Two tools to help with the HTB Academy CBBH Learning Path Regarding Zone Transfers

10/05/2022

Blog Title

Blog Date

So I've been working my way through Hack The Box's Certified Bug Bounty Hunter coursework and I wanted to share two small tools I made to make my life easier, specifically during the Active Subdomain Enumeration section of the Information Gathering - Web Edition class. This specific section focuses on zone transfers and using miss-configured zone transfers to find information leaks. You could certainly do this without any sort of tool or with some simple command line scripts but I wanted to offer something to those who are:

lazy. (no judgment)
unfamiliar with scripting and not wanting to learn right now.
really struggling with this section.

Whichever section you fall into is fine, no judgment here. That said you aren't going to get the information for free 😉.

I have posted the two tools to my Github as public repositories under the FAAFO license. The thing is, my Github is under my real name. Use some of those information gathering skills that you have built up to this point. Utilize them to find some information I have purposefully leaked about my real name. Don't worry I've made sure to put it in multiple places with varying degrees of difficulty, but none of them should be hard to find. Once you've found it come back here to read more about the tools!

Found me yet? Great! So I can't tell you what the tools names are otherwise you could just go look those up on The view of a github repository with the code button highlighted The 'code' dropdown on Github Github. But there are two tools, both of them written in python, one starts with an “n” and the other with a “d”. Go ahead and clone these tools to your machine in whatever location makes sense to you. If for some reason you are unfamiliar with how to clone a repository, don't worry! Cloning a repository is really easy!

First, make sure that you have git installed on your computer. Then, go ahead and go to one of the two repositories. Once you are there find the green “Code” button. git clone view Go ahead and click on it and you should have a drop-down menu with https, ssh, and Github CLI options. There should be a little copy to keyboard icon. Click on it. Now open up your terminal and navigate to your desired location. Type:

git clone [your pasted link here]

Then using “ctrl” + “shift” + “v” paste the link you copied from Github. A new file will be created at your location and it will be named after the repository. Inside of that folder you will find everything that you need.

Now that you can download the tools lets talk about how to use them. First off you are going to run the nslookup tool and output the results into a text file. You will then run the tool that starts with an “n” giving it the The line that needs to be edited file that you just created. This will remove everything but the name information. If you chose to output into a new file you can then take that new JustNames file path and go in to the second tool (the one that starts with a “d”) and change it (where marked) inside of the code. Save it and run it. With just these two tools you should be able to complete this entire section. Just remember there may be value in running these multiple times if you can't find what you are looking for…

If this has interested you at all in coding or python there are two open issues for the tool that starts with “d”. The issues that are open to be fixed You could give fixing those a try and it will help familiarize yourself with using Github!