Andris Atteka's Blog: November 2013

Saturday, November 30, 2013

Scanning for Google's Active Directory computer names

If you remember ad.corp.google.com from the previous post, maybe you are wondering whether it stands for "Active Directory"? Looks like it does. So here's another list - apparently composed of Active Directory computer names. The list was obtained by sending e-mails to e.g. test@jfarrell1-w.ad.corp.google.com through Gmail.

bbudge1-w.ad.corp.google.com	172.22.71.111
rubin1-w.ad.corp.google.com	172.26.217.98
jfarrell1-w.ad.corp.google.com	100.100.63.199
dario1-w.ad.corp.google.com	172.22.114.234
munjal1-w.ad.corp.google.com	172.23.165.169
bedlam.ad.corp.google.com	172.25.100.6
gene1-w.ad.corp.google.com	172.22.79.134
trade1-w.ad.corp.google.com	172.22.215.182
boss1-w.ad.corp.google.com	172.17.83.209, 172.19.68.53
edgar1-w.ad.corp.google.com	172.19.150.252
phoenix1-w.ad.corp.google.com	172.27.145.248
gilberto1-w.ad.corp.google.com	172.22.118.175, 172.19.54.117
deven1-w.ad.corp.google.com	172.19.16.16
luciano1-w.ad.corp.google.com	172.23.72.189
kieran1-w.ad.corp.google.com	172.19.66.67
jar1-w.ad.corp.google.com	172.22.71.95
mix1-w.ad.corp.google.com	172.17.115.199
angelo1-w.ad.corp.google.com	172.28.114.91
khalid1-w.ad.corp.google.com	172.26.231.132
freddy1-w.ad.corp.google.com	172.29.164.22
brewer1-w.ad.corp.google.com	172.19.45.123
philip1-w.ad.corp.google.com	172.16.61.165
rgupta1-w.ad.corp.google.com	172.19.37.40

Judging by the names it looks like these machines are workstations used by Google employees.

Monday, November 25, 2013

Scanning for Google's internal corporate subdomains - part 2

And here are some more domain names:

hulk.corp.google.com	172.26.191.134
coffee.corp.google.com	172.22.66.19
flip.corp.google.com	172.22.95.138
pizza.corp.google.com	100.104.4.37
pond.corp.google.com	172.22.118.28
welcome.corp.google.com	172.24.172.92
nonprofit.corp.google.com	172.22.115.13
ship.corp.google.com	172.22.108.124
lens.corp.google.com	172.17.94.141
miracle.corp.google.com	172.22.122.67
jet.corp.google.com	172.29.86.122
unity.corp.google.com	172.24.206.3
twist.corp.google.com	100.104.42.23
uncertainty.corp.google.com	172.22.108.157
seal.corp.google.com	172.24.8.84
jeans.corp.google.com	172.22.72.81
bolt.corp.google.com	172.22.98.178
bow.corp.google.com	172.22.112.36
sunny.corp.google.com	172.27.82.125
shark.corp.google.com	172.28.149.4
buddy.corp.google.com	172.22.115.127
peanut.corp.google.com	172.22.102.44
rain.corp.google.com	172.27.80.52
pile.corp.google.com	172.17.133.81
twist.corp.google.com	100.104.42.23
bull.corp.google.com	172.22.103.54
sheep.corp.google.com	172.27.86.154
hurricane.corp.google.com	172.18.84.167
robot.corp.google.com	172.22.115.107
brain.corp.google.com	172.17.90.153
search.corp.google.com	172.16.255.28
cut.corp.google.com	172.24.8.65
hero.corp.google.com	172.18.172.24
river.corp.google.com	172.27.84.63
ear.corp.google.com	172.18.117.91
engage.corp.google.com	172.25.121.235
gift.corp.google.com	172.31.70.65
sugar.corp.google.com	172.22.97.53
analyst.corp.google.com	172.27.196.24
jury.corp.google.com	172.24.184.119
pocket.corp.google.com	172.26.64.54
earth.corp.google.com	172.27.22.33
bear.corp.google.com	172.22.64.65
cash.corp.google.com	172.18.82.80
predict.corp.google.com	172.22.115.33
brown.corp.google.com	172.18.117.56
ad.corp.google.com	[2620:0:10c0:115b:d6ae:52ff:fe72:375b], [2620:0:10c1:1130:862b:2bff:fe01:bb49], [2620:0:10c1:1130:862b:2bff:fe01:b86a], [2620:0:10c0:1157:7a2b:cbff:fe40:8b45], [2620:0:10c8:111f:7a2b:cbff:fe22:ac0a], [2620:0:10cc:1109:7a2b:cbff:fe1e:a39c], [2620:0:10c0:1155:7a2b:cbff:fe40:9863], [2620:0:10cc:1109:7a2b:cbff:fe1e:b48c], [2620:0:10c1:1130:862b:2bff:fe01:b710], [2620:0:10c8:1120:7a2b:cbff:fe51:4505] 172.25.118.210 172.24.204.11, 172.25.119.213, 172.25.118.69, 172.24.156.19, 172.24.204.12, 172.16.255.204, 172.25.152.139, 172.24.156.20, 172.25.152.208, 172.24.204.10
anywhere.corp.google.com	172.22.123.28
forth.corp.google.com	172.18.117.154
secret.corp.google.com	172.22.113.69
shade.corp.google.com	172.22.122.96
element.corp.google.com	172.22.116.103
spot.corp.google.com	172.18.219.36
prompt.corp.google.com	172.28.12.24
sun.corp.google.com	172.18.92.133
quit.corp.google.com	127.0.0.1
ice.corp.google.com	172.17.90.17
silent.corp.google.com	172.22.117.137
creative.corp.google.com	172.24.194.41
rocket.corp.google.com	100.104.26.42
perfect.corp.google.com	100.104.7.16
lady.corp.google.com	172.28.15.15
chip.corp.google.com	172.22.114.129
green.corp.google.com	[2620:0:1000:3803:a800:1ff:fe00:4e9b], 172.24.98.22
iron.corp.google.com	172.22.98.108
king.corp.google.com	[::ffff:172.16.255.48], 172.16.255.48
visible.corp.google.com	172.22.114.89
crack.corp.google.com	172.22.124.73
galaxy.corp.google.com	172.18.82.132
sand.corp.google.com	172.22.109.255
knife.corp.google.com	172.18.121.170
pole.corp.google.com	172.25.67.53
free.corp.google.com	172.18.104.61
shell.corp.google.com	192.168.132.163
tomato.corp.google.com	172.22.64.67
spot.corp.google.com	172.18.219.36
evolution.corp.google.com	172.22.124.99
hudson.corp.google.com	172.18.56.49

