Repository: b4rtik/SharpAdidnsdump Branch: master Commit: 7c93106e5024 Files: 8 Total size: 16.8 KB Directory structure: gitextract_zsjixqm8/ ├── .gitattributes ├── .gitignore ├── LICENSE ├── README.md ├── SharpAdidnsdump/ │ ├── Program.cs │ ├── Properties/ │ │ └── AssemblyInfo.cs │ └── SharpAdidnsdump.csproj └── SharpAdidnsdump.sln ================================================ FILE CONTENTS ================================================ ================================================ FILE: .gitattributes ================================================ # Auto detect text files and perform LF normalization * text=auto ================================================ FILE: .gitignore ================================================ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. # User-specific files *.suo *.user *.userosscache *.sln.docstates # User-specific files (MonoDevelop/Xamarin Studio) *.userprefs # Build results [Dd]ebug/ [Dd]ebugPublic/ [Rr]elease/ [Rr]eleases/ x64/ x86/ bld/ [Bb]in/ [Oo]bj/ [Ll]og/ # Visual Studio 2015 cache/options directory .vs/ # Uncomment if you have tasks that create the project's static files in wwwroot #wwwroot/ # MSTest test Results [Tt]est[Rr]esult*/ [Bb]uild[Ll]og.* # NUNIT *.VisualState.xml TestResult.xml # Build Results of an ATL Project [Dd]ebugPS/ [Rr]eleasePS/ dlldata.c # DNX project.lock.json project.fragment.lock.json artifacts/ *_i.c *_p.c *_i.h *.ilk *.meta *.obj *.pch *.pdb *.pgc *.pgd *.rsp *.sbr *.tlb *.tli *.tlh *.tmp *.tmp_proj *.log *.vspscc *.vssscc .builds *.pidb *.svclog *.scc # Chutzpah Test files _Chutzpah* # Visual C++ cache files ipch/ *.aps *.ncb *.opendb *.opensdf *.sdf *.cachefile *.VC.db *.VC.VC.opendb # Visual Studio profiler *.psess *.vsp *.vspx *.sap # TFS 2012 Local Workspace $tf/ # Guidance Automation Toolkit *.gpState # ReSharper is a .NET coding add-in _ReSharper*/ *.[Rr]e[Ss]harper *.DotSettings.user # JustCode is a .NET coding add-in .JustCode # TeamCity is a build add-in _TeamCity* # DotCover is a Code Coverage Tool *.dotCover # NCrunch _NCrunch_* .*crunch*.local.xml nCrunchTemp_* # MightyMoose *.mm.* AutoTest.Net/ # Web workbench (sass) .sass-cache/ # Installshield output folder [Ee]xpress/ # DocProject is a documentation generator add-in DocProject/buildhelp/ DocProject/Help/*.HxT DocProject/Help/*.HxC DocProject/Help/*.hhc DocProject/Help/*.hhk DocProject/Help/*.hhp DocProject/Help/Html2 DocProject/Help/html # Click-Once directory publish/ # Publish Web Output *.[Pp]ublish.xml *.azurePubxml # TODO: Comment the next line if you want to checkin your web deploy settings # but database connection strings (with potential passwords) will be unencrypted #*.pubxml *.publishproj # Microsoft Azure Web App publish settings. Comment the next line if you want to # checkin your Azure Web App publish settings, but sensitive information contained # in these scripts will be unencrypted PublishScripts/ # NuGet Packages *.nupkg # The packages folder can be ignored because of Package Restore **/packages/* # except build/, which is used as an MSBuild target. !**/packages/build/ # Uncomment if necessary however generally it will be regenerated when needed #!**/packages/repositories.config # NuGet v3's project.json files produces more ignoreable files *.nuget.props *.nuget.targets # Microsoft Azure Build Output csx/ *.build.csdef # Microsoft Azure Emulator ecf/ rcf/ # Windows Store app package directories and files AppPackages/ BundleArtifacts/ Package.StoreAssociation.xml _pkginfo.txt # Visual Studio cache files # files ending in .cache can be ignored *.[Cc]ache # but keep track of directories ending in .cache !*.[Cc]ache/ # Others ClientBin/ ~$* *~ *.dbmdl *.dbproj.schemaview *.jfm *.pfx *.publishsettings node_modules/ orleans.codegen.cs # Since there are multiple workflows, uncomment next line to ignore bower_components # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) #bower_components/ # RIA/Silverlight projects Generated_Code/ # Backup & report files from converting an old project file # to a newer Visual Studio version. Backup files are not needed, # because we have git ;-) _UpgradeReport_Files/ Backup*/ UpgradeLog*.XML UpgradeLog*.htm # SQL Server files *.mdf *.ldf # Business Intelligence projects *.rdl.data *.bim.layout *.bim_*.settings # Microsoft Fakes