DNS Zone Transfer – Network Enumeration

Hi Testers,

Adding some information about DNS Zone Transfer,
We all are working on Gathering DNS information – It may help us to have confidential information – isn’t it ?

Here is the one small command (tool) that everyone have an idea, named as Dig (Source link – http://en.wikipedia.org/wiki/Dig_%28command%29%29

With proper understanding of any tools and proper timing of use – You can save your various time and implement various things on VAPT topic.
(May be command of Dig is known for experts but this information is for beginners only)

Command 1: dig http://www.target.com (hopefully show you Target Real IP address)

Command 2: dig http://www.target.com MX
(Can you find real IP range of your Target Network ? even you can conclude about webserver’s own mail functionality ?)

Command 3: dig http://www.target.com MX +noall +answer
Command 4: dig http://www.target.com MX +short

Through dig you can get, Exchange Records (MX), nameservers(NS), address records (A), PTR records (PTR), ixfr serial number to transfer DNS Zone Wink etc etc..

I hope you can try various dig command and understand the initial step of Testing.

(May be you are thinking that there are various automated tools provide auto report about DNS then why to use dig command or manual testing ?)

May be right question in your mind – but have you worked on manual testing before ? and how much accurate information you got ?. we can use automated tools to perform respective action but remember that tools are working on defined task/procedure, you have to configure it manually according to your requirement.

AXFR and IXFR:

Command x: dig http://www.target.com AXFR
Command y: dig http://www.target.com IXFR (IXFR is incremental zone transfer)

DNS Brute Force:
Here is the perl script that help to work on DNS brute-Force

Source Link: http://packetstormsecurity.com/files/24865/blindcrawl.pl.html

Command z: perl blindcrawl.pl -d http://www.target.com

Even Google(gxfr.py) help you lot to know the information about DNS

Fierce is the tool that help you to do DNS zone transfer –

follow the link,

http://securitytube-tools.net/index.php?title=Fierce
http://ha.ckers.org/fierce/
http://vimeo.com/6807644

Feel Free to reply back Smile

 

Advertisements