Friday, November 22, 2013

Scanning for Google's internal corporate subdomains

For some reason Gmail appears to use an internal DNS server. This allows to verify existence and even resolve the IP addresses of Google's internal corporate domain names. For example, if you send an e-mail to test@root.corp.google.com you will receive an error response:

So apparently there's a server located at root.corp.google.com and its ip address is 172.16.115.10.
Here's a list of some of these domain names (of course it's not comprehensive).
Some companies:

yahoo.corp.google.com	172.31.9.1
oracle.corp.google.com	172.25.116.205
microsoft.corp.google.com	172.31.9.1
myspace.corp.google.com	172.25.121.235
bebo.corp.google.com	172.17.90.16
makani.corp.google.com	172.27.145.31
splunk.corp.google.com	172.25.117.23
netapp.corp.google.com	[::ffff:172.16.255.48], 172.16.255.48
tableau.corp.google.com	172.25.100.77
fireeye.corp.google.com	172.24.0.7

Google's corporate structure:

marketing.corp.google.com

172.18.77.12

And a lot of other words:

male.corp.google.com	172.25.208.116
offer.corp.google.com	172.25.121.53
girl.corp.google.com	172.22.73.34
computer.corp.google.com	172.26.77.190
fail.corp.google.com	172.25.121.235
fear.corp.google.com	172.17.80.52
death.corp.google.com	172.17.81.204
ash.corp.google.com	172.22.64.63
dust.corp.google.com	172.25.129.187
spirit.corp.google.com	172.17.90.106
policy.corp.google.com	172.24.184.119
nothing.corp.google.com	172.22.122.136
gypsy.corp.google.com	172.18.76.135
boot.corp.google.com	172.18.84.202
root.corp.google.com	172.16.115.10
surveys.corp.google.com	70.32.156.24
license.corp.google.com	172.24.98.14
humor.corp.google.com	172.22.115.121
peregrine.corp.google.com	172.18.116.84
rda.corp.google.com	172.17.90.30
sierra.corp.google.com	172.18.125.44
lattice.corp.google.com	172.22.116.27
manhattan.corp.google.com	172.18.135.203
research.corp.google.com	172.22.132.245
discovery.corp.google.com	172.22.96.46
concepts.corp.google.com	172.24.0.202
invent.corp.google.com	172.17.81.164
effort.corp.google.com	172.25.66.67
free.corp.google.com	172.18.104.61
kick.corp.google.com	172.22.133.156
air.corp.google.com	216.239.44.190
never.corp.google.com	172.22.102.87
event.corp.google.com	172.25.138.70
you.corp.google.com	172.17.132.179
aqualung.corp.google.com	172.22.118.62