Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug] False positive in TLD research #213

Closed
SimoneCagol opened this issue Feb 28, 2022 · 8 comments
Closed

[Bug] False positive in TLD research #213

SimoneCagol opened this issue Feb 28, 2022 · 8 comments
Labels
Help Wanted

Comments

@SimoneCagol
Copy link

Bug
False positive in TLD research

Description
Some second level domains return always a DNS resolution (ex. ae.xxx).

Moreover, I think to have identify an issue in the way the second levels tlds are created, since actually the program is trying always only 32 combinations, and using always only the first 32 elements of the cctld array. Maybe two nested for cycle are a better options for this purpose.

Attempt 1 Attempt 2
Trying: ***.ac.info Trying: ***.ac.mil
Trying: ***.ad.online Trying: ***.ad.mobi
Trying: ***.ae.name Trying: ***.ae.int
Trying: ***.af.cloud Trying: ***.af.name
... ...
Trying: ***.bm.pro Trying: ***.bm.co
Trying: ***.bn.mobi Trying: ***.bn.pro
Trying: ***.bo.gov Trying: ***.bo.info
Trying: ***.bq.xxx Trying: ***.bq.museum

To Reproduce

nslookup aaaaaaaaabbbbbbbbbbbbcccccccccccdddddddddd.ae.xxx
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	aaaaaaaaabbbbbbbbbbbbcccccccccccdddddddddd.ae.xxx
Address: 64.190.62.111
@L1ghtn1ng
Copy link
Collaborator

I really do not follow or see what the issue is here. Can you make it clear what the issue is?

@frapava98
Copy link
Contributor

I think that @SimoneCagol here identified two different problems:
The first one is the fact that for some second level combinations return always the same DNS resolution, despite the hostnames exist or not. In the example, if you try to execute the nslookup of ae.xxx, abcd.ae.xxx or example.ae.xxx, the result will not change.

nslookup abcd.ae.xxx
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	abcd.ae.xxx
Address: 64.190.63.111`

nslookup example.ae.xxx
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	example.ae.xxx
Address: 64.190.63.111

nslookup ae.xxx
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	ae.xxx
Address: 64.190.63.111

The second problem regards the implementation of the second level TLDs brute force:
only the first 32 elements of the cctld array are used during the brute force, and all the others are never used. He suggested to implement a nested for cycle in order to use every possible combination of cctld and total_tlds instead of the zip function.

This was referenced May 23, 2022
Closed
Closed
@McFacePunch McFacePunch mentioned this issue Oct 18, 2024
Merged
@McFacePunch
Copy link
Contributor

@SimoneCagol @frapava98 if either of you could attempt to validate the fix, that would be awesome. You can run it from the PR branch in my above comment

@L1ghtn1ng
Copy link
Collaborator

or just pull from master as merged it :-)

@McFacePunch
Copy link
Contributor

or just pull from master as merged it :-)

haha or that too

@frapava98
Copy link
Contributor

I created the PR #322 with some improvements.

@McFacePunch
Copy link
Contributor

@L1ghtn1ng i think this can close?

@L1ghtn1ng
Copy link
Collaborator

Closed ☺️

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Help Wanted
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@L1ghtn1ng @McFacePunch @frapava98 @SimoneCagol