PaulDotCom mailing list archives

detecting PDCs


From: carlos_perez at darkoperator.com (Carlos Perez)
Date: Thu, 25 Mar 2010 20:21:49 -0400

In fact both tools for DNS enumeration cover SRV record ;) check dns_enum in
metasploit

On Thu, Mar 25, 2010 at 5:36 PM, Joshua Smith <lazydj98 at gmail.com> wrote:

Indeed.
Similar to ethe cho %logonserver% method is:

Systeminfo | findstr /I /C:"logon server"
But a nice way is to get it from dns:
Nslookup -type=srv _ldap._tcp.pdc._msdcs.<domainname>
Will give you the same answer as logonserver, to see all DC's change
pdc to just dc. I got 8 DCs doing this at work all of which I know are
dcs
-Josh

On Mar 25, 2010, at 5:07 PM, k41zen <k41zen at live.co.uk> wrote:

depends on how auth'd you are to the domain I guess, but dsquery is
very useful too

http://www.computerperformance.co.uk/Logon/DSquery.htm

http://tactech.net/2009/09/28/how-to-search-for-a-domain-controller/

http://technet.microsoft.com/en-us/library/cc732885%28WS.10%29.aspx


On 25 Mar 2010, at 10:54, Robin Wood wrote:

Hi
I'm wondering what techniques people are using to detect domain
controllers when they get on networks. I've asked a few people and
the
standard answer seems to be to look for the DNS server as the PDC is
usually also acting as the DNS server. Has anyone else got any better
or alternative techniques they use?

Robin
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20100325/bb9d14d7/attachment.htm 


Current thread: