Penetration Testing with Kali Linux OffSec
dnsrecon -d megacorpone.com -D ~/list.txt -t brt
|
|
dnsrecon -d megacorpone.com -D ~/list.txt -t brt
[*] Using the dictionary file: /home/kali/list.txt (provided by user) [*] brt: Performing host and subdomain brute force against megacorpone.com... [+] A www.megacorpone.com 149.56.244.87 [+] A mail.megacorpone.com 51.222.169.212 [+] A router.megacorpone.com 51.222.169.214 [+] 3 Records Found Listing 48 - Brute forcing hostnames using dnsrecon Our brute force attempt has finished, and we have managed to resolve a few hostnames. DNSEnum is another popular DNS enumeration tool that can be used to further automate DNS enumeration of the megacorpone.com domain. We can pass the tool a few options, but for the sake of this example we’ll only pass the target domain parameter: kali@kali:~$ dnsenum megacorpone.com ... dnsenum VERSION:1.2.6 ----- megacorpone.com ----- ... Brute forcing with /usr/share/dnsenum/dns.txt: _______________________________________________ admin.megacorpone.com. 5 IN A 51.222.169.208 Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 137 beta.megacorpone.com. 5 IN A 51.222.169.209 fs1.megacorpone.com. 5 IN A 51.222.169.210 intranet.megacorpone.com. 5 IN A 51.222.169.211 mail.megacorpone.com. 5 IN A 51.222.169.212 mail2.megacorpone.com. 5 IN A 51.222.169.213 ns1.megacorpone.com. 5 IN A 51.79.37.18 ns2.megacorpone.com. 5 IN A 51.222.39.63 ns3.megacorpone.com. 5 IN A 66.70.207.180 router.megacorpone.com. 5 IN A 51.222.169.214 siem.megacorpone.com. 5 IN A 51.222.169.215 snmp.megacorpone.com. 5 IN A 51.222.169.216 syslog.megacorpone.com. 5 IN A 51.222.169.217 test.megacorpone.com. 5 IN A 51.222.169.219 vpn.megacorpone.com. 5 IN A 51.222.169.220 www.megacorpone.com. 5 IN A 149.56.244.87 www2.megacorpone.com. 5 IN A 149.56.244.87 megacorpone.com class C netranges: ___________________________________ 51.79.37.0/24 51.222.39.0/24 51.222.169.0/24 66.70.207.0/24 149.56.244.0/24 Performing reverse lookup on 1280 ip addresses: ________________________________________________ 18.37.79.51.in-addr.arpa. 86400 IN PTR ns1.megacorpone.com. ... Listing 49 - Using dnsenum to automate DNS enumeration We have now discovered several previously-unknown hosts as a result of our extensive DNS enumeration. As mentioned at the beginning of this Module, information gathering has a cyclic pattern, so we’ll need to perform all the other passive and active enumeration tasks on this new subset of hosts to disclose any new potential details. The enumeration tools covered are practical and straightforward, and we should familiarize ourselves with each before continuing. Having covered Kali tools, let’s explore what kind of DNS enumeration we can perform from a Windows perspective. Although not in the LOLBAS listing, nslookup is another great utility for Windows DNS enumeration and still used during ‘Living off the Land’ scenarios. Applications that can provide unintended code execution are normally listed under the LOLBAS project Penetration Testing with Kali Linux PWK - Copyright © 2023 OffSec Services Limited. All rights reserved. 138 Once connected on the Windows 11 client, we can run a simple query to resolve the A record for the mail.megacorptwo.com host. C:\Users\student> Yüklə Dostları ilə paylaş:
|