ditreader

package
v0.0.0-...-d5bf94b Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 9, 2023 License: GPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source
var EmptyLM = []byte{0xaa, 0xd3, 0xb4, 0x35, 0xb5, 0x14, 0x04, 0xee, 0xaa, 0xd3, 0xb4, 0x35, 0xb5, 0x14, 0x04, 0xee}
View Source
var EmptyNT = []byte{0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0}

Functions

func DecryptAES

func DecryptAES(key, value, iv []byte) ([]byte, error)

func DeriveKey

func DeriveKey(baseKey uint32) (k1, k2 []byte)

func NewPekKey

func NewPekKey(lData []byte) []byte

NewPekKey returns a Pek key (the key portion of the PekKey structure)

func RemoveDES

func RemoveDES(b []byte, rid uint32) ([]byte, error)

Types

type CryptedHash

type CryptedHash struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	EncryptedHash []byte
}

func NewCryptedHash

func NewCryptedHash(inData []byte) (CryptedHash, error)

NewCryptedHash creates a CryptedHash object containing key material and encrypted content.

type CryptedHashW16

type CryptedHashW16 struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	Unknown       uint32
	EncryptedHash [32]byte
}

func NewCryptedHashW16

func NewCryptedHashW16(data []byte) CryptedHashW16

type CryptedHashW16History

type CryptedHashW16History struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	Unknown       uint32
	EncryptedHash []byte
}

func NewCryptedHashW16History

func NewCryptedHashW16History(data []byte) CryptedHashW16History

type DitReader

type DitReader struct {
	// contains filtered or unexported fields
}

func New

func New(system, ntds string) (DitReader, error)

New Creates a new dit dumper

func (*DitReader) DecryptRecord

func (d *DitReader) DecryptRecord(record esent.Esent_record) (DumpedHash, error)

func (DitReader) Dump

func (d DitReader) Dump() error

func (DitReader) GetOutChan

func (d DitReader) GetOutChan() <-chan DumpedHash

GetOutChan returns a reference to the objects output channel for read only operations

func (DitReader) PEK

func (d DitReader) PEK() ([][]byte, error)

type DumpedHash

type DumpedHash struct {
	Username string
	LMHash   []byte
	NTHash   []byte
	Rid      uint32
	Enabled  bool
	UAC      uacFlags
	Supp     SuppInfo
	History  PwdHistory
}

func (DumpedHash) HashString

func (d DumpedHash) HashString() string

func (DumpedHash) HistoryString

func (d DumpedHash) HistoryString() string

func (DumpedHash) HistoryStrings

func (d DumpedHash) HistoryStrings() []string

type PekKey

type PekKey struct {
	Header  [1]byte
	Padding [3]byte
	Key     [16]byte
}

type PeklistEnc

type PeklistEnc struct {
	Header       [8]byte
	KeyMaterial  [16]byte
	EncryptedPek []byte // ":"
}

func NewPeklistEnc

func NewPeklistEnc(lData []byte) (PeklistEnc, error)

NewPeklistEnc returns an encrypted peklist object from the passed in record

type PeklistPlain

type PeklistPlain struct {
	Header       [32]byte
	DecryptedPek []byte // ":"
}

func NewPeklistPlain

func NewPeklistPlain(lData []byte) PeklistPlain

NewPeklistPlain returns a cleartext peklist object from the passed in record

type PwdHistory

type PwdHistory struct {
	LmHist [][]byte
	NTHist [][]byte
}

type SAMRKerbKeyDataNew

type SAMRKerbKeyDataNew struct {
	Reserved1, Reserved2 uint16
	Reserved3, IterationCount,
	KeyType, KeyLength, KeyOffset uint32
}

func NewSAMRKerbKeyDataNew

func NewSAMRKerbKeyDataNew(d []byte) SAMRKerbKeyDataNew

type SAMRKerbStoredCredNew

type SAMRKerbStoredCredNew struct {
	/*
	   structure = (
	       ('Revision','<H=4'),
	       ('Flags','<H=0'),
	       ('CredentialCount','<H=0'),
	       ('ServiceCredentialCount','<H=0'),
	       ('OldCredentialCount','<H=0'),
	       ('OlderCredentialCount','<H=0'),
	       ('DefaultSaltLength','<H=0'),
	       ('DefaultSaltMaximumLength','<H=0'),
	       ('DefaultSaltOffset','<L=0'),
	       ('DefaultIterationCount','<L=0'),
	       ('Buffer',':'),
	   )
	*/
	Revision, Flags, CredentialCount,
	ServiceCredentialCount, OldCredentialCount,
	OlderCredentialCount, DefaultSaltLength,
	DefaultSaltMaximumLength uint16
	DefaultSaltOffset, DefaultIterationCount uint32
	Buffer                                   []byte
}

func NewSAMRKerbStoredCredNew

func NewSAMRKerbStoredCredNew(d []byte) SAMRKerbStoredCredNew

type SAMRRPCSID

type SAMRRPCSID struct {
	Revision            uint8   //'<B'
	SubAuthorityCount   uint8   //'<B'
	IdentifierAuthority [6]byte //SAMR_RPC_SID_IDENTIFIER_AUTHORITY
	SubLen              int     //    ('SubLen','_-SubAuthority','self["SubAuthorityCount"]*4'),
	SubAuthority        []byte  //':'
}

func NewSAMRRPCSID

func NewSAMRRPCSID(data []byte) (SAMRRPCSID, error)

func (SAMRRPCSID) FormatCanonical

func (s SAMRRPCSID) FormatCanonical() string

func (SAMRRPCSID) Rid

func (s SAMRRPCSID) Rid() uint32

type SAMRUserProperties

type SAMRUserProperties struct {
	Reserved1         uint32
	Length            uint32
	Reserved2         uint16
	Reserved3         uint16
	Reserved4         [96]byte
	PropertySignature uint16
	PropertyCount     uint16
	Properties        []SAMRUserProperty
}

func NewSAMRUserProperties

func NewSAMRUserProperties(data []byte) SAMRUserProperties

type SAMRUserProperty

type SAMRUserProperty struct {
	/*
			class USER_PROPERTY(Structure):
		    structure = (
		        ('NameLength','<H=0'),
		        ('ValueLength','<H=0'),
		        ('Reserved','<H=0'),
		        ('_PropertyName','_-PropertyName', "self['NameLength']"),
		        ('PropertyName',':'),
		        ('_PropertyValue','_-PropertyValue', "self['ValueLength']"),
		        ('PropertyValue',':'),
		)
	*/
	NameLength    uint16
	ValueLength   uint16
	Reserved      uint16
	PropertyName  []byte
	PropertyValue []byte
}

type SuppInfo

type SuppInfo struct {
	Username      string
	ClearPassword string
	NotASCII      bool
	KerbKeys      []string
}

func (SuppInfo) ClearString

func (s SuppInfo) ClearString() string

func (SuppInfo) KerbString

func (s SuppInfo) KerbString() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL