< All Penetration Testing and Ethical Hacking (Archive) Notes

Chang Tan Lister | Penetration Testing and Ethical Hacking | Module 03 - Scanning

By: Chang Tan Lister | Related Course: Penetration Testing and Ethical Hacking (Archive) | Published: February 13, 2017 | Modified: February 13, 2017
Join Cybrary

Notepaddns Enumeratio

dnsrecon command, we can find MX records, nameserver stuff, IP addresses, clues on IP addr range, hosts, zone transfers. File output options.

NotepadDNS overview and zone transfers

nslookup from attacker machine

check on victim machine if its correct

ns lookup on windows, you can set type of query to ”mx”. Double check the queries between both the attacker machine and victim to match the authority rcords.

refresh, retryt, expire, minimum, specifications on how long before retrying a communication, when to refresh, when will the query expire, minimum time length before next query.


MX = mail recorrd

PTR = pointer record

NS = name server

SRV = service record (look at this)


in windows you can pull all of the records by ”ls -d ’hostname.com’”, with every machine that does what.


on the linux side, you cannot use the command with nslookup. You can use dig instead to get the much needed zone transfer information. Note that the admins can refuse this, but it takes a few more configurations on the WIndows side to shut out the vulnerability and harden the server.

NotepadSCanning Whiteboard

Really important.



Idle = Zombie scan

ICMP echo scans = list scans

UDP scan  no flags (at all)

< All Penetration Testing and Ethical Hacking (Archive) Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?