53-DNS

https://dnsdumpster.com/dnsdumpster.com
to do DNS recon

sublister Tool

ubfinder Tool

Default records: [A\AAAA\MX\NS\TXT\CNAME\PTR\SOA]

look at the zone files

  • /etc/bind9

  • named.conf.local

  • named.conf.options

  • named.conf.log

dig

dig @10.13.37.10 -x 10.13.37.10
dig soa www.inlanefreight.com

dig ns inlanefreight.htb @10.129.14.128

dig CH TXT version.bind 10.129.120.85

dig any inlanefreight.htb @10.129.14.128

dig AXFR inlanefreight.htb @10.129.14.128

Fierce

fierce --domain zonetransfer.me

Subdomain Brute Forcing

just change the record

for sub in $(cat /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt);do dig $sub.inlanefreight.htb @10.129.14.128 | grep -v ';\|SOA' | sed -r '/^\s*$/d' | grep $sub | tee -a subdomains.txt;done

DNSenum

dnsenum --dnsserver 10.129.14.128 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/SecLists/Discovery/DNS/subdomains-top1million-110000.txt inlanefreight.htb
Previous2049-NFSNext587-SMTP

Last updated