Hello and welcome to my Third tutorial on Cloudflare.

In this tutorial we will try to Bypass Cloudflare and get the real IP Address by attacking the DNS Server.

You are suggested to read basic on Information Gathering and DNS before you start reading it out, if you are already comfirtable with all these terms and basics of DNS then you can continue.

So how can we actually target the DNS to get the real IP hidden behind Cloudflare, actually we will check all the DNS entries and then the subdomains. What heppens is that many times admin forget to transfer all the subdomains correctly to the cloudflare server and many times some MX enteries or other enteries may be left. Which will cause it to reveal the IP address

Before you continue first understand the basic usage of dig from Collecting DNS info with DIG

Now i will check out the DNS records avaiable for tv.com.pk

Here you can note that a suspecius MS entry "dc-329b0f0f-mail.tv.com.pk", now try to ping it and you will again get the real IP address of the website. In this manner you can check all the DNS enteries and see if any of them is still directly resolving to the real IP Address

You can also try some common subdomain to check for the real IP.

ping ftp.domain.com
ping webmail.domain.com
ping blog.domain.com
ping forum.domain.com
ping driect-connect.domain.com
ping vb.domain.com
ping cpanel.domain.com
ping forums.domain.com
ping home.domain.com
ping shop.domain.com
ping blogs.domain.com
ping direct-connect.domain.com
ping direct.domain.com
ping ftp.domain.com
ping cpanel.domain.com
ping mail.domain.com

Foca or Fierce can also be used to enumerate subdomains and then find the real IP address using them, i do not need to tell you how to use Foca and Fierce as they are already discussed in our Information Gathering tutorials.

Thats all for cloudflare bypass by targetting DNS in this part, we ll use some other approaches in the other parts of Bypassing Cloudflare see you in the next tutorial of Cloudflare Bypass.

Author : Zenodermus Javanicus
Date : 2014-03-01