DNS

• viewing dns records

  • dig soa www.inlanefreight.com

• zone files

  • cat /etc/bind/db.domain.com

• Reverse Name Resolution Zone Files

  • cat /etc/bind/db.10.129.14

• Dangerous Settings

  • allow-query

  • allow-recursion

  • allow-transfer

  • zone-statistics

• Footprinting the Service

• DIG - NS Query

  dig ns inlanefreight.htb @10.129.14.128
  

• DIG - Version Query

  • dig CH TXT version.bind 10.129.120.85

• DIG - ANY Query (view all available records)

  • dig any inlanefreight.htb @10.129.14.128

• DIG - AXFR Zone Transfer

  • dig axfr inlanefreight.htb @10.129.14.128

• DIG - AXFR Zone Transfer - Internal

  • dig axfr internal.inlanefreight.htb @10.129.14.128

Subdomain Brute Forcing

for sub in $(cat /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

dnsenum --dnsserver 10.129.14.128 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt inlanefreight.htb