recon_14 (zone transfer)

View the exercise here: PentesterLab: Recon 14

OBJECTIVE

For this challenge, your goal is to perform a zone transfer on z.hackycorp.com.

ZONE TRANSFER

Zone transfers are usually used to synchronize multiple DNS servers. Only a list of pre-defined hosts should be able to perform this operation. However, it's sometimes possible to retrieve this information and can give you access to new hosts.

SOLUTION

To zone transfer, we use: dig axfr @<DNS_SERVER> z.hackycorp.com

We first check for the DNS server:

dig ns z.hackycorp.com

dig: The tool used for querying DNS.
ns: The query type that asks for the names of the name servers (NS records) for the specified domain.
z.hackycorp.com: The domain you're querying.

After getting the name server, we can now zone transfer using this:

dig axfr @z.hackycorp.com z.hackycorp.com

AXFR: The query type for a zone transfer, which requests a full copy of all DNS records for a domain.
@z.hackycorp.com: Specifies the DNS server (z.hackycorp.com) to perform the zone transfer from.
z.hackycorp.com: The domain you're requesting the zone transfer for.

Previousrecon_13 (TXT)Nextrecon_15 (int zone transfer)

Last updated 2 months ago