Using enumeration tools

 

Performing Zone Transfers

The DNS (Domain Name System) server service provides three types of zones such as primary, secondary, and stub zones. Zone transfer is a mechanism with the help of which the changes that are made to the zone on a master server are replicated on all the secondary servers for that particular zone.

In this exercise, you will learn to perform zone transfers using command-line tools such as nslookup and dig.

Please refer to your course material or use your preferred search engine to research this topic in more detail.

Task 1 - Use Nslookup to Perform Zone Transfer

The nslookup command-line tool displays information related to a DNS domain.

In this task, you will use the nslookup command-line tool to perform zone transfer.

Step 1

Ensure you have powered on the required devices and connect to PLABWIN10.

To open Command Prompt, on the taskbar, click Search.

In the Search box, type:

cmd

The Best match menu appears.

From the Best match menu, click Command Prompt Desktop app.

Command Prompt window opens.

Figure 1.1 Screenshot of the Command Prompt window on PLABWIN10: On the taskbar, Search is selected. In the Search box, the text “cmd” is entered. The Best match menu appears. From the Best match menu, Command Prompt Desktop app is selected.

Step 2

At the prompt, type the following command:

nslookup

Press Enter.

The command prompt will change to a > symbol.

Figure 1.2 Screenshot of the Command Prompt window on PLABWIN10: The command is entered and executed.

Step 3

At the next prompt, type the following command:

server 192.168.0.1

Press Enter.

For the purpose of this demonstration, 192.168.0.1 is considered as the IP address of the DNS server.

Figure 1.3 Screenshot of the Command Prompt window on PLABWIN10: The command is entered and executed.

Step 4

At the next prompt, type the following command:

set type=any

Press Enter.

This command retrieves all the records from the server.

Figure 1.4 Screenshot of the Command Prompt window on PLABWIN10: The command is entered and executed.

Step 5

At the next prompt, type the following command:

ls -d practise-labs.com

Press Enter.

This command allows the DNS server to transfer practise-labs.com zone to PLABWIN10.

Note: The DNS server used in this demonstration is not vulnerable for zone transfers. In addition, the external domain practise-labs.com is a fictitious domain and is not available in the environment. Therefore, the command will not display any successful output.

Figure 1.5 Screenshot of the Command Prompt window on PLABWIN10: The command is entered and executed.

Leave the devices you have powered on in their current state and proceed to the next task.

Task 2 - Use the DIG Tool to Perform Zone Transfer

The DIG (Domain Information Groper) command-line tool is used to query DNS servers. It helps the network administrations to troubleshoot network related issues. You can use the DIG command-line tool if you want to perform the zone transfer from a Linux system. This tool exists on KALI by default.

In this task, you will connect to PLABKALI01 and use the DIG tool to query the DNS server.

Step 1

Connect to PLABKALI01.

In the Username: field, type:

root

Press Enter.

Figure 1.6 Screenshot of PLABKALI01: Entering the username root

Step 2

In the Password: field, type:

Passw0rd

Press Enter.

Figure 1.7 Screenshot of PLABKALI01: Entering the password Passw0rd.

Step 3

The connection to PLABKALI01 device is successfully established.

Figure 1.8 Screenshot of PLABKALI01: The connection is established.

Step 4

To run the root terminal, from the desktop of PLABKALI01 device, double-click the Root Terminal icon on the desktop

Figure 1.9 Screenshot of PLABKALI01: The root terminal icon on the desktop is selected

Step 5

The root@kali: ~ window opens. You can maximise the window by clicking the square in the top right corner.

Figure 1.10 Screenshot of PLABKALI01: The root terminal window is opened with the mouse hovering over the maximise button.

Step 6

To perform the zone transfer, at the command prompt of the root terminal window, type the following command:

dig axfr practise-labs.com 192.168.0.1

Press Enter.

This axfr parameter provides the complete listing of the domain records.

