hacktricks/network-services-pentesting/43-pentesting-whois.md

# 43 - Pentesting WHOIS

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

**Try Hard Security Group**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

***

## Basic Information

The **WHOIS** protocol serves as a standard method for **inquiring about the registrants or holders of various Internet resources** through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.

**Default port:** 43

```
PORT   STATE  SERVICE
43/tcp open   whois?
```

## Enumerate

Get all the information that a whois service has about a domain:

```bash
whois -h <HOST> -p <PORT> "domain.tld"
echo "domain.ltd" | nc -vn <HOST> <PORT>
```

Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:

![](<../.gitbook/assets/image (301).png>)

Also, the WHOIS service always needs to use a **database** to store and extract the information. So, a possible **SQLInjection** could be present when **querying** the database from some information provided by the user. For example doing: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` you could be able to **extract all** the **information** saved in the database.

## Shodan

* `port:43 whois`

**Try Hard Security Group**

<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>

{% embed url="https://discord.gg/tryhardsecurity" %}

## HackTricks Automatic Commands

```
Protocol_Name: WHOIS    #Protocol Abbreviation if there is one.
Port_Number:  43     #Comma separated if there is more than one.
Protocol_Description: WHOIS         #Protocol Abbreviation Spelled out

Entry_1:
  Name: Notes
  Description: Notes for WHOIS
  Note: |
    The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information. 


    https://book.hacktricks.xyz/pentesting/pentesting-smtp

Entry_2:
  Name: Banner Grab
  Description: Grab WHOIS Banner
  Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
```

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`# 43 - Pentesting WHOIS`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
c 2024-07-19 09:08:05 +00:00			`{% endhint %}`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
a 2024-03-14 23:01:13 +00:00			`Try Hard Security Group`

GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
a 2024-03-14 23:01:13 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

			`***`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`## Basic Information`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Default port: 43`

GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00			`PORT STATE SERVICE`
			`43/tcp open whois?`
			```

GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`## Enumerate`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			`Get all the information that a whois service has about a domain:`

			```bash
			`whois -h <HOST> -p <PORT> "domain.tld"`
			`echo "domain.ltd" \| nc -vn <HOST> <PORT>`
			```

			`Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:`

GitBook: No commit message 2024-05-05 17:56:05 +00:00			`![](<../.gitbook/assets/image (301).png>)`
GitBook: [master] 351 pages and 442 assets modified 2020-07-15 15:43:14 +00:00
			Also, the WHOIS service always needs to use a database to store and extract the information. So, a possible SQLInjection could be present when querying the database from some information provided by the user. For example doing: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` you could be able to extract all the information saved in the database.

GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`## Shodan`
GitBook: [master] one page modified 2020-09-24 19:59:49 +00:00
			* `port:43 whois`

a 2024-03-14 23:01:13 +00:00			`Try Hard Security Group`

GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>`
a 2024-03-14 23:01:13 +00:00
			`{% embed url="https://discord.gg/tryhardsecurity" %}`

GITBOOK-4301: No subject 2024-04-06 16:25:58 +00:00			`## HackTricks Automatic Commands`
HAC 43 2021-08-12 12:49:03 +00:00
GitBook: [#2777] gitbookissooooo slow I cannot write 2021-10-18 11:21:18 +00:00			```
HAC 43 2021-08-12 12:49:03 +00:00			`Protocol_Name: WHOIS #Protocol Abbreviation if there is one.`
			`Port_Number: 43 #Comma separated if there is more than one.`
			`Protocol_Description: WHOIS #Protocol Abbreviation Spelled out`

43 Yaml 2021-08-15 17:57:28 +00:00			`Entry_1:`
			`Name: Notes`
			`Description: Notes for WHOIS`
			`Note: \|`
a 2024-02-08 03:08:28 +00:00			`The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.`

43 Yaml 2021-08-15 17:57:28 +00:00
			`https://book.hacktricks.xyz/pentesting/pentesting-smtp`

			`Entry_2:`
			`Name: Banner Grab`
			`Description: Grab WHOIS Banner`
			`Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} \| nc -vn {IP} 43`
HAC 43 2021-08-12 12:49:03 +00:00			```
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`{% hint style="success" %}`
			`Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[HackTricks Training AWS Red Team Expert (ARTE)](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\`
			`Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[HackTricks Training GCP Red Team Expert (GRTE)<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`<details>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`<summary>Support HackTricks</summary>`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
c 2024-07-19 09:08:05 +00:00			`* Check the [subscription plans](https://github.com/sponsors/carlospolop)!`
			`* Join the 💬 [Discord group](https://discord.gg/hRep4RUj7f) or the [telegram group](https://t.me/peass) or follow us on Twitter 🐦 [@hacktricks\_live](https://twitter.com/hacktricks\_live).`
			`* Share hacking tricks by submitting PRs to the [HackTricks](https://github.com/carlospolop/hacktricks) and [HackTricks Cloud](https://github.com/carlospolop/hacktricks-cloud) github repos.`
Ad hacktricks sponsoring 2022-04-28 16:01:33 +00:00
			`</details>`
c 2024-07-19 09:08:05 +00:00			`{% endhint %}`