hacktricks/windows-hardening/active-directory-methodology/ad-dns-records.md
2022-12-05 23:29:21 +01:00

3.5 KiB

AD DNS Records

🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥

By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer (users can list the child objects of a DNS zone in an AD environment).

The tool adidnsdump enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.

git clone https://github.com/dirkjanm/adidnsdump
cd adidnsdump
pip install .

adidnsdump -u domain_name\\username ldap://10.10.10.10 -r
cat records.csv

For more information read https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/

🎙️ HackTricks LIVE Twitch Wednesdays 5.30pm (UTC) 🎙️ - 🎥 Youtube 🎥