Ethical Hacking and Penetration Testing Guide


Zone Transfer with Host Command



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə53/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   49   50   51   52   53   54   55   56   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Zone Transfer with Host Command
Follow the steps to perform a zone transfer request on a server. Suppose our target is msn.com. We 
would issue the following command:
Step 1—
We will gather a list of all the name servers associated with our target.
host
www.msn.com ns
Step 2—
Once we have gathered a list of the name servers, we would simply try zone transfer 
with all of them one by one. To initiate a zone transfer request, issue the following command:
host –l www.msn.com ns5.msft.net
host –l www.msn.com ns1.msft.net
host –l www.msn.com ns2.msft.net
host –l www.msn.com ns3.msft.net
host –l www.msn.com ns4.msft.net
Unfortunately, all the queries will fail and it will give us a “transfer failed error” as the server 
doesn’t allow zone transfers.
However, let’s try it on zonetransfer.me, a server that we know is vulnerable to DNS zone 
transfer. On running the same host command, we will come to know that it has two name servers.
Command
:
host –t ns zonetransfer.me
Now let’s try a zone transfer with the method we learned earlier.
host –l zonetransfer.me ns12.zoneedit.com

80
◾ 
Ethical Hacking and Penetration Testing Guide
You would notice that the zone transfer would be successful and it would return the full list of 
subdomains that normally cannot be discovered with other techniques.
Example
dig axfr @ns12.zoneedit.com zonetransfer.me
Automating Zone Transfers
Attempting to try each one of the name servers for zone transfers is obviously a tedious process. 
Luckily, there are tools in BackTrack such as DNSenum and fierce that can make our job much 
more easier.
DNSenum
is capable of performing forward lookup, reverse lookup, and also zone transfer 
and is very simple to use. All you need to do is issue the following command from the /pentest/
enumeration/dns/dnsenum directory.
./dnsenum.pl
./dnsenum.pl zonetransfer.me
As you can see from the image, it displays all the records for zonetransfer.me. After this, it will 
automatically try to perform a zone transfer on the site you have specified.
Fierce can also be used to perform this task. We will discuss fierce in the subdomain scanning 
section as well, where we will discuss a variety of methods for gathering subdomains.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   49   50   51   52   53   54   55   56   ...   235



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət
gir | qeydiyyatdan keç
    Ana səhifə
Stomatologiya
Anesteziologiya
Cərrahlıq
Ginekologiya
Tibb

yükləyin