DNS

viewing dns records
- dig soa www.inlanefreight.com
zone files
- cat /etc/bind/db.domain.com
Reverse Name Resolution Zone Files
- cat /etc/bind/db.10.129.14
Dangerous Settings
- allow-query
- allow-recursion
- allow-transfer
- zone-statistics
Footprinting the Service

DIG - NS Query

dig ns inlanefreight.htb @10.129.14.128

DIG - Version Query
- dig CH TXT version.bind 10.129.120.85
DIG - ANY Query (view all available records)
- dig any inlanefreight.htb @10.129.14.128

DIG - AXFR Zone Transfer

dig axfr inlanefreight.htb @10.129.14.128

DIG - AXFR Zone Transfer - Internal

dig axfr internal.inlanefreight.htb @10.129.14.128

Subdomain Brute Forcing

for sub in $(cat /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

dnsenum --dnsserver 10.129.14.128 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/seclists/Discovery/DNS/subdomains-top1million-110000.txt inlanefreight.htb

CT Logs

CT Logs can be searched for using crt.sh and censys

crt.sh lookup

curl -s "https://crt.sh/?q=facebook.com&output=json" | jq -r '.[]
 | select(.name_value | contains("dev")) | .name_value' | sort -u

PreviousNFS NextSMTP

Last updated 7 months ago

hashtagDangerous Settings

hashtagFootprinting the Service

hashtagcrt.sh lookup

Dangerous Settings

Footprinting the Service

crt.sh lookup