hacktricks/pentesting/43-pentesting-whois.md

54 lines
2 KiB
Markdown
Raw Normal View History

# 43 - Pentesting WHOIS
## Basic Information
**WHOIS** \(pronounced as the phrase "who is"\) is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information. \(From [here](https://en.wikipedia.org/wiki/WHOIS)\)
**Default port:** 43
```text
PORT STATE SERVICE
43/tcp open whois?
```
## Enumerate
Get all the information that a whois service has about a domain:
```bash
whois -h <HOST> -p <PORT> "domain.tld"
echo "domain.ltd" | nc -vn <HOST> <PORT>
```
Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:
![](../.gitbook/assets/image%20%28269%29.png)
Also, the WHOIS service always needs to use a **database** to store and extract the information. So, a possible **SQLInjection** could be present when **querying** the database from some information provided by the user. For example doing: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` you could be able to **extract all** the **information** saved in the database.
2020-09-24 19:59:49 +00:00
## Shodan
* `port:43 whois`
2021-08-12 12:49:03 +00:00
## HackTricks Automatic Commands
```text
2021-08-12 12:49:03 +00:00
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
Port_Number: 43 #Comma separated if there is more than one.
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
2021-08-15 17:57:28 +00:00
Entry_1:
Name: Notes
Description: Notes for WHOIS
Note: |
WHOIS (pronounced as the phrase "who is") is a query and response protocol that is widely used for querying databases that store the registered users or assignees of an Internet resource, such as a domain name, an IP address block or an autonomous system, but is also used for a wider range of other information.
https://book.hacktricks.xyz/pentesting/pentesting-smtp
Entry_2:
Name: Banner Grab
Description: Grab WHOIS Banner
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
2021-08-12 12:49:03 +00:00
```