Social Icons

Showing posts with label dnsrecon. Show all posts
Showing posts with label dnsrecon. Show all posts

Sunday, September 29, 2013

BACKTRACK 5 R3 : dnstracer

1.  Dnstracer is another in the line of information gathering tool in Backtrack 5 R3 that determines where a given Domain Name Server (DNS) gets its information from, and follows the chain of DNS servers back to the servers which know the data. It basically works by sending the specified name-server a non-recursive request for the name. If the name server does returns an authoritative answer for the name, the next server is queried. If it returns an non-authoritative answer for the name, the name servers in the authority records will be queried. The program stops if all name-servers are queried.

(Click on the image to enlarge)
The switches available with the command line are :

(Click on the image to enlarge)
As can be made out from the screen shhot above,the option switches have variety to offer and thus a whole lot of basic info on the specific DNS can be churned out.The syntax of the command is :

dnstracer [options] [host]

-c:    disable local caching, default enabled
-C:   enable negative caching, default disabled
-o:    enable overview of received answers, default disabled
-q     : query-type to use for the DNS requests, default A
-r     : amount of retries for DNS requests, default 3
-s      : use this server for the initial request

-t      : Limit time to wait per try
-v     : verbose
-S      : use this source address.
-4     : don't query IPv6 servers


In the screen shots below I have taken example of the dvwa.co.uk for running the command on.....the command run is

dnstracer certifiedhacker.com

dnstracer -q soa -o certifiedhacker.com

(Click on the image to enlarge)

(Click on the image to enlarge)

Running the command with and without switches effects the final output of info as seen in the info....


BACKTRACK 5 R3 : dnsrecon

1.   Dnsrecon is another nice easy to use tool for pen testers for enumeration. The kinds of things dnsrecon can do are as follows:

    - Reverse Lookup against IP range
    - Perform general DNS query for NS,SOA and MX records
    - Cache snooping against Name Servers
    - Google Scanning for Sub Domains and Host

 2.   The command line usage and the few imp switch execution details are briefed here down :

   -h       --help                 Show this help message and exit
   -d       --domain            Domain to Target for enumeration.
   -c       --cidr                  CIDR for reverse look-up brute force (range/bitmask).
   -r       --range               IP Range for reverse look-up brute force
   -n      --name_server    Domain server to use, if none is given the SOA of the
                                      target will be used
   -D     --dictionary         Dictionary file of sub-domain and hostnames to use for
                                       brute force.
    -t     --type                  Specify the type of enumeration to perform:

Available through :
                           
Backtrack -> Information Gathering -> Network Analysis -> DNS Analysis -> dnsrecon

In this blog post,I  will be covering 3 enumeration techniques. These being:

    SRV records Enumeration
    Top Level Enumeration
    Standard Enumeration


(Click on image to Enlarge)

(Click on image to Enlarge)  
To perform an SRV records enumeration against a domain the following input command will be run:

Code:

./dnsrecon.py -t srv -d

As an example if we wanted to do this to certifiedhacker.com, our command would be as follows:

Code:
./dnsrecon.py -t srv -d google.com


(Click on image to Enlarge)


Top Level Enumeration

For performing a top level enumeration the following command will be used :

Code:
./dnsrecon.py -t tld -d

If the same command is run for google.com,the following command will be used

Code:
./dnsrecon.py -t tld -d google.com
 
(Click on image to Enlarge)

(Click on image to Enlarge)

and similarly,to perform an STD (standard) enumeration,the following command is used :

Code:

./dnsrecon.py -t std -d


Using Google as an example again, our command would be:

Code:

./dnsrecon.py -t std -d google.com

The result as seen below in a standard enumeration :

(Click on image to Enlarge)

(Click on image to Enlarge)
 
Powered By Blogger