Documentation ¶
Index ¶
- Constants
- Variables
- func CookieGen() []byte
- func DoConnectExRequest(MAPI []byte, auxLen uint32) ([]byte, error)
- func EcDoRPCAbk(MAPI []byte, l int) ([]byte, error)
- func EcDoRPCExt2(MAPI []byte, auxLen uint32) ([]byte, error)
- func RPCBind() error
- func RPCDisconnect()
- func RPCDummy()
- func RPCOpen(URL string, readySignal chan bool, errOccurred chan error) (err error)
- func RPCOpenOut(URL string, readySignal chan bool, errOccurred chan error) (err error)
- func RPCOutWrite(data []byte)
- func RPCPing()
- func RPCWrite(data []byte)
- func RPCWriteN(MAPI []byte, auxlen uint32, opnum byte)
- func SplitData(data []byte, atEOF bool) (advance int, token []byte, err error)
- type AUXBuffer
- type AUXClientConnectionInfo
- type AUXHeader
- type AUXPerfAccountInfo
- type AUXPerfClientInfo
- type AUXPerfGCSuccess
- type AUXTPerfMDBSuccess
- type AUXTypePerfProcessInfo
- type AUXTypePerfRequestID
- type AUXTypePerfSessionInfo
- type AssociationGroupID
- type Auth3Request
- type AuxInfo
- type BindPDU
- type CONNA1
- type CONNB1
- type CTX
- type ChannelLifetime
- type ClientKeepalive
- type ConnectExRequest
- type Cookie
- type PDUData
- type RPCHeader
- type RPCResponse
- type RTSHeader
- type RTSPing
- type RTSRequest
- type RTSSec
Constants ¶
const ( PFC_FIRST_FRAG = 0x01 PFC_LAST_FRAG = 0x02 PFC_PENDING_CANCEL = 0x04 PFC_SUPPORT_HEADER_SIGN = 0x04 PFC_RESERVED_1 = 0x08 PFC_CONC_MPX = 0x10 PFC_DID_NOT_EXECUTE = 0x20 PFC_MAYBE = 0x40 PFC_OBJECT_UUID = 0x80 )
const ( DCERPC_PKT_REQUEST = 0x00 DCERPC_PKT_PING = 0x01 DCERPC_PKT_RESPONSE = 0x02 DCERPC_PKT_FAULT = 0x03 DCERPC_PKT_WORKING = 0x04 DCERPC_PKT_NOCALL = 0x05 DCERPC_PKT_REJECT = 0x06 DCERPC_PKT_ACK = 0x07 DCERPC_PKT_CL_CANCEL = 0x08 DCERPC_PKT_FACK = 0x09 DCERPC_PKT_CANCEL_ACK = 0x0A DCERPC_PKT_BIND = 0x0B DCERPC_PKT_BIND_ACK = 0x0C DCERPC_PKT_BIND_NAK = 0x0D DCERPC_PKT_ALTER = 0x0E DCERPC_PKT_ALTER_RESP = 0x0F DCERPC_PKT_AUTH_3 = 0x10 DCERPC_PKT_SHUTDOWN = 0x11 DCERPC_PKT_CO_CANCEL = 0x12 DCERPC_PKT_ORPHANED = 0x13 DCERPC_PKT_RTS = 0x14 )
as defined in dcerpc.idl
const ( RTS_FLAG_NONE = 0x00 RTS_FLAG_PING = 0x01 RTS_FLAG_OTHER_CMD = 0x02 RTS_FLAG_RECYCLE_CHANNEL = 0x04 RTS_FLAG_IN_CHANNEL = 0x08 RTS_FLAG_OUT_CHANNEL = 0x10 RTS_FLAG_EOF = 0x20 RTS_FLAG_ECHO = 0x40 )
RTS Flags
const ( RTS_CMD_RECEIVE_WINDOW_SIZE = 0 RTS_CMD_FLOW_CONTROL_ACK = 1 RTS_CMD_CONNECTION_TIMEOUT = 2 RTS_CMD_COOKIE = 3 RTS_CMD_CHANNEL_LIFETIME = 4 RTS_CMD_CLIENT_KEEPALIVE = 5 RTS_CMD_VERSION = 6 RTS_CMD_EMPTY = 7 RTS_CMD_PADDING = 8 RTS_CMD_NEGATIVE_ANCE = 9 RTS_CMD_ANCE = 10 RTS_CMD_CLIENT_ADDRESS = 11 RTS_CMD_ASSOCIATION_GROUP_ID = 12 RTS_CMD_DESTINATION = 13 RTS_CMD_PING_TRAFFIC_SENT_NOTIFY = 14 RTS_CMD_CUSTOM_OUT = 15 )
RTS CMD
const ( RPC_C_AUTHN_NONE = 0x0 RPC_C_AUTHN_GSS_NEGOTIATE = 0x9 // SPNEGO RPC_C_AUTHN_WINNT = 0xa // NTLM RPC_C_AUTHN_GSS_SCHANNEL = 0xe // TLS RPC_C_AUTHN_GSS_KERBEROS = 0x10 // Kerberos RPC_C_AUTHN_NETLOGON = 0x44 // Netlogon RPC_C_AUTHN_DEFAULT = 0xff // (NTLM) RPC_C_AUTHN_LEVEL_DEFAULT = 0 RPC_C_AUTHN_LEVEL_NONE = 1 RPC_C_AUTHN_LEVEL_CONNECT = 2 RPC_C_AUTHN_LEVEL_CALL = 3 RPC_C_AUTHN_LEVEL_PKT = 4 RPC_C_AUTHN_LEVEL_PKT_INTEGRITY = 5 RPC_C_AUTHN_LEVEL_PKT_PRIVACY = 6 )
Variables ¶
var AuthSession *utils.Session
AuthSession Keep track of session data
Functions ¶
func DoConnectExRequest ¶
DoConnectExRequest makes our connection request. After this we can use EcDoRPCExt2 to make our MAPI requests
