Explorer

Collecte d`informations

download Plainte

Transcription

Collecte d`informations 
http://sitedugaci.com/tutoriels_chapitre/9/4/la-collecte-desrenseignements.html
Premiere ETAPE: (WHOIS SlayersOnline.net)
Domain Name: SLAYERSONLINE.NET
Registrar: OVH
Sponsoring Registrar IANA ID: 433
Whois Server: whois.ovh.com
Referral URL: http://www.ovh.com
Name Server: KS393321.KIMSUFI.COM
Name Server: NS.KIMSUFI.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 01-jun-2014
Creation Date: 22-jun-2004
Expiration Date: 22-jun-2015
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
For more information on Whois status codes, please visit
https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
Domain Name: slayersonline.net
Registry Domain ID: 123116579_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2014-06-01T21:56:19.0Z
Creation Date: 2004-06-22T08:38:08.0Z
Registrar Registration Expiration Date: 2015-06-22T08:38:08.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +33.899498765
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID:
Registrant Name: Cohen Jérôme
Registrant Organization:
Registrant Street: slayersonline.net, office #114091, c/o OwO, BP80157
Registrant City: 59053
Registrant State/Province:
Registrant Postal Code: Roubaix Cedex 1
Registrant Country: FR
Registrant Phone: +33.899498765
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: Cohen Jérôme
Admin Organization:
Admin Street: slayersonline.net, office #114091, c/o OwO, BP80157
Admin City: 59053
Admin State/Province:
Admin Postal Code: Roubaix Cedex 1
Admin Country: FR
Admin Phone: +33.899498765
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: Cohen Jérôme
Tech Organization:
Tech Street: slayersonline.net, office #114091, c/o OwO, BP80157
Tech City: 59053
Tech State/Province:
Tech Postal Code: Roubaix Cedex 1
Tech Country: FR
Tech Phone: +33.899498765
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ks393321.kimsufi.com
Name Server: ns.kimsufi.com
Utilisation de NETCRAFT (adresse :slayers-online.net)
Deuxième ETAPE (Whois 176.31.111.202)
Information related to '176.31.96.0 - 176.31.127.255'
Abuse contact for '176.31.96.0 - 176.31.127.255' is '[email protected]'
inetnum:
176.31.96.0 - 176.31.127.255 (bonne plage d’adresse)
netname:
OVH
descr:
OVH SAS
descr:
Dedicated servers
descr:
http://www.ovh.com
country:
FR
admin-c:
OK217-RIPE
tech-c:
OTC2-RIPE
status:
ASSIGNED PA
mnt-by:
OVH-MNT
source:
RIPE # Filtered
role:
OVH Technical Contact
address:
OVH SAS
address:
2 rue Kellermann
address:
59100 Roubaix
address:
France
admin-c:
OK217-RIPE
tech-c:
GM84-RIPE
tech-c:
SL10162-RIPE
nic-hdl:
OTC2-RIPE
abuse-mailbox: [email protected]
mnt-by:
OVH-MNT
source:
RIPE # Filtered
person:
Octave Klaba
address:
OVH SAS
address:
2 rue Kellermann
address:
59100 Roubaix
address:
France
phone:
+33 9 74 53 13 23
nic-hdl:
OK217-RIPE
abuse-mailbox: [email protected]
mnt-by:
OVH-MNT
source:
RIPE # Filtered
% Information related to '176.31.0.0/16AS16276'
route:
descr:
descr:
origin:
mnt-by:
source:
176.31.0.0/16
OVH ISP
Paris, France
AS16276
OVH-MNT
RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.76.1
(DB-1)
Troisiéme ETAPE (nslookup: 176.31.111.202)
4 iéme etape : (en fouillant un peu sur internet on trouve d’autre info) :
Connexion au serveur whois.afilias.net [383 ms]
Domain Name:SLAYERSONLINE.INFO
Domain ID: D8141786-LRMS
Creation Date: 2004-11-23T11:06:47Z
Updated Date: 2014-11-18T09:42:13Z
Registry Expiry Date: 2015-11-23T11:06:47Z
Sponsoring Registrar:OVH (R268-LRMS)
Sponsoring Registrar IANA ID: 433
WHOIS Server:
Referral URL:
Domain Status: clientDeleteProhibited
Domain Status: clientTransferProhibited
Registrant ID:ovh546b1471qrpq
Registrant Name:Jerome Cohen
Registrant Organization:
Registrant Street: slayersonline.info, office #114093
Registrant Street: c/o OwO, BP80157
Registrant City:Roubaix Cedex 1
Registrant State/Province:
Registrant Postal Code:59053
Registrant Country:FR
Registrant Phone:+33.899498765
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:i5pfjr7s29g1pvj5k5cz[_(a)_]v.o-w-o.info
Admin ID:ovh546b1471v9va
Admin Name:Jerome Cohen
Admin Organization:
Admin Street: slayersonline.info, office #114093
Admin Street: c/o OwO, BP80157
Admin City:Roubaix Cedex 1
Admin State/Province:
Admin Postal Code:59053
Admin Country:FR
Admin Phone:+33.899498765
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info
Billing ID:ovh546b1471v9va
Billing Name:Jerome Cohen
Billing Organization:
Billing Street: slayersonline.info, office #114093
Billing Street: c/o OwO, BP80157
Billing City:Roubaix Cedex 1
Billing State/Province:
Billing Postal Code:59053
Billing Country:FR
Billing Phone:+33.899498765
Billing Phone Ext:
Billing Fax:
Billing Fax Ext:
Billing Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info
Tech ID:ovh546b1471v9va
Tech Name:Jerome Cohen
Tech Organization:
Tech Street: slayersonline.info, office #114093
Tech Street: c/o OwO, BP80157
Tech City:Roubaix Cedex 1
Tech State/Province:
Tech Postal Code:59053
Tech Country:FR
Tech Phone:+33.899498765
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info
Name Server:NS.KIMSUFI.COM
Name Server:KS393321.KIMSUFI.COM
Les serveurs DNS du domaine sont :


