DNS zone transfer is one
of the many mechanisms available for administrators to replicate DNS databases across a set of DNS servers. It can be done by inducing DNS query type AXFR. Zone files contain complete information about domain names,
subdomains and IP addresses configured on the target name server. Information gathered
from zone files can be useful for attackers to implement various attacks
against the target company, like targeting test or development servers which
are less secure.
Therefore most of DNS servers are protected from
the Zone Transfer. I tried to make a zone transfer using host in Kali Linux.
After I found the DNS server of the domain name
from the dig command, I can use some command to test for DNS zone transfer.
host –l domain_name dns_server_name
This command can be used after w efound out the
dns server from previous dig command. All three domain name refused the
transfer and the transfer failed message were shown.
dig @dns_server_name domain_name axfr
The second command that I
used is dig @dns_server_name domain_name axfr. All the test also resulted in
trasfer failed.
In conclusion, all of these DNS
server are secured enough from zone transfer and zone files cannot be
retrieved.
Zonetransfer.me
However, for those who
are curious of the result from DNS zone transfer, digi ninja team provide a domain that is
allow the DNS zone transfer request. The domain itself is zonetransfer.me. This domain is created to allow
pentester to use AXFR query aagaints this domain.
Before performing the zone transfer, we should try to look at the DNS name using dig command.
From this dig command result, there are two name server for the zonetransfer.me domain. There are nsztm2.digi.ninja and nsztm1.digi.ninja. The next step is to use this name server to perform the zone transfer using host command: host –l zonetransfer.me nsztm1.digi.ninja
The result of the host
command, allow us to get some IP addresses of servers that operated on
zonetransfer.me domain.
Next, I would test the
nsztm2.digi.ninja server using dig command: dig axfr
@nsztm2.digi.ninja zonetransfer.me
Now, we could get more
information including two people information, Pippa and Robin. There are also
testing site and staging site (www.sydneyoperahouse.com) that could be look for an attack. From here we can conclude that allowing
zone transfer from outside network is dangerous since attacker may get
information regarding the domain. In fact, this is just a test domain, and the
real domain will have more confidential data.
References:
https://digi.ninja/projects/zonetransferme.php
No comments:
Post a Comment