i think this comand should get me de txt records but i cant get the answer
$dig txt inlanefreight.htb. @1.1.1.1 thank you if u can help me with a hint
Read the hint! “One of the existing zones contains a TXT record.” That means the txt record can be in any of the zones that you have enumerated previously.
If you use the command:
You’re making reference to the same zone because if the givenip is 1.1.1.1 in /etc/hosts you match de domain name “inlanefreight.htb” with the 1.1.1.1 ip.
If you are stuck try the next question because they are related.
i did the txt question now how can u identify a zone i got this answer but not sure if its coincidence that there is the same soa that zones
this was very useful hint → awk
2 Likes
This is the difficult part. In the list of the domains/ips of ns.inlanefreight.htb that you must have identified before; you have another dns zone among the domains. You have to found it and you will see the domain names of the request ips of the next questions.
2 Likes
got it now i understand
Hello, im stuck in last question
Submit the number of all “A” records from all zones as the answer.
can anyone help me? that hint isnt helping me much.
Thanks
2 Likes
You have to add the A records of the zones. inlanefreight.htb ____.inlanefreight.htb
2 Likes
For those who have doubts how to work on these questions, they can help the Footprinting module.
1 Like
Can you elaborate on this please. currently stuck on the same question
There are 2 zones identified.
Use the zone transfer command dig axfr… in both zones.
Only sums remain the records A.
XX.
3 Likes
Hi folks,
Any thoughts as to why the basic dig command is failing on the HTB box?
TIA
EDIT:
Figured it out, I was using the wrong terminal, needed to use Parrot terminal, not Powershell, duh.
This one was a bit “tuff” over all. But as mentioned clues is to look at the 10.x.x.x stated as “TARGET” (it changes if you restart. and either add it as ns.inlanefreight.htb in /etc/hosts OR just use it in the end of the nslookup or dig.
I finallaly got them all but this block was helpful. I also figured out there was 2 zones, eventully, is/was there a easy was to see the ZONES? With e.g. nslookup or dig? just wondering.
I really don’t understand question #2:
“Identify how many zones exist on the target nameserver. Submit the number of found zones as the answer.”
I already know the answer is “2” as it was posted on the forum. What I don’t understand is WHY?
I did a zone transfer and received over twenty records.
“dig axfr inlanefreight.htb @ns.inlanefreight.htb”
or
“nslookup -type=any -query=AXFR inlanefreight.htb ns.inlanefreight.htb”
How do you know there are 2 zones? What makes a zone?
Is it because there are two SOA lines?
Thanks in advance!
John
1 Like
As per my understanding, you are adding the IP Address as “inlanefreight.htb” which is your domain name. When this IP is the name server’s IP.
1 Like
Thanks!
Hello 19delta4u,
I try to explain it to you as far as i understand.
We know that there are two zones becuase in the SOAP response there’s a 2.
A dns zone is a group o FQDN.
Yo can create a dns zone with a lot of dns names of the same level or only one. This zone is managed with only one dns nameserver, but, what if you have a domain with lot of trafic?
You can split it in a dedicated zone.
What if you need to add more utilites to this domain? Perhaps, you use another subdomain?
Think that dns names fall in a three.
I hope this helps you to solve this challenge.
1 Like
Be careful, that 2 in the SOA response doesn’t mean there are 2 zones. That is the zone record serial number. This increments every time a change is made to the zone, so other servers can check they are running the correct version.
So in this case it’s just coincidence!
The way to find out how many zones there are is to iterate through all of the returned subdomains and see if any return a result (zone).
You can do this manually one by one, but much better is to use the output from the first transfer to read in the records and run the transfer query against them again.
nslookup -query=axfr inlanefreight.htb X.X.X.X | grep “Name:” | cut -d “:” -f2 | while read ZONE; do nslookup -query=axfr $ZONE X.X.X.X; done > zones.txt
Where X.X.X.X is the spawned server IP.
5 Likes
Hi I got the output, but how do you calculate is only 2? I have around 19 zones available. Someone please help me out