DNS

Nmap discovered a DNS service on the target port 53 The running service is Simple DNS Plus

Reverse DNS Lookup

┌──(kali㉿kali)-[~/archive/htb/labs/axlle]
└─$ nslookup
> server 10.10.11.21
Default server: 10.10.11.21
Address: 10.10.11.21#53
> 127.0.0.1
1.0.0.127.in-addr.arpa	name = localhost.
> mainframe
Server:		10.10.11.21
Address:	10.10.11.21#53
 
** server can't find mainframe: SERVFAIL
> mainframe.axlle.htb
Server:		10.10.11.21
Address:	10.10.11.21#53
 
Name:	mainframe.axlle.htb
Address: 10.10.11.21
Name:	mainframe.axlle.htb
Address: dead:beef::41ee:b8c:380c:b72c
Name:	mainframe.axlle.htb
Address: dead:beef::207
> axlle.htb
Server:		10.10.11.21
Address:	10.10.11.21#53
 
Name:	axlle.htb
Address: 10.10.11.21
Name:	axlle.htb
Address: dead:beef::41ee:b8c:380c:b72c
Name:	axlle.htb
Address: dead:beef::207

2 AAAA (IPv6) records associated with the target domain are revealed;

dead:beef::41ee:b8c:380c:b72c
dead:beef::207

dig

┌──(kali㉿kali)-[~/archive/htb/labs/axlle]
└─$ dig any @$IP AXLLE.HTB
 
; <<>> DiG 9.19.21-1-Debian <<>> any @10.10.11.21 AXLLE.HTB
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2148
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 4
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;AXLLE.HTB.			IN	ANY
 
;; ANSWER SECTION:
AXLLE.HTB.		600	IN	A	10.10.11.21
AXLLE.HTB.		3600	IN	NS	mainframe.AXLLE.HTB.
AXLLE.HTB.		3600	IN	SOA	mainframe.AXLLE.HTB. hostmaster.AXLLE.HTB. 247 900 600 86400 3600
AXLLE.HTB.		600	IN	AAAA	dead:beef::41ee:b8c:380c:b72c
AXLLE.HTB.		600	IN	AAAA	dead:beef::207
 
;; ADDITIONAL SECTION:
mainframe.AXLLE.HTB.	3600	IN	A	10.10.11.21
mainframe.AXLLE.HTB.	3600	IN	AAAA	dead:beef::207
mainframe.AXLLE.HTB.	3600	IN	AAAA	dead:beef::41ee:b8c:380c:b72c
 
;; Query time: 35 msec
;; SERVER: 10.10.11.21#53(10.10.11.21) (TCP)
;; WHEN: Wed Jun 26 17:27:38 CEST 2024
;; MSG SIZE  rcvd: 253

dig found the same 2 AAAA (IPv6) records for the target domain

dead:beef::41ee:b8c:380c:b72c
dead:beef::207

dnsenum

┌──(kali㉿kali)-[~/archive/htb/labs/axlle]
└─$ dnsenum AXLLE.HTB --dnsserver $IP -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16
dnsenum VERSION:1.3.1
 
-----   axlle.htb   -----
 
 
Host's addresses:
__________________
 
axlle.htb.                               600      IN    A        10.10.11.21
 
 
Name Servers:
______________
 
mainframe.axlle.htb.                     1200     IN    A        10.10.11.21
 
 
Mail (MX) Servers:
___________________
 
 
 
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
 
unresolvable name: mainframe.axlle.htb at /usr/bin/dnsenum line 892 thread 1.
 
Trying Zone Transfer for axlle.htb on mainframe.axlle.htb ... 
AXFR record query failed: no nameservers
 
 
Brute forcing with /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt:
__________________________________________________________________________________________________
 
gc._msdcs.axlle.htb.                     600      IN    A        10.10.11.21
domaindnszones.axlle.htb.                600      IN    A        10.10.11.21
forestdnszones.axlle.htb.                600      IN    A        10.10.11.21
mainframe.axlle.htb.                     1200     IN    A        10.10.11.21
 
 
axlle.htb class C netranges:
_____________________________
 
 
 
Performing reverse lookup on 0 ip addresses:
_____________________________________________
 
 
0 results out of 0 IP addresses.
 
 
axlle.htb ip blocks:
_____________________
 
 
done.

