1. What's in a name ? But here when the name of the tool is FIERCE...it has the potential to grab eyeballs....about FIERCE first....Fierce is a perl script written by RSnake and helps at the first steps of a pentesting ie the reconnaissance. The focus of any pentester is to gather as much info as possible about the target before starting the attack.Exactly like earlier tools discussed in the Information Gathering drop down of Backtrack 5 R3,FIERCE is used for DNS Enumeration and is a great tool for discovering non-contiguous IP address for a certain company. It is difficult to discover and gather information about a company network which is non-contiguous using traditional tools. Though we can use a normal scanner against an IP range, but if the IP ranges are nowhere near one another there may be chance of missing chunks of networks. For this type of situation FIERCE is used.The following is the working process of FIERCE.
First it asks DNS for the DNS servers of the target. If DNS server of target is misconfigured then fierce attempts to dump the SOA records for the domain. If it fails then it attempts to "guess" names that are common amongst different companies using bruteforce.
2. The info gained from this tool FIERCE can be used by subsequent tools to be used like nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.
First it asks DNS for the DNS servers of the target. If DNS server of target is misconfigured then fierce attempts to dump the SOA records for the domain. If it fails then it attempts to "guess" names that are common amongst different companies using bruteforce.
2. The info gained from this tool FIERCE can be used by subsequent tools to be used like nmap, unicornscan, nessus, nikto, etc, since all of those require that you already know what IP space you are looking for. This does not perform exploitation and does not scan the whole internet indiscriminately. It is meant specifically to locate likely targets both inside and outside a corporate network. Because it uses DNS primarily you will often find mis-configured networks that leak internal address space. That's especially useful in targeted malware.
SYNTAX : perl fierce.pl [-dns example.com] [OPTIONS]
3. The switches that can be used with this command are shown in the screen shot below :
(Click on the Image to enlarge) |
4. So I tried running the tool on certifiedhacker.com & dvwa.co.uk and the output is shown below vide a screen shot :
certifiedhacker.com
(Click on the Image to enlarge) |
dvwa.co.uk
(Click on the Image to enlarge) |
(Click on the Image to enlarge) |
This info will be good enough to march ahead from a pen tester point of view!!!!!!
0 comments:
Post a Comment