A python based script to update DNS entries in ADIDNS
A python script to aid Responder in gathering more hashes even from different VLANs, which by default is not possible with Responder. The scripts does so by updating DNS entries in ADIDNS zones. The script requires a set of valid domain credentials (User account/ Machine account with a password or hash) to update the ADIDNS zones.
This could be helpful in the following scenarios:
By default Windows ADIDNS (Active Directory Integrated DNS) zones allow any authenticated users to add/ modify/ delete DNS entries. Using this any user account in the AD can add new DNS records.
Note: Adding Wildcard records may cause disruptions in the network, as a precuationary measure wildcard records should be added to last zones.
The script right now is not capable of adding WPAD records thus trying that might fail.
Run the script with a set of credentials and a unresoloved record to be added to DNS zones, pointing the record to Responder's IP.
$ python3 DNSUpdate.py --help
usage: DNSUpdate.py [-h] [-DNS DNS] [-u USER] [-p PASSWORD] [-a ACTION] [-r RECORD] [-d DATA]
[-l LOGFILE]
Add/ Remove DNS records for an effective pawning with responder
optional arguments:
-h, --help show this help message and exit
-DNS DNS IP address of the DNS server/ Domain Controller to connect to
-u USER, --user USER Domain\Username (User/ Machine account) for authentication.
-p PASSWORD, --password PASSWORD
Password or LM:NTLM hash, will prompt if not specified
-a ACTION, --action ACTION
ad, rm, or an: add, remove, analyze
-r RECORD, --record RECORD
DNS record name
-d DATA, --data DATA The IP address of attacker machine
-l LOGFILE, --logfile LOGFILE
The log file of Responder in analyze mode
Thanks to @Kevin-Robertson, @dirkjanm and @mubix for their research and code