[Pauldotcom] detecting PDCs
Butturini, Russell
Russell.Butturini at Healthways.com
Fri Mar 26 01:12:33 UTC 2010
That's true but you still have to know the internal domain name :-)
----- Original Message -----
From: pauldotcom-bounces at mail.pauldotcom.com <pauldotcom-bounces at mail.pauldotcom.com>
To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com>
Cc: pauldotcom at mail.pauldotcom.com <pauldotcom at mail.pauldotcom.com>
Sent: Thu Mar 25 20:10:23 2010
Subject: Re: [Pauldotcom] detecting PDCs
Well for DNS you do not have to be
Sent from my Mobile Phone
On Mar 25, 2010, at 8:12 PM, "Butturini, Russell" <Russell.Butturini at Healthways.com
> wrote:
> These solutuons are useful, but you're assuming a machine joined to
> the domain, running in the context of an authenticated user session,
> with knowledge of the internal domain name.
>
> ----- Original Message -----
> From: pauldotcom-bounces at mail.pauldotcom.com <pauldotcom-bounces at mail.pauldotcom.com
> >
> To: PaulDotCom Security Weekly Mailing List <pauldotcom at mail.pauldotcom.com
> >
> Sent: Thu Mar 25 16:36:13 2010
> Subject: Re: [Pauldotcom] detecting PDCs
>
> Indeed.
> Similar to ethe cho %logonserver% method is:
>
> Systeminfo | findstr /I /C:"logon server"
> But a nice way is to get it from dns:
> Nslookup -type=srv _ldap._tcp.pdc._msdcs.<domainname>
> Will give you the same answer as logonserver, to see all DC's change
> pdc to just dc. I got 8 DCs doing this at work all of which I know are
> dcs
> -Josh
>
> On Mar 25, 2010, at 5:07 PM, k41zen <k41zen at live.co.uk> wrote:
>
>> depends on how auth'd you are to the domain I guess, but dsquery is
>> very useful too
>>
>> http://www.computerperformance.co.uk/Logon/DSquery.htm
>>
>> http://tactech.net/2009/09/28/how-to-search-for-a-domain-controller/
>>
>> http://technet.microsoft.com/en-us/library/cc732885%28WS.10%29.aspx
>>
>>
>> On 25 Mar 2010, at 10:54, Robin Wood wrote:
>>
>>> Hi
>>> I'm wondering what techniques people are using to detect domain
>>> controllers when they get on networks. I've asked a few people and
>>> the
>>> standard answer seems to be to look for the DNS server as the PDC is
>>> usually also acting as the DNS server. Has anyone else got any
>>> better
>>> or alternative techniques they use?
>>>
>>> Robin
>>> _______________________________________________
>>> Pauldotcom mailing list
>>> Pauldotcom at mail.pauldotcom.com
>>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>>> Main Web Site: http://pauldotcom.com
>>>
>>
>> _______________________________________________
>> Pauldotcom mailing list
>> Pauldotcom at mail.pauldotcom.com
>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
>> Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
>
>
> ***
> ***
> ***
> *********************************************************************
> This email contains confidential and proprietary information and is
> not to be used or disclosed to anyone other than the named recipient
> of this email,
> and is to be used only for the intended purpose of this communication.
> ***
> ***
> ***
> *********************************************************************
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than the named recipient of this email,
and is to be used only for the intended purpose of this communication.
******************************************************************************
More information about the Pauldotcom
mailing list