Full Disclosure mailing list archives
Re: TrueCrypt?
From: "Dave Warren" <davew () hireahit com>
Date: Sat, 07 Jun 2014 09:58:04 -0700
Given that everything in that zone is public anyway, what's the problem? I agree that locking down zone transfers is best practise, and allowing open transfers is odd, but this one looks simple enough and straightforward enough that I have trouble getting too excited about public information being public.
On Jun 6, 2014, at 17:49, "surivaton surivaton" <surivaton () gmail com> wrote: Truecrypt is either stupid or its they way of telling everyone something is wrong. Why? root@kali:~# fierce -dns truecrypt.org DNS Servers for truecrypt.org: ns1.truecrypt.org ns2.truecrypt.org Trying zone transfer first... Testing ns1.truecrypt.org Whoah, it worked - misconfigured DNS server found: truecrypt.org. 259200 IN SOA ns1.truecrypt.org. dns-admin.truecrypt.org. ( 2010021509 ; Serial 10800 ; Refresh 3600 ; Retry 604800 ; Expire 10800 ) ; Minimum TTL truecrypt.org. 259200 IN NS ns1.truecrypt.org. truecrypt.org. 259200 IN NS ns2.truecrypt.org. truecrypt.org. 259200 IN A 72.233.34.82 truecrypt.org. 259200 IN MX 10 truecrypt.org. truecrypt.org. 259200 IN TXT "v=spf1 ip4:72.233.34.82 mx:truecrypt.org -all" forums.truecrypt.org. 259200 IN A 72.233.34.83 ns1.truecrypt.org. 259200 IN A 72.233.34.82 ns2.truecrypt.org. 259200 IN A 72.233.34.84 upload.truecrypt.org. 259200 IN A 72.233.34.84 www.truecrypt.org. 259200 IN A 72.233.34.82 There isn't much point continuing, you have everything. Have a nice day. Exiting... root@kali:~# Who in there right mind lets you do zone transfers. I mean seriously back in windows server 2003 it was common but god damn I think they are trying to tell us something.
_______________________________________________ Sent through the Full Disclosure mailing list http://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- Re: TrueCrypt? Dave Howe (Jun 03)
- Re: TrueCrypt? Dave Warren (Jun 04)
- Re: TrueCrypt? surivaton surivaton (Jun 08)
- Re: TrueCrypt? Dave Warren (Jun 08)
- Re: TrueCrypt? surivaton surivaton (Jun 08)
- Re: TrueCrypt? Dave Warren (Jun 04)