OSCP Security Technology - Enumeration(3)
OSCP Security Technology - Enumeration(3)
DNS Enumeration
host -t ns zonetransfer.me
host -t mx zonetransfer.me
host zonetransfer.me
host -l zonetransfer.me nsztm1.digi.ninja
dnsrecon -d zonetransfer.me -t axfr
kali@kali:~$ dnsrecon -d zonetransfer.me -t axfr
[*] Testing NS Servers for Zone Transfer
[*] Checking for Zone Transfer for zonetransfer.me name servers
[*] Resolving SOA Record
[+] SOA nsztm1.digi.ninja 81.4.108.41
[*] Resolving NS Records
[*] NS Servers found:
[*] NS nsztm1.digi.ninja 81.4.108.41
[*] NS nsztm2.digi.ninja 34.225.33.2
[*] Removing any duplicate NS server IP Addresses...
[*]
[*] Trying NS server 81.4.108.41
[+] 81.4.108.41 Has port 53 TCP Open
[+] Zone Transfer was successful!!
[*] SOA nsztm1.digi.ninja 81.4.108.41
[*] NS nsztm1.digi.ninja 81.4.108.41
[*] NS nsztm2.digi.ninja 34.225.33.2
[*] NS intns1.zonetransfer.me 81.4.108.41
[*] NS intns2.zonetransfer.me 52.91.28.78
[*] TXT google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA
[*] TXT 6Oa05hbUJ9xSsvYy7pApQvwCUSSGgxvrbdizjePEsZI
[*] TXT ; ls
[*] TXT Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes
[*] TXT AbCdEfG
[*] TXT Hi to Josh and all his class
[*] TXT ZoneTransfer.me service provided by Robin Wood - robin@digi.ninja. See http://digi.ninja/projects/zonetransferme.php for more information.
[*] TXT Robin Wood
[*] TXT ' or 1=1 --
[*] TXT () { :]}; echo ShellShocked
[*] TXT '><script>alert('Boo')</script>
[*] PTR www.zonetransfer.me 5.196.105.14
[*] MX @.zonetransfer.me ASPMX.L.GOOGLE.COM 142.250.157.27
[*] MX @.zonetransfer.me ALT1.ASPMX.L.GOOGLE.COM 142.250.141.27
[*] MX @.zonetransfer.me ALT2.ASPMX.L.GOOGLE.COM 142.250.115.27
[*] MX @.zonetransfer.me ASPMX2.GOOGLEMAIL.COM 142.250.141.26
[*] MX @.zonetransfer.me ASPMX3.GOOGLEMAIL.COM 142.250.115.26
[*] MX @.zonetransfer.me ASPMX4.GOOGLEMAIL.COM 64.233.171.26
[*] MX @.zonetransfer.me ASPMX5.GOOGLEMAIL.COM 142.250.152.26
[*] AAAA deadbeef.zonetransfer.me dead:beaf::
[*] AAAA ipv6actnow.org.zonetransfer.me 2001:67c:2e8:11::c100:1332
[*] A @.zonetransfer.me 5.196.105.14
[*] A asfdbbox.zonetransfer.me 127.0.0.1
[*] A canberra-office.zonetransfer.me 202.14.81.230
[*] A dc-office.zonetransfer.me 143.228.181.132
[*] A email.zonetransfer.me 74.125.206.26
[*] A home.zonetransfer.me 127.0.0.1
[*] A intns1.zonetransfer.me 81.4.108.41
[*] A intns2.zonetransfer.me 167.88.42.94
[*] A office.zonetransfer.me 4.23.39.254
[*] A owa.zonetransfer.me 207.46.197.32
[*] A alltcpportsopen.firewall.test.zonetransfer.me 127.0.0.1
[*] A vpn.zonetransfer.me 174.36.59.154
[*] A www.zonetransfer.me 5.196.105.14
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.80
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.14
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.123
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.68
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:1a00:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:8400:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:6a00:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:4000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:5600:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:5000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:f000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:8800:3:59a3:1dc0:93a1
[*] SRV _sip._tcp.zonetransfer.me www 5060 0 no_ip
[*] HINFO Casio fx-700G Windows XP
[*] RP robin robinwood
[*] AFSDB 1 asfdbbox
[*] AFSDB 1 asfdbbox
[*] LOC 53 20 56.558 N 1 38 33.526 W 0.00m
[*] NAPTR P 1 1 email.zonetransfer.me E2U+email
[*] NAPTR P 2 3 !^.*$!sip:customer-service@zonetransfer.me! . E2U+sip
[*]
[*] Trying NS server 34.225.33.2
[+] 34.225.33.2 Has port 53 TCP Open
[+] Zone Transfer was successful!!
