Kali Linux 2018:Assuring Security by Penetration Testing
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Host

After we get the DNS server information, the next step is to find out the IP address of a hostname. To help us out on this matter, we can use the following host command-line tool to look up the IP address of a host from a DNS server:

    # host hackthissite.org

By default, the host command will look for the A, AAAA, and MX records of a domain. To query for any records, just give the -a option to the command:

    # host -a hackthissite.org
    Trying "hackthissite.org"
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32115
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 12, AUTHORITY: 0, ADDITIONAL: 0
    ;; QUESTION SECTION:
    ;hackthissite.org.    IN  ANY
    ;; ANSWER SECTION:
    hackthissite.org.  5  IN  A  198.148.81.135
    hackthissite.org.  5  IN  A  198.148.81.139
    hackthissite.org.  5  IN  A  198.148.81.137
    hackthissite.org.  5  IN  A  198.148.81.136
    hackthissite.org.  5  IN  A  198.148.81.138
    hackthissite.org.  5  IN  NS  ns1.hackthissite.org.
    hackthissite.org.  5  IN  NS  c.ns.buddyns.com.
    hackthissite.org.  5  IN  NS  f.ns.buddyns.com.
    hackthissite.org.  5  IN  NS  e.ns.buddyns.com.
    hackthissite.org.  5  IN  NS  ns2.hackthissite.org.
    hackthissite.org.  5  IN  NS  b.ns.buddyns.com.
    hackthissite.org.  5  IN  NS  d.ns.buddyns.com.
    Received 244 bytes from 172.16.43.2#53 in 34 ms

The host command looks for these records by querying the DNS servers listed in the /etc/resolv.conf file of your Kali Linux system. If you want to use other DNS servers, just provide the DNS server address as the last command-line option.

If you provide the domain name as the command-line option in host, the method is called forward lookup, but if you give an IP address as the command-line option to the host command, the method is called reverse lookup.

Try to do a reverse lookup of the following IP address:

    host 23.23.144.81

What information can you get from this command?

The host tool can also be used to do a DNS zone transfer. With this mechanism, we can collect information about the available hostnames in a domain.

A DNS zone transfer is a mechanism used to replicate a DNS database from a master DNS server to another DNS server, usually called a slave DNS server. Without this mechanism, the administrators have to update each DNS server separately. The DNS zone transfer query must be issued to an authoritative DNS server of a domain.

Due to the nature of information that can be gathered by a DNS zone transfer, nowadays, it is very rare to find a DNS server that allows zone transfer to an arbitrary zone transfer request.

If you find a DNS server that allows zone transfer without limiting who is able to do it, this means that the DNS server has been configured incorrectly.

上一章目录下一章