Hello friends... This is out 100th article today. And we are excited to get response from all of you. Just before starting to study this topic, I would like to inform you that all the articles from now onward will be most important in hacking. Because this is the point at which real hacking starts. The previous articles might not seem much interesting to all but they were important for the "n00bs". A reason why this site will be the best in future - We post everything. Everything at one place - sooner or later this will become number one site to study hacking.
Now, related to this article... Basically, everything from now on will be related to hacking and IP address and concepts of network and domains in main. So, I suggest you to read the articles on IP address, domains and networking first. This is basically important as you know - A server is hacked by its IP address and an attacker is also tracked by using a unsecured network and IP address.
What is Whois?
Whois, as the name implies, is a protocol granting users access to
the massive database of registered owners of an internet resource such
as an autonomous system, an IP block, and a domain name, among others.
In other words, it is a query and response protocol that lets users find
out ‘who is’ the registered owner of a domain by simply typing the
exact domain name.
The protocol, in return, will deliver the response in
a format that is readable to the human. A more detailed specification
of the Whois protocol can be found in RFC 3912. Here are a few reasons why people are conducting a Whois
search:
- Domain buying and trading
- Check domain expiration
- Find out domain owner identity
- Find out location and address of the owner
- Marketing purposes
Based on the above usage, the importance of a Whois search is clear. But why is Whois important to Hackers? And how is it important? These are the two questions which will be answered here...
How to perform a Whois Lookup?
To understand the importance of Whois in hacking, we will study an example of whois lookup. And to study the example, you need to know about how to perform whois lookup.
Doing a Whois lookup is very simple and quick. There are only a few
easy steps to make, and the results will be instantly shown in a few
seconds. The procedures are as follows:
- Visit https://whois.net
- Enter the domain name your want to lookup in the search box
- Hit the ‘GO’ button
The results will immediately show up in the next few seconds,
depending on your internet speed. Other websites can also be used for Whois Lookup. My personal favourite is - https://www.whois.com/whois/
Below is the information obtained by whois lookup of the domain "gtu.ac.in".
Domain Information
Domain: gtu.ac.in
Registrar: ERNET India (R9-AFIN)
Registration Date: 2008-07-15
Expiration Date: 2026-07-15
Updated Date: 2017-01-27
Status: ok
Name Servers:
ns-602.awsdns-11.net
ns-355.awsdns-44.com
ns-1775.awsdns-29.co.uk
ns-1501.awsdns-59.org
Registrant Contact
Name: gujarat technological university
Organization: gujarat technological university
Street: JACPC building l d college of engineering campus
City: ahmedabad
Postal Code: 380015
Country: IN
Phone: +91.9909980005
Email: registrar@gtu.ac.in
Administrative Contact
Name: n n bhuptani
Organization: gujarat technological university
Street: JACPC building l d college of engineering campus
City: ahmedabad
Postal Code: 380015
Country: IN
Phone: +91.9909980005
Email: registrar@gtu.ac.in
Technical Contact
Name: Harshad Borisa
Organization: gujarat technological university
Street: Gujarat Technological University JACPC building L. D. college of engineering campus
City: ahmedabad
State: Gujrat
Postal Code: 380015
Country: IN
Phone: +91.7926301500
Email: rupendra@gtu.edu.in
Domain: gtu.ac.in
Registrar: ERNET India (R9-AFIN)
Registration Date: 2008-07-15
Expiration Date: 2026-07-15
Updated Date: 2017-01-27
Status: ok
Name Servers:
ns-602.awsdns-11.net
ns-355.awsdns-44.com
ns-1775.awsdns-29.co.uk
ns-1501.awsdns-59.org
Registrant Contact
Name: gujarat technological university
Organization: gujarat technological university
Street: JACPC building l d college of engineering campus
City: ahmedabad
Postal Code: 380015
Country: IN
Phone: +91.9909980005
Email: registrar@gtu.ac.in
Administrative Contact
Name: n n bhuptani
Organization: gujarat technological university
Street: JACPC building l d college of engineering campus
City: ahmedabad
Postal Code: 380015
Country: IN
Phone: +91.9909980005
Email: registrar@gtu.ac.in
Technical Contact
Name: Harshad Borisa
Organization: gujarat technological university
Street: Gujarat Technological University JACPC building L. D. college of engineering campus
City: ahmedabad
State: Gujrat
Postal Code: 380015
Country: IN
Phone: +91.7926301500
Email: rupendra@gtu.edu.in
As you can clearly see, whois lookup provides us with the details such as:
- Domain expiry date
- Email address of owner
- Mobile number of owner
- Address of owner
- IP address or IP block
- And much more...
Based on this information, the importance of whois is determined. Take note that the registrant’s
details may vary based on the Top Level Domain, or TLD. Some TLDs will
not show all information of the registrant, while others will not show
any detail at all. Also, the owners’ information may
be concealed if they are subscribed to the domain privacy, and the
domain registrar’s information and contact details will be shown,
instead.
Importance of Whois Lookup
Whois lookup is useful in many ways depending on the motive of the person performing lookup. There are various things to be applied on whois lookup but the two of them which are mostly used are listed below...
- If you are defender, it can help you in tracking down the attacker - You can perform whois lookup on the attacker's IP address and find out the ISP and the location of the ISP which provided IP address to the attacker. Then contact the ISP to reveal other details.
- If you are on the attacking side, it helps you finding targets to attack - Based on the information available, you can contact the owner and try some social engineering tricks on him/her.
Being able to identify the owner of a domain is one advantage that
benefits many users. However, there is also a major disadvantage that
comes with it, which is lack of privacy on the part of the domain owner
since their identities are made public. Prior to the domain
registration, user are required to reveal their full name, address, and
contact details such as email address and phone numbers. This is in
compliance to the stipulations of Internet Corporation for Assigned
Names and Numbers or ICANN, mandating that the registrants’ details be
made publicly available through the Whois directories. This provides an
entry point for spammers and marketers to grab email addresses and phone
numbers for their marketing and spamming activities.
Due to the massive criticism on lack of privacy, most domain
registrants like GoDaddy and Hostgator are now offering domain privacy
that provides privacy to the owners by concealing some details of their
personal information. In this case, the contact information of the
registrar is displayed instead of the domain owner. But such feature is
available at a premium price.
The above article provides the complete information about Whois Lookup. If you still don't understand how to use it, comment below your queries. If you still don't understand where to use it, then wait for it.
Remember - Hacking is not performed using a single trick or tool. One needs to combine the power of everything he/she has to perform hacking. And you are learning a small part of it to develop your powers. Learn everything separately and combine them at a time.
