7.12 枚举DNS服务器的主机名
表7.12所示为本章节所需Nmap命令表,表中加粗命令为本小节所需命令——枚举DNS服务器的主机名。
在渗透测试时需要暴力破解出该域名下的子域名与DNS服务器的主机名,在Nmap中使用dns-brute脚本即可达到我们的要求。
操作步骤
使用命令“nmap --script dns-brute --script-args dns-brute.domain=baidu.com”即可发起对baidu.com子域名的枚举。
root@Wing:~# nmap --script dns-brute --script-args dns-brute.domain=baidu.com
Starting Nmap 6.47 ( http://nmap.org ) at 2015-06-28 16:03 CST
Pre-scan script results:
| dns-brute:
| DNS Brute-force hostnames:
| stats.baidu.com - 123.129.254.15
| host.baidu.com - 123.129.254.15
| mx.baidu.com - 61.135.163.61
| devel.baidu.com - 221.192.153.42
| svn.baidu.com - 10.65.211.174
| mx0.baidu.com - 123.129.254.15
| development.baidu.com - 123.129.254.15
| administration.baidu.com - 221.192.153.42
| syslog.baidu.com - 221.192.153.42
| mx1.baidu.com - 61.135.163.61
| devsql.baidu.com - 123.129.254.15
| ads.baidu.com - 10.42.4.225
| test.baidu.com - 180.76.134.214
| mysql.baidu.com - 221.192.153.42
| devtest.baidu.com - 123.129.254.15
| adserver.baidu.com - 123.129.254.15
| test1.baidu.com - 221.192.153.42
| news.baidu.com - 61.135.185.119
| dhcp.baidu.com - 123.129.254.15
| alerts.baidu.com - 221.192.153.42
| test2.baidu.com - 123.129.254.15
| noc.baidu.com - 123.129.254.15
| direct.baidu.com - 123.129.254.15
| alpha.baidu.com - 123.129.254.15
| ns.baidu.com - 123.129.254.15
| dmz.baidu.com - 123.129.254.15
| testing.baidu.com - 123.125.65.117
| testing.baidu.com - 123.125.112.68
| ap.baidu.com - 221.192.153.42
| ns0.baidu.com - 123.129.254.15
| dns.baidu.com - 202.108.22.220
| upload.baidu.com - 123.129.254.15
| http.baidu.com - 221.192.153.42
| apache.baidu.com - 123.129.254.15
| dns0.baidu.com - 123.129.254.15
| ns1.baidu.com - 202.108.22.220
| id.baidu.com - 106.120.159.12
| app.baidu.com - 123.125.112.120
| app.baidu.com - 61.135.185.124
| dns1.baidu.com - 220.181.38.10
| vnc.baidu.com - 221.192.153.42
| ns2.baidu.com - 61.135.165.235
| images.baidu.com - 112.80.248.122
| apps.baidu.com - 123.125.115.49
| voip.baidu.com - 111.206.45.40
| ns3.baidu.com - 220.181.37.10
| dns2.baidu.com - 123.129.254.15
| info.baidu.com - 123.125.114.22
| appserver.baidu.com - 123.129.254.15
| vpn.baidu.com - 61.135.165.126
| ntp.baidu.com - 10.48.28.94
| aptest.baidu.com - 123.129.254.15
| web.baidu.com - 10.48.30.87
| ops.baidu.com - 123.125.114.197
| internet.baidu.com - 61.135.185.119
| en.baidu.com - 123.129.254.15
| web2test.baidu.com - 221.192.153.42
| oracle.baidu.com - 123.129.254.15
| intra.baidu.com - 123.129.254.15
| erp.baidu.com - 10.42.7.18
| backup.baidu.com - 123.129.254.15
| whois.baidu.com - 221.192.153.42
| owa.baidu.com - 123.129.254.15
| intranet.baidu.com - 123.129.254.15
| beta.baidu.com - 123.129.254.15
| wiki.baidu.com - 10.42.7.70
| pbx.baidu.com - 123.129.254.15
| blog.baidu.com - 123.129.254.15
| ipv6.baidu.com - 220.181.57.216
| ipv6.baidu.com - 123.125.114.144
| ipv6.baidu.com - 220.181.57.217
| www.baidu.com - 61.135.169.121
| www.baidu.com - 61.135.169.125
| s3.baidu.com - 123.125.115.180
| ipv6.baidu.com - 2400:da00:0:0:0:dbf:0:100
| cdn.baidu.com - 10.42.231.41
| lab.baidu.com - 61.135.185.144
| lab.baidu.com - 123.125.112.77
| www2.baidu.com - 123.125.114.29
| secure.baidu.com - 123.129.254.15
| chat.baidu.com - 123.129.254.15
| ldap.baidu.com - 123.129.254.15
| xml.baidu.com - 221.192.153.42
| server.baidu.com - 221.192.153.42
| citrix.baidu.com - 123.129.254.15
| linux.baidu.com - 10.99.31.43
| shop.baidu.com - 123.125.112.68
| shop.baidu.com - 123.125.65.117
| cms.baidu.com - 10.26.7.93
| local.baidu.com - 123.125.115.105
| sip.baidu.com - 61.135.165.108
| corp.baidu.com - 123.129.254.15
| log.baidu.com - 10.26.39.14
| eshop.baidu.com - 123.129.254.15
| smtp.baidu.com - 221.192.153.42
| crs.baidu.com - 123.125.114.59
| mail.baidu.com - 61.135.163.38
| exchange.baidu.com - 123.129.254.15
| sql.baidu.com - 10.26.5.23
| cvs.baidu.com - 123.129.254.15
| mail2.baidu.com - 123.129.254.15
| f5.baidu.com - 123.129.254.15
| database.baidu.com - 123.129.254.15
| mail3.baidu.com - 202.108.22.171
| fileserver.baidu.com - 221.192.153.42
| db.baidu.com - 61.135.186.206
| mailgate.baidu.com - 123.129.254.15
| firewall.baidu.com - 221.192.153.42
| main.baidu.com - 123.129.254.15
| squid.baidu.com - 221.192.153.42
| dev.baidu.com - 61.135.185.212
| forum.baidu.com - 123.129.254.15
| manage.baidu.com - 123.129.254.15
| ssh.baidu.com - 123.129.254.15
| ftp.baidu.com - 221.192.153.42
| mgmt.baidu.com - 123.129.254.15
| ssl.baidu.com - 10.42.7.217
| ftp0.baidu.com - 123.129.254.15
| mirror.baidu.com - 10.11.250.228
| git.baidu.com - 10.42.4.104
| stage.baidu.com - 123.129.254.15
| mobile.baidu.com - 123.125.112.120
| mobile.baidu.com - 61.135.185.124
| gw.baidu.com - 123.129.254.15
| help.baidu.com - 123.125.112.108
| helpdesk.baidu.com - 123.129.254.15
| home.baidu.com - 123.125.114.197
| monitor.baidu.com - 10.94.25.52
| mssql.baidu.com - 123.129.254.15
|_ mta.baidu.com - 123.129.254.15
WARNING: No targets were specified, so 0 hosts scanned.
Nmap done: 0 IP addresses (0 hosts up) scanned in 9.61 seconds
root@Wing:~#
分析
从以上输出的结果可以得知,所有有关的子域名及服务器都被dns-brute脚本枚举出来。该脚本可以使用“dns-brute.threads=线程”指定线程来加快或减少破解速度,使用dns-brute. hostlist=./hostfile.txt指定一个需要枚举的列表。
时间: 2024-08-03 09:32:53