Forward DNS Lookup with Fierce

78
◾ 
Ethical Hacking and Penetration Testing Guide
Reverse DNS
In a reverse DNS attack, we do the opposite. With the help of the IP ranges, we try to guess valid 
hostnames.
Reverse DNS Lookup with Dig
For performing a reverse DNS lookup, we would need to first write an IP address in the reverse 
order.
For example:
208.80.152.201 (Wikipedia’s IP)
201.152.80.208 (reverse order)
Next, we would append “.in-addr.arpa” to it, so it would become 
201.152.80.208.in-addr.arpa
and finally make a DNS PTR query in dig.
So the whole command will look like this:
dig 201.152.80.208.in-addr.arpa PTR
As you can clearly see from this image, the query resolves to Wikipedia’s server.
Reverse DNS Lookup with Fierce
Alternatively, you can also perform a reverse DNS lookup with fierce, where you would need to 
input the network range and the DNS server.
./fierce.pl –range -dnsserver
Here are a couple of websites that can perform reverse DNS lookup:
http://remote.12dt.com/lookup.php
http://www.zoneedit.com/lookup.html

Information Gathering Techniques
◾ 
79
Zone Transfers
A DNS server contains information such as host name and the IP address associated with it. DNS 
security should never be ignored as it is a critical component. A zone transfer is used for replica-
tion of records. If an attacker can perform a successful zone transfer, he may be able to extract 
some important hosts which are not available publically. However, you need to keep in your mind 
that a successful DNS transfer does not immediately result in a server compromise, but it aids an 
attacker in gathering some useful information about the infrastructure.
Most of the primary DNS servers won’t allow zone transfers, but backup servers may be 
vulnerable to it.
There are many tools for performing DNS zone transfer; let’s take a look at them one by one.

Yüklə 22,44 Mb.

Dostları ilə paylaş: