A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
A.
nmap -p 53 -oG dnslist.txt | cut -d ג€:ג€ -f 4
B.
nslookup -ns 8.8.8.8 << dnslist.txt
C.
for x in {1...254}; do dig -x 192.168.$x.$x; done
The correct answer is B.
RPTR (Reverse Pointer) records are used to map IP addresses to domain names in reverse DNS resolution. In order to discover RPTR records for a range of IP addresses, one can provide a list of IP addresses to the nslookup command and instruct it to perform reverse DNS lookups. The -ns option specifies the IP address of the DNS server to use for the lookup. Therefore, using nslookup with the appropriate options and providing the IP addresses in a file (dnslist.txt) would be the most efficient way to discover all the RPTR records for a range of IP addresses.
Absolutely C. On my LAN, if I run for x in {1..254}; do dig 192.168.0.$x; done, it's query my nameserver for each IP in the /24. Doesn't save to a file and I wouldn't say it's the most efficient but out of all the choices the most relevant.
Tested "nmap -p 53 8.8.8.8" only and got the following:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-06-23 10:45 AUS Eastern Standard Time
Nmap scan report for dns.google (8.8.8.8)
Host is up (0.0045s latency).
PORT STATE SERVICE
53/tcp open domain
Nmap done: 1 IP address (1 host up) scanned in 1.90 seconds
Tested "nmap -p 53 -oG dnslist.txt local_fileserver_ipaddress | cut -d ":" -f 4" and it resolved the IP to the hostname and output the result in a dnslist.txt file.
I know there is no IP range specified but I think this is the "MOST efficient to utilize" as per the question.
I would go for C. - http://www.telecom.otago.ac.nz/tele301/student_html/reverse-zones.html
Tried A from Kali Linux, and got “WARNING: No targets were specified, so 0 hosts scanned.” - Tried B from Windows and D from Linux with no luck. - Tried C from Linux and got “dig: '254}...{1.254}...{1.168.192.in-addr.arpa.' is not a legal name (empty label)”, but I guess I need to configure DNS server on this VM but at least it returned something.
Also in order for A to work we need to have -iL and a txt file specified with a range of IP addresses to scan, as -oG is just outputting results from nothing to dnslist.txt file in this example right?
C. does not look right. you will get:
192.168.1.1
192.168.2.2
192.168.3.3
Also the range specified in C has too many dots, should be two, not three. That might be a typo.
Found a better example of a complete DNS reverse lookup from: https://serverfault.com/questions/7056/whats-the-reverse-dns-command-line-utility
for ip in {1..254..1}; do dig -x 1.1.1.$ip | grep $ip >> dns.txt; done;
So in this example, maybe we could use something like this if we had only 1 x variable?
for x in (1..254..1); do dig -x 192.168.10.$x; done
Yes, that would work - if you used curly brackets instead of parens. So it may just be a typo.
However, there is no need for {1..254..1} when {1..254} does the same thing.
C does not look like python
https://www.w3schools.com/python/python_for_loops.asp
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.PT0-001 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kloug
2 years, 2 months agokloug
2 years, 2 months agomiabe
2 years, 9 months agoFluffyJohnson
4 years agoTestBanger
4 years, 5 months agomr_robot
4 years, 10 months agoD1960
4 years, 11 months agomr_robot
5 years agomr_robot
5 years agoD1960
4 years, 11 months agomr_robot
4 years, 11 months agoD1960
4 years, 10 months agoD1960
5 years, 1 month agojon34thna
5 years, 1 month agoamankry
5 years, 4 months agozgwy
5 years, 7 months agoD1960
5 years, 2 months ago