Saturday, March 15, 2008

DNSMap Tutorial

DNSMap Tutorial

This tutorial will show you how to use DNSMap


Disclaimer
: This is for educational purposes only not for committing a crime you are on your own!
All IP's have been changed.

Background: Dnsmap is a small C based tool that perform brute-forcing of domains. The tool can use an internal wordlist, or work with an external dictionary file.
Info: http://ikwt.dyndns.org/ This site seems to be down.
(Source http://backtrack.offensive-security....p/Tools#dnsmap )

Ok now to acccess the tool go to K Menu | Backtrack | Information Gathering | DNS| DNSMap


Ok it will open a shell and show you
Code:
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Usage: dnsmap [dictionary-file]
Examples:
dnsmap yourtarget.com
dnsmap yourtarget.com yourwordlist.txt

bt dnsmap #
Once you have it open you can check the readme by doing a nano README This will provide lots more info.
Be sure to read it there are some limitations when using this tool.

Next we need to give dnsmap a target to search again we will use http://www.victimluser.com
so
Code:
bt dnsmap # victimluser.com
This will return us with:
Code:
dnsmap - DNS Network Mapper by pagvac
(http://ikwt.com, http://foro.elhacker.net)
Searching subhosts on domain victimluser.com

forum.victimluser.com
IP Address #1:192.168.1.1

mail.victimluser.com
IP Address #1:192.168.1.2

ftp.victimluser.com
IP Address #1:192.168.1.3

pop.victimluser.org
IP Address #1:192.168.1.4
Also you can create a wordlist.txt that you can supply at the command line like this
Code:
 bt dnsmap # dnsmap targetdomain.com wordlist.txt
This will force dnsmap to use a supplied wordlist to bruteforce subdomains if you do not supply a wordlist then dnsmap
will use the built in one by default.

The readme also give links to a few wordlist you can download.

No comments: