Rebound_DNS

DNS

---

Nmap discovered a DNS server on the port 53 The running service is Simple DNS Plus

Reverse Lookup

---

┌──(kali㉿kali)-[~/archive/htb/labs/rebound]
└─$ nslookup
> server 10.10.11.231
Default server: 10.10.11.231
Address: 10.10.11.231#53
> 127.0.0.1
;; communications error to 10.10.11.231#53: timed out
1.0.0.127.in-addr.arpa	name = localhost.
> rebound.htb
;; communications error to 10.10.11.231#53: timed out
Server:		10.10.11.231
Address:	10.10.11.231#53
 
Name:	rebound.htb
Address: 10.10.11.231
> dc01.rebound.htb
Server:		10.10.11.231
Address:	10.10.11.231#53
 
Name:	dc01.rebound.htb
Address: 10.10.11.231

Reverse lookup failed. Nothing new found.

dig

---

┌──(kali㉿kali)-[~/archive/htb/labs/rebound]
└─$ dig any REBOUND.HTB @$IP  
 
; <<>> DiG 9.18.16-1-Debian <<>> any REBOUND.HTB @10.10.11.231
;; global options: +cmd
;; got answer:
;; ->>header<<- opcode: QUERY, status: NOERROR, id: 54074
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
 
;; opt pseudosection:
; edns: version: 0, flags:; udp: 4000
;; question section:
;REBOUND.HTB.			IN	ANY
 
;; answer section:
REBOUND.HTB.		600	IN	A	10.10.11.231
REBOUND.HTB.		3600	IN	NS	dc01.REBOUND.HTB.
REBOUND.HTB.		3600	IN	SOA	dc01.REBOUND.HTB. hostmaster.REBOUND.HTB. 141 900 600 86400 3600
 
;; additional section:
dc01.REBOUND.HTB.	3600	IN	A	10.10.11.231
 
;; query time: 31 msec
;; server: 10.10.11.231#53(10.10.11.231) (TCP)
;; when: Sun Sep 10 19:01:58 CEST 2023
;; msg size  rcvd: 138

Nothing found

dnsenum

---

┌──(kali㉿kali)-[~/archive/htb/labs/rebound]
└─$ dnsenum REBOUND.HTB --dnsserver $IP -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt
dnsenum VERSION:1.2.6
 
-----   rebound.htb   -----
 
 
Host's addresses:
__________________
 
rebound.htb.                             600      IN    A        10.10.11.231
 
 
Name Servers:
______________
 
dc01.rebound.htb.                        3600     IN    A        10.10.11.231
 
 
Mail (MX) Servers:
___________________
 
 
 
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
 
unresolvable name: dc01.rebound.htb at /usr/bin/dnsenum line 900.
 
Trying Zone Transfer for rebound.htb on dc01.rebound.htb ... 
AXFR record query failed: no nameservers
 
 
Brute forcing with /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-5000.txt:
________________________________________________________________________________________________
 
gc._msdcs.rebound.htb.                   600      IN    A        10.10.11.231
domaindnszones.rebound.htb.              600      IN    A        10.10.11.231
forestdnszones.rebound.htb.              600      IN    A        10.10.11.231
 
 
rebound.htb class C netranges:
_______________________________
 
 
 
Performing reverse lookup on 0 ip addresses:
_____________________________________________
 
 
0 results out of 0 IP addresses.
 
 
rebound.htb ip blocks:
_______________________
 
 
done.

Nothing found