HackTheBox — Information Gathering: Passive Enumeration

In this blog post, we go over some tools that are used during passive enumeration phase.This is a tool used to obtain all publicly available information about a domain: domain name, registration, expiration dates, etc.export TARGET="facebook.com"
whois $TARGETWhat do we learn from the above output?Organisation: Meta Platforms, Inc.
Locations: 1601 Willo Rd, Menlo Park, CA 94025, US
Registrant Email: domain@fb.com
Registrar Email: abusecomplaints@registrarsafe.com
Registrar Phone: +1.6505434800
Language English (US)
Registrar: RegistrarSafe, LLC
DNSSEC unsigned
Name servers A.NS.FACEBOOK.COM
B.NS.FACEBOOK.COM
C.NS.FACEBOOK.COM
D.NS.FACEBOOK.COMDNS is the Internet’s phonebook, where the domain name of a website is resolved to a corresponding IP address.facebook.com will have a corresponding IP address. When we enter facebook.com into the browser, it reaches out to the DNS server and ask for the website’s IP address. Once the browser obtains the IP, it sends request to the page and deliver the responses to users.When it comes to DNS, these are the few information we need to pay attention toSource: HackTheBoxTo find DNS information, we can use these two tools: nslookup & dig.

nslookup facebook.com

dig facebook.com @1.1.1.1

As we can see, both command return facebook’s IP address. What’s more, dig seems to give us more information about the target. the @1.1.1.1 specifies the domain resolver, which will translate facebook.com to the corresponding IP address.