-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathOffline Domain Join.ps1
More file actions
182 lines (149 loc) · 6.42 KB
/
Offline Domain Join.ps1
File metadata and controls
182 lines (149 loc) · 6.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
$source = @'
using System;
using System.Security.Principal;
using System.Runtime.InteropServices;
namespace JackTest
{
public class Kernel32
{
[DllImport("Kernel32.dll", SetLastError = true)]
public static extern int GetLastError();
[DllImport("Kernel32.dll", SetLastError = true)]
public static extern void CloseHandle(IntPtr existingTokenHandle);
}
public class Netapi32
{
[DllImport("netapi32.dll", EntryPoint = "NetProvisionComputerAccount", SetLastError = true, ExactSpelling = true, CharSet = CharSet.Unicode)]
public static extern int NetProvisionComputerAccount(
string lpDomain,
string lpMachineName,
string lpMachineAccountOU,
string lpDcName,
int dwOptions,
IntPtr pProvisionBinData,
IntPtr pdwProvisionBinDataSize,
[MarshalAs(UnmanagedType.LPWStr)]
out string pProvisionTextData);
}
public class AdvApi32
{
[DllImport("advapi32.DLL", SetLastError = true)]
public static extern bool LogonUser(string lpszUsername, string lpszDomain, string lpszPassword, int dwLogonType, int dwLogonProvider, out IntPtr phToken);
[DllImport("advapi32.dll", SetLastError = true)]
public extern static bool DuplicateToken(IntPtr ExistingTokenHandle, int SECURITY_IMPERSONATION_LEVEL, out IntPtr DuplicateTokenHandle);
public enum LogonTypes
{
LOGON32_LOGON_INTERACTIVE = 2,
LOGON32_LOGON_NETWORK = 3,
LOGON32_LOGON_BATCH = 4,
LOGON32_LOGON_SERVICE = 5,
LOGON32_LOGON_UNLOCK = 7,
LOGON32_LOGON_NETWORK_CLEARTEXT = 8,
LOGON32_LOGON_NEW_CREDENTIALS = 9,
}
public enum LogonProvider
{
LOGON32_PROVIDER_DEFAULT = 0,
LOGON32_PROVIDER_WINNT35 = 1,
LOGON32_PROVIDER_WINNT40 = 2,
LOGON32_PROVIDER_WINNT50 = 3
}
public enum SecurityImpersonationLevel : int
{
SecurityAnonymous = 0,
SecurityIdentification = 1,
SecurityImpersonation = 2,
SecurityDelegation = 3,
}
[DllImport("advapi32.DLL")]
public static extern bool ImpersonateLoggedOnUser(IntPtr hToken); //handle to token for logged-on user
[DllImport("advapi32.DLL")]
public static extern bool RevertToSelf();
[DllImport("kernel32.dll")]
public extern static bool CloseHandle(IntPtr hToken);
}
public class DomainJoin
{
public static int GetDomainJoin(String username, String password,string Domain,string Machine,string OU,string DC,out string DomainJoinBlob)
{
int Result = -1;
IntPtr existingTokenHandle = IntPtr.Zero;
IntPtr duplicateTokenHandle = IntPtr.Zero;
String[] splitUserName = username.Split('\\');
string userdomain = splitUserName[0];
username = splitUserName[1];
try
{
Console.WriteLine("Before Calling AdvApi32.LogonUser");
bool isOkay = AdvApi32.LogonUser(username, userdomain, password,
(int)AdvApi32.LogonTypes.LOGON32_LOGON_NEW_CREDENTIALS,
(int)AdvApi32.LogonProvider.LOGON32_PROVIDER_WINNT50,
out existingTokenHandle);
Console.WriteLine("After Calling AdvApi32.LogonUser");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
throw new Exception("LogonUser Failed: " + lastWin32Error + " - " + lastError);
}
Console.WriteLine("Before Calling AdvApi32.DuplicateToken");
isOkay = AdvApi32.DuplicateToken(existingTokenHandle,
(int)AdvApi32.SecurityImpersonationLevel.SecurityImpersonation,
out duplicateTokenHandle);
Console.WriteLine("After Calling AdvApi32.DuplicateToken");
if (!isOkay)
{
int lastWin32Error = Marshal.GetLastWin32Error();
int lastError = Kernel32.GetLastError();
Kernel32.CloseHandle(existingTokenHandle);
throw new Exception("DuplicateToken Failed: " + lastWin32Error + " - " + lastError);
}
Console.WriteLine("Before Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle);
Console.WriteLine("After Calling AdvApi32.ImpersonateLoggedOnUser(duplicateTokenHandle)");
String blob = String.Empty;
Console.WriteLine("Calling NetProvisionComputerAccount");
Result = Netapi32.NetProvisionComputerAccount(Domain,Machine,OU,DC,2,IntPtr.Zero, IntPtr.Zero, out blob);
DomainJoinBlob = blob;
Console.WriteLine("Domain Blob: {0}", blob);
Console.WriteLine("Before Calling RevertToSelf");
if(AdvApi32.RevertToSelf())
{
Console.WriteLine("RevertToSelf Succeeded");
}
else
{
Console.WriteLine("RevertToSelf Failed");
}
}
finally
{
if (existingTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(existingTokenHandle);
}
if (duplicateTokenHandle != IntPtr.Zero)
{
Kernel32.CloseHandle(duplicateTokenHandle);
}
}
return Result;
}
static void Main(string[] args)
{
Console.WriteLine("MAIN CALLED");
Console.ReadLine();
}
}
}
'@
$result = Add-Type -TypeDefinition $Source -Language CSharp
try{
$DomainJoinBlob = ""
$tester = [JackTest.DomainJoin]::GetDomainJoin("USERDOMAIN\USERNAME", "Password","DOMAIN","NewMachineName","OU=Desktops,DC=domain,DC=internal","DCName",[ref] $DomainJoinBlob)
Write-host "Returned - " $tester
Write-host "Returned - " $DomainJoinBlob
}
catch
{
}