[ { "path": ".gitattributes", "content": "# Auto detect text files and perform LF normalization\n* text=auto\n" }, { "path": ".gitignore", "content": "## Ignore Visual Studio temporary files, build results, and\n## files generated by popular Visual Studio add-ons.\n\n# User-specific files\n*.suo\n*.user\n*.userosscache\n*.sln.docstates\n\n# User-specific files (MonoDevelop/Xamarin Studio)\n*.userprefs\n\n# Build results\n[Dd]ebug/\n[Dd]ebugPublic/\n[Rr]elease/\n[Rr]eleases/\nx64/\nx86/\nbld/\n[Bb]in/\n[Oo]bj/\n[Ll]og/\n\n# Visual Studio 2015 cache/options directory\n.vs/\n# Uncomment if you have tasks that create the project's static files in wwwroot\n#wwwroot/\n\n# MSTest test Results\n[Tt]est[Rr]esult*/\n[Bb]uild[Ll]og.*\n\n# NUNIT\n*.VisualState.xml\nTestResult.xml\n\n# Build Results of an ATL Project\n[Dd]ebugPS/\n[Rr]eleasePS/\ndlldata.c\n\n# DNX\nproject.lock.json\nproject.fragment.lock.json\nartifacts/\n\n*_i.c\n*_p.c\n*_i.h\n*.ilk\n*.meta\n*.obj\n*.pch\n*.pdb\n*.pgc\n*.pgd\n*.rsp\n*.sbr\n*.tlb\n*.tli\n*.tlh\n*.tmp\n*.tmp_proj\n*.log\n*.vspscc\n*.vssscc\n.builds\n*.pidb\n*.svclog\n*.scc\n\n# Chutzpah Test files\n_Chutzpah*\n\n# Visual C++ cache files\nipch/\n*.aps\n*.ncb\n*.opendb\n*.opensdf\n*.sdf\n*.cachefile\n*.VC.db\n*.VC.VC.opendb\n\n# Visual Studio profiler\n*.psess\n*.vsp\n*.vspx\n*.sap\n\n# TFS 2012 Local Workspace\n$tf/\n\n# Guidance Automation Toolkit\n*.gpState\n\n# ReSharper is a .NET coding add-in\n_ReSharper*/\n*.[Rr]e[Ss]harper\n*.DotSettings.user\n\n# JustCode is a .NET coding add-in\n.JustCode\n\n# TeamCity is a build add-in\n_TeamCity*\n\n# DotCover is a Code Coverage Tool\n*.dotCover\n\n# NCrunch\n_NCrunch_*\n.*crunch*.local.xml\nnCrunchTemp_*\n\n# MightyMoose\n*.mm.*\nAutoTest.Net/\n\n# Web workbench (sass)\n.sass-cache/\n\n# Installshield output folder\n[Ee]xpress/\n\n# DocProject is a documentation generator add-in\nDocProject/buildhelp/\nDocProject/Help/*.HxT\nDocProject/Help/*.HxC\nDocProject/Help/*.hhc\nDocProject/Help/*.hhk\nDocProject/Help/*.hhp\nDocProject/Help/Html2\nDocProject/Help/html\n\n# Click-Once directory\npublish/\n\n# Publish Web Output\n*.[Pp]ublish.xml\n*.azurePubxml\n# TODO: Comment the next line if you want to checkin your web deploy settings\n# but database connection strings (with potential passwords) will be unencrypted\n#*.pubxml\n*.publishproj\n\n# Microsoft Azure Web App publish settings. Comment the next line if you want to\n# checkin your Azure Web App publish settings, but sensitive information contained\n# in these scripts will be unencrypted\nPublishScripts/\n\n# NuGet Packages\n*.nupkg\n# The packages folder can be ignored because of Package Restore\n**/packages/*\n# except build/, which is used as an MSBuild target.\n!**/packages/build/\n# Uncomment if necessary however generally it will be regenerated when needed\n#!**/packages/repositories.config\n# NuGet v3's project.json files produces more ignoreable files\n*.nuget.props\n*.nuget.targets\n\n# Microsoft Azure Build Output\ncsx/\n*.build.csdef\n\n# Microsoft Azure Emulator\necf/\nrcf/\n\n# Windows Store app package directories and files\nAppPackages/\nBundleArtifacts/\nPackage.StoreAssociation.xml\n_pkginfo.txt\n\n# Visual Studio cache files\n# files ending in .cache can be ignored\n*.[Cc]ache\n# but keep track of directories ending in .cache\n!*.