L in u X ba sics for h acke rs g e t t I n g s t a r t e d w I t h
Manipulating the Domain Name System
Download 7.3 Mb. Pdf ko'rish
|
linuxbasicsforhackers
- Bu sahifa navigatsiya:
- Examining DNS with dig
|
Manipulating the Domain Name System
Hackers can find a treasure trove of information on a target in its Domain Name System (DNS). DNS is a critical component of the internet, and although it’s designed to translate domain names to IP addresses, a hacker can use it to garner information on the target. Examining DNS with dig DNS is the service that translates a domain name like hackers-arise.com to the appropriate IP address; that way, your system knows how to get to it. Without DNS, we would all have to remember thousands of IP addresses for our favorite websites—no small task even for a savant. One of the most useful commands for the aspiring hacker is dig , which offers a way to gather DNS information about a target domain. The stored DNS information can be a key piece of early reconnaissance to obtain before attacking. This information could include the IP address of the target’s name server (the server that translates the target’s name to an IP address), the target’s email server, and potentially any subdomains and IP addresses. For instance, enter dig hackers-arise.com and add the ns option (short for nameserver). The nameserver for hackers-arise.com is displayed in the ANSWER SECTION of Listing 3-3. 34 Chapter 3 kali >dig hackers-arise.com ns --snip-- ;; QUESTION SECTION: ;hackers-arise.com. IN NS ;; ANSWER SECTION: hackers-arise.com. 5 IN NS ns7.wixdns.net. hackers-arise.com. 5 IN NS ns6.wixdns.net. ;; ADDITIONAL SECTION: ns6.wixdns.net. 5 IN A 216.239.32.100 --snip-- Listing 3-3: Using dig and its ns option to get information on a domain nameserver Also note in the ADDITIONAL SECTION that this dig query reveals the IP address (216.239.32.100) of the DNS server serving hackers-arise.com. This section may look slightly different on your system or may not show at all. You can also use the dig command to get information on email servers connected to a domain by adding the mx option ( mx is short for mail exchange server). This information is critical for attacks on email sys- tems. For example, info on the www.hackers-arise.com email servers is shown in the AUTHORITY SECTION of Listing 3-4. kali >dig hackers-arise.com mx --snip-- ;; QUESTION SECTION: ;hackers-arise.com. IN MX ;; AUTHORITY SECTION: hackers-arise.com. 5 IN SOA ns6.wixdns.net. support.wix.com 2016052216 10800 3600 604 800 3600 --snip-- Listing 3-4: Using dig and its mx option to get information on a domain mail exchange server The most common Linux DNS server is the Berkeley Internet Name Domain (BIND). In some cases, Linux users will refer to DNS as BIND, but don’t be confused: DNS and BIND both map individual domain names to IP addresses. Download 7.3 Mb. Do'stlaringiz bilan baham: 
|