Bug Bounty Diaries #2

Hi guys! I’m back with a new blog and this is great because again… I learn a lot of things, specially about DNS, IP and things like that.

Goal: Spend the next 3 hours getting more information about my target with DNS

Again I didn’t try anything against my target… I just wanna learn as much as possible about DNS because this is one of the first steps that your PC does when you visit a web page. So let’s start!

What is DNS?

The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names, like nytimes.com or espn.com.

I get this from: https://www.cloudflare.com/learning/dns/what-is-dns/

Click on that URL if you wanna learn more about it! Do it! Now!

And with this… we have another question…

What is an IP?

Internet Protocol that’s the name, this is the way that your device can be identify on a network, every device that have an internet connection has an IP address and we have two protocols:

IPv4: This protocol it’s older an have a big problem but the IP’s with this protocol looks like this: 10.10.10.10IPv6: This protocol come to resolve the problem with IPv4 but the IP’s with this protocol looks like this: ffff:0000:eeee:0000:fasd

So now… what happen when with visit a link like google.com?

The domain is extracted from the URLWith the DNS the domain is converted into an IPA TCP connection must be established with the TCP three way handshakeThe browser sends a HTTP request with the “GET” methodThe server sends a reponseOur browser renders the responseThis is just an example

With wireshark you can intercept the traffic and see what happens with all this process:

You can see here the SYN and ACK flags from the TCP protocol

What are the steps that DNS takes to respond to your requests?

Thanks cloudfare…again xD

A user types ‘example.com’ into a web browser and the query travels into the Internet and is received by a DNS recursive resolver.The resolver then queries a DNS root nameserver (.).The root server then responds to the resolver with the address of a Top Level Domain (TLD) DNS server (such as .com or .net), which stores the information for its domains. When searching for example.com, our request is pointed toward the .com TLD.The resolver then makes a request to the .com TLD.The TLD server then responds with the IP address of the domain’s nameserver, example.com.Lastly, the recursive resolver sends a query to the domain’s nameserver.The IP address for example.com is then returned to the resolver from the nameserver.The DNS resolver then responds to the web browser with the IP address of the domain requested initially.

Now we know how DNS works, but how we get the IP address from a web site… I’ll use my target as an example.

Getting the IP address

We can try with two tools and they are great!

WHOISHOST

You need to give them a domain like: elementor.com

And then the tool gives you the IPv4 IP and the IPv6 IP, and this is great but… for what are we doing this?

Because with this we could try a nmap scan and look for more information!

DNS hacking toolkit:

We have a lot of tools but this are my favorites, with this tools we can get more information about our target!

WhoisHostDigdnsrecondnsenum

Guys… that’s all for today’s blog, I hope this is helpful to someone and again thanks for taking the time to read my blog. By the way, thanks for the more than 50 followers, with all my heart, thanks. don’t forget to follow me