DNS (53)

Dig

dig axfr <domain> @<ip address>

AXFR (Full Zone Transfer) is a type of DNS zone transfer that replicates the entire DNS zone from the master server to the slave server. This is done when the slave server is being set up or when the master server has been updated with new DNS resource records.

dig axfr realcorp.htb @10.10.10.224

Lookup Domain

If there is port 53 and we found another subdomain, check the IP of the other domain, sometimes they are different IP address.

check subdomain with this:

Web Application (80/443) | Hacker Mind

nslookup

> server 10.10.10.224
> ns.realcorp.htb

result

DNS Recon

Requirement:

1. IP Address

2. Range Target

dnsrecon -r <range> -n <ip with port 53> -d random

dnsrecon -r 10.197.251.0/24 -n 10.10.10.224 -d random