├── GetInfo4.0
├── obj
│ ├── Release
│ │ ├── GetInfo4.0.csproj.AssemblyReference.cache
│ │ ├── GetInfo4.0.csproj.CoreCompileInputs.cache
│ │ ├── GetInfo4.0.exe
│ │ ├── GetInfo4.0.pdb
│ │ ├── Interop.Shell32.dll
│ │ ├── GetInfo4.0.csproj.ResolveComReference.cache
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ │ └── GetInfo4.0.csproj.FileListAbsolute.txt
│ ├── Debug
│ │ ├── GetInfo4.0.csproj.CoreCompileInputs.cache
│ │ ├── GetInfo4.0.exe
│ │ ├── GetInfo4.0.pdb
│ │ ├── Interop.Shell32.dll
│ │ ├── GetInfo4.0.csproj.AssemblyReference.cache
│ │ ├── GetInfo4.0.csproj.ResolveComReference.cache
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ │ └── GetInfo4.0.csproj.FileListAbsolute.txt
│ └── x64
│ │ └── Release
│ │ ├── GetInfo4.0.csproj.CoreCompileInputs.cache
│ │ ├── GetInfo4.0.exe
│ │ ├── GetInfo4.0.pdb
│ │ ├── Interop.Shell32.dll
│ │ ├── GetInfo4.0.csproj.AssemblyReference.cache
│ │ ├── GetInfo4.0.csproj.ResolveComReference.cache
│ │ ├── DesignTimeResolveAssemblyReferencesInput.cache
│ │ ├── .NETFramework,Version=v4.0.AssemblyAttributes.cs
│ │ └── GetInfo4.0.csproj.FileListAbsolute.txt
├── bin
│ ├── Debug
│ │ ├── GetInfo4.0.exe
│ │ └── GetInfo4.0.pdb
│ ├── Release
│ │ ├── GetInfo4.0.exe
│ │ └── GetInfo4.0.pdb
│ └── x64
│ │ └── Release
│ │ ├── GetInfo4.0.exe
│ │ └── GetInfo4.0.pdb
├── Gpo.cs
├── Properties
│ └── AssemblyInfo.cs
├── Netapi32.cs
├── zerologoncheck.cs
├── internet.cs
├── GetInfo4.0.csproj
├── reg.cs
├── Rdpconnt.cs
├── domain.cs
└── Program.cs
├── image
├── image-20220124162832054.png
├── image-20220124162848068.png
└── image-20220124162904041.png
├── README
├── image-20220124162832054.png
├── image-20220124162848068.png
└── image-20220124162904041.png
├── README.md
└── GetInfo4.0.sln
/GetInfo4.0/obj/Release/GetInfo4.0.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
1 | MBRSC������
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | c4e038644de4aa2858028da97aacc0c1e83e69d7
2 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/GetInfo4.0.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 2229c2427618de53e3f4bcf9cdddb87405dbf7be
2 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.CoreCompileInputs.cache:
--------------------------------------------------------------------------------
1 | 691b73c760bc773936531729cc5248d05ac8b2ac
2 |
--------------------------------------------------------------------------------
/image/image-20220124162832054.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/image/image-20220124162832054.png
--------------------------------------------------------------------------------
/image/image-20220124162848068.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/image/image-20220124162848068.png
--------------------------------------------------------------------------------
/image/image-20220124162904041.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/image/image-20220124162904041.png
--------------------------------------------------------------------------------
/GetInfo4.0/bin/Debug/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/Debug/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/bin/Debug/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/Debug/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/README/image-20220124162832054.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/README/image-20220124162832054.png
--------------------------------------------------------------------------------
/README/image-20220124162848068.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/README/image-20220124162848068.png
--------------------------------------------------------------------------------
/README/image-20220124162904041.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/README/image-20220124162904041.png
--------------------------------------------------------------------------------
/GetInfo4.0/bin/Release/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/Release/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/bin/Release/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/Release/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Release/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Release/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/Interop.Shell32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/Interop.Shell32.dll
--------------------------------------------------------------------------------
/GetInfo4.0/bin/x64/Release/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/x64/Release/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/bin/x64/Release/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/bin/x64/Release/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/Interop.Shell32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Release/Interop.Shell32.dll
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/GetInfo4.0.exe
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/GetInfo4.0.pdb
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/Interop.Shell32.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/Interop.Shell32.dll
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.ResolveComReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.ResolveComReference.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Debug/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/GetInfo4.0.csproj.ResolveComReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Release/GetInfo4.0.csproj.ResolveComReference.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.AssemblyReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.AssemblyReference.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.ResolveComReference.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.ResolveComReference.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dqcostin/SharpGetinfo/HEAD/GetInfo4.0/obj/x64/Release/DesignTimeResolveAssemblyReferencesInput.cache
