LDAP & DNS

Enumeration
Created At :
Count:130 Views 👀 :
  1. DNS Recon
  2. DNS Enum
  3. SUBDOMAIN Enum
  4. Dig
    1. Get IP
    2. Get IP using another DNS Server (useful if UPD 53 is open on the target server)
    3. Do a reverse lookup
    4. Dig all the things

DNS Recon

dnsrecon -d website.com -D /usr/share/wordlists/dnsmap.txt -t std --xml dnsrecon.xml

#lookup website.com using a wordlit using standard type of enum, output to xml filed dnsrecon.xml

dnsrecon -d website.com -D /usr/share/wordlists/dnsmap.txt -t std --xml dnsrecon.xml --name_server 8.8.8.8

DNS Enum

dnsenum --dnsserver x.x.x.x -enum www.fakewebsite.com

SUBDOMAIN Enum

sublist3r -d www.blah.com -t 3 -e bing

Dig

DIG = Domain Internet Groper

Get IP

dig www.blah.com

Get IP using another DNS Server (useful if UPD 53 is open on the target server)

dig -server 8.8.8.8 www. www.blah.com

Do a reverse lookup

dig @8.8.8.8 -x 8.8.8.8

Dig all the things

dig www.blah.com ANY

©2021 Peanutstick's Blog

Built with Hexo and 3-hexo theme