mirror of
https://github.com/carlospolop/hacktricks
synced 2025-02-17 06:28:27 +00:00
74 lines
4.3 KiB
Markdown
74 lines
4.3 KiB
Markdown
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy jou **maatskappy geadverteer wil sien in HackTricks** of **HackTricks in PDF wil aflaai**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou hacktruuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github-repos.
|
|
|
|
</details>
|
|
|
|
|
|
# Basiese Inligting
|
|
|
|
Die **WHOIS**-protokol dien as 'n standaardmetode om **navraag te doen oor die registrante of houers van verskillende internetbronne** deur spesifieke databasisse. Hierdie bronne sluit domeinname, blokke van IP-adresse en outonome stelsels in, onder andere. Buiten hierdie bronne vind die protokol toepassing in die toegang tot 'n breër spektrum van inligting.
|
|
|
|
**Verstekpoort:** 43
|
|
```
|
|
PORT STATE SERVICE
|
|
43/tcp open whois?
|
|
```
|
|
# Enumereer
|
|
|
|
Kry alle inligting wat 'n whois-diens oor 'n domein het:
|
|
```bash
|
|
whois -h <HOST> -p <PORT> "domain.tld"
|
|
echo "domain.ltd" | nc -vn <HOST> <PORT>
|
|
```
|
|
Let daarop dat wanneer jy vir inligting vra by 'n WHOIS-diens, die gebruikte databasis in die antwoord verskyn:
|
|
|
|
.png>)
|
|
|
|
Die WHOIS-diens moet altyd 'n **databasis** gebruik om die inligting te stoor en te onttrek. Daarom kan 'n moontlike **SQLInjection** teenwoordig wees wanneer jy die databasis ondervra deur inligting wat deur die gebruiker verskaf word. Byvoorbeeld deur die volgende te doen: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` kan jy in staat wees om **alle** die **inligting** wat in die databasis gestoor is, te **onttrek**.
|
|
|
|
# Shodan
|
|
|
|
* `port:43 whois`
|
|
|
|
# HackTricks Outomatiese Opdragte
|
|
```
|
|
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
|
|
Port_Number: 43 #Comma separated if there is more than one.
|
|
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
|
|
|
|
Entry_1:
|
|
Name: Notes
|
|
Description: Notes for WHOIS
|
|
Note: |
|
|
The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.
|
|
|
|
|
|
https://book.hacktricks.xyz/pentesting/pentesting-smtp
|
|
|
|
Entry_2:
|
|
Name: Banner Grab
|
|
Description: Grab WHOIS Banner
|
|
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
|
|
```
|
|
<details>
|
|
|
|
<summary><strong>Leer AWS-hacking van nul tot held met</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (HackTricks AWS Red Team Expert)</strong></a><strong>!</strong></summary>
|
|
|
|
Ander maniere om HackTricks te ondersteun:
|
|
|
|
* As jy wil sien dat jou **maatskappy geadverteer word in HackTricks** of **HackTricks aflaai in PDF-formaat**, kyk na die [**SUBSCRIPTION PLANS**](https://github.com/sponsors/carlospolop)!
|
|
* Kry die [**amptelike PEASS & HackTricks swag**](https://peass.creator-spring.com)
|
|
* Ontdek [**The PEASS Family**](https://opensea.io/collection/the-peass-family), ons versameling van eksklusiewe [**NFTs**](https://opensea.io/collection/the-peass-family)
|
|
* **Sluit aan by die** 💬 [**Discord-groep**](https://discord.gg/hRep4RUj7f) of die [**telegram-groep**](https://t.me/peass) of **volg** ons op **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
|
|
* **Deel jou hacking-truuks deur PR's in te dien by die** [**HackTricks**](https://github.com/carlospolop/hacktricks) en [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) GitHub-opslagplekke.
|
|
|
|
</details>
|