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/.NETFramework,Version=v4.0.AssemblyAttributes.cs:
--------------------------------------------------------------------------------
1 | //
2 | using System;
3 | using System.Reflection;
4 | [assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.0", FrameworkDisplayName = ".NET Framework 4")]
5 |
--------------------------------------------------------------------------------
/GetInfo4.0/Gpo.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using
6 |
7 | namespace GetInfo4._0
8 | {
9 | class Gpo
10 | {
11 | public static void Gpo_pass()
12 | {
13 | GetInfo.Program.RunCMDCommand("cmd", "whoami");
14 | }
15 | }
16 | }
17 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | ## 简介
2 |
3 | 用c#编写的一款关于工作组和域信息收集的工具,收集包括.net版本、IP信息、网络连接状态、历史RDP的内外连、回收站信息、杀软等,域内信息收集域控的FQDN以及IP、域管理员组、域企业管理员组等信息,并自动化探测域控是否有ZeroLogon漏洞。
4 | ## 用法:
5 |
6 | 直接运行
7 |
8 | ```
9 | .\SharpGetinfo.exe
10 | ```
11 | 建议在CS上使用内存加载的方式运行,更舒服
12 |
13 | 如果存在域,当工作组信息收集完成后,会继续收集域内信息,如果当前不存在域,那么会结束工作组的信息收集
14 |
15 | ## 运行截图
16 |
17 | 
18 |
19 | 
20 |
21 | 
22 |
23 | ## 参考链接
24 |
25 | https://github.com/CPO-EH/CVE-2020-1472_ZeroLogonChecker
26 |
27 | https://github.com/Heart-Sky/ListRDPConnections
28 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Debug/GetInfo4.0.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\Debug\GetInfo4.0.exe
2 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\Debug\GetInfo4.0.pdb
3 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\GetInfo4.0.csproj.AssemblyReference.cache
4 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\Interop.Shell32.dll
5 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\GetInfo4.0.csproj.ResolveComReference.cache
6 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\GetInfo4.0.csproj.CoreCompileInputs.cache
7 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\GetInfo4.0.exe
8 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Debug\GetInfo4.0.pdb
9 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/Release/GetInfo4.0.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\Release\GetInfo4.0.exe
2 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\Release\GetInfo4.0.pdb
3 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\GetInfo4.0.csproj.AssemblyReference.cache
4 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\Interop.Shell32.dll
5 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\GetInfo4.0.csproj.ResolveComReference.cache
6 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\GetInfo4.0.csproj.CoreCompileInputs.cache
7 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\GetInfo4.0.exe
8 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\Release\GetInfo4.0.pdb
9 |
--------------------------------------------------------------------------------
/GetInfo4.0/obj/x64/Release/GetInfo4.0.csproj.FileListAbsolute.txt:
--------------------------------------------------------------------------------
1 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\x64\Release\GetInfo4.0.exe
2 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\bin\x64\Release\GetInfo4.0.pdb
3 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\Interop.Shell32.dll
4 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\GetInfo4.0.csproj.ResolveComReference.cache
5 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\GetInfo4.0.csproj.CoreCompileInputs.cache
6 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\GetInfo4.0.exe
7 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\GetInfo4.0.pdb
8 | C:\Users\costin\source\repos\GetInfo4.0\GetInfo4.0\obj\x64\Release\GetInfo4.0.csproj.AssemblyReference.cache
9 |
--------------------------------------------------------------------------------
/GetInfo4.0/Properties/AssemblyInfo.cs:
--------------------------------------------------------------------------------
1 | using System.Reflection;
2 | using System.Runtime.CompilerServices;
3 | using System.Runtime.InteropServices;
4 |
5 | // 有关程序集的一般信息由以下
6 | // 控制。更改这些特性值可修改
7 | // 与程序集关联的信息。
8 | [assembly: AssemblyTitle("GetInfo4.0")]
9 | [assembly: AssemblyDescription("")]
10 | [assembly: AssemblyConfiguration("")]
11 | [assembly: AssemblyCompany("")]
12 | [assembly: AssemblyProduct("GetInfo4.0")]
13 | [assembly: AssemblyCopyright("Copyright © 2021")]
14 | [assembly: AssemblyTrademark("")]
15 | [assembly: AssemblyCulture("")]
16 |
17 | // 将 ComVisible 设置为 false 会使此程序集中的类型
18 | //对 COM 组件不可见。如果需要从 COM 访问此程序集中的类型
19 | //请将此类型的 ComVisible 特性设置为 true。
20 | [assembly: ComVisible(false)]
21 |
22 | // 如果此项目向 COM 公开,则下列 GUID 用于类型库的 ID
23 | [assembly: Guid("8587c9bd-aa95-4825-976b-fceb8b6a453f")]
24 |
25 | // 程序集的版本信息由下列四个值组成:
26 | //
27 | // 主版本
28 | // 次版本
29 | // 生成号
30 | // 修订号
31 | //
32 | //可以指定所有这些值,也可以使用“生成号”和“修订号”的默认值
33 | //通过使用 "*",如下所示:
34 | // [assembly: AssemblyVersion("1.0.*")]
35 | [assembly: AssemblyVersion("1.0.0.0")]
36 | [assembly: AssemblyFileVersion("1.0.0.0")]
37 |
--------------------------------------------------------------------------------
/GetInfo4.0.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.31410.357
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "GetInfo4.0", "GetInfo4.0\GetInfo4.0.csproj", "{8587C9BD-AA95-4825-976B-FCEB8B6A453F}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|Any CPU = Debug|Any CPU
11 | Debug|x64 = Debug|x64
12 | Release|Any CPU = Release|Any CPU
