google, but till then it's "live.com"Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-68238591745644404122007-06-10T18:41:00.000-07:002007-06-10T18:41:00.000-07:00You could always try fierce: http://ha.ckers.org/f...You could always try fierce: http://ha.ckers.org/fierce/<BR/><BR/>It does a lot of this discovery for you, without a lot of thinking.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-35691062877370006952007-06-09T07:19:00.000-07:002007-06-09T07:19:00.000-07:00Also very useful in the search for virtual hosts a...Also very useful in the search for virtual hosts are passive dns replication databases. I use them when analyzing botnet behavior and I need to find the domain name being used to herd the machines (shutting down a specific IP does no good if you don't know what domain name is being used as well)<BR/><BR/>Here's a list of URLs in my bookmarks for doing this (some overlap with what's already been mentioned):<BR/><BR/><A HREF="http://www.myipneighbors.com/" REL="nofollow">http://www.myipneighbors.com/</A><BR/><A HREF="http://cert.uni-stuttgart.de/stats/dns-replication.php" REL="nofollow">http://cert.uni-stuttgart.de/stats/dns-replication.php</A><BR/><A HREF="http://www.enyo.de/fw/software/dnslogger/alternatives.html" REL="nofollow">http://www.enyo.de/fw/software/dnslogger/alternatives.html</A><BR/><A HREF="http://www.dnsdigger.com/" REL="nofollow">http://www.dnsdigger.com/</A><BR/><A HREF="http://www.iptoolbox.fr/" REL="nofollow">http://www.iptoolbox.fr/</A><BR/><A HREF="http://www.domaintools.com/reverse-ip/" REL="nofollow">http://www.domaintools.com/reverse-ip/</A> (full results cost money at domaintools.com)<BR/><A HREF="http://search.msn.com/results.aspx?q=ip:aa.bb.cc.dd" REL="nofollow">http://search.msn.com/results.aspx?q=ip:aa.bb.cc.dd</A><BR/><A HREF="http://whois.webhosting.info/" REL="nofollow">http://whois.webhosting.info/</A><BR/><BR/>They all have varying advantages and coverage, so it's useful to compare as many as possible.<BR/><BR/>Hmm, I wonder if it would be possible to add these to fierce so that it could integrate these results into its scanning...<BR/><BR/>Also, it should be noted that many of these tools do a poor job with many tlds (.edu being a good example) since they apparently rely on doing lookups based on the public zone files for some of the tlds.Jordanhttps://www.blogger.com/profile/08341608982649448622noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-8574965548934888632007-06-06T12:07:00.000-07:002007-06-06T12:07:00.000-07:00digg posted this interesting site yesterday:http:/...digg posted this interesting site yesterday:<BR/><BR/>http://www.myipneighbors.comAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-52592581634555121772007-06-06T07:06:00.000-07:002007-06-06T07:06:00.000-07:00Thanks for the feedback everyone. Going to wait a ...Thanks for the feedback everyone. Going to wait a week or so, then I'll post an update.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-23797070824454249782007-06-06T01:45:00.000-07:002007-06-06T01:45:00.000-07:00heh.. no rest for the wicked :>(till then, people ...heh.. no rest for the wicked :><BR/>(till then, people can catch more on the vhosting at http://www.sensepost.com/blog/)<BR/>/mhAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-42894124532184282942007-06-05T20:58:00.000-07:002007-06-05T20:58:00.000-07:00Apologies if I missed it, but another good trick (...Apologies if I missed it, but another good trick (if they won't give you the dns zone information) is to do a reverse lookup on every ip that you have for your target organization.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-68873623210579075202007-06-05T08:00:00.000-07:002007-06-05T08:00:00.000-07:00Thanks ntp.Considering the feedback I've received,...Thanks ntp.<BR/><BR/>Considering the feedback I've received, including from Sensepost, Im going to have to spend sometime rewriting it once its all in. Attempting to keep it short and simple if possible.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-3766520103918120962007-06-05T07:07:00.000-07:002007-06-05T07:07:00.000-07:00well, there's whois-servers.net which supplies dom...well, there's whois-servers.net which supplies domain information for GTLD's:<BR/># whois -h net.whois-servers.net uu.net<BR/># whois -h edu.whois-servers.net berkeley.edu<BR/>using this, you can query for that domain's registrar and forward dns servers.