ns.kimsufi.com. <=> 213.186.33.199 [FR]
ks393321.kimsufi.com. <=> 176.31.111.202 [FR]
Serveurs DNS du WhoIs sur whois.afilias.net [383 ms]
ns.kimsufi.com. <=> 213.186.33.199 [FR]
ks393321.kimsufi.com. <=> 176.31.111.202 [FR]
Réponse de a2.info.afilias-nst.info. pour slayersonline.info. [5 ms]
ns.kimsufi.com. <=> 213.186.33.199 [FR]
ks393321.kimsufi.com. <=> 176.31.111.202 [FR]
Réponse de f.root-servers.net pour info. [24 ms]
a2.info.afilias-nst.info. <=> 199.249.113.1 [CA]
b2.info.afilias-nst.org. <=> 199.249.121.1 [CA]
c0.info.afilias-nst.info. <=> 199.254.49.1 [CA]
b0.info.afilias-nst.org. <=> 199.254.48.1 [CA]
a0.info.afilias-nst.info. <=> 199.254.31.1 [CA]
d0.info.afilias-nst.org. <=> 199.254.50.1 [CA]
mail.slayersonline.info.
86400
IN
A
176.31.111.202
Les champs NS ne sont pas synchronisés avec le serveurs de nom de départ pour les serveurs suivants :

ks393321.kimsufi.com.
=====>
o ns.kimsufi.com. <=> 213.186.33.199 [FR]
o ks393321.kimsufi.com. <=> 176.31.111.202 [FR]
Les serveurs suivants sont synchronisés (MX, NS, SOA, WWW identiques) avec le serveurs de nom de départ :

ns.kimsufi.com. <=> 213.186.33.199 [FR]
La version des serveurs DNS est exposée :

ns.kimsufi.com. => [Secured]

