├── .gitignore
├── ADIDNSRecords.sln
├── ADIDNSRecords
├── ADIDNSRecords.csproj
├── Program.cs
└── Properties
│ └── AssemblyInfo.cs
├── LICENSE
└── README.md
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.suo
8 | *.user
9 | *.userosscache
10 | *.sln.docstates
11 |
12 | # User-specific files (MonoDevelop/Xamarin Studio)
13 | *.userprefs
14 |
15 | # Build results
16 | [Dd]ebug/
17 | [Dd]ebugPublic/
18 | [Rr]elease/
19 | [Rr]eleases/
20 | x64/
21 | x86/
22 | bld/
23 | [Bb]in/
24 | [Oo]bj/
25 | [Ll]og/
26 |
27 | # Visual Studio 2015/2017 cache/options directory
28 | .vs/
29 | # Uncomment if you have tasks that create the project's static files in wwwroot
30 | #wwwroot/
31 |
32 | # Visual Studio 2017 auto generated files
33 | Generated\ Files/
34 |
35 | # MSTest test Results
36 | [Tt]est[Rr]esult*/
37 | [Bb]uild[Ll]og.*
38 |
39 | # NUNIT
40 | *.VisualState.xml
41 | TestResult.xml
42 |
43 | # Build Results of an ATL Project
44 | [Dd]ebugPS/
45 | [Rr]eleasePS/
46 | dlldata.c
47 |
48 | # Benchmark Results
49 | BenchmarkDotNet.Artifacts/
50 |
51 | # .NET Core
52 | project.lock.json
53 | project.fragment.lock.json
54 | artifacts/
55 | **/Properties/launchSettings.json
56 |
57 | # StyleCop
58 | StyleCopReport.xml
59 |
60 | # Files built by Visual Studio
61 | *_i.c
62 | *_p.c
63 | *_i.h
64 | *.ilk
65 | *.meta
66 | *.obj
67 | *.iobj
68 | *.pch
69 | *.pdb
70 | *.ipdb
71 | *.pgc
72 | *.pgd
73 | *.rsp
74 | *.sbr
75 | *.tlb
76 | *.tli
77 | *.tlh
78 | *.tmp
79 | *.tmp_proj
80 | *.log
81 | *.vspscc
82 | *.vssscc
83 | .builds
84 | *.pidb
85 | *.svclog
86 | *.scc
87 |
88 | # Chutzpah Test files
89 | _Chutzpah*
90 |
91 | # Visual C++ cache files
92 | ipch/
93 | *.aps
94 | *.ncb
95 | *.opendb
96 | *.opensdf
97 | *.sdf
98 | *.cachefile
99 | *.VC.db
100 | *.VC.VC.opendb
101 |
102 | # Visual Studio profiler
103 | *.psess
104 | *.vsp
105 | *.vspx
106 | *.sap
107 |
108 | # Visual Studio Trace Files
109 | *.e2e
110 |
111 | # TFS 2012 Local Workspace
112 | $tf/
113 |
114 | # Guidance Automation Toolkit
115 | *.gpState
116 |
117 | # ReSharper is a .NET coding add-in
118 | _ReSharper*/
119 | *.[Rr]e[Ss]harper
120 | *.DotSettings.user
121 |
122 | # JustCode is a .NET coding add-in
123 | .JustCode
124 |
125 | # TeamCity is a build add-in
126 | _TeamCity*
127 |
128 | # DotCover is a Code Coverage Tool
129 | *.dotCover
130 |
131 | # AxoCover is a Code Coverage Tool
132 | .axoCover/*
133 | !.axoCover/settings.json
134 |
135 | # Visual Studio code coverage results
136 | *.coverage
137 | *.coveragexml
138 |
139 | # NCrunch
140 | _NCrunch_*
141 | .*crunch*.local.xml
142 | nCrunchTemp_*
143 |
144 | # MightyMoose
145 | *.mm.*
146 | AutoTest.Net/
147 |
148 | # Web workbench (sass)
149 | .sass-cache/
150 |
151 | # Installshield output folder
152 | [Ee]xpress/
153 |
154 | # DocProject is a documentation generator add-in
155 | DocProject/buildhelp/
156 | DocProject/Help/*.HxT
157 | DocProject/Help/*.HxC
158 | DocProject/Help/*.hhc
159 | DocProject/Help/*.hhk
160 | DocProject/Help/*.hhp
161 | DocProject/Help/Html2
162 | DocProject/Help/html
163 |
164 | # Click-Once directory
165 | publish/
166 |
167 | # Publish Web Output
168 | *.[Pp]ublish.xml
169 | *.azurePubxml
170 | # Note: Comment the next line if you want to checkin your web deploy settings,
171 | # but database connection strings (with potential passwords) will be unencrypted
172 | *.pubxml
173 | *.publishproj
174 |
175 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
176 | # checkin your Azure Web App publish settings, but sensitive information contained
177 | # in these scripts will be unencrypted
178 | PublishScripts/
179 |
180 | # NuGet Packages
181 | *.nupkg
182 | # The packages folder can be ignored because of Package Restore
183 | **/[Pp]ackages/*
184 | # except build/, which is used as an MSBuild target.
