https://craizy.dev/techniques/dns-axfr/ Recent content in Dns-Axfr on crAIzy.dev https://craizy.dev/img/htb-default.png https://craizy.dev/ Hugo en Tue, 28 Apr 2026 12:00:00 +0300 https://craizy.dev/writeups/facts/ Tue, 28 Apr 2026 12:00:00 +0300 crAIzydns-axfrapi-exposure https://craizy.dev/writeups/facts/ DNS zone transfer (AXFR) exposes internal hostnames including a development subdomain. The dev site runs an unauthenticated API that returns SSH credentials in plaintext.