| cover | coverY |
|---|---|
0 |
- whois - to query WHOIS servers
- the syntax is whois DOMAIN_NAME or whois OPTIONS DOMAIN_NAME SERVER
- whois tryhackme.org
-
OPTIONS contains the query type as shown in the table below. For instance, you can use A for IPv4 addresses and AAAA for IPv6 addresses. DOMAIN_NAME is the domain name you are looking up. SERVER is the DNS server that you want to query. You can choose any local or public DNS server to query. Cloudflare offers 1.1.1.1 and 1.0.0.1, Google offers 8.8.8.8 and 8.8.4.4, and Quad9 offers 9.9.9.9 and 149.112.112.112. There are many more public DNS servers that you can choose from if you want alternatives to your ISP’s DNS servers.
- nslookup - to query DNS servers
- the sytax is nslookup DOMAIN_NAME
- nslookup tryhackme.org
- dig - to query DNS servers
- dig DOMAINNAME or dig DOMAIN_NAME TYPE
- eq. dig tryhackme.com MX
- eq. dig @1.1.1.1 tryhackme.com MX
- First you need to scan to find out the DNS Server. Most simple way to do this is with nmap and scan port 53.
- Check with nslookup if it resolvs a live IP or not
- for ip in $(seq 1 255); do host 10.11.1.$ip 10.11.1.220; done | grep -v 'Address|Name|Aliases|Using|not' | grep -e "\r" > dns_names.txt