Sabtu, 05 Mei 2012

DNS Enumeration

Today I will show you how to enumerate DNS using various tools. These freely downloadable from Internet. Every Penetration testers know that By Enumerating DNS it is possible to get some important public (May be sometime Private information too) information such as Server name, Server IP address, Sub-domain etc. Anyway, Lets use some tools.

Tool-1 : dnsenum.pl

Download here: http://code.google.com/p/dnsenum/downloads/detail?name=dnsenum-1.2.2.tar.gz&can=2&q= 



1.
Simply open terminal and cd to the dnspath(cd /pentest/enumeration/dns/dnsenum) . If you enter this simple command "./dnsenum.pl" then you will get all options to be use:


So simply we can use this command to enumerate : ./dnsenum.pl target.com.
I was run against google just to take a screenshot :
Screen shot2:





dnsenum outputted some valuable information. But in last it said "brute force file not specified, bay." This mean that it can take a wordlist for brute forcing the all sub-domain.

So you just need to do : root@pentest: ./dnsenum.pl -f /your/path/of/dictionary.lst target.com

Just read the output of any tools and try to understand. You will see that you fixed any simple program yourself . Actually learning to use tools you don't need any teacher.

Another tool : fierce.pl
Simply run
root@pentest: fierce.pl -dns target.net
This tool also capable for taking wordlist for brute forcing :
root@pentest: ./fierce.pl -dns target.net -wordlist /path/word.txt

You can also use nslookup:


rbage@pentest:~$ nslookup
> google.com
Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
Name:   google.com
Address: 74.125.235.17
Name:   google.com
Address: 74.125.235.19
Name:   google.com
Address: 74.125.235.20
Name:   google.com
Address: 74.125.235.16
Name:   google.com
Address: 74.125.235.18
> set type=mx
> google.com
Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
google.com      mail exchanger = 50 alt4.aspmx.l.google.com.
google.com      mail exchanger = 40 alt3.aspmx.l.google.com.
google.com      mail exchanger = 30 alt2.aspmx.l.google.com.
google.com      mail exchanger = 20 alt1.aspmx.l.google.com.
google.com      mail exchanger = 10 aspmx.l.google.com.

Authoritative answers can be found from:
> set type=ns
> google.com
Server:         192.168.1.1
Address:        192.168.1.1#53

Non-authoritative answer:
google.com      nameserver = ns4.google.com.
google.com      nameserver = ns1.google.com.
google.com      nameserver = ns2.google.com.
google.com      nameserver = ns3.google.com.

Authoritative answers can be found from:
>

There are many tools for enumerating dns:
dnswalk : http://sourceforge.net/projects/dnswalk/
host: It is built in with Linux
dnsmap: http://code.google.com/p/dnsmap/
 etc.

Try them....
Diposting oleh di

Tidak ada komentar:

Posting Komentar

Langganan: Posting Komentar (Atom)