○ DIG Zone Transfer
dig axfr site_name @dns_server_name
○ DNSRECON
Perform Google enumeration and reverse lookup
dnsrecon -g -w -d example.com
->
[*] The following IP Ranges where found:
[*] 0) 2xx.2xx.64.0-2xx.2xx.127.255 KREONetKREONet-KR
[*] 1) 1xx.60.0.0-1xx.60.63.255 NCISNCIS-KR
[*] What Range do you wish to do a Revers Lookup for?
[*] number, comma separated list, a for all or n for none
0 번 선택
IP range for reverse lookup brute force
dnsrecon -r startIP-endIP
Zone Transfer
dnsrecon -d domain -t axfr
○ Zone Transfer
- NSLOOKUP
The steps to try and force a zone transfer are shown here:
1. nslookup #Enter nslookup from the command line.
2. server <ipaddress> #Enter the IP address of the authoritative server for that zone.
3. set type = any #Tells nslookup to query for any record.
4. ls –d <domain.com> #Domain.com is the name of the targeted domain of
the final step that performs the zone transfer.
nslookup
기본 서버: google-public-dns-a.google.com
Address: 8.8.8.8
set type=any
ls -d example.com
example.com. SOA hostmaster.sbc.net (950849 21600 3600 1728000 3600)
example.com. NS auth100.ns.sbc.net
example.com. NS auth110.ns.sbc.net
example.com. A 10.14.229.23
example.com. MX 10 dallassmtpr1.example.com
example.com. MX 20 dallassmtpr2.example.com
example.com. MX 30 lasmtpr1.example.com
lasmtpr1 A 192.172.243.240
dallassmtpr1 A 192.172.163.9
dallaslink2 A 192.172.161.4
spamassassin A 192.172.170.49
dallassmtpr2 A 192.172.163.7
dallasextra A 192.172.170.17
dallasgate A 192.172.163.22
lalink A 172.16.208.249
dallassmtp1 A 192.172.170.49
nygate A 192.172.3.250
www A 10.49.229.203
dallassmtp MX 10 dallassmtpr1.example.com
dallassmtp MX 20 dallassmtpr2.example.com
dallassmtp MX 30 lasmtpr1.example.com
