optldap

package

v0.0.0-...-8d0f603 Latest Latest Go to latest Published: Apr 2, 2024 License: MIT Imports: 19 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/5amu/goad

Documentation ¶

Rendered for

Index ¶

Constants
func DecodeADTimestamp(timestamp string) string
func DecodeSID(s string) string
func DecodeZuluTimestamp(timestamp string) string
func FindObjects(c *ldap.Conn, domain string, filter string, attributes ...string) ([]map[string]interface{}, error)
func FindObjectsWithCallback(c *ldap.Conn, domain string, filter string, ...) error
func HashDataNTLM(b []byte) string
func JoinFilters(filters ...string) string
func NegativeFilter(filter string) string
func NewFilter(attribute string, equalsTo string) string
func Search(c *ldap.Conn, domain string, filter string, attributes ...string) (*ldap.SearchResult, error)
func UACFilter(prop UserAccountControl) string
func UnpackToSlice(i interface{}) []string
func UnpackToString(i interface{}) string
type DeletionType
type ExecutionFunction
type Options
- func (o *Options) Run()
type UCD
type UserAccountControl

Constants ¶

View Source

const (
	IT_NamingContextHead      uint32 = 1  // The head of naming context
	IT_ReplicaNotInstanciated uint32 = 2  // This replica is not instantiated
	IT_Writable               uint32 = 4  // The object is writable on this directory
	IT_Above                  uint32 = 8  // The naming context above this one on this directory is held
	IT_Constructed            uint32 = 10 // The naming context is in the process of being constructed for the first time by using replication
	IT_Removed                uint32 = 20 // The naming context is in the process of being removed from the local DSA
)

https://learn.microsoft.com/en-us/windows/win32/adschema/a-instancetype

View Source

const (
	FilterIsUser     = "(objectCategory=person)"
	FilterIsGroup    = "(objectCategory=group)"
	FilterIsComputer = "(objectCategory=computer)"
	FilterIsAdmin    = "(adminCount=1)"
	FilterGMSA       = "(objectClass=msDS-GroupManagedServiceAccount)"
)

View Source

const (
	SAMAccountName             = "sAMAccountName"
	ServicePrincipalName       = "servicePrincipalName"
	ObjectSid                  = "objectSid"
	ObjectClass                = "objectClass"
	InstanceType               = "instanceType"
	AdminCount                 = "adminCount"
	UAC                        = "userAccountControl:1.2.840.113556.1.4.803:"
	UACAttr                    = "userAccountControl"
	DistinguishedName          = "distinguishedName"
	OperatingSystem            = "operatingSystem"
	OperatingSystemServicePack = "operatingSystemServicePack"
	OperatingSystemVersion     = "operatingSystemVersion"
	PasswordLastSet            = "pwdLastSet"
	LastLogon                  = "lastLogon"
	MemberOf                   = "memberOf"
	Description                = "description"
	ManagedPassword            = "msDS-ManagedPassword"
	UnicodePassword            = "unicodePwd"
	DnsHostname                = "dnsHostName"
)

Variables ¶

This section is empty.

Functions ¶

func DecodeADTimestamp ¶

func DecodeADTimestamp(timestamp string) string

func DecodeSID ¶

func DecodeSID(s string) string

func DecodeZuluTimestamp ¶

func DecodeZuluTimestamp(timestamp string) string

func FindObjects ¶

func FindObjects(c *ldap.Conn, domain string, filter string, attributes ...string) ([]map[string]interface{}, error)

func FindObjectsWithCallback ¶

func FindObjectsWithCallback(c *ldap.Conn, domain string, filter string, callback func(map[string]interface{}) error, attributes ...string) error

func HashDataNTLM ¶

func HashDataNTLM(b []byte) string

func JoinFilters ¶

func JoinFilters(filters ...string) string

func NegativeFilter ¶

func NegativeFilter(filter string) string

func NewFilter ¶

func NewFilter(attribute string, equalsTo string) string

func Search ¶

func Search(c *ldap.Conn, domain string, filter string, attributes ...string) (*ldap.SearchResult, error)

