CompTIA
PT0-001 · Question #45
PT0-001 Question #45: Real Exam Question with Answer & Explanation
The correct answer is C: for x in {1...254}; do dig -x 192.168.$x.$x; done. The dig -x flag performs reverse DNS (PTR) lookups, and a bash for loop is the most efficient scripted method to enumerate PTR records across an IP range.
Reconnaissance and enumeration
Question
A penetration tester wants to script out a way to discover all the RPTR records for a range of IP addresses. Which of the following is the MOST efficient to utilize?
Options
- Anmap -p 53 -oG dnslist.txt | cut -d ":" -f 4
- Bnslookup -ns 8.8.8.8 << dnslist.txt
- Cfor x in {1...254}; do dig -x 192.168.$x.$x; done
- Ddig -r > echo "8.8.8.8" >> /etc/resolv.conf
Explanation
The dig -x flag performs reverse DNS (PTR) lookups, and a bash for loop is the most efficient scripted method to enumerate PTR records across an IP range.
Common mistakes.
- A. nmap with -p 53 scans for open DNS service ports but does not perform reverse DNS lookups, and the cut command would not extract PTR record data from that output.
- B. nslookup does not support a -ns flag combined with heredoc input in this syntax, and this command would not iterate over an IP range to perform reverse DNS lookups.
- D. dig -r is not a valid reverse lookup flag, and appending to /etc/resolv.conf modifies the system DNS resolver configuration rather than querying PTR records.
Concept tested. Scripted reverse DNS PTR record enumeration
Reference. https://linux.die.net/man/1/dig
Topics
#DNS enumeration#PTR records#reverse DNS#scripting
Community Discussion
No community discussion yet for this question.