maride/hacktricks
1
0
Fork 0
mirror of https://github.com/HackTricks-wiki/hacktricks.git synced 2025-10-10 18:36:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
hacktricks/src/network-services-pentesting/43-pentesting-whois.md
Jimmy 234e3d13c6 Update URLs
2025-01-10 14:40:02 +01:00

61 lines
2.2 KiB
Markdown
Raw Blame History

# 43 - Pentesting WHOIS
{{#include ../banners/hacktricks-training.md}}
## Basic Information
The **WHOIS** protocol serves as a standard method for **inquiring about the registrants or holders of various Internet resources** through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.
**Default port:** 43
```
PORT STATE SERVICE
43/tcp open whois?
```
## Enumerate
Get all the information that a whois service has about a domain:
```bash
whois -h <HOST> -p <PORT> "domain.tld"
echo "domain.ltd" | nc -vn <HOST> <PORT>
```
Notice than sometimes when requesting for some information to a WHOIS service the database being used appears in the response:
![](<../images/image (301).png>)
Also, the WHOIS service always needs to use a **database** to store and extract the information. So, a possible **SQLInjection** could be present when **querying** the database from some information provided by the user. For example doing: `whois -h 10.10.10.155 -p 43 "a') or 1=1#"` you could be able to **extract all** the **information** saved in the database.
## Shodan
- `port:43 whois`
## HackTricks Automatic Commands
```
Protocol_Name: WHOIS #Protocol Abbreviation if there is one.
Port_Number: 43 #Comma separated if there is more than one.
Protocol_Description: WHOIS #Protocol Abbreviation Spelled out
Entry_1:
Name: Notes
Description: Notes for WHOIS
Note: |
The WHOIS protocol serves as a standard method for inquiring about the registrants or holders of various Internet resources through specific databases. These resources encompass domain names, blocks of IP addresses, and autonomous systems, among others. Beyond these, the protocol finds application in accessing a broader spectrum of information.
https://book.hacktricks.wiki/en/network-services-pentesting/pentesting-smtp/index.html
Entry_2:
Name: Banner Grab
Description: Grab WHOIS Banner
Command: whois -h {IP} -p 43 {Domain_Name} && echo {Domain_Name} | nc -vn {IP} 43
```
{{#include ../banners/hacktricks-training.md}}
Reference in New Issue View Git Blame Copy Permalink