ks393321.kimsufi.com. => 9.8.4-rpz2+rl005.12-P1
202.111.31.176.in-addr.arpa.
86400
IN
PTR
ks393321.kimsufi.com.
L'adresse IP peut être résolue en 176.31.111.202 [FR] <=> ks393321.kimsufi.com.
Serveur ayant répondu : ns19.ovh.net. <=> 213.251.128.139 [FR] [48
ms]
Starting Nmap 6.00 ( http://nmap.org ) at 2015-01-16 11:32 CET
Nmap scan report for ks393321.kimsufi.com (176.31.111.202)
Host is up (0.00049s latency).
PORT STATE SERVICE
21/tcp open ftp
23/tcp closed telnet
25/tcp open smtp
43/tcp closed whois
53/tcp open domain
69/tcp closed tftp
80/tcp open http
110/tcp open pop3
116/tcp closed ansanotify
143/tcp open imap
194/tcp closed irc
443/tcp closed https
465/tcp closed smtps
585/tcp closed unknown
587/tcp closed submission
3306/tcp closed mysql
8443/tcp closed https-alt
10000/tcp closed snet-sensor-mgm
5 iéme étape : (scan des ports)
Commande pour scan les ports :
Nmap –sS –Pn 176.31.111.202
Commande pour scan les ports avec la version :
nmap -sS –Pn -A 176.31.111.202
6ieme ETAPE:
Service postgresql start
msf > db_status
[*] postgresql connected to msf3
msf > netstat -lt
[*] exec: netstat -lt
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale
Adresse distante
tcp
0 0 localhost:50505
*:*
LISTEN
tcp
0 0 *:3790
*:*
LISTEN
tcp
0 0 *:ssh
*:*
LISTEN
tcp
0 0 localhost:postgresql *:*
LISTEN
tcp
0 0 localhost:3001
*:*
LISTEN
tcp
0 0 *:8834
*:*
LISTEN
tcp6
0 0 [::]:ssh
[::]:*
LISTEN
tcp6
0 0 localhost:postgresql [::]:*
LISTEN
tcp6
0 0 [::]:8834
[::]:*
LISTEN
Etat
msf > netstat -ltn
[*] exec: netstat -ltn
Connexions Internet actives (seulement serveurs)
Proto Recv-Q Send-Q Adresse locale
Adresse distante
tcp
0 0 127.0.0.1:50505
0.0.0.0:*
LISTEN
tcp
0 0 0.0.0.0:3790
0.0.0.0:*
LISTEN
tcp
0 0 0.0.0.0:22
0.0.0.0:*
LISTEN
tcp
0 0 127.0.0.1:5432
0.0.0.0:*
LISTEN
tcp
0 0 127.0.0.1:3001
0.0.0.0:*
LISTEN
tcp
0 0 0.0.0.0:8834
0.0.0.0:*
LISTEN
tcp6
0 0 :::22
:::*
LISTEN
tcp6
0 0 ::1:5432
:::*
LISTEN
tcp6
0 0 :::8834
:::*
LISTEN
Etat
7iéme ETAPE: (Importation de résultats de Nmap dans Metaspoit)
nmap -sS -Pn -A -oX Subnet1 176.31.111.202/24
a revoir
8 iéme ETAPE:
Ensuite on fait : nmap –Pn –sI 176.31.111.42 176.31.111.161

Documents pareils

Comparatif serveur dédié low cost Page 1

Comparatif serveur dédié low cost Page 1

Plus en détail

combattre le phishing

combattre le phishing Domain ID: 2037045434_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.tucows.com Registrar URL: http://tucowsdomains.com Updated Date: 2016-06-23T03:20:55Z Creation Date: 2016-06-23T03:20:55Z Registr...

Plus en détail

Concert de Julie Zenatti - Saint

Concert de Julie Zenatti - Saint

Plus en détail
2025 © doczz.fr
À propos de nous | DMCA / GDPR | Abuser de