• Examining DNS with dig
  • Manipulating the Domain Name System




    Download 7,3 Mb.
    Pdf ko'rish
    bet49/115
    Sana27.11.2023
    Hajmi7,3 Mb.
    #106243
    1   ...   45   46   47   48   49   50   51   52   ...   115
    Bog'liq
    linuxbasicsforhackers

    Manipulating the Domain Name System
    Hackers can find a treasure trove of information on a target in its Domain 
    Name System (DNS). DNS is a critical component of the internet, and 
    although it’s designed to translate domain names to IP addresses, a hacker 
    can use it to garner information on the target.
    Examining DNS with dig
    DNS is the service that translates a domain name like hackers-arise.com to 
    the appropriate IP address; that way, your system knows how to get to it. 
    Without DNS, we would all have to remember thousands of IP addresses 
    for our favorite websites—no small task even for a savant.
    One of the most useful commands for the aspiring hacker is 
    dig
    , which 
    offers a way to gather DNS information about a target domain. The stored 
    DNS information can be a key piece of early reconnaissance to obtain before 
    attacking. This information could include the IP address of the target’s 
    name server (the server that translates the target’s name to an IP address), 
    the target’s email server, and potentially any subdomains and IP addresses.
    For instance, enter 
    dig hackers-arise.com 
    and add the 
    ns
    option (short 
    for nameserver). The nameserver for hackers-arise.com is displayed in the 
    ANSWER SECTION
    of Listing 3-3.


    34
    Chapter 3
    kali >dig hackers-arise.com ns
    --snip--
    ;; QUESTION SECTION:
    ;hackers-arise.com. IN NS
    ;; ANSWER SECTION:
    hackers-arise.com. 5 IN NS ns7.wixdns.net.
    hackers-arise.com. 5 IN NS ns6.wixdns.net.
    ;; ADDITIONAL SECTION:
    ns6.wixdns.net. 5 IN A 216.239.32.100
    --snip--
    Listing 3-3: Using dig and its ns option to get information on a domain nameserver
    Also note in the 
    ADDITIONAL SECTION
    that this 
    dig
    query reveals the IP 
    address (216.239.32.100) of the DNS server serving hackers-arise.com. This 
    section may look slightly different on your system or may not show at all.
    You can also use the 
    dig
    command to get information on email 
    servers connected to a domain by adding the 
    mx 
    option (
    mx
    is short for 
    mail exchange server). This information is critical for attacks on email sys-
    tems. For example, info on the www.hackers-arise.com email servers is shown 
    in the 
    AUTHORITY SECTION
    of Listing 3-4.
    kali >dig hackers-arise.com mx
    --snip--
    ;; QUESTION SECTION:
    ;hackers-arise.com. IN MX
    ;; AUTHORITY SECTION:
    hackers-arise.com. 5 IN SOA ns6.wixdns.net. support.wix.com 2016052216 
    10800 3600 604 800 3600
    --snip--
    Listing 3-4: Using dig and its mx option to get information on a domain mail exchange 
    server
    The most common Linux DNS server is the Berkeley Internet Name 
    Domain (BIND). In some cases, Linux users will refer to DNS as BIND, but 
    don’t be confused: DNS and BIND both map individual domain names to 
    IP addresses.

    Download 7,3 Mb.
    1   ...   45   46   47   48   49   50   51   52   ...   115




    Download 7,3 Mb.
    Pdf ko'rish