Hello there,
I’m having trouble trying to solve medium lab in the “Network enumeration with nmap” module.
So far I have tried -g for setting source port to 53, -D RND:20 for decoys, and I have tampered a little with different scripting options (-sV, --script dns-nsid, --script version…). None of this worked.
Can someone help?
I also tried to spoof my ip with -S <someRandomIp> -e tun0. However nmap seems unable to find a route to the target when I do that. I don’t know if it has anything to do with me using wsl for running the command.
Thanks in advance.
This lab is not that complicated actually. The objective here is to perform DNS enumeration with Nmap.
Use nmap --script dns-zone-transfer 10.129.96.74 --script-args dns-zone-transfer.server=10.129.96.74 dns-zone-transfer.domain=zone-transfer.me to discover the doman service that is running on the target IP
In the output, you will see that the DNS service is running (indicated by the domain service) on port 53.
You add the -p 53 -sV flag to see the DNS version in the output (Full command attached in screenshot)
Hope this helps!