func EcDoRPCExt2 ¶
EcDoRPCExt2 does our actual RPC request returns the mapi data
func RPCOpenOut ¶
RPCOpenOut function opens the RPC_OUT_DATA channel starts our listening "loop" which scans for new responses and pushes these to our list of recieved responses
func RPCOutWrite ¶
func RPCOutWrite(data []byte)
RPCOutWrite function writes to the RPC_OUT_DATA channel, this should only happen once, for ConnA1
Types ¶
type AUXClientConnectionInfo ¶
type AUXClientConnectionInfo struct { Header AUXHeader ConnectionGUID []byte OffsetConnectionContextInfo uint16 Reserved uint16 ConnectionAttempts uint32 ConnectionFlags uint32 ConnectionContextInfo []byte }
AUXClientConnectionInfo used for aux info
func (AUXClientConnectionInfo) Marshal ¶
func (auxbuf AUXClientConnectionInfo) Marshal() []byte
Marshal AUXClientConnectionInfo
type AUXPerfAccountInfo ¶
AUXPerfAccountInfo used for aux info
func (AUXPerfAccountInfo) Marshal ¶
func (auxbuf AUXPerfAccountInfo) Marshal() []byte
Marshal AUXPerfAccountInfo
type AUXPerfClientInfo ¶
type AUXPerfClientInfo struct { Header AUXHeader AdapterSpeed uint32 ClientID uint16 MachineNameOffset uint16 UserNameOffset uint16 ClientIPSize uint16 ClientIPOffset uint16 ClientIPMaskSize uint16 ClientIPMaskOffset uint16 AdapterNameOffset uint16 MacAddressSize uint16 MacAddressOffset uint16 ClientMode uint16 Reserved uint16 MachineName []byte UserName []byte ClientIP []byte ClientIPMask []byte AdapterName []byte MacAddress []byte }
AUXPerfClientInfo used for aux info
func (AUXPerfClientInfo) Marshal ¶
func (auxbuf AUXPerfClientInfo) Marshal() []byte
Marshal AUXPerfClientInfo
type AUXPerfGCSuccess ¶
type AUXPerfGCSuccess struct { Header AUXHeader ClientID uint16 ServerID uint16 Reserved uint16 TimeSinceRequest uint32 TimeToCompleteRequest uint32 RequestOperation uint8 Reserved2 []byte }
AUXPerfGCSuccess used for aux info
func (AUXPerfGCSuccess) Marshal ¶
func (auxbuf AUXPerfGCSuccess) Marshal() []byte
Marshal AUXPerfGCSuccess
type AUXTPerfMDBSuccess ¶
type AUXTPerfMDBSuccess struct { Header AUXHeader ClientID uint16 ServerID uint16 SessionID uint16 RequestID uint16 TimeSinceRequest uint32 TimeToCompleteRequest uint32 }
AUXTPerfMDBSuccess used for aux info
func (AUXTPerfMDBSuccess) Marshal ¶
func (auxbuf AUXTPerfMDBSuccess) Marshal() []byte
Marshal AUXTPerfMDBSuccess
type AUXTypePerfProcessInfo ¶
type AUXTypePerfProcessInfo struct { Header AUXHeader ProcessID uint16 Reserved uint16 ProcessGUID []byte ProcessNameOffset uint16 Reserved2 uint16 ProcessName []byte }
AUXTypePerfProcessInfo used for aux info
func (AUXTypePerfProcessInfo) Marshal ¶
func (auxbuf AUXTypePerfProcessInfo) Marshal() []byte
Marshal AUXTypePerfProcessInfo
type AUXTypePerfRequestID ¶
AUXTypePerfRequestID used for aux info
func (AUXTypePerfRequestID) Marshal ¶
func (auxbuf AUXTypePerfRequestID) Marshal() []byte
Marshal AUXTypePerfRequestID
type AUXTypePerfSessionInfo ¶
type AUXTypePerfSessionInfo struct { Header AUXHeader SessionID uint16 Reserved uint16 SessionGUID []byte ConnectionID uint32 }
AUXTypePerfSessionInfo used for aux info
func (AUXTypePerfSessionInfo) Marshal ¶
func (auxbuf AUXTypePerfSessionInfo) Marshal() []byte
Marshal AUXTypePerfSessionInfo
type AssociationGroupID ¶
AssociationGroupID used to hold the group id
type Auth3Request ¶
type Auth3Request struct { Header RTSHeader MaxFrag uint16 MaxRecvFrag uint16 //Pad uint32 SecTrailer []byte AuthData []byte }
