8 Linux Commands for Information Gathering
by d3hydr0 > http://darkcodecracker.blogspot.com/
date: 12/19/07
1) dig
dig (domain information groper) is a flexible tool for interrogating DNS name
servers. It performs DNS lookups and displays the answers that are returned from
the name server(s) that were queried. Most DNS administrators use dig to
troubleshoot DNS problems because of its flexibility, ease of use and clarity of
output. Other lookup tools tend to have less functionality than dig.
---------------------------------------------------------------------
d3hydr8@linuxbox:~> dig google.com
; <<>> DiG 9.4.1-P1 <<>> google.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8918
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 58 IN A 64.233.187.99
google.com. 58 IN A 64.233.167.99
google.com. 58 IN A 72.14.207.99
;; AUTHORITY SECTION:
google.com. 345549 IN NS ns1.google.com.
google.com. 345549 IN NS ns2.google.com.
google.com. 345549 IN NS ns3.google.com.
google.com. 345549 IN NS ns4.google.com.
;; ADDITIONAL SECTION:
ns1.google.com. 345549 IN A 216.239.32.10
ns2.google.com. 345549 IN A 216.239.34.10
ns3.google.com. 345549 IN A 216.239.36.10
ns4.google.com. 345549 IN A 216.239.38.10
;; Query time: 12 msec
;; SERVER: 24.158.63.8#53(24.158.63.8)
;; WHEN: Sun Jan 6 09:21:53 2008
;; MSG SIZE rcvd: 212
---------------------------------------------------------------------
2) nslookup
Nslookup is a program to query Internet domain name servers.
Examples of issueing a simple query:
nslookup name
nslookup IP_address
nslookup name server
nslookup IP_address server
---------------------------------------------------------------------
d3hydr8@linuxbox:~> nslookup 72.14.207.99
Server: 24.173.63.8
Address: 24.173.63.8#53
Non-authoritative answer:
99.207.14.72.in-addr.arpa name = eh-in-f99.google.com.
Authoritative answers can be found from:
207.14.72.in-addr.arpa nameserver = ns3.google.com.
207.14.72.in-addr.arpa nameserver = ns4.google.com.
207.14.72.in-addr.arpa nameserver = ns1.google.com.
207.14.72.in-addr.arpa nameserver = ns2.google.com.
ns3.google.com internet address = 216.239.36.10
ns4.google.com internet address = 216.239.38.10
ns1.google.com internet address = 216.239.32.10
ns2.google.com internet address = 216.239.34.10
---------------------------------------------------------------------
3) host
host is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When
no arguments or options are given, host prints a short summary of its command line arguments and options.
---------------------------------------------------------------------
d3hydr8@linuxbox:~> host google.com
google.com has address 64.233.167.99
google.com has address 72.14.207.99
google.com has address 64.233.187.99
google.com mail is handled by 10 smtp2.google.com.
google.com mail is handled by 10 smtp3.google.com.
google.com mail is handled by 10 smtp4.google.com.
google.com mail is handled by 10 smtp1.google.com.
---------------------------------------------------------------------
4) whois
whois searches for an object in a RFC 3912 database.
This version of the whois client tries to guess the right server to ask for the specified object. If no guess can be made it
will connect to whois.networksolutions.com for NIC handles or whois.arin.net for IPv4 addresses and network names.
---------------------------------------------------------------------
d3hydr8@linuxbox:~> whois syr.edu
Domain Name: SYR.EDU
Registrant:
Syracuse University
Room 200 Machinery Hall
Syracuse, NY 13244
UNITED STATES
Administrative Contact:
Susan Heeley
Senior Administrator
Syracuse University
IT Dept.
Center for Science and Technology
Syracuse, NY 13244
UNITED STATES
(315) 443-2716
sheeley@syr.edu
Technical Contact:
NISC
Syracuse University
Room 200 Machinery Hall
Syracuse, NY 13244
UNITED STATES
(315) 443-2677
nisc@syr.edu
Name Servers:
LURCH.CNS.SYR.EDU 128.230.12.5
ICARUS.SYR.EDU 128.230.1.49
SUEC1.SYR.EDU 209.164.131.32
NS3.BROADWING.NET
NS4.BROADWING.NET
Domain record activated: 02-Sep-1986
Domain record last updated: 11-Jul-2007
Domain expires: 31-Jul-2008
---------------------------------------------------------------------
5) nmap
* we all know this one
Nmap (“Network Mapperâ€) is an open source tool for network exploration and security auditing.
