kerberos

package
v3.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2024 License: MIT, Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ASRepToHashcat

func ASRepToHashcat(asrep messages.ASRep) (string, error)

ASRepToHashcat converts an AS-REP message to a hashcat format

func CheckKrbError

func CheckKrbError(b []byte) ([]byte, error)

CheckKrbError checks if the response bytes from the KDC are a KRBError.

func NewKerberosClient

func NewKerberosClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object

Constructor for Kerberos Client Constructor: constructor(public domain: string, public controller?: string) When controller is empty or not given krb5 will perform a DNS lookup for the default KDC server and retrieve its address from the DNS server

func SendToKDC

func SendToKDC(kclient *Client, msg string) (string, error)

sendtokdc.go deals with actual sending and receiving responses from KDC SendToKDC sends a message to the KDC and returns the response. It first tries to send the message over TCP, and if that fails, it falls back to UDP.(and vice versa) @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com'); const response = kerberos.SendToKDC(client, 'message'); ```

func TGStoHashcat

func TGStoHashcat(tgs messages.Ticket, username string) (string, error)

TGStoHashcat converts a TGS to a hashcat format.

Types

type Client

type Client struct {
	Krb5Config *kconfig.Config
	Realm      string
	// contains filtered or unexported fields
}

Known Issues: Hardcoded timeout in gokrb5 library TGT / Session Handling not exposed Client is kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); // if controller is empty a dns lookup for default kdc server will be performed const client = new kerberos.Client('acme.com', 'kdc.acme.com'); ```

func NewKerberosClientFromString

func NewKerberosClientFromString(cfg string) (*Client, error)

NewKerberosClientFromString creates a new kerberos client from a string by parsing krb5.conf @example ```javascript const kerberos = require('nuclei/kerberos'); const client = kerberos.NewKerberosClientFromString(` [libdefaults] default_realm = ACME.COM dns_lookup_kdc = true `); ```

func (*Client) EnumerateUser

func (c *Client) EnumerateUser(username string) (EnumerateUserResponse, error)

EnumerateUser and attempt to get AS-REP hash by disabling PA-FX-FAST @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const resp = client.EnumerateUser('pdtm'); log(resp); ```

func (*Client) GetServiceTicket

func (c *Client) GetServiceTicket(User, Pass, SPN string) (TGS, error)

GetServiceTicket returns a TGS for a given user, password and SPN @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const resp = client.GetServiceTicket('pdtm', 'password', 'HOST/CLIENT1'); log(resp); ```

func (*Client) SetConfig

func (c *Client) SetConfig(cfg *Config)

SetConfig sets additional config for the kerberos client Note: as of now ip and timeout overrides are only supported in EnumerateUser due to fastdialer but can be extended to other methods currently @example ```javascript const kerberos = require('nuclei/kerberos'); const client = new kerberos.Client('acme.com', 'kdc.acme.com'); const cfg = new kerberos.Config(); cfg.SetIPAddress('192.168.100.22'); cfg.SetTimeout(5); client.SetConfig(cfg); ```

type Config

type Config struct {
	// contains filtered or unexported fields
}

Config is extra configuration for the kerberos client

func (*Config) SetIPAddress

func (c *Config) SetIPAddress(ip string) *Config

SetIPAddress sets the IP address for the kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); const cfg = new kerberos.Config(); cfg.SetIPAddress('10.10.10.1'); ```

func (*Config) SetTimeout

func (c *Config) SetTimeout(timeout int) *Config

SetTimeout sets the RW timeout for the kerberos client @example ```javascript const kerberos = require('nuclei/kerberos'); const cfg = new kerberos.Config(); cfg.SetTimeout(5); ```

type EnumerateUserResponse

type EnumerateUserResponse struct {
	Valid     bool   `json:"valid"`
	ASREPHash string `json:"asrep_hash"`
	Error     string `json:"error"`
}

EnumerateUserResponse is the response from EnumerateUser

type TGS

type TGS struct {
	Ticket messages.Ticket `json:"ticket"`
	Hash   string          `json:"hash"`
	ErrMsg string          `json:"error"`
}

TGS is the response from GetServiceTicket

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL