Identify if its possible to perform a zone transfer and submit the TXT record as the answer. (Format: HTB{...))

Hi everyone

I’m trying to complete this task, specifically the zone transfer and I have tried the following commands but all return connection refused.

┌──(kings㉿kali)-[~]
└─$ dig axfr inlanefreight.htb @ns.inlanefreight.htb.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.

┌──(kings㉿kali)-[~]
└─$ dig axfr inlanefreight.htb @ns.inlanefreight.htb.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.

┌──(kings㉿kali)-[~]
└─$ sudo dig axfr inlanefreight.htb @ns.inlanefreight.htb.
[sudo] password for kings:
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.

┌──(kings㉿kali)-[~]
└─$ sudo dig axfr inlanefreight.htb @ns.inlanefreight.htb
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.
;; Connection to 127.0.0.1#53(127.0.0.1) for inlanefreight.htb failed: connection refused.

Any hints or help is appreciated.

Thanks

Hey what does your /etc/resolv.conf file look like? If you haven’t added an entry pointing to the target server as a nameserver then it will probably keep failing. It looks like it is trying to query some sort of internal DNS on your machine.

This is one of the few exercises that I recommend the pwnbox for.
-onthesauce

Thanks for your help, I have finally completed this section!

I initially edited resolv.conf to include the target nameserver but after hours of failed attempts, I gave up trying to use a local host (too many variables) and took your advice, using the pwnbox.

Thanks again!

hey guys
still am stuck with this session
anyone can give some hints would be appreciated

thank you

Hi

I also found this one to be somewhat tricky, which I think came down to syntax errors whilst running commands.

As @onthesauce mentions, to avoid DNS configuration errors, it’s best to complete this box using the pwnbox.

Where exactly are you up to and can you give more info about any errors you’re receiving?

I am also stuck on this problem and can’t get past it. I’ve tried almost every combination of subdomain that it gives and every way of putting the command. Constantly getting connection refused. If you have completed it please share the command you used to gain a transfer. Thanks in advance

Did you get it sorted? I will be running through the labs again and I will be starting with DNS as I feel this is the one that I need to put the most work in to and only made basic notes with this one unfortunately as I was so frustrated by it.

Let me know if you still need help and I’ll DM you.

I completed this lab please refer to this forum link if anyone has any questions here.
https://forum.hackthebox.com/t/active-subdomain-enumeration-htb-academy/250147/48?u=titaniumknight

I’m trying to complete this task, specifically the zone transfer

Q: Identify if its possible to perform a zone transfer and submit the TXT record as the answer. (Format: HTB{…))
Any hints or help is appreciated

try the combination of subdomains using the same dns_ip_address : dig axfr subdomain.webpage.com @dns_ip_address.

you dont need all of that all you need to do is dig axfr the the domain to the ip and you will obtain an internal domain. dig afxr that internal domain and you will obtain your TXT IN THAT FORMAT and you will aslo obtain the answer to the next question about the DC1 IP.

dig axfr internal.inlanefreight.htb @ip_address

Just follow the instructions of the lesson.