A lot of times while doing penetration tests on a target company, there may be servers located in non contiguous IP addresses. This is extremely painful simply because using a IP scanner will not reveal these computers, as the IP addresses may be far apart. Also, as most DNS servers are configured to reject DNS Zone Transfers requests, it is not possible to get this info from them.
Fierce was created by Rsnake to address this very problem. Fierce tries multiple techniques to find all the IP addresses and hostnames used by a target. These include – trying to dump the SOA records, do a zone transfer, searching for commonly used domain names with a dictionary attack, adjacency scan and a couple of others. A very detailed blog post on all the techniques used is available here.
The below video shows a quick demo of the Fierce tool against 2 targets on the Internet. In one case, the DNS server is mis-configured and we are able to dump the SOA records
and do a zone transfer. In the latter one, the domain guessing using a dictionary reveals a lot of interesting information.
This tool is a must have in the kitty of a penetration tester. You can download it from Ha.ckers.org
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.