Discovering DNS Administrator's Email Address | CAS-003
Question
A security consultant is performing a penetration test on www.comptia.org and wants to discover the DNS administrator's email address to use in a later social engineering attack.
The information listed with the DNS registrar is private.
Which of the following commands will also disclose the email address?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.C.
The correct answer to the question is option B, which is the "whois" command. This command is used to query the database of domain name registrars, which contains various details about the domain name, including the registrant's contact information.
Option A, the "dig" command, is used to perform DNS queries and retrieve information about a domain name's DNS records. However, it does not provide information about the registrant's contact details.
Option C, the "nslookup" command, is used to retrieve DNS information about a domain name, including the Start of Authority (SOA) record. However, the SOA record only contains technical details about the domain name's DNS servers and does not provide contact information.
Option D, the "dnsrecon" command, is a tool used for DNS reconnaissance and can be used to discover DNS-related information about a domain name. However, the specific command given ("dnsrecon -i comptia.org -t hostmaster") is not correct and would not provide the DNS administrator's email address.
Therefore, the correct option is B, which uses the "whois" command to retrieve the registrant's contact information from the domain name registrar's database. This information can include the DNS administrator's email address and can be used in a later social engineering attack.
