Dig Dug DNS Server Enumeration
Turns out this machine is a DNS server - it's time to get your shovels out
Oooh, turns out, this 10.10.5.208 machine is also a DNS server! If we could dig into it, I am sure we could find some interesting records! But... it seems weird, this only responds to a special type of request for a givemetheflag.com domain?
Use some common DNS enumeration tools installed on the AttackBox to get the DNS server on 10.10.5.208 to respond with the flag.
Click on the link below -
Passive Reconnaissance
DNS Manipulation
First, it is worth checking what ports are open on the machine. but we will jump into directly dns enumeration. If you wanna dns enumeration with dnspython then you can do it but first we will dns tool in linux after that we will make a DNS tool with the help of python programming language.
Dig
Dig is a versatile DNS lookup utility that can query domain name server records. Using Dig, we can get the flag by specifying the name server (target host’s address), the domain name, and A at the end to establish we are looking for the A record.
When you visit a website in your web browser this all happens automatically, but we can also do it manually with a tool called dig . Like ping and traceroute, dig should be installed automatically on Linux systems.
Dig allows us to manually query recursive DNS servers of our choice for information about domains:
dig <domain> @<dns-server-ip>
It is a very useful tool for network troubleshooting.
dig @10.10.5.208 givemetheflag.com A
nslookup
nslookup is another tool excellent for query domain name servers. Using the target host IP as the DNS server, we can query the A record to get the flag.
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ nslookup -type=A givemetheflag.com 10.10.5.208 1 ⨯
Server: 10.10.5.208
Address: 10.10.5.208#53
givemetheflag.com text = "flag{0767ccd06e79853318f25aeb08ff83e2}"
┌──(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$
DNS in python
dnspython is a DNS toolkit for Python. It supports almost all record types. It can be used for queries, zone transfers, and dynamic updates. It supports TSIG authenticated messages and EDNS0.
dnspython provides both high and low level access to DNS. The high level classes perform queries for data of a given name, type, and class, and return an answer set. The low level classes allow direct manipulation of DNS zones, messages, names, and records.
┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$ cat dns-find.py 1 ⨯
#!/usr/bin/python
#import dnspython as dns
import dns
#import dns.resolver
from dns import resolver
#result = dns.resovler.query('hackingtruth.org', 'A')
result = dns.resolver.resolve('google.com', 'A')
for ipval in result:
print('IP', ipval.to_text())
┌──(test)─(hackerboy㉿KumarAtulJaiswal)-[~/Desktop/python]
└─$
