Academy - Footprinting - DNS

Does somebody got the answer for the last question in DNS part?
What is the FQDN of the host where the last octet ends with “x.x.x.203”?
tried all the wordlists in the attack box, but none of them got the FQDN domain that ends with .203

1 Like

Stuck here as well.

  • Used different wordlist but still not able to find the answer
  • Tried with mail3.inlanefreight.htb since mail1.inlanefreight.htb ends with .201 but no.

Anyone completed this question??

Hey man. I’ve completed this question. you are on right track. :wink:

which wordlist did you use or which method since nothing I try is working?

let’s say, you need to dig :wink:
bruteforce not required

1 Like

Can you specify that a little bit?
With “dig axfr domain.tld @10.10.10.10” I found two zones which allow a transfer.
But none contains a subdomain, which would have a 203 in the last octet.


Okay, I could now find all zones.

There are zones that allow transfer and there are zones that allow transfer only from certain machines (allow-transfer).
Zones that do not allow transfer from your machine can be found manually. For example with DNSenum.

OK guys any pointers on this other than what’s here already. Going around in circles with it now :tired_face: :tired_face:

It’s OK I got it…HINT…enumerate ALL subdomains :slight_smile:

I have exactly the same problems. I have (hopefully) found all the zones. Iterate through the hostnames. No success. Can you give me another spoiler? I’m really stuck right now.

DIG around and try to TRANSFER everything you find :thinking:

someone dm me pls, I stuck with this problem for two days…

I have found:
dev1.dev.inlanefreight.htb,
dev2.dev.inlanefreight.htb,
mail1.dev.inlanefreight.htb.
None of them is correct and they’re not transferable. Actually only the main and internal domains were transferable. Am I on the right path?
I think this part of module should be more detailed.