Re: finding dyndns names for existing IP

From: Jimi Thompson (jimit_at_myrealbox.com)
Date: 11/28/03

  • Next message: CORE Security Technologies: "[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg" 
    Date: Thu, 27 Nov 2003 23:40:14 -0600
To: Thomas Kerbl <t.kerbl@weigl.de>

    This should be a simple one. Set your DNS server to the DNS server that
    they are using and run dig or nslookup to do a reverse look up (IP to
    name). Once you get the name then you can do a forward lookup to get
    the IP. The downside that you are going to have to find out what DNS
    service they are using to provide name resolution.

    Do they host their own web site?

    Do they host anything on their own network (email, etc) that requires
    them to regiser a domain name/

    If so, you can consult the "WHOIS" database to find out who their name
    service is.

    Short of that, I'd try social engineering the name of the name service.

    Jimi

    Thomas Kerbl wrote:

    > Hello,
    >
    > I'm searching for a way to find DynDns names to existing IPs. We are
    > working on a pen-test for a customer, who has a dynamic IP that
    > changes every day, and it is hard for us to keep track of their
    > Gateway. We simulate an attacker without intern knowledge, so we
    > cannot simple ask for a dyndns name. Social Engineering would be easy,
    > but I'm locking for a technical way to do it. We already tried obvious
    > names like companyname.dyndns.org and similar DNS names.
    >
    > To try to summarize the problem:
    >
    > 1) We assume the company uses the DynDns service (or a similar service).
    > 2) We got the actual valid IP through social engineering.
    > 3) We want to find the dyndns name of this IP to keep track.
    >
    > Is there a Database hostet by dyndns (or similar service) we can
    > consult? Or is there a way to do a reverse lookup on the IP?
    >
    > thanks a lot for any pointers,
    > Thomas Kerbl
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

  • Next message: CORE Security Technologies: "[ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg"

    Relevant Pages

    • Re: Find AD hostname from Linux command line
      ... Windows machines cannot register themselves UNLESS they know ... it must happen with your DNS servers for the ZONE of the ... That the DC happens to be the DNS server is merely an accident ... that the reverse mapping "lancelot.ad.mydomain.com" to 192.168.10.11 is ...
      (microsoft.public.win2000.dns)
    • Re: A Reverse Lookup Zone is necessary?
      ... Unfortunately I do not know what I should add as a Reverse ... The Server is Windows 2000 not Windows 2003. ... that is the Gateway and my DNS Server is 192.168.2.34. ... >> to make a new Reverse Lookup zone for my situation so I didn't touch ...
      (microsoft.public.win2000.dns)
    • Re: reverse DNS lookup problem
      ... > this address from an internet client, it only works when the client ... > is explicitly pointing to this server as the primary DNS server. ... > server as the primary DNS server, the message returned by nslookup is ... Unless your ISP, who actually owns the IP address, has delegated the reverse ...
      (microsoft.public.win2000.dns)
    • query regarding reverse IP
      ... I am new to DNS concepts.. ... i have a query regarding reverse IP and apprecite if someone could help me... ... i have a DNS server running on xx.xx.xx.1 IP and this DNS server has one domain example.com. ... now i want to know if the reverse lookup can be done locally in my DNS or the ISP. ...
      (RedHat)
    • Re: No Reverse Lookup
      ... The forward lookup zones ... >>work as expected (I create a new host and it eventually propagates over ... The reverse lookup, however, do not work externally. ... I like the flexibility of having my DNS server under my control. ...
      (microsoft.public.windows.server.dns)