Sinisterly
[Tut] DNS Hacking and Information gathering - Windows [Local Injection] - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Operating Systems (https://sinister.ly/Forum-Operating-Systems)
+--- Thread: [Tut] DNS Hacking and Information gathering - Windows [Local Injection] (/Thread-Tut-DNS-Hacking-and-Information-gathering-Windows-Local-Injection)

[Tut] DNS Hacking and Information gathering - Windows [Local Injection] - Shining White - 06-06-2012

There is lot of methods to take DNS information and and Hacking with DNS Information

i will show two ways in here to take DNS information gathering

first : using nslookup command in windows command Prompt
second : using Application Called dig

Using CMD - nslookup Command

what is nslookup

Definition - Name Server Look up
Nslookup.exe is a command-line administrative tool for testing and troubleshooting DNS servers. This tool is installed along with the TCP/IP protocol through Control Panel.


First of all open the CMD (Command Prompt) in your Computer
for that Press Win+R
or
Start -> Run -> cmd (in windows 8 , press the Win key and type "cmd")

[Image: 1.png]

then type
Code:
nslookup
when you ENTER it will show like this
[Image: 2.png]

About the Showing "Default server : Unknown "


Code:
When NSLOOKUP starts, before anything else, it checks the computer's network configuration to determine the IP address of the DNS server that the computer uses.
Then it does a reverse DNS lookup on that IP address to determine the name of the DNS server.

If reverse DNS for that IP address is not setup correctly, then NSLOOKUP cannot determine the name associated with the IP address.
On Windows Vista/2008, it then says "Default Server: UnKnown".
On earlier Windows versions, it displays the error message "*** Can't find server name for address ...".

This does NOT indicate a problem with the actual domain name that you are trying to look up.
It only means that there is no reverse DNS name for the DNS server IP address, which in most cases may not be a problem at all.


Here is a Sample Cheat Sheet for the nslookup
Code:
HINFO   -      Host Information
MX      -      Mail Exchange Record
TXT     -      Text String
A         -       IPv4 Address (32 bits)
NS       -       Name Server
CNAME  -       Canonical Name
PTR      -      Pointer Record
AAAA    -      IPv6 Address (128 bits)
AXFR    -     Request for Zone Transfer
ANY     255     Request for All Records

or
this code Source from - >http://ss64.com/nt/nslookup.html
Code:
Command Mode options:

help or ?          - print a list of Command Mode options
exit or ^C         - exit "command mode"

set all            - print options, current server and host
finger [USER]      - finger the optional NAME at the current default host
MyHost             - print ip address of MyHost
MyHost MyNameServer - print ip address of MyHost on MyNameServer
set [no]debug      - print debugging info
set [no]d2         - print exhaustive debugging info

set domain=NAME    - set default domain name to NAME
set root=NAME      - set root server to NAME
root               - set current default server to the root
server NAME        - set default server to NAME, using current default server
lserver NAME       - set default server to NAME, using initial server
set srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,...

set retry=X        - set number of retries to X
set timeout=X      - set initial time-out interval to X seconds
set [no]defname    - append domain name to each query
set [no]recurse    - ask for recursive answer to query
set [no]search     - use domain search list
set [no]vc         - always use a virtual circuit
set class=X        - set query class (for example, IN (Internet), ANY)
set [no]msxfr      - use MS fast zone transfer
set ixfrver=X      - current version to use in IXFR transfer request
set type=X         - set query type
set querytype=X    - set query type
                      (e.g. A, ANY, CNAME, MX, NS, PTR, SOA, SRV)

ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN
                            (and optionally output to FILE)

    -d          -  list all records
    -t TYPE     -  list records of the given Type (for example, A, CNAME,
                   MX, NS, PTR, and so on)
    -a          -  list Aliases and canonical names.

view FILE       - sort an 'ls' output file and view it with pg

Example:

C:\> nslookup -querytype=TXT -timeout=10 porttest.dns-oarc.net

or
you can siply type Help on the cmd on nslookup

[Image: 3help.png]



We'll look some sample codes now

set current default server to the root simply type
Code:
root

[Image: 5root.png]

if we need to see the nameservers : we type from the above command
for sample site i will use Google.com

first type
Code:
set q=ns
and then your deserved site
Code:
google.com

see the image :

