Penetration testing DNS service port 53 and Akamai Bypass
Penetration testing DNS service port 53 and Akamai Bypass
So, you discover port 53 UDP open with nmap using the -A flag.
What to do?
Here are some tools you might find useful:
- nmap using -A flag or DNS scripts
- http://nmap.org/nsedoc/scripts/dns-zone-transfer.html
- http://nmap.org/nsedoc/scripts/dns-cache-snoop.html
- http://nmap.org/nsedoc/scripts/dns-brute.html
- http://nmap.org/nsedoc/scripts/dns-recursion.html
- Not relevant http://nmap.org/nsedoc/scripts/dns-check-zone.html
- Metaploit
- auxiliary/scanner/dns/dns_amp
- or search:dns
- fierce
- fierce -dns
- dig ANY isc.org @x.x.x.x (see link bottom page)
- Online tools http://www.dnsstuff.com/tools#dnsReport|type=domain&&value=libero.it but pay attention to name server (n1.libero.it instead of ns1.libero.it). In fact the command "nslookup -type=ns libero.it" says that n1.libero.it is the name server but another name server was discovered via bruteforce with fierce "ns1.libero.it" and this is affected by recursion and maybe other vulns.
- https://www.robtex.com/dns/ns1.libero.it.html#graph
Find domain names sharing the same IP
- nmap -p 80 --script hostmap-bfk.nse
Find Autoritive and non-authoritative answers:
- nslookup -type=ns blogger.com OR host -t ns blogger.com OR whois blogger.com
Bruteforcing DNS names (helps in Bypassing Akamai too)
- My Favourite: Fierge
- http://resources.infosecinstitute.com/dns-hacking/
- http://tools.kali.org/information-gathering/fierce
- http://www.behindthefirewalls.com/2013/06/dns-enumeration-with-fierce-in.html
- http://null-byte.wonderhowto.com/how-to/hack-like-pro-abusing-dns-for-reconnaissance-0157448/
- Another good one: https://nmap.org/nsedoc/scripts/dns-brute.html
- nmap -p 80 --script dns-brute.nse www.target.com
- http://www.darknet.org.uk/2007/04/dns-brute-force-extract-ws-dns-bfx/
- pydns http://blog.0x0lab.org/2011/12/dns-brute-force/
- https://github.com/TheRook/subbrute
Other recon tools http://hackertarget.com/7-nmap-nse-scripts-recon/
https://code.google.com/p/dnsmap/
https://code.google.com/p/dnsmap/
Nice article DNS replication https://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack/
BruteForce telnet VNC and other protocols (OT) http://www.securitytube.net/video/4758
BruteForce telnet VNC and other protocols (OT) http://www.securitytube.net/video/4758