«
»

Weaponizing cmd.exe – DNS Reverse Lookup

Here is a nice way to perform a reverse lookup of all the hosts on your network. It uses the nslookup <ip> command to do it.

Find the entire post on the new blog site!

DNS Reverse Lookup

for /L %i in (1,1,255) do @nslookup x.x.x.%i 2> nul | find "Name" && @echo x.x.x.%i
How it works
  • Do a for loop, using an integer that will be initialized to 1, and iterate by 1 until it equals 255

for /L %i in (1,1,255)
  • for each iteration do a dns reverse lookup for the next address on the subnet

do @nslookup x.x.x.%i
  • If I get an error, discard the results

2> nul
  • With all other results, output the line containing “Name”

| find "Name"
  • If and only if the lookup returns without errors, print the ip of the machine

&& @echo x.x.x.%i

Its pretty nice for enumeration. Have fun!

Advertisement

This entry was posted on August 25, 2010 at 9:33 am and is filed under Fu (a.k.a Tips) . You can follow any responses to this entry through the RSS 2.0 feed You can leave a response, or trackback from your own site.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.