Zone transfers are just NOT supposed to work (unless you are a DNS server), however, sometimes you want to show what one can find if they happen to come across a poorly misconfigured one. AboutSecurity told me about a site his buddy has called zonetransfer.me for this purpose specifically. It is a site you can show your customer/class/boss the dangers of zone transfers without setting up your own DNS server to prove your point.
For Windows users its as simple as this (ok DIG is simpler... never mind)
For Windows users its as simple as this (ok DIG is simpler... never mind)
Nslookup
set type=ns <-- get me name servers (NS)
zonetransfer.me <-- gets you the NS associated with this domain
server ns12.zoneedit.com <-- set the server to this
set type=all <-- grab everything
ls -d zonetransfer.com <-- GO!
2 comments:
"ls -d $domain > $file_name_for_results" to output to file iirc
and of course dig... ;)
dig @server domain axfr
good points Ren-- yup thats dig! Always good to see it both ways :-)
Post a Comment