在一次信息侦查中发现,可以使用nslookup来反向确认域名服务器(不是所有的都好使)。
root@kali:~# nslookup
> [color=red]ip_addr[/color]
Server: 192.168.59.2
Address: 192.168.59.2#53
Non-authoritative answer:
[color=red]ip_addr[/color].in-addr.arpa [color=blue]name = mail.xxx.com[/color].
Authoritative answers can be found from:
> 123.103.12.120
Server: 192.168.59.2
Address: 192.168.59.2#53
root@kali:~# nslookup
> [color=red]ip_addr[/color]
Server: 192.168.59.2
Address: 192.168.59.2#53
Non-authoritative answer:
[color=red]ip_addr[/color].in-addr.arpa [color=blue]name = mail.xxx.com[/color].
Authoritative answers can be found from:
> 123.103.12.120
Server: 192.168.59.2
Address: 192.168.59.2#53