The exercise says: " Find all available DNS records on the target name server and submit the flag found as a DNS record as the answer."
All I got is the IP address of a name server. No domain. So, how can one get the DNS records without providing a domain name?
subbrute fails, at least it’s not clear to me which parameters to provide correctly.
Does anybody have an idea?
If u are still stuck: The domain you should attack is mentioned on the page of the module. I was also stuck before I find it not very intuitive but yeah you got to use that one.
Did you manage to post the flag? It doesn’t accept the flag exposed in the DNS resource records…
Yes that was no problem for me? Do you have any spaces in your flag? Sometimes happens when copying
Hey bro, are you done with it?
I tried fierce with the option --dns-servers but it was not working.
Anyone have any updates? I’m stuck. Not getting any domains. I’m using the subbrute too but only got 1 more domain which is not the flag.
Check out each of the domains you find using subbrute with the tools at hand from this module
I was stuck in the same way. The challenge is 2-step. First, ask the name server (@resolver.txt) for subdomains. Second, dig for the resource records. You can DM me.
Anyone can give a hint on how to find the special DNS record? I`ve used subbrute with the correct domain and with the correct resolver, many subdomain appeared but none is the good one.
Whenever I try to add the nameserver in resolvers it says ‘No nameservers found, trying fallback list’ Anyone else seen this error? Fixed it. But still am not able to produce the flag.
use ns1…etc ns means nameserver. took me 2days and this forum to figure that out.
I’m using ns1 as the dns server, updated the resolution for it in /etc/hosts. I’m coming up with a few subdomains before subbrute crashes. I’m running a dig on all of the subdomains it finds and I’m not seeing anything that looks like a flag. Where am I going wrong?
lol disregard, got it. make sure you guys check your zone transfers. for everything. 
My tip is “hr”.
Okay, finally i finished this one. This mod is all messed up or I could be a bad reader.
BIG HINT: USE THE DIG axfrzone transfer within the module…
The command did not work for me but use their output. You are welcome. O-MG
You right, thanks for the hint… Could not find the HINT in my output so I just used the output in the mod.
Oke there is something really wrong with some of these targets that are spawning.
I have been trying to do the AXFR several times now and at my 3rd spawn for some reason it did work…
Everytime I was getting a message REFUSED… now it is giving me the record…
im stuck while doing the zone transfer. I’m given the error couldn’t get address for ‘ns1.inlanefreight.htb’: not found yet I have palced it in /etc/hosts
I got the same error until I realized that subbrute could not know the ip address.
So I added the domain name (not subdomain) on the resolver.txt file and added the ip and domain name on the /etc/host file.
For those that might still be struggling with this, there is a section in the the Information Gathering - Web Edition Module module that has the command you have to use in the cheat sheet. It starts with “cat”. If you look in the hint, you have to run that application first and then this other command after that to get the flag.