Documentation ¶
Index ¶
- func ASRepToHashcat(asrep messages.ASRep) (string, error)
- func CheckKrbError(b []byte) ([]byte, error)
- func NewKerberosClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object
- func SendToKDC(kclient *Client, msg string) (string, error)
- func TGStoHashcat(tgs messages.Ticket, username string) (string, error)
- type Client
- type Config
- type EnumerateUserResponse
- type TGS
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ASRepToHashcat ¶ added in v3.2.0
ASRepToHashcat converts an AS-REP message to a hashcat format
func CheckKrbError ¶ added in v3.2.0
CheckKrbError checks if the response bytes from the KDC are a KRBError.
func NewKerberosClient ¶ added in v3.2.0
Constructor for Kerberos Client Constructor: constructor(public domain: string, public controller?: string) When controller is empty or not given krb5 will perform a DNS lookup for the default KDC server and retrieve its address from the DNS server
func SendToKDC ¶ added in v3.2.0
sendtokdc.go deals with actual sending and receiving responses from KDC SendToKDC sends a message to the KDC and returns the response. It first tries to send the message over TCP, and if that fails, it falls back to UDP.(and vice versa) @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com'); const response = kerberos.SendToKDC(client, 'message'); ```
Types ¶
type Client ¶ added in v3.2.0
type Client struct { Krb5Config *kconfig.Config Realm string // contains filtered or unexported fields }
Known Issues: Hardcoded timeout in gokrb5 library TGT / Session Handling not exposed Client is kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); // if controller is empty a dns lookup for default kdc server will be performed const client = new kerberos.Client('acme.com', 'kdc.acme.com'); ```
func NewKerberosClientFromString ¶ added in v3.2.0
NewKerberosClientFromString creates a new kerberos client from a string by parsing krb5.conf @example ```javascript const kerberos = require('nuclei/kerberos'); const client = kerberos.NewKerberosClientFromString(` [libdefaults] default_realm = ACME.COM dns_lookup_kdc = true `); ```
func (*Client) EnumerateUser ¶ added in v3.2.0
func (c *Client) EnumerateUser(username string) (EnumerateUserResponse, error)
EnumerateUser and attempt to get AS-REP hash by disabling PA-FX-FAST @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const resp = client.EnumerateUser('pdtm'); log(resp); ```
func (*Client) GetServiceTicket ¶ added in v3.2.0
GetServiceTicket returns a TGS for a given user, password and SPN @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const resp = client.GetServiceTicket('pdtm', 'password', 'HOST/CLIENT1'); log(resp); ```
func (*Client) SetConfig ¶ added in v3.2.0
SetConfig sets additional config for the kerberos client Note: as of now ip and timeout overrides are only supported in EnumerateUser due to fastdialer but can be extended to other methods currently @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const cfg = new kerberos.Config(); cfg.SetIPAddress('192.168.100.22'); cfg.SetTimeout(5); client.SetConfig(cfg); ```
type Config ¶ added in v3.2.0
type Config struct {
// contains filtered or unexported fields
}
Config is extra configuration for the kerberos client
func (*Config) SetIPAddress ¶ added in v3.2.0
SetIPAddress sets the IP address for the kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); const cfg = new kerberos.Config(); cfg.SetIPAddress('10.10.10.1'); ```
func (*Config) SetTimeout ¶ added in v3.2.0
SetTimeout sets the RW timeout for the kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); const cfg = new kerberos.Config(); cfg.SetTimeout(5); ```
type EnumerateUserResponse ¶
type EnumerateUserResponse struct { Valid bool `json:"valid"` ASREPHash string `json:"asrep_hash"` Error string `json:"error"` }
EnumerateUserResponse is the response from EnumerateUser