Interacting with DNS Servers

76
◾ 
Ethical Hacking and Penetration Testing Guide
Nslookup
Nslookup is available in both Windows and Linux OS. Let’s say that we want the DNS servers to 
return all the 
mail server records
 
of an organization. We would do the following:
Step 1—
Issue the 
nslookup
command from the command prompt.
Step 2—
Issue the following command:
set type = mx
Step 3—
Next, we would enter the domain.
www.msn.com
The query returned mail servers for msn.com.
We can also ask for all the DNS servers for that domain by using the 
set type = ns
command.
The query has returned all the name servers associated with ifixit.com.
DIG
Let me introduce you to another great tool called DIG. We can run the same queries with dig as 
we did with nslookup. However, it’s very handy and has more functionalities than nslookup. So 
let’s ask dig to return mx records for Wikipedia.org. We will use the following command:
dig Wikipedia.org mx

Information Gathering Techniques
◾ 
77
Similarly, you can use
 
ns
in place of 
mx 
for returning all ns-related records.
Forward DNS Lookup
In this method, we use brute forcing technique to guess the valid domain names.
For example: services.rafayhackingarticles.net
This domain will resolve to an IP. If a domain resolves to an IP, it is an existing domain name; 
if it doesn’t, it does not exist. One can write a script to search for valid hostnames. Alternatively, 
you can also use the 
fierce
tool, discussed earlier, for performing this attack.

Yüklə 22,44 Mb.

Dostları ilə paylaş: