Ads 468x60px

Tuesday, November 12, 2013

DNS Enumeration with Backtrack Tutorial

When it comes to web server’s penetration-testing, a DNS server is always on the top of the list because DNS server is the core gateway of an internal enterprise to the mighty internet. Information gathering, as we all know is an important part of Penetration, so gathering information about the DNS is just as important as the DNS server. Even if an attacker can enumerate a DNS server it can prove very lethal to the Organization whose information is stored on the server. In this tutorial we will be looking at several tools and their usage by which we can enumerate a DNS server in several ways. For this we will open CMD shell in BT and type cd /pentest/enumeration/dns1

Then type ls The list of DNS enumeration tools will appear and we will take a look at the use of all tools.2First we will use dnsenum tool.3It is very easy to use this tool, just type the command in the format perl dnsenum.pl4It will generate results as shown in below picture.5It provided us with the list of entire IPs used by the website including the mail servers.6Now the trick to extract information that we need for further phases of Pen-testing e.g if you want to test the mail server you can telnet it and exploit it by foot-printing (will be explained in upcoming tutorials). The next tool that we will use is dnswalk.7It is also a very good tool for enumerating and provides with filtered information of the target.You can access it by cd dns command in dns folder. Only the difference in the input is In Dnswalk the target ends with a “.”8We got the results here, as we have mentioned earlier dnswalk only provides basic information like SOA server and warnings. It is a partial enumeration testing tool.9Next tool we will be digging is called dnsrecon, You can find this in the dns folder, It is a tool written python scripting.10Now as you can see below that we have performed multiple operations with dnsrecon which will be explained further. You can retrieve SRV records of the target also query SOA etc.11For retrieving SRV records you have to type the command ./dnsrecon.py –t srv –d target name.12Now here is how the result of the srv records look like:13And here’s how we query the SOA, NS and MX of the servers using the command ./dnsrecon.py –t std –d And here how the result will look like:14By DNS enumeration you can gather a lot of information about the target and it can prove to be very helpful in a penetration test. 
Posted by at

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
 

Is TOR Secure??

TOR is not safe to hack!! With putting too much security in middle, you increase the risk of malicious traffic from end station going undetected through this tight-secure loop. It’s a general rule when traffic moves from higher trust to lower trust , the nature of protection provided on either ends should be evaluated and should it match with the data classification level it carries with in. try using some other vpns!!In particular if somebody can observe your traffic and your target's traffic, he can correlate that.

One interesting variant is connecting to a VPN over TOR. That helps with 3), provided you trust the VPN, but you need to figure out a way to buy VPN access anonymously.

Factors Affecting Anonymity Online

IP address- can be resolved by VPN's. User agent- https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/. MAC address - Technetium mac changer. For more information be have anonymous service online. Please visit http://prism-break.org/

Total Pageviews

Total Pageviews

Total Pageviews

Sample Text