Zone Transfers Fail: As we have previously discussed, most administrators are savvy enough to prevent random people from completing an unauthorized zone transfer.
However, all is not lost. If your zone transfer fails, there are dozens of good DNS interrogation tools. Fierce is an easy to use, powerful Perl script that can provide you with dozens of additional targets.
In Kali, you can find Fierce in the /usr/bin/ directory. Once again, you can simply open terminal and issue the “fierce” command (along with the required switches) or you can move into the /usr/bin/ directory.
If you prefer to run Fierce from the /usr/bin directory, you will need to open a terminal and issuing the following command:
Inside the Fierce directory, you can run the tool by executing the fierce.pl script and utilizing the –dns switch followed by your target domain.
./fierce.pl –dns trustedsec.com
Pay special attention to the “./” in front of the tool name. This is required and tells Linux to execute the file in the local directory.
The script will begin by attempting to complete a zone transfer from the specified domain. In the event the process fails, Fierce will attempt to brute-force host names by sending a series of queries to the target DNS server.
This can be an extremely effective method for uncovering additional targets. The general ideas is that if Dave owns “trustedsec.com” (which he does, please do not scan or interrogate),he may also own support. Trustedsec.com, citrix.trustedsec.com, print.trustedsec.com, or many others.
If you are using an attack Machine which does not have Fierce preinstalled you can get it by running the command:
Apt-get install fierce
There are many additional tools that can be used to interact with DNS. These tools should be explored and utilized once you have a solid understanding of how DNS works.