ldap

package
v3.3.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 11, 2024 License: MIT, Apache-2.0 Imports: 12 Imported by: 0

Documentation

Index

Constants

View Source
const (
	FilterIsPerson                   = "(objectCategory=person)"                               // The object is a person.
	FilterIsGroup                    = "(objectCategory=group)"                                // The object is a group.
	FilterIsComputer                 = "(objectCategory=computer)"                             // The object is a computer.
	FilterIsAdmin                    = "(adminCount=1)"                                        // The object is an admin.
	FilterHasServicePrincipalName    = "(servicePrincipalName=*)"                              // The object has a service principal name.
	FilterLogonScript                = "(userAccountControl:1.2.840.113556.1.4.803:=1)"        // The logon script will be run.
	FilterAccountDisabled            = "(userAccountControl:1.2.840.113556.1.4.803:=2)"        // The user account is disabled.
	FilterAccountEnabled             = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))"     // The user account is enabled.
	FilterHomedirRequired            = "(userAccountControl:1.2.840.113556.1.4.803:=8)"        // The home folder is required.
	FilterLockout                    = "(userAccountControl:1.2.840.113556.1.4.803:=16)"       // The user is locked out.
	FilterPasswordNotRequired        = "(userAccountControl:1.2.840.113556.1.4.803:=32)"       // No password is required.
	FilterPasswordCantChange         = "(userAccountControl:1.2.840.113556.1.4.803:=64)"       // The user can't change the password.
	FilterCanSendEncryptedPassword   = "(userAccountControl:1.2.840.113556.1.4.803:=128)"      // The user can send an encrypted password.
	FilterIsDuplicateAccount         = "(userAccountControl:1.2.840.113556.1.4.803:=256)"      // It's an account for users whose primary account is in another domain.
	FilterIsNormalAccount            = "(userAccountControl:1.2.840.113556.1.4.803:=512)"      // It's a default account type that represents a typical user.
	FilterInterdomainTrustAccount    = "(userAccountControl:1.2.840.113556.1.4.803:=2048)"     // It's a permit to trust an account for a system domain that trusts other domains.
	FilterWorkstationTrustAccount    = "(userAccountControl:1.2.840.113556.1.4.803:=4096)"     // It's a computer account for a computer that is running old Windows builds.
	FilterServerTrustAccount         = "(userAccountControl:1.2.840.113556.1.4.803:=8192)"     // It's a computer account for a domain controller that is a member of this domain.
	FilterDontExpirePassword         = "(userAccountControl:1.2.840.113556.1.4.803:=65536)"    // Represents the password, which should never expire on the account.
	FilterMnsLogonAccount            = "(userAccountControl:1.2.840.113556.1.4.803:=131072)"   // It's an MNS logon account.
	FilterSmartCardRequired          = "(userAccountControl:1.2.840.113556.1.4.803:=262144)"   // When this flag is set, it forces the user to log on by using a smart card.
	FilterTrustedForDelegation       = "(userAccountControl:1.2.840.113556.1.4.803:=524288)"   // When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.
	FilterNotDelegated               = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)"  // When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation.
	FilterUseDesKeyOnly              = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)"  // Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
	FilterDontRequirePreauth         = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)"  // This account doesn't require Kerberos pre-authentication for logging on.
	FilterPasswordExpired            = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)"  // The user's password has expired.
	FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" // The account is enabled for delegation.
	FilterPartialSecretsAccount      = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" // The account is a read-only domain controller (RODC).

)

LDAP makes you search using an OID http://oid-info.com/get/1.2.840.113556.1.4.803

The one for the userAccountControl in MS Active Directory is 1.2.840.113556.1.4.803 (LDAP_MATCHING_RULE_BIT_AND)

We can look at the enabled flags using a query like (!(userAccountControl:1.2.840.113556.1.4.803:=2))

https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties

Variables

This section is empty.

Functions

func DecodeADTimestamp

func DecodeADTimestamp(timestamp string) string

DecodeADTimestamp decodes an Active Directory timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeADTimestamp('132036744000000000'); log(timestamp); ```

func DecodeSID

func DecodeSID(s string) string

DecodeSID decodes a SID string @example ```javascript const ldap = require('nuclei/ldap'); const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013'); log(sid); ```

func DecodeZuluTimestamp

func DecodeZuluTimestamp(timestamp string) string

DecodeZuluTimestamp decodes a Zulu timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z'); log(timestamp); ```

func JoinFilters

func JoinFilters(filters ...string) string

JoinFilters joins multiple filters into a single filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled); ```

func NegativeFilter

func NegativeFilter(filter string) string

NegativeFilter returns a negative filter for a given filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.NegativeFilter(ldap.FilterIsPerson); ```

func NewClient

func NewClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object

Constructor for creating a new ldap client The following schemas are supported for url: ldap://, ldaps://, ldapi://, and cldap:// (RFC1798, deprecated but used by Active Directory). ldaps uses TLS/SSL, ldapi uses a Unix domain socket, and cldap uses connectionless LDAP. Constructor: constructor(public ldapUrl: string, public realm: string, public config?: Config)

Types

type ADObject

type ADObject struct {
	DistinguishedName    string
	SAMAccountName       string
	PWDLastSet           string
	LastLogon            string
	MemberOf             []string
	ServicePrincipalName []string
}

