Paul's Resources

Search

SearchSearch

Assignment 3.1 DNS Enumeration

Mar 31, 2024, 2 min read

Assignment 3.1: DNS Enumeration

Deliverable 1. Provide a screenshot of your /24 port scan against 10.0.5.0/24 similar to the one below.

Code:

#!/bin/bash
 
network=$1
port=$2
 
echo "host,port"
for ((ip=1; ip<=254; ip++)); do
   ipaddr="$1.$ip"
   timeout .1 bash -c "echo >/dev/tcp/$ipaddr/$port" 2>/dev/null && echo "$ipaddr,$port"
done

Output:

Deliverable 3. Write a script that takes a network prefix and a specific dns server in which to perform a lookup. Assume a /24 network. Provide a screenshot similar to the one below showing the program run.

Code:

#!/bin/bash
 
network=$1
name_serv=$2
 
echo "dns resolution for $network"
for ((ip=1; ip<=254; ip++)); do
   ipaddr="$1.$ip"
   nslookup $ipaddr $name_serv | grep name
done

Output:

Deliverable 5. Use nmap to find your DNS servers. Figure out how to: skip host discovery, use a grepable output to send results to dns-servers2.txt, only scan for a single tcp port across 10.0.5.0/24, only report “open” ports, see if you can use a bash 1 or 2 liner to list the unique IP addresses that respond to DNS lookups.

nmap:

sudo nmap -Pn --open 10.0.5.0/24 -p T:53 -oG dns-server2.txt

ouput:

cat dns-server2.txt | grep -v Nmap | grep -v / | awk '{print  $2}'

Deliverable 6. The following nmap command will use -sL (list targets) while specifying a dns server. See if you can do some magic with grep and cut or awk to produce output similar to the one below. Provide a screenshot showing your modified nmap run. Note, you may have different hosts listed as our target environment changes and grows over time.

nmap:

sudo nmap -sL -R 10.0.5.1-124 --dns-server 10.0.5.22 | awk '{print $5 $6}' | grep "(" | grep -v addresses

Ouput:

Deliverable 7. zt.txt should have some useful information, see what you can do to parse it in a manner that we have a hostname and associated ip address. Provide a screenshot similar to the one below. Note, the screenshot below is not quite perfect as not every host has an IP address.

Zone Transfer:

Note:
documentation: https://digi.ninja/projects/zonetransferme.php

Output:

cat zt.txt | grep -E ",*." | awk {'print $1","$5'} | grep -v ";"

Graph View

Backlinks