{"id":1091,"date":"2024-11-02T09:34:08","date_gmt":"2024-11-02T09:34:08","guid":{"rendered":"https:\/\/hackmybox.com\/?p=1091"},"modified":"2025-09-08T16:31:27","modified_gmt":"2025-09-08T16:31:27","slug":"footprinting-dns","status":"publish","type":"post","link":"https:\/\/hackmybox.com\/index.php\/2024\/11\/02\/footprinting-dns\/","title":{"rendered":"Footprinting -DNS"},"content":{"rendered":"<div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-fbab0fa0\" data-vce-do-apply=\"all el-fbab0fa0\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-db16ad3a\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-db16ad3a\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-db16ad3a\"><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-b2035471\" data-vce-do-apply=\"all el-b2035471\"><h3 style=\"text-align: center;\"><strong><span style=\"color: #00ff00;\">(Insights from HTB Academy)<\/span><\/strong><\/h3><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><div class=\"vce-row-container\" data-vce-boxed-width=\"true\"><div class=\"vce-row vce-row--col-gap-30 vce-row-equal-height vce-row-content--top\" id=\"el-dc61f307\" data-vce-do-apply=\"all el-dc61f307\"><div class=\"vce-row-content\" data-vce-element-content=\"true\"><div class=\"vce-col vce-col--md-auto vce-col--xs-1 vce-col--xs-last vce-col--xs-first vce-col--sm-last vce-col--sm-first vce-col--md-last vce-col--lg-last vce-col--xl-last vce-col--md-first vce-col--lg-first vce-col--xl-first\" id=\"el-f7cb815d\"><div class=\"vce-col-inner\" data-vce-do-apply=\"border margin background  el-f7cb815d\"><div class=\"vce-col-content\" data-vce-element-content=\"true\" data-vce-do-apply=\"padding el-f7cb815d\"><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-5f2c9d08\" data-vce-do-apply=\"all el-5f2c9d08\"><p><span style=\"color: #00ff00;\">DNS Functionality:<\/span> Key thing is to understand how DNS works . DNS translates computer names into IP addresses. It converts human-readable domain names into machine-readable IP addresses, which is crucial for the functioning of the internet. For example, your web browser queries DNS to load internet resources effectively.<\/p><p><span style=\"color: #00ff00;\">Linux vs. Microsoft DNS<\/span>: It's been a while since I configured DNS on Linux, as I usually deploy DNS using Microsoft Server. While both serve the same primary function\u2014resolving names to IP addresses\u2014their configurations and management interfaces differ significantly. Microsoft DNS is often managed through the GUI of Windows Server, whereas Linux DNS configurations are typically handled through configuration files like <code>named.conf<\/code> for BIND. I need some time to explore and test these tools with Microsoft DNS servers.<\/p><p><span style=\"color: #00ff00;\">Tools:<\/span><\/p><ul><li>Dig: Good for querying DNS records and performing lookups.<\/li><li>Dig-AXFR: Correctly identified as a method for zone transfers, allowing you to retrieve the complete zone file from a DNS server.<\/li><li>Nslookup: A classic tool for querying DNS<\/li><li>Dnsenum: Used for DNS enumeration, which is critical for gathering information about a domain.<\/li><\/ul><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-bbb17ce9\" data-vce-do-apply=\"all el-bbb17ce9\"><p><span style=\"color: #00ff00;\">Task:<\/span><\/p><p>In the module, we are tasked with querying the target DNS using its IP address and enumerating details for the 'inlanefreight.htb' domain.<\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-361cbed5\" data-vce-do-apply=\"all el-361cbed5\"><p>Using the<span style=\"color: #00ff00;\"> dig<\/span> tool, we can find the required details. The key is to keep querying all subdomains.<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-9640ee5c\" data-vce-do-apply=\"all el-9640ee5c\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 30.2734%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"310\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203-1024x310.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203-320x97.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203-480x146.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203-800x243.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203-1024x310.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig1-e1731478287203.png\" data-attachment-id=\"1092\"  alt=\"\" title=\"dig1\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-165ddfa8\" data-vce-do-apply=\"all el-165ddfa8\"><p><em><strong><span style=\"color: #00ff00;\">&nbsp;Syntax :<\/span><\/strong><\/em><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-4b243bf3\" data-vce-do-apply=\"all el-4b243bf3\"><p><span style=\"color: #00ff00;\">dig axfr inlanefreight.htb @10.129.196.4<\/span><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-54dc66d8\" data-vce-do-apply=\"all el-54dc66d8\"><ul><li><span style=\"color: #00ff00;\">DiG:<\/span> This is the command-line tool used for querying DNS records.