<BR/><BR/>then there's ARIN/RIPE/APNIC/LACNIC/AFNIC which supply IP/ASN information. or possibly RWhois, RADB (whois.radb.net), or the BGP table itself (routeviews.org):<BR/># telnet rwhois.savvis.net 4321<BR/>Trying 64.41.251.179...<BR/>Connected to rwhois.savvis.net (64.41.251.179).<BR/>Escape character is '^]'.<BR/>%rwhois V-1.5:001ab7:00 rwhois.exodus.net (Exodus Communications)<BR/>-holdconnect on<BR/>%ok<BR/>64.41.128.0/17<BR/>network:Class-Name:network<BR/>network:Auth-Area:0.0.0.0/0<BR/>network:Network-Name:64.41.128.0<BR/>network:IP-Network:64.41.128.0/17<BR/>network:Organization;I:Exodus IDC - SV/SC4<BR/>network:Name;I:Exodus IP Address Administrator<BR/>network:Email;I:ipaddressadmin@exodus.net<BR/>network:Street;I:2401 Walsh Avenue<BR/>network:City;I:Santa Clara<BR/>network:State;I:CA<BR/>network:Postal-Code;I:95051<BR/>network:Country-Code;I:USA<BR/><BR/>%ok<BR/>-quit<BR/>%ok<BR/>Connection closed by foreign host.<BR/>some of which can supply very detailed information as you can see. ARIN and most RIR's will provide reverse DNS server information, which is incredibly useful for mapping out networks.<BR/><BR/>then there's more interesting information to be had with fierce, googlegath, etc - although the way the Google API works now you might be better off using something like Aura:<BR/>http://www.sensepost.com/research/aura/<BR/><BR/>in regards to nmap and similar scanning tools - make sure not to forget IP protocol scanning - there are plenty of IPv6 and multicast networks that may be visible as well (and who knows what else?).<BR/><BR/>at the web search layer: make sure not to forget MSN search, Yahoo, etc (see: searchlores.org), the deep [deep] [deep] web, archive.org, and tons of other meta search engines (start here: http://en.wikipedia.org/wiki/Category:Internet_search_engines).<BR/><BR/>and, as jeremiah and rsnake have pointed out in the past... alexa and google (and probably others) provide nice point tools such as Google Trends:<BR/>http://jeremiahgrossman.blogspot.com/2006/08/who-is-interested-in-xss.htmlAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-13756280.post-27184162840518141802007-06-04T20:55:00.000-07:002007-06-04T20:55:00.000-07:00Security Retentive: Actually, you make an excellen...Security Retentive: Actually, you make an excellent point. Provided you have access to the web server(s) in question or can ask the person who does, absolutely this ads value. I'll update the post.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-7648604966287531982007-06-04T20:50:00.000-07:002007-06-04T20:50:00.000-07:00So, I'm guessing there isn't a lot of value in fin...So, I'm guessing there isn't a lot of value in finding one site and then asking for the IIS and/or Apache configs for it so you can find all of the virtual servers that might be hosted there?Andy Steingrueblhttps://www.blogger.com/profile/07177656204885181542noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-48761920866702219932007-06-04T15:53:00.000-07:002007-06-04T15:53:00.000-07:00Ronald, nice trick!jw, I prefer Paros, but I hear ...Ronald, nice trick!<BR/><BR/>jw, I prefer Paros, but I hear Burp is good as well. Basically you just need one that lists request lines that could be viewed quickly.Jeremiah Grossmanhttps://www.blogger.com/profile/05017778127841311186noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-9649386883675693312007-06-04T15:36:00.000-07:002007-06-04T15:36:00.000-07:00Great Post and really informative. What Logging H...Great Post and really informative. What Logging HTTP Proxy do you use and recommend?jwhttps://www.blogger.com/profile/11270152865618051268noreply@blogger.comtag:blogger.com,1999:blog-13756280.post-55285348948443312612007-06-04T14:17:00.000-07:002007-06-04T14:17:00.000-07:00Cool post,Another simple way to whois is via a bat...Cool post,<BR/><BR/>Another simple way to whois is via a batch file:<BR/><BR/>@echo on<BR/>start http://www.whois.net/whois_new.cgi?d=%1<BR/><BR/>save it as whois.cmd in /system32/<BR/>call it in CMD: whois google.com<BR/><BR/>Cheers,<BR/><BR/>Ronald van den Heetkamp.Anonymousnoreply@blogger.com