2 :53 dns
53/tcp open domain ISC BIND 9.16.1 (Ubuntu Linux)
$ dig version.bind CHAOS TXT @10.10.10.244
; <<>> DiG 9.16.15-Debian <<>> version.bind CHAOS TXT @10.10.10.244
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8939
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: 7df2ffed12dbe2580100000061087e6d63bc2d994ef89fd6 (good)
;; QUESTION SECTION:
;version.bind. CH TXT
;; ANSWER SECTION:
version.bind. 0 CH TXT "9.16.1-Ubuntu"
;; Query time: 123 msec
;; SERVER: 10.10.10.244#53(10.10.10.244)
;; WHEN: Mon Aug 02 16:21:22 PDT 2021
;; MSG SIZE rcvd: 95
$ nmap --script dns-nsid 10.10.10.244
Starting Nmap 7.91 ( https://nmap.org ) at 2021-08-02 16:22 PDT
Nmap scan report for dyna.htb (10.10.10.244)
Host is up (0.16s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
| dns-nsid:
|_ bind.version: 9.16.1-Ubuntu
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 25.72 seconds
# find domains
wfuzz -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u "http://dyna.htb" -H "HOST: FUZZ.dyna.htb"
# too many responses with the 1090 chars.
# filter that out using --hh <value>
wfuzz -c -w /usr/share/seclists/Discovery/DNS/subdomains-top1million-110000.txt -u "http://dyna.htb" -H "HOST: FUZZ.dyna.htb" --hh 10909
# no results
Last updated