DEV Community

Akuson Daniel
Akuson Daniel

Posted on • Edited on

Perform basic reconnaissance to gather domain-related information using Vulnerable Web.

#cybersecurity #vulnerabilities #testing

Reconnaissance is discovering and collecting information on the system and the victim. The reconnaissance phase is the planning phase for the adversaries.
In Ethical Hacking, Information gathering whereby Black Hat hackers, Hacktivists or white Hat Hackers gather Information about a web service. Even SOC analyst make use of this tool for either active or passive attacks surface level like open ports, services running, software versions, domain info, and network structure, used to spot potential Loopholes in a domain name system.

Objectives;

1-Identify Vulnerabilities
2-Get Footprints for Social Engineering
3-Planning Attack or Defenses.

Target: vulnweb.com

Tools Used: Whois, Nslookup.

Steps to Reproduce

Run Basic whois Lookup using Linux Operating System with the command “whois vulneweb.com" The Following were outputted;

Image description

i-Domain Name Registration
ii-Date the target website (Vulnweb) was created and its Expiry date
iii- Domain Headers
iv- DNS points to a live server.

I went further to query Vulnweb. Using Command “nslookup vulnweb.com”
Server: The query was sent to 8.8.8.8 (Google's public DNS server) on port 53.
Non-authoritative Answer:
Name: vulnweb.com
Address: 44.228.249.3 (IPv4 address)

Image description

Observations:
Primary source for vulnweb.com but is providing a cached or forwarded answer.
The IP address 44.228.249.3 is a valid IPv4 address, indicating vulnweb.com is resolvable and likely hosted on a server at this address.
The use of Google's DNS server suggests the system is configured to use a public DNS resolver rather than a local or ISP-provided one.
This output confirms that vulnweb.com was successfully resolved to an IP address at the time of the query, which could be part of network diagnostics or testing. The domain vulnweb.com is often associated with security testing.

Here are some few

Here are some Mitigation strategies:

  • Limit Publicly Available Information (OSINT) to mitigate Reconnaissance.
  • Block unnecessary ports, use firewalls, and apply network segmentation and Deploy Intrusion Detection Systems.
  • Use WHOIS privacy protection with domain registrar
  • Banner grabbing reveals Apache/nginx version to mitigate and turn off or obfuscate version banners.

Top comments (0)