Wow that was frustrating for sure. The hints help and try and try and try each subdomain. Eventually found .203. For sure be “fierce” about the list you use.
The wordlist used in the Subdomain Brute Forcing example doesn’t contain the correct word. Only 4 of the 13 wordlists in Discovery/DNS have the correct word. Why would you do that to us?
Thank you. This helped me out a lot. I was in the right direction, but was missing the right wordlist.
I finally got it. It took a long time. I used the for loop because DNSenum kept giving me a failed query and timing out. I don’t know what I did wrong with the command but this is what i used:
dnsenum --dnsserver 10.129.145.94 --enum -p 0 -s 0 -o subdomains.txt -f /opt/useful/SecLists/Discovery/DNS/sortedcombined-knock-dnsrecon-fierce-reconng.txt --threads 90 -v xxx.inlanefreight.htb
this did not work for me
Wow that took my ages the one thing I learned and will never forgot now regarding this is that the IP address you use is always the original target IP you are given. Wow if I had realeised this I would of solved the last question days ago. SOmetimes you have to take a step back and read what the commands are actually doing then Eurika thank everyone for you help
Please what command did you use. I have been struggling with this.
I dont know how to go about it. I even change the name server ip in /etc/resolv.con to that of the DNS Server.
This helped me, thank you.
First of all find all zones; List them.
Mark it down: zones are subdomains.
AFXRon each zone, some works like showed in academy
try for other all domains, it may fail but keep trying.
i used gobuster
gobuster dns -r <box IP / NS IP> -d <domain/sub-domain> -i -w < try small list>.txt
tried 4 hrs and then took a break and tried again above method, solved within 5min.
Zones are transferable by bind options set in
allow-query by requster ip or domain which unfortunately attackers not belongs to.
allow-transfer which is sometimes unlikely due to restrictions.
if it present on individual zone/subdomain then it appear in
AXFR transfer otherwise we need to do bruteforcing.
using tools like dnsenum, gobuster millions of wordlists can be solved under 10 min, you gotta be persistant. dont lose hope just after 5min.
I’m in the same steps, I’ve tried the same as you and I still can’t find the answer, I can’t find anything that ends in .203
if someone could guide me please D:
You need to find all zones
I DID IT!
The only advice I can give you is to follow the steps indicated by this forum, be “FIERCE” in the list you use