185 | !**/[Pp]ackages/build/
186 | # Uncomment if necessary however generally it will be regenerated when needed
187 | #!**/[Pp]ackages/repositories.config
188 | # NuGet v3's project.json files produces more ignorable files
189 | *.nuget.props
190 | *.nuget.targets
191 |
192 | # Microsoft Azure Build Output
193 | csx/
194 | *.build.csdef
195 |
196 | # Microsoft Azure Emulator
197 | ecf/
198 | rcf/
199 |
200 | # Windows Store app package directories and files
201 | AppPackages/
202 | BundleArtifacts/
203 | Package.StoreAssociation.xml
204 | _pkginfo.txt
205 | *.appx
206 |
207 | # Visual Studio cache files
208 | # files ending in .cache can be ignored
209 | *.[Cc]ache
210 | # but keep track of directories ending in .cache
211 | !*.[Cc]ache/
212 |
213 | # Others
214 | ClientBin/
215 | ~$*
216 | *~
217 | *.dbmdl
218 | *.dbproj.schemaview
219 | *.jfm
220 | *.pfx
221 | *.publishsettings
222 | orleans.codegen.cs
223 |
224 | # Including strong name files can present a security risk
225 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
226 | #*.snk
227 |
228 | # Since there are multiple workflows, uncomment next line to ignore bower_components
229 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
230 | #bower_components/
231 |
232 | # RIA/Silverlight projects
233 | Generated_Code/
234 |
235 | # Backup & report files from converting an old project file
236 | # to a newer Visual Studio version. Backup files are not needed,
237 | # because we have git ;-)
238 | _UpgradeReport_Files/
239 | Backup*/
240 | UpgradeLog*.XML
241 | UpgradeLog*.htm
242 | ServiceFabricBackup/
243 | *.rptproj.bak
244 |
245 | # SQL Server files
246 | *.mdf
247 | *.ldf
248 | *.ndf
249 |
250 | # Business Intelligence projects
251 | *.rdl.data
252 | *.bim.layout
253 | *.bim_*.settings
254 | *.rptproj.rsuser
255 |
256 | # Microsoft Fakes
257 | FakesAssemblies/
258 |
259 | # GhostDoc plugin setting file
260 | *.GhostDoc.xml
261 |
262 | # Node.js Tools for Visual Studio
263 | .ntvs_analysis.dat
264 | node_modules/
265 |
266 | # Visual Studio 6 build log
267 | *.plg
268 |
269 | # Visual Studio 6 workspace options file
270 | *.opt
271 |
272 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
273 | *.vbw
274 |
275 | # Visual Studio LightSwitch build output
276 | **/*.HTMLClient/GeneratedArtifacts
277 | **/*.DesktopClient/GeneratedArtifacts
278 | **/*.DesktopClient/ModelManifest.xml
279 | **/*.Server/GeneratedArtifacts
280 | **/*.Server/ModelManifest.xml
281 | _Pvt_Extensions
282 |
283 | # Paket dependency manager
284 | .paket/paket.exe
285 | paket-files/
286 |
287 | # FAKE - F# Make
288 | .fake/
289 |
290 | # JetBrains Rider
291 | .idea/
292 | *.sln.iml
293 |
294 | # CodeRush
295 | .cr/
296 |
297 | # Python Tools for Visual Studio (PTVS)
298 | __pycache__/
299 | *.pyc
300 |
301 | # Cake - Uncomment if you are using it
302 | # tools/**
303 | # !tools/packages.config
304 |
305 | # Tabs Studio
306 | *.tss
307 |
308 | # Telerik's JustMock configuration file
309 | *.jmconfig
310 |
311 | # BizTalk build output
312 | *.btp.cs
313 | *.btm.cs
314 | *.odx.cs
315 | *.xsd.cs
316 |
317 | # OpenCover UI analysis results
318 | OpenCover/
319 |
320 | # Azure Stream Analytics local run output
321 | ASALocalRun/
322 |
323 | # MSBuild Binary and Structured Log
324 | *.binlog
325 |
326 | # NVidia Nsight GPU debugger configuration file
327 | *.nvuser
328 |
329 | # MFractors (Xamarin productivity tool) working folder
330 | .mfractor/
331 | .DS_Store
332 |
--------------------------------------------------------------------------------