[Image: 4nameserver.png]


We take every DNS info
Code:
set q=any
google.com  <-- (its your box)

ok here we finish the dns looking up through the cmd nslookup

CMD - Using DIG (Domain Information grabber)



Download the dig - Click here
Source Site : http://members.shaw.ca/nicholas.fong/dig/

Capture : DIG Vs Whois Information

Code:
The DNS system and the whois system are not the same, they are only loosely tied together.
If the whois system is broken, (while the DNS system is working) the whole Internet will work fine.
If the DNS system is broken (while the whois system is working), the whole Internet will die.

The whois system is supposed to display who owns the domain and their corresponding name servers,
however, due to usually defective software at whois servers at domain registrars,
(the amount of defects is proportional to the registrar's domain registration fees),
the DNS name servers information obtained from the whois query is often wrong, out of date, and inaccurate.

in here
With Dig we will use to nslookup , and DNS queries
and with Whois ---> Domains and IP

First goto the folder
Code:
c:\windows\system32\drivers\etc\
and create there blank file called
Code:
resolv.conf

[Image: 1conf.png]

Note : if the folder not allowed to make a file there , create it in anywhere else and paste on the path folder

After that Extract the dig to the C:\dig

[Image: 2extacttoc.png]

Now goto
PHP Code:
MyComputer Properties --> Advance System Settings --> Environment Variables 

In System Variable list search for the path and Edit it
in the End of Variable value Box Add
Code:
;C:\dig

see the image :

[Image: 3settingup.png]

Now Open the cmd and type the
Code:
dig
it should be working now . with some info

[Image: 4typedig.png]

OKay Lets take some samples now , i will take the gmail.com
for the Sample Site
type
Code:
dig mx gmail.com *trace


you can see MX records from the gmail, there

[Image: 5gmail.png]


MX records : Short for mail exchange record, an entry in a domain name database that identifies the mail server that is responsible for handling e-mails for that domain name.

if we might want to check the IP Address from the mx records
we type
Code:
dig _record that we found on above search_



then if we need to check host name (revers dns lookup)
type
Code:
dig -x _IP that we found_

also we can trace the Nameservers with this
Code:
dig -x _IP_ *trace

we can find Domain Control Nameservers like , edu , mil , ae , lk , au , in , pk ,
Code:
dig edu.NS



and we are going to use Whois Option in dig now


type
Code:
whois


[Image: 6whois.png]

and i want to find whois info about facebook.com
type
Code:
whois facebook.com

[Image: 7whoisfb.png]

in there you can find Domain register and expire date also Biggrin
interesting huh :whistle:

i found one nameserver IP address is 69.171.224.37 on Facebook from dig facebook.com command and now going to whois on it
Code:
whois 69.171.224.37

[Image: 8FBwhois.png]

searching bgp prefix on the domain name
Code:
whois -h bgpmon.net 69.171.224.37

[Image: 9bgp.png]

you can see prefix Origin AS number , etc

Shows the spf
Code:
dig txt _domainname_

I hope this covers the basic parts of the DIG and you can find now yourself searching some interesting information about this Wink

BBye

[Image: 1mQUS.png]

[Image: logo.png]


RE: [Tut] DNS Hacking and Information gathering - Windows [tut] - ranchescdoer - 06-06-2012

cant really understand..... but i will do.. thanks for this wonderful tutorial

RE: [Tut] DNS Hacking and Information gathering - Windows [tut] - Shining White - 06-06-2012

(06-06-2012, 11:25 PM)ranchescdoer Wrote: cant really understand..... but i will do.. thanks for this wonderful tutorial

which part you not understanding really ?

RE: [Tut] DNS Hacking and Information gathering - Windows [Local Injection] - HrDe - 06-07-2012

Awesome tutorial by awesome hacker, thanks for share. also want to write on my blog.

RE: [Tut] DNS Hacking and Information gathering - Windows [Local Injection] - Shining White - 06-07-2012

(06-07-2012, 01:15 AM)HrDe Wrote: Awesome tutorial by awesome hacker, thanks for share. also want to write on my blog.

i love your blog !