Welcome to my Fifth tutorial on Information Gathering
In this tutorial we will use Fierce to gather more DNS information and other sub domains of our target.
First of all if you do not have Fierce in your system you can download it from the link given below.
fierce.pl
For a hostname wordlist you can download
hosts.txt
Note : You will need perl to execute it, else you can setup a virtual system and use backtrack.
Fierce is a very useful perl script which can be used to gather information and save your ass from performing large tests manually. The basic usage Fierce is to find out the nameservers and then try out if any of them is misconfigured to allow a Zone transfer and find out Sub-domains. Fierce request each DNS server to give the entire content of its dns cache and if its vulnerable then in that case its all informaiton will be revealed to the attacker or the pentester, in many cases a Zone transfer may not be allowed but still you can get a misconfigured DNS server which may allow a Zone transfer.
Once you get it you can get all the subdomains and the DNS records under that domain as well as other details. In such cases you may also get private domains also, which will help you later to pentest and compromise the site.
After that if the hosts.txt file is available it will try to bruteforce the sub-domains using that and will show you all the results. Thats all for fierce right now. Let me show you how to use it.
fierce.pl -dns yourwebsitehere.com
Enjoy see you at the next part.