• Welcome to the world's largest Chinese hacker forum

    Welcome to the world's largest Chinese hacker forum, our forum registration is open! You can now register for technical communication with us, this is a free and open to the world of the BBS, we founded the purpose for the study of network security, please don't release business of black/grey, or on the BBS posts, to seek help hacker if violations, we will permanently frozen your IP and account, thank you for your cooperation. Hacker attack and defense cracking or network Security

    business please click here: Creation Security  From CNHACKTEAM

利用DirectoryEntry获取域内计算机以及共享资源


k8

Recommended Posts

前言

System.DirectoryServices.DirectoryEntry组件提供了对Active Directory的访问。本文以两个简单的小程序为例,阐述了如何利用此组件查看网络的各节点的信息。 DirectoryEntry组件提供了Path属性,根据文档,此属性指定了目录服务中用来访问对象的对象名,其格式如下:
protocol://servername:port number/distinguished name
此语句的第一部分定义了访问将使用的协议,如
LDAP: (Lightweight Directory Access Protocol)
IIS: (提供IIS元数据来读及配置Internet Infomation Server)
WinNT: (提供在非常有限的性能下对Windows NT域的访问)
NDS: (提供对Novell Directory Service的访问)
等等(详细信息清参考MSDN)。

因此我们构造一个DirectoryEntry实例,将它的Path设为”WinNT:”,以通过对它的所有子项的枚举来发现网络上的所有域(以及工作组)。这样,再对所发现的域(以及工作组)的子项进行枚举,就可以发现网络上的所有计算机,结合WMI发现机器上的共享资源。

C#实现代码

以下为Ladon的EnumShare代码,自动获取当前域,并枚举域内计算机以及获取机器开放共享资源。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
string strDomain;
string strComputer;
string strShare;
Console.WriteLine("Load EnumShare");

DirectoryEntry root = new DirectoryEntry("WinNT:");
foreach (DirectoryEntry Domain in root.Children)
{
    strDomain = Domain.Name;
    Console.WriteLine("Domain: " + strDomain);
    foreach (DirectoryEntry Computer in Domain.Children)
    {
        if (Computer.SchemaClassName.Equals("Computer"))
        {
            strComputer = Computer.Name;
            ManagementObjectSearcher searcher = new ManagementObjectSearcher("select * from win32_share");
            foreach (ManagementObject share in searcher.Get())
            {
                strShare = share["Name"].ToString();
                Console.WriteLine(strComputer + "\\" + strShare);
            }

        }
    }
}

 

Ladon EnumShare
因为崇尚极简主义,所以Ladon无需填写域名以及参数,参数多也很烦,全自动获取,一步到位。
img

参考

https://github.com/k8gege/Ladon

https://docs.microsoft.com/zh-cn/dotnet/api/system.directoryservices.directoryentry?view=netframework-4.8

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now