Documentation ¶
Index ¶
- Constants
- func DecodeADTimestamp(timestamp string) string
- func DecodeSID(s string) string
- func DecodeZuluTimestamp(timestamp string) string
- func JoinFilters(filters ...string) string
- func NegativeFilter(filter string) string
- func NewClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object
- type Client
- func (c *Client) AdvancedSearch(Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, ...) SearchResult
- func (c *Client) Authenticate(username, password string)
- func (c *Client) AuthenticateWithNTLMHash(username, hash string)
- func (c *Client) Close()
- func (c *Client) CollectMetadata() Metadata
- func (c *Client) FindADObjects(filter string) SearchResult
- func (c *Client) GetADActiveUsers() SearchResult
- func (c *Client) GetADAdmins() SearchResult
- func (c *Client) GetADDCList() SearchResult
- func (c *Client) GetADDomainSID() string
- func (c *Client) GetADGroups() SearchResult
- func (c *Client) GetADUserAsRepRoastable() SearchResult
- func (c *Client) GetADUserKerberoastable() SearchResult
- func (c *Client) GetADUserTrustedForDelegation() SearchResult
- func (c *Client) GetADUserWithNeverExpiringPasswords() SearchResult
- func (c *Client) GetADUserWithPasswordNotRequired() SearchResult
- func (c *Client) GetADUsers() SearchResult
- func (c *Client) Search(filter string, attributes ...string) SearchResult
- type Config
- type LdapAttributes
- type LdapEntry
- type Metadata
- type SearchResult
Constants ¶
const ( FilterIsPerson = "(objectCategory=person)" // The object is a person. FilterIsGroup = "(objectCategory=group)" // The object is a group. FilterIsComputer = "(objectCategory=computer)" // The object is a computer. FilterIsAdmin = "(adminCount=1)" // The object is an admin. FilterHasServicePrincipalName = "(servicePrincipalName=*)" // The object has a service principal name. FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)" // The logon script will be run. FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)" // The user account is disabled. FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" // The user account is enabled. FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)" // The home folder is required. FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)" // The user is locked out. FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)" // No password is required. FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)" // The user can't change the password. FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)" // The user can send an encrypted password. FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)" // It's an account for users whose primary account is in another domain. FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)" // It's a default account type that represents a typical user. FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)" // It's a permit to trust an account for a system domain that trusts other domains. FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)" // It's a computer account for a computer that is running old Windows builds. FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)" // It's a computer account for a domain controller that is a member of this domain. FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)" // Represents the password, which should never expire on the account. FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)" // It's an MNS logon account. FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)" // When this flag is set, it forces the user to log on by using a smart card. FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)" // When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" // When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" // Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" // This account doesn't require Kerberos pre-authentication for logging on. FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" // The user's password has expired. FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" // The account is enabled for delegation. FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" // The account is a read-only domain controller (RODC). )
LDAP makes you search using an OID http://oid-info.com/get/1.2.840.113556.1.4.803
The one for the userAccountControl in MS Active Directory is 1.2.840.113556.1.4.803 (LDAP_MATCHING_RULE_BIT_AND)
We can look at the enabled flags using a query like (!(userAccountControl:1.2.840.113556.1.4.803:=2))
Variables ¶
This section is empty.
