This section will explore how to obtain detailed DNS information about a target website. DNS, or Domain Name System, is responsible for translating website URLs, such as GOOGLE.COM, into corresponding IP addresses using DNS servers. These servers store multiple records, each pointing to a different IP and domain, and some records may even point to the same IP. Typically, when a user requests a domain name, it is converted into an IP address, and the relevant information is stored based on the address. By querying the DNS server, we can extract information about the website. The process is depicted in the accompanying diagram.
After navigating to the website Robtex (https://www.robtex.com/) and searching for isecur1ty.org, I clicked on GO and selected the initial result displayed on the page.
The screenshot above provides us with valuable information about the website. We can observe the DNS report, name servers utilized, and Mail servers. Furthermore, we can examine the RECORDS we mentioned earlier, as well as the DNS server, as illustrated in the following screenshot:
In the provided screenshot, we can observe different types of records associated with the DNS. These records include the A record, responsible for converting a domain name to an IP address. During our previous DNS spoofing exercise, we added an A record to the dns.conf and iter.conf files. This A record links the domain name “isecur1ty.org” to its corresponding IP address. In addition to the A record, there are other types of DNS records, such as the NS record, which links the domain to its respective name server.
By examining the provided screenshot, we can observe the MX record that establishes the connection to the mail server. Based on this information, it appears that the website is utilizing a Google mail server and thus, likely employing Gmail for its email services.
Upon scrolling down, we can observe a graphical representation of how the various services interact with each other, utilize the available DNS records, and translate them into corresponding IP addresses, as depicted in the provided screenshot.
The Shared tab displays whether any of the available resources are being shared, as shown in the accompanying screenshot.
In the aforementioned screenshot, it is evident that the website is employing three Name servers and multiple Mail servers. Furthermore, there are several domain names and websites that are pointing to the same IP address, indicating that they are likely hosted on the same web server. Although Sharing mail servers does not necessarily imply that the websites are on the same server, the fact that they are pointing to the same IP address strongly suggests that they are indeed hosted on the same server. Therefore, if unauthorized access is obtained to any of the websites mentioned, it would potentially provide an opportunity to gain access to isecur1ty.org.
We believe that you have got sufficient information from this article regarding Robtex. Do follow us @ tutorials.freshersnow.com to know more about Ethical Hacking.