[*] SOA nsztm1.digi.ninja 81.4.108.41
[*] NS nsztm1.digi.ninja 81.4.108.41
[*] NS nsztm2.digi.ninja 34.225.33.2
[*] NS intns1.zonetransfer.me 81.4.108.41
[*] NS intns2.zonetransfer.me 52.91.28.78
[*] TXT google-site-verification=tyP28J7JAUHA9fw2sHXMgcCC0I6XBmmoVi04VlMewxA
[*] TXT 2acOp15rSxBpyF6L7TqnAoW8aI0vqMU5kpXQW7q4egc
[*] TXT 6Oa05hbUJ9xSsvYy7pApQvwCUSSGgxvrbdizjePEsZI
[*] TXT ; ls
[*] TXT Remember to call or email Pippa on +44 123 4567890 or pippa@zonetransfer.me when making DNS changes
[*] TXT AbCdEfG
[*] TXT Hi to Josh and all his class
[*] TXT ZoneTransfer.me service provided by Robin Wood - robin@digi.ninja. See http://digi.ninja/projects/zonetransferme.php for more information.
[*] TXT Robin Wood
[*] TXT ' or 1=1 --
[*] TXT () { :]}; echo ShellShocked
[*] TXT '><script>alert('Boo')</script>
[*] PTR www.zonetransfer.me 5.196.105.14
[*] MX @.zonetransfer.me ASPMX.L.GOOGLE.COM 142.250.157.27
[*] MX @.zonetransfer.me ALT1.ASPMX.L.GOOGLE.COM 142.250.141.27
[*] MX @.zonetransfer.me ALT2.ASPMX.L.GOOGLE.COM 142.250.115.27
[*] MX @.zonetransfer.me ASPMX2.GOOGLEMAIL.COM 142.250.141.26
[*] MX @.zonetransfer.me ASPMX3.GOOGLEMAIL.COM 142.250.115.26
[*] MX @.zonetransfer.me ASPMX4.GOOGLEMAIL.COM 64.233.171.26
[*] MX @.zonetransfer.me ASPMX5.GOOGLEMAIL.COM 142.250.152.26
[*] AAAA deadbeef.zonetransfer.me dead:beaf::
[*] AAAA ipv6actnow.org.zonetransfer.me 2001:67c:2e8:11::c100:1332
[*] A @.zonetransfer.me 5.196.105.14
[*] A asfdbbox.zonetransfer.me 127.0.0.1
[*] A canberra-office.zonetransfer.me 202.14.81.230
[*] A dc-office.zonetransfer.me 143.228.181.132
[*] A email.zonetransfer.me 74.125.206.26
[*] A home.zonetransfer.me 127.0.0.1
[*] A intns1.zonetransfer.me 81.4.108.41
[*] A intns2.zonetransfer.me 52.91.28.78
[*] A office.zonetransfer.me 4.23.39.254
[*] A owa.zonetransfer.me 207.46.197.32
[*] A alltcpportsopen.firewall.test.zonetransfer.me 127.0.0.1
[*] A vpn.zonetransfer.me 174.36.59.154
[*] A www.zonetransfer.me 5.196.105.14
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.80
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.14
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.123
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 13.225.149.68
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:1a00:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:8400:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:6a00:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:4000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:5600:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:5000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:f000:3:59a3:1dc0:93a1
[*] CNAME staging.zonetransfer.me www.sydneyoperahouse.com. 2600:9000:20c5:8800:3:59a3:1dc0:93a1
[*] SRV _sip._tcp.zonetransfer.me www 5060 0 no_ip
[*] HINFO Casio fx-700G Windows XP
[*] RP robin robinwood
[*] AFSDB 1 asfdbbox
[*] AFSDB 1 asfdbbox
