Cronos - HTB

1 minute read

The following are some useful concepts I was able to grasp from tackling the above HTB box.

DNS

DNS (Domain Name System) is like an Internet phonebook. It is responsible for resolving human-readable hostnames into machine-readable IP addresses. DNS servers host zones. A DNS zone is a portion of the domain name space that is served by a DNS server. For example, something.com with all its subdomains may be a zone. However, second.something.com may also be a separate zone.

upload-image

DNS Enumeration:

Its the most popular reconnaissance tasks there is for building a profile of your target.

Nslookup tool:


root@kali:~# nslookup google.com
Server:	8.8.8.8
Address:8.8.8.8#53

Non-authoritative answer:
Name:	google.com
Address: 216.58.223.110
Name:	google.com
Address: 2a00:1450:401a:805::200e

Non-authoritative answer simply means the response is from one of my configured nameservers (ISP / my domain).It would come back as non-authoritative because neither my ISP’s nameservers, nor my own are in the list of nameservers for google.com.

Host tool

host -l <domain-name> <dns_server-address>

Dig tool

#fetch A records(the IP address)
dig google.com +short
#mail information
dig google.com -t mx +short
#ns records
dig google.com -t ns +short

using gobuster:

root@kali# gobuster dns -d cronos.htb -w /usr/share/seclists/Discovery/DNS/bitquark-subdomains-top100000.txt 

Dns Zone transfer

AXFR (Asynchronous Transfer Full Range) Transfer.

root@kali# dig axfr cronos.htb @10.10.10.13

DNSenum

dnsenum --noreverse -o file.xml cronos.htb

Nmap dns-brute

nmap -T4 -p 53 --script dns-brute 10.10.10.13

Sqlmap tool

    sqlmap -v 4 -r login.txt

env command:

Provides information on the shell enviroment you are working with.

root@kali# env

Using shared memory: /dev/shm

Bitbucket


/dev/null   ---> Also called bit bucket | if you send output to /dev/null it simply disappears.
find -name filename 2> /dev/null   | The command directs the stderr to the bit bucket.

cat /dev/null filename    | empties the contents of the file.

Unix Permissions:

upload-image

Point to note:

– DNS server should be configured to only allow zone transfers from trusted IP addresses.

Leave a comment