Ethical Hacking and Penetration Testing Guide
Command : ./fierce.pl –dns zonetransfer.me DNS Cache Snooping
Yüklə 22,44 Mb. Pdf görüntüsü
|
- Bu səhifədəki naviqasiya:
- Nonrecursive Method
- Command (dig)
|
Command
: ./fierce.pl –dns zonetransfer.me DNS Cache Snooping This is the last kind of attack we will see as part of the DNS reconnaissance phase. It is a very neat attack, and very few people know about it. Information Gathering Techniques ◾ 81 What Is DNS Cache Snooping? A DNS cache snooping attack is a process of querying DNS server to determine if it has a resource that is cached. This would help the attacker determine what websites a user has recently visited. The resource record can be anything: an A record, a CNAME record, or a txt record. We will focus on A record, which would help us to determine the site that the victim has visited. Now, this can be utilized when performing social engineering attacks, which we will discuss in the “Client Side Exploitation” chapter. DNS cache snooping can be performed using two methods: 1. Nonrecursive method 2. Recursive method Nonrecursive Method This method is the easiest of the two. Here is how we can perform a DNS cache snooping by nonrecursive method: 1. The first step would be to ask the DNS cache for any given resource record, for example, A, MX, and CNAME. 2. Next, we would set the “Recursion Desired” in the query to 0, which set it to perform a nonrecursive query. This would query the system and check its DNS cache for the particular record. In our case, this would be “A” record. 3. If the response is cached, that is, if it finds the A record you asked for, the response would be valid and would return an answer, indicating that someone on that system visited that particular website. 4. If the response is not cached, it will return a reply about another server that can answer the query better or it will send the root.hints DNS file contents, which contain the name and addresses of all root DNS servers. Examples All this may be a bit overwhelming to you but the examples we are about to see will make things much easier. We can primarily use dig for our example. You can also use nslookup if you are on a Windows box. Command (dig) : dig @dns_server domain A +norecurse So the command is very simple. We would use “dig” followed by the nonrecursive dns_server you want to query, followed by the domain name and then the record we are looking for, which in this case is an “A” record. The +norecurse would be set as non-recursive. I found a name server that would accept nonrecursive DNS queries. I used it to query rafay- hackingarticles.net to see if someone on the server visited rafayhackingarticles.net. Yüklə 22,44 Mb. Dostları ilə paylaş:
|