In fact both tools for DNS enumeration cover SRV record ;) check dns_enum in metasploit
On Thu, Mar 25, 2010 at 5:36 PM, Joshua Smith <[email protected]> wrote: > Indeed. > Similar to ethe cho %logonserver% method is: > > Systeminfo | findstr /I /C:"logon server" > But a nice way is to get it from dns: > Nslookup -type=srv _ldap._tcp.pdc._msdcs.<domainname> > Will give you the same answer as logonserver, to see all DC's change > pdc to just dc. I got 8 DCs doing this at work all of which I know are > dcs > -Josh > > On Mar 25, 2010, at 5:07 PM, k41zen <[email protected]> wrote: > > > depends on how auth'd you are to the domain I guess, but dsquery is > > very useful too > > > > http://www.computerperformance.co.uk/Logon/DSquery.htm > > > > http://tactech.net/2009/09/28/how-to-search-for-a-domain-controller/ > > > > http://technet.microsoft.com/en-us/library/cc732885%28WS.10%29.aspx > > > > > > On 25 Mar 2010, at 10:54, Robin Wood wrote: > > > >> Hi > >> I'm wondering what techniques people are using to detect domain > >> controllers when they get on networks. I've asked a few people and > >> the > >> standard answer seems to be to look for the DNS server as the PDC is > >> usually also acting as the DNS server. Has anyone else got any better > >> or alternative techniques they use? > >> > >> Robin > >> _______________________________________________ > >> Pauldotcom mailing list > >> [email protected] > >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > >> Main Web Site: http://pauldotcom.com > >> > > > > _______________________________________________ > > Pauldotcom mailing list > > [email protected] > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > > Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
