Pennyw0rth
Add DNS Module
Description
This pull request introduces a new module, dns, for managing DNS records within an Active Directory-integrated DNS environment directly via LDAP. It provides administrators and pentesters with a powerful command-line tool to perform various DNS operations, from creating and deleting records to querying existing zones, without leaving the NetExec console. This module is inspired by the functionality of dnstool.py from krbrelayx by @dirkjanm and is designed to be a robust and user-friendly addition to NetExec's capabilities.
Key Features
- Comprehensive Record Management: Full CRUD (Create, Read, Update, Delete) operations for 'A' records.
- Multiple Actions: Supports add, modify, query, remove (tombstone), ldapdelete (direct deletion), and resurrect.
- Zone Enumeration: Ability to list all DNS zones in DomainDnsZones, ForestDnsZones, or the legacy System partition.
- Flexible Targeting: Allows specifying the target record, data, zone, and DNS partition.
- Support for Multiple Records: The ALLOWMULTIPLE option permits adding multiple A records for a single hostname.
- User-Friendly: Includes a comprehensive built-in help menu (-o HELP) and short aliases (A, R, D, etc.) for all options for faster use.
Help Usage
Query Usage
Forest Query Usage
Add Usage
Forest Add Usage
Add AllowMultiple Usage
Modify Usage
Remove Usage
Ldap Remove Usage
List
List-DN
Type of change
- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected)
- [x] This change requires a documentation update
- [ ] This requires a third party update (such as Impacket, Dploot, lsassy, etc)
Setup guide for the review
Please provide guidance on what setup is needed to test the introduced changes, such as your locally running machine Python version & OS, as well as the target(s) you tested against, including software versions. In particular:
- Bug Fix: Please provide a short description on how to trigger the bug, to make the bug reproducable for the reviewer.
- Added Feature/Enhancement: Please specify what setup is needed in order to test the changes. E.g. is additional software needed? GPO changes required? Specific registry settings that need to be changed?
Screenshots (if appropriate):
Screenshots are always nice to have and can give a visual representation of the change. If appropriate include before and after screenshot(s) to show which results are to be expected.
Checklist:
- [x] I have ran Ruff against my changes (via poetry:
poetry run python -m ruff check . --preview, use--fixto automatically fix what it can) - [x] I have added or updated the tests/e2e_commands.txt file if necessary
- [x] New and existing e2e tests pass locally with my changes
- [ ] If reliant on changes of third party dependencies, such as Impacket, dploot, lsassy, etc, I have linked the relevant PRs in those projects
- [x] I have performed a self-review of my own code
- [x] I have commented my code, particularly in hard-to-understand areas
- [x] I have made corresponding changes to the documentation (PR here: https://github.com/Pennyw0rth/NetExec-Wiki)
Thanks for the PR!
Could you PR all of the structs to impacket? That is probably the better place instead of that NetExec builds its own lib. Also other people can use them if needed. Don't worry about getting the changes merged, we currently use our forked version and can just merge what we need
https://github.com/fortra/impacket/pull/1994 I sent the PR. I'll refactor the code again.