The next tool up for review in the DNS section of the Backtrack 4 menu is a short script called lbd.sh. This is a small shell script with only one purpose and that is to check whether a domain is using load balncing. A common host in front of a bank of Web servers may be a load-balancing device or a Web redirector, so this information can be good to know.
The usage is very simple:
- root@666:/pentest/enumeration/lbd# ./lbd.sh
- lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
- Written by Stefan Behte (http://ge.mine.nu)
- Proof-of-concept! Might give false positives.
- usage: ./lbd.sh [domain]
As you can see this is only a proof of concept so make sure you back up your findings with a second tool. This is excellent practice anyway when working on a penetration test. I never trust just one tool, I always like to get some back up data.
Lets run this on cnn.com since we have been using them for all the dns tutorials so far:
- root@666:/pentest/enumeration/lbd# ./lbd.sh cnn.com
- lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.
- Written by Stefan Behte (http://ge.mine.nu)
- Proof-of-concept! Might give false positives.
- Checking for DNS-Loadbalancing: FOUND
- cnn.com has address 157.166.255.19
- cnn.com has address 157.166.255.18
- cnn.com has address 157.166.226.26
- cnn.com has address 157.166.226.25
- cnn.com has address 157.166.224.26
- cnn.com has address 157.166.224.25
- Checking for HTTP-Loadbalancing [Server]:
- Apache
- NOT FOUND
- Checking for HTTP-Loadbalancing [Date]: 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:43, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:44, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:45, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:46, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:47, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:48, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:49, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, 13:45:50, NOT FOUND
- Checking for HTTP-Loadbalancing [Diff]: FOUND
- < Expires: Tue, 25 May 2010 13:46:42 GMT
- > Expires: Tue, 25 May 2010 13:46:43 GMT
- < Content-Length: 99979
- > Content-Length: 99806
- cnn.com does Load-balancing. Found via Methods: DNS HTTP[Diff]
As you can see the script has found load balancing to be active and has determined the information via two different methods. This is just one small piece of a jig saw puzzle when mapping out a network but a useful piece.
1 Comment