Auth3Request struct
func Auth3 ¶
func Auth3(authLevel, authType uint8, authData []byte) Auth3Request
func (Auth3Request) Marshal ¶
func (authBind Auth3Request) Marshal() []byte
Marshal turn Auth3Request into Bytes
type AuxInfo ¶
type AuxInfo interface {
Marshal() []byte
}
AuxInfo interface to make Aux buffers generic
type BindPDU ¶
type BindPDU struct { Header RTSHeader MaxFrag uint16 MaxRecvFrag uint16 AssociationGroupID uint32 CtxNum uint32 //2 CtxItems []byte SecTrailer []byte AuthData []byte }
BindPDU struct
func SecureBind ¶
func SecureBind(authLevel, authType uint8, session *ntlm.ClientSession) BindPDU
type CONNA1 ¶
type CONNA1 struct { Header RTSHeader Flags uint16 NumberOfCommands uint16 Version []byte //8 bytes VirtualConnectCookie Cookie OutChannelCookie Cookie ReceiveWindowSize []byte //8 bytes }
CONNA1 struct for initial connection
type CONNB1 ¶
type CONNB1 struct { Header RTSHeader Flags uint16 NumberOfCommands uint16 Version []byte //8 bytes VirtualConnectCookie Cookie InChannelCookie Cookie ChannelLifetime ChannelLifetime ClientKeepAlive ClientKeepalive AssociatonGroupID AssociationGroupID }
CONNB1 struct for initial connection
type CTX ¶
type CTX struct { ContextID uint16 TransItems uint8 Pad uint8 AbstractSyntax []byte //20 bytes TransferSyntax []byte //20 bytes }
CTX item used in Bind
type ChannelLifetime ¶
type ChannelLifetime struct { CommandType uint32 //always 04 ChannelLifetime uint32 //range of 128kb to 2 Gb }
ChannelLifetime holds lifetime of channel
type ClientKeepalive ¶
type ClientKeepalive struct { CommandType uint32 //always 05 ClientKeepalive uint32 //range of 128kb to 2 Gb }
ClientKeepalive specifies how long the channel is kept open
type ConnectExRequest ¶
type ConnectExRequest struct { Header RTSHeader MaxFrag uint16 MaxRecv uint16 Version []byte //8-byte ContextHandle []byte //16-byte cookie Data []byte //our MAPI request goes here AuxBufLen uint32 RgbAuxIn []byte CbAuxIn uint32 AuxOut uint32 }
ConnectExRequest our connection request
func (ConnectExRequest) Marshal ¶
func (rtsRequest ConnectExRequest) Marshal() []byte
Marshal ConnectExRequest into bytes
type PDUData ¶
type RPCHeader ¶
type RPCHeader struct { Version uint16 //always 0x0000 Flags uint16 //0x0001 Compressed, 0x0002 XorMagic, 0x0004 Last Size uint16 SizeActual uint16 //Compressed size (if 0x0001 set) }
RPCHeader common fields
type RPCResponse ¶
type RPCResponse struct { Header RTSHeader PDU []byte SecTrailer []byte Body []byte AutData []byte }
RPCResponse to hold the data from our response
func RPCRead ¶
func RPCRead(callID int) (RPCResponse, error)
RPCRead function takes a call ID and searches for the response in our list of received responses. Blocks until it finds a response
type RTSHeader ¶
type RTSHeader struct { Version uint8 //05 VersionMinor uint8 //00 Type uint8 PFCFlags uint8 PackedDrep uint32 FragLen uint16 AuthLen uint16 CallID uint32 }
RTSHeader structure for unmarshal
type RTSRequest ¶
type RTSRequest struct { Header RTSHeader MaxFrag uint16 MaxRecv uint16 Command []byte //8-byte PduData []byte //PDUData // ContextHandle []byte //16-byte cookie // Data []byte //our MAPI request goes here //RPC Parts // CbAuxIn uint32 // AuxOut uint32 SecTrailer []byte AuthData []byte }
RTSRequest an RTSRequest
func (RTSRequest) Marshal ¶
func (rtsRequest RTSRequest) Marshal() []byte
Marshal turn RTSRequest into Bytes