13 | Release|x64 = Release|x64
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
17 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Debug|Any CPU.Build.0 = Debug|Any CPU
18 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Debug|x64.ActiveCfg = Debug|x64
19 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Debug|x64.Build.0 = Debug|x64
20 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Release|Any CPU.ActiveCfg = Release|Any CPU
21 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Release|Any CPU.Build.0 = Release|Any CPU
22 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Release|x64.ActiveCfg = Release|x64
23 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}.Release|x64.Build.0 = Release|x64
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {5809008F-23B0-4465-A18C-DD3CAE5DF64D}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/GetInfo4.0/Netapi32.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Runtime.InteropServices;
3 |
4 | namespace GetInfo
5 | {
6 | internal class Netapi32
7 | {
8 | public enum NETLOGON_SECURE_CHANNEL_TYPE : int
9 | {
10 | NullSecureChannel = 0,
11 | MsvApSecureChannel = 1,
12 | WorkstationSecureChannel = 2,
13 | TrustedDnsDomainSecureChannel = 3,
14 | TrustedDomainSecureChannel = 4,
15 | UasServerSecureChannel = 5,
16 | ServerSecureChannel = 6
17 | }
18 |
19 | [StructLayout(LayoutKind.Explicit, Size = 516)]
20 | public struct NL_TRUST_PASSWORD
21 | {
22 | [FieldOffset(0)]
23 | public ushort Buffer;
24 |
25 | [FieldOffset(512)]
26 | public uint Length;
27 | }
28 |
29 | [StructLayout(LayoutKind.Explicit, Size = 12)]
30 | public struct NETLOGON_AUTHENTICATOR
31 | {
32 | [FieldOffset(0)]
33 | public NETLOGON_CREDENTIAL Credential;
34 |
35 | [FieldOffset(8)]
36 | public uint Timestamp;
37 | }
38 |
39 | [StructLayout(LayoutKind.Sequential)]
40 | public struct NETLOGON_CREDENTIAL
41 | {
42 | public sbyte data;
43 | }
44 |
45 | [DllImport("netapi32.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
46 | public static extern int I_NetServerReqChallenge(
47 | string PrimaryName,
48 | string ComputerName,
49 | ref NETLOGON_CREDENTIAL ClientChallenge,
50 | ref NETLOGON_CREDENTIAL ServerChallenge
51 | );
52 |
53 | [DllImport("netapi32.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
54 | public static extern int I_NetServerAuthenticate2(
55 | string PrimaryName,
56 | string AccountName,
57 | NETLOGON_SECURE_CHANNEL_TYPE AccountType,
58 | string ComputerName,
59 | ref NETLOGON_CREDENTIAL ClientCredential,
60 | ref NETLOGON_CREDENTIAL ServerCredential,
61 | ref ulong NegotiateFlags
62 | );
63 |
64 | [DllImport("netapi32.dll", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode)]
65 | public static extern int I_NetServerPasswordSet2(
66 | string PrimaryName,
67 | string AccountName,
68 | NETLOGON_SECURE_CHANNEL_TYPE AccountType,
69 | string ComputerName,
70 | ref NETLOGON_AUTHENTICATOR Authenticator,
71 | out NETLOGON_AUTHENTICATOR ReturnAuthenticator,
72 | ref NL_TRUST_PASSWORD ClearNewPassword
73 | );
74 | }
75 | }
--------------------------------------------------------------------------------
/GetInfo4.0/zerologoncheck.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using static GetInfo.Netapi32;
3 | using System.Net.NetworkInformation;
4 | using System.DirectoryServices;
5 | using System.DirectoryServices.ActiveDirectory;
6 | using System.Net.Sockets;
7 | using System.Net;
8 | namespace GetInfo
9 | {
10 | class ZeroLogon
11 | {
12 | public static void ZeroLogonCheck()
13 | {
14 | Console.WriteLine("探测是否存在ZeroLogon漏洞,请等待...");
15 | IPGlobalProperties ipGlobalProperties = IPGlobalProperties.GetIPGlobalProperties();
16 | //string hostName = ipGlobalProperties.HostName;
17 | //string domainName = ipGlobalProperties.DomainName;
18 |
19 | //string Remote_Host = hostName + "." + domainName;
20 | // Console.WriteLine(Remote_Host);
21 | //Console.WriteLine("\n");
22 |
23 | DirectoryEntry dirEntry = new DirectoryEntry("LDAP://rootDSE");
24 | string Remote_Host = dirEntry.Properties["dnsHostname"].Value.ToString();
25 | Console.WriteLine("[+]域控的FQDN:" + Remote_Host);
26 | string Remote_HostName = Remote_Host.Split('.')[0];
27 |
28 | //string Remote_HostName = hostName;
29 | //Console.WriteLine(Remote_HostName);
30 | NETLOGON_CREDENTIAL ClientChallenge = new NETLOGON_CREDENTIAL();
31 | NETLOGON_CREDENTIAL ServerChallenge = new NETLOGON_CREDENTIAL();
32 |
33 | ulong NegotiateFlags = 0x212fffff;
34 |
35 | int counter = 0;
36 |
37 | for (int i = 0; i < 2000; i++)
38 | {
39 | counter++;
40 | switch (counter % 4)
41 | {
42 | case 0: Console.Write(" /"); counter = 0; break;
43 | case 1: Console.Write(" -"); break;
44 | case 2: Console.Write(" \\"); break;
45 | case 3: Console.Write(" |"); break;
46 | }
47 |
48 |
49 | if (I_NetServerReqChallenge(Remote_Host, Remote_HostName, ref ClientChallenge, ref ServerChallenge) != 0)
50 | {
51 | Console.WriteLine("[-] Could not complete server challenge. Could be invalid name provided or network issues\n");
52 | return;
53 | }
54 |
55 | if (I_NetServerAuthenticate2(Remote_Host, Remote_HostName + "$", NETLOGON_SECURE_CHANNEL_TYPE.ServerSecureChannel,
56 | Remote_HostName, ref ClientChallenge, ref ServerChallenge, ref NegotiateFlags) == 0)
57 | {
58 | Console.WriteLine("[+] DC is vulnerable to Zerologon attack.\n");
59 | return;
60 | }
61 | }
62 | Console.WriteLine("\n[-] DC appear to not be vulnerable to Zerologon attack.\n");
63 |
64 | }
65 |
66 | }
67 | }
--------------------------------------------------------------------------------
/GetInfo4.0/internet.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections;
3 | using System.Net;
