Home Unlabelled Penetration testing DNS service port 53 and Akamai Bypass

Penetration testing DNS service port 53 and Akamai Bypass

By
Friday, February 20, 2015
Read
Add Comment

Penetration testing DNS service port 53 and Akamai Bypass


So, you discover port 53 UDP open with nmap using the -A flag.

What to do?

Here are some tools you might find useful:


  • nmap using -A flag or DNS scripts 
    • http://nmap.org/nsedoc/scripts/dns-zone-transfer.html
    • http://nmap.org/nsedoc/scripts/dns-cache-snoop.html
    • http://nmap.org/nsedoc/scripts/dns-brute.html
    • http://nmap.org/nsedoc/scripts/dns-recursion.html
    • Not relevant http://nmap.org/nsedoc/scripts/dns-check-zone.html
  • Metaploit
    • auxiliary/scanner/dns/dns_amp
    • or search:dns
  • fierce
    • fierce -dns
  • dig ANY isc.org @x.x.x.x (see link bottom page)
  • Online tools http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=libero.it but pay attention to name server (n1.libero.it instead of ns1.libero.it). In fact the command "nslookup -type=ns libero.it"  says that n1.libero.it is the name server but another name server was discovered via bruteforce with fierce "ns1.libero.it" and this is affected by recursion and maybe other vulns.
how to know what domain use a certain name server


  • https://www.robtex.com/dns/ns1.libero.it.html#graph



Find domain names sharing the same IP


  • nmap -p 80 --script hostmap-bfk.nse
Find Autoritive and non-authoritative answers:
  • nslookup -type=ns blogger.com OR host -t ns blogger.com OR whois blogger.com

Bruteforcing DNS names (helps in Bypassing Akamai too)

  • My Favourite: Fierge
    • http://resources.infosecinstitute.com/dns-hacking/
    • http://tools.kali.org/information-gathering/fierce 
    • http://www.behindthefirewalls.com/2013/06/dns-enumeration-with-fierce-in.html
  • http://null-byte.wonderhowto.com/how-to/hack-like-pro-abusing-dns-for-reconnaissance-0157448/ 
  • Another good one: https://nmap.org/nsedoc/scripts/dns-brute.html
    • nmap -p 80  --script dns-brute.nse  www.target.com
  • http://www.darknet.org.uk/2007/04/dns-brute-force-extract-ws-dns-bfx/
  • pydns http://blog.0x0lab.org/2011/12/dns-brute-force/
  • https://github.com/TheRook/subbrute

Other recon tools http://hackertarget.com/7-nmap-nse-scripts-recon/
https://code.google.com/p/dnsmap/

Nice article DNS replication https://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/

BruteForce telnet VNC and other protocols (OT) http://www.securitytube.net/video/4758
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us