Documentation ¶
Index ¶
- Constants
- func DecodeADTimestamp(timestamp string) string
- func DecodeSID(s string) string
- func DecodeZuluTimestamp(timestamp string) string
- func JoinFilters(filters ...string) string
- func NegativeFilter(filter string) string
- func NewClient(call goja.ConstructorCall, runtime *goja.Runtime) *goja.Object
- type ADObject
- type Client
- func (c *Client) AdvancedSearch(Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, ...) ldap.SearchResult
- func (c *Client) Authenticate(username, password string)
- func (c *Client) AuthenticateWithNTLMHash(username, hash string)
- func (c *Client) Close()
- func (c *Client) CollectMetadata() Metadata
- func (c *Client) FindADObjects(filter string) []ADObject
- func (c *Client) GetADActiveUsers() []ADObject
- func (c *Client) GetADAdmins() []ADObject
- func (c *Client) GetADDCList() []ADObject
- func (c *Client) GetADDomainSID() string
- func (c *Client) GetADGroups() []ADObject
- func (c *Client) GetADUserAsRepRoastable() []ADObject
- func (c *Client) GetADUserKerberoastable() []ADObject
- func (c *Client) GetADUserTrustedForDelegation() []ADObject
- func (c *Client) GetADUserWithNeverExpiringPasswords() []ADObject
- func (c *Client) GetADUserWithPasswordNotRequired() []ADObject
- func (c *Client) GetADUsers() []ADObject
- func (c *Client) Search(filter string, attributes ...string) []map[string][]string
- type Config
- type Metadata
Constants ¶
const ( FilterIsPerson = "(objectCategory=person)" // The object is a person. FilterIsGroup = "(objectCategory=group)" // The object is a group. FilterIsComputer = "(objectCategory=computer)" // The object is a computer. FilterIsAdmin = "(adminCount=1)" // The object is an admin. FilterHasServicePrincipalName = "(servicePrincipalName=*)" // The object has a service principal name. FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)" // The logon script will be run. FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)" // The user account is disabled. FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" // The user account is enabled. FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)" // The home folder is required. FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)" // The user is locked out. FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)" // No password is required. FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)" // The user can't change the password. FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)" // The user can send an encrypted password. FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)" // It's an account for users whose primary account is in another domain. FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)" // It's a default account type that represents a typical user. FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)" // It's a permit to trust an account for a system domain that trusts other domains. FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)" // It's a computer account for a computer that is running old Windows builds. FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)" // It's a computer account for a domain controller that is a member of this domain. FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)" // Represents the password, which should never expire on the account. FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)" // It's an MNS logon account. FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)" // When this flag is set, it forces the user to log on by using a smart card. FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)" // When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation. FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" // When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation. FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" // Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys. FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" // This account doesn't require Kerberos pre-authentication for logging on. FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" // The user's password has expired. FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" // The account is enabled for delegation. FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" // The account is a read-only domain controller (RODC). )
LDAP makes you search using an OID http://oid-info.com/get/1.2.840.113556.1.4.803
The one for the userAccountControl in MS Active Directory is 1.2.840.113556.1.4.803 (LDAP_MATCHING_RULE_BIT_AND)
We can look at the enabled flags using a query like (!(userAccountControl:1.2.840.113556.1.4.803:=2))
Variables ¶
This section is empty.
Functions ¶
func DecodeADTimestamp ¶
DecodeADTimestamp decodes an Active Directory timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeADTimestamp('132036744000000000'); log(timestamp); ```
func DecodeSID ¶
DecodeSID decodes a SID string @example ```javascript const ldap = require('nuclei/ldap'); const sid = ldap.DecodeSID('S-1-5-21-3623811015-3361044348-30300820-1013'); log(sid); ```
func DecodeZuluTimestamp ¶
DecodeZuluTimestamp decodes a Zulu timestamp @example ```javascript const ldap = require('nuclei/ldap'); const timestamp = ldap.DecodeZuluTimestamp('2021-08-25T10:00:00Z'); log(timestamp); ```
func JoinFilters ¶
JoinFilters joins multiple filters into a single filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.JoinFilters(ldap.FilterIsPerson, ldap.FilterAccountEnabled); ```
func NegativeFilter ¶
NegativeFilter returns a negative filter for a given filter @example ```javascript const ldap = require('nuclei/ldap'); const filter = ldap.NegativeFilter(ldap.FilterIsPerson); ```
func NewClient ¶
Constructor for creating a new ldap client The following schemas are supported for url: ldap://, ldaps://, ldapi://, and cldap:// (RFC1798, deprecated but used by Active Directory). ldaps uses TLS/SSL, ldapi uses a Unix domain socket, and cldap uses connectionless LDAP. Constructor: constructor(public ldapUrl: string, public realm: string, public config?: Config)
Types ¶
type ADObject ¶