4 | using System.Net.NetworkInformation;
5 |
6 | namespace GetInfo
7 | {
8 |
9 | class internet
10 | {
11 | public static void Internet()
12 | {
13 | // 本地计算机属性
14 | IPGlobalProperties computerProperties = IPGlobalProperties.GetIPGlobalProperties();
15 | string hostName = computerProperties.HostName;
16 | string domainName = computerProperties.DomainName;
17 | Console.WriteLine("Interface host name : {0}", hostName);
18 | Console.WriteLine("Interface domain name : {0}", domainName);
19 | // 获取到当前计算机的网络接口数组
20 | NetworkInterface[] adapters = NetworkInterface.GetAllNetworkInterfaces();
21 | if (adapters == null || adapters.Length < 1)
22 | {
23 | Console.WriteLine("计算机没有网络接口被发现.");
24 | return;
25 | }
26 | else
27 | {
28 | int number = adapters.Length;
29 | Console.WriteLine("发现{0}个网络接口 ", number);
30 | }
31 | // 遍历网络接口数组
32 | foreach (NetworkInterface adapter in adapters)
33 | {
34 | if (!adapter.Supports(NetworkInterfaceComponent.IPv4))
35 | {
36 | // 如果不支持 IPV4版本
37 | continue;
38 | }
39 | // 网络接口对象
40 | IPInterfaceProperties properties = adapter.GetIPProperties();
41 | // 网络接口名称
42 | string name = adapter.Name;
43 | // 网络接口类型
44 | NetworkInterfaceType interfaceType = adapter.NetworkInterfaceType;
45 | // 获取到屋里地址
46 | Console.WriteLine("接口名称:{0}", name);
47 | Console.WriteLine("接口类型:{0}", interfaceType);
48 |
49 | IPInterfaceProperties adapterProperties = adapter.GetIPProperties();
50 | try
51 | {
52 | // 所有的配置的IP地址集合
53 | UnicastIPAddressInformationCollection uipAddrs = adapterProperties.UnicastAddresses;
54 | IEnumerator uipAddrEnum = uipAddrs.GetEnumerator();
55 | Console.Write("IP地址:");
56 | while (uipAddrEnum.MoveNext())
57 | {
58 | UnicastIPAddressInformation uipAddr = (UnicastIPAddressInformation)uipAddrEnum.Current;
59 | Console.Write(uipAddr.Address.ToString() + " ");
60 | }
61 | Console.WriteLine();
62 |
63 |
64 | // 所有的DHCP获取的地址集合
65 |
66 | // 所有的网关地址集合
67 |
68 | // 所有的DNS地址集合
69 | IPAddressCollection ndsAddrs = adapterProperties.DnsAddresses;
70 | IEnumerator ndsAddrEnum = ndsAddrs.GetEnumerator();
71 | Console.Write("DNS地址:");
72 | while (ndsAddrEnum.MoveNext())
73 | {
74 | IPAddress dnsAddr = (IPAddress)ndsAddrEnum.Current;
75 | Console.Write(dnsAddr.ToString() + " ");
76 | }
77 | Console.WriteLine();
78 | }
79 | catch (Exception ex)
80 | {
81 | Console.WriteLine("exception : {0}", ex);
82 | }
83 |
84 | // 网络接口的物理地址
85 |
86 |
87 | Console.WriteLine("\n");
88 | }
89 | }
90 | }
91 | }
92 |
--------------------------------------------------------------------------------
/GetInfo4.0/GetInfo4.0.csproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | AnyCPU
7 | {8587C9BD-AA95-4825-976B-FCEB8B6A453F}
8 | Exe
9 | GetInfo4._0
10 | GetInfo4.0
11 | v4.0
12 | 512
13 | true
14 |
15 |
16 | AnyCPU
17 | true
18 | full
19 | false
20 | bin\Debug\
21 | DEBUG;TRACE
22 | prompt
23 | 4
24 |
25 |
26 | AnyCPU
27 | pdbonly
28 | true
29 | bin\Release\
30 | TRACE
31 | prompt
32 | 4
33 |
34 |
35 | true
36 | bin\x64\Debug\
37 | DEBUG;TRACE
38 | full
39 | x64
40 | 7.3
41 | prompt
42 |
43 |
44 | bin\x64\Release\
45 | TRACE
46 | true
47 | pdbonly
48 | x64
49 | 7.3
50 | prompt
51 |
52 |
53 |
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 | {50A7E9B0-70EF-11D1-B75A-00A0C90564FE}
76 | 1
77 | 0
78 | 0
79 | tlbimp
80 | False
81 | True
82 |
83 |
84 |
85 |
--------------------------------------------------------------------------------
/GetInfo4.0/reg.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using Microsoft.Win32;
3 | using System.Runtime.InteropServices;
4 |
5 |
6 | public class RegistryInterop
7 | {
8 | [StructLayout(LayoutKind.Sequential)]
9 | private struct LUID
10 | {
11 | public uint LowPart;
12 | public int HighPart;
13 | }
14 |
15 | [StructLayout(LayoutKind.Sequential)]
16 | private struct LUID_AND_ATTRIBUTES
17 | {
18 | public LUID pLuid;
19 | public UInt32 Attributes;
20 | }
21 |
22 | [StructLayout(LayoutKind.Sequential, Pack = 1)]
23 | private struct TokPriv1Luid
24 | {
25 | public int Count;
26 | public LUID Luid;
27 | public UInt32 Attr;
28 | }
29 |
30 | private const Int32 ANYSIZE_ARRAY = 1;
31 | private const UInt32 SE_PRIVILEGE_ENABLED = 0x00000002;
32 | private const UInt32 TOKEN_ADJUST_PRIVILEGES = 0x0020;
33 | private const UInt32 TOKEN_QUERY = 0x0008;
34 |
35 | private const uint HKEY_USERS = 0x80000003;
36 | private const string SE_RESTORE_NAME = "SeRestorePrivilege";
37 | private const string SE_BACKUP_NAME = "SeBackupPrivilege";
38 |
39 | [DllImport("kernel32.dll")]
40 | static extern IntPtr GetCurrentProcess();
41 |
42 | [DllImport("advapi32.dll", SetLastError = true)]
43 | [return: MarshalAs(UnmanagedType.Bool)]
44 | static extern bool OpenProcessToken(IntPtr ProcessHandle, UInt32 DesiredAccess, out IntPtr TokenHandle);
45 |
46 | [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Auto)]
47 | [return: MarshalAs(UnmanagedType.Bool)]
48 | static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out LUID lpLuid);
49 |
50 | [DllImport("advapi32.dll", ExactSpelling = true, SetLastError = true)]
51 | static extern bool AdjustTokenPrivileges(
52 | IntPtr htok,
53 | bool disableAllPrivileges,
54 | ref TokPriv1Luid newState,
55 | int len,
56 | IntPtr prev,
57 | IntPtr relen);
58 |
59 | [DllImport("advapi32.dll", SetLastError = true)]
60 | static extern long RegLoadKey(UInt32 hKey, String lpSubKey, String lpFile);
61 |
62 | [DllImport("advapi32.dll", SetLastError = true)]
63 | static extern long RegUnLoadKey(UInt32 hKey, string lpSubKey);
64 |
65 | private static IntPtr _myToken;
66 | private static TokPriv1Luid _tokenPrivileges = new TokPriv1Luid();
67 | private static TokPriv1Luid _tokenPrivileges2 = new TokPriv1Luid();
