public void ConsumeAndEnumerate(Object inq, Object outq, Object dsid)
{
EnumerationQueue <String> inQueue = (EnumerationQueue <String>)inq;
EnumerationQueue <LocalAdminInfo> outQueue = (EnumerationQueue <LocalAdminInfo>)outq;
string DomainSID = (string)dsid;
while (true)
{
try
{
String host = inQueue.get();
if (host == null)
{
break;
}
List <LocalAdminInfo> results = LocalGroupAPI(host, "Administrators", DomainSID);
if (results.Count == 0)
{
results = LocalGroupWinNT(host, "Administrators");
}
foreach (LocalAdminInfo s in results)
{
outQueue.add(s);
}
}
catch (Exception e)
{
Console.WriteLine(e);
continue;
}
}
}
public void Write(Object outq, Object cli)
{
int count = 0;
EnumerationQueue <LocalAdminInfo> outQueue = (EnumerationQueue <LocalAdminInfo>)outq;
Options o = (Options)cli;
if (o.URI == null)
{
using (StreamWriter writer = new StreamWriter(o.GetFilePath("local_admins.csv")))
{
writer.WriteLine("ComputerName,AccountName,AccountType");
while (true)
{
try
{
LocalAdminInfo info = outQueue.get();
if (info == null)
{
writer.Flush();
break;
}
writer.WriteLine(info.ToCSV());
count++;
if (count % 1000 == 0)
{
Console.WriteLine("Local Admins Enumerated " + count);
writer.Flush();
}
}
catch
{
continue;
}
}
}
}
}
public void EnumerateLocalAdmins()
{
Console.WriteLine("Starting Local Admin Enumeration");
List <string> Domains = new List <string>();
if (options.SearchForest)
{
Domains = Helpers.GetForestDomains();
}
else if (options.Domain != null)
{
Domains.Add(Helpers.GetDomain(options.Domain).Name);
}
else
{
Domains.Add(Helpers.GetDomain().Name);
}
EnumerationQueue <LocalAdminInfo> outQueue = new EnumerationQueue <LocalAdminInfo>();
Writer w = new Writer();
Thread write = new Thread(unused => w.Write(outQueue, options));
write.Start();
foreach (String DomainName in Domains)
{
int count = 0;
string DomainSID = Helpers.GetDomainSid(DomainName);
EnumerationQueue <string> inQueue = new EnumerationQueue <string>();
DirectorySearcher searcher = Helpers.GetDomainSearcher(DomainName);
searcher.Filter = "(sAMAccountType=805306369)";
searcher.PropertiesToLoad.Add("dnshostname");
foreach (SearchResult x in searcher.FindAll())
{
var y = x.Properties["dnshostname"];
if (y.Count > 0)
{
inQueue.add(y[0].ToString());
count++;
}
}
options.WriteVerbose(String.Format("Enumerating {0} machines in domain {1}", count, DomainName));
searcher.Dispose();
for (int i = 0; i < options.Threads; i++)
{
inQueue.add(null);
}
List <Thread> threads = new List <Thread>();
for (int i = 0; i < options.Threads; i++)
{
Enumerator e = new Enumerator();
Thread consumer = new Thread(unused => e.ConsumeAndEnumerate(inQueue, outQueue, DomainSID));
consumer.Start();
threads.Add(consumer);
}
foreach (var t in threads)
{
t.Join();
}
}
outQueue.add(null);
write.Join();
}
