cross posted from: http://carnal0wnage.attackresearch.com/2013/10/ad-zone-transfers-as-user.html
The tired and true method for Zone Transfers are using either nslookup:
nslookup ls -d domain.com.local Or dig:
dig -t AXFR domain.com.local @ns1.domain.com.local In the Windows Enterprise world there are a few more options. If you are a DNS Admin you can use the ‘dnscmd’ command like so:
dnscmd /EnumZones dnscmd /ZonePrint domain.com.local Which is handy if you can pop the DNS server (usually the Domain Controller so you usually have better things to do at that point).![]()
![]()
![]()
![]()
![]()
↧