Archive | November 4, 2014

DNS Enumeration for National Cyber League (NCL) Regular Season Game 2

A zone transfer in DNS is a normal occurrence, but when this information falls into the wrong hands the effect can be devastating. A zone transfer is designed to update DNS servers with the correct information; however, the zone contains information that could map out the network, providing valuable data about the structure of the environment.

digAXFR-DNS-Zone-transfer
The screenshot above shows the dig command to contact the name server on 54.243.174.22, asking for information about a domain called “flag.ncl” and there is also a zone transfer being invoked with “-t AXFR”. As you can see from the output there is a good deal of information about potential target systems in the flag.ncl domain.

dig @54.243.174.22 flag.ncl -t AXFR
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> @54.243.174.22 flag.ncl -t AXFR
; (1 server found)
;; global options: +cmd
flag.ncl.		604800	IN	SOA	ncl. flag.ncl. 2 604800 86400 2419200 604800
flag.ncl.		604800	IN	NS	flag.ncl.
flag.ncl.		604800	IN	A	127.12.34.56
admin.flag.ncl.		604800	IN	A	127.44.65.92
secret.flag.ncl.	604800	IN	A	127.1.0.1
termserv.flag.ncl.	604800	IN	A	127.79.255.255
welcome.flag.ncl.	604800	IN	A	127.2.114.31
zeus.flag.ncl.		604800	IN	A	127.212.83.111
flag.ncl.		604800	IN	SOA	ncl. flag.ncl. 2 604800 86400 2419200 604800
;; Query time: 46 msec
;; SERVER: 54.243.174.22#53(54.243.174.22)
;; WHEN: Mon Nov  3 15:05:09 2014
;; XFR size: 9 records (messages 1, bytes 243)

 

Question and Answers for (Enum 2) Enumeration and Exploitation:

What is the IP Address for the domain: “flag.ncl”?
127.12.34.56

What is the domain name with the IP Address of 127.44.65.92 (FQDN)?
admin.flag.ncl

What is the domain name with the IP Address of 127.212.83.111 (FQDN)?
zeus.flag.ncl

What is the domain name with the IP Address of 127.2.114.31 (FQDN)?
welcome.flag.ncl

What is the domain name with the IP Address of 127.79.255.255 (FQDN)?
termserv.flag.ncl

What is the domain name with the IP Address of 127.1.0.1 (FQDN)?
secret.flag.ncl

 

Common DNS Record Types and Their Use:

A (address)
Maps a host name to an IP address

SOA (Start of Authority)
Identifies the DNS server responsible for the domain information

CNAME (canonical name)
Provides additional names or aliases for the address record

MX (mail exchange)
Identifies the mail server for the domain

SRV (service)
Identifies services such as directory services

PTR (pointer)
Maps IP addresses to host names

NS (name server)
Identifies other name servers for the domain

 

Leave a Comment

November 4, 2014 0 Comments ,