Dark Arts
  • index
  • BUY ME A BOOK
  • 🪄Dark Magic
    • Pentesting
      • Industry Methodologies
    • Scopes of Testing
    • Reconnaissance
      • Passive
        • WHOIS
        • DNS
          • nslookup
          • dig
        • WAF
        • Subdomain
        • Google Dork
        • Misc. Techniques
        • Leaked Passwords
      • Active
        • Browser & Plugins
        • ping & traceroute
        • fping
        • telnet & netcat
        • DNS
          • Zone Transfer
          • DNS Amplification DDoS Attack Breakdown
        • Misc. Techniques
    • Vulnerability Assessment
    • Attack Types
  • 🕷️Aragoogs Nest
    • Web Application Overview & Security
      • Security Testing
      • Common Threats & Risks
    • Web Application Architecture
      • Technologies
    • HTTP/S
      • Message
      • Request
      • Response
        • Status Code
    • Crawling/Spidering
  • 🧪Potions
    • Web Browsers
    • Computer Networking
      • Network Protocol
      • Packets
      • OSI Layer
        • Layer 3: Network
        • Layer 4: Transport
      • DNS
        • Primary-Secondary
        • Local Name Resolution
        • Domain Hierarchy
        • FQDN
        • Lookups
        • DNS Resolution
        • DNS Records
        • Security: Attack-Defense (Default)
  • 🎆Spells
    • 📜Linux Scroll
    • 📜WebShell Scroll
    • git
      • Attacks + Vulnerabilities
  • 🖼️Flaws w/ Magical Frameworks
    • Windows
      • In a Nutshell
      • CVE-2019-0708: BlueKeep
      • CVE-2017-0144: EternalBlue: MS17-010
      • Attacking Services
        • MS IIS - WebDAV
        • SMB
        • HTTP File Server (HFS)
        • Apache Tomcat Web Server
        • RDP
        • WinRM
      • File System Vulnerabilities
      • Credential Dumping
        • Password Search in Windows Configuration Files
        • Mimikatz
        • Pass-the-Hash Attack
    • Linux
      • In a Nutshell
      • CVE-2014-6271: Shellshock
      • Attacking Services
        • FTP
        • SSH
        • SAMBA
        • SMTP
        • RSYNC
      • Dumping Hashes
  • 🌼Marauder's Boost
    • Privilege Escalation
    • Windows PrivEsc
      • Windows Kernel Exploit
      • Bypassing UAC
      • Access Token Impersonation
    • Linux PrivEsc
      • Linux Kernel Exploit
      • Misconfigured Cron Jobs
      • Exploiting SUID Binaries
      • shells
      • File Permissions
  • ☠️Death Eaters
    • Post Exploitation
      • Windows
      • Linux
  • 🪄OLLIVANDERS
    • nmap
      • Host Discovery
      • Port Scan
      • Service & OS
      • NSE
      • Firewall/IDS Evasion
      • Scan Optimization
      • Misc. Methods
    • ffuf
    • Hydra
    • Metasploit Framework
      • Architecture
      • Must to Know
      • msfvenom
      • Auxiliary Modules
      • Service Enumeration
      • Vulnerability Scanning
      • Imports
      • Automating
    • Vulnerability Scanners
    • Wireshark
  • 🚂Platform 9(3/4)
    • Auth-Auth
      • Authentication
        • Password-based Authentication
        • Basic Authentication
        • Multi-factor Authentication
        • Access Token
        • Token-based Authentication
          • JWT
          • OAuth 2.0
    • Secure Headers
      • Content-Security-Policy (CSP)
    • Cryptography
      • Caesar Cipher
  • ⛲Port Pensieve
    • Enumeration
      • SMB & NetBIOS
      • SNMP
    • Wordlists
  • 🔆DUELS
    • Pivoting
    • SMB Relay Attack
  • 🗺️Marauder's Map
    • Web Application Pentesting
    • API Pentesting
      • GraphQL
        • Primer
    • Mobile Application Pentesting
  • 🎧SIDE CHANNEL
    • Side Channel Analysis
    • Timing Side-Channel Attacks
      • Vulnerable Login
  • 🥃Sky
    • Cloud Basics
    • Cloud Management
      • Shared Responsibility Model
    • Using Cloud Resources
      • Monitoring & Alerts
      • Identity & Access Management
      • Scalability & Availability
      • Solution Design
    • Cloud Providers
    • Cloud Security & Regulatory Compliance
      • Resource Protection
      • ICCA: Cloud Security & Regulatory Compliance
    • ICCA Preparation
      • Knowledge Tests
      • Lab
  • 🔷Obsidian
    • Pentest Engagement
      • Scoping
    • Pentest Ethics
      • Rules of Engagement
    • Auditing Fundamentals
      • Process/Lifecycle
      • Pentest & Security Auditing
      • GRC
      • Standards, Frameworks & Guidelines
      • From Audit to Pentest
  • 💢Threat Modeling
    • Why Threat Model?
  • 📡THREAT INTEL
    • Threat Intelligence
    • Tool Dump
  • 📱Anything-Mobile-IoT
    • Firmware
    • Firmware Analysis
      • Example: CVE-2016-1555
    • Firmware Installation/Flashing
  • 🎉Mischeif
    • Social Engineering
    • Phishing
      • GoPhish
    • Pretexting
Powered by GitBook
On this page
  • DNS Interrogation
  • DNS Amplification DDoS Attack
  • Checking DNS Recursion
  • DNS Config Files
  • Dangerous settings when configuring a Bind server
  1. Dark Magic
  2. Reconnaissance
  3. Active

DNS

Previoustelnet & netcatNextZone Transfer

Last updated 9 months ago

DNS (Domain Name System) is a system that translates human-readable domain names into IP addresses, allowing browsers to locate and load internet resources.

DNS Interrogation

DNS Interrogation is the process of querying or probing a DNS server to gather information about a specific domain. This process is typically part of reconnaissance during penetration testing or network analysis, where attackers attempt to enumerate DNS records to learn more about the target's network infrastructure.

DNS Interrogation mainly include - Enumerating DNS Records, Probing the DNS Server, Gathering Information like IP Addresses, Subdomain Names, Mail Server Addresses.

DNS Amplification DDoS Attack

If DNS recursion is enabled on a DNS server, an attacker can spoof the origin IP in a UDP packet, making the DNS server send the response to a victim server instead of the attacker. This type of attack is known as a DNS amplification DDoS attack.

To maximize the impact, attackers may abuse the ANY or DNSSEC record types, which typically result in larger DNS responses, amplifying the attack.

Checking DNS Recursion

dig google.com A @8.8.8.8

In the response, check for the "ra" flag in the flags section. If it is present, recursion is available, and the DNS server may be vulnerable to abuse in a DDoS attack.

DNS Amplification DDoS Attack Breakdown

DNS Config Files

  • host.conf: Configures the order and methods used for resolving hostnames (e.g., DNS, NIS).

  • /etc/resolv.conf: Specifies the DNS servers used for domain name resolution.

  • /etc/bind/named.conf: Main configuration file for BIND DNS server, where global options and settings are defined.

  • /etc/bind/named.conf.local: Defines local zones and specific DNS settings for the server.

  • /etc/bind/named.conf.options: Contains general DNS server options, like recursion settings, forwarders, and DNSSEC parameters.

  • /etc/bind/named.conf.log: Configures logging options for the BIND DNS server.

  • /etc/bind/*: Contains additional configuration files and directories for BIND, including zone files and secondary configurations.

Dangerous settings when configuring a Bind server

allow-query

Defines which hosts are allowed to send requests to the DNS server.

allow-recursion

Defines which hosts are allowed to send recursive requests to the DNS server.

allow-transfer

Defines which hosts are allowed to receive zone transfers from the DNS server.

zone-statistics

Collects statistical data of zones.

🪄