🤯
Hacker Mind
  • Penetration Testing Notes
    • 00 - Kali Linux Preparation
    • Page 1
    • Web Application (80/443)
      • XSS
      • LFI / Path Traversal
      • Wordpress
    • SMB (445)
    • LDAP
    • MSRPC (135)
    • MSSQL
    • Kerberos (88/tcp)
    • DNS (53)
    • IPv6
    • Import Nessus to Metasploit
  • STUCK? Look at this :D
  • Buffer Overflow
    • WinDbg
    • BoF Script Python
  • Active Directory Recon
    • Username Generation
    • PowerView
    • BloodHound
    • Flooding Attack
  • Payload
    • Sendemail
    • Phishing Payload
    • Bypass All The Things
      • AppLocker
      • MSBuild Shell
      • C# Runner
      • Payload Mod
      • Powershell
      • Bypass AV Linux
        • C Runner
  • Exploit
    • Brute Force
    • File Upload
    • Cracking
    • Shell & Stabilization
    • Database
    • MSSQL Injection
  • Tradecraft
    • Invoke-ReflectivePEInjection
  • Metasploit
    • Meterpreter Tricks
  • Privilege Escalation
    • Lateral Movement
    • Linux
    • Windows
  • Post Exploit
    • Active Directory
      • Kerberos
      • ACLs/ACEs
      • DCSync
      • Golden Ticket with krbtgt
      • LAPS
      • Page
      • Impersonate Token
    • Pivoting
      • Pivot in a Case
    • Transfer File
    • Exfiltration
    • Persistence
  • WiFi Pentesting
    • WPA-PSK
    • WPA-E (hostapd)
    • Attack WEP
    • Evil Twin - Wi-Fi
    • WPA3 Downgrade
  • Hardware Hacking
    • Information Gathering
  • Practice & Lab
Powered by GitBook
On this page
  • Dig
  • Lookup Domain
  • DNS Recon
  1. Penetration Testing Notes

DNS (53)

PreviousKerberos (88/tcp)NextIPv6

Last updated 1 year ago

Dig

dig axfr <domain> @<ip address>

AXFR (Full Zone Transfer) is a type of DNS zone transfer that replicates the entire DNS zone from the master server to the slave server. This is done when the slave server is being set up or when the master server has been updated with new DNS resource records.

dig axfr realcorp.htb @10.10.10.224

Lookup Domain

If there is port 53 and we found another subdomain, check the IP of the other domain, sometimes they are different IP address.

check subdomain with this:

nslookup

> server 10.10.10.224
> ns.realcorp.htb

DNS Recon

Requirement:

  1. IP Address

  2. Range Target

dnsrecon -r <range> -n <ip with port 53> -d random

dnsrecon -r 10.197.251.0/24 -n 10.10.10.224 -d random
Web Application (80/443) | Hacker Mind
result
Logo