nerdexam
Exams312-50V9Questions#304
EC-Council

312-50V9 · Question #304

312-50V9 Question #304: Real Exam Question with Answer & Explanation

The correct answer is D: The hacker successfully transfered the zone and enumerated the hosts.. The DiG output shows a successful AXFR DNS zone transfer that revealed all internal hostnames and IP addresses for domain.com.

Question

Look at the following output. What did the hacker accomplish? ; <<>> DiG 9.7.-P1 <<>> axfr domam.com @192.168.1.105 ;; global options: +cmd domain.com. 3600 IN SOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600 domain.com. 600 IN A 192.168.1.102 domain.com. 600 IN A 192.168.1.105 domain.com. 3600 IN NS srv1.domain.com. domain.com. 3600 IN NS srv2.domain.com. vpn.domain.com. 3600 IN A 192.168.1.1 server.domain.com. 3600 IN A 192.168.1.3 office.domain.com. 3600 IN A 192.168.1.4 remote.domain.com. 3600 IN A 192.168. 1.48 support.domain.com. 3600 IN A 192.168.1.47 ns1.domain.com. 3600 IN A 192.168.1.41 ns2.domain.com. 3600 IN A 192.168.1.42 ns3.domain.com. 3600 IN A 192.168.1.34 ns4.domain.com. 3600 IN A 192.168.1.45 srv1.domain.com. 3600 IN A 192.168.1.102 srv2.domain.com. 1200 IN A 192.168.1.105 domain.com. 3600 INSOA srv1.domain.com. hostsrv1.domain.com. 131 900 600 86400 3600 ;; Query time: 269 msec ;; SERVER: 192.168.1.105#53(192.168.1.105) ;; WHEN: Sun Aug 11 20:07:59 2013 ;; XFR size: 65 records (messages 65, bytes 4501)

Options

  • AThe hacker used whois to gather publicly available records for the domain.
  • BThe hacker used the "fierce" tool to brute force the list of available domains.
  • CThe hacker listed DNS records on his own domain.
  • DThe hacker successfully transfered the zone and enumerated the hosts.

Explanation

The DiG output shows a successful AXFR DNS zone transfer that revealed all internal hostnames and IP addresses for domain.com.

Common mistakes.

  • A. Whois queries registrar and IANA databases for domain registration details, not DNS zone data - the output format and DiG tool confirm this is not a whois lookup.
  • B. Fierce brute-forces DNS hostnames by guessing names; the structured, complete zone output with SOA record indicates a successful zone transfer, not a brute-force enumeration.
  • C. The query targets domain.com on 192.168.1.105, which is the victim's name server, not the attacker's own domain.

Concept tested. DNS zone transfer enumeration using AXFR

Reference. https://attack.mitre.org/techniques/T1590/002/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 312-50V9 Practice