Exemplo n.º 1
0
 static extern int DsGetDcName
 (
     [MarshalAs(UnmanagedType.LPTStr)]
     string ComputerName,
     [MarshalAs(UnmanagedType.LPTStr)]
     string DomainName,
     //[In] Guid DomainGuid,
     [In] GuidClass DomainGuid,
     [MarshalAs(UnmanagedType.LPTStr)]
     string SiteName,
     int Flags,
     out IntPtr pDOMAIN_CONTROLLER_INFO
 );
Exemplo n.º 2
0
        static void Main(string[] args)
        {
            int    option = 0;
            string DomainControllerName = "192.168.0.180";
            string DnsDomainName        = "";
            string computername         = "";
            string domain = "";

            while (true)
            {
                Console.WriteLine("Select a DS option");
                option = Convert.ToInt32(Console.ReadLine());
                switch (option)
                {
                case 1:
                    Console.WriteLine("DsGetDcName");
                    // Get a Nearby DC
                    Console.WriteLine("Enter DC Name: ");
                    computername         = Console.ReadLine();
                    DomainControllerName = computername;
                    Console.WriteLine("Enter a domain name (opt): ");
                    domain = Console.ReadLine();
                    IntPtr    out_dc = (IntPtr)0;
                    GuidClass guid   = null;
                    NtdsHelper.DOMAIN_CONTROLLER_INFO domainInfo;

                    uint ret = (uint)Program.DsGetDcName(computername, domain, guid, null, 0, out out_dc);
                    if (ret != 0)
                    {
                        Console.WriteLine("[*] DsGetDcName failed. ret:" + ret.ToString());
                    }
                    else
                    {
                        Console.WriteLine("[*] DsGetDcName: ");
                        domainInfo = (NtdsHelper.DOMAIN_CONTROLLER_INFO)Marshal.PtrToStructure(out_dc, typeof(NtdsHelper.DOMAIN_CONTROLLER_INFO));

                        string msg = "Forest : " + domainInfo.DnsForestName + "\r\n";
                        msg += "DC-Site: " + domainInfo.DomainControllerName + "\r\n";
                        msg += " Client: " + domainInfo.ClientSiteName + "\r\n";
                        Console.WriteLine(msg);
                    }
                    break;

                case 2:
                    // DsEnumerateDomainTrusts
                    Console.WriteLine("DsEnumerateDomainTrusts");
                    // What trust types are we interested in ?
                    uint trustTypes = (uint)(NtdsHelper.DS_DOMAIN_TRUST_TYPE.DS_DOMAIN_PRIMARY | NtdsHelper.DS_DOMAIN_TRUST_TYPE.DS_DOMAIN_DIRECT_OUTBOUND);

                    IntPtr buf        = new IntPtr();
                    uint   numDomains = 0;
                    NtdsHelper.DS_DOMAIN_TRUSTS[] trusts = new NtdsHelper.DS_DOMAIN_TRUSTS[0];

                    // Make the call - not doing anything special with the result value here
                    uint result = NtdsHelper.DsEnumerateDomainTrusts(null,
                                                                     trustTypes,
                                                                     out buf,
                                                                     out numDomains);

                    try
                    {
                        if ((numDomains > 0) && (result == 0))
                        {
                            // Marshal the received buffer to managed structs

                            trusts = new NtdsHelper.DS_DOMAIN_TRUSTS[numDomains];

                            IntPtr iter = buf;

                            for (int i = 0; i < numDomains; i++)
                            {
                                trusts[i] = (NtdsHelper.DS_DOMAIN_TRUSTS)Marshal.PtrToStructure(iter, typeof(NtdsHelper.DS_DOMAIN_TRUSTS));
                                iter      = (IntPtr)(iter.ToInt64() + (long)Marshal.SizeOf(typeof(NtdsHelper.DS_DOMAIN_TRUSTS)));
                                Console.WriteLine("[*] found:\n    trust domain: " + trusts[i].DnsDomainName + "\n    trust type: " + trusts[i].TrustType + "\n    trust attributes: " + trusts[i].TrustAttributes + "\n    trust parent index: " + trusts[i].ParentIndex);
                                Console.WriteLine("[*] iter\n    : " + iter.ToString());
                            }
                        }
                    }
                    finally
                    {
                        // Make sure we free the buffer whatever happens
                        NtdsHelper.NetApiBufferFree(buf);
                    }

                    break;

                case 3:
                    // DsGetForestTrustInformationW
                    break;

                case 4:
                    // DsGetDCSiteCoverage
                    long   lEntryCount = 0;
                    IntPtr pSiteNames;
                    Console.WriteLine("Enter DC Name: ");
                    computername         = Console.ReadLine();
                    DomainControllerName = computername;
                    int j = NtdsHelper.DsGetDcSiteCoverage(DomainControllerName, out lEntryCount, out pSiteNames);

