cheatsheet
  • Introduction
  • Internal Pentest
    • Active Directory
      • Reconnaissance
        • Find Domain Name
        • Find Domain Controllers
        • Enumerating Machines
        • Enumerating Services
        • DNS Enumeration
      • Exploitation
        • Exploit Without Account
          • SMB Relay
        • Exploit With Account
          • Kerberoast Attack
      • Post-Exploitation
        • Extracting Credentials
          • Retrieve Windows passwords
          • Retrieve Windows hashes
        • Maintening Access
          • Adding Local Administrator
        • Lateral Movement
          • SMB protocol
Powered by GitBook
On this page
  1. Internal Pentest
  2. Active Directory
  3. Reconnaissance

DNS Enumeration

DNS Enumeration is an important step to cartography the perimeter.

You can test for several DNS attacks (zone transfer, brute-force, etc) with the following command:

dnsenum <domain> -f /usr/share/wordlists/SecLists/Discovery/DNS/namelist.txt --dnsserver <dnsServer> > dnsenum.txt
PreviousEnumerating ServicesNextExploitation

Last updated 5 years ago