static extern int DsGetDcName ( [MarshalAs(UnmanagedType.LPTStr)] string ComputerName, [MarshalAs(UnmanagedType.LPTStr)] string DomainName, //[In] Guid DomainGuid, [In] GuidClass DomainGuid, [MarshalAs(UnmanagedType.LPTStr)] string SiteName, int Flags, out IntPtr pDOMAIN_CONTROLLER_INFO );
static void Main(string[] args) { int option = 0; string DomainControllerName = "192.168.0.180"; string DnsDomainName = ""; string computername = ""; string domain = ""; while (true) { Console.WriteLine("Select a DS option"); option = Convert.ToInt32(Console.ReadLine()); switch (option) { case 1: Console.WriteLine("DsGetDcName"); // Get a Nearby DC Console.WriteLine("Enter DC Name: "); computername = Console.ReadLine(); DomainControllerName = computername; Console.WriteLine("Enter a domain name (opt): "); domain = Console.ReadLine(); IntPtr out_dc = (IntPtr)0; GuidClass guid = null; NtdsHelper.DOMAIN_CONTROLLER_INFO domainInfo; uint ret = (uint)Program.DsGetDcName(computername, domain, guid, null, 0, out out_dc); if (ret != 0) { Console.WriteLine("[*] DsGetDcName failed. ret:" + ret.ToString()); } else { Console.WriteLine("[*] DsGetDcName: "); domainInfo = (NtdsHelper.DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(out_dc, typeof(NtdsHelper.DOMAIN_CONTROLLER_INFO)); string msg = "Forest : " + domainInfo.DnsForestName + "\r\n"; msg += "DC-Site: " + domainInfo.DomainControllerName + "\r\n"; msg += " Client: " + domainInfo.ClientSiteName + "\r\n"; Console.WriteLine(msg); } break; case 2: // DsEnumerateDomainTrusts Console.WriteLine("DsEnumerateDomainTrusts"); // What trust types are we interested in ? uint trustTypes = (uint)(NtdsHelper.DS_DOMAIN_TRUST_TYPE.DS_DOMAIN_PRIMARY | NtdsHelper.DS_DOMAIN_TRUST_TYPE.DS_DOMAIN_DIRECT_OUTBOUND); IntPtr buf = new IntPtr(); uint numDomains = 0; NtdsHelper.DS_DOMAIN_TRUSTS[] trusts = new NtdsHelper.DS_DOMAIN_TRUSTS[0]; // Make the call - not doing anything special with the result value here uint result = NtdsHelper.DsEnumerateDomainTrusts(null, trustTypes, out buf, out numDomains); try { if ((numDomains > 0) && (result == 0)) { // Marshal the received buffer to managed structs trusts = new NtdsHelper.DS_DOMAIN_TRUSTS[numDomains]; IntPtr iter = buf; for (int i = 0; i < numDomains; i++) { trusts[i] = (NtdsHelper.DS_DOMAIN_TRUSTS)Marshal.PtrToStructure(iter, typeof(NtdsHelper.DS_DOMAIN_TRUSTS)); iter = (IntPtr)(iter.ToInt64() + (long)Marshal.SizeOf(typeof(NtdsHelper.DS_DOMAIN_TRUSTS))); Console.WriteLine("[*] found:\n trust domain: " + trusts[i].DnsDomainName + "\n trust type: " + trusts[i].TrustType + "\n trust attributes: " + trusts[i].TrustAttributes + "\n trust parent index: " + trusts[i].ParentIndex); Console.WriteLine("[*] iter\n : " + iter.ToString()); } } } finally { // Make sure we free the buffer whatever happens NtdsHelper.NetApiBufferFree(buf); } break; case 3: // DsGetForestTrustInformationW break; case 4: // DsGetDCSiteCoverage long lEntryCount = 0; IntPtr pSiteNames; Console.WriteLine("Enter DC Name: "); computername = Console.ReadLine(); DomainControllerName = computername; int j = NtdsHelper.DsGetDcSiteCoverage(DomainControllerName, out lEntryCount, out pSiteNames); Console.WriteLine("Status: " + j.ToString()); Console.WriteLine("Entries: " + lEntryCount.ToString()); for (int jData = 0; jData < lEntryCount; jData++) { Console.WriteLine(Marshal.PtrToStringAuto(Marshal.ReadIntPtr(pSiteNames, jData * IntPtr.Size))); } NtdsHelper.NetApiBufferFree(pSiteNames); break; case 5: // DsValidateSubnetName break; case 6: // DsAddressToSiteNames(ex)9 //WSADATA data = new WSADATA(); //SockAddr sockAddr = new SockAddr(); //IntPtr pSockAddr = IntPtr.Zero; //IntPtr pSites = IntPtr.Zero; //SOCKET_ADDRESS[] SocketAddresses = new SOCKET_ADDRESS[1]; //string siteName = string.Empty; break; case 0: // DsGetDomainControllerInfo Console.WriteLine("DsGetDomainConterollerInfo"); break; case 7: // DsListSites break; case 8: // DsListServersForDomainInSite break; case 9: // DsListDomainsInSite break; case 10: // DsReplicaSync break; case 11: // DsBackupOpenFile break; case 12: // DsBackupRead break; case 13: // DsCrackNames break; case 14: // DRSReplicaSync break; case 15: // DRSGetNCChanges break; case 16: // DRSGetMemberships break; case 17: // DRSGetMemberships2 break; case 18: // DRSDomainControllerInfo break; case 19: // DRSExecuteKCC - validates replication interconnections of DCs break; case 20: // DRSAddCloneDC - creates a new DC object by copying DC attributes break; case 21: // DRSBind & DRSUnbind break; case 22: break; case 23: // DsBind & DsUnbind & DsGetDomainControllerInfo Console.WriteLine("binding to DC"); Console.WriteLine("Enter DC Name: "); computername = Console.ReadLine(); DomainControllerName = computername; Console.WriteLine("Enter a domain name (opt): "); domain = Console.ReadLine(); DnsDomainName = domain; Int64 dc = 0; IntPtr DCHandle = (IntPtr)dc; ret = NtdsHelper.DsBind(DomainControllerName, DnsDomainName, out DCHandle); if (ret != 0) { Console.WriteLine("[*] cannot bind to " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString()); break; } NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2[] DcInfos; uint InfoLvl = 2; IntPtr DCInfosPtr; uint nInfo; ret = NtdsHelper.DsGetDomainControllerInfo(DCHandle, DnsDomainName, InfoLvl, out nInfo, out DCInfosPtr); if (ret != 0) { Console.WriteLine("[*] cannot get DC Info for " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString()); break; } DcInfos = new NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2[nInfo]; IntPtr CurrentInfoPtr = DCInfosPtr; NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2 OneInfo; for (uint i = 0; i < nInfo; i++) { OneInfo = (NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2)Marshal.PtrToStructure(CurrentInfoPtr, typeof(NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2)); DcInfos[i] = OneInfo; Console.WriteLine("[*] Found: \n Computer Object Name: \n" + DcInfos[i].ComputerObjectName + "\n Server Object Name: \n" + DcInfos[i].ServerObjectName + "\n DnsHostName: \n" + DcInfos[i].DnsHostName); CurrentInfoPtr = (IntPtr)((int)CurrentInfoPtr + Marshal.SizeOf(typeof(NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2))); } NtdsHelper.DsFreeDomainControllerInfo(InfoLvl, nInfo, DCInfosPtr); NtdsHelper.DsUnBind(ref DCHandle); Console.WriteLine("[*] DC Unbound"); break; case 24: Console.WriteLine("getting creds"); Console.WriteLine("user name: "); String user = Console.ReadLine(); Console.WriteLine("domain: "); domain = Console.ReadLine(); Console.WriteLine("password: "******"binding to DC"); ret = NtdsHelper.DsBindWithCred(DomainControllerName, DnsDomainName, AuthIdentity, out DCHandle); if (ret != 0) { Console.WriteLine("[*] cannot bind to " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString()); break; } break; default: break; } } Console.ReadLine(); // pause before exit }