First off I would like to apologize if this question has already been answered; if it has can someone please link me to the answer.
So I am trying to find the IP Address of the server in a Domain. Is there any way I can narrow my results to just show servers; I have no idea what type of server the Domain uses (other than its a Windows server). Once I find at least the IP address then I will be able to do further reconnaissance with this information. But there are hundreds of connections through the Domain's Internet, and I just need a way to narrow the nmap or whatever other tool's results that I can use to find the Server's information only.
8 Responses
Nmap can be used against domains too. Maybe you should have asked the question in another way, I don't think anyone want to help you hacking your school's server.
I didn't mean in it that sense. I am talking about theoretically here. Is there any way I can do this though? The only reason I used the words school was because schools are known for having hundreds maybe even thousands of internet connections throughout different pieces of equipment. Basically Im just asking for a way to filter through the OS's i guess.
If you know the domain, you can know the IP address in various ways:
-In a passive way, with a tool like NetCraft.
-In an active way, with a tool like ping (usually blocked by firewall), or hping3.
I guess I need the active way; Im already connected to the domain. I am trying to access the Windows Server where they have the Active Directory and whatnot
It's better using the passive way, your IP address won't be traceable.
There is no information on any of the Passive way solutions. I wouldnt think there would be as the server is not a web server, but a Domain management server? I have no idea.
you can use whois to query domain register info. use nslookup to get a mx ns info.nmap to scan ports,services,os version.nmap is very strong tool.
Thank you! I will try all of these ways
Share Your Thoughts