                    Console.WriteLine("Status: " + j.ToString());
                    Console.WriteLine("Entries: " + lEntryCount.ToString());

                    for (int jData = 0; jData < lEntryCount; jData++)
                    {
                        Console.WriteLine(Marshal.PtrToStringAuto(Marshal.ReadIntPtr(pSiteNames, jData * IntPtr.Size)));
                    }

                    NtdsHelper.NetApiBufferFree(pSiteNames);
                    break;

                case 5:
                    // DsValidateSubnetName
                    break;

                case 6:
                    // DsAddressToSiteNames(ex)9

                    //WSADATA data = new WSADATA();
                    //SockAddr sockAddr = new SockAddr();
                    //IntPtr pSockAddr = IntPtr.Zero;
                    //IntPtr pSites = IntPtr.Zero;
                    //SOCKET_ADDRESS[] SocketAddresses = new SOCKET_ADDRESS[1];
                    //string siteName = string.Empty;

                    break;

                case 0:
                    // DsGetDomainControllerInfo
                    Console.WriteLine("DsGetDomainConterollerInfo");

                    break;

                case 7:

                    // DsListSites
                    break;

                case 8:

                    // DsListServersForDomainInSite
                    break;

                case 9:

                    // DsListDomainsInSite
                    break;

                case 10:

                    // DsReplicaSync
                    break;

                case 11:

                    // DsBackupOpenFile
                    break;

                case 12:

                    // DsBackupRead
                    break;

                case 13:

                    // DsCrackNames
                    break;

                case 14:

                    // DRSReplicaSync
                    break;

                case 15:

                    // DRSGetNCChanges
                    break;

                case 16:

                    // DRSGetMemberships
                    break;

                case 17:

                    // DRSGetMemberships2
                    break;

                case 18:

                    // DRSDomainControllerInfo
                    break;

                case 19:

                    // DRSExecuteKCC - validates replication interconnections of DCs
                    break;

                case 20:

                    // DRSAddCloneDC - creates a new DC object by copying DC attributes
                    break;

                case 21:

                    // DRSBind & DRSUnbind
                    break;

                case 22:
                    break;

                case 23:
                    // DsBind & DsUnbind & DsGetDomainControllerInfo
                    Console.WriteLine("binding to DC");
                    Console.WriteLine("Enter DC Name: ");
                    computername         = Console.ReadLine();
                    DomainControllerName = computername;
                    Console.WriteLine("Enter a domain name (opt): ");
                    domain        = Console.ReadLine();
                    DnsDomainName = domain;
                    Int64  dc       = 0;
                    IntPtr DCHandle = (IntPtr)dc;
                    ret = NtdsHelper.DsBind(DomainControllerName, DnsDomainName, out DCHandle);
                    if (ret != 0)
                    {
                        Console.WriteLine("[*] cannot bind to " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString());
                        break;
                    }
                    NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2[] DcInfos;
                    uint   InfoLvl = 2;
                    IntPtr DCInfosPtr;
                    uint   nInfo;
                    ret = NtdsHelper.DsGetDomainControllerInfo(DCHandle, DnsDomainName, InfoLvl, out nInfo, out DCInfosPtr);
                    if (ret != 0)
                    {
                        Console.WriteLine("[*] cannot get DC Info for " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString());
                        break;
                    }
                    DcInfos = new NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2[nInfo];
                    IntPtr CurrentInfoPtr = DCInfosPtr;
                    NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2 OneInfo;
                    for (uint i = 0; i < nInfo; i++)
                    {
                        OneInfo    = (NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2)Marshal.PtrToStructure(CurrentInfoPtr, typeof(NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2));
                        DcInfos[i] = OneInfo;

                        Console.WriteLine("[*] Found: \n    Computer Object Name: \n" + DcInfos[i].ComputerObjectName + "\n    Server Object Name: \n" + DcInfos[i].ServerObjectName + "\n    DnsHostName: \n" + DcInfos[i].DnsHostName);
                        CurrentInfoPtr = (IntPtr)((int)CurrentInfoPtr + Marshal.SizeOf(typeof(NtdsHelper.DS_DOMAIN_CONTROLLER_INFO_2)));
                    }
                    NtdsHelper.DsFreeDomainControllerInfo(InfoLvl, nInfo, DCInfosPtr);
                    NtdsHelper.DsUnBind(ref DCHandle);
                    Console.WriteLine("[*] DC Unbound");
                    break;

                case 24:
                    Console.WriteLine("getting creds");
                    Console.WriteLine("user name: ");
                    String user = Console.ReadLine();
                    Console.WriteLine("domain: ");
                    domain = Console.ReadLine();
                    Console.WriteLine("password: "******"binding to DC");
                    ret = NtdsHelper.DsBindWithCred(DomainControllerName, DnsDomainName, AuthIdentity, out DCHandle);
                    if (ret != 0)
                    {
                        Console.WriteLine("[*] cannot bind to " + DomainControllerName + " on " + DnsDomainName + " ret: " + ret.ToString());
                        break;
                    }
                    break;

                default:
                    break;
                }
            }
            Console.ReadLine(); // pause before exit
        }