/ADIDNSRecords.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.28922.388
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "ADIDNSRecords", "ADIDNSRecords\ADIDNSRecords.csproj", "{87DEA353-9F63-4178-B68D-6BC1675570B5}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Release|Any CPU = Release|Any CPU
12 | EndGlobalSection
13 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | {87DEA353-9F63-4178-B68D-6BC1675570B5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
15 | {87DEA353-9F63-4178-B68D-6BC1675570B5}.Debug|Any CPU.Build.0 = Debug|Any CPU
16 | {87DEA353-9F63-4178-B68D-6BC1675570B5}.Release|Any CPU.ActiveCfg = Release|Any CPU
17 | {87DEA353-9F63-4178-B68D-6BC1675570B5}.Release|Any CPU.Build.0 = Release|Any CPU
18 | EndGlobalSection
19 | GlobalSection(SolutionProperties) = preSolution
20 | HideSolutionNode = FALSE
21 | EndGlobalSection
22 | GlobalSection(ExtensibilityGlobals) = postSolution
23 | SolutionGuid = {8453153D-0D37-4F56-99B4-262EC3929EC2}
24 | EndGlobalSection
25 | EndGlobal
26 |
--------------------------------------------------------------------------------
/ADIDNSRecords/ADIDNSRecords.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {87DEA353-9F63-4178-B68D-6BC1675570B5}
8 | Exe
9 | ADIDNSRecords
10 | ADIDNSRecords
11 | v4.5
12 | 512
13 | true
14 |
15 |
16 | AnyCPU
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 |
25 |
26 | AnyCPU
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 |
34 |
35 |
36 |
37 |
38 |
39 |
40 |
41 |
42 |
43 |
44 |
45 |
46 |
47 |
48 |
--------------------------------------------------------------------------------
/ADIDNSRecords/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.DirectoryServices;
3 | using System.Net;
4 | using System.Collections.Generic;
5 |
6 | namespace ADIDNSRecords
7 | {
8 | public class Program
9 | {
10 | public static Dictionary hostList = new Dictionary();
11 | public static List privhostList = new List();
12 | //Print Tombstoned records
13 | public static bool printTombstoned = false;
14 |
15 | public static void Main(string[] args)
16 | {
17 |
18 | DirectoryEntry rootEntry = new DirectoryEntry("LDAP://rootDSE");
19 |
20 | //Current domain DN
21 | string dDn = (string)rootEntry.Properties["defaultNamingContext"].Value;
22 |
23 | //Current forest DN
24 | string fDn = (string)rootEntry.Properties["rootDomainNamingContext"].Value;
25 |
26 | //domain dns Dn
27 | string dDnsDn = "DC=DomainDnsZones,";//not searching from here "CN=MicrosoftDNS,DC=DomainDnsZones,";
28 |
29 | //forest dns Dn
30 | string fDnsDn = "DC=ForestDnsZones,";
31 |
32 | string dDnsRoot = dDnsDn + dDn;
33 |
34 | string fDnsRoot = fDnsDn + fDn;
35 |
36 | string domainName = dDn.Replace("DC=", "").Replace(",", ".");
37 | string forestName = fDn.Replace("DC=", "").Replace(",", ".");
38 |
39 |
40 |
41 | if (args.Length > 0)
42 | {
43 | if (args[0].ToLower() == "all")
44 | {
45 | printTombstoned = true;
46 | }
47 | }
48 |
49 | Console.WriteLine("\n[-] Seaching in Domain: {0}", domainName);
50 | try
51 | {
52 | GetDNS(domainName, dDnsDn, dDnsRoot, printTombstoned);
53 | }
54 | catch
55 | {
56 | Console.WriteLine("DomainDnsZones does not exist on the server.");
57 | }
58 |
59 | Console.WriteLine("\n[-] Seaching in Forest: {0}", forestName);
60 | try
61 | {
62 | GetDNS(forestName, fDnsDn, fDnsRoot, printTombstoned);
63 | }
64 | catch (Exception e)
65 | {
66 | Console.WriteLine(e.Message);
67 | }
68 |
69 |
70 | Console.WriteLine();
71 | }
72 |
73 |
74 | //Retrieve IP from DNS
