net_toolz.html

黑客培训教程

<P><font face="Verdana" size="2">Hacking Tip: You can find out if an IP address is a Dynamic or Static by issuing the ultimate mapping tool on the net:
nslookup. Give the following command : nslookup hostname where hostname is substituted by an IP address and if the result is Non-Existant Host/ Domain then the IP is a Dynamic one. If it return the hostname which is human understandable then you can be pretty sure that the IP address is a static one.</font></P>
<P><font face="Verdana" size="2">For more information on DNS lookup and nslookup read on.</font></P>
<P><font face="Verdana" size="2">******************</font></P>
<P><font face="Verdana" size="2">Now IP addresses are very difficult to remember, who can memorize IP addresses of all the computers he wants to connect to or the sites he wants to visit.Say for example I am sure you would find hotmail.com more easier to remember than something like 203.43.54.12. Here comes in DNS or Domain Name Systems.Read on for more info on DNS.</font></P>
<B><P><font face="Verdana" size="2">DNS</font></P>
</B><P><font face="Verdana" size="2">A DNS is basically a resource for converting friendly Hostnames (like, hotmail.com)which humans can easily understand, into IP addresses which machines need to communicate to the host i.e. hotmail.com</font></P>
<P><font face="Verdana" size="2">Now what basically happens in that when you type
<A HREF="http://www.hotmail.com/">www.hotmail.com</A> in the location bar of your browser, the browser needs to perform a lookup to find the machine readable IP address so that it can communicate with the host.This means that the browser cannot communicate with a host if it has the friendly hostname only. Without the IP address, no communication can take place. So for the lookup, the browser contacts the DNS server setup by normally by your ISP and through the resolver tries to look for the IP conversion of the hostname the user wants to contact. A DNS server is basically a server running DNS software.The server that the browser first looks for a translation is the Primary DNS server, if this primary server doesn't show any match then this server contacts another DNS server somewhere on the Internet (This becomes the Secondry DNS Server.)and looks for a match. If a match is found in the secondry server then the Primary server updates it's database so that it doesn't have to contact the Secondry server again for the same match. Each DNS server stores the hosts it has recently looked for in it's cache. Now if the Server has recently looked for a particular hostname, then it does not search for it again but just provides the browser with that information from it's cache. If the cache does not contain a particular entry, then the resolver looks for the desired entry by searching through the entire database.</font></P>
<P><font face="Verdana" size="2">New techologies are being introduced in the DNS sphere. Now take the case of amazon.com. It is a famous and large E-company with over a million users per day.(My rough estimate.) Such large organizations have multiple IP addresses for the same domain name. Today what happens is that the DNS server returns all IP Addresses and the browser chooses a random IP from it. But this new technolofy will allow the DNS server to return the IP of the server which has the least trafiic, so as to enhanse surfing. So you can see DNS does make sense.</font></P>
<P><font face="Verdana" size="2">You can see how time consuming the above process can be and it can really slow down your surfing process, a lot of time is being wasted when the browser contacts the DNS server and performs a lookup, so how do you fasten this process? How do you eliminate the fact that the browser will contact the DNS server each time you want to visit a site? Well the answer lies in the HOSTS file hidden in the c:\windows directory.</font></P>
<P><font face="Verdana" size="2">You can map a machine's IP to any hostname by editing the c:\windows\hosts file(It has no extension.)on win 9.x systems, On NT the hosts file is c:\WinNT\system32\drivers\etc\hosts and on Linux it is /etc/hosts.</font></P>
<P><font face="Verdana" size="2">A hosts file looks something like the below:</font></P>
<P><font face="Verdana" size="2">###############################</font></P>
<P><font face="Verdana" size="2"># Copyright (c) 1998 Microsoft Corp.</font></P>
<P><font face="Verdana" size="2">#</font></P>
<P><font face="Verdana" size="2"># This is a sample HOSTS file used by Microsoft TCP/IP stack for Windows98</font></P>
<P><font face="Verdana" size="2">#</font></P>
<P><font face="Verdana" size="2"># This file contains the mappings of IP addresses to host names. Each</font></P>
<P><font face="Verdana" size="2"># entry should be kept on an individual line. The IP address should</font></P>
<P><font face="Verdana" size="2"># be placed in the first column followed by the corresponding host name.</font></P>
<P><font face="Verdana" size="2"># The IP address and the host name should be separated by at least one</font></P>
<P><font face="Verdana" size="2"># space.</font></P>
<P><font face="Verdana" size="2">#</font></P>
<P><font face="Verdana" size="2"># Additionally, comments (such as these) may be inserted on individual</font></P>
<P><font face="Verdana" size="2"># lines or following the machine name denoted by a '#' symbol.</font></P>
<P><font face="Verdana" size="2">#</font></P>
<P><font face="Verdana" size="2"># For example:</font></P>
<P><font face="Verdana" size="2">#</font></P>
<P><font face="Verdana" size="2"># 102.54.94.97 rhino.acme.com # source server</font></P>
<P><font face="Verdana" size="2"># 38.25.63.10 x.acme.com # x client host</font></P>
<OL>
<OL>
<OL>
<OL>

