Background Info Gathering & Open Source

Question 1

What is Registration Records (Domain Name)?

Answer 1

Info in IP and domain registries (WHOIS)

WHOIS usually has name and contact info

Question 2

What is DNS?

Answer 2

Domain Name Server
Used to translate a domain name to IP address - such as google.com

Question 3

What are 3 DNS Queries?

Answer 3

• Recursive Query
• Iterative Query
• Non-Recursive Query

Question 4

What is DNS Query - Recursive Query?

Answer 4

DNS Client sends request to DNS Resolver.
Resolver must return an answer - but will query to Authoritative Name Servers before answering.

Question 5

What is DNS Query - Iterative Query?

Answer 5

DNS Client sends request to DNS Resolver.
Resolver gives good as possible answer.
if no answer - will refer client to other authoritative name servers

Question 6

What is DNS Query - Non-Recursive?

Answer 6

DNS Client sends request to DNS Resolver.
DNS already knows the answer - so responds immediately.

Question 7

What is a DNS Zone Transfer?

Answer 7

The process of copying contents of the zone file on a primary DNS server to a secondary DNS server.
- Used when deploying a new DNS server in local environment or internet
- Uses TCP to transfer the DNS Zone/

Question 8

DNS Zone Transfer Attack
What is it? What information is revealed?

Answer 8

The attack will reveal nameservers, or subdomains that can be attacked or further enumerated.

dig axfr @<DNS_IP>
dig axfr @<DNS_IP> <DOMAIN></DOMAIN></DNS_IP></DNS_IP>

Question 9

Identify 9 DNS Records

Answer 9

• A record: Holds IP address of domain
• CNAME record: Forwards one domain or subdomain to another domain. Doesn’t provide IP address
• MX record: Directs mail to email server
• TXT record: Lets admin store text notes in the record
• NS record: Stores name server for DNS entry
• SOA record: Stores admin info about a domain
• SRV record: Specifies a port for specific services
• PTR record: Provides a domain name in reverse-lookups
• HINFO: Stores the host info, such as OS, CPU type etc

Question 10

Customer Website Analysis
- Command to get analysis of info from target website:
AND
- To view from HTML source

Answer 10

Command:
whatweb -v -a 3 <target_IP></target_IP>

View Page Source:
- Check network tab
- Check cookies
- Check page source for app name, versions, etc

Burpsuite for HTTP request interception, forwarding and analysis

Question 11

What could be used to gain information about a target?

Answer 11

Google Dorks - a google hacking database

Google search parameters:
inurl:
intitle:
site:
keywords include target app name, or words like ‘admin’ ‘login’ ‘camera’ etc

Question 12

What is Network News transfer Protocol (NNTP)

Answer 12

• Specifies a protocol for distribution, inquiry, retrieval and posting of news articles using a stream-based transmission of news.
• Designed to store news articles in a central database allowing subscriber to select only items they want to read.
• Indexing, cross referencing and expiration of ages messages are provided.

nmap - script=nntp-ntlm-info <target_ip></target_ip>