Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By : Himanshu Sharma
Book Image

Kali Linux - An Ethical Hacker's Cookbook - Second Edition

By: Himanshu Sharma

Overview of this book

Many organizations have been affected by recent cyber events. At the current rate of hacking, it has become more important than ever to pentest your environment in order to ensure advanced-level security. This book is packed with practical recipes that will quickly get you started with Kali Linux (version 2018.4 / 2019), in addition to covering the core functionalities. The book will get you off to a strong start by introducing you to the installation and configuration of Kali Linux, which will help you to perform your tests. You will also learn how to plan attack strategies and perform web application exploitation using tools such as Burp and JexBoss. As you progress, you will get to grips with performing network exploitation using Metasploit, Sparta, and Wireshark. The book will also help you delve into the technique of carrying out wireless and password attacks using tools such as Patator, John the Ripper, and airoscript-ng. Later chapters will draw focus to the wide range of tools that help in forensics investigations and incident response mechanisms. As you wrap up the concluding chapters, you will learn to create an optimum quality pentest report. By the end of this book, you will be equipped with the knowledge you need to conduct advanced penetration testing, thanks to the book’s crisp and task-oriented recipes.
Table of Contents (15 chapters)

Zone Walking using DNSRecon

Zone Walking is a technique that is used by attackers to enumerate the full content of DNSSEC-signed DNS zones. We will cover more about it in later chapters; in this recipe, we will use DNSRecon.

Getting ready

DNSRecon is already included in Kali Linux, and we can use it for Zone Walking. Zone Walking is a technique used to find subdomains using domains whose NSEC records are set. However, before we jump into Zone Walking, let's take a quick look at the other features of this tool.

How to do it...

  1. To view the help, we type the following:
dnsrecon -h

The following screenshot shows the output of the preceding command:

  1. To do a simple recon of name servers, A records, SOA records, MX records, and so on, we can run the following command:
dnsrecon -d packtpub.com -n 8.8.8.8

The following screenshot shows the output of the preceding command:

  1. Now let's take an example of a domain that has NSEC records. To do a zone walk, we can simply run the following command:
dnsrecon -z -d icann.org -n 8.8.8.8

The following screenshot shows the output of the preceding command:

  1. We can do this manually by using the dig command along with dig +short NSEC domainname.com.
  2. The previous dig command will throw us one subdomain, and then we can rerun the same command with the subdomain we got in previous step to find the next subdomain: dig +short NSEC a.domain.com.

There's more...

When signing a zone, DNSSEC automatically chains all labels in alphabetical order using NSEC Resource Records. This is used to prove the absence of names.

For example, if someone requests the non-existent name name3, the name server responds with the NSEC entry name2 NSEC name5, indicating that no other entry exists between name2 and name5. We take advantage of that by starting with the first entry and then getting all domains by calling successive queries and getting other subdomains.