| Filename | nslookup Hacking Tutorial |
| Permission | rw-r--r-- |
| Author | Unknown |
| Date and Time | 3/19/2013 |
| Label | Penetration |
| Action |
Ethical Hacking Institute in Pune
./Arizona Team
nslookup is a network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record. The Internet Systems Consortium has deprecated nslookup in favor of host and dig. But still many people are using nowadays, so Quick Tutorial for it.
How to Access nslookup Utility
Just one line command to access.
Code:
// For Linux System
root@arizonainfotech~# nslookup
// For Windows System
c:\> nslookup
What are the Various Commands available for Nslookup ?
Below is List of Commands available for Nslookup :-
Code:
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default
server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,
and so on
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (for example, A, ANY, CNAME, MX,
NS, PTR, SOA, SRV)
querytype=X - same as type
class=X - set query class (for example, IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to
FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (for example, A, CNAME,
MX, NS, PTR, and so on)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program
Few Error Response that would matter while performing nslookup
Quote:
Timed out => The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand.
No response from server => No DNS name server is running on the server computer.
No records => The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command.
Nonexistent domain => The computer or DNS domain name does not exist.
Connection refused -or- Network is unreachable => The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests.
Server failure => The DNS name server found an internal inconsistency in its database and could not return a valid answer.
Refused => The DNS name server refused to service the request.
Format error => The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup.
Few Examples that you can do too :-
I am assuming you are already inside nslookup.
Code:
// Getting Name Server of Domain
> set type=ns
> facebook.com
// Getting MX lookup of Domain
> set type=mx
> gmail.com
// Looking for cname [you can find network admin email]
> set type=cname
> facebook.com
So easy .... (-_-)
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE
./Arizona Team
nslookup is a network administration command-line tool available for many computer operating systems for querying the Domain Name System (DNS) to obtain domain name or IP address mapping or for any other specific DNS record. The Internet Systems Consortium has deprecated nslookup in favor of host and dig. But still many people are using nowadays, so Quick Tutorial for it.
How to Access nslookup Utility
Just one line command to access.
Code:
// For Linux System
root@arizonainfotech~# nslookup
// For Windows System
c:\> nslookup
What are the Various Commands available for Nslookup ?
Below is List of Commands available for Nslookup :-
Code:
Commands: (identifiers are shown in uppercase, [] means optional)
NAME - print info about the host/domain NAME using default
server
NAME1 NAME2 - as above, but use NAME2 as server
help or ? - print info on common commands
set OPTION - set an option
all - print options, current server and host
[no]debug - print debugging information
[no]d2 - print exhaustive debugging information
[no]defname - append domain name to each query
[no]recurse - ask for recursive answer to query
[no]search - use domain search list
[no]vc - always use a virtual circuit
domain=NAME - set default domain name to NAME
srchlist=N1[/N2/.../N6] - set domain to N1 and search list to N1, N2,
and so on
root=NAME - set root server to NAME
retry=X - set number of retries to X
timeout=X - set initial time-out interval to X seconds
type=X - set query type (for example, A, ANY, CNAME, MX,
NS, PTR, SOA, SRV)
querytype=X - same as type
class=X - set query class (for example, IN (Internet), ANY)
[no]msxfr - use MS fast zone transfer
ixfrver=X - current version to use in IXFR transfer request
server NAME - set default server to NAME, using current default server
lserver NAME - set default server to NAME, using initial server
finger [USER] - finger the optional NAME at the current default host
root - set current default server to the root
ls [opt] DOMAIN [> FILE] - list addresses in DOMAIN (optional: output to
FILE)
-a - list canonical names and aliases
-d - list all records
-t TYPE - list records of the given type (for example, A, CNAME,
MX, NS, PTR, and so on)
view FILE - sort an 'ls' output file and view it with pg
exit - exit the program
Few Error Response that would matter while performing nslookup
Quote:
Timed out => The server did not respond to a request after a certain amount of time and a certain number of retries. You can set the time-out period with the set timeout subcommand. You can set the number of retries with the set retry subcommand.
No response from server => No DNS name server is running on the server computer.
No records => The DNS name server does not have resource records of the current query type for the computer, although the computer name is valid. The query type is specified with the set querytype command.
Nonexistent domain => The computer or DNS domain name does not exist.
Connection refused -or- Network is unreachable => The connection to the DNS name server or finger server could not be made. This error commonly occurs with ls and finger requests.
Server failure => The DNS name server found an internal inconsistency in its database and could not return a valid answer.
Refused => The DNS name server refused to service the request.
Format error => The DNS name server found that the request packet was not in the proper format. It may indicate an error in nslookup.
Few Examples that you can do too :-
I am assuming you are already inside nslookup.
Code:
// Getting Name Server of Domain
> set type=ns
> facebook.com
// Getting MX lookup of Domain
> set type=mx
> gmail.com
// Looking for cname [you can find network admin email]
> set type=cname
> facebook.com
So easy .... (-_-)
www.arizonainfotech.com
CEH CHFI ECSA ENSA CCNA CCNA SECURITY MCITP RHCE CLOUD ANDROID IPHONE NETWORKING HARDWARE TRAINING INSTITUTE IN PUNE