OWASP's domains ending with .org and .com are vulnerable to DNS Zone Transfer... Is it because, they preach only web security? That they never bothered to touch the network side of things ?
Besides being a security - preacher type website, they must have done a basic pen-test routine of their website before hosting... Network FAIL :D
NSLookup - From command line
bt ~ # nslookup
> set type=any
> owasp.org
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.org mail exchanger = 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org mail exchanger = 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org mail exchanger = 10 ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org mail exchanger = 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org nameserver = ns2.secure.net.
owasp.org nameserver = ns1.secure.net.
Authoritative answers can be found from:
> owasp.com
Server: 192.168.19.2
Address: 192.168.19.2#53
Non-authoritative answer:
owasp.com nameserver = ns1.ispc.org.
owasp.com nameserver = ns1.mv.net.
owasp.com nameserver = ns2.ispc.org.
owasp.com nameserver = ns3.ispc.org.
>exit
DIG - From command line
bt ~ # dig owasp.org axfr @ns1.secure.net
; <<>> DiG 9.3.2-P1 <<>> owasp.org axfr @ns1.secure.net
; (1 server found)
;; global options: printcmd
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
owasp.org. 86400 IN A 216.48.3.18
owasp.org. 86400 IN NS ns1.secure.net.
owasp.org. 86400 IN NS ns2.secure.net.
owasp.org. 86400 IN MX 20 ALT1.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 20 ALT2.ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN MX 30 ASPMX2.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX3.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX4.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 30 ASPMX5.GOOGLEMAIL.COM.
owasp.org. 86400 IN MX 10 ASPMX.L.GOOGLE.COM.
owasp.org. 86400 IN TXT "v=spf1 include:aspmx.googlemail.com ~all"
*.owasp.org. 86400 IN CNAME owasp.org.
ads.owasp.org. 86400 IN A 216.48.3.26
austin.owasp.org. 86400 IN CNAME owasp.org.
calendar.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
docs.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
es.owasp.org. 86400 IN A 216.48.3.18
forums.owasp.org. 86400 IN A 216.48.3.19
google6912a08c3a8cdf0b.owasp.org. 86400 IN CNAME GOOGLE.COM.
groups.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
jobs.owasp.org. 86400 IN CNAME owasp.org.
lists.owasp.org. 86400 IN A 216.48.3.22
lists.owasp.org. 86400 IN MX 10 ml1lists.owasp.org.
localhost.owasp.org. 86400 IN A 127.0.0.1
mail.owasp.org. 86400 IN CNAME ghs.GOOGLE.COM.
ml1lists.owasp.org. 86400 IN A 216.48.3.30
registration.owasp.org. 86400 IN CNAME owasp.org.
stage.owasp.org. 86400 IN A 216.48.3.20
voip.owasp.org. 86400 IN A 216.48.3.22
www.owasp.org. 86400 IN CNAME owasp.org.
owasp.org. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. 2007080369 86400 7200 2592000 86400
;; Query time: 529 msec
;; SERVER: 192.220.124.10#53(192.220.124.10)
;; WHEN: Mon Jun 7 19:15:40 2010
;; XFR size: 32 records (messages 1)
OWASP must be glad that we didn't use 31337 stuff like Revhosts ;))
You guys must learn from ISECOM - Check this out
bt ~ # dig isecom.org axfr @ns222.pair.com
; <<>> DiG 9.3.2-P1 <<>> isecom.org axfr @ns222.pair.com
; (1 server found)
;; global options: printcmd
; Transfer failed.
That should be the type of output generally when you poke a website preaching security...
If you are bored and clarifying a few things with a website like OWASP next time, try running a few tools from the command line, gives you lols :))
Cheers,
Kish
Monday, June 7, 2010
Subscribe to:
Posts (Atom)