Dumping DNS Records with adidnsdump
Active Directory Integrated DNS Dump (adidnsdump)
GitHub Repository
Installation
python3 -m pip install git+https://github.com/dirkjanm/adidnsdump#egg=adidnsdump
Usage Examples
Requires a username and password to work. Outputs to records.csv
.
# Show help message
adidnsdump -h
# Dump all records from the domain controller
# Requires a credential, may be a low-level user if default domain settings
adidnsdump -u 'domain.tld\username' -p 'password' -r ldap://dc-ip:389
# Post-compromise through a proxy host
proxychains -q adidnsdump -u 'domain.tld\username' -p 'password' -r --dns-tcp ldap://dc-ip:389