53 - DNS
Zone Transfer
$ dig axfr @<DNS_IP> #Try zone transfer without domain
$ dig axfr @<DNS_IP> <DOMAIN> #Try zone transfer guessing the domain
$ host -t axfr trick.htb 10.129.37.48
$ nslookup -query=AXFR domain.com 127.0.0.1
$ dnsrecon -d active.htb -a -n <IP_DNS>
$ fierce --domain <DOMAIN> --dns-servers <DNS_IP> #Will try toperform a zone transfer against every authoritative name server and if this doesn't work, will launch a dictionary attack
Reverse lookup
$ nslookup <IP address>
$ dig -x 8.8.8.8
[... snip ...]
8.8.8.8.in-addr.arpa. 300 IN PTR dns.google.
$ host 8.8.8.8
8.8.8.8.in-addr.arpa domain name pointer dns.google.
Interesting Files
host.conf
/etc/resolv.conf
/etc/bind/named.conf
/etc/bind/named.conf.local
/etc/bind/named.conf.options
/etc/bind/named.conf.log
/etc/bind/*
Last updated