Mirrors/hacktricks
2
0
Fork 0
mirror of https://github.com/carlospolop/hacktricks synced 2024-11-15 01:17:36 +00:00
Code Issues Projects Releases Packages Wiki Activity
hacktricks/network-services-pentesting/700-pentesting-epp.md

3.3 KiB
Raw Blame History

700 - Pentesting EPP

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks:

Basic Information

The Extensible Provisioning Protocol (EPP) is a network protocol used for the management of domain names and other internet resources by domain name registries and registrars. It enables the automation of domain name registration, renewal, transfer, and deletion processes, ensuring a standardized and secure communication framework between different entities in the domain name system (DNS). EPP is designed to be flexible and extensible, allowing for the addition of new features and commands as the needs of the internet infrastructure evolve.

Basically, it's one of the protocols a TLD registrar is going to be offering to domain registrars to register new domains in the TLD.

Pentest

In this very interesting article you can see how some security researches found several implementation of this protocol were vulnerable to XXE (XML External Entity) as this protocol uses XML to communicate, which would have allowed attackers to takeover tens of different TLDs.

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!

Other ways to support HackTricks: