DNS

viewing dns records
- dig soa www.inlanefreight.com
zone files
- cat /etc/bind/db.domain.com
Reverse Name Resolution Zone Files
- cat /etc/bind/db.10.129.14
Dangerous Settings
- allow-query
- allow-recursion
- allow-transfer
- zone-statistics
Footprinting the Service

DIG - NS Query

dig ns inlanefreight.htb @10.129.14.128

DIG - Version Query
- dig CH TXT version.bind 10.129.120.85
DIG - ANY Query (view all available records)
- dig any inlanefreight.htb @10.129.14.128

DIG - AXFR Zone Transfer

dig axfr inlanefreight.htb @10.129.14.128

DIG - AXFR Zone Transfer - Internal

dig axfr internal.inlanefreight.htb @10.129.14.128

Subdomain Brute Forcing

for sub in $(cat /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

dnsenum --dnsserver 10.129.14.128 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt inlanefreight.htb

PreviousNFS NextVulnerability Searching

Last updated 6 months ago

Dangerous Settings

Footprinting the Service