[Cc]ache/\n\n# Others\nClientBin/\n~$*\n*~\n*.dbmdl\n*.dbproj.schemaview\n*.jfm\n*.pfx\n*.publishsettings\nnode_modules/\norleans.codegen.cs\n\n# Since there are multiple workflows, uncomment next line to ignore bower_components\n# (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)\n#bower_components/\n\n# RIA/Silverlight projects\nGenerated_Code/\n\n# Backup & report files from converting an old project file\n# to a newer Visual Studio version. Backup files are not needed,\n# because we have git ;-)\n_UpgradeReport_Files/\nBackup*/\nUpgradeLog*.XML\nUpgradeLog*.htm\n\n# SQL Server files\n*.mdf\n*.ldf\n\n# Business Intelligence projects\n*.rdl.data\n*.bim.layout\n*.bim_*.settings\n\n# Microsoft Fakes\nFakesAssemblies/\n\n# GhostDoc plugin setting file\n*.GhostDoc.xml\n\n# Node.js Tools for Visual Studio\n.ntvs_analysis.dat\n\n# Visual Studio 6 build log\n*.plg\n\n# Visual Studio 6 workspace options file\n*.opt\n\n# Visual Studio LightSwitch build output\n**/*.HTMLClient/GeneratedArtifacts\n**/*.DesktopClient/GeneratedArtifacts\n**/*.DesktopClient/ModelManifest.xml\n**/*.Server/GeneratedArtifacts\n**/*.Server/ModelManifest.xml\n_Pvt_Extensions\n\n# Paket dependency manager\n.paket/paket.exe\npaket-files/\n\n# FAKE - F# Make\n.fake/\n\n# JetBrains Rider\n.idea/\n*.sln.iml\n\n# CodeRush\n.cr/\n\n\n# Python Tools for Visual Studio (PTVS)\n__pycache__/\n*.pyc\n" }, { "path": "LICENSE", "content": "BSD 3-Clause License\n\nCopyright (c) 2019, b4rtik\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without\nmodification, are permitted provided that the following conditions are met:\n\n1. Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer.\n\n2. Redistributions in binary form must reproduce the above copyright notice,\n this list of conditions and the following disclaimer in the documentation\n and/or other materials provided with the distribution.\n\n3. Neither the name of the copyright holder nor the names of its\n contributors may be used to endorse or promote products derived from\n this software without specific prior written permission.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\"\nAND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\nIMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE\nFOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\nDAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR\nSERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER\nCAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,\nOR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\nOF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE." }, { "path": "README.md", "content": "# SharpAdidnsdump\n\nSharpAdidnsdump is a c# implementation of Dirk-jan Mollema research: [Getting in the zone dumping active directory dns with adidnsdump](https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/).\n\nAll the credits go to Dirk-jan Mollema and his research.\n\n# Features\n\nEnumerate all hosts with IPs via AD LDAP and DNS query.\n\nThe first step is to list the zones available in DomainDnsZone using the filter (&(objectClass = DnsZone)(!(DC=*arpa))(!(DC=RootDNSServers))).\n\nFor each zone it is possible to list all Host objects with the filter (&(!(ObjectClass=DnsZone))(!(DC=@))(!(DC=*arpa))(!(DC=*DNSZones))) changing the RootDn of the query. It is necessary (!(ObjectClass=DnsZone)) because if the filter were used (objectClass=DnsNode) the hidden elements would be excluded.\n\nSome of the records present via LDAP can be listed but the properties can't be readed.\nIn my implementation I resolve the visibility of these records with the parsing of the Path property of the SearchResult object.\n\n### Usage\n\nSharpAdidnsdumpis.exe dc-address\n\n\n# References\n\n[Getting in the zone dumping active directory dns with adidnsdump](https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/).