So here is a very interesting topic on how to extract information from DNS servers which can be a valuable asset to any hacker. DNS servers are an excellent target for hackers and penetration testers i use this technique all the time. They usually contain information that is considered highly valuable to attackers. DNS is a core component of both our local networks and the Internet. Among other things, DNS is responsible for the process of translating domain names to IP addresses which is pretty useful in our world of diverse hacking . It is much easier for us to remember “google.com” rather than http://74.125.95.105. However, machines prefer the reverse which I find pretty weird at first.
DNS serves acts as the middle man to perform this translation process. As penetration testers, it is important to focus on the DNS servers that belong to our target. The reason is simple. In order for DNS to function properly, it needs to be aware of both the IP address and the corresponding domain name of each computer on its network. In terms of reconnaissance, gaining full access to a company’s DNS server is like finding a finding a blueprint to the organization. But in this case the blueprint contains a full listing of internal IP addresses that belong to our target.
Remember one of the key elements of information gathering is to collect IP addresses that belong to the target right. Another reason why picking on DNS is so enjoyable is that in many cases to me these servers tend to operate on the “if it isn’t broke bogus stuff, don’t touch it” principle. Inexperienced network administrators often regard their DNS servers with suspicion and mistrust. Oftentimes, they choose to ignore the box completely because they do not fully understand it. As a result touching, patching, updating, or changing configurations on the DNS server is often a low priority. Add this to the fact that most DNS servers appear to be very stable (as long as the administrator is not monkeying with it) and you have a recipe for a security disaster.
These admins wrongly learn early in their career that the less they mess with their DNS servers, the less trouble it seemed to cause them which is true can’t hurt them for that. As a penetration tester, given the number of misconfigured and unpatched DNS servers that abound today, it is natural to assume that many current network admins operate under this same principle. So the next logical question becomes, how do we access this virtual pot of gold? Before we can begin the process of examining a DNS server, we need an IP address. Some of these references were by host names, whereas others were by IP addresses. Using the host command, we can translate any host names into IP addresses and add these IPs to the potential target list. Again, you must be sure to double- and triple-check that the IP you collect is within your authorized scope before continuing.
Now that we have a list of DNS IP addresses that belong to or serve our target we can begin the process of interrogating DNS to extract information which can be a little painful at times. Although it is becoming more rare to find, one of our first tasks when interacting with a target DNS is to attempt a zone transfer. Remember DNS servers contain a series of records that match up the IP address and host name for all the devices that the servers are aware of. Many networks deploy multiple DNS servers for the sake of redundancy or load balancing. As a result, DNS servers need a way to share information. This “sharing” process occurs through the use of a zone transfer. During a zone transfer, also commonly referred to as AXFR, one DNS server will send all the host-to-IP mappings it contains to another DNS server. This process allows multiple DNS servers to stay in sync. Even if we are unsuccessful in performing a zone transfer, we should still spend time investigating any DNS servers that fall within our authorized scope.
So there you have it, I hope you learnt something although it’s a bit long, but here is a little tip. if you are going to be a hacker you have to read a lot and that’s where most hackers fail because they get inspired to be a hacker for the wrong reasons and so when it gets hard they quit, so what I would advise you to do is never give up and you will make it. although I am not really a hacker anymore due to various reasons when I started I was wondering what the hell is this, but I work through those moments when my code doesn’t seem to click right until I reach on a another level remember hackers rule!!!!!!!!.
Leave a Reply