Tags:template Related to:note-taking,notes See also: Index: 📁EJPTv2 - INDEX
Summary
Walking through active info gathering tools and methodologies
Active Information Gathering
DNS Zone transfers
-
DNS interrogation - process of interrogating a DNS server to provide DNS records specific domain
-
DNS zone fiiles are transfered between form one DNS server to another using zone trasnfered - can be abused if left insecured
-
zonetransfer.me can be used for labs
-
dnsenum - can be used to enumerate dns both passive and active
-
hosts file - /etc/hosts - can be used to map any domains to ip addresses
-
Zone transfer must be enabled on nameservers to perform zone transfer. Can be done using dnsenum
Performing zone tranfer with dig
dig - perfered tool
Syntax: dig axfr nameserver domain
- Zone transfer can reveal details of internal IPs and portals
Fierce tool
fierce fierce -dns example.com
Host discovery - nmap
- -sn - ping sweep
Netdiscover - for host discovery
sudo netdiscover -i interface name -r subnet
Portscanning
nmap
- normal scan
- tcp full scan
- udp port scan