🥦 kościelniak.pro

Appearance

On this page

WHOIS

WHOIS is a request and response protocol that follows the RFC 3912 specification.

A WHOIS server listens on TCP port 43 for incoming requests. The domain registrar is responsible for maintaining the WHOIS records for the domain names it leases.

The WHOIS server replies with various information related to the domain requested, like:

  • via which registrar was the domain name registered
  • registrant contact info: Name, organization, address, phone, among other things. (unless made hidden via a privacy service)
  • Creation, update, and expiration dates
  • Name Server: Which server to ask to resolve the domain name?

To get this information, we just need to use a whois client:

sh
user@TryHackMe$ whois tryhackme.com
[Querying whois.verisign-grs.com]
[Redirected to whois.namecheap.com]
[Querying whois.namecheap.com]
[whois.namecheap.com]
Domain name: tryhackme.com
Registry Domain ID: 2282723194_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-05-01T19:43:23.31Z
Creation Date: 2018-07-05T19:46:15.00Z
Registrar Registration Expiration Date: 2027-07-05T19:46:15.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID:
Registrant Name: Withheld for Privacy Purposes
Registrant Organization: Privacy service provided by Withheld for Privacy ehf
[...]
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2021-08-25T14:58:29.57Z <<<
For more information on Whois status codes, please visit https://icann.org/epp

The information collected can be inspected to find new attack surfaces, such as social engineering or technical attacks, eg., depending on the scope of the penetration test, you might consider an attack against the email server of the admin user or the DNS servers, assuming they are owned by your client.

Keep in mind many WHOIS services take measures against automated tools purposed to harvest emails. They might redact email addresses, for instance. Also, many registrants subscribe to privacy services to keep their information private.