DNS Reconnaissance and whois | 95




Download 22,59 Mb.
Pdf ko'rish
bet95/225
Sana14.05.2024
Hajmi22,59 Mb.
#232856
1   ...   91   92   93   94   95   96   97   98   ...   225
Bog'liq
learningkalilinux

DNS Reconnaissance and whois | 95

put, you can see the TXT record that was required to indicate to Google that I was the
registrant for the domain and had control of the DNS entries. You can also see who
the name servers for the domain are in this. This is partial output because a substan‐
tial amount of output results from using this tool. To get this output, I used the com‐
mand 
dnsrecon -d cloudroy.com -D /usr/share/dnsrecon/namelist.txt
.
Example 3-12. Using dnsrecon to gather DNS information
[
*
]
SOA dns078.a.register.com 216.21.231.78
[
*
]
NS dns249.d.register.com 216.21.236.249
[
*
]
Bind Version 
for
216.21.236.249 Register.com D DNS
[
*
]
NS dns151.b.register.com 216.21.232.151
[
*
]
Bind Version 
for
216.21.232.151 Register.com B DNS
[
*
]
NS dns078.a.register.com 216.21.231.78
[
*
]
Bind Version 
for
216.21.231.78 Register.com A DNS
[
*
]
NS dns118.c.register.com 216.21.235.118
[
*
]
Bind Version 
for
216.21.235.118 Register.com C DNS
[
*
]
MX aspmx3.googlemail.com 74.125.141.27
[
*
]
MX aspmx.l.google.com 108.177.112.27
[
*
]
MX alt2.aspmx.l.google.com 74.125.141.27
[
*
]
MX alt1.aspmx.l.google.com 173.194.175.27
[
*
]
MX aspmx2.googlemail.com 173.194.175.27
[
*
]
MX aspmx3.googlemail.com 2607:f8b0:400c:c06::1b
[
*
]
MX aspmx.l.google.com 2607:f8b0:4001:c02::1a
[
*
]
MX alt2.aspmx.l.google.com 2607:f8b0:400c:c06::1b
[
*
]
MX alt1.aspmx.l.google.com 2607:f8b0:400d:c0b::1b
[
*
]
MX aspmx2.googlemail.com 2607:f8b0:400d:c0b::1b
[
*
]
A cloudroy.com 208.91.197.39
[
*
]
TXT cloudroy.com
google-site-verification
=
rq3wZzkl6pdKp1wnWX_BItql6r1qKt34QmMcqE8jqCg
[
*
]
TXT cloudroy.com 
v
=
spf1 include:_spf.google.com ~all
Although it was fairly obvious from the MX records, the TXT record makes it clear
that this domain is using Google for hosting services. This is not to say that finding
just the TXT record tells that story. In some cases, an organization may change host‐
ing providers or no longer be using the service that required the TXT record without
removing the TXT record. Since there is no harm in leaving that record in the DNS
zone, organizations may leave this detritus around even after it’s not needed anymore.
Even knowing that they once used those services may tell you a few things, so using a
tool like 
dnsrecon
to extract as much DNS information as you can might be useful as
you are working through your testing.

Download 22,59 Mb.
1   ...   91   92   93   94   95   96   97   98   ...   225




Download 22,59 Mb.
Pdf ko'rish