Note: The server used in this demonstration is not vulnerable for zone transfers. In addition, the external domain practise-labs.com is a fictitious domain and is not available in the environment. Therefore, the command will not display any successful output.

Figure 1.11 Screenshot of PLABKALI01: The command is entered and executed.

Exercise 2 - Working with Remote Targets

PsInfo is a command-line tool that comes bundled with Microsoft Sysinternals suite. By default, this tool provides local system information. However, you can use this tool to retrieve information about remote systems in the network.

In this exercise, you will use the PsInfo command-line tool.

Please refer to your course material or use your preferred search engine to research this topic in more detail.

Task 1 - Use PsInfo Command-line Tool

In this task, you will use the PsInfo command-line tool to retrieve the system information of PLABDC01.

Step 1

Connect to PLABWIN801.

From PLABWIN801 desktop, double-click the PsTools folder.

Figure 2.1 Screenshot of PLABWIN801 desktop: PsTools folder on the desktop is double-clicked.

Step 2

The File Explorer window opens and the PsTools folder list is displayed.

Figure 2.2 Screenshot of the File Explorer window: The folder list is displayed in the File Explorer window.

Step 3

To copy PsInfo.exe file to the desktop, in the details pane, right-click PsInfo.

A context menu appears.

From the context menu, click Copy.

In the console tree, click Desktop.

In the details pane of the Desktop folder, right-click.

From the context menu, click Paste.

The PsInfo.exe file is copied on the desktop.

Figure 2.3 Screenshot of the File Explorer window: PsInfo.exe file is right-clicked. From the context menu, Copy is selected. In the console tree, Desktop is selected. In the details pane of the Desktop folder, after the right-click, a context menu appears. From the context menu, Paste is selected. PsInfo.exe file is copied on the desktop.

Step 4

To open Command Prompt, click the Start charm.

In the Search box, type:

cmd

From the search list, click Command Prompt.

Figure 2.4 Screenshot of the Start menu: The Start charm is selected. In the Search box, the text “cmd” is entered. From the search list, Command Prompt is selected.

Step 5

Command Prompt window opens.

To navigate to the desktop folder, at the prompt, type the following command:

cd Desktop

Press Enter.

Figure 2.5 Screenshot of the Command Prompt window on PLABWIN801: The command to navigate to the desktop folder is entered and executed.

Step 6

To retrieve and display the system information of PLABDC01, at the prompt, type the following command:

Psinfo.exe \\192.168.0.1 -h -d

Press Enter.

The parameter -h displays a list of installed hotfixes. The parameter -d displays the information related to the disk volume.

Note: If the PsInfo tool’s license agreement window appears, click Agree.

Figure 2.6 Screenshot of the Command Prompt window on PLABWIN801: The command is entered and executed.

Step 7

PsInfo tool displays the system information of PLABDC01.

Figure 2.7 Screenshot of the Command Prompt window on PLABWIN801: The command output is displayed.

Exercise 3 - Working with Finger Command

In Unix/Linux, you can use the finger command to retrieve information about the system users in the network.

In this exercise, you will work with the finger command.

Please refer to your course material or use your preferred search engine to research this topic in more detail.

Task 1 - Use the Finger Command

In this task, you will use the finger command with different parameters.

Step 1

Connect to PLABKALI01 from PLABWIN10.

Root terminal window is open on PLABKALI01.

At the command prompt of the root terminal window, type the following command:

finger -s root

Press Enter.

This command displays the information about all the users available on the system.

You can also retrieve user information from remote Linux systems in the network by using the “-1” parameter with the finger command. The syntax of the command is as follows:

finger -l user@host

In this command, user is the username and host is the machine name you wish to target.

Close all open windows.

Figure 3.1 Screenshot of root terminal window: The command is entered and executed. The output is displayed.

Shutdown all virtual machines used in this lab, by using the power functions located in the Tools bar before proceeding to the next module. Alternatively, you can log out of the lab platform.