\n\n[Adidnsdump](https://github.com/dirkjanm/adidnsdump)\n\n\n\nFeel free to contact me at: [@b4rtik](https://twitter.com/b4rtik)\n\n\n" }, { "path": "SharpAdidnsdump/Program.cs", "content": "\n// Author: B4rtik (@b4rtik)\n// Project: SharpAdidnsdump (https://github.com/b4rtik/SharpAdidnsdump)\n// License: BSD 3-Clause\n// based on \n// Getting in the zone dumping active directory dns with adidnsdump\n// https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/\n// by @_dirkjan\n\nusing System;\nusing System.Net;\nusing System.Net.Sockets;\nusing System.DirectoryServices;\n\nnamespace SharpAdidnsdump\n{\n class Program\n {\n static void Main(string[] args)\n {\n String dc_address = \"\";\n if (args == null || args.Length <= 0)\n {\n Console.WriteLine(\"usage: SharpAdidnsdumpis.exe dc-address\");\n return;\n }\n else\n {\n dc_address = args[0];\n }\n\n try\n {\n\n Console.WriteLine(\"Running enumeration against {0}\", dc_address);\n\n String rootDn = \"DC=DomainDnsZones\";\n\n String domain_local = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName;\n\n String domain_path = \"\";\n\n foreach (String domain_path_r in domain_local.Split('.'))\n {\n domain_path += \",DC=\" + domain_path_r;\n }\n\n rootDn += domain_path;\n\n Console.WriteLine(\"Running enumeration against {0}\", \"LDAP://\" + dc_address + \"/\" + rootDn);\n\n DirectoryEntry rootEntry = new DirectoryEntry(\"LDAP://\" + dc_address + \"/\" + rootDn);\n rootEntry.AuthenticationType = AuthenticationTypes.Delegation;\n DirectorySearcher searcher = new DirectorySearcher(rootEntry);\n\n //find domains\n var queryFormat = \"(&(objectClass=DnsZone)(!(DC=*arpa))(!(DC=RootDNSServers)))\";\n searcher.Filter = queryFormat;\n searcher.SearchScope = SearchScope.Subtree;\n\n foreach (SearchResult result in searcher.FindAll())\n {\n String domain = (result.Properties[\"DC\"].Count > 0 ? result.Properties[\"DC\"][0].ToString() : string.Empty);\n Console.WriteLine();\n Console.WriteLine();\n Console.WriteLine(\"Domain: {0}\", domain);\n Console.WriteLine();\n\n DirectoryEntry rootEntry_d = new DirectoryEntry(\"LDAP://\" + dc_address + \"/DC=\" + result.Properties[\"DC\"][0].ToString() + \",CN=microsoftdns,\" + rootDn);\n rootEntry_d.AuthenticationType = AuthenticationTypes.Delegation;\n DirectorySearcher searcher_h = new DirectorySearcher(rootEntry_d);\n\n //find hosts\n queryFormat = \"(&(!(objectClass=DnsZone))(!(DC=@))(!(DC=*arpa))(!(DC=*DNSZones)))\";\n searcher_h.Filter = queryFormat;\n searcher_h.SearchScope = SearchScope.Subtree;\n\n foreach (SearchResult result_h in searcher_h.FindAll())\n {\n String target = \"\";\n\n if (result_h.Properties[\"DC\"].Count > 0)\n {\n target = result_h.Properties[\"DC\"][0].ToString();\n }\n else\n {\n //Hidden entry\n String path = result_h.Path;\n target = (path.Substring(path.IndexOf(\"LDAP://\" + dc_address + \"/\"), path.IndexOf(\",\"))).Split('=')[1];\n }\n\n if (!target.EndsWith(\".\"))\n target += \".\" + domain;\n\n Boolean tombstoned = result_h.Properties[\"dNSTombstoned\"].Count > 0 ? (Boolean)result_h.Properties[\"dNSTombstoned\"][0] : false;\n\n try\n {\n IPHostEntry hostInfo = Dns.GetHostEntry(target);\n foreach (IPAddress result_ip in hostInfo.AddressList)\n {\n Console.WriteLine(\"Host {0} {1}\", target, result_ip);\n }\n }\n catch (Exception e)\n {\n if (tombstoned)\n {\n Console.WriteLine(\"Host {0} Tombstoned\", target);\n }\n else\n {\n Console.WriteLine(\"DNS Query with target : {0} failed\", target);\n }\n }\n }\n }\n\n Console.WriteLine();\n Console.WriteLine(\"SharpAdidnsdump