Review #1_Information Gathering with DNSenum

*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)

When I first saw the Kali Linux, I didn’t know much about penetration testing tools. I only used Metasploit framework to penetrate some CVE on virtual machines. After few more days later, I took a penetration testing courses, and found out Kali linux has more function besides than msfconsole. So, I decided to read this book to learn more about Kali’s pen-testing features and functions.

First two chapters, named “up and running” and “customizing” are simple step for person who never used or installed Kali Linux. This chapter was helpful when I need to set up certain network protocol like like SSH, FTP and Apache2. To customize the environment, the book shows how to install kernel headers. I’ve never learned about the function of kernel header, but it’s used to define interfaces between components of the kernel and user space.

Chapter 3 : Advanced Testing Lab

For hacking tools/ penetration testing, the chapter shows ‘Turnkey Linux WordPress Virtual Machine’ , which named “WPScan”. It scans WordPress Security and allows users to find their vulnerability. To practice, we need a testbed, target wordpress website and it’s IP or domain address.

Chapter 4 : Information Gathering

To penetrate a target, we need to know basic information about a target, This step also called is footprinting and reconnaissance. The author emphasizes that documentation is also important. There’s passive and active technique, passive footprinting / scanning is collecting public/general information, which isn’t required interaction with a target such as google search, company’s webpage’s public information or job opening description . Active scanning is required a interaction between target server/ system such as ICMP scanning.
In this chapter, I learned how to use enumeration tricks by using DNSenum (DNS enumeration tool) and SnmpEnum(SNMP enumeration tool). For your information, DNS, Domain Name System is decentralized naming system for devices, which helps them to connect to the internet or private network. By using DNS enumeration technique, you can get a target’s network’s’ computer names, IP address and username. I try to scan a website by using DNSenum. As you can see the image below. There’s DNS zone transfer at the bottom. For your information, DNS Zone Transfer is used to copy and paste DNS data to other DNS servers or backup DNS files incase of error. As you can see I can’t get DNS zone transfer information because the AXFR record query failed ,refused.


To determine network range, in this book, they use dmitry(Deepmagic Information Gathering Tool). The option -wnspb shows WHOIS lookup which helps you to find out registered domain owner and other information. I think drawing target’s network topology is important , but also the actual IP address of target. Because of CloudFlare’s  security function, it was hard for me to find actual IP address. I tried to get information by pinging MX server, crimeflare and checking DNS information.

To identify active machine and open ports and gather OS information about a target host, all you need to know is nmap command. (I remember this was also part of CEH exam quiz), nmap -p [port number ] and nmap -o for OS information

*Book Review,  Kali Linux Cookbook: Willie L. Pritchett, David De Smet (published 2013)

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s