Functions ¶
func DecodeADTimestamp ¶
DecodeADTimestamp decodes an Active Directory timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeADTimestamp('132036744000000000'); log(timestamp); ```
func DecodeSID ¶
DecodeSID decodes a SID string @example ```javascript const ldap = require('nuclei/ldap'); const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013'); log(sid); ```
func DecodeZuluTimestamp ¶
DecodeZuluTimestamp decodes a Zulu timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z'); log(timestamp); ```
func JoinFilters ¶
JoinFilters joins multiple filters into a single filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled); ```
func NegativeFilter ¶
NegativeFilter returns a negative filter for a given filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.NegativeFilter(ldap.FilterIsPerson); ```
func NewClient ¶
Constructor for creating a new ldap client The following schemas are supported for url: ldap://, ldaps://, ldapi://, and cldap:// (RFC1798, deprecated but used by Active Directory). ldaps uses TLS/SSL, ldapi uses a Unix domain socket, and cldap uses connectionless LDAP. Constructor: constructor(public ldapUrl: string, public realm: string, public config?: Config)
Types ¶
type Client ¶
type Client struct { Host string // Hostname Port int // Port Realm string // Realm BaseDN string // BaseDN (generated from Realm) // contains filtered or unexported fields }
Client is a client for ldap protocol in nuclei @example ```javascript const ldap = require('nuclei/ldap'); // here ldap.example.com is the ldap server and acme.com is the realm const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); ``` @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; // optional config can be passed as third argument const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg); ```
func (*Client) AdvancedSearch ¶
func (c *Client) AdvancedSearch( Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, Attributes []string, Controls []ldap.Control) SearchResult
AdvancedSearch accepts all values of search request type and return Ldap Entry its up to user to handle the response @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []); ```
func (*Client) Authenticate ¶
Authenticate authenticates with the ldap server using the given username and password performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Authenticate('user', 'password'); ```
func (*Client) AuthenticateWithNTLMHash ¶
AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.AuthenticateWithNTLMHash('pdtm', 'hash'); ```
func (*Client) Close ¶
func (c *Client) Close()
close the ldap connection @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Close(); ```
func (*Client) CollectMetadata ¶
CollectLdapMetadata collects metadata from ldap server. @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const metadata = client.CollectMetadata(); log(to_json(metadata)); ```
func (*Client) FindADObjects ¶
func (c *Client) FindADObjects(filter string) SearchResult
FindADObjects finds AD objects based on a filter and returns them as a list of ADObject @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.FindADObjects(ldap.FilterIsPerson); log(to_json(users)); ```
func (*Client) GetADActiveUsers ¶
func (c *Client) GetADActiveUsers() SearchResult
GetADActiveUsers returns all AD users using FilterIsPerson and FilterAccountEnabled filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADActiveUsers(); log(to_json(users)); ```
func (*Client) GetADAdmins ¶
func (c *Client) GetADAdmins() SearchResult
GetADAdmins returns all AD admins using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const admins = client.GetADAdmins(); log(to_json(admins)); ```
func (*Client) GetADDCList ¶
func (c *Client) GetADDCList() SearchResult
GetADDCList returns all AD domain controllers using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const dcs = client.GetADDCList(); log(to_json(dcs)); ```
func (*Client) GetADDomainSID ¶
GetADDomainSID returns the SID of the AD domain @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const domainSID = client.GetADDomainSID(); log(domainSID); ```
func (*Client) GetADGroups ¶
func (c *Client) GetADGroups() SearchResult
GetADGroups returns all AD groups using FilterIsGroup filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const groups = client.GetADGroups(); log(to_json(groups)); ```
func (*Client) GetADUserAsRepRoastable ¶
func (c *Client) GetADUserAsRepRoastable() SearchResult
GetADUserAsRepRoastable returns all AD users that are AsRepRoastable using FilterIsPerson, and FilterDontRequirePreauth filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const AsRepRoastable = client.GetADUserAsRepRoastable(); log(to_json(AsRepRoastable)); ```
func (*Client) GetADUserKerberoastable ¶
func (c *Client) GetADUserKerberoastable() SearchResult
GetADUserKerberoastable returns all AD users that are kerberoastable using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const kerberoastable = client.GetADUserKerberoastable(); log(to_json(kerberoastable)); ```
func (*Client) GetADUserTrustedForDelegation ¶
func (c *Client) GetADUserTrustedForDelegation() SearchResult
GetADUserTrustedForDelegation returns all AD users that are trusted for delegation using FilterIsPerson and FilterTrustedForDelegation filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserTrustedForDelegation(); log(to_json(users)); ```
func (*Client) GetADUserWithNeverExpiringPasswords ¶
func (c *Client) GetADUserWithNeverExpiringPasswords() SearchResult