<LI><font face="Verdana" size="2">localhost</font></LI></OL>
</OL>
</OL>
</OL>

<P><font face="Verdana" size="2">#####################################</font></P>
<P><font face="Verdana" size="2">For example, if you know that the IP address of say hotmail.com is 207.xxx.xxx.xxx., then if you add the following in the Hosts file then the browser will not perform a lookup and will starighaway have the IP to communicate with the host. So add the line:</font></P>
<P><font face="Verdana" size="2">207.xxx.xxx.xxx <A HREF="http://www.hotmail.com/">www.hotmail.com</A></font></P>
<P><font face="Verdana" size="2">Now your browser will connect faster to Hotmail.com. This technique can increase your surfing speed tremendously.So now that you know what a DNS is卨et get on to the subject of DNS lookup and Reverse DNS lookup.</font></P>
<P><font face="Verdana" size="2">Now Linux or any other form of Unix come with a very interesting utility known as nslookup. This can be used to gather some very valueable information about a host. For details as to how to use this tool to gather information read the man pages. Windows users can download SamSpade from
<A HREF="http://www.samspade.com/">www.samspade.org</A> to perform a nslookup.</font></P>
<P><font face="Verdana" size="2">Just as DNS lookup converts the hostname into IP address, a Reverse DNS Lookup converts the IP address of a host to the hostname thus we can conclude that a DNS lookup return machine readable IP addresses and a reverse DNS Lookup returns the human friendly hostname.</font></P>
<P><font face="Verdana" size="2">****************************</font></P>
<P><font face="Verdana" size="2">INFO: The DNS software normally runs on Port 53 of a host. So the browser connects to port 53 to perfom a DNS lookup.</font></P>
<P><font face="Verdana" size="2">***************************</font></P>
<B><P><font face="Verdana" size="2">NslookUp</font></P>
</B><P><font face="Verdana" size="2">So how can you use nslookup to gain some valuable information about a host? Well the best way to learn about a particular Unix command is to read the man pages.They are the ultimate source of all Unix commands and their parameters.</font></P>
<P><font face="Verdana" size="2">Now the first thing to do is, either get SamSpade from
<A HREF="http://www.samspade.com/">www.samspade.org</A> or if you are using a shell account or are running any form of Unix then locate where the nslookup command is hidden by issuing the following command: ' whereis nslookup '.</font></P>
<P><font face="Verdana" size="2">I am just giving you a general introduction to nslookup, to meanr about all Resource records or query types do read through the Man pages.</font></P>
<P><font face="Verdana" size="2">You can use nslookup in two modes, either in the interactive mode or in the non interactive mode.First I will explain the Interactive mode. If you type nslookup at the shell prompt then it launches say, the nslookup utility or the nslookup command.</font></P>
<P><font face="Verdana" size="2">$&gt;/usr/etc/nslookup</font></P>
<P><font face="Verdana" size="2">Default Server: hobbiton.org</font></P>
<P><font face="Verdana" size="2">Address: 12.12.12.12</font></P>
<P><font face="Verdana" size="2">Now when you type just nslookup, the machine will return the IP address and the name of the server which is running the nslookup command for you,in this case it would be my shell account provider.</font></P>
<P><font face="Verdana" size="2">Now once launching nslookup you need to specify the query type, which is the type of Resource Record</font></P>
<P><font face="Verdana" size="2">(RR) by typing:</font></P>
<P><font face="Verdana" size="2">set type: RR</font></P>
<P><font face="Verdana" size="2">where RR can be any of the following:</font></P>
<P><font face="Verdana" size="2">A : Address</font></P>
<P><font face="Verdana" size="2">MX : Mail Exchanger</font></P>
<P><font face="Verdana" size="2">PTR : Pointer</font></P>
<P><font face="Verdana" size="2">CNAME: Canonical Name</font></P>
<P><font face="Verdana" size="2">HINFO: Host Info.</font></P>
<P><font face="Verdana" size="2">ANY : In this case a zone transfer takes place and all information of the host is returned, as a result</font> </P>
<P><font face="Verdana" size="2">additional burden is put on the host and hence may cause the host to hang or restart.</font></P>
<P><font face="Verdana" size="2">NOTE: To get full list of RR's read the man pages.</font></P>
<P><font face="Verdana" size="2">Now once the RR or the type has been set, you need to type in the host name or the IP of the server you want to gather info of.</font></P>
<P><font face="Verdana" size="2">This might not be that clear, so let me take you through an example.</font></P>
<P><font face="Verdana" size="2">Firstly for this example I am using my Linux box and am not logged on to any shell account so my IP would be 127.0.0.1 and am doing a A type nslookup on the host hotmail.com</font></P>
<P><font face="Verdana" size="2">$&gt;nslookup</font></P>
<P><font face="Verdana" size="2">Server: localhost</font></P>
<P><font face="Verdana" size="2">Address: 127.0.0.1</font></P>
<P><font face="Verdana" size="2">&gt;set type=A</font></P>
<P><font face="Verdana" size="2">&gt;hotmail.com</font> </P>
<P><font face="Verdana" size="2">Server: localhost</font></P>
<P><font face="Verdana" size="2">Address: 127.0.0.1</font></P>