---------------------------------------------------------------------
linuxbox:/home/d3hydr8 # nmap -P0 -sS syr.edu
Starting Nmap 4.50 ( http://insecure.org ) at 2008-01-06 09:45 EST
Interesting ports on cwis01.syr.edu (128.230.18.35):
Not shown: 1656 closed ports, 49 filtered ports
PORT STATE SERVICE
80/tcp open http
4045/tcp open lockd
7937/tcp open nsrexecd
7938/tcp open lgtomapper
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
Nmap done: 1 IP address (1 host up) scanned in 215.657 seconds
---------------------------------------------------------------------
6) ping
ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway.
ECHO_REQUEST datagrams (``pings'') have an IP and ICMP header, followed by a struct timeval and then an arbitrary number of
``pad'' bytes used to fill out the packet.
---------------------------------------------------------------------
linuxbox:/home/d3hydr8 # ping -c 2 128.230.18.35
PING 128.230.18.35 (128.230.18.35) 56(84) bytes of data.
64 bytes from 128.230.18.35: icmp_seq=1 ttl=240 time=70.6 ms
64 bytes from 128.230.18.35: icmp_seq=2 ttl=240 time=69.6 ms
--- 128.230.18.35 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1000ms
rtt min/avg/max/mdev = 69.685/70.155/70.625/0.470 ms
---------------------------------------------------------------------
7) traceroute (mtr)
As mtr starts, it investigates the network connection between the host mtr runs on and HOSTNAME. by sending packets with purâ€
posly low TTLs. It continues to send packets with low TTL, noting the response time of the intervening routers. This allows mtr
to print the response percentage and response times of the internet route to HOSTNAME. A sudden increase in packetloss or
response time is often an indication of a bad (or simply overloaded) link.
---------------------------------------------------------------------
linuxbox:/home/d3hydr8 # traceroute 128.230.18.35
traceroute to 128.230.18.35 (128.230.18.35), 30 hops max, 40 byte packets
1 192.168.1.1 (192.168.1.1) 1.934 ms 1.855 ms 2.097 ms
2 10.114.0.1 (10.114.0.1) 10.197 ms 12.492 ms 15.662 ms
3 172.22.5.13 (172.22.5.13) 16.707 ms 16.737 ms 8.981 ms
4 172.22.5.69 (172.22.5.69) 8.570 ms 12.523 ms 12.354 ms
5 172.22.32.114 (172.22.32.114) 14.607 ms 21.783 ms 11.076 ms
6 172.22.32.106 (172.22.32.106) 14.286 ms 14.387 ms 14.173 ms
7 12.86.87.29 (12.86.87.29) 18.481 ms 21.724 ms 14.085 ms
8 tbr2.attga.ip.att.net (12.122.96.74) 36.853 ms 40.701 ms 41.588 ms
9 tbr1.dlstx.ip.att.net (12.122.2.89) 46.345 ms 44.641 ms 47.791 ms
10 ggr3.dlstx.ip.att.net (12.123.16.193) 45.555 ms 44.932 ms 44.856 ms
11 br2-a3120s2.attga.ip.att.net (192.205.33.206) 46.336 ms 45.324 ms 35.904 ms
12 66.192.240.226 (66.192.240.226) 64.172 ms 63.947 ms 109.761 ms
13 64-132-176-170.static.twtelecom.net (64.132.176.170) 74.404 ms 77.708 ms 78.053 ms
14 128.230.61.1 (128.230.61.1) 78.784 ms 76.568 ms 78.336 ms
15 c6509r-srv.syr.edu (128.230.61.58) 77.995 ms 78.127 ms 78.214 ms
16 cwis01.syr.edu (128.230.18.35) 78.310 ms 70.660 ms 74.593 ms
---------------------------------------------------------------------
8) telnet
The telnet command is used to communicate with another host using the TELNET protocol. If telnet is invoked without the host
argument, it enters command mode, indicated by its prompt (telnet>). In this mode, it accepts and executes the commands listed
below. If it is invoked with arguments, it performs an open command with those arguments.
---------------------------------------------------------------------
d3hydr8@linuxbox:~> telnet os.edu 21
Trying 209.34.161.32...
Connected to os.edu.
Escape character is '^]'.
220 FTP server...
---------------------------------------------------------------------
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment