Batch site DNS zone transfer vulnerability detection-bash shell implemented-vulnerability warning-the black bar safety net

2014-05-26T00:00:00
ID MYHACK58:62201447819
Type myhack58
Reporter 佚名
Modified 2014-05-26T00:00:00

Description

0x00 background


The following illustration of eecs. cc author self-built a machine with a private root DNS server, and open the zone transfer permissions, so the results: the cc zone transfer success. The figure is just an experimental verification, the following article started!

! 2 0 1 4 0 5 1 9 2 2 5 6 2 2 8 4 7 4 8. png

0x01 looking for a domain name


From the on the Internet searching for the global Top1000Web site list.

Search, find http://www.domainvader.com/website/top-sites.php the site has the required information.

The process is as follows:

·Here Total 1 0 0 0 A statistics page, each page 1 0 0 0 site information, so in turn grab this 1 0 0 0 A html document; ·Use grep combined with regular expressions from this 1 0 0 0 a document being filtered out we need the domain name a total 1 0 0 0 0 0 0.

The code is as follows:

Which, grab. sh the parameters of the threads meant for and GET the number of processes, depending on both the communication link status, default is 1, If the link is good, it may be appropriate to improve, but not too high to prevent the GET request timed out.

grab.sh to:

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

|

!/ bin/bash

declarex

declarethreads=1

process concurrency

declaremod

forxinseq1 1 0 0 0

do

echo"http://www.domainvader.com/website/top-${x}000-sites.php"

timeGET"http://www.domainvader.com/website/top-${x}000-sites.php"> $x.html &

mod=$(( x%threads ))

if["$mod"-eq"0"]

then

wait

fi

done

---|---

[1] [2] [3] [4] next