[*] LOC 53 20 56.558 N 1 38 33.526 W 0.00m
[*] NAPTR P 1 1 email.zonetransfer.me E2U+email
[*] NAPTR P 2 3 !^.*$!sip:customer-service@zonetransfer.me! . E2U+sip
kali@kali:~$
dnsenum zonetransfer.me
kali@kali:~$ dnsenum zonetransfer.me
dnsenum VERSION:1.2.6
----- zonetransfer.me -----
Host's addresses:
__________________
zonetransfer.me. 7200 IN A 5.196.105.14
Name Servers:
______________
nsztm2.digi.ninja. 10042 IN A 34.225.33.2
nsztm1.digi.ninja. 10359 IN A 81.4.108.41
Mail (MX) Servers:
___________________
ASPMX4.GOOGLEMAIL.COM. 260 IN A 64.233.171.26
ASPMX.L.GOOGLE.COM. 184 IN A 74.125.23.26
ASPMX5.GOOGLEMAIL.COM. 45 IN A 142.250.152.26
ALT1.ASPMX.L.GOOGLE.COM. 78 IN A 142.250.141.26
ASPMX2.GOOGLEMAIL.COM. 200 IN A 142.250.141.26
ASPMX3.GOOGLEMAIL.COM. 145 IN A 142.250.115.26
ALT2.ASPMX.L.GOOGLE.COM. 278 IN A 142.250.115.27
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
Trying Zone Transfer for zonetransfer.me on nsztm2.digi.ninja ...
zonetransfer.me. 7200 IN SOA (
zonetransfer.me. 300 IN HINFO "Casio
zonetransfer.me. 301 IN TXT (
zonetransfer.me. 7200 IN MX 0
zonetransfer.me. 7200 IN MX 10
zonetransfer.me. 7200 IN MX 10
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN A 5.196.105.14
zonetransfer.me. 7200 IN NS nsztm1.digi.ninja.
zonetransfer.me. 7200 IN NS nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me. 301 IN TXT (
_acme-challenge.zonetransfer.me. 301 IN TXT (
_sip._tcp.zonetransfer.me. 14000 IN SRV 0
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.
asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1
asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1
asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1
canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230
cmdexec.zonetransfer.me. 300 IN TXT ";
contact.zonetransfer.me. 2592000 IN TXT (
dc-office.zonetransfer.me. 7200 IN A 143.228.181.132
deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::
dr.zonetransfer.me. 300 IN LOC 53
DZC.zonetransfer.me. 7200 IN TXT AbCdEfG
email.zonetransfer.me. 2222 IN NAPTR (
email.zonetransfer.me. 7200 IN A 74.125.206.26
Hello.zonetransfer.me. 7200 IN TXT "Hi
home.zonetransfer.me. 7200 IN A 127.0.0.1
Info.zonetransfer.me. 7200 IN TXT (
internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.
internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.
intns1.zonetransfer.me. 300 IN A 81.4.108.41
intns2.zonetransfer.me. 300 IN A 52.91.28.78
office.zonetransfer.me. 7200 IN A 4.23.39.254
ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332
owa.zonetransfer.me. 7200 IN A 207.46.197.32
robinwood.zonetransfer.me. 302 IN TXT "Robin
rp.zonetransfer.me. 321 IN RP (
sip.zonetransfer.me. 3333 IN NAPTR (
sqli.zonetransfer.me. 300 IN TXT "'
sshock.zonetransfer.me. 7200 IN TXT "()
staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1
testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.
