I was solving the challenge LAB in Network Reconnaissance and have solved the previous 2 questions but I am stuck on question 3. I tried all the options but I am not getting the domain.
# Task 3
You’ll also discover one of these hosts is a DNS server running the BIND software. That’s handy since your IPs don’t seem to be resolving to any domains. This internal DNS server might be able to help you in this last sequence.
Hint: The --dns-server option specifies the nameserver Nmap should use for reverse resolution.
Use Nmap to perform a list scan to resolve your targets using the discovered DNS server for resolution. You’ll find a web server with an interesting domain name here
In the task 3 :
– perform the nmap scan to find the ip address of the dns server using 192.168.0.0/23 .
It will out put a list of ip running .
In side, find the dns server has service named BIND,
sudo nmap -sL --dns-server -iL iplist.lst
then you do rDNS using -n . find the name of the nameserver as it starts with hint. stag*
run sudo nmap -p 80,443 --script http-enum
replace with staging.*** domain
you get the output,
there will be a file displayed …
5:4 letters
1 Like
1.3 challenge exercise
I admit I am so lost on task 3. My ip.lst only displays two ips and I can’t seem to figure out how to find the DNS server from finishing task 2 with the nmap -n -Pn -sV -iL ip.lst – 21,22,80 --open
please help. I tried the commands you posted but nothing to resolve in my lst file
Hey @TesaZane5235,
If you only receive 2 IPs from your “masscan” scan in Task 1, I would double-check your command. You’re expected to run masscan using the provided top100.conf and point it at the provided IP range (192.168.0.0/23).
For Task 2, it looks like you only tried to scan 3 ports (21,22,80), where the request is to scan the top 1000 ports.
Once you take care of the above, you’ll be able to see the BIND server needed to finish Task 3.
Happy hacking!
1 Like