Domain Name Services
DNS is essential within the footprinting of a target network.It will generally save the aggressor a great deal of your time, or a minimum of corroborate different info that has been gathered. DNS is additionally a target for many forms of attack.
Field within the SOA record: (time in seconds)
1882919 7200 3600 14400 2400
serial refresh hear end TTL
Requesting a zone transfer
nslookup: Is- d example.com
dig@ns1.example.com AXFR
host-t AXFR example.com ns1.example.com
Using Whols
Whols example.com
Reginal net Registrars
ARIN (North America)
APNIC (Asia Pacific Region)
LACNIC (Southern and Central America and Caribbean)
RIPE NCC (Europe, the center East and Central Caribbean)
AfriNIC (Africa)
Attacks against DNS Server
Zone transfers:- military operation road
Zone Poisoning:- send false answers to cache servers till they store them
Reflection Dos:- send phony requests into a series of servers that do algorithmic queries.
Google Hacking
An aggressor can use google to enumerate a target while not ever touching it. The advanced search syntax is straightforward to use however may be far-out every now and then. It takes apply and experimentation.
Using Advanced Search
Operator keyword extra search terms
Advanced Operators
Site:- reach keywords to look solely at intervals a website
ext:- file extension
loc:- maps location
in title:- keywords within the title tag of the page
all in title:- any of the keywords may be within the title
in url:- keywords anyplace within the computer address
all in url:- any of the keywords may be within the computer address
in cache:- search google cache solely
Keyword mixtures
password|passlist|username|user
login|logon
administrator|admin|root
prototype|proto|test|example
Examples
site:intense faculty.com (ceh ecsa lpt)
intitle: index.of
allinurl: login logon
ext:html-ext:htm -ext:asp -ext:aspx -ext:php
Nmap Scan varieties
Nmap is that the de-facto tool for footprinting networks. it's capable of finding live hosts, access points, process operational systems and validatory services. It conjointly has vital IDS evasion capabilities.
Discovery Scans
Option Description
-sP Ping
-sL List Scan
-sO Protocol
-sV Verfify
-sL List scan
Normal Scans
Options Desc Flags Windows open Closed
-sT Content S reserves RA
-sS concealing S reserves RA
Linux open
SA
SA
Closed
RA
RA
Inverse Scans
Options Desc Flags Windows open
-sN Null - RA
-sX Christmas Day UPF RA
-sF Fin F RA
-sA Ack A R
-sW Window A R
Linux clossed open Closses
RA - RA
RA - RA
RA - RA
R R R
R R R
Other vital Nmap choices
Options Description
-A : change OS detection, Version Detection, Script scanning and traceroute
-n : don't search DNS
-v : Timing- five is quicker
-PO : don't ping 1st
TCP Flags
This take a look at can have scenarious that need you demonstrate associate understanding of TCP behaviour together with Nmap scan varieties. make sure to understand every of those mixtures well.
TCP Flags
O O URG ACK PSH RST SYN FIN
TCP acknowledgment (closed port)
Direction Binary Hex Flags
A->B 00000010 0*02 s seq=1 Ack=0
B->A 00010010 0*12 AS Ack=2 Seq=10
A->B 00010000 0*10 A Seq=2 Ask=11
TCP acknowledgment (Closed Port)
A->B 00000010 0*02 S Seq=1 Ack=0
B->A 00010100 0*14 AR Ack=2 Seq=0
Nmap concealing Scan (open Port)
Direction Binary Hex Flags
A->B 00000010 0*02 S
B->A 00010010 0*12 AS
A->B 00000100 0*04 R
Nmap Christmas Day Scan (open port)
Direction Binary Hex Flags
A->B 00101001 0*29 UPF
No response from Linux hosts. RA from windows
Nmap ACK Scan
Direction Binary Hex Flags
A->B 00010000 0*10 A
A->B 00000100 0*04 R
Solaries won't respond on open ports
Hopefully this blog helpfull for you and you can understand about ethical hacking's domain name service, Nmap scan varieties and so on.
For more such blogs visit our website and if you want to became an ethical hacker and make your career in hacking then join scode network institute now.
Comments