Activity 3.1: DNS Enumeration - morgan-hanrahan/Tech-Journal GitHub Wiki

Reflection

During this activity, we worked we created a bash DNS scan, DNS resolving script, did an nmap hunt for DNS servers, worked with reverse lookup in nmap, and learned and worked with zone transfer. This activity taught us how to set up Git on our Kali Linux box and run add/remove, commit, and pushes. I found this activity fairly easy and only struggled with learning about specific nmap flags and creating the first script. I collaborated with a few classmates, which made these aspects a little easier. After those few hurdles, I easily finished the rest of the activity.

Commands

Network Scanning

Scanning a network to look for its DNS can be done in a simple one-liner. This of course is assuming that it is a /24 network. The command is as follows:

• sudo nmap -Pn --open 10.0.5.0/24 -p 53 -oG dns-servers2.txt
  • -Pn is used to skip host discovery
  • --open is used to only show open ports
  • -p is used to specify a single port (DNS)
  • -oG makes the output greppable and puts it into the file dns-servers2.txt

Reverse Lookup

In order to perform a reverse lookup with nmap you want to use the -sL flag. My particular one-liner also contains additional flags in order to print specific output. It goes as follows:

• sudo nmap -sL 10.0.5.0/24 --dns-servers 10.0.5.22 | grep ")" | awk '{print $5,$6}' | head -n -1 | tail -n+2