Hello, i’m trying to do the Active subdomain enumeration section in the module " Information Gathering - Web Edition " an there is this question : " Find and submit the contents of the TXT record in Active Subomain enum ". Actually i’m stuck if someone can help me or give me a hint, thank you 
1 Like
I have same the problem.
1 Like
Hey, were you able to complete the zone transfer on the target machine?
Did you get the answers to the first two questions?
Once you find all of the subdomains via transfer, then it is easy to query them for the answer.
DM me if this was not enough, or explain to me in greater detail where you are getting stuck.
-onthesauce
Hello, I finished the module ( uh actually I need 1 more thing, it’s just counting how many A records there is ) but I was able to complete all the others questions, actually it was just à problem of understanding what a zone is, it was way easier after that haha, but thanks a lot ! ( if someone need help, I would be incredibly happy to help )
1 Like
I can do it.
Hey,
I’ve been able to do the zone transfer but I don’t think I’m doing the right thing when I query the subdomains because I don’t get anything. Can you give me a hint on how to query the subdomains?
Have you queried every subdomain? I nearly gave up before I found it haha. DM me the line you are using to query it.
1 Like
Did you use nslookup or dig I’m stuck. Did you use the subdomain with the IP address or the target IP?
I used dig for that module, nslookup kept giving me weird output. I think you need to query the dns server. You might need to do a transfer first. Its been a while.
How do you transfer?
Hey i think i’m using a wrong query. Can you give me a little hint? I’m using: dig txt inlanefreight.htb @<subdomain_ip_adress>
The subdomain ip i’m usign it’s from axfr output
Note: I solve this when I realize I didn’t know very well what is a zone. Footprinting module help me to solve the question
I don’t know how you get anything from AXFR output. I haven’t gotten any output at all using dig axfr at all no matter what subdomain I hit it with. Can you give me any assistance with this? I’m sure I’m missing something, but I’ve been over the material several times now and can’t seem to find what it might be.
1 Like
Never mind. I figured it out. It’s right in the lesson! I feel kind of stupid now for missing it.
Can you help me I trying to find the contents of the TXT record? any tips
If you go back to the previous section, there is a command that is very similar to what you need for the txt record. You have to first create a txt document with the domain name and then create a document to contain the answer. You then have to craft the command to include these documents. I’m BramSLI1 over on the Discord and if you DM me, I can help you out there.
still iam stuck with this TXT record. I got DNS zone transfer, after that i checked every subdomain txt but no use. can anyone give me clue.
thanks in advance.
same
Use nslookup to find zones and save them to a file. After that use chatgpt to make a loop to do same thing to results. The txt record starts with "ZONE_TRANSFER***********
1 Like
Look well.! Try to find subdomains and check every single one. I will help you but the rest is on you. Read read read is the key of everything. Top 5 Commands to Test DNS Zone Transfer in 2 minutes | All About Testing After read article, you will learn more about zone transfer commands with different tools.
when u do nslookup or dig u will have many sub domains u should try each one to find the content.For nslookup ex: nslookup -query=TXT subdomain ip.