mirror of
https://github.com/carlospolop/hacktricks
synced 2024-12-02 09:29:59 +00:00
87 lines
4.5 KiB
Markdown
87 lines
4.5 KiB
Markdown
# 43 - Pentesting WHOIS
|
|
|
|
<details>
|
|
|
|
<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA USAJILI**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu zako za udukuzi kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|
|
|
|
**Kikundi cha Usalama cha Try Hard**
|
|
|
|
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
|
|
|
|
{% embed url="https://discord.gg/tryhardsecurity" %}
|
|
|
|
***
|
|
|
|
## Taarifa Msingi
|
|
|
|
Itifaki ya **WHOIS** hutumika kama njia ya kawaida ya **kuuliza kuhusu wamiliki au wamiliki wa rasilimali mbalimbali za mtandao** kupitia ma
|
|
```
|
|
PORT STATE SERVICE
|
|
43/tcp open whois?
|
|
```
|
|
## Kuchunguza
|
|
|
|
Pata habari zote ambazo huduma ya whois ina kuhusu kikoa:
|
|
```bash
|
|
whois -h <HOST> -p <PORT> "domain.tld"
|
|
echo "domain.ltd" | nc -vn <HOST> <PORT>
|
|
```
|
|
Kumbuka kwamba mara nyingine unapouliza habari fulani kwa huduma ya WHOIS, **database** inayotumiwa inaonekana kwenye jibu:
|
|
|
|
![](<../.gitbook/assets/image (301).png>)
|
|
|
|
Pia, huduma ya WHOIS daima inahitaji kutumia **database** kuhifadhi na kutoa habari. Kwa hivyo, **SQLInjection** inaweza kuwepo wakati wa **kuuliza** database kutoka kwa habari iliyotolewa na mtumiaji. Kwa mfano kufanya: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` unaweza kuweza **kutoa** habari yote iliyohifadhiwa kwenye database.
|
|
|
|
## Shodan
|
|
|
|
* `port:43 whois`
|
|
|
|
**Kikundi cha Usalama cha Try Hard**
|
|
|
|
<figure><img src="../.gitbook/assets/telegram-cloud-document-1-5159108904864449420.jpg" alt=""><figcaption></figcaption></figure>
|
|
|
|
{% embed url="https://discord.gg/tryhardsecurity" %}
|
|
|
|
## Amri za Kiotomatiki za HackTricks
|
|
```
|
|
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
|
|
Port_Number: 43 #Comma separated if there is more than one.
|
|
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
|
|
|
|
Entry_1:
|
|
Name: Notes
|
|
Description: Notes for WHOIS
|
|
Note: |
|
|
The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.
|
|
|
|
|
|
https://book.hacktricks.xyz/pentesting/pentesting-smtp
|
|
|
|
Entry_2:
|
|
Name: Banner Grab
|
|
Description: Grab WHOIS Banner
|
|
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
|
|
```
|
|
<details>
|
|
|
|
<summary><strong>Jifunze AWS hacking kutoka sifuri hadi shujaa na</strong> <a href="https://training.hacktricks.xyz/courses/arte"><strong>htARTE (Mtaalam wa Timu Nyekundu ya AWS ya HackTricks)</strong></a><strong>!</strong></summary>
|
|
|
|
Njia nyingine za kusaidia HackTricks:
|
|
|
|
* Ikiwa unataka kuona **kampuni yako ikitangazwa kwenye HackTricks** au **kupakua HackTricks kwa PDF** Angalia [**MIPANGO YA KUJIUNGA**](https://github.com/sponsors/carlospolop)!
|
|
* Pata [**bidhaa rasmi za PEASS & HackTricks**](https://peass.creator-spring.com)
|
|
* Gundua [**Familia ya PEASS**](https://opensea.io/collection/the-peass-family), mkusanyiko wetu wa [**NFTs**](https://opensea.io/collection/the-peass-family) ya kipekee
|
|
* **Jiunge na** 💬 [**Kikundi cha Discord**](https://discord.gg/hRep4RUj7f) au kikundi cha [**telegram**](https://t.me/peass) au **tufuate** kwenye **Twitter** 🐦 [**@carlospolopm**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Shiriki mbinu zako za kuhack kwa kuwasilisha PRs kwa** [**HackTricks**](https://github.com/carlospolop/hacktricks) na [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) repos za github.
|
|
|
|
</details>
|