• Home »
  • Security »
  • Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

Backtrack 5: Information Gathering: Network Analysis: DNS Analysis: reverseraider

So many of the DNS enumeration scripts available in backtrack focus on typical DNS but reverseraider does what it sounds like it might do which is enumerate reverse DNS names. Enumerating reverse DNS on an IP or set of IP’s can sometimes reveal information you did not previously have. It is possible to be targeting a web server that has a bunch of virtual hosts and you prefer to track down primary web site on the web server which is where reverseraider may provide the results necessary as it is more likely that the most important site on the virtual web server has reverse DNS configured on the host itself. Below I display the primary three methods of using reverseraider.

Use reverseraider To Enumerate Reverse DNS On A File Of IP’s:

bash

  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -f iplist-test.txt
  2. resolver3.opendns.com               208.67.222.220
  3. resolver3.opendns.com               208.67.222.220
  4. resolver1.opendns.com               208.67.222.222
  5. resolver1.opendns.com               208.67.222.222
  6. google-public-dns-a.google.com      8.8.8.8
  7. google-public-dns-a.google.com      8.8.8.8
  8. resolver2.opendns.com               208.67.220.220
  9. resolver2.opendns.com               208.67.220.220
  10. resolver2.opendns.com               208.67.220.220
  11. resolver2.opendns.com               208.67.220.220
  12. root@bt:/pentest/enumeration/reverseraider#

The above list of IP’s is provided with reverseraider as test list of IP’s and resolves various Google IP’s reverse DNS. The primary thing to take away from the above example is that the -f switch allows you to specificy a file that has a list of IP’s, a list of IP ranges, or a combination of the two. The next example below uses a wordlist against a specific domain looking for reverse DNS by parsing a wordlist trying each combination within.

Use reverseraider To Enumerate Reverse DNS Based On A Wordlist:

bash

  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -w wordlists/fast.list -d louisville.edu
  2. smtp.louisville.edu                 136.165.233.235
  3. smtp.louisville.edu                 136.165.233.231
  4. smtp.louisville.edu                 136.165.233.227
  5. hermes.louisville.edu               136.165.253.10
  6. dns.louisville.edu                  136.165.253.10
  7. smtp.louisville.edu                 136.165.233.227
  8. mail.louisville.edu                 136.165.233.227
  9. smtp.louisville.edu                 136.165.233.235
  10. mail.louisville.edu                 136.165.233.235
  11. smtp.louisville.edu                 136.165.233.231
  12. mail.louisville.edu                 136.165.233.231
  13. www.louisville.edu                  136.165.238.157
  14. web.louisville.edu                  136.165.238.183
  15. ldaplb.louisville.edu               136.165.229.2
  16. ldap.louisville.edu                 136.165.229.2
  17. www.louisville.edu                  136.165.238.157
  18. smtp.louisville.edu                 136.165.233.231
  19. smtp.louisville.edu                 136.165.233.227
  20. smtp.louisville.edu                 136.165.233.235
  21. hermes.louisville.edu               136.165.253.10
  22. dns.louisville.edu                  136.165.253.10
  23. smtp.louisville.edu                 136.165.233.235
  24. mail.louisville.edu                 136.165.233.235
  25. smtp.louisville.edu                 136.165.233.231
  26. mail.louisville.edu                 136.165.233.231
  27. smtp.louisville.edu                 136.165.233.227
  28. mail.louisville.edu                 136.165.233.227
  29. web.louisville.edu                  136.165.238.183
  30. ldaplb.louisville.edu               136.165.229.2
  31. ldap.louisville.edu                 136.165.229.2
  32. vpn.louisville.edu                  216.249.140.85
  33. vpn.louisville.edu                  216.249.140.85
  34. root@bt:/pentest/enumeration/reverseraider#

In the above example the smallest wordlist example was used which still turned up a ton of results. In this example with the -d switch it specifies a domain you want to enumerate reverse DNS names for however keep in mind that you must also use the -w switch to specify a wordlist. There are three wordlists located in /pentest/enumeration/reverseraider/wordlists/. You can also see how numerous reverse DNS names have multiple IP’s which is another thing to think about when thinking of the value of reverse DNS. If you knew of the IP address 136.165.233.235 above which allowed you to obtain mail.louisville.edu then you could then investigate using reverseraider and other tools to see if there are other mail servers in the same IP range. The last example below displays reverseraider using the -r switch which allows you to specify a single IP or a range of IP’s on the command line.

Use reverseraider To Enumerate Reverse DNS Entries By IP Address:

bash

  1. root@bt:/pentest/enumeration/reverseraider# ./reverseraider -r 2.1.1.1-10
  2. ANantes-551-1-154-1.w2-1.abo.wanadoo.fr 2.1.1.1
  3. ANantes-551-1-154-1.w2-1.abo.wanadoo.fr 2.1.1.1
  4. ANantes-551-1-154-2.w2-1.abo.wanadoo.fr 2.1.1.2
  5. ANantes-551-1-154-2.w2-1.abo.wanadoo.fr 2.1.1.2
  6. ANantes-551-1-154-3.w2-1.abo.wanadoo.fr 2.1.1.3
  7. ANantes-551-1-154-3.w2-1.abo.wanadoo.fr 2.1.1.3
  8. ANantes-551-1-154-4.w2-1.abo.wanadoo.fr 2.1.1.4
  9. ANantes-551-1-154-4.w2-1.abo.wanadoo.fr 2.1.1.4
  10. ANantes-551-1-154-5.w2-1.abo.wanadoo.fr 2.1.1.5
  11. ANantes-551-1-154-5.w2-1.abo.wanadoo.fr 2.1.1.5
  12. ANantes-551-1-154-6.w2-1.abo.wanadoo.fr 2.1.1.6
  13. ANantes-551-1-154-6.w2-1.abo.wanadoo.fr 2.1.1.6
  14. ANantes-551-1-154-7.w2-1.abo.wanadoo.fr 2.1.1.7
  15. ANantes-551-1-154-7.w2-1.abo.wanadoo.fr 2.1.1.7
  16. ANantes-551-1-154-8.w2-1.abo.wanadoo.fr 2.1.1.8
  17. ANantes-551-1-154-8.w2-1.abo.wanadoo.fr 2.1.1.8
  18. ANantes-551-1-154-9.w2-1.abo.wanadoo.fr 2.1.1.9
  19. ANantes-551-1-154-9.w2-1.abo.wanadoo.fr 2.1.1.9
  20. ANantes-551-1-154-10.w2-1.abo.wanadoo.fr    2.1.1.10
  21. ANantes-551-1-154-10.w2-1.abo.wanadoo.fr    2.1.1.10
  22. root@bt:/pentest/enumeration/reverseraider#

That is pretty much it. There is not a lot to reverseraider though I believe it to be a valuable to specifically for reverse DNS enumeration.

Share