Dnsrecon tool (DNS Zone transfer)
- nslookup 10.10.10.13 will get domain name
- dnsrecon -d megacorpone.com -t axfr for dnszone transfer
- dnsrecon -d megacorpone.com -t axfr -n <server> can put ip address of machine
- dnsrecon -d megacorpone.com -t axfr -n 10.10.10.13
- dnsrecon -d megacorpone.com -D ~/list.txt -t brt for bruteforce
- edit /etc/hosts
- 10.10.10.13 cronos.htb admin.cronos.htb ns1.cronos.htb www.cronos.htb