From 05be1c835a256898e67b7af79d197139d8c5cc4e Mon Sep 17 00:00:00 2001
From: Phill Campbell <phill.campbell@dionach.com>
Date: Wed, 31 Jan 2018 16:59:55 +0000
Subject: [PATCH] Add ability to ouput computers csv

---
 src/NtdsAudit/Program.cs                 | 25 ++++++++++++++++++++++++
 src/NtdsAudit/Properties/AssemblyInfo.cs |  4 ++--
 2 files changed, 27 insertions(+), 2 deletions(-)

diff --git a/src/NtdsAudit/Program.cs b/src/NtdsAudit/Program.cs
index df29e12..297f6e2 100644
--- a/src/NtdsAudit/Program.cs
+++ b/src/NtdsAudit/Program.cs
@@ -45,6 +45,7 @@ private static void Main(string[] args)
             var systemHivePath = commandLineApplication.Option("-s | --system <file>", "The path of the associated SYSTEM hive, required when using the pwdump option.", CommandOptionType.SingleValue);
             var pwdumpPath = commandLineApplication.Option("-p | --pwdump <file>", "The path to output hashes in pwdump format.", CommandOptionType.SingleValue);
             var usersCsvPath = commandLineApplication.Option("-u | --users-csv <file>", "The path to output user details in CSV format.", CommandOptionType.SingleValue);
+            var computersCsvPath = commandLineApplication.Option("-c | --computers-csv <file>", "The path to output computer details in CSV format.", CommandOptionType.SingleValue);
             var includeHistoryHashes = commandLineApplication.Option("--history-hashes", "Include history hashes in the pdwump output.", CommandOptionType.NoValue);
             var dumpReversiblePath = commandLineApplication.Option("--dump-reversible <file>", "The path to output clear text passwords, if reversible encryption is enabled.", CommandOptionType.SingleValue);
             var wordlistPath = commandLineApplication.Option("--wordlist", "The path to a wordlist of weak passwords for basic hash cracking. Warning, using this option is slow, the use of a dedicated password cracker, such as 'john', is recommended instead.", CommandOptionType.SingleValue);
@@ -97,6 +98,12 @@ private static void Main(string[] args)
                     argumentsValid = false;
                 }
 
+                if (computersCsvPath.HasValue() && !string.IsNullOrEmpty(Path.GetDirectoryName(computersCsvPath.Value())) && !Directory.Exists(Path.GetDirectoryName(computersCsvPath.Value())))
+                {
+                    ConsoleEx.WriteError($"Computers CSV output directory \"{Path.GetDirectoryName(computersCsvPath.Value())}\" does not exist.");
+                    argumentsValid = false;
+                }
+
                 if (dumpReversiblePath.HasValue() && !string.IsNullOrEmpty(Path.GetDirectoryName(dumpReversiblePath.Value())) && !Directory.Exists(Path.GetDirectoryName(dumpReversiblePath.Value())))
                 {
                     ConsoleEx.WriteError($"Dump Reverible output directory \"{Path.GetDirectoryName(dumpReversiblePath.Value())}\" does not exist.");
@@ -131,6 +138,11 @@ private static void Main(string[] args)
                     {
                         WriteUsersCsvFile(usersCsvPath.Value(), ntdsAudit, baseDateTime);
                     }
+
+                    if (computersCsvPath.HasValue())
+                    {
+                        WriteComputersCsvFile(computersCsvPath.Value(), ntdsAudit, baseDateTime);
+                    }
                 }
 
                 return argumentsValid ? 0 : -1;
@@ -203,6 +215,19 @@ private static void PrintConsoleStatistics(NtdsAudit ntdsAudit, DateTime baseDat
             }
         }
 
+        private static void WriteComputersCsvFile(string computersCsvPath, NtdsAudit ntdsAudit, DateTime baseDateTime)
+        {
+            using (var file = new StreamWriter(computersCsvPath, false))
+            {
+                file.WriteLine("Domain,Computer,Disabled,Last Logon");
+                foreach (var computer in ntdsAudit.Computers)
+                {
+                    var domain = ntdsAudit.Domains.Single(x => x.Sid == computer.DomainSid);
+                    file.WriteLine($"{domain.Fqdn},{computer.Name},{computer.Disabled},{computer.LastLogon}");
+                }
+            }
+        }
+
         private static void WritePwDumpFile(string pwdumpPath, NtdsAudit ntdsAudit, DateTime baseDateTime, bool includeHistoryHashes, bool wordlistInUse, string dumpReversiblePath)
         {
             DomainInfo domain = null;
diff --git a/src/NtdsAudit/Properties/AssemblyInfo.cs b/src/NtdsAudit/Properties/AssemblyInfo.cs
index a90057c..4e8ce92 100644
--- a/src/NtdsAudit/Properties/AssemblyInfo.cs
+++ b/src/NtdsAudit/Properties/AssemblyInfo.cs
@@ -32,6 +32,6 @@
 // You can specify all the values or you can default the Build and Revision Numbers
 // by using the '*' as shown below:
 // [assembly: AssemblyVersion("1.0.*")]
-[assembly: AssemblyVersion("2.0.4.0")]
-[assembly: AssemblyFileVersion("2.0.4.0")]
+[assembly: AssemblyVersion("2.0.5.0")]
+[assembly: AssemblyFileVersion("2.0.5.0")]
 [assembly: CLSCompliant(true)]