68 |
69 | private static LUID _restoreLuid;
70 | private static LUID _backupLuid;
71 |
72 | public static void EnablePrivilege()
73 | {
74 | if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out _myToken))
75 | Console.WriteLine("OpenProcess Error");
76 |
77 | if (!LookupPrivilegeValue(null, SE_RESTORE_NAME, out _restoreLuid))
78 | Console.WriteLine("LookupPrivilegeValue Error");
79 |
80 | if (!LookupPrivilegeValue(null, SE_BACKUP_NAME, out _backupLuid))
81 | Console.WriteLine("LookupPrivilegeValue Error");
82 |
83 | _tokenPrivileges.Attr = SE_PRIVILEGE_ENABLED;
84 | _tokenPrivileges.Luid = _restoreLuid;
85 | _tokenPrivileges.Count = 1;
86 |
87 | _tokenPrivileges2.Attr = SE_PRIVILEGE_ENABLED;
88 | _tokenPrivileges2.Luid = _backupLuid;
89 | _tokenPrivileges2.Count = 1;
90 |
91 | if (!AdjustTokenPrivileges(_myToken, false, ref _tokenPrivileges, 0, IntPtr.Zero, IntPtr.Zero))
92 | Console.WriteLine("AdjustTokenPrivileges Error: " + Marshal.GetLastWin32Error());
93 |
94 | if (!AdjustTokenPrivileges(_myToken, false, ref _tokenPrivileges2, 0, IntPtr.Zero, IntPtr.Zero))
95 | Console.WriteLine("AdjustTokenPrivileges Error: " + Marshal.GetLastWin32Error());
96 | }
97 |
98 | public static string Load(string subkey, string file)
99 | {
100 | EnablePrivilege();
101 | long retVal = RegLoadKey(HKEY_USERS, subkey, file);
102 |
103 | return subkey;
104 | }
105 |
106 | public static void UnLoad(string subkey)
107 | {
108 | EnablePrivilege();
109 | long retVal = RegUnLoadKey(HKEY_USERS, subkey);
110 | }
111 | }
112 |
--------------------------------------------------------------------------------
/GetInfo4.0/Rdpconnt.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using Microsoft.Win32;
3 | using System.IO;
4 | using System.Collections.Generic;
5 | using System.Diagnostics.Eventing.Reader;
6 | using Microsoft.VisualBasic.Devices;
7 | using System.Xml;
8 | using System.Linq;
9 |
10 | namespace GetInfo
11 | {
12 | class ListRDPConnections
13 | {
14 | private static RegistryKey rk;
15 | private static string prefix = @"C:\Users\";
16 |
17 | private class Out
18 | {
19 | public string port;
20 | public string username;
21 |
22 | public Out(string v1, string v2)
23 | {
24 | port = v1;
25 | username = v2;
26 | }
27 | }
28 |
29 | private class Info
30 | {
31 | public int num;
32 | public string lastTime;
33 |
34 | public Info(int v1, string v2)
35 | {
36 | num = v1;
37 | lastTime = v2;
38 | }
39 | }
40 |
41 | public static void ListRDPOutConnections()
42 | {
43 | Console.WriteLine("[+] RDP外连:");
44 |
45 | List sids = new List(Registry.Users.GetSubKeyNames());
46 |
47 | // Load NTUSER.DAT
48 | foreach (string dic in Directory.GetDirectories(prefix))
49 | {
50 | try
51 | {
52 | string subkey = "S-123456789-" + dic.Replace(prefix, "");
53 | string sid = RegistryInterop.Load(subkey, $@"{dic}\NTUSER.DAT");
54 | sids.Add(sid);
55 | }
56 | catch
57 | {
58 | continue;
59 | }
60 | }
61 |
62 | // Dump RDP Connection History From Registry
63 | foreach (string sid in sids)
64 | {
65 | if (!sid.StartsWith("S-") || sid.EndsWith("Classes") || sid.Length < 10)
66 | continue;
67 |
68 | Dictionary history = GetRegistryValues(sid);
69 | PrintRDPOutHistory(history, sid);
70 |
71 | if (sid.StartsWith("S-123456789-"))
72 | {
73 | UnLoadHive(sid);
74 | }
75 | }
76 |
77 | // Dump RDP Connection History From RDP Files
78 | foreach (string dic in Directory.GetDirectories(prefix))
79 | {
80 | try
81 | {
82 | foreach (string file in Directory.GetFiles($@"{dic}\Documents\", "*.rdp"))
83 | {
84 | Dictionary history = GetRdpFileValues(file);
85 | PrintRDPOutHistory(history, file);
86 | }
87 | }
88 | catch
89 | {
90 | continue;
91 | }
92 | }
93 | }
94 |
95 | static void PrintRDPOutHistory(Dictionary values, string sid = "")
96 | {
97 | if (values.Count != 0)
98 | {
99 | Console.WriteLine($"{sid}:");
100 | foreach (var item in values)
101 | {
102 | string port = item.Value.port != "" ? ":" + item.Value.port : "";
103 | Console.WriteLine($"\t{item.Key}{port}\t{item.Value.username}");
104 | }
105 | Console.WriteLine();
106 | }
107 | }
108 |
109 | static void UnLoadHive(string sid)
110 | {
111 | if (sid.StartsWith("S-123456789-"))
112 | {
113 | RegistryInterop.UnLoad(sid);
114 | }
115 | }
116 |
117 | static string GetOSName()
118 | {
119 | return new ComputerInfo().OSFullName;
120 | }
121 |
122 | static Dictionary GetRegistryValues(string sid)
123 | {
124 | Dictionary values = new Dictionary();
125 | string baseKey = $@"{sid}\Software\Microsoft\Terminal Server Client\";
126 |
127 | try
128 | {
129 | // Default
130 | rk = Registry.Users.OpenSubKey(baseKey + "Default");
131 | foreach (string mru in rk.GetValueNames())
132 | {
133 | string port = "";
134 | string value = rk.GetValue(mru).ToString();
135 | string address = value.Split(':')[0];
136 | if (value.Contains(":"))
137 | {
138 | port = value.Split(':')[1];
139 | }
140 | values.Add(address, new Out(port, ""));
141 | }
142 | rk.Close();
143 |
144 | // Servers
145 | rk = Registry.Users.OpenSubKey(baseKey + "Servers");
146 | string[] addresses = rk.GetSubKeyNames();
147 | rk.Close();
148 | foreach (string address in addresses)
149 | {
150 | rk = Registry.Users.OpenSubKey($@"{baseKey}Servers\{address}");
151 | string user = rk.GetValue("UsernameHint").ToString();
152 | if (values.ContainsKey(address))
153 | {
154 | values[address].username = user;
155 | }
156 | rk.Close();
157 | }
158 | }
159 | catch
160 | {
161 | }
162 |
163 | return values;
164 | }
165 |
166 | static Dictionary GetRdpFileValues(string file)
167 | {
168 | Dictionary values = new Dictionary();
169 | string line;
170 | string addressStr = "full address:s:";
