Monday, 8 September 2014

Episode 7: DNSWALK


  


  Kali Linux Tools Tutorial                            Episode 7
           DNSWALK     





While Kali is a penetration testing distro. it also has quite a handful of debugging tools in case you wanted to troubleshoot some error that keeps facing you during your DNS enumeration process.
DNSWALK is a DNS debugger which works by performing a zone transfer on the target's name servers and then starts checking if everything is configured properly on the targets DNS database and that the configuration complies with the DNS standards and regulations.

It might not be of much use to us as penetration testers but as i said, If you ever want to have a quick check on the DNS db (Database) configuration or\and faced any DNS related errors, you'll know which tool to whip out.

The not so helpful help page

when executing the perl tool you'll be presented with the help page which is strangely not very helpful.

However you can get a more helpful version of the help page by looking at the tool's manual. So go ahead and type man dnswalk 

DNSWALK manual page
the man command stands for manual and it provides you with a comprehensive manual on a command or even a tool that you would like to know more about, This tool will be your new best friend throughout this series.

That's Better ! now we have the complete list of options you can use 

Note: This can be more annoying than Rebecca Black's friday on loop but you ALWAYS need to as a dot at the end of the domain you want to enumerate for this tool to function, apparently the tool doesn't have a feature to add it automatically so the developer left you this tiring task, it might now seem like much but trust me if you used this tool a lot it would annoy the hell outta you.


So let's have a review of the options and their functions.


  • -r : Go through the domain's subdomains displaying the DNS info it can get on them. Use with care as some domains might have a huge list of subdomains.
  • -a : Display a warning in case of a duplicate A records.
  • -d : Display verbose debugging data for troubleshooting. 
  • -m : Perform AXFR and configuration checks only if the zone's records or the zone itself had undergone changes.
  • -F : Performs a DNS "Fascist" check which compares A records to PTR records to check for any errors or "Surprises" as the author of the manual says
  • -i : Ignore any illegal characters (such as _ or § etc..) in domain names.
  • -l : performs "Lame delegation" check where it checks if nameservers are are giving authoritative answers for their domain.

 There's also the Errors part in the manual but i won't be explaining that since it's pretty straight forward in the manual, It basically just tells you the errors that you might encounter and what they mean.
The picture's quality was reduced to protect the identity of the
domain.

 Now its time to try it on a lucky domain to see it in action, Im going to be using the tool with the -r option to show the subdomains and info about them and the -a option to check for duplicate A records.

 As you can see the tool did what it does best and performed a successful zone transfer attack after which it listed the target's subdomains and all the info it found on them, a PTR record here an A record there etc.. 
as i said up there i don't see the tool as being of great importance to a pentester, maybe someone with a wider imagination than me can come up with another use for it other than troubleshooting and debugging.
_______________________________________


Next Episode: Fierce







Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)