ADObject represents an Active Directory object @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```

type Client

type Client struct {
	Host   string // Hostname
	Port   int    // Port
	Realm  string // Realm
	BaseDN string // BaseDN (generated from Realm)
	// contains filtered or unexported fields
}

Client is a client for ldap protocol in nuclei @example ```javascript const ldap = require('nuclei/ldap'); // here ldap.example.com is the ldap server and acme.com is the realm const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); ``` @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; // optional config can be passed as third argument const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg); ```

func (*Client) AdvancedSearch

func (c *Client) AdvancedSearch(
	Scope, DerefAliases, SizeLimit, TimeLimit int,
	TypesOnly bool,
	Filter string,
	Attributes []string,
	Controls []ldap.Control) ldap.SearchResult

AdvancedSearch accepts all values of search request type and return Ldap Entry its up to user to handle the response @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []); ```

func (*Client) Authenticate

func (c *Client) Authenticate(username, password string)

Authenticate authenticates with the ldap server using the given username and password performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Authenticate('user', 'password'); ```

func (*Client) AuthenticateWithNTLMHash

func (c *Client) AuthenticateWithNTLMHash(username, hash string)

AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.AuthenticateWithNTLMHash('pdtm', 'hash'); ```

func (*Client) Close

func (c *Client) Close()

close the ldap connection @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Close(); ```

func (*Client) CollectMetadata

func (c *Client) CollectMetadata() Metadata

CollectLdapMetadata collects metadata from ldap server. @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const metadata = client.CollectMetadata(); log(to_json(metadata)); ```

func (*Client) FindADObjects

func (c *Client) FindADObjects(filter string) []ADObject

FindADObjects finds AD objects based on a filter and returns them as a list of ADObject @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.FindADObjects(ldap.FilterIsPerson); log(to_json(users)); ```

func (*Client) GetADActiveUsers

func (c *Client) GetADActiveUsers() []ADObject

GetADActiveUsers returns all AD users using FilterIsPerson and FilterAccountEnabled filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADActiveUsers(); log(to_json(users)); ```

func (*Client) GetADAdmins

func (c *Client) GetADAdmins() []ADObject

GetADAdmins returns all AD admins using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const admins = client.GetADAdmins(); log(to_json(admins)); ```

func (*Client) GetADDCList

func (c *Client) GetADDCList() []ADObject

GetADDCList returns all AD domain controllers using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const dcs = client.GetADDCList(); log(to_json(dcs)); ```

func (*Client) GetADDomainSID

func (c *Client) GetADDomainSID() string

GetADDomainSID returns the SID of the AD domain @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const domainSID = client.GetADDomainSID(); log(domainSID); ```

func (*Client) GetADGroups

func (c *Client) GetADGroups() []ADObject

GetADGroups returns all AD groups using FilterIsGroup filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const groups = client.GetADGroups(); log(to_json(groups)); ```

func (*Client) GetADUserAsRepRoastable

func (c *Client) GetADUserAsRepRoastable() []ADObject

GetADUserAsRepRoastable returns all AD users that are AsRepRoastable using FilterIsPerson, and FilterDontRequirePreauth filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const AsRepRoastable = client.GetADUserAsRepRoastable(); log(to_json(AsRepRoastable)); ```

func (*Client) GetADUserKerberoastable

func (c *Client) GetADUserKerberoastable() []ADObject

GetADUserKerberoastable returns all AD users that are kerberoastable using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const kerberoastable = client.GetADUserKerberoastable(); log(to_json(kerberoastable)); ```

func (*Client) GetADUserTrustedForDelegation

func (c *Client) GetADUserTrustedForDelegation() []ADObject

GetADUserTrustedForDelegation returns all AD users that are trusted for delegation using FilterIsPerson and FilterTrustedForDelegation filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserTrustedForDelegation(); log(to_json(users)); ```

func (*Client) GetADUserWithNeverExpiringPasswords

func (c *Client) GetADUserWithNeverExpiringPasswords() []ADObject

GetAdUserWithNeverExpiringPasswords returns all AD users using FilterIsPerson and FilterDontExpirePassword filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithNeverExpiringPasswords(); log(to_json(users)); ```

func (*Client) GetADUserWithPasswordNotRequired

func (c *Client) GetADUserWithPasswordNotRequired() []ADObject

GetADUserWithPasswordNotRequired returns all AD users that do not require a password using FilterIsPerson and FilterPasswordNotRequired filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithPasswordNotRequired(); log(to_json(users)); ```

func (*Client) GetADUsers

func (c *Client) GetADUsers() []ADObject

GetADUsers returns all AD users using FilterIsPerson filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```

func (*Client) Search

func (c *Client) Search(filter string, attributes ...string) []map[string][]string

Search accepts whatever filter and returns a list of maps having provided attributes as keys and associated values mirroring the ones returned by ldap @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```

type Config

type Config struct {
	// Timeout is the timeout for the ldap client in seconds
	Timeout    int
	ServerName string // default to host (when using tls)
	Upgrade    bool   // when true first connects to non-tls and then upgrades to tls
}

Config is extra configuration for the ldap client @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; cfg.Upgrade = true; // upgrade to tls ```

type Metadata

type Metadata struct {
	BaseDN                        string
	Domain                        string
	DefaultNamingContext          string
	DomainFunctionality           string
	ForestFunctionality           string
	DomainControllerFunctionality string
	DnsHostName                   string
}

Metadata is the metadata for ldap server. this is returned by CollectMetadata method

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL