Documentation
¶
Index ¶
- Constants
- func DecodeADTimestamp(timestamp string) string
- func DecodeSID(s string) string
- func DecodeZuluTimestamp(timestamp string) string
- func JoinFilters(filters ...string) string
- func NegativeFilter(filter string) string
- func NewClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object
- type Client
- func (c *Client) AdvancedSearch(Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, ...) SearchResult
- func (c *Client) Authenticate(username, password string) bool
- func (c *Client) AuthenticateWithNTLMHash(username, hash string) bool
- func (c *Client) Close()
- func (c *Client) CollectMetadata() Metadata
- func (c *Client) FindADObjects(filter string) SearchResult
- func (c *Client) GetADActiveUsers() SearchResult
- func (c *Client) GetADAdmins() SearchResult
- func (c *Client) GetADDCList() SearchResult
- func (c *Client) GetADDomainSID() string
- func (c *Client) GetADGroups() SearchResult
- func (c *Client) GetADUserAsRepRoastable() SearchResult
- func (c *Client) GetADUserKerberoastable() SearchResult
- func (c *Client) GetADUserTrustedForDelegation() SearchResult
- func (c *Client) GetADUserWithNeverExpiringPasswords() SearchResult
- func (c *Client) GetADUserWithPasswordNotRequired() SearchResult
- func (c *Client) GetADUsers() SearchResult
- func (c *Client) Search(filter string, attributes ...string) SearchResult
- type Config
- type LdapAttributes
- type LdapEntry
- type Metadata
- type SearchResult
Constants ¶
const ( FilterIsPerson = "(objectCategory=person)" // The object is a person. FilterIsGroup = "(objectCategory=group)" // The object is a group. FilterIsComputer = "(objectCategory=computer)" // The object is a computer. FilterIsAdmin = "(adminCount=1)" // The object is an admin. FilterHasServicePrincipalName = "(servicePrincipalName=*)" // The object has a service principal name. FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)" // The logon script will be run. FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)" // The user account is disabled. FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" // The user account is enabled. FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)" // The home folder is required. FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)" // The user is locked out. FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)" // No password is required. FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)" // The user can't change the password. FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)" // The user can send an encrypted password. FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)" // It's an account for users whose primary account is in another domain. FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)" // It's a default account type that represents a typical user. FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)" // It's a permit to trust an account for a system domain that trusts other domains. FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)" // It's a computer account for a computer that is running old Windows builds. FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)" // It's a computer account for a domain controller that is a member of this domain. FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)" // Represents the password, which should never expire on the account. FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)" // It's an MNS logon account. FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)" // When this flag is set, it forces the user to log on by using a smart card. FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)" // When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" // When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" // Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" // This account doesn't require Kerberos pre-authentication for logging on. FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" // The user's password has expired. FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" // The account is enabled for delegation. FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" // The account is a read-only domain controller (RODC). )
LDAP makes you search using an OID http://oid-info.com/get/1.2.840.113556.1.4.803
The one for the userAccountControl in MS Active Directory is 1.2.840.113556.1.4.803 (LDAP_MATCHING_RULE_BIT_AND)
We can look at the enabled flags using a query like (!(userAccountControl:1.2.840.113556.1.4.803:=2))
Variables ¶
This section is empty.
Functions ¶
func DecodeADTimestamp ¶ added in v3.2.0
DecodeADTimestamp decodes an Active Directory timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeADTimestamp('132036744000000000'); log(timestamp); ```
func DecodeSID ¶ added in v3.2.0
DecodeSID decodes a SID string @example ```javascript const ldap = require('nuclei/ldap'); const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013'); log(sid); ```
func DecodeZuluTimestamp ¶ added in v3.2.0
DecodeZuluTimestamp decodes a Zulu timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z'); log(timestamp); ```
func JoinFilters ¶ added in v3.2.0
JoinFilters joins multiple filters into a single filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled); ```
func NegativeFilter ¶ added in v3.2.0
NegativeFilter returns a negative filter for a given filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.NegativeFilter(ldap.FilterIsPerson); ```
func NewClient ¶ added in v3.2.0
Constructor for creating a new ldap client The following schemas are supported for url: ldap://, ldaps://, ldapi://, and cldap:// (RFC1798, deprecated but used by Active Directory). ldaps uses TLS/SSL, ldapi uses a Unix domain socket, and cldap uses connectionless LDAP. Constructor: constructor(public ldapUrl: string, public realm: string, public config?: Config)
Types ¶
type Client ¶ added in v3.2.0
type Client struct {
Host string // Hostname
Port int // Port
Realm string // Realm
BaseDN string // BaseDN (generated from Realm)
// contains filtered or unexported fields
}
Client is a client for ldap protocol in nuclei @example ```javascript const ldap = require('nuclei/ldap'); // here ldap.example.com is the ldap server and acme.com is the realm const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); ``` @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; // optional config can be passed as third argument const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg); ```
func (*Client) AdvancedSearch ¶ added in v3.2.0
func (c *Client) AdvancedSearch( Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, Attributes []string, Controls []ldap.Control) SearchResult
AdvancedSearch accepts all values of search request type and return Ldap Entry its up to user to handle the response @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []); ```
func (*Client) Authenticate ¶ added in v3.2.0
Authenticate authenticates with the ldap server using the given username and password performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Authenticate('user', 'password'); ```
func (*Client) AuthenticateWithNTLMHash ¶ added in v3.2.0
AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.AuthenticateWithNTLMHash('pdtm', 'hash'); ```
func (*Client) Close ¶ added in v3.2.0
func (c *Client) Close()
close the ldap connection @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Close(); ```
func (*Client) CollectMetadata ¶ added in v3.2.0
CollectLdapMetadata collects metadata from ldap server. @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const metadata = client.CollectMetadata(); log(to_json(metadata)); ```
func (*Client) FindADObjects ¶ added in v3.2.0
func (c *Client) FindADObjects(filter string) SearchResult
FindADObjects finds AD objects based on a filter and returns them as a list of ADObject @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.FindADObjects(ldap.FilterIsPerson); log(to_json(users)); ```
func (*Client) GetADActiveUsers ¶ added in v3.2.0
func (c *Client) GetADActiveUsers() SearchResult
GetADActiveUsers returns all AD users using FilterIsPerson and FilterAccountEnabled filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADActiveUsers(); log(to_json(users)); ```
func (*Client) GetADAdmins ¶ added in v3.2.0
func (c *Client) GetADAdmins() SearchResult
GetADAdmins returns all AD admins using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const admins = client.GetADAdmins(); log(to_json(admins)); ```
func (*Client) GetADDCList ¶ added in v3.2.0
func (c *Client) GetADDCList() SearchResult
GetADDCList returns all AD domain controllers using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const dcs = client.GetADDCList(); log(to_json(dcs)); ```
func (*Client) GetADDomainSID ¶ added in v3.2.0
GetADDomainSID returns the SID of the AD domain @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const domainSID = client.GetADDomainSID(); log(domainSID); ```
func (*Client) GetADGroups ¶ added in v3.2.0
func (c *Client) GetADGroups() SearchResult
GetADGroups returns all AD groups using FilterIsGroup filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const groups = client.GetADGroups(); log(to_json(groups)); ```
func (*Client) GetADUserAsRepRoastable ¶ added in v3.2.4
func (c *Client) GetADUserAsRepRoastable() SearchResult
GetADUserAsRepRoastable returns all AD users that are AsRepRoastable using FilterIsPerson, and FilterDontRequirePreauth filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const AsRepRoastable = client.GetADUserAsRepRoastable(); log(to_json(AsRepRoastable)); ```
func (*Client) GetADUserKerberoastable ¶ added in v3.2.0
func (c *Client) GetADUserKerberoastable() SearchResult
GetADUserKerberoastable returns all AD users that are kerberoastable using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const kerberoastable = client.GetADUserKerberoastable(); log(to_json(kerberoastable)); ```
func (*Client) GetADUserTrustedForDelegation ¶ added in v3.2.0
func (c *Client) GetADUserTrustedForDelegation() SearchResult
GetADUserTrustedForDelegation returns all AD users that are trusted for delegation using FilterIsPerson and FilterTrustedForDelegation filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserTrustedForDelegation(); log(to_json(users)); ```
func (*Client) GetADUserWithNeverExpiringPasswords ¶ added in v3.2.0
func (c *Client) GetADUserWithNeverExpiringPasswords() SearchResult
GetAdUserWithNeverExpiringPasswords returns all AD users using FilterIsPerson and FilterDontExpirePassword filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithNeverExpiringPasswords(); log(to_json(users)); ```
func (*Client) GetADUserWithPasswordNotRequired ¶ added in v3.2.0
func (c *Client) GetADUserWithPasswordNotRequired() SearchResult
GetADUserWithPasswordNotRequired returns all AD users that do not require a password using FilterIsPerson and FilterPasswordNotRequired filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithPasswordNotRequired(); log(to_json(users)); ```
func (*Client) GetADUsers ¶ added in v3.2.0
func (c *Client) GetADUsers() SearchResult
GetADUsers returns all AD users using FilterIsPerson filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```
func (*Client) Search ¶ added in v3.2.0
func (c *Client) Search(filter string, attributes ...string) SearchResult
Search accepts whatever filter and returns a list of maps having provided attributes as keys and associated values mirroring the ones returned by ldap @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```
type Config ¶ added in v3.2.0
type Config struct {
// Timeout is the timeout for the ldap client in seconds
Timeout int
ServerName string // default to host (when using tls)
Upgrade bool // when true first connects to non-tls and then upgrades to tls
}
Config is extra configuration for the ldap client @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; cfg.Upgrade = true; // upgrade to tls ```
type LdapAttributes ¶ added in v3.3.0
type LdapAttributes struct {
// CurrentTime contains current time
CurrentTime []string `json:"currentTime,omitempty"`
// SubschemaSubentry contains subschema subentry
SubschemaSubentry []string `json:"subschemaSubentry,omitempty"`
// DsServiceName contains ds service name
DsServiceName []string `json:"dsServiceName,omitempty"`
// NamingContexts contains naming contexts
NamingContexts []string `json:"namingContexts,omitempty"`
// DefaultNamingContext contains default naming context
DefaultNamingContext []string `json:"defaultNamingContext,omitempty"`
// SchemaNamingContext contains schema naming context
SchemaNamingContext []string `json:"schemaNamingContext,omitempty"`
// ConfigurationNamingContext contains configuration naming context
ConfigurationNamingContext []string `json:"configurationNamingContext,omitempty"`
// RootDomainNamingContext contains root domain naming context
RootDomainNamingContext []string `json:"rootDomainNamingContext,omitempty"`
// SupportedLDAPVersion contains supported LDAP version
SupportedLDAPVersion []string `json:"supportedLDAPVersion,omitempty"`
// HighestCommittedUSN contains highest committed USN
HighestCommittedUSN []string `json:"highestCommittedUSN,omitempty"`
// SupportedSASLMechanisms contains supported SASL mechanisms
SupportedSASLMechanisms []string `json:"supportedSASLMechanisms,omitempty"`
// DnsHostName contains DNS host name
DnsHostName []string `json:"dnsHostName,omitempty"`
// LdapServiceName contains LDAP service name
LdapServiceName []string `json:"ldapServiceName,omitempty"`
// ServerName contains server name
ServerName []string `json:"serverName,omitempty"`
// IsSynchronized contains is synchronized
IsSynchronized []string `json:"isSynchronized,omitempty"`
// IsGlobalCatalogReady contains is global catalog ready
IsGlobalCatalogReady []string `json:"isGlobalCatalogReady,omitempty"`
// DomainFunctionality contains domain functionality
DomainFunctionality []string `json:"domainFunctionality,omitempty"`
// ForestFunctionality contains forest functionality
ForestFunctionality []string `json:"forestFunctionality,omitempty"`
// DomainControllerFunctionality contains domain controller functionality
DomainControllerFunctionality []string `json:"domainControllerFunctionality,omitempty"`
// DistinguishedName contains the distinguished name
DistinguishedName []string `json:"distinguishedName,omitempty"`
// SAMAccountName contains the SAM account name
SAMAccountName []string `json:"sAMAccountName,omitempty"`
// PWDLastSet contains the password last set time
PWDLastSet []string `json:"pwdLastSet,omitempty"`
// LastLogon contains the last logon time
LastLogon []string `json:"lastLogon,omitempty"`
// MemberOf contains the groups the entry is a member of
MemberOf []string `json:"memberOf,omitempty"`
// ServicePrincipalName contains the service principal names
ServicePrincipalName []string `json:"servicePrincipalName,omitempty"`
// Extra contains other extra fields which might be present
Extra map[string]any `json:"extra,omitempty"`
}
LdapAttributes represents all LDAP attributes of a particular ldap entry
type LdapEntry ¶ added in v3.3.0
type LdapEntry struct {
// DN contains distinguished name
DN string `json:"dn"`
// Attributes contains list of attributes
Attributes LdapAttributes `json:"attributes"`
}
LdapEntry represents a single LDAP entry
type Metadata ¶ added in v3.2.0
type Metadata struct {
BaseDN string
Domain string
DefaultNamingContext string
DomainFunctionality string
ForestFunctionality string
DomainControllerFunctionality string
DnsHostName string
}
Metadata is the metadata for ldap server. this is returned by CollectMetadata method
type SearchResult ¶ added in v3.3.0
type SearchResult struct {
// Referrals contains list of referrals
Referrals []string `json:"referrals"`
// Controls contains list of controls
Controls []string `json:"controls"`
// Entries contains list of entries
Entries []LdapEntry `json:"entries"`
}
SearchResult contains search result of any / all ldap search request @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```
Source Files