Passive DNS network mapping

Dnsmap – Passive DNS network mapper a.k.a. subdomains bruteforcer.

dnsmap is mainly meant to be used by pentesters during the information gathering/enumeration phase of infrastructure security assessments. During the enumeration stage, the security consultant would typically discover the target company’s IP netblocks, domain names, phone numbers, etc …

Subdomain brute-forcing is another technique that should be used in the enumeration stage, as it’s especially useful when other domain enumeration techniques such as zone transfers don’t work.

Usage:

dnsmap <target-domain> [options]

Options:

-w <wordlist-file>
-r <regular-results-file>
-c <csv-results-file>
-d <delay-millisecs>
-i <ips-to-ignore> (useful if you're obtaining false positives)

Examples:

dnsmap target-domain.foo
dnsmap target-domain.foo -w yourwordlist.txt -r /tmp/domainbf_results.txt
dnsmap target-fomain.foo -r /tmp/ -d 3000
dnsmap target-fomain.foo -r ./domainbf_results.txt

Results example:

user@kali:~# dnsmap example.com
dnsmap 0.30 - DNS Network Mapper by pagvac (gnucitizen.org)
 
[+] searching (sub)domains for example.com using built-in wordlist
[+] using maximum random delay of 10 millisecond(s) between requests
 
sftp.example.com
IP address #1: 127.0.0.1
 
email.example.com
IP address #1: 127.0.0.1
 
webmail.example.com
IP address #1: 127.0.0.1
 
www.example.com
IP address #1: 127.0.0.1
 
[+] 4 (sub)domains and 4 IP address(es) found
[+] completion time: 195 second(s)

How to search for folders in windows 7

Either in start menu search textbox or explorer search textbox type:

name:=folder_name kind:=folder

> Hit enter.

for ex. to delete all .svn files because you are moving to git:

name:=.svn kind:=folder

> Select all results and Shift+Delete.

Set up an empty repository in Git server

> Open your ubuntu distribution
> Create an empty folder

mkdir /home/myusername/dev/myproject.git
cd /home/myusername/dev/myproject.git

> Initialize an empty repository

git init --bare

How to create SSH key pair in Ubuntu

> Press Alt+F2.
> Type seahorse.
> Click the green plus sign.
> Choose Secure Shell Key and click continue.
> Follow the step by step procedure.

Extract all strings using Mono.Cecil in C#

First check this post on how to build and use Mono.Cecil library.

private List<String> ReadAssemblyStrings(String executable)
{
    try
    {
	if (!File.Exists(executable)) return null;
 
	AssemblyDefinition AssemblyDef = AssemblyDefinition.ReadAssembly(executable);
	List<String> sstrs = new List<String>();
 
	foreach (ModuleDefinition md in AssemblyDef.Modules)
	{
	    foreach (TypeDefinition td in md.GetTypes())
	    {
		foreach (MethodDefinition mdf in td.Methods)
		{
		    if (mdf.HasBody)
		    {
			for (int i = 0; i < mdf.Body.Instructions.Count; i++)
			{
			    Instruction id = mdf.Body.Instructions[i];
			    if (id.OpCode == OpCodes.Ldstr)
				sstrs.Add(id.Operand.ToString());
			}
  		    }
		}
    	    }
	}
	return sstrs;
    }
    catch
    {
	return null;
    }
}

How to use Mono.Cecil

> Download or Clone Mono.Cecil source code from github.

> Open Solution file (Mono.Cecil.sln) with your Visual Studio.

> Build Solution (Compile). There are 12(Debug & Release) build configurations available. Choose the one that fits your needs.

.Net 2 Debug/Release
.Net 3.5 Debug/Release
.Net 4 Debug/Release
.Net 4.5 Debug/Release
SilverLight Debug/Release
Windows Phone Debug/Release

> Add Mono.Cecil.dll in your project, as a reference.

How to get the local IP address(es) using C in Windows

GetIpAddrTable function

You have to add the following libraries into your project:
ws2_32.lib and iphlpapi.lib.

Check this post on how to link your eclipse project with libraries.

#include <winsock2.h>
#include <iphlpapi.h>
#include <windows.h>
 
#define MALLOC(x) HeapAlloc(GetProcessHeap(), 0, (x))
#define FREE(x) HeapFree(GetProcessHeap(), 0, (x))
 
int main(void)
{
	int i;
	PMIB_IPADDRTABLE pIPAddrTable;
	DWORD dwSize = 0;
	DWORD dwRetVal = 0;
	IN_ADDR IPAddr;
 
	pIPAddrTable = (MIB_IPADDRTABLE *) MALLOC(sizeof (MIB_IPADDRTABLE));
 
	if (pIPAddrTable) {
	  if (GetIpAddrTable(pIPAddrTable, &dwSize, 0) ==
	  ERROR_INSUFFICIENT_BUFFER) {
		FREE(pIPAddrTable);
		pIPAddrTable = (MIB_IPADDRTABLE *) MALLOC(dwSize);
	  }
	  if (pIPAddrTable == NULL) exit(1);
	}
 
	if ( (dwRetVal = GetIpAddrTable( pIPAddrTable, &dwSize, 0 )) != NO_ERROR ) exit(1);
 
	for (i=0; i < (int) pIPAddrTable->dwNumEntries; i++) {
	  IPAddr.S_un.S_addr = (u_long) pIPAddrTable->table[i].dwAddr;
	  printf("%s", inet_ntoa(IPAddr) );
	  IPAddr.S_un.S_addr = (u_long) pIPAddrTable->table[i].dwMask;
	  printf(" %s\n", inet_ntoa(IPAddr) );
	}
 
	if (pIPAddrTable) {
	  FREE(pIPAddrTable);
	  pIPAddrTable = NULL;
	}
}

How to link winsock library in Eclipse CDT

1.Right click on project’s name to open its Properties or hit Alt+Enter.
2. Expand C/C++ Build on the tree.
3. Select Settings.
4. Open Tool Settings Tab.
5. Select Libraries under Cross GCC Linker.
6. Add a new entry ws_32 in the right top section (Libraries (-l)).
7. In your project’s source now, add these lines:

#include <winsock2.h>
#include <windows.h>

Get current process id with C in Linux

getpid function

#include <stdlib.h>
#include <stdio.h>
#include <unistd.h>
 
int main(void)
{
    printf("%d", getpid());
    return EXIT_SUCCESS;
}

Get current process id with C in Windows.

Get current process id in C

GetCurrentProcessId function

#include <stdlib.h>
#include <stdio.h>
#include <windows.h>
 
int main(void)
{
    printf("%lu", GetCurrentProcessId());
    return EXIT_SUCCESS;
}

Get current process id with C in Linux.