171 | string usernameStr = "username:s:";
172 | string address = "";
173 | string username = "";
174 | string port = "";
175 |
176 | try
177 | {
178 | StreamReader sr = new StreamReader(file);
179 | while (sr.Peek() >= 0)
180 | {
181 | line = sr.ReadLine();
182 | if (line.StartsWith(addressStr))
183 | {
184 | address = line.Replace(addressStr, "");
185 | }
186 | if (line.StartsWith(usernameStr))
187 | {
188 | username = line.Replace(usernameStr, "");
189 | }
190 | }
191 |
192 | if (address != "")
193 | {
194 | address = address.Split(':')[0];
195 | if (address.Contains(":"))
196 | {
197 | port = address.Split(':')[1];
198 | }
199 | values.Add(address, new Out(port, username));
200 | }
201 | }
202 | catch
203 | {
204 | }
205 |
206 | return values;
207 | }
208 |
209 | public static void ListRDPInConnections()
210 | {
211 | Console.WriteLine("[+] RDP内连:");
212 |
213 | string logTypeSuccess = "Microsoft-Windows-TerminalServices-LocalSessionManager/Operational";
214 | string logTypeAll = "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational";
215 | string querySuccess = "*[System/EventID=21] or *[System/EventID=25]";
216 | string queryAll = "*[System/EventID=1149]";
217 |
218 | var historySuccess = ListEventvwrRecords(logTypeSuccess, querySuccess).OrderByDescending(s => s.Value.num).ToDictionary(p => p.Key, p => p.Value);
219 | var historyAll = ListEventvwrRecords(logTypeAll, queryAll, true).OrderByDescending(s => s.Value.num).ToDictionary(p => p.Key, p => p.Value);
220 |
221 | Console.WriteLine("\t[+] 登录成功:");
222 | foreach (var item in historySuccess)
223 | {
224 | Console.WriteLine($"\t{item.Value.lastTime} {item.Value.num}\t{item.Key}");
225 | historyAll.Remove(item.Key);
226 | }
227 |
228 | Console.WriteLine("\t[+] 登录失败:");
229 | foreach (var item in historyAll)
230 | {
231 | Console.WriteLine($"\t{item.Value.lastTime} {item.Value.num}\t{item.Key}");
232 | }
233 | }
234 |
235 | static Dictionary ListEventvwrRecords(string logType, string query, bool flag = false)
236 | {
237 | Dictionary values = new Dictionary();
238 |
239 | var elQuery = new EventLogQuery(logType, PathType.LogName, query);
240 | var elReader = new EventLogReader(elQuery);
241 |
242 | for (EventRecord eventInstance = elReader.ReadEvent(); eventInstance != null; eventInstance = elReader.ReadEvent())
243 | {
244 | XmlDocument doc = new XmlDocument();
245 | doc.LoadXml(eventInstance.ToXml());
246 | XmlNodeList systemData = doc.FirstChild.FirstChild.ChildNodes;
247 | XmlNodeList userData = doc.FirstChild.LastChild.FirstChild.ChildNodes;
248 | string lastTime = systemData[7].Attributes.Item(0).InnerText.Remove(19);
249 | string user = userData[0].InnerText;
250 | string address = userData[2].InnerText;
251 |
252 | if (flag == true)
253 | {
254 | string domain = userData[1].InnerText;
255 | user = domain + (domain != "" ? "\\" : "") + user;
256 | }
257 | string value = $"{address}\t{user}";
258 |
259 | if (address != "本地")
260 | {
261 | if (!values.ContainsKey(value))
262 | {
263 | values.Add(value, new Info(1, lastTime));
264 | }
265 | else
266 | {
267 | values[value].num += 1;
268 | }
269 | }
270 | }
271 |
272 | return values;
273 | }
274 | }
275 | }
276 |
--------------------------------------------------------------------------------
/GetInfo4.0/domain.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.DirectoryServices;
6 |
7 |
8 | namespace GetInfo
9 | {
10 | class domain
11 | {
12 | public static void Domain()
13 | {
14 | try
15 | {
16 | string q = null;
17 | GetAllGroup();
18 | GetAllOu();
19 | GetAllAdmins();
20 | GetAllEnt();
21 | GetAllCollers();
22 | GetAllAdministrators();
23 | }
24 | catch (Exception e)
25 | {
26 | Console.WriteLine("[!] ERROR: {0}", e.Message);
27 | }
28 | }
29 | static void GetAllAdmins()
30 | {
31 | try
32 | {
33 | string q = null;
34 | q = "(&(objectClass=group)(cn=Domain Admins))";
35 | DirectoryEntry de = new DirectoryEntry();
36 | DirectorySearcher ds = new DirectorySearcher();
37 | ds.Filter = q;
38 | Console.WriteLine("\n[+]All Domain Admins");
39 | SearchResultCollection rs = ds.FindAll();
40 | foreach (SearchResult r in rs)
41 | {
42 | int domain_users_count = 0;
43 | string domain_users = "";
44 | int len = 0;
45 | domain_users_count = r.Properties["member"].Count;
46 | while (len < domain_users_count)
47 | {
48 | domain_users = r.Properties["member"][len].ToString();
49 | len++;
50 | if (domain_users.Contains("CN"))
51 | {
52 | Console.WriteLine(domain_users);
53 | }
54 | else
55 | {
56 | continue;
57 | }
58 | }
59 | }
60 | }
61 | catch (Exception e)
62 | {
63 | Console.WriteLine("[!] ERROR: {0}", e.Message);
64 | }
65 | }
66 | static void GetAllMachine()
67 | {
68 | try
69 | {
70 | string q = null;
71 | DirectoryEntry de = new DirectoryEntry();
72 | DirectorySearcher ds = new DirectorySearcher();
73 | ds.Filter = "(&(objectCategory=computer))";
74 | SearchResultCollection rs = ds.FindAll();
75 | Console.WriteLine("\n[+]All Domain Machine");
76 | foreach (SearchResult r in rs)
77 | {
78 | Console.WriteLine(r.GetDirectoryEntry().Name.ToString());
79 | }
80 | }
81 | catch (Exception e)
82 | {
83 | Console.WriteLine("[!] ERROR: {0}", e.Message);
84 | }
85 | }
86 | static void GetAllGroup()
87 | {
88 | try
89 | {
90 | string q = null;
91 | DirectoryEntry de = new DirectoryEntry();
92 | DirectorySearcher ds = new DirectorySearcher();
93 | ds.Filter = "(&(objectCategory=group))";
94 | SearchResultCollection rs = ds.FindAll();
95 | Console.WriteLine("\n[+]All Domain Groups");
96 | foreach (SearchResult r in rs)
97 | {
98 | Console.WriteLine(r.GetDirectoryEntry().Name.ToString());
99 | }
100 | }
101 | catch (Exception e)
102 | {