type ADObject struct { DistinguishedName string SAMAccountName string PWDLastSet string LastLogon string MemberOf []string ServicePrincipalName []string }
ADObject represents an Active Directory object @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```
type Client ¶
type Client struct { Host string // Hostname Port int // Port Realm string // Realm BaseDN string // BaseDN (generated from Realm) // contains filtered or unexported fields }
Client is a client for ldap protocol in nuclei @example ```javascript const ldap = require('nuclei/ldap'); // here ldap.example.com is the ldap server and acme.com is the realm const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); ``` @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; // optional config can be passed as third argument const client = new ldap.Client('ldap://ldap.example.com', 'acme.com', cfg); ```
func (*Client) AdvancedSearch ¶
func (c *Client) AdvancedSearch( Scope, DerefAliases, SizeLimit, TimeLimit int, TypesOnly bool, Filter string, Attributes []string, Controls []ldap.Control) ldap.SearchResult
AdvancedSearch accepts all values of search request type and return Ldap Entry its up to user to handle the response @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.AdvancedSearch(ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, '(objectClass=*)', ['cn', 'mail'], []); ```
func (*Client) Authenticate ¶
Authenticate authenticates with the ldap server using the given username and password performs NTLMBind first and then Bind/UnauthenticatedBind if NTLMBind fails @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Authenticate('user', 'password'); ```
func (*Client) AuthenticateWithNTLMHash ¶
AuthenticateWithNTLMHash authenticates with the ldap server using the given username and NTLM hash @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.AuthenticateWithNTLMHash('pdtm', 'hash'); ```
func (*Client) Close ¶
func (c *Client) Close()
close the ldap connection @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); client.Close(); ```
func (*Client) CollectMetadata ¶
CollectLdapMetadata collects metadata from ldap server. @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const metadata = client.CollectMetadata(); log(to_json(metadata)); ```
func (*Client) FindADObjects ¶
FindADObjects finds AD objects based on a filter and returns them as a list of ADObject @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.FindADObjects(ldap.FilterIsPerson); log(to_json(users)); ```
func (*Client) GetADActiveUsers ¶
GetADActiveUsers returns all AD users using FilterIsPerson and FilterAccountEnabled filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADActiveUsers(); log(to_json(users)); ```
func (*Client) GetADAdmins ¶
GetADAdmins returns all AD admins using FilterIsPerson, FilterAccountEnabled and FilterIsAdmin filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const admins = client.GetADAdmins(); log(to_json(admins)); ```
func (*Client) GetADDCList ¶
GetADDCList returns all AD domain controllers using FilterIsComputer, FilterAccountEnabled and FilterServerTrustAccount filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const dcs = client.GetADDCList(); log(to_json(dcs)); ```
func (*Client) GetADDomainSID ¶
GetADDomainSID returns the SID of the AD domain @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const domainSID = client.GetADDomainSID(); log(domainSID); ```
func (*Client) GetADGroups ¶
GetADGroups returns all AD groups using FilterIsGroup filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const groups = client.GetADGroups(); log(to_json(groups)); ```
func (*Client) GetADUserAsRepRoastable ¶
GetADUserAsRepRoastable returns all AD users that are AsRepRoastable using FilterIsPerson, and FilterDontRequirePreauth filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const AsRepRoastable = client.GetADUserAsRepRoastable(); log(to_json(AsRepRoastable)); ```
func (*Client) GetADUserKerberoastable ¶
GetADUserKerberoastable returns all AD users that are kerberoastable using FilterIsPerson, FilterAccountEnabled and FilterHasServicePrincipalName filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const kerberoastable = client.GetADUserKerberoastable(); log(to_json(kerberoastable)); ```
func (*Client) GetADUserTrustedForDelegation ¶
GetADUserTrustedForDelegation returns all AD users that are trusted for delegation using FilterIsPerson and FilterTrustedForDelegation filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserTrustedForDelegation(); log(to_json(users)); ```
func (*Client) GetADUserWithNeverExpiringPasswords ¶
GetAdUserWithNeverExpiringPasswords returns all AD users using FilterIsPerson and FilterDontExpirePassword filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithNeverExpiringPasswords(); log(to_json(users)); ```
func (*Client) GetADUserWithPasswordNotRequired ¶
GetADUserWithPasswordNotRequired returns all AD users that do not require a password using FilterIsPerson and FilterPasswordNotRequired filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUserWithPasswordNotRequired(); log(to_json(users)); ```
func (*Client) GetADUsers ¶
GetADUsers returns all AD users using FilterIsPerson filter query @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const users = client.GetADUsers(); log(to_json(users)); ```
func (*Client) Search ¶
Search accepts whatever filter and returns a list of maps having provided attributes as keys and associated values mirroring the ones returned by ldap @example ```javascript const ldap = require('nuclei/ldap'); const client = new ldap.Client('ldap://ldap.example.com', 'acme.com'); const results = client.Search('(objectClass=*)', 'cn', 'mail'); ```
type Config ¶
type Config struct { // Timeout is the timeout for the ldap client in seconds Timeout int ServerName string // default to host (when using tls) Upgrade bool // when true first connects to non-tls and then upgrades to tls }
Config is extra configuration for the ldap client @example ```javascript const ldap = require('nuclei/ldap'); const cfg = new ldap.Config(); cfg.Timeout = 10; cfg.ServerName = 'ldap.internal.acme.com'; cfg.Upgrade = true; // upgrade to tls ```