DNS / BIND
DNSBINDDomain Name SystemUnbound
DNS is the Internet's domain name resolution system. Exposed resolvers allow DNS amplification attacks, zone transfers, and subdomain enumeration.
Ports
| Port | Protocol | Description |
|---|---|---|
| 53 | tcp/udp | DNS |
Fingerprints
| Banner / Probe | Expected Response |
|---|---|
nmap -sV -p <port> <target> | Service banner and version info |
nc -nv <target> <port> | Raw banner grab |
Key Files
| Path | Description |
|---|---|
C:\Windows\NTDS\ntds.dit | AD database with all password hashes |
C:\Windows\System32\config\SAM | Local SAM password hashes |
C:\Windows\System32\config\SYSTEM | System hive (boot key for hash decryption) |
C:\Windows\System32\config\SECURITY | Security policy and cached domain credentials |
%USERPROFILE%\AppData\Roaming\Microsoft\Credentials\ | Saved Windows credentials |
Default Credentials
| Username | Password | Context |
|---|---|---|
admin | admin | Generic admin account |
root | root | Generic root account |
Known CVEs
| Identifier | Type | Description |
|---|---|---|
— | Info | Check NVD database for latest CVEs |
Exploitation Primitives
| Technique | Tool / Command | Result |
|---|---|---|
| Zone Transfer | dig axfr @<target> domain.com | Full DNS zone dump |
| Subdomain Enum | dnsrecon -d domain.com -n <target> | Subdomain discovery |
Notes
Zone transfer (AXFR) is the most critical misconfiguration. Always check: `dig axfr @<target> <domain>`.
DNS amplification attacks use open resolvers; check with `nmap --script dns-recursion -sU -p53`.
Tools: `dnsrecon`, `dnsenum`, `fierce`, `dig`, `nslookup`.
Seen on
ShodanCensysFOFAZoomEye
References