103 | Console.WriteLine("[!] ERROR: {0}", e.Message);
104 | }
105 | }
106 | static void GetAllOu()
107 | {
108 | try
109 | {
110 | string q = null;
111 | DirectoryEntry de = new DirectoryEntry();
112 | DirectorySearcher ds = new DirectorySearcher();
113 | ds.Filter = "(&(objectCategory=organizationalUnit))";
114 | SearchResultCollection rs = ds.FindAll();
115 | Console.WriteLine("\n[+]All Domain OU");
116 | foreach (SearchResult r in rs)
117 | {
118 | Console.WriteLine(r.GetDirectoryEntry().Name.ToString());
119 | }
120 | }
121 | catch (Exception e)
122 | {
123 | Console.WriteLine("[!] ERROR: {0}", e.Message);
124 | }
125 | }
126 | static void GetAllEnt()
127 | {
128 | try
129 | {
130 | string q = null;
131 | q = "(&(objectClass=group)(cn=Enterprise Admins))";
132 | DirectoryEntry de = new DirectoryEntry();
133 | DirectorySearcher ds = new DirectorySearcher();
134 | ds.Filter = q;
135 | Console.WriteLine("\n[+]All Domain Enterprise Admins");
136 | SearchResultCollection rs = ds.FindAll();
137 | foreach (SearchResult r in rs)
138 | {
139 | int domain_users_count = 0;
140 | string domain_users = "";
141 | int len = 0;
142 | domain_users_count = r.Properties["member"].Count;
143 | while (len < domain_users_count)
144 | {
145 | domain_users = r.Properties["member"][len].ToString();
146 | len++;
147 | if (domain_users.Contains("CN"))
148 | {
149 | Console.WriteLine(domain_users);
150 | }
151 | else
152 | {
153 | continue;
154 | }
155 | }
156 | }
157 | }
158 | catch (Exception e)
159 | {
160 | Console.WriteLine("[!] ERROR: {0}", e.Message);
161 | }
162 | }
163 | static void GetAllCollers()
164 | {
165 | try
166 | {
167 | string q = null;
168 | q = "(&(objectClass=group)(cn=Domain Controllers))";
169 | DirectoryEntry de = new DirectoryEntry();
170 | DirectorySearcher ds = new DirectorySearcher();
171 | ds.Filter = q;
172 | Console.WriteLine("\n[+]All Domain Controllers");
173 | SearchResultCollection rs = ds.FindAll();
174 | foreach (SearchResult r in rs)
175 | {
176 | int domain_users_count = 0;
177 | string domain_users = "";
178 | int len = 0;
179 | domain_users_count = r.Properties["member"].Count;
180 | while (len < domain_users_count)
181 | {
182 | domain_users = r.Properties["member"][len].ToString();
183 | len++;
184 | if (domain_users.Contains("CN"))
185 | {
186 | Console.WriteLine(domain_users);
187 | }
188 | else
189 | {
190 | continue;
191 | }
192 | }
193 | }
194 | }
195 | catch (Exception e)
196 | {
197 | Console.WriteLine("[!] ERROR: {0}", e.Message);
198 | }
199 | }
200 | static void GetAllAdministrators()
201 | {
202 | try
203 | {
204 | string q = null;
205 | q = "(&(objectClass=group)(cn=administrators))";
206 | DirectoryEntry de = new DirectoryEntry();
207 | DirectorySearcher ds = new DirectorySearcher();
208 | ds.Filter = q;
209 | Console.WriteLine("\n[+]All Domain Administrators");
210 | SearchResultCollection rs = ds.FindAll();
211 | foreach (SearchResult r in rs)
212 | {
213 | int domain_users_count = 0;
214 | string domain_users = "";
215 | int len = 0;
216 | domain_users_count = r.Properties["member"].Count;
217 | while (len < domain_users_count)
218 | {
219 | domain_users = r.Properties["member"][len].ToString();
220 | len++;
221 | if (domain_users.Contains("CN"))
222 | {
223 | Console.WriteLine(domain_users);
224 | }
225 | else
226 | {
227 | continue;
228 | }
229 | }
230 | }
231 | }
232 | catch (Exception e)
233 | {
234 | Console.WriteLine("[!] ERROR: {0}", e.Message);
235 | }
236 | }
237 | }
238 | }
--------------------------------------------------------------------------------
/GetInfo4.0/Program.cs:
--------------------------------------------------------------------------------
1 | using System;
2 | using System.Collections.Generic;
3 | using System.Linq;
4 | using System.Text;
5 | using System.Diagnostics;
6 | using System.IO;
7 | using Microsoft.Win32;
8 | using System.Threading;
9 | using System.Net.NetworkInformation;
10 | using System.Net;
11 | using System.Security.Principal;
12 | using System.Text.RegularExpressions;
13 | using System.Runtime.InteropServices;
14 | using Microsoft.VisualBasic.Devices;
15 | using Shell32;
16 | using System.DirectoryServices;
17 | using System.DirectoryServices.ActiveDirectory;
18 | using System.Net.Sockets;
19 | using System.Net;
20 |
21 |
22 |
23 | namespace GetInfo
24 | {
25 | class Program
26 | {
27 | public static void SystemInfo()
28 | {
29 | //获取系统信息
30 | Console.WriteLine("==========基本信息==========\n");
31 | var operating_system = Environment.OSVersion;
32 | IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties();
33 | Console.WriteLine("[+]机器名: " + Environment.MachineName);
34 | Console.WriteLine("[+]域名: " + Environment.UserDomainName);
35 | Console.WriteLine("[+]当前用户: " + Environment.UserName);
36 | Console.WriteLine("[+]NET版本: {0}", Environment.Version.ToString());
37 | Console.WriteLine("[+]操作系统:" + GetOSName()); //操作系统
38 | RunCMDCommand("[+]位数:", "wmic os get osarchitecture | findstr \"32 || 64\"");
39 | internet.Internet();
40 | RunCMDCommand("[+]存在特权(可利用):\n", "whoami /priv | findstr \"SeImpersonatePrivilege SeAssignPrimaryPrivilege SeTcbPrivilege SeBackupPrivilege SeRestorePrivilege SeCreateTokenPrivilege SeLoadDriverPrivilege SeTakeOwnershipPrivilege SeDebugPrivilege\"");
41 | RunCMDCommand("[+]存在用户:\n", "net user |findstr \"%username%\"");
42 | }
43 | public static void Domain_p() //调用Domain进行域内信息探测
44 | {
45 | IPGlobalProperties properties = IPGlobalProperties.GetIPGlobalProperties();
46 | if (properties.DomainName.Length > 0)
47 | {
48 | Console.WriteLine("\n[+]该主机存在域!域名为:{0}", properties.DomainName);
49 | DoIt();
50 | domain.Domain();