FakesAssemblies/ # GhostDoc plugin setting file *.GhostDoc.xml # Node.js Tools for Visual Studio .ntvs_analysis.dat # Visual Studio 6 build log *.plg # Visual Studio 6 workspace options file *.opt # Visual Studio LightSwitch build output **/*.HTMLClient/GeneratedArtifacts **/*.DesktopClient/GeneratedArtifacts **/*.DesktopClient/ModelManifest.xml **/*.Server/GeneratedArtifacts **/*.Server/ModelManifest.xml _Pvt_Extensions # Paket dependency manager .paket/paket.exe paket-files/ # FAKE - F# Make .fake/ # JetBrains Rider .idea/ *.sln.iml # CodeRush .cr/ # Python Tools for Visual Studio (PTVS) __pycache__/ *.pyc ================================================ FILE: LICENSE ================================================ BSD 3-Clause License Copyright (c) 2019, b4rtik All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ================================================ FILE: README.md ================================================ # SharpAdidnsdump SharpAdidnsdump is a c# implementation of Dirk-jan Mollema research: [Getting in the zone dumping active directory dns with adidnsdump](https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/). All the credits go to Dirk-jan Mollema and his research. # Features Enumerate all hosts with IPs via AD LDAP and DNS query. The first step is to list the zones available in DomainDnsZone using the filter (&(objectClass = DnsZone)(!(DC=*arpa))(!(DC=RootDNSServers))). For each zone it is possible to list all Host objects with the filter (&(!(ObjectClass=DnsZone))(!(DC=@))(!(DC=*arpa))(!(DC=*DNSZones))) changing the RootDn of the query. It is necessary (!(ObjectClass=DnsZone)) because if the filter were used (objectClass=DnsNode) the hidden elements would be excluded. Some of the records present via LDAP can be listed but the properties can't be readed. In my implementation I resolve the visibility of these records with the parsing of the Path property of the SearchResult object. ### Usage SharpAdidnsdumpis.exe dc-address # References [Getting in the zone dumping active directory dns with adidnsdump](https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/). [Adidnsdump](https://github.com/dirkjanm/adidnsdump) Feel free to contact me at: [@b4rtik](https://twitter.com/b4rtik) ================================================ FILE: SharpAdidnsdump/Program.cs ================================================  // Author: B4rtik (@b4rtik) // Project: SharpAdidnsdump (https://github.com/b4rtik/SharpAdidnsdump) // License: BSD 3-Clause // based on // Getting in the zone dumping active directory dns with adidnsdump // https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/ // by @_dirkjan using System; using System.Net; using System.Net.Sockets; using System.DirectoryServices; namespace SharpAdidnsdump { class Program { static void Main(string[] args) { String dc_address = ""; if (args == null || args.Length <= 0) { Console.WriteLine("usage: SharpAdidnsdumpis.exe dc-address"); return; } else { dc_address = args[0]; } try { Console.WriteLine("Running enumeration against {0}", dc_address); String rootDn = "DC=DomainDnsZones"; String domain_local = System.Net.NetworkInformation.IPGlobalProperties.GetIPGlobalProperties().DomainName; String domain_path = ""; foreach (String domain_path_r in domain_local.Split('.')) { domain_path += ",DC=" + domain_path_r; } rootDn += domain_path; Console.WriteLine("Running enumeration against {0}", "LDAP://" + dc_address + "/" + rootDn); DirectoryEntry rootEntry = new DirectoryEntry("LDAP://" + dc_address + "/" + rootDn); rootEntry.AuthenticationType = AuthenticationTypes.Delegation; DirectorySearcher searcher = new DirectorySearcher(rootEntry); //find domains var queryFormat = "(&(objectClass=DnsZone)(!(DC=*arpa))(!(DC=RootDNSServers)))"; searcher.Filter = queryFormat; searcher.SearchScope = SearchScope.Subtree; foreach (SearchResult result in searcher.FindAll()) { String domain = (result.Properties["DC"].Count > 0 ? result.Properties["DC"][0].ToString() : string.Empty); Console.WriteLine(); Console.WriteLine(); Console.WriteLine("Domain: {0}", domain); Console.WriteLine(); DirectoryEntry rootEntry_d = new DirectoryEntry("LDAP://" + dc_address + "/DC=" + result.Properties["DC"][0].ToString() + ",CN=microsoftdns," + rootDn); rootEntry_d.AuthenticationType = AuthenticationTypes.Delegation; DirectorySearcher searcher_h = new DirectorySearcher(rootEntry_d); //find hosts queryFormat = "(&(!