Wednesday, 3 September 2014

Episode 4: DNSENUM




   Back|Track OS Tools Tutorials
                  Episode 4 
                 DNSENUM

Once again BackTrack presents us with yet another Powerful tool for DNS Querying and getting heaps of information on your target.
dnsenum is a perl script designed to get a comprehensive view on the topology of your target's network by giving you all the information it can find on the host by automating the process of querying DNS servers and even attempting Zone Transfers if possible.
Click on the picture to enlarge
Zone transfer attacks are quite simply a technique where your computer pretends to be a DNS server (Called Slave) and ask a "fellow" DNS server (Called master) for a copy of the data it has on www.target.com

 So let's see how it looks like:
When ran with no arguments dnsenum will give you its help page and as you can see there's a wide variety of options to choose from which will all be discussed later.

 Here's what happens when it's ran without one argument which is the address to probe:










When i ran it on that address it successfully retrieved A records*, NS records*, MX Records* plus it successfully performed a a zone transfer attack even and retrieved more subdomains than my pictures can handle (Seriously you had to scroll WAY down)
Such a tool would be immensely useful in determining the topology of your target, it'll help you build a logical map of the nodes on  the network, what they do and the addresses of each and every one of them.  








Now let's have a quick review of the options it provides and the functions of each and every one of them:
  • --dnsserver : The DNS server to use in the querying process
  • --enum : start enumeration mode which sets threads to 5, scrap to 20 and will perform a WHOIS query as well
  • -noreverse : skip the reverse lookup process
  • --private : Save a list of private (RFC1918) IP addresses in a file called domain_ips.txt
  • --subfile <filename.txt> : write all subdomains found in filename.txt that you specify
  • -w : Perform a whois query
  • -o / --output : Outputs result as an XML file
That was a review of the most important switches/options dnsenum has, So play around with it a little bit and see if you can discover anything else !
___________________________________

MX Record: a DNS record which shows the servers the host uses for mail exchange
NS Record: a DNS record which converts domain names into ip addresses
A Record: The opposite of NS record.
Note: If you wish to know more about DNS records to work better with these tools, check this link which lists the most important DNS record types you should know and their function.



Next Episode: DNSMAP & DNSRECON


                                                
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)