75 | public static void GetIP(string hostname)
76 | {
77 | try
78 | {
79 | IPHostEntry ipEntry = Dns.GetHostEntry(hostname);
80 |
81 | Console.WriteLine(" {0,-40} {1,-40}", hostname, ipEntry.AddressList[0]);
82 | }
83 | catch (Exception)
84 | {
85 | if (printTombstoned)
86 | {
87 | Console.WriteLine(" {0,-40} {1,-40}", hostname, "Tombstone");
88 | }
89 | }
90 | }
91 |
92 |
93 | //Retrieve IP from LDAP dnsRecord
94 | public static void ResolveDNSRecord(string hostname, byte[] dnsByte)
95 | {
96 | var rdatatype = dnsByte[2];
97 |
98 | string ip = null;
99 |
100 | if (rdatatype == 1)
101 | {
102 | ip = dnsByte[24] + "." + dnsByte[25] + "." + dnsByte[26] + "." + dnsByte[27];
103 | }
104 | Console.WriteLine(" {0,-40} {1,-40}", hostname,ip);
105 |
106 | }
107 |
108 |
109 |
110 | //FQN : domain.local
111 | //dnsDn : DC=ForestDnsZones,
112 | //dnsRoot : DC=ForestDnsZones,DC=domain,DC=local
113 | //bool : true (include tomstoned records or not)
114 | public static void GetDNS(string FQN, string dnsDn, string dnsRoot, bool printTombstoned)
115 | {
116 | string hostname = null;
117 |
118 | DirectoryEntry entry = new DirectoryEntry("LDAP://" + FQN + "/" + dnsRoot);
119 |
120 | //Find DNS Zones
121 | String queryZones = @"(&(objectClass=dnsZone)(!(DC=*arpa))(!(DC=RootDNSServers)))";
122 |
123 | DirectorySearcher searchZones = new DirectorySearcher(entry, queryZones);
124 |
125 | searchZones.SearchScope = SearchScope.Subtree;
126 |
127 | foreach (SearchResult zone in searchZones.FindAll())
128 | {
129 | Console.WriteLine("----------------------------------------------------------");
130 |
131 | Console.WriteLine(" * Dns Zone: " + zone.Properties["Name"][0]);
132 |
133 | DirectoryEntry zoneEntry = new DirectoryEntry(zone.Path);
134 |
135 | //excluding objects that have been removed
136 | String queryRecord = @"(&(objectClass=*)(!(DC=@))(!(DC=*DnsZones))(!(DC=*arpa))(!(DC=_*))(!dNSTombstoned=TRUE))";
137 |
138 | DirectorySearcher searchRecord = new DirectorySearcher(zoneEntry, queryRecord);
139 |
140 | searchRecord.SearchScope = SearchScope.OneLevel;
141 |
142 | foreach (SearchResult record in searchRecord.FindAll())
143 | {
144 | if (record.Properties.Contains("dnsRecord"))
145 | {
146 | if (record.Properties["dnsRecord"][0] is byte[])
147 | {
148 | var dnsByte = ((byte[])record.Properties["dnsRecord"][0]);
149 | var key = record.Properties["DC"][0] + "." + FQN;
150 | if (!hostList.ContainsKey(key))
151 | {
152 | hostList.Add(key, dnsByte);
153 | }
154 |
155 | }
156 | }
157 | //No permission to view records
158 | else
159 | {
160 | string DN = ",CN=MicrosoftDNS," + dnsDn;
161 |
162 | int end = record.Path.IndexOf(DN);
163 |
164 | string ldapheader = "LDAP://" + FQN + "/";
165 |
166 | hostname = record.Path.Substring(0, end).Replace(ldapheader, "").Replace("DC=", "").Replace(",", ".");
167 | if (!privhostList.Contains(hostname))
168 | {
169 | privhostList.Add(hostname);
170 | }
171 | }
172 | }
173 | }
174 |
175 | //Iterating each entry
176 | foreach (KeyValuePair host in hostList)
177 | {
178 | ResolveDNSRecord(host.Key, host.Value);
179 | }
180 | foreach (var host in privhostList)
181 | {
182 | GetIP(host);
183 | }
184 | }
185 | }
186 | }
--------------------------------------------------------------------------------
/ADIDNSRecords/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // General Information about an assembly is controlled through the following
6 | // set of attributes. Change these attribute values to modify the information
7 | // associated with an assembly.
