Dig Dug DNS Server Enumeration
Turns out this machine is a DNS server - it's time to get your shovels
out
Oooh, turns out, this 10.10.5.208 machine
is also a DNS server! If we could dig into it, I am sure we could find some
interesting records! But... it seems weird, this only responds to a special
type of request for a
givemetheflag.com domain?
Use some common
DNS enumeration tools installed on the AttackBox to get the DNS server on
10.10.5.208 to respond with the flag.
Click on the link below -
Passive Reconnaissance
DNS Manipulation
First, it is worth checking what ports are open on the machine. but we will
jump into directly dns enumeration. If you wanna dns enumeration with dnspython then you can do
it but first we will dns tool in linux after that we will make a
DNS tool with the help of python programming language.
Dig
Dig is a versatile DNS lookup utility that can query
domain name server records. Using Dig, we can get the flag by specifying the
name server (target host’s address), the domain name, and A at the end to
establish we are looking for the A record.
When you visit a
website in your web browser this all happens automatically, but we can also do
it manually with a tool called dig . Like ping and traceroute, dig should be
installed automatically on Linux systems.
Dig allows us to
manually query recursive DNS servers of our choice for information about
domains:
dig <domain> @<dns-server-ip>
It is a
very useful tool for network troubleshooting.
dig @10.10.5.208 givemetheflag.com A
nslookup
nslookup is another tool excellent for query domain name
servers. Using the target host IP as the DNS server, we can query the A record
to get the flag.
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python] └─$ nslookup -type=A givemetheflag.com 10.10.5.208 1 ⨯ Server: 10.10.5.208 Address: 10.10.5.208#53 givemetheflag.com text = "flag{0767ccd06e79853318f25aeb08ff83e2}" ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python] └─$
DNS in python
dnspython is a DNS toolkit for Python. It supports almost all
record types. It can be used for queries, zone transfers, and dynamic updates.
It supports TSIG authenticated messages and EDNS0.
dnspython
provides both high and low level access to DNS. The high level classes perform
queries for data of a given name, type, and class, and return an answer set.
The low level classes allow direct manipulation of DNS zones, messages, names,
and records.
┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python] └─$ cat dns-find.py 1 ⨯ #!/usr/bin/python #import dnspython as dns import dns #import dns.resolver from dns import resolver #result = dns.resovler.query('hackingtruth.org', 'A') result = dns.resolver.resolve('google.com', 'A') for ipval in result: print('IP', ipval.to_text()) ┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python] └─$
0 comments:
Post a Comment
For Any Tech Updates, Hacking News, Internet, Computer, Technology and related to IT Field Articles Follow Our Blog.