Information Gathering Series; Part B: Basic Enumeration →Whois

Cover Image: Sukhoi Design Bureau, 054, Sukhoi Su-57 : The Russian Sukhoi su-57. Commonly known for advanced stealth and stronger intelligence gathering before destroying either air or land targets . source: Wikimedia commons/ Tallinn, Estonia

Disclaimer: This article is for educational purposes and seeks to promote ethical hacking and superior cybersecurity practices in organizations and private entities. It does not advocate for any malicious intent. Furthermore, all materials used in this tutorial are solely personal and intentionally set vulnerable. I, therefore, absolve myself from any future unauthorized scripting from parties reading this article that may compromise the integrity of respective wireless networks

In this episode, I will continue covering information gathering using various tools with the preceding article talking about Passive & Active reconnaissance using Recon-ng. In this article, I will be writing on enumeration which is basically gathering information like who is the server admin? which users are in the system, what is the server’s security status etc.

The article is quite short and straightfoward. cheers !

Practically, there are so many ways of carrying out enumeration. However, the most novices ones are involve using techniques/tools below

1. Whois → This inbuilt tool in Linux allows us to gather registrar, name servers, owner, information of a particular domain [ whois -d [domain name]
2. DNS → Expounds more on the whois enumeration by adding IP addresses etc. You can imagine this, when you type lets Amazon’s customer care number on google, its automatically appended on the screen. So DNS works similar where it converts the domain name onto its equivalent IP addresses.
3. Netcraft →

Requirements

• Kali Linux Separate OS /VMware Kali Linux
• Recon-ng
• Target subdomain of a website eg. google.com or facebook.com

Procedure → Whois Enumeration

1. Install whois on your system by just sudo apt install whois.

Simple and dusted

2. We can pick the domain we want to investigate. Lets say I want to hack Google, just kidding, I will just use whois google

3. From this information, I can note the server names, expiration of their registration. From here, attackers can take advantage of maybe the hosting company’s weaknesses if they are known. An attacker can also note the email to attempt sending an embedded malicious payload in email links etcetera.

Conclusion

whois provides very shallow information . In the next series , I will cover more advanced DNS enumeration that gives us more information about a domain i.e TCP filters etc