8 | [assembly: AssemblyTitle("ADIDNSRecords")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("ADIDNSRecords")]
13 | [assembly: AssemblyCopyright("Copyright © 2019")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // Setting ComVisible to false makes the types in this assembly not visible
18 | // to COM components. If you need to access a type in this assembly from
19 | // COM, set the ComVisible attribute to true on that type.
20 | [assembly: ComVisible(false)]
21 |
22 | // The following GUID is for the ID of the typelib if this project is exposed to COM
23 | [assembly: Guid("87dea353-9f63-4178-b68d-6bc1675570b5")]
24 |
25 | // Version information for an assembly consists of the following four values:
26 | //
27 | // Major Version
28 | // Minor Version
29 | // Build Number
30 | // Revision
31 | //
32 | // You can specify all the values or you can default the Build and Revision Numbers
33 | // by using the '*' as shown below:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
1 | BSD 3-Clause License
2 |
3 | Copyright (c) 2019, dev2null
4 | All rights reserved.
5 |
6 | Redistribution and use in source and binary forms, with or without
7 | modification, are permitted provided that the following conditions are met:
8 |
9 | 1. Redistributions of source code must retain the above copyright notice, this
10 | list of conditions and the following disclaimer.
11 |
12 | 2. Redistributions in binary form must reproduce the above copyright notice,
13 | this list of conditions and the following disclaimer in the documentation
14 | and/or other materials provided with the distribution.
15 |
16 | 3. Neither the name of the copyright holder nor the names of its
17 | contributors may be used to endorse or promote products derived from
18 | this software without specific prior written permission.
19 |
20 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
21 | AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22 | IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23 | DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
24 | FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25 | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
26 | SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
27 | CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
28 | OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
29 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # ADIDNSRecords
2 | ADIDNSRecords is an alternative C# Implementation tool to retrieve Active Directory Integrated DNS records with IP addresses, it is based on [@_dirkjan](https://twitter.com/_dirkjan)'s research "Getting in the Zone: dumping Active Directory DNS using adidnsdump".
3 |
4 | It is also inspired by [SharpAdidnsdump](https://github.com/b4rtik/SharpAdidnsdump) project implemented by [@b4rtik](https://twitter.com/b4rtik).
5 |
6 | For more technical information, please read his amazing post here:
7 |
8 | https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
9 |
10 | ## Searching in the ADIDNS
11 | It will retrieve DNS records from the Application Partition (***DomainDnsZones** and **ForestDnsZones**).
12 |
13 |
14 |
15 | ## DNS Records
16 | List DNS records retrieved from the Active Directory Integrated DNS and get corresponding IP addresses:
17 | ```bat
18 | .\ADIDNSRecords
19 | ```
20 |
21 | List all (including Tombstoned) DNS records with IP addresses:
22 | ```bat
23 | .\ADIDNSRecords all
24 | ```
25 |
26 |
27 |
28 | # References
29 | * https://dirkjanm.io/getting-in-the-zone-dumping-active-directory-dns-with-adidnsdump/
30 | * https://github.com/dirkjanm/adidnsdump
31 | * https://github.com/b4rtik/SharpAdidnsdump
32 |
33 |
--------------------------------------------------------------------------------