Links

AD DNS Records

Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!
By default any user in Active Directory can enumerate all DNS records in the Domain or Forest DNS zones, similar to a zone transfer (users can list the child objects of a DNS zone in an AD environment).
The tool adidnsdump enables enumeration and exporting of all DNS records in the zone for recon purposes of internal networks.
git clone https://github.com/dirkjanm/adidnsdump
cd adidnsdump
pip install .
adidnsdump -u domain_name\\username ldap://10.10.10.10 -r
cat records.csv
Learn AWS hacking from zero to hero with htARTE (HackTricks AWS Red Team Expert)!