vpn.zonetransfer.me. 4000 IN A 174.36.59.154
www.zonetransfer.me. 7200 IN A 5.196.105.14
xss.zonetransfer.me. 300 IN TXT "'><script>alert('Boo')</script>"
Trying Zone Transfer for zonetransfer.me on nsztm1.digi.ninja ...
zonetransfer.me. 7200 IN SOA (
zonetransfer.me. 300 IN HINFO "Casio
zonetransfer.me. 301 IN TXT (
zonetransfer.me. 7200 IN MX 0
zonetransfer.me. 7200 IN MX 10
zonetransfer.me. 7200 IN MX 10
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN MX 20
zonetransfer.me. 7200 IN A 5.196.105.14
zonetransfer.me. 7200 IN NS nsztm1.digi.ninja.
zonetransfer.me. 7200 IN NS nsztm2.digi.ninja.
_acme-challenge.zonetransfer.me. 301 IN TXT (
_sip._tcp.zonetransfer.me. 14000 IN SRV 0
14.105.196.5.IN-ADDR.ARPA.zonetransfer.me. 7200 IN PTR www.zonetransfer.me.
asfdbauthdns.zonetransfer.me. 7900 IN AFSDB 1
asfdbbox.zonetransfer.me. 7200 IN A 127.0.0.1
asfdbvolume.zonetransfer.me. 7800 IN AFSDB 1
canberra-office.zonetransfer.me. 7200 IN A 202.14.81.230
cmdexec.zonetransfer.me. 300 IN TXT ";
contact.zonetransfer.me. 2592000 IN TXT (
dc-office.zonetransfer.me. 7200 IN A 143.228.181.132
deadbeef.zonetransfer.me. 7201 IN AAAA dead:beaf::
dr.zonetransfer.me. 300 IN LOC 53
DZC.zonetransfer.me. 7200 IN TXT AbCdEfG
email.zonetransfer.me. 2222 IN NAPTR (
email.zonetransfer.me. 7200 IN A 74.125.206.26
Hello.zonetransfer.me. 7200 IN TXT "Hi
home.zonetransfer.me. 7200 IN A 127.0.0.1
Info.zonetransfer.me. 7200 IN TXT (
internal.zonetransfer.me. 300 IN NS intns1.zonetransfer.me.
internal.zonetransfer.me. 300 IN NS intns2.zonetransfer.me.
intns1.zonetransfer.me. 300 IN A 81.4.108.41
intns2.zonetransfer.me. 300 IN A 167.88.42.94
office.zonetransfer.me. 7200 IN A 4.23.39.254
ipv6actnow.org.zonetransfer.me. 7200 IN AAAA 2001:67c:2e8:11::c100:1332
owa.zonetransfer.me. 7200 IN A 207.46.197.32
robinwood.zonetransfer.me. 302 IN TXT "Robin
rp.zonetransfer.me. 321 IN RP (
sip.zonetransfer.me. 3333 IN NAPTR (
sqli.zonetransfer.me. 300 IN TXT "'
sshock.zonetransfer.me. 7200 IN TXT "()
staging.zonetransfer.me. 7200 IN CNAME www.sydneyoperahouse.com.
alltcpportsopen.firewall.test.zonetransfer.me. 301 IN A 127.0.0.1
testing.zonetransfer.me. 301 IN CNAME www.zonetransfer.me.
vpn.zonetransfer.me. 4000 IN A 174.36.59.154
www.zonetransfer.me. 7200 IN A 5.196.105.14
xss.zonetransfer.me. 300 IN TXT "'><script>alert('Boo')</script>"
Brute forcing with /usr/share/dnsenum/dns.txt:
_______________________________________________
^C
Other Enumeration
- FTP
- SNMP
- SMTP
相信未来 - 该面对的绝不逃避,该执著的永不怨悔,该舍弃的不再留念,该珍惜的好好把握。
