Dig Dug DNS Server Enumeration

 

 

Dig Dug DNS Server Enumeration

Turns out this machine is a DNS server - it's time to get your shovels out


Oooh, turns out, this 10.10.5.208 machine is also a DNS server! If we could dig into it, I am sure we could find some interesting records! But... it seems weird, this only responds to a special type of request for a givemetheflag.com domain?
 

Use some common DNS enumeration tools installed on the AttackBox to get the DNS server on 10.10.5.208 to respond with the flag.

Click on the link below -

DNS in detail

Dig in Networking 

WHOIS in Networking 

CEHv10 DNS

 
Passive Reconnaissance
DNS Manipulation

 

First, it is worth checking what ports are open on the machine. but we will jump into directly dns enumeration. If you wanna dns enumeration with dnspython then you can do it but first we will dns tool in linux after that we will make a DNS tool with the help of python programming language.

Dig

Dig is a versatile DNS lookup utility that can query domain name server records. Using Dig, we can get the flag by specifying the name server (target host’s address), the domain name, and A at the end to establish we are looking for the A record.


When you visit a website in your web browser this all happens automatically, but we can also do it manually with a tool called dig . Like ping and traceroute, dig should be installed automatically on Linux systems.


Dig allows us to manually query recursive DNS servers of our choice for information about domains:
dig <domain> @<dns-server-ip>

It is a very useful tool for network troubleshooting.


 

 

 

dig @10.10.5.208 givemetheflag.com A 

 

 

 

 

nslookup

nslookup is another tool excellent for query domain name servers. Using the target host IP as the DNS server, we can query the A record to get the flag.


 

 

 

 

  
  ┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ nslookup -type=A givemetheflag.com 10.10.5.208                                                                                                                  1 ⨯
Server:         10.10.5.208
Address:        10.10.5.208#53

givemetheflag.com       text = "flag{0767ccd06e79853318f25aeb08ff83e2}"

                                                                                                                                                                        
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ 
  

 

 

DNS in python 

dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0.

dnspython provides both high and low level access to DNS. The high level classes perform queries for data of a given name, type, and class, and return an answer set. The low level classes allow direct manipulation of DNS zones, messages, names, and records.

 

 

 

┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ cat dns-find.py                                                                                                                                                 1 ⨯
#!/usr/bin/python
#import dnspython as dns
import dns
#import dns.resolver
from dns import resolver

#result = dns.resovler.query('hackingtruth.org', 'A')

result = dns.resolver.resolve('google.com', 'A')
for ipval in result:
    print('IP', ipval.to_text())
                                                                                                                                                                        
┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ 

 

 

 

 

 

Disclaimer

 

All tutorials are for informational and educational purposes only and have been made using our own routers, servers, websites and other vulnerable free resources. we do not contain any illegal activity. We believe that ethical hacking, information security and cyber security should be familiar subjects to anyone using digital information and computers. Hacking Truth is against misuse of the information and we strongly suggest against it. Please regard the word hacking as ethical hacking or penetration testing every time this word is used. We do not promote, encourage, support or excite any illegal activity or hacking.