DNS
Nmap discovered a DNS server on the target IPv6 port 53
The running service is Simple DNS Plus
Reverse Lookup
┌──(kali㉿kali)-[~/archive/htb/labs/apt]
└─$ nslookup
> server apt.htb.local
Default server: apt.htb.local
Address: dead:beef::b885:d62a:d679:573f#53
> 127.0.0.1
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; no servers could be reached
> ::1
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; no servers could be reached
> apt
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; no servers could be reached
> 10.10.10.213
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; communications error to dead:beef::b885:d62a:d679:573f#53: timed out
;; no servers could be reachedReverse lookup failed. Nothing found.
dig
┌──(kali㉿kali)-[~/archive/htb/labs/apt]
└─$ dig any HTB.LOCAL @$IPv6
; <<>> dig 9.18.16-1-debian <<>> any htb.local @dead:beef::b885:d62a:d679:573f
;; global options: +cmd
;; got answer:
;; warning: .local is reserved for Multicast DNS
;; You are currently testing what happens when an mDNS query is leaked to DNS
;; ->>header<<- opcode: QUERY, status: NOERROR, id: 39592
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 5
;; opt pseudosection:
; edns: version: 0, flags:; udp: 4000
;; question section:
;HTB.LOCAL. IN ANY
;; answer section:
HTB.LOCAL. 600 IN A 10.10.10.213
HTB.LOCAL. 3600 IN NS apt.HTB.LOCAL.
HTB.LOCAL. 3600 IN SOA apt.HTB.LOCAL. hostmaster.HTB.LOCAL. 251 900 600 86400 3600
htb.local. 600 in aaaa dead:beef::183f:801c:80e2:9c63
htb.local. 600 in aaaa dead:beef::24b
htb.local. 600 in aaaa dead:beef::b885:d62a:d679:573f
;; additional section:
apt.HTB.LOCAL. 3600 IN A 10.10.10.213
apt.htb.local. 3600 in aaaa dead:beef::183f:801c:80e2:9c63
apt.htb.local. 3600 in aaaa dead:beef::24b
apt.htb.local. 3600 in aaaa dead:beef::b885:d62a:d679:573f
;; query time: 232 msec
;; server: dead:beef::b885:d62a:d679:573f#53(dead:beef::b885:d62a:d679:573f) (TCP)
;; when: Sun Oct 22 15:46:58 CEST 2023
;; msg size rcvd: 303Nothing new found
dnsenum
Due to dnsenum not supporting IPv6 host, I will opt out to other tools
dnscan
┌──(kali㉿kali)-[~/archive/htb/labs/apt]
└─$ python3 ~/Tools/dnscan/dnscan.py --domain HTB.LOCAL -6 -r -w /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt
[*] Processing domain HTB.LOCAL
[*] using system resolvers: 1.1.1.1
[+] Getting nameservers
[-] Getting nameservers failed
[-] Zone transfer failed
[-] DNSKEY lookup returned error code NXDOMAIN
[*] Scanning HTB.LOCAL for AAAA recordsNo additional AAAA records found