Stuck on the Network Reconnaissance Lab

I was solving the challenge LAB in Network Reconnaissance and have solved the previous 2 questions but I am stuck on question 3. I tried all the options but I am not getting the domain.

# Task 3

You’ll also discover one of these hosts is a DNS server running the BIND software. That’s handy since your IPs don’t seem to be resolving to any domains. This internal DNS server might be able to help you in this last sequence.

Hint: The --dns-server option specifies the nameserver Nmap should use for reverse resolution.

Use Nmap to perform a list scan to resolve your targets using the discovered DNS server for resolution. You’ll find a web server with an interesting domain name here

In the task 3 :
– perform the nmap scan to find the ip address of the dns server using 192.168.0.0/23 .

It will out put a list of ip running .

In side, find the dns server has service named BIND,
sudo nmap -sL --dns-server -iL iplist.lst

then you do rDNS using -n . find the name of the nameserver as it starts with hint. stag*

run sudo nmap -p 80,443 --script http-enum
replace with staging.*** domain

you get the output,

there will be a file displayed …

5:4 letters

1 Like

1.3 challenge exercise

I admit I am so lost on task 3. My ip.lst only displays two ips and I can’t seem to figure out how to find the DNS server from finishing task 2 with the nmap -n -Pn -sV -iL ip.lst – 21,22,80 --open

please help. I tried the commands you posted but nothing to resolve in my lst file

Hey @TesaZane5235,

If you only receive 2 IPs from your “masscan” scan in Task 1, I would double-check your command. You’re expected to run masscan using the provided top100.conf and point it at the provided IP range (192.168.0.0/23).

For Task 2, it looks like you only tried to scan 3 ports (21,22,80), where the request is to scan the top 1000 ports.

Once you take care of the above, you’ll be able to see the BIND server needed to finish Task 3.

Happy hacking!

1 Like