Which is ridiculously trivial to discover -Josh
On Mar 25, 2010, at 9:12 PM, "Butturini, Russell" <[email protected] > wrote: > That's true but you still have to know the internal domain name :-) > > ----- Original Message ----- > From: [email protected] > <[email protected] > > > To: PaulDotCom Security Weekly Mailing List <[email protected] > > > Cc: [email protected] <[email protected]> > Sent: Thu Mar 25 20:10:23 2010 > Subject: Re: [Pauldotcom] detecting PDCs > > Well for DNS you do not have to be > > Sent from my Mobile Phone > > On Mar 25, 2010, at 8:12 PM, "Butturini, Russell" > <[email protected] >> wrote: > >> These solutuons are useful, but you're assuming a machine joined to >> the domain, running in the context of an authenticated user session, >> with knowledge of the internal domain name. >> >> ----- Original Message ----- >> From: [email protected] >> <[email protected] >>> >> To: PaulDotCom Security Weekly Mailing List <[email protected] >>> >> Sent: Thu Mar 25 16:36:13 2010 >> Subject: Re: [Pauldotcom] detecting PDCs >> >> Indeed. >> Similar to ethe cho %logonserver% method is: >> >> Systeminfo | findstr /I /C:"logon server" >> But a nice way is to get it from dns: >> Nslookup -type=srv _ldap._tcp.pdc._msdcs.<domainname> >> Will give you the same answer as logonserver, to see all DC's change >> pdc to just dc. I got 8 DCs doing this at work all of which I know >> are >> dcs >> -Josh >> >> On Mar 25, 2010, at 5:07 PM, k41zen <[email protected]> wrote: >> >>> depends on how auth'd you are to the domain I guess, but dsquery is >>> very useful too >>> >>> http://www.computerperformance.co.uk/Logon/DSquery.htm >>> >>> http://tactech.net/2009/09/28/how-to-search-for-a-domain-controller/ >>> >>> http://technet.microsoft.com/en-us/library/cc732885%28WS.10%29.aspx >>> >>> >>> On 25 Mar 2010, at 10:54, Robin Wood wrote: >>> >>>> Hi >>>> I'm wondering what techniques people are using to detect domain >>>> controllers when they get on networks. I've asked a few people and >>>> the >>>> standard answer seems to be to look for the DNS server as the PDC >>>> is >>>> usually also acting as the DNS server. Has anyone else got any >>>> better >>>> or alternative techniques they use? >>>> >>>> Robin >>>> _______________________________________________ >>>> Pauldotcom mailing list >>>> [email protected] >>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>>> Main Web Site: http://pauldotcom.com >>>> >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> >> >> *** >> *** >> *** >> ********************************************************************* >> This email contains confidential and proprietary information and is >> not to be used or disclosed to anyone other than the named recipient >> of this email, >> and is to be used only for the intended purpose of this >> communication. >> *** >> *** >> *** >> ********************************************************************* >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > > > *** > *** > *** > ********************************************************************* > This email contains confidential and proprietary information and is > not to be used or disclosed to anyone other than the named recipient > of this email, > and is to be used only for the intended purpose of this communication. > *** > *** > *** > ********************************************************************* > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