func UACFilter ¶

func UACFilter(prop UserAccountControl) string

func UnpackToSlice ¶

func UnpackToSlice(i interface{}) []string

func UnpackToString ¶

func UnpackToString(i interface{}) string

Types ¶

type DeletionType ¶

type DeletionType int

const (
	DelComputer DeletionType = iota
	DelUser
)

type ExecutionFunction ¶

type ExecutionFunction int

const (
	Undefined ExecutionFunction = iota
	Create
	Read
	Update
	Delete
	Kerberoast
	Asreproast
)

type Options ¶

type Options struct {
	Targets struct {
		TARGETS []string `description:"Provide target IP/FQDN/FILE"`
	} `positional-args:"yes"`

	Connection struct {
		Username    string `short:"u" description:"Provide username (or FILE)"`
		Password    string `short:"p" description:"Provide password (or FILE)"`
		NullSession bool   `long:"null-session" description:"Authenticate with null credentials"`
		NTLM        string `short:"H" long:"hashes" description:"Authenticate with NTLM hash"`
		Domain      string `short:"d" long:"domain" description:"Provide domain"`
		Port        int    `long:"port" default:"389" description:"Ldap port to contact"`
		SSL         bool   `short:"s" long:"ssl" description:"Use ssl to interact with ldap"`
	} `group:"Connection Options" description:"Connection Options"`

	Hashes struct {
		AsrepRoast string `long:"asreproast" description:"Grab AS_REP ticket(s) parsed to be cracked with hashcat"`
		Kerberoast string `long:"kerberoast" description:"Grab TGS ticket(s) parsed to be cracked with hashcat"`
	} `group:"Hash Retrieval Options" description:"Hash Retrieval Options"`

	// Create
	Create struct {
		AddComputer string `long:"add-computer" description:"Create a computer object"`
	} `group:"Create Options" description:"Create Options"`

	// Read
	Read struct {
		CustomFilter     string `short:"f" long:"filter" description:"Bring your own filter"`
		CustomAttributes string `short:"a" long:"attributes" description:"Ask your attributes (comma separated)"`

		Script                     bool `long:"script" description:"Filter for objects with flag SCRIPT"`
		Disabled                   bool `long:"disabled" description:"Filter for objects with flag ACCOUNTDISABLE"`
		HomedirRequired            bool `long:"homedir-required" description:"Filter for objects with flag HOMEDIR_REQUIRED"`
		Lockout                    bool `long:"lockout" description:"Filter for objects with flag LOCKOUT"`
		PasswordNotRequired        bool `long:"password-not-required" description:"Filter for objects with flag PASSWD_NOTREQD"`
		PasswordCantChange         bool `long:"password-cant-change" description:"Filter for objects with flag PASSWD_CANT_CHANGE"`
		EncryptedTextPwdAllowed    bool `long:"encrypted-text-pwd-allowed" description:"Filter for objects with flag ENCRYPTED_TEXT_PWD_ALLOWED"`
		TempDuplicateAccount       bool `long:"temp-duplicate-account" description:"Filter for objects with flag TEMP_DUPLICATE_ACCOUNT"`
		NormalAccount              bool `long:"normal-account" description:"Filter for objects with flag NORMAL_ACCOUNT"`
		InterdomainTrustAccount    bool `long:"interdomain-trust-account" description:"Filter for objects with flag INTERDOMAIN_TRUST_ACCOUNT"`
		WorkstationTrustAccount    bool `long:"workstation-trust-account" description:"Filter for objects with flag WORKSTATION_TRUST_ACCOUNT"`
		ServerTrustAccount         bool `long:"server-trust-account" description:"Filter for objects with flag SERVER_TRUST_ACCOUNT"`
		DontExpirePassword         bool `long:"password-never-expires" description:"Filter for objects with flag DONT_EXPIRE_PASSWD"`
		MNSLogonAccount            bool `long:"mns-logon-account" description:"Filter for objects with flag MNS_LOGON_ACCOUNT"`
		SmartcardRequired          bool `long:"smartcard-required" description:"Filter for objects with flag SMARTCARD_REQUIRED"`
		TrustedForDelegation       bool `long:"trusted-for-delegation" description:"Filter for objects with flag TRUSTED_FOR_DELEGATION"`
		NotDelegated               bool `long:"not-delegated" description:"Filter for objects with flag NOT_DELEGATED"`
		UseDESKeyOnly              bool `long:"use-des-key-only" description:"Filter for objects with flag USE_DES_KEY_ONLY"`
		DontRequirePreauth         bool `long:"dont-require-preauth" description:"Filter for objects with flag DONT_REQ_PREAUTH"`
		PasswordExpired            bool `long:"password-expired" description:"Filter for objects with flag PASSWORD_EXPIRED"`
		TrustedToAuthForDelegation bool `long:"trusted-to-auth-for-delegation" description:"Filter for objects with flag TRUSTED_TO_AUTH_FOR_DELEGATION"`
		PartialSecretsAccount      bool `long:"partial-secrets-account" description:"Filter for objects with flag PARTIAL_SECRETS_ACCOUNT"`

