DNSUpdate Save

A python based script to update DNS entries in ADIDNS

Project README

DNSUpdate

A python script to aid Responder in gathering more hashes even from different VLANs, which by default is not possible with Responder. The scripts does so by updating DNS entries in ADIDNS zones. The script requires a set of valid domain credentials (User account/ Machine account with a password or hash) to update the ADIDNS zones.

This could be helpful in the following scenarios:

access to a machine account instead of a user account
when LLMNR and NBNS are disabled | we can point the unresolved records to Responder's IP directly
when admins are in different VLAN | we can add records to DNS which would allow us to gather hashes bypassing the broadcasting limitation

Overview

By default Windows ADIDNS (Active Directory Integrated DNS) zones allow any authenticated users to add/ modify/ delete DNS entries. Using this any user account in the AD can add new DNS records.

The script can be used with Responder's logs in analyze mode to identify records which have been requested by multiple hosts. These records are likely to be requested by hosts in other VLANs as well. Thus modifying the zones with these records (and pointing to Responder's IP) may allow us to gather hashes from different VLANs.
The script can also be used to add Wildcard DNS records which makes DNS works just as LLMNR and NBNS (which means all unresolved records would fall down to the wildcard record and thus resolve to Responder's IP).

Note: Adding Wildcard records may cause disruptions in the network, as a precuationary measure wildcard records should be added to last zones.

The script right now is not capable of adding WPAD records thus trying that might fail.

Installation

Clone the repository via git clone
Install the requirements via pip

Usage

Run the script with a set of credentials and a unresoloved record to be added to DNS zones, pointing the record to Responder's IP.

$ python3 DNSUpdate.py --help
usage: DNSUpdate.py [-h] [-DNS DNS] [-u USER] [-p PASSWORD] [-a ACTION] [-r RECORD] [-d DATA]
                    [-l LOGFILE]

Add/ Remove DNS records for an effective pawning with responder

optional arguments:
  -h, --help            show this help message and exit
  -DNS DNS              IP address of the DNS server/ Domain Controller to connect to
  -u USER, --user USER  Domain\Username (User/ Machine account) for authentication.
  -p PASSWORD, --password PASSWORD
                        Password or LM:NTLM hash, will prompt if not specified
  -a ACTION, --action ACTION
                        ad, rm, or an: add, remove, analyze
  -r RECORD, --record RECORD
                        DNS record name
  -d DATA, --data DATA  The IP address of attacker machine
  -l LOGFILE, --logfile LOGFILE
                        The log file of Responder in analyze mode

Acknowledgements

Thanks to @Kevin-Robertson, @dirkjanm and @mubix for their research and code

Open Source Agenda is not affiliated with "DNSUpdate" Project. README Source: Sagar-Jangam/DNSUpdate

Stars

Open Issues

Last Commit

3 weeks ago

Repository

Sagar-Jangam/DNSUpdate

License

MIT

Open Source Agenda Badge

<a href="https://www.opensourceagenda.com/projects/dnsupdate"><img src="https://www.opensourceagenda.com/projects/dnsupdate/reviews/badge.svg" alt="Open Source Agenda"></a>

Submit Review Review Your Favorite Project

Submit Resource Articles, Courses, Videos

Submit Article Submit a post to our blog

From the blog

Dec 11, 2022

How to Choose Which Programming Language to Learn First?

From the blog

Dec 11, 2022