nerdexam
EC-Council

312-50V10 · Question #180

Look at the following output. What did the hacker accomplish?

The correct answer is D. The hacker successfully transferred the zone and enumerated the hosts.. The output shown reflects a successful DNS zone transfer (AXFR), which exposes all DNS records - including hostnames, IPs, and subdomains - for the target domain.

Enumeration

Question

Look at the following output. What did the hacker accomplish?

Exhibit

312-50V10 question #180 exhibit

Options

  • AThe hacker used who is to gather publicly available records for the domain.
  • BThe hacker used the "fierce" tool to brute force the list of available domains.
  • CThe hacker listed DNS records on his own domain.
  • DThe hacker successfully transferred the zone and enumerated the hosts.

How the community answered

(24 responses)
  • C
    4% (1)
  • D
    96% (23)

Why each option

The output shown reflects a successful DNS zone transfer (AXFR), which exposes all DNS records - including hostnames, IPs, and subdomains - for the target domain.

AThe hacker used who is to gather publicly available records for the domain.

WHOIS queries return registrar and ownership metadata from public databases, not internal DNS host records or IP mappings as shown in zone transfer output.

BThe hacker used the "fierce" tool to brute force the list of available domains.

The 'fierce' tool performs DNS brute forcing by guessing subdomains, which is different from a zone transfer that retrieves the complete authoritative record set in a single response.

CThe hacker listed DNS records on his own domain.

Listing DNS records on one's own domain would be a legitimate administrative action, not a hacking technique, and would not produce an enumerated host list from a target domain.

DThe hacker successfully transferred the zone and enumerated the hosts.Correct

A DNS zone transfer (AXFR request) causes a misconfigured DNS server to replicate its entire zone database to the requester. This reveals all A, MX, CNAME, and NS records, effectively enumerating every host in the domain - a critical information disclosure vulnerability exploited during reconnaissance.

Concept tested: DNS zone transfer (AXFR) exploitation and host enumeration

Source: https://attack.mitre.org/techniques/T1590/002/

Topics

#DNS zone transfer#fierce tool#DNS enumeration#host enumeration

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice