Hi All, I am stuck on the following in Academy.
FootPrinting - Interact with the target DNS using its IP address and enumerate the FQDN of it for the “inlanefreight.htb” domain.
Ran dig and found 2 x domains. Which I have been able to transfer using dig axfr. This answered 2 of the 4 questions - woohoo!
Then ran ‘dnsenum’ with every SecList/Discovery/DNS text file. I cannot find any other subdomains.
I have updated /etc/hosts file
I have ran nslookup and hosts - no luck
I have ran Amass, Wfuzz and Gobuster (dns) - no luck
I have ran every switch in ‘dig’ what am i missing here?
Do I understand you correctly that you first queried the subdomain with dig axfr and then brutforced ithe same Subdomain with DNSenum?
If yes, why? If the zone allows a zone transfer, it gives you all the data voluntarily.
In the hosts file you only have to enter domain names/IP addresses which your DNS resolver does not know or you want to overwrite its entries.
Thanks for the reply. okay…I got it…basically I had a ‘dot’ extension on the end…removed and it worked.
So yet to find x.x.x.203 - I’ve used all the SecLists in /opt/useful/SecLists/Discovery/DNS against inlanefreight.htb? Does not find any other hosts. Any clues?
Doh! worked it out. it was staring me in the face
Hi are you able to give me a hint on this im not able to find x.x.x.203
Find all zones.
Remember that not every DNS server allows zone transfer from everyone.
How do you solv the problem?