what do you guys think about this script for what we are talking about, I can add the auto srv thing of you guys think it will be useful, it only took me a couple of minutes to write
meterpreter > run check_ad
[*] Hostname: awin2k301
[*] Domain: acmeprodinc.com
[*] Domain Controller: \\AWIN2K301
[*] This server appears to be a Domain Controller
[*] Root Domain: DC=acmeprodinc,DC=com
[*] Machine DN: CN=NTDS
Settings,CN=AWIN2K301,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=acmeprodinc,DC=com
[*] Database File: C:\WINDOWS\NTDS\ntds.dit
[*] Global Catalog: True
meterpreter >
meterpreter > run check_ad -h
check_ad -- Checks if host is part of a domain if it is it check if it is a
DC
and enumerates info of the DC.
USAGE: run check_ad
OPTIONS:
-h Help menu.
meterpreter >
On Thu, Mar 25, 2010 at 9:10 PM, Carlos Perez <[email protected]
> wrote:
> Well for DNS you do not have to be
>
>
> Sent from my Mobile Phone
>
> On Mar 25, 2010, at 8:12 PM, "Butturini, Russell"
> <[email protected]> wrote:
>
> These solutuons are useful, but you're assuming a machine joined to the
>> domain, running in the context of an authenticated user session, with
>> knowledge of the internal domain name.
>>
>> ----- Original Message -----
>> From: [email protected] <
>> [email protected]>
>> To: PaulDotCom Security Weekly Mailing List <
>> [email protected]>
>> Sent: Thu Mar 25 16:36:13 2010
>> Subject: Re: [Pauldotcom] detecting PDCs
>>
>> Indeed.
>> Similar to ethe cho %logonserver% method is:
>>
>> Systeminfo | findstr /I /C:"logon server"
>> But a nice way is to get it from dns:
>> Nslookup -type=srv _ldap._tcp.pdc._msdcs.<domainname>
>> Will give you the same answer as logonserver, to see all DC's change
>> pdc to just dc. I got 8 DCs doing this at work all of which I know are
>> dcs
>> -Josh
>>
>> On Mar 25, 2010, at 5:07 PM, k41zen <[email protected]> wrote:
>>
>> depends on how auth'd you are to the domain I guess, but dsquery is
>>> very useful too
>>>
>>> http://www.computerperformance.co.uk/Logon/DSquery.htm
>>>
>>> http://tactech.net/2009/09/28/how-to-search-for-a-domain-controller/
>>>
>>> http://technet.microsoft.com/en-us/library/cc732885%28WS.10%29.aspx
>>>
>>>
>>> On 25 Mar 2010, at 10:54, Robin Wood wrote:
>>>
>>> Hi
>>>> I'm wondering what techniques people are using to detect domain
>>>> controllers when they get on networks. I've asked a few people and
>>>> the
>>>> standard answer seems to be to look for the DNS server as the PDC is
>>>> usually also acting as the DNS server. Has anyone else got any better
>>>> or alternative techniques they use?
>>>>
>>>> Robin
>>>> _______________________________________________
>>>> Pauldotcom mailing list
>>>> [email protected]
>>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>>> Main Web Site: http://pauldotcom.com
>>>>
>>>>
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> [email protected]
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>>
>>
>> ******************************************************************************
>> This email contains confidential and proprietary information and is not to
>> be used or disclosed to anyone other than the named recipient of this email,
>> and is to be used only for the intended purpose of this communication.
>>
>> ******************************************************************************
>> _______________________________________________
>> Pauldotcom mailing list
>> [email protected]
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
>>
>
check_ad.rb
Description: Binary data
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
