Port Enumeration – 53/DNS

dig:
dig version.bind CHAOS TXT @DNS

Looking for nameservers

nslookup:
kali@kali$ nslookup
> SERVER (to change the nameserver to the machine's dns port)
> 127.0.0.1 (localhost's DNS server)
>
> (if known)

dnsrecon:
dnsercon -r 127.0.0.0/24 or 127.0.1.0/24 or 10.10.10.0/24-n (specifying the name server)

DNS zone transfer

dig:
dig axfr @ (dns server)
dig axfr @

DNS zone transfer will give you extra subdomains of the machine/server.

Add nameserver to /etc/resolv.conf as we have dns, the nameserver will map out the subdomains automatically after being added to resolv.conf file.

nmap scripts for vulns:

nmap:
nmap -n --script "(default and dns) or fcrdns or dns-srv-enum or dns-random-txid or dns-random-srcport"

Total
0
Shares
Share 0
Tweet 0
Pin it 0
Share 0