		AdminCount  bool   `long:"admin-count" description:"Enumerate objects that have an adminCount"`
		Computers   bool   `long:"computers" description:"Enumerate objects that are computers"`
		Groups      bool   `long:"groups" description:"Enumerate objects that are domain groups"`
		Users       bool   `long:"users" description:"Enumerate objects that are enabled domain users"`
		ActiveUsers bool   `long:"active-users" description:"Enumerate objects that are active enabled domain users"`
		User        string `long:"user" description:"Get data about a single user"`
		GetSID      bool   `long:"sid" description:"Get domain SID"`
		GMSA        bool   `long:"gmsa" description:"Get GMSA passwords"`
		Not         bool   `long:"not" description:"Negate next filter"`
	} `group:"Read Options" description:"Read Options"`

	// Update
	Update struct {
	} `group:"Update Options" description:"Update Options"`

	// Delete
	Delete struct {
		DeleteComputer string `long:"del-computer" description:"Delete a computer object"`
	} `group:"Delete Options" description:"Delete Options"`
	// contains filtered or unexported fields
}

func (*Options) Run ¶

func (o *Options) Run()

type UCD ¶

type UCD struct {
	DnsHostName    string
	UAC            UserAccountControl
	SPNs           []string
	SAMAccountName string
	UnicodePwd     string
}

type UserAccountControl ¶

type UserAccountControl int

var (
	SCRIPT                         UserAccountControl = 1
	ACCOUNTDISABLE                 UserAccountControl = 2
	HOMEDIR_REQUIRED               UserAccountControl = 8
	LOCKOUT                        UserAccountControl = 16
	PASSWD_NOTREQD                 UserAccountControl = 32
	PASSWD_CANT_CHANGE             UserAccountControl = 64
	ENCRYPTED_TEXT_PWD_ALLOWED     UserAccountControl = 128
	TEMP_DUPLICATE_ACCOUNT         UserAccountControl = 256
	NORMAL_ACCOUNT                 UserAccountControl = 512
	INTERDOMAIN_TRUST_ACCOUNT      UserAccountControl = 2048
	WORKSTATION_TRUST_ACCOUNT      UserAccountControl = 4096
	SERVER_TRUST_ACCOUNT           UserAccountControl = 8192
	DONT_EXPIRE_PASSWORD           UserAccountControl = 65536
	MNS_LOGON_ACCOUNT              UserAccountControl = 131072
	SMARTCARD_REQUIRED             UserAccountControl = 262144
	TRUSTED_FOR_DELEGATION         UserAccountControl = 524288
	NOT_DELEGATED                  UserAccountControl = 1048576
	USE_DES_KEY_ONLY               UserAccountControl = 2097152
	DONT_REQ_PREAUTH               UserAccountControl = 4194304
	PASSWORD_EXPIRED               UserAccountControl = 8388608
	TRUSTED_TO_AUTH_FOR_DELEGATION UserAccountControl = 16777216
	PARTIAL_SECRETS_ACCOUNT        UserAccountControl = 67108864
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL