hacktricks/network-services-pentesting/43-pentesting-whois.md

91 lines
4.8 KiB
Markdown

# 43 - Pentesting WHOIS
{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>Support HackTricks</summary>
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
</details>
{% endhint %}
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
***
## 기본 정보
**WHOIS** 프로토콜은 특정 데이터베이스를 통해 **다양한 인터넷 자원의 등록자 또는 소유자에 대한 문의를 위한 표준 방법**으로 사용됩니다. 이러한 자원에는 도메인 이름, IP 주소 블록 및 자율 시스템 등이 포함됩니다. 이 외에도, 이 프로토콜은 더 넓은 범위의 정보에 접근하는 데 사용됩니다.
**기본 포트:** 43
```
PORT STATE SERVICE
43/tcp open whois?
```
## Enumerate
도메인에 대한 whois 서비스가 가진 모든 정보를 가져옵니다:
```bash
whois -h <HOST> -p <PORT> "domain.tld"
echo "domain.ltd" | nc -vn <HOST> <PORT>
```
Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:
![](<../.gitbook/assets/image (301).png>)
또한, WHOIS 서비스는 항상 정보를 저장하고 추출하기 위해 **데이터베이스**를 사용해야 합니다. 따라서 사용자가 제공한 정보로 **데이터베이스**를 **쿼리**할 때 **SQLInjection**이 발생할 수 있습니다. 예를 들어 `whois -h 10.10.10.155 -p 43 "a') or 1=1#"`를 실행하면 **데이터베이스**에 저장된 **모든** **정보**를 **추출**할 수 있습니다.
## Shodan
* `port:43 whois`
**Try Hard Security Group**
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
{% embed url="https://discord.gg/tryhardsecurity" %}
## HackTricks Automatic Commands
```
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
Port_Number: 43 #Comma separated if there is more than one.
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for WHOIS
Note: |
The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.
https://book.hacktricks.xyz/pentesting/pentesting-smtp
Entry_2:
Name: Banner Grab
Description: Grab WHOIS Banner
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
```
{% hint style="success" %}
AWS 해킹 배우기 및 연습하기:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
GCP 해킹 배우기 및 연습하기: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
<details>
<summary>HackTricks 지원하기</summary>
* [**구독 계획**](https://github.com/sponsors/carlospolop) 확인하기!
* **💬 [**Discord 그룹**](https://discord.gg/hRep4RUj7f) 또는 [**텔레그램 그룹**](https://t.me/peass)에 참여하거나 **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**를 팔로우하세요.**
* **해킹 트릭을 공유하려면 [**HackTricks**](https://github.com/carlospolop/hacktricks) 및 [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) 깃허브 리포지토리에 PR을 제출하세요.**
</details>
{% endhint %}