Computer Networking > EXAM > Information Gathering - Web Edition: Hack the Box Module 144 (All)

Information Gathering - Web Edition: Hack the Box Module 144

Document Content and Description Below

Information Gathering - Web Edition: Link to challenge: https://academy.hackthebox.com/module/144 (log in required) Class: Tier II | Easy | Offensive WHOIS Utilising WHOIS: Question: Perform a WHOIS lookup against the paypal.com domain. What is the registrar Internet Assigned Numbers Authority (IANA) ID number? Answer: 202 Method: Question: What is the admin email contact for the tesla.com domain (also inscope for the Tesla bug bounty program)? Answer: [email protected] Method: we run the command: whois tesla.com | grep admin *I’ve added filtering for the keyword addmin to make the output more focusded. *: DNS & Subdomains Digging DNS: Question: Which IP address maps to inlanefreight.com? Answer: 134.209.24.248 Method: we run nslookup inlanefreight.com and take the IPv4: Question: Which domain is returned when querying the PTR record for 134.209.24.248? Answer: inlanefreight.com Method: we run dig -x 134.209.24.248 where -x is the flag for reverse query: and in the answer we have this: Another option is: nslookup 134.209.24.248 Question: What is the full domain returned when you query the mail records for facebook.com? Answer: smtpin.vvv.facebook.com. Method: we run the command nslookup -query=mx facebook.com where ‘mx’ is mail exchange: Subdomain Bruteforcing: Question: Using the known subdomains for inlanefreight.com (www, ns1, ns2, ns3, blog, support, customer), find any missing subdomains by brute-forcing possible domain names. Provide your answer with the complete subdomain, e.g., www.inlanefreight.com. Answer: my.inlanefreight.com Method: we run the command: dnsenum --enum inlanefreight.com -f /usr/share/seclists/Discovery/DNS/subdomains-top1million- 20000.txt in the command we enumerate the target ‘inlanefreight.com’, using the provided wordlist fit for subdomain enumeration: At the end we get to this list of subdomain, and we take the option (‘my’) that was not listed within the question. DNS Zone Transfers: Question: After performing a zone transfer for the domain inlanefreight.htb on the target system, how many DNS records are retrieved from the target system's name server? Provide your answer as an integer, e.g, 123. Answer: 22 Method: First, lets link our domain ‘inlanefreight.htb’ to the target machine’s IP On the pwnbox ‘etc/hosts’ – we will use the command: sudo nano /etc/hosts When linked we will run the command: dig axfr inlanefreight.htb @inlanefreight.htb the command will attempt to perform a zone transfer from the name server ‘inlanefreight.htb’ for the entire domain of ‘inlanefreight.htb’: * * *The list of domains displayed within this output screenshots is partial. * At the end of the output we see the amount of DNS records retrieved from the target name’s server

[Show More]

Last updated: 2 weeks ago

Preview 5 out of 20 pages

Buy Now

Instant download