DNS (53)

Dig

dig axfr <domain> @<ip address>

AXFR (Full Zone Transfer) is a type of DNS zone transfer that replicates the entire DNS zone from the master server to the slave server. This is done when the slave server is being set up or when the master server has been updated with new DNS resource records.

dig axfr realcorp.htb @10.10.10.224

Lookup Domain

If there is port 53 and we found another subdomain, check the IP of the other domain, sometimes they are different IP address.

check subdomain with this:

nslookup

> server 10.10.10.224
> ns.realcorp.htb

DNS Recon

Requirement:

IP Address
Range Target

dnsrecon -r <range> -n <ip with port 53> -d random

dnsrecon -r 10.197.251.0/24 -n 10.10.10.224 -d random

PreviousKerberos (88/tcp)NextIPv6

Last updated 10 months ago