From 6c507def4744a28a227080a6840f5dfa540e17f1 Mon Sep 17 00:00:00 2001 From: guervild <11190755+guervild@users.noreply.github.com> Date: Tue, 7 Dec 2021 22:15:45 +0100 Subject: [PATCH] Add an option to list current domain sites (related subnets, domains and servers) --- StandIn/StandIn/Program.cs | 71 ++++++++++++++++++++++++++++++++++++- StandIn/StandIn/hStandIn.cs | 4 +++ 2 files changed, 74 insertions(+), 1 deletion(-) diff --git a/StandIn/StandIn/Program.cs b/StandIn/StandIn/Program.cs index 1261a4f..8f9028f 100644 --- a/StandIn/StandIn/Program.cs +++ b/StandIn/StandIn/Program.cs @@ -3069,6 +3069,69 @@ public static void GetADTrustRelationships() } } + public static void GetADSites() + { + try + { + Domain oDom = Domain.GetComputerDomain(); + String sPDC = oDom.PdcRoleOwner.Name; + String sDomName = oDom.Name; + Console.WriteLine("\n[?] Using DC : " + sPDC); + Console.WriteLine(" |_ Domain : " + sDomName); + + ReadOnlySiteCollection sitesCollection = oDom.Forest.Sites; + + if (sitesCollection.Count < 1) + { + Console.WriteLine("\n[!] No site to display.."); + } + else + { + foreach (ActiveDirectorySite site in sitesCollection) + { + Console.WriteLine("\n[*] Site Name : " + site.Name); + if (site.Domains.Count > 0) + { + Console.WriteLine(" Domains "); + foreach (Domain domain in site.Domains) + { + Console.WriteLine(" |_ " + domain.Name); + } + } + if (site.Subnets.Count > 0) + { + Console.WriteLine(" Subnets "); + foreach (ActiveDirectorySubnet subnet in site.Subnets) + { + Console.WriteLine(" |_ " + subnet); + } + } + + if (!String.IsNullOrEmpty(site.Location)) + { + Console.WriteLine(" Location : " + site.Location); + } + + Console.WriteLine(" Number of server in the site : " + site.Servers.Count); + + if (site.Servers.Count > 0) + { + Console.WriteLine(" Servers "); + + foreach (DirectoryServer server in site.Servers) + { + Console.WriteLine(" |_ " + server); + } + } + } + } + } + catch + { + Console.WriteLine("[!] Failed to contact the current domain.."); + } + } + public static void StringToUserOrSID(String sUserId, String sDomain = "", String sUser = "", String sPass = "") { // Create searcher @@ -4150,6 +4213,8 @@ class ArgOptions [Option(null, "trust")] public Boolean bTrust { get; set; } + [Option(null, "site")] + public Boolean bSite { get; set; } [Option(null, "remove")] public Boolean bRemove { get; set; } @@ -4233,7 +4298,7 @@ static void Main(string[] args) else { - if (!String.IsNullOrEmpty(ArgOptions.sComp) || !String.IsNullOrEmpty(ArgOptions.sObject) || !String.IsNullOrEmpty(ArgOptions.sGroup) || !String.IsNullOrEmpty(ArgOptions.sLdap) || !String.IsNullOrEmpty(ArgOptions.sSid) || !String.IsNullOrEmpty(ArgOptions.sSetSPN) || ArgOptions.bSPN || ArgOptions.bDelegation || ArgOptions.bAsrep || ArgOptions.bDc || ArgOptions.bTrust || ArgOptions.bGPO || ArgOptions.bDNS || ArgOptions.bPolicy || ArgOptions.bPasswdnotreqd || ArgOptions.bADCS) + if (!String.IsNullOrEmpty(ArgOptions.sComp) || !String.IsNullOrEmpty(ArgOptions.sObject) || !String.IsNullOrEmpty(ArgOptions.sGroup) || !String.IsNullOrEmpty(ArgOptions.sLdap) || !String.IsNullOrEmpty(ArgOptions.sSid) || !String.IsNullOrEmpty(ArgOptions.sSetSPN) || ArgOptions.bSPN || ArgOptions.bDelegation || ArgOptions.bAsrep || ArgOptions.bDc || ArgOptions.bTrust || ArgOptions.bSite || ArgOptions.bGPO || ArgOptions.bDNS || ArgOptions.bPolicy || ArgOptions.bPasswdnotreqd || ArgOptions.bADCS) { if (!String.IsNullOrEmpty(ArgOptions.sComp)) { @@ -4352,6 +4417,10 @@ static void Main(string[] args) { GetADTrustRelationships(); } + else if (ArgOptions.bSite) + { + GetADSites(); + } else if (!String.IsNullOrEmpty(ArgOptions.sLdap)) { returnLDAP(ArgOptions.sLdap, ArgOptions.sDomain, ArgOptions.sUser, ArgOptions.sPass, ArgOptions.sFilter, ArgOptions.iLimit); diff --git a/StandIn/StandIn/hStandIn.cs b/StandIn/StandIn/hStandIn.cs index 8bb27c1..78f48fe 100644 --- a/StandIn/StandIn/hStandIn.cs +++ b/StandIn/StandIn/hStandIn.cs @@ -250,6 +250,7 @@ public static void getHelp() "--asrep Boolean, list ASREP roastable accounts\n" + "--dc Boolean, list all domain controllers\n" + "--trust Boolean, list all trust relationships\n" + + "--site Boolean, list all sites (related subnets, domains, and servers)\n" + "--adcs List all CA's and all published templates\n" + "--clientauth Boolean, modify ADCS template to add/remove \"Client Authentication\"\n" + "--ess Boolean, modify ADCS template to add/remove \"ENROLLEE_SUPPLIES_SUBJECT\"\n" + @@ -359,6 +360,9 @@ public static void getHelp() "# Get a list of all trust relationships in the current domain\n" + "StandIn.exe --trust\n\n" + + "# Get a list of all the sites and the related subnets\n" + + "StandIn.exe --site\n\n" + + "# List members of group or list user group membership\n" + "StandIn.exe --group Literarum\n" + "StandIn.exe --group \"Magna Ultima\" --domain redhook --user RFludd --pass Cl4vi$Alchemi4e\n" +