On Cyber War
TwitterGitHubLinkedIn
  • Welcome
  • Source Zero Con References
  • 1. Reconnaissance/ OSINT
    • Information gathering
    • OSINT tools
    • Search Engine OSINT
    • Sock puppets
  • 2. Scanning
    • Host discovery
    • Port Scanning with Nmap
    • Nmap Scripting Engine
  • 3. Enumeration
    • 21 - FTP
    • 22 - SSH
    • 25 - SMTP
    • 53 - DNS
    • 80/443 - HTTP(s)
    • 111 - NFS
    • 135 - RPC
    • 139/445 - NetBIOS/SMB
    • 161 (UDP) - SNMP
    • Wordpress
    • Finger (Solaris)
    • Active Directory
  • 4. Exploitation
    • Public exploits
    • Web application attacks
      • Command injection
      • Cross site scripting
      • Directory traversal
      • File inclusion
      • SQL injection
    • Password attacks
    • Buffer overflows
    • Active Directory
    • Metasploit
  • 5. Maintaining access
    • Upgrading simple shells
    • Reverse shells
    • MSFvenom
    • File transfers
    • Linux privilege escalation
    • Windows privilege escalation
    • Tunneling/Port Forwarding
  • 6. Miscellaneous
    • Connections
  • 7. Walkthroughs
    • HTB - Blunder
    • HTB - Haircut
    • THM -HackPark
Powered by GitBook
On this page
  • Enumeration
  • nslookup
  • dig
  • host
  • Automated tools
  1. 3. Enumeration

53 - DNS

Previous25 - SMTPNext80/443 - HTTP(s)

Last updated 2 years ago

Enumeration

Note: Many of the techniques accomplished below can also be accomplished using DNS repositories, such as

nslookup

nslookup $domain.com
nslookup $ipaddress (reverse lookup)

dig

Basic syntax: dig @<nameserver> somesite.com options
dig somesite.com -t any (all available records)
dig somesite.com -t mx (mx records only)
dig somesite.com -t axfr (zone transfer)
dig -x $ipaddress (reverse lookup)

host

Host www.somesite.com (web server)
Host -t ns somesite.com (nameservers)
Host -t mx somesite.com (mail servers)
host -l <domain name> <dns server address> (zone transfer)

Automated tools

DNSRECON

dnsrecon -d somesite.com -t axfr
dnsrecon -r CIDR (reverse DNS lookup of net block)
-d: used to specify domain name
-r: IP range for reverse lookup
-t: used to specify the type of enumeration
    Common types include:
    std - SOA, NS, A, AAAA, MX and SRV
    axfr - test all nameservers for zone transfer
    brt - brute force domains and hosts using a given dictionary

DNSenum

dnsenum $domain.com
DNSdumpster.com