Nothing found

dnsrecon

┌──(kali㉿kali)-[~/archive/htb/labs/axlle]
└─$ dnsrecon -d AXLLE.HTB -n $IP -D /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16   
[*] std: Performing General Enumeration against: AXLLE.HTB...
[-] DNSSEC is not configured for AXLLE.HTB
[*] 	 SOA mainframe.AXLLE.HTB 10.10.11.21
[*] 	 SOA mainframe.AXLLE.HTB dead:beef::41ee:b8c:380c:b72c
[*] 	 SOA mainframe.AXLLE.HTB dead:beef::207
[*] 	 NS mainframe.AXLLE.HTB 10.10.11.21
[*] 	 NS mainframe.AXLLE.HTB dead:beef::41ee:b8c:380c:b72c
[*] 	 NS mainframe.AXLLE.HTB dead:beef::207
[*] 	 A AXLLE.HTB 10.10.11.21
[*] 	 AAAA AXLLE.HTB dead:beef::207
[*] 	 AAAA AXLLE.HTB dead:beef::41ee:b8c:380c:b72c
[*] Enumerating SRV Records
[+] 	 SRV _gc._tcp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 3268
[+] 	 SRV _gc._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 3268
[+] 	 SRV _gc._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 3268
[+] 	 SRV _ldap._tcp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 389
[+] 	 SRV _ldap._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 389
[+] 	 SRV _ldap._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 389
[+] 	 SRV _kerberos._tcp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 88
[+] 	 SRV _kerberos._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 88
[+] 	 SRV _kerberos._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 88
[+] 	 SRV _kerberos._udp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 88
[+] 	 SRV _kerberos._udp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 88
[+] 	 SRV _kerberos._udp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 88
[+] 	 SRV _kpasswd._udp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 464
[+] 	 SRV _kpasswd._udp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 464
[+] 	 SRV _kpasswd._udp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 464
[+] 	 SRV _kpasswd._tcp.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 464
[+] 	 SRV _kpasswd._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 464
[+] 	 SRV _kpasswd._tcp.AXLLE.HTB mainframe.axlle.htb dead:beef::207 464
[+] 	 SRV _ldap._tcp.gc._msdcs.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 3268
[+] 	 SRV _ldap._tcp.gc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 3268
[+] 	 SRV _ldap._tcp.gc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::207 3268
[+] 	 SRV _ldap._tcp.pdc._msdcs.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 389
[+] 	 SRV _ldap._tcp.pdc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::207 389
[+] 	 SRV _ldap._tcp.pdc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 389
[+] 	 SRV _ldap._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 389
[+] 	 SRV _ldap._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::207 389
[+] 	 SRV _ldap._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 389
[+] 	 SRV _kerberos._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 88
[+] 	 SRV _kerberos._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 88
[+] 	 SRV _kerberos._tcp.dc._msdcs.AXLLE.HTB mainframe.axlle.htb dead:beef::207 88
[+] 	 SRV _ldap._tcp.ForestDNSZones.AXLLE.HTB mainframe.axlle.htb 10.10.11.21 389
[+] 	 SRV _ldap._tcp.ForestDNSZones.AXLLE.HTB mainframe.axlle.htb dead:beef::41ee:b8c:380c:b72c 389
[+] 	 SRV _ldap._tcp.ForestDNSZones.AXLLE.HTB mainframe.axlle.htb dead:beef::207 389
[+] 33 Records Found

Nothing found

InfoSec LAB

Explorer

Axlle_DNS

DNS

Reverse DNS Lookup

dig

dnsenum

dnsrecon

Interactive Graph View

Table of Contents

Backlinks