DNS

Nmap discovered a DNS server on the target port 53 The running service is unknown at this time

Reverse Lookup

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ nslookup                                      
> server 192.168.158.21
Default server: 192.168.158.21
Address: 192.168.158.21#53
> 127.0.0.1
1.0.0.127.in-addr.arpa	name = localhost.
> 192.168.158.21
;; communications error to 192.168.158.21#53: timed out
;; communications error to 192.168.158.21#53: timed out
;; communications error to 192.168.158.21#53: timed out
;; no servers could be reached
> nagoya.nagoya-industries.com
Server:		192.168.158.21
Address:	192.168.158.21#53
 
Name:	nagoya.nagoya-industries.com
Address: 192.168.158.21
> NAGOYA-INDUSTRIES.COM
Server:		192.168.158.21
Address:	192.168.158.21#53
 
Name:	NAGOYA-INDUSTRIES.COM
Address: 172.16.201.151
Name:	NAGOYA-INDUSTRIES.COM
Address: 192.168.120.151

N/A

dig

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ dig any NAGOYA-INDUSTRIES.COM @$IP   
 
; <<>> DiG 9.20.4-4-Debian <<>> any NAGOYA-INDUSTRIES.COM @192.168.158.21
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64386
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 2
 
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;NAGOYA-INDUSTRIES.COM.		IN	ANY
 
;; ANSWER SECTION:
NAGOYA-INDUSTRIES.COM.	600	IN	A	192.168.120.151
NAGOYA-INDUSTRIES.COM.	600	IN	A	172.16.201.151
NAGOYA-INDUSTRIES.COM.	3600	IN	NS	nagoya.NAGOYA-INDUSTRIES.COM.
NAGOYA-INDUSTRIES.COM.	3600	IN	SOA	nagoya.NAGOYA-INDUSTRIES.COM. hostmaster.NAGOYA-INDUSTRIES.COM. 35 900 600 86400 3600
 
;; ADDITIONAL SECTION:
nagoya.NAGOYA-INDUSTRIES.COM. 3600 IN	A	192.168.158.21
 
;; Query time: 24 msec
;; SERVER: 192.168.158.21#53(192.168.158.21) (TCP)
;; WHEN: Wed Apr 23 14:37:31 CEST 2025
;; MSG SIZE  rcvd: 166

2 Additional A records found with 2 IP addresses for NAGOYA-INDUSTRIES.COM;

192.168.120.151
172.16.201.151 Those IP address are likely internal

dnsenum

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ dnsenum NAGOYA-INDUSTRIES.COM --dnsserver $IP -f /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16
dnsenum VERSION:1.3.1
 
-----   nagoya-industries.com   -----
 
 
Host's addresses:
__________________
 
nagoya-industries.com.                   600      IN    A        192.168.120.151
nagoya-industries.com.                   600      IN    A        172.16.201.151
 
 
Name Servers:
______________
 
nagoya.nagoya-industries.com.            3600     IN    A        192.168.158.21
 
 
Mail (MX) Servers:
___________________
 
 
 
Trying Zone Transfers and getting Bind Versions:
_________________________________________________
 
unresolvable name: nagoya.nagoya-industries.com at /usr/bin/dnsenum line 892 thread 1.
 
Trying Zone Transfer for nagoya-industries.com on nagoya.nagoya-industries.com ... 
AXFR record query failed: no nameservers
 
 
Brute forcing with /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt:
__________________________________________________________________________________________________
 
gc._msdcs.nagoya-industries.com.         600      IN    A        192.168.120.151
gc._msdcs.nagoya-industries.com.         600      IN    A        172.16.201.151
domaindnszones.nagoya-industries.com.    600      IN    A        192.168.120.151
domaindnszones.nagoya-industries.com.    600      IN    A        172.16.201.151
forestdnszones.nagoya-industries.com.    600      IN    A        192.168.120.151
forestdnszones.nagoya-industries.com.    600      IN    A        172.16.201.151
nagoya.nagoya-industries.com.            3600     IN    A        192.168.158.21
 
 
nagoya-industries.com class C netranges:
_________________________________________
 
 
 
Performing reverse lookup on 0 ip addresses:
_____________________________________________
 
 
0 results out of 0 IP addresses.
 
 
nagoya-industries.com ip blocks:
_________________________________
 
 
done.

dnsenum also found those 2 A records with internal IP addresses

dnsrecon

┌──(kali㉿kali)-[~/PEN-200/PG_PRACTICE/nagoya]
└─$ dnsrecon -d NAGOYA-INDUSTRIES.COM -n $IP -D /usr/share/wordlists/seclists/Discovery/DNS/subdomains-top1million-110000.txt --threads 16  
[*] std: Performing General Enumeration against: NAGOYA-INDUSTRIES.COM...
[-] DNSSEC is not configured for NAGOYA-INDUSTRIES.COM
[*] 	 SOA nagoya.NAGOYA-INDUSTRIES.COM 192.168.158.21
[*] 	 NS nagoya.NAGOYA-INDUSTRIES.COM 192.168.158.21
[*] 	 A NAGOYA-INDUSTRIES.COM 172.16.201.151
[*] 	 A NAGOYA-INDUSTRIES.COM 192.168.120.151
[*] Enumerating SRV Records
[+] 	 SRV _gc._tcp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 3268
[+] 	 SRV _ldap._tcp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 389
[+] 	 SRV _kerberos._udp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 88
[+] 	 SRV _kerberos._tcp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 88
[+] 	 SRV _ldap._tcp.ForestDNSZones.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 389
[+] 	 SRV _ldap._tcp.dc._msdcs.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 389
[+] 	 SRV _ldap._tcp.pdc._msdcs.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 389
[+] 	 SRV _kerberos._tcp.dc._msdcs.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 88
[+] 	 SRV _kpasswd._tcp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 464
[+] 	 SRV _ldap._tcp.gc._msdcs.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 3268
[+] 	 SRV _kpasswd._udp.NAGOYA-INDUSTRIES.COM nagoya.nagoya-industries.com 192.168.158.21 464
[+] 11 Records Found

InfoSec LAB

Explorer

Nagoya_DNS

DNS

Reverse Lookup

dig

dnsenum

dnsrecon

Interactive Graph View

Table of Contents

Backlinks