Thursday, July 2, 2009

BackTrack 4 - DNS 1

Okay, so I've finished a week of studying, passed the exam today and now I have had a few minutes to get to grips with one or two of the DNS tools on the BT4 CD. I'm gonna start off easy and look at a couple of my favorite DNS tools and then move onto some that I'm not too familiar with. I decided to start with DNS because that usually where thing start for me, well that and Google but lets leave that for now.


I was glad to see that Fierce is still in BT. Fierce is one of my favorite DNS tools and I have blogged about it ion the past. It always gets the job done and underneath it's simple exterior it's doing quite alot (maybe RSnake worked for Apple once).

Fierce starts off by using your DNS to get the targets DNS and then hops on over to that DNS to do it's work. All pretty cool stuff eh. Fierce will try to dump the DNS (although unlikely this will work) and then it will start to use it's name list (hosts.txt) to guess the name of hosts out there. Although not a bad wordlist I suggest you add to it as you come across anything in your travels. Anything Fierce guesses correctly it will perform reverse look ups of a few of the addresses around the correctly guessed one (also configurable) or with -wide it will scan the whole class C subnet of any host it finds. Noisy but effective.

The command I used to scan with 10 threads and scanning the class C of any found IPs was:

./ -wide -threads 10


Although this found me some good results what I also wanted to do was look in between those IP's in the reverse lookup. Because if the target has a block of IP's and nested somewhere in the middle of them is host on another domain then that's interesting. For this task I Dark Operators DNSRecon ruby script.

An example of running the script against on of the subnets that Fierce located gave up some interesting (but very obvious) results:

ruby dnsrecon.rb -r

Surprise surprise!

Well there's plenty more to go, I just wanted to make a start on this set of posts.

Happy hunting!


lokum said...

Just to let you know, I really enjoy reading your posts! Keep up the good work, you do an excellent job.

SynJunkie said...

Thanks Lokum.

I'll have plenty more posts to come soon (trying to get a CCNA is getting in the way of blogging at the moment though).

Thanks for the encouraging comment.