GetAdUserWithNeverExpiringPasswords returns all AD users using FilterIsPerson and FilterDontExpirePassword filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithNeverExpiringPasswords(); log(to_json(users)); ```
func (*Client) GetADUserWithPasswordNotRequired ¶
func (c *Client) GetADUserWithPasswordNotRequired() SearchResult
GetADUserWithPasswordNotRequired returns all AD users that do not require a password using FilterIsPerson and FilterPasswordNotRequired filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithPasswordNotRequired(); log(to_json(users)); ```
func (*Client) GetADUsers ¶
func (c *Client) GetADUsers() SearchResult
GetADUsers returns all AD users using FilterIsPerson filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```
func (*Client) Search ¶
func (c *Client) Search(filter string, attributes ...string) SearchResult
Search accepts whatever filter and returns a list of maps having provided attributes as keys and associated values mirroring the ones returned by ldap @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```
type Config ¶
type Config struct { // Timeout is the timeout for the ldap client in seconds Timeout int ServerName string // default to host (when using tls) Upgrade bool // when true first connects to non-tls and then upgrades to tls }
Config is extra configuration for the ldap client @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; cfg.Upgrade = true; // upgrade to tls ```
type LdapAttributes ¶
type LdapAttributes struct { // CurrentTime contains current time CurrentTime []string `json:"currentTime,omitempty"` // SubschemaSubentry contains subschema subentry SubschemaSubentry []string `json:"subschemaSubentry,omitempty"` // DsServiceName contains ds service name DsServiceName []string `json:"dsServiceName,omitempty"` // NamingContexts contains naming contexts NamingContexts []string `json:"namingContexts,omitempty"` // DefaultNamingContext contains default naming context DefaultNamingContext []string `json:"defaultNamingContext,omitempty"` // SchemaNamingContext contains schema naming context SchemaNamingContext []string `json:"schemaNamingContext,omitempty"` // ConfigurationNamingContext contains configuration naming context ConfigurationNamingContext []string `json:"configurationNamingContext,omitempty"` // RootDomainNamingContext contains root domain naming context RootDomainNamingContext []string `json:"rootDomainNamingContext,omitempty"` // SupportedLDAPVersion contains supported LDAP version SupportedLDAPVersion []string `json:"supportedLDAPVersion,omitempty"` // HighestCommittedUSN contains highest committed USN HighestCommittedUSN []string `json:"highestCommittedUSN,omitempty"` // SupportedSASLMechanisms contains supported SASL mechanisms SupportedSASLMechanisms []string `json:"supportedSASLMechanisms,omitempty"` // DnsHostName contains DNS host name DnsHostName []string `json:"dnsHostName,omitempty"` // LdapServiceName contains LDAP service name LdapServiceName []string `json:"ldapServiceName,omitempty"` // ServerName contains server name ServerName []string `json:"serverName,omitempty"` // IsSynchronized contains is synchronized IsSynchronized []string `json:"isSynchronized,omitempty"` // IsGlobalCatalogReady contains is global catalog ready IsGlobalCatalogReady []string `json:"isGlobalCatalogReady,omitempty"` // DomainFunctionality contains domain functionality DomainFunctionality []string `json:"domainFunctionality,omitempty"` // ForestFunctionality contains forest functionality ForestFunctionality []string `json:"forestFunctionality,omitempty"` // DomainControllerFunctionality contains domain controller functionality DomainControllerFunctionality []string `json:"domainControllerFunctionality,omitempty"` // DistinguishedName contains the distinguished name DistinguishedName []string `json:"distinguishedName,omitempty"` // SAMAccountName contains the SAM account name SAMAccountName []string `json:"sAMAccountName,omitempty"` // PWDLastSet contains the password last set time PWDLastSet []string `json:"pwdLastSet,omitempty"` // LastLogon contains the last logon time LastLogon []string `json:"lastLogon,omitempty"` // MemberOf contains the groups the entry is a member of MemberOf []string `json:"memberOf,omitempty"` // ServicePrincipalName contains the service principal names ServicePrincipalName []string `json:"servicePrincipalName,omitempty"` // Extra contains other extra fields which might be present Extra map[string]any `json:"extra,omitempty"` }
LdapAttributes represents all LDAP attributes of a particular ldap entry
type LdapEntry ¶
type LdapEntry struct { // DN contains distinguished name DN string `json:"dn"` // Attributes contains list of attributes Attributes LdapAttributes `json:"attributes"` }
LdapEntry represents a single LDAP entry
type Metadata ¶
type Metadata struct { BaseDN string Domain string DefaultNamingContext string DomainFunctionality string ForestFunctionality string DomainControllerFunctionality string DnsHostName string }
Metadata is the metadata for ldap server. this is returned by CollectMetadata method
type SearchResult ¶
type SearchResult struct { // Referrals contains list of referrals Referrals []string `json:"referrals"` // Controls contains list of controls Controls []string `json:"controls"` // Entries contains list of entries Entries []LdapEntry `json:"entries"` }
SearchResult contains search result of any / all ldap search request @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```