Main reason - organizations naming their servers based on installed software or purpose instead of by some other naming scheme goofy.corp.local doesn't mean the same as internalcms.corp.local Focus your attacks Also, who is actively watching their DNS logs on their internal servers?
On Wed, Apr 24, 2013 at 8:20 AM, Josh More <[email protected]> wrote: > There are many reasons. I do it during engagements to find "test" servers > and older servers. These are often not behind WAFs and not updated, so > they can be weaker targets. From there, it's pivot, pivot, pivot. > > -Josh More > > > On Wed, Apr 24, 2013 at 3:30 AM, Jason Long <[email protected]> wrote: > >> Hello Folks. >> I look at Kali Linux and saw a part about DNS gathering information, Why >> a hacker must do DNS walk? >> >> Thanks. >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
