Thursday, December 20, 2018

DNS: Zone Transfer Enabled

How many A Records are present for witrap.com and its subdomains?:9
 root@attackdefense:~# dig -t AXFR witrap.com @192.146.24.3

; <<>> DiG 9.11.5-1-Debian <<>> -t AXFR witrap.com @192.146.24.3
;; global options: +cmd
witrap.com.             86400   IN      SOA     primary.witrap.com. root.witrap.com. 2011071001 3600 1800 604800 86400
witrap.com.             86400   IN      CAA     0 issue "witrapselfcert.com"
witrap.com.             86400   IN      LOC     37 46 29.744 N 122 25 9.904 W 32.00m 1m 10000m 10m
witrap.com.             86400   IN      A       192.168.60.5
witrap.com.             86400   IN      NS      primary.witrap.com.
witrap.com.             86400   IN      NS      secondary.witrap.com.
witrap.com.             86400   IN      MX      10 mx.witrap.com.
witrap.com.             86400   IN      MX      20 mx2.witrap.com.
witrap.com.             86400   IN      AAAA    2001:db8::11:0:0:11
_ldap._tcp.witrap.com.  3600    IN      SRV     10 10 389 ldap.witrap.com.
free.witrap.com.        86400   IN      A       192.168.60.100
ldap.witrap.com.        86400   IN      A       192.168.62.111
mx.witrap.com.          86400   IN      A       192.168.65.110
mx2.witrap.com.         86400   IN      A       192.168.65.150
open.witrap.com.        86400   IN      CNAME   free.witrap.com.
primary.witrap.com.     86400   IN      A       192.168.60.14
reserved.witrap.com.    86400   IN      A       192.168.62.81
secondary.witrap.com.   86400   IN      A       192.168.66.15
th3s3cr3tflag.witrap.com. 86400 IN      A       192.168.61.35
th3s3cr3tflag.witrap.com. 86400 IN      TXT     "Here is your secret flag: my_s3cr3t_fl4g"
witrap.com.             86400   IN      SOA     primary.witrap.com. root.witrap.com. 2011071001 3600 1800 604800 86400
;; Query time: 0 msec
;; SERVER: 192.146.24.3#53(192.146.24.3)
;; WHEN: Fri Dec 21 04:34:07 UTC 2018
;; XFR size: 21 records (messages 1, bytes 584)


What is the IP address of machine which support LDAP over TCP on witrap.com?
A. 192.168.62.111

Can you find the secret flag in TXT record of a subdomain of witrap.com?
A. my_s3cr3t_fl4g

What is the subdomain for which only reverse dns entry exists for witrap.com? witrap owns the ip address range: 192.168.*.*

root@attackdefense:~# nmap -R -sL --dns-server 192.146.24.3 -Pn 192.168.*.* | grep 'scan'
Starting Nmap 7.70 ( https://nmap.org ) at 2018-12-21 04:41 UTC
Nmap scan report for witrap.com.168.192.in-addr.arpa (192.168.60.5)
Nmap scan report for primary.witrap.com (192.168.60.14)
Nmap scan report for free.witrap.com (192.168.60.100)
Nmap scan report for th3s3cr3tflag.witrap.com (192.168.61.35)
Nmap scan report for reserved.witrap.com (192.168.62.81)
Nmap scan report for ldap.witrap.com (192.168.62.111)
Nmap scan report for temp.witrap.com (192.168.62.118)
Nmap scan report for mx.witrap.com (192.168.65.110)
Nmap scan report for mx2.witrap.com (192.168.65.150)
Nmap scan report for secondary.witrap.com (192.168.66.15)
Nmap done: 65536 IP addresses (0 hosts up) scanned in 5.04 seconds

How many records are present in reverse zone for witrap.com (excluding SOA)? witrap owns the ip address range: 192.168.*.*
12 


No comments:

Post a Comment