DNS Enumeration (Demo)

00:00

Hey, everyone, welcome back to the course. So in this video, we're gonna go over a brief demonstration of DNS enumeration. So why would we want to do DNS enumeration? Well, it's gonna give us a lot of different information or potentially give us a lot of different information. Like computer names. I p addresses information about the mail servers, name servers,

00:17

it just all sorts of other DNS records. And we'll go, We won't go through every single one of those

00:22

and this particular video, But we're gonna use a couple of manual ways of doing DNs enumeration. There are some tools built into Callie Lennox. There are many tools out there you can use for this. We're gonna be using two things primarily in this video we're gonna using Dig D i g, which is the Swiss Army knife. So to speak of DNS.

00:40

And we also are gonna be using s look up.

00:42

Go.

00:43

So first things first, let's run a quick n s look of command. We're just gonna use ah website I know of called drop funnels dot com. You notice here we can get some information about the I P addresses of servers in use by that particular site. We also get the We not only get the I P before we also get the I P V six addresses.

01:00

We could also do NSS, Ennis look up by itself and then we could set the type of name servers. And then we'll just use drop funnels dot com again, and we'll get information about the name servers for this domain.

01:11

And we could do the exact same thing for things like the mail records. So we can set our Type two MX on, then again specifying the drop photos dot com, and we'll be able to see any information about the mail servers.

01:23

Alright, so we'll clear a screen and then we're just gonna run. Dig real quick. So dig space Dash, tick, tick H. We'll give you the help menu. You notice there's a number of flags to use here. We're not gonna use most of these in this particular video. It's just a brief demonstration, so let's just run. Dig against drop funnels dot com

01:42

and you'll see we're able to get information about those I P addresses again for this particular domain.

01:48

So let's go ahead and specified by the type of record we want to search. In this case, we'll use the dash lower case T and then MX to specify the males, the mail servers. And so you see, here we get information back about the male servers in use by those domain, we could do the same thing for the name servers as well. So you notice they're using Cloudflare.

02:05

Now, if we just wanna look at just the name servers themselves,

02:07

we can use this plus short option. So this just gives us information that's relevant to our query. We can use this with any type of record, So all we have to do is just add that plus short at the end. So add that together at the end of whatever command you're typing and that will give you just the information you need back.

02:23

We can also look for the C name record just by specifying, dig, drop, funnels, calm and then see name.

02:29

And I'm just gonna clear the screen here real quick just so we can make it a little cleaner.

02:34

We could also just list out r I P v six addresses for the target so we could do dig the target, which is to drop funnels dot com in this case on. Then we can add the forays