Find information about victim
How can I find where exactly victim's site bought host and domain ???
And some1 explain me this problem please : I went to http://www.networksolutions.com/whois to whois victim.com , and this is the result :
Domain Name: VICTIM.COM
...
Domain servers in listed order:
NS1.XX.NET 66.98.XXX.XX
NS2.XX.NET 66.98.XXX.XX
–> So victim bought host and domain at XX.NET . Ok , I went to networksolutions and whois XX.NET , this is result :
Domain servers in listed order:
NS1.XX.NET
NS2.XX.NET
Ok , now I tried to hack XX.NET . God , see the etc/passwd I hacked :
XX:x:32003:506::/home2/XX:/usr/local/cpanel/bin/noshell
VICTIM:x:32274:777::/home2/VICTIM:/usr/local/cpanel/bin/noshell
S**t , why XX is the user as VICTIM . And I also find some user's domain that sell host and domain . So what exactly where victim bought host and domain .
:( Please some1 explain more clear for me about this problem ?
goto: www.whois.net/
then it gives you the name/address/contact number/email/server.. everything you need to know about the person who registered the site + where / who hosts it.
Ok , I did like you said and the result is : Registration Service Provided By XX (that's XX.net I said) And when I whois XX.net there's no result like that . —> So victim really registered host and domain at XX.net
—> So my problem is that : why in etc/passwd that I found XX is the user like victim :
root:x:0:0:root:/root:/bin/bash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
..............................
XX:x:32003:506::/home2/XX:/usr/local/cpanel/bin/noshell
VICTIM:x:32274:777::/home2/VICTIM:/usr/local/cpanel/bin/noshell
—> So XX is not root ???
No, not always…. and, these appear to have shadowed passwds (i'm not gonna explain this becase if you can get /etc/passwd you probably know what that is).
Now, like i said depending on the domain, the user may have thier own seperate account, and they may also have the root acct. dump the hashes into john, and then try and login to root with thier user passwd (or just crack the root passwd). Or use a local exploit… whatever…
BTW, i find it quite odd that you can grab /etc/passwd, but can't use whois…
No, not always…. and, these appear to have shadowed passwds (i'm not gonna explain this becase if you can get /etc/passwd you probably know what that is).
Now, like i said depending on the domain, the user may have thier own seperate account, and they may also have the root acct. dump the hashes into john, and then try and login to root with thier user passwd (or just crack the root passwd). Or use a local exploit… whatever…
Ok , I know it's the shadowed passwds and cracked it . And thanks , now I found that you're true . The etc/passwd that I had is XX.net's and I dump the database config of them , I had every answers :o
BTW, i find it quite odd that you can grab /etc/passwd, but can't use whois…
:p Like I said , I went to networksolutions to whois victim and XX.net . And when I had the etc/passwd of XX.net , like I said , I don't understand why XX.net is not root ? (But now understood) . So it's the reason why I ask you about whois , before that I thought that I'm wrong :)