Ethical Hacking and Penetration Testing Guide


Command : ./fierce.pl –dns zonetransfer.me DNS Cache Snooping



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə54/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   50   51   52   53   54   55   56   57   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

Command
:
./fierce.pl –dns zonetransfer.me
DNS Cache Snooping
This is the last kind of attack we will see as part of the DNS reconnaissance phase. It is a very neat 
attack, and very few people know about it.


Information Gathering Techniques
◾ 
81
What Is DNS Cache Snooping?
A DNS cache snooping attack is a process of querying DNS server to determine if it has 
a resource that is cached. This would help the attacker determine what websites a user has 
recently visited. The resource record can be anything: an A record, a CNAME record, or a txt 
record. We will focus on A record, which would help us to determine the site that the victim 
has visited.
Now, this can be utilized when performing social engineering attacks, which we will discuss 
in the “Client Side Exploitation” chapter.
DNS cache snooping can be performed using two methods:
1. Nonrecursive method
2. Recursive method
Nonrecursive Method
This method is the easiest of the two. Here is how we can perform a DNS cache snooping by 
nonrecursive method:
1. The first step would be to ask the DNS cache for any given resource record, for example, A, 
MX, and CNAME.
2. Next, we would set the “Recursion Desired” in the query to 0, which set it to perform a 
nonrecursive query. This would query the system and check its DNS cache for the particular 
record. In our case, this would be “A” record.
3. If the response is cached, that is, if it finds the A record you asked for, the response would 
be valid and would return an answer, indicating that someone on that system visited that 
particular website.
4. If the response is not cached, it will return a reply about another server that can answer the 
query better or it will send the root.hints DNS file contents, which contain the name and 
addresses of all root DNS servers.
Examples
All this may be a bit overwhelming to you but the examples we are about to see will make things 
much easier. We can primarily use dig for our example. You can also use nslookup if you are on 
a Windows box.
Command (dig)
:
dig @dns_server domain A +norecurse
So the command is very simple. We would use “dig” followed by the nonrecursive 
dns_server 
you want to query, followed by the domain name and then the record we are 
looking for, which in this case is an “A” record. The +norecurse would be set as non-recursive.
I found a name server that would accept nonrecursive DNS queries. I used it to query rafay-
hackingarticles.net to see if someone on the server visited rafayhackingarticles.net.

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   50   51   52   53   54   55   56   57   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin