Hello friends i stuck on the question “Using the known subdomains for inlanefreight.com (www, ns1, ns2, ns3, blog, support, customer), find any missing subdomains by brute-forcing possible domain names. Provide your answer with the complete subdomain, e.g., www.inlanefreight.com.”
I launch the dns enum but nothing can see about subdomain except ns1,ns2,ns3,support,my,blog,customer. Need help !
Hi,
when asking for technological support it is crucial to append:
- Full command you used
- Output of that command
There are many ways to do everything and it is helpful to know your(!) approach to the topic.
I tried both of these:
dnsenum --enum inlanefreight.com -f /usr/share/wordlist/Discovery/DNS/subdomains-top1million-20000.txt --threads 90
dnsenum --enum inlanefreight.com -f /usr/share/wordlist/Discovery/DNS/subdomains-top1million-110000.txt --threads 90
It only finds ns1, ns2, ns3, www, support, blog, customer, and my. I tried using dnsenum and gobuster with a variety of different options. I also tried some base options with amass, dnsrecon, fierce and assetfinder but didn’t go in depth on the optional parameters.
Any ideas?
I can’t get this to work for the life of me. Tried everything from fuff to dnsenum to signing up for virustotal to get historical subdomains to gobuster. Tried it from the pwnbox and from the VPN, nothing. There is only 1 domain I get that isn’t on the list in the question and it won’t accept it as an answer for dnsenum. Tried combined_subdomains.txt, bitquark-subdomains-top100000.txt, namelist.txt, subdomains-top1million-110000.txt. The ones I got from VT don’t work either.
I had the same issue. I finally made it work after several hours.
Here is what I did in my VM (kali) :
- sudo nano /etc/resolv.conf
- change “nameserver 192.168.1.1” to “nameserver 1.1.1.1”
- save it
- run dnsenum and you should get it
Thanks! I got it.
I was including a trailing . before thinking that was the complete dns name but turns out I shouldnt lol
This solve my issue, when i run
dnsenum --enum inlanefreight.com -f Discovery/DNS/subdomains-top1million-110000.txt -r --threads 20
now find the subdomain in a few seconds.
Best regards.
I used the pwnbox and it worked
dnsenum --enum inlanefreight.com -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 20 --noreverse --nodnsserver --noreport --nocolor
make sure that google is not blocking u
You do have the answer right, just take a closer look .
The last dot [.] at the end of the example provided in the question is the end of the sentence, not example of FQDN with root dot ending it.