<\/li><li><span style=\"color: #00ff00;\">axfr:<\/span> This indicates a request for a zone transfer, which retrieves all DNS records for the specified domain.<\/li><li><span style=\"color: #00ff00;\">inlanefreight.htb:<\/span> The target domain for which the DNS records are being queried.<\/li><li><span style=\"color: #00ff00;\">@10.129.251.51:<\/span> This specifies the DNS server to query.<\/li><\/ul><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-bc6291dd\" data-vce-do-apply=\"all el-bc6291dd\"><p><strong><em><span style=\"color: #00ff00;\">Interpreting Results :<\/span><\/em><\/strong><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-aeaf4268\" data-vce-do-apply=\"all el-aeaf4268\"><ul><li><span style=\"color: #00ff00;\">SOA Record:<\/span> Indicates the authoritative server for the domain and includes administrative contact information.<\/li><li><span style=\"color: #00ff00;\">TXT Records:<\/span> Contain various verification and policy information, including Microsoft and Atlassian verification tokens, and an SPF record for email security.<\/li><li><span style=\"color: #00ff00;\">NS Record:<\/span> Specifies the name server (ns.inlanefreight.htb) responsible for the domain.<\/li><li><span style=\"color: #00ff00;\">A Records:<\/span> Map several subdomains (e.g., <span style=\"color: #ffff00;\">app, dev, internal, mail1, ns<\/span>) to their corresponding IP addresses.<\/li><\/ul><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-32eb23a9\" data-vce-do-apply=\"all el-32eb23a9\"><p><em><span style=\"color: #00ff00;\">Dig subdomains :&nbsp;<\/span><\/em><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-842041a9\" data-vce-do-apply=\"all el-842041a9\"><p><span style=\"color: #00ff00;\">dig axfr internal.inlanefreight.htb @10.129.196.4<\/span><\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-8ccdae28\" data-vce-do-apply=\"all el-8ccdae28\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 1024px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 36.4258%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"1024\" height=\"373\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329-1024x373.png 1024w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329-320x117.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329-480x175.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329-800x292.png 800w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329-1024x373.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig2-e1730786496329.png\" data-attachment-id=\"1093\"  alt=\"\" title=\"dig2\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-raw-html\"><div class=\"vce-raw-html-wrapper\" id=\"el-e3cc70a6\" data-vce-do-apply=\"all el-e3cc70a6\"><script async=\"\" src=\"https:\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js?client=ca-pub-1499161372675368\" crossorigin=\"anonymous\"><\/script>\n<ins class=\"adsbygoogle\" style=\"display:block\" data-ad-format=\"fluid\" data-ad-layout-key=\"-c2+73+2h-1m-4u\" data-ad-client=\"ca-pub-1499161372675368\" data-ad-slot=\"8728040126\"><\/ins>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-e3759cbb\" data-vce-do-apply=\"all el-e3759cbb\"><p><span style=\"color: #00ff00;\">Dnsenum -<span style=\"color: #999999;\"> is a multithreaded perl script to enumerate DNS information of a domain.<\/span><\/span><\/p><p>source: https:\/\/www.kali.org\/tools\/dnsenum\/<\/p><\/div><\/div><div class=\"vce-single-image-container vce-single-image--align-left\"><div class=\"vce vce-single-image-wrapper\" id=\"el-3cb6e574\" data-vce-do-apply=\"all el-3cb6e574\"><figure><div class=\"vce-single-image-figure-inner\" style=\"width: 967px;\"><div class=\"vce-single-image-inner vce-single-image--absolute\" style=\"width: 100%; padding-bottom: 77.3526%;\"><img loading=\"lazy\" decoding=\"async\" class=\"vce-single-image\"  width=\"967\" height=\"748\" srcset=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig4-320x248.png 320w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig4-480x371.png 480w, https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig4-800x619.png 800w, https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/dig4-967x748.png 967w\" src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2025\/09\/dig4-967x748.png\" data-img-src=\"https:\/\/hackmybox.com\/wp-content\/uploads\/2024\/11\/dig4.png\" data-attachment-id=\"1098\"  alt=\"\" title=\"dig4\" \/><\/div><\/div><figcaption hidden=\"\"><\/figcaption><\/figure><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-f5a18584\" data-vce-do-apply=\"all el-f5a18584\"><p><em><span style=\"color: #00ff00;\">Syntax:<\/span><\/em><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-87c9f06a\" data-vce-do-apply=\"all el-87c9f06a\"><p><span style=\"color: #ffff00;\">dnsenum --dnsserver 10.129.251.51 --enum -0 subdomains.txt -f \/usr\/share\/seclists\/Discovery\/DNS\/fierce-hostlist.txt dev.inlanefreight.htb<\/span><\/p><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-23497ad7\" data-vce-do-apply=\"all el-23497ad7\"><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-f6e91ee2\" data-vce-do-apply=\"all el-f6e91ee2\"><p><span style=\"color: #999999;\"><em>The command will query the DNS server to find and list subdomains&nbsp; then saving the results to a file. Details below:<\/em><\/span><\/p><ul><li><span style=\"color: #00ff00;\">dnsenum:<\/span> This is the command for the DNS enumeration tool, which is used to gather information about DNS records.<\/li><li><span style=\"color: #00ff00;\">--dnsserver 10.129.251.51:<\/span> This option specifies the DNS server to query for information. In this case, it\u2019s set to 10.129.251.51.<\/li><li><span style=\"color: #00ff00;\">--enum:<\/span> This flag tells dnsenum to perform enumeration of DNS records, such as subdomains.<\/li><li><span style=\"color: #00ff00;\">-o subdomains.txt:<\/span> This option specifies the output file where the results (found subdomains and their records) will be saved. Here, it\u2019s named subdomains.txt.<\/li><li><span style=\"color: #00ff00;\">-f \/usr\/share\/seclists\/Discovery\/DNS\/fierce-hostlist.txt:<\/span> This option points to the wordlist that dnsenum will use to search for subdomains. The specified wordlist is fierce-hostlist.txt, which contains common subdomain names.<\/li><li><span style=\"color: #00ff00;\">dev.inlanefreight.htb<\/span>: This is the target domain that the tool will be enumerating. The command will look for subdomains associated with dev.inlanefreight.htb.<\/li><\/ul><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-ca2af1bf\" data-vce-do-apply=\"all el-ca2af1bf\"><p>In summary, we see how DNS functions and how tools like Dig and Dnsenum are essential for effective footprinting and enumeration of domain information.<\/p><\/div><\/div><div class=\"vce vce-separator-container vce-separator--align-center vce-separator--style-solid\" id=\"el-d80dfbf8\" data-vce-do-apply=\"margin el-d80dfbf8\"><div class=\"vce-separator vce-separator--color-bfc0c1 vce-separator--width-60 vce-separator--thickness-1\" data-vce-do-apply=\"border padding background  el-d80dfbf8\"><\/div><\/div><div class=\"vce-text-block\"><div class=\"vce-text-block-wrapper vce\" id=\"el-9bc9f969\" data-vce-do-apply=\"all el-9bc9f969\"><p style=\"text-align: center;\">Want to learn more and gain hands-on experience? Sign up with HTB Academy by clicking the link below<\/p><\/div><\/div><div class=\"vce-button--style-basic-container vce-button--style-basic-container--align-center\"><span class=\"vce-button--style-basic-wrapper vce\" id=\"el-47f7b2a6\" data-vce-do-apply=\"margin el-47f7b2a6\"><a class=\"vce-button vce-button--style-basic vce-button--style-basic--border-rounded vce-button--style-basic--size-medium vce-button--style-basic--color-b-138-198-10--fff\" href=\"https:\/\/hacktheboxltd.sjv.io\/19DPP6\" title=\"\" data-vce-do-apply=\"padding border background  el-47f7b2a6\">JOIN NOW<\/a><\/span><\/div><\/div><\/div><\/div><\/div><\/div><\/div>\n","protected":false},"excerpt":{"rendered":"<p>(Insights from HTB Academy)DNS Functionality: Key thing is to understand how DNS works . DNS translates computer names into IP addresses. It converts human-readable domain names into machine-readable IP addresses, which is crucial for the functioning of the internet. For example, your web browser queries DNS to load internet resources effectively.Linux vs. Microsoft DNS: It&#8217;s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1118,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","site-transparent-header":"default","prose-style":"enable","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[17],"tags":[],"class_list":["post-1091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-footprinting"],"_links":{"self":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/comments?post=1091"}],"version-history":[{"count":29,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1091\/revisions"}],"predecessor-version":[{"id":2072,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/posts\/1091\/revisions\/2072"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media\/1118"}],"wp:attachment":[{"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/media?parent=1091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/categories?post=1091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hackmybox.com\/index.php\/wp-json\/wp\/v2\/tags?post=1091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}