DNS Enumeration

• In the activity this week, we focused a lot on finding the DNS server in our environment and using this server to find hostnames and other information inside of the network. DNS enumeration itself is the reconnaissance process regarding finding all of the DNS information about a network. We did this using a few different tools and in a few steps, the first being finding the DNS server. In order to find the DNS server, we used our port scanner script to find an open port 53. Once we found a machine with an open port 53, we knew this was our DNS server and we logged it.

• With the DNS server found, now we could move on to using nmap to finding some of the hostnames of machines on our network. The nmap one-liner we used to find all of the hostnames can be seen in the screenshot below.

• With all of this useful information, including host names of machines on the network, we are able to expand our attack surface on the network and continue gathering more information.