Report Q3

a)

https://crt.sh/?q=iiitd.edu.in

The above link is crt.sh. In which I input iiitd.edu.in to obtain the following 5 subdomains:

1. weave.iiitd.edu.in
2. webs.iiitd.edu.in
3. fh.iiitd.edu.in
4. kracr.iiitd.edu.in
5. visiontoli.iiitd.edu.in

The following are their respective IP addresses I found using the nslookup command on
terminal:

Using dnsdumpster ( https://dnsdumpster.com/ ), I found the respective subdomains and their

private IP addresses:
1. v2vworkshop2021.iiitd.edu.in : 192.168.1.27
2. ns1.iiitd.edu.in : 192.168.1.11
3. icdcn2022.iiitd.edu.in : 192.168.1.27
4. lcs2.iiitd.edu.in : 192.168.1.27
5. bda2014.iiitd.edu.in: 192.168.1.27
b)
Obtaining the private IP addresses of subdomains and the subdomains itself was a difficult task.
As I had to use nslookup separately for every subdomain I got from crt.sh and dnsdumpster to
get the private IP addresses. This took a lot of effort for every subdomain. By choosing a
subdomain from a list to replace the domain name in the command, this procedure may be
automated to extract private IP addresses.

c)
If an attacker was able to get the private IP address of any of these subdomains, there would be
several security repercussions. Among the potential security issues are:
1. IP spoofing: The attacker will be able to construct IP packets and swap out the public IP
address for the subdomain's private one.
2. An attacker can impersonate the subdomain using the private IP address to carry out
other malicious tasks like data theft, malware injection, or even server crash by flooding
it with fake IP packets and requests.