Information Gathering with Whois As I have mentioned earlier, our goal in the information gathering and enumeration phase is to
gather as much information as possible about the target. Whois holds a huge database that con-
tains information regarding almost every website that is on the web, most common information
are “who owns the website” and “the e-mail of the owner,” which can be used to perform social
engineering attacks.
Whois database is accessible on whois.domaintools.com. It’s also available in BackTrack. but
you would need to issue the following command from BackTrack to enable it:
apt-get install whois
In order to perform a Whois search on a website, you would need to type Whois from the command line:
whois www.techlotips.com
56 ◾
Ethical Hacking and Penetration Testing Guide You would see the following output:
You can see that it has revealed some interesting information such as the e-mail of the owner
(which I have set to private b/w) and the name servers, which shows that hostagtor.com is hosting
this website. We will learn some effective methods to determine name servers later in this section,
when we will talk about DNS enumeration.
Finding Other Websites Hosted on the Same Server In the chapter on web hacking (Chapter 12), you will learn a method called “Symlink bypassing,”
which will show you exactly how an attacker can use a single website in order to compromise every
website on the same server. However, for now, we would just discuss the method of finding the
domains hosted on the same server. The method is called reverse IP lookup.
Yougetsignal.com Yougetsignal.com allows you to perform a reverse IP lookup on a webserver to detect all other
websites present on the same server. All you need to do is enter the domain.
There is another tool called
ritx that is also used to perform this task.