DNS

Nmap [[Hokkaido_Recon#|discovered]] a DNS server on the target port 53 The running service is Simple DNS Plus

Reverse Lookup

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ nslookup       
> server 192.168.119.40
Default server: 192.168.119.40
Address: 192.168.119.40#53
> 127.0.0.1
1.0.0.127.in-addr.arpa	name = localhost.
> dc.hokkaido-aerospace.com
Server:		192.168.119.40
Address:	192.168.119.40#53
 
Name:	dc.hokkaido-aerospace.com
Address: 192.168.119.40
> hokkaido-aerospace.com
Server:		192.168.119.40
Address:	192.168.119.40#53
 
Name:	hokkaido-aerospace.com
Address: 192.168.94.135

dig

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ dig any HOKKAIDO-AEROSPACE.COM @$IP
 
; <<>> DiG 9.20.4-4-Debian <<>> any HOKKAIDO-AEROSPACE.COM @192.168.119.40
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23512
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;HOKKAIDO-AEROSPACE.COM.		IN	ANY
 
;; ANSWER SECTION:
HOKKAIDO-AEROSPACE.COM.	600	IN	A	192.168.94.135
HOKKAIDO-AEROSPACE.COM.	3600	IN	NS	dc.HOKKAIDO-AEROSPACE.COM.
HOKKAIDO-AEROSPACE.COM.	3600	IN	SOA	dc.HOKKAIDO-AEROSPACE.COM. hostmaster.HOKKAIDO-AEROSPACE.COM. 49 900 600 86400 3600
 
;; ADDITIONAL SECTION:
dc.HOKKAIDO-AEROSPACE.COM. 3600	IN	A	192.168.119.40
 
;; Query time: 27 msec
;; SERVER: 192.168.119.40#53(192.168.119.40) (TCP)
;; WHEN: Fri Apr 25 13:49:01 CEST 2025
;; MSG SIZE  rcvd: 147

dig discovered another A record for the IP address of 192.168.94.135

dnsenum

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/hokkaido]
└─$ dnsenum HOKKAIDO-AEROSPACE.COM --dnsserver $IP -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16
dnsenum VERSION:1.3.1
 
-----   hokkaido-aerospace.com   -----
 
 
Host's addresses:
__________________
 
hokkaido-aerospace.com.                  600      IN    A        192.168.94.135
 
 
Name Servers:
______________
 
dc.hokkaido-aerospace.com.               3600     IN    A        192.168.119.40
 
 
Mail (MX) Servers:
___________________
 
 
 
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
 
unresolvable name: dc.hokkaido-aerospace.com at /usr/bin/dnsenum line 892 thread 1.
 
Trying Zone Transfer for hokkaido-aerospace.com on dc.hokkaido-aerospace.com ... 
AXFR record query failed: no nameservers
 
 
Brute forcing with /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt:
__________________________________________________________________________________________________
 
dc.hokkaido-aerospace.com.               3600     IN    A        192.168.119.40
gc._msdcs.hokkaido-aerospace.com.        600      IN    A        192.168.94.135
domaindnszones.hokkaido-aerospace.com.   600      IN    A        192.168.94.135
forestdnszones.hokkaido-aerospace.com.   600      IN    A        192.168.94.135
 
 
hokkaido-aerospace.com class C netranges:
__________________________________________
 
 
 
Performing reverse lookup on 0 ip addresses:
_____________________________________________
 
 
0 results out of 0 IP addresses.
 
 
hokkaido-aerospace.com ip blocks:
__________________________________
 
 
done.

dnsrecon

└─$ dnsrecon -d HOKKAIDO-AEROSPACE.COM -n $IP -D /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16  
[*] std: Performing General Enumeration against: HOKKAIDO-AEROSPACE.COM...
[-] DNSSEC is not configured for HOKKAIDO-AEROSPACE.COM
[*] 	 SOA dc.HOKKAIDO-AEROSPACE.COM 192.168.119.40
[*] 	 NS dc.HOKKAIDO-AEROSPACE.COM 192.168.119.40
[*] 	 A HOKKAIDO-AEROSPACE.COM 192.168.94.135
[*] Enumerating SRV Records
[+] 	 SRV _kerberos._udp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 88
[+] 	 SRV _kerberos._tcp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 88
[+] 	 SRV _ldap._tcp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 389
[+] 	 SRV _gc._tcp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 3268
[+] 	 SRV _ldap._tcp.ForestDNSZones.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 389
[+] 	 SRV _ldap._tcp.dc._msdcs.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 389
[+] 	 SRV _ldap._tcp.pdc._msdcs.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 389
[+] 	 SRV _kpasswd._tcp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 464
[+] 	 SRV _ldap._tcp.gc._msdcs.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 3268
[+] 	 SRV _kerberos._tcp.dc._msdcs.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 88
[+] 	 SRV _kpasswd._udp.HOKKAIDO-AEROSPACE.COM dc.hokkaido-aerospace.com 192.168.119.40 464
[+] 11 Records Found

InfoSec LAB

Explorer

Hokkaido_DNS

DNS

Reverse Lookup

dig

dnsenum

dnsrecon

Interactive Graph View

Table of Contents

Backlinks