51 | Console.WriteLine("\n");
52 | ZeroLogon.ZeroLogonCheck();
53 | }
54 | else
55 | {
56 | Console.WriteLine("\n[-]该主机不在域内,工作组信息收集完成~~");
57 | }
58 | }
59 | public static void DoIt() //定位域控IP
60 | {
61 | DirectoryEntry dirEntry = new DirectoryEntry("LDAP://rootDSE");
62 | string dnsHostname = dirEntry.Properties["dnsHostname"].Value.ToString();
63 | Console.WriteLine("[+]域控FQDN:" + dnsHostname);
64 | IPAddress[] ipAddresses = Dns.GetHostAddresses(dnsHostname);
65 | Console.WriteLine("\n[+]域控IP为:");
66 | foreach (IPAddress i in ipAddresses)
67 | {
68 | Console.WriteLine(i);
69 | }
70 | }
71 | public static void RunCMDCommand(string commont, string command)
72 | {
73 | //运行系统命令函数
74 | Process CmdProcess = new Process();
75 | CmdProcess.StartInfo.FileName = "cmd.exe";
76 | CmdProcess.StartInfo.CreateNoWindow = true; // 不创建新窗口
77 | CmdProcess.StartInfo.UseShellExecute = false; //不启用shell启动进程
78 | CmdProcess.StartInfo.RedirectStandardInput = true; // 重定向输入
79 | CmdProcess.StartInfo.RedirectStandardOutput = true; // 重定向标准输出
80 | CmdProcess.StartInfo.RedirectStandardError = true; // 重定向错误输出
81 | CmdProcess.StartInfo.Arguments = "/c " + command; //“/C”表示执行完命令后马上退出
82 | CmdProcess.Start();//执行
83 |
84 |
85 | Console.WriteLine(commont + CmdProcess.StandardOutput.ReadToEnd());
86 |
87 | CmdProcess.WaitForExit();//等待程序执行完退出进程
88 |
89 | CmdProcess.Close();//结束
90 | }//命令执行函数
91 |
92 | public static void readregedit()
93 | {
94 | RegistryKey rk = Registry.LocalMachine;
95 | RegistryKey SYS = rk.OpenSubKey("system").OpenSubKey("CurrentControlSet").OpenSubKey("Control").OpenSubKey("Terminal Server");
96 | Console.WriteLine("[+] RDP信息:");
97 | foreach (string b in SYS.GetValueNames())//这里用shell.getvaluenames()不是shell.getsubkeynames()
98 | {
99 | string a = SYS.GetValue(b).ToString();
100 | if (b == "fDenyTSConnections")
101 | {
102 | string e = SYS.GetValue(b).ToString();
103 | int num = int.Parse(e);
104 | if (num == 1)
105 | {
106 | Console.WriteLine("\t[-]RDP未开启");
107 | }
108 | else
109 | {
110 | Console.WriteLine("\t[+]RDP开启");
111 | }
112 | }
113 |
114 | }
115 | }
116 | public static void Recent_files()
117 | {
118 | //最近使用的文件
119 | string recents = @"Microsoft\Windows\Recent";
120 | string userPath = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData);
121 | string recentsPath = Path.Combine(userPath, recents);
122 | DirectoryInfo di = new DirectoryInfo(recentsPath);
123 | Console.WriteLine("\n[+] 最近使用文件:" + recentsPath);
124 | foreach (var file in di.GetFiles())
125 | {
126 | Console.WriteLine("\t" + file.Name);
127 | }
128 | }
129 | public static void Network_Connentions()
130 | {
131 | //NETWORK CONNECTIONS 网络连接
132 | Console.WriteLine("\n[+] 网络连接状态:");
133 | IPGlobalProperties ipProperties = IPGlobalProperties.GetIPGlobalProperties();
134 | IPEndPoint[] endPoints = ipProperties.GetActiveTcpListeners();
135 | TcpConnectionInformation[] tcpConnections = ipProperties.GetActiveTcpConnections();
136 | foreach (TcpConnectionInformation info in tcpConnections)
137 | {
138 | String str = info.LocalEndPoint.Address.ToString();
139 | if (str.StartsWith("127.0.0.1"))
140 | {
141 | continue;
142 | }
143 | Console.WriteLine("\tLocal : " + info.LocalEndPoint.Address.ToString() + ":" + info.LocalEndPoint.Port.ToString() + " - Remote : " + info.RemoteEndPoint.Address.ToString() + ":" + info.RemoteEndPoint.Port.ToString());
144 | }
145 | }
146 | public static void AvProcessEDRproduct()
147 | {
148 | //杀软检测
149 | Process CmdProcess = new Process();
150 | CmdProcess.StartInfo.FileName = "cmd.exe";
151 | CmdProcess.StartInfo.CreateNoWindow = true; // 不创建新窗口
152 | CmdProcess.StartInfo.UseShellExecute = false; //不启用shell启动进程
153 | CmdProcess.StartInfo.RedirectStandardInput = true; // 重定向输入
154 | CmdProcess.StartInfo.RedirectStandardOutput = true; // 重定向标准输出
155 | CmdProcess.StartInfo.RedirectStandardError = true; // 重定向错误输出
156 | CmdProcess.StartInfo.Arguments = "/c " + "wmic /node:localhost /namespace:\\\\root\\SecurityCenter2 path AntiVirusProduct Get DisplayName | findstr /V /B /C:displayName || echo No Antivirus installed";//“/C”表示执行完命令后马上退出
157 | CmdProcess.Start();//执行
158 |
159 |
160 | Console.WriteLine("==========杀软信息==========\n\n" + CmdProcess.StandardOutput.ReadToEnd());
161 |
162 | CmdProcess.WaitForExit();//等待程序执行完退出进程
163 |
164 | CmdProcess.Close();//结束
165 |
166 | }
167 | static string GetOSName()
168 | {
169 | //得到主机名称
170 | return new ComputerInfo().OSFullName;
171 | }
172 | public static Shell32.Folder GetShell32Folder(object folder, Object shell, Type shellAppType)
173 | {
174 | return (Shell32.Folder)shellAppType.InvokeMember("NameSpace",
175 | System.Reflection.BindingFlags.InvokeMethod, null, shell, new object[] { folder });
176 | }
177 | public static void GetRecycleBinFilenames()
178 | {
179 | //得到回收站的信息
180 | Console.WriteLine("\n[+] 回收站信息:");
181 | Type shellAppType = Type.GetTypeFromProgID("Shell.Application");
182 | Object shell = Activator.CreateInstance(shellAppType);
183 | Folder recycleBin = GetShell32Folder(10, shell, shellAppType);
184 |
185 | foreach (FolderItem2 recfile in recycleBin.Items())
186 | {
187 | Console.WriteLine("\t" + recfile.Name);
188 | }
189 |
190 | Marshal.FinalReleaseComObject(shell);
191 | }
192 |
193 | static void Main()
194 | {
195 | SystemInfo();
196 | AvProcessEDRproduct();
197 | Network_Connentions();
198 | ListRDPConnections.ListRDPOutConnections();
199 | ListRDPConnections.ListRDPInConnections();
200 | GetRecycleBinFilenames();
201 | readregedit();
202 | Domain_p();
203 | Console.WriteLine("End!!");
204 | }
205 | }
206 | }
207 |
--------------------------------------------------------------------------------