end\");\n Console.WriteLine();\n return;\n }\n catch (Exception e)\n {\n Console.WriteLine(\"Error retriving data : {0}\", e.Message);\n return;\n }\n\n }\n }\n}\n\n" }, { "path": "SharpAdidnsdump/Properties/AssemblyInfo.cs", "content": "using System.Reflection;\nusing System.Runtime.CompilerServices;\nusing System.Runtime.InteropServices;\n\n// Le informazioni generali relative a un assembly sono controllate dal seguente \n// set di attributi. Modificare i valori di questi attributi per modificare le informazioni\n// associate a un assembly.\n[assembly: AssemblyTitle(\"SharpAdidnsdump\")]\n[assembly: AssemblyDescription(\"\")]\n[assembly: AssemblyConfiguration(\"\")]\n[assembly: AssemblyCompany(\"\")]\n[assembly: AssemblyProduct(\"SharpAdidnsdump\")]\n[assembly: AssemblyCopyright(\"Copyright © 2019\")]\n[assembly: AssemblyTrademark(\"\")]\n[assembly: AssemblyCulture(\"\")]\n\n// Se si imposta ComVisible su false, i tipi in questo assembly non saranno visibili\n// ai componenti COM. Se è necessario accedere a un tipo in questo assembly da\n// COM, impostare su true l'attributo ComVisible per tale tipo.\n[assembly: ComVisible(false)]\n\n// Se il progetto viene esposto a COM, il GUID seguente verrà utilizzato come ID della libreria dei tipi\n[assembly: Guid(\"cdb02bc2-5f62-4c8a-af69-acc3ab82e741\")]\n\n// Le informazioni sulla versione di un assembly sono costituite dai seguenti quattro valori:\n//\n// Versione principale\n// Versione secondaria\n// Numero di build\n// Revisione\n//\n// È possibile specificare tutti i valori oppure impostare valori predefiniti per i numeri relativi alla revisione e alla build\n// usando l'asterisco '*' come illustrato di seguito:\n// [assembly: AssemblyVersion(\"1.0.*\")]\n[assembly: AssemblyVersion(\"1.0.0.0\")]\n[assembly: AssemblyFileVersion(\"1.0.0.0\")]\n" }, { "path": "SharpAdidnsdump/SharpAdidnsdump.csproj", "content": "\n\n \n \n Debug\n AnyCPU\n {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}\n Exe\n SharpAdidnsdump\n SharpAdidnsdump\n v4.0\n 512\n true\n \n \n AnyCPU\n true\n full\n false\n bin\\Debug\\\n DEBUG;TRACE\n prompt\n 4\n \n \n AnyCPU\n pdbonly\n true\n bin\\Release\\\n TRACE\n prompt\n 4\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n\n" }, { "path": "SharpAdidnsdump.sln", "content": "Microsoft Visual Studio Solution File, Format Version 12.00\n# Visual Studio 15\nVisualStudioVersion = 15.0.28307.136\nMinimumVisualStudioVersion = 10.0.40219.1\nProject(\"{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}\") = \"SharpAdidnsdump\", \"SharpAdidnsdump\\SharpAdidnsdump.csproj\", \"{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}\"\nEndProject\nGlobal\n\tGlobalSection(SolutionConfigurationPlatforms) = preSolution\n\t\tDebug|Any CPU = Debug|Any CPU\n\t\tRelease|Any CPU = Release|Any CPU\n\tEndGlobalSection\n\tGlobalSection(ProjectConfigurationPlatforms) = postSolution\n\t\t{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Debug|Any CPU.ActiveCfg = Debug|Any CPU\n\t\t{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Debug|Any CPU.Build.0 = Debug|Any CPU\n\t\t{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Release|Any CPU.ActiveCfg = Release|Any CPU\n\t\t{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Release|Any CPU.Build.0 = Release|Any CPU\n\tEndGlobalSection\n\tGlobalSection(SolutionProperties) = preSolution\n\t\tHideSolutionNode = FALSE\n\tEndGlobalSection\n\tGlobalSection(ExtensibilityGlobals) = postSolution\n\t\tSolutionGuid = {6E8B8B29-2CE9-4590-A773-B9C360898AE7}\n\tEndGlobalSection\nEndGlobal\n" } ]