(objectClass=DnsZone))(!(DC=@))(!(DC=*arpa))(!(DC=*DNSZones)))"; searcher_h.Filter = queryFormat; searcher_h.SearchScope = SearchScope.Subtree; foreach (SearchResult result_h in searcher_h.FindAll()) { String target = ""; if (result_h.Properties["DC"].Count > 0) { target = result_h.Properties["DC"][0].ToString(); } else { //Hidden entry String path = result_h.Path; target = (path.Substring(path.IndexOf("LDAP://" + dc_address + "/"), path.IndexOf(","))).Split('=')[1]; } if (!target.EndsWith(".")) target += "." + domain; Boolean tombstoned = result_h.Properties["dNSTombstoned"].Count > 0 ? (Boolean)result_h.Properties["dNSTombstoned"][0] : false; try { IPHostEntry hostInfo = Dns.GetHostEntry(target); foreach (IPAddress result_ip in hostInfo.AddressList) { Console.WriteLine("Host {0} {1}", target, result_ip); } } catch (Exception e) { if (tombstoned) { Console.WriteLine("Host {0} Tombstoned", target); } else { Console.WriteLine("DNS Query with target : {0} failed", target); } } } } Console.WriteLine(); Console.WriteLine("SharpAdidnsdump end"); Console.WriteLine(); return; } catch (Exception e) { Console.WriteLine("Error retriving data : {0}", e.Message); return; } } } } ================================================ FILE: SharpAdidnsdump/Properties/AssemblyInfo.cs ================================================ using System.Reflection; using System.Runtime.CompilerServices; using System.Runtime.InteropServices; // Le informazioni generali relative a un assembly sono controllate dal seguente // set di attributi. Modificare i valori di questi attributi per modificare le informazioni // associate a un assembly. [assembly: AssemblyTitle("SharpAdidnsdump")] [assembly: AssemblyDescription("")] [assembly: AssemblyConfiguration("")] [assembly: AssemblyCompany("")] [assembly: AssemblyProduct("SharpAdidnsdump")] [assembly: AssemblyCopyright("Copyright © 2019")] [assembly: AssemblyTrademark("")] [assembly: AssemblyCulture("")] // Se si imposta ComVisible su false, i tipi in questo assembly non saranno visibili // ai componenti COM. Se è necessario accedere a un tipo in questo assembly da // COM, impostare su true l'attributo ComVisible per tale tipo. [assembly: ComVisible(false)] // Se il progetto viene esposto a COM, il GUID seguente verrà utilizzato come ID della libreria dei tipi [assembly: Guid("cdb02bc2-5f62-4c8a-af69-acc3ab82e741")] // Le informazioni sulla versione di un assembly sono costituite dai seguenti quattro valori: // // Versione principale // Versione secondaria // Numero di build // Revisione // // È possibile specificare tutti i valori oppure impostare valori predefiniti per i numeri relativi alla revisione e alla build // usando l'asterisco '*' come illustrato di seguito: // [assembly: AssemblyVersion("1.0.*")] [assembly: AssemblyVersion("1.0.0.0")] [assembly: AssemblyFileVersion("1.0.0.0")] ================================================ FILE: SharpAdidnsdump/SharpAdidnsdump.csproj ================================================ Debug AnyCPU {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741} Exe SharpAdidnsdump SharpAdidnsdump v4.0 512 true AnyCPU true full false bin\Debug\ DEBUG;TRACE prompt 4 AnyCPU pdbonly true bin\Release\ TRACE prompt 4 ================================================ FILE: SharpAdidnsdump.sln ================================================ Microsoft Visual Studio Solution File, Format Version 12.00 # Visual Studio 15 VisualStudioVersion = 15.0.28307.136 MinimumVisualStudioVersion = 10.0.40219.1 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SharpAdidnsdump", "SharpAdidnsdump\SharpAdidnsdump.csproj", "{CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}" EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU Release|Any CPU = Release|Any CPU EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Debug|Any CPU.Build.0 = Debug|Any CPU {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Release|Any CPU.ActiveCfg = Release|Any CPU {CDB02BC2-5F62-4C8A-AF69-ACC3AB82E741}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE EndGlobalSection GlobalSection(ExtensibilityGlobals) = postSolution SolutionGuid = {6E8B8B29-2CE9-4590-A773-B9C360898AE7} EndGlobalSection EndGlobal