msrpc

package
v0.4.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 17, 2026 License: MIT Imports: 20 Imported by: 0

Documentation

Overview

Package msrpc provides Microsoft RPC client implementations for remote collection of Active Directory data via various RPC protocols.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type BaseRPC 

type BaseRPC struct {
	Conn    dcerpc.Conn
	Context context.Context
	Binding string
}

BaseRPC contains the common fields for all RPC client types

func (*BaseRPC) Close 

func (b *BaseRPC) Close()

type GroupAlias 

type GroupAlias struct {
	RelativeID uint32
	Name       string
	Domain     string
	Members    []string
}

type LoggedOnUser 

type LoggedOnUser struct {
	Username string
	Domain   string
}

type LsadRPC 

type LsadRPC struct {
	BaseRPC
	Client lsad.LsarpcClient
}

LsadRPC wraps an LSA RPC client (domain)

func NewLsadRPC 

func NewLsadRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*LsadRPC, error)

NewLsadRPC creates a new LSA RPC client (domain)

func (*LsadRPC) GetUserRightsAssignments 

func (m *LsadRPC) GetUserRightsAssignments(privileges []string) (map[string][]string, error)

type LsatRPC 

type LsatRPC struct {
	BaseRPC
	Client lsat.LsarpcClient
}

LsatRPC wraps an LSA RPC client (local)

func NewLsatRPC 

func NewLsatRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*LsatRPC, error)

NewLsatRPC creates a new LSA RPC client (local)

func (*LsatRPC) LookupSids 

func (m *LsatRPC) LookupSids(sids []string) ([]ResolvedSID, error)

type ResolvedSID 

type ResolvedSID struct {
	Name      string
	Type      uint16
	Domain    string
	DomainSID string
}

type SID 

type SID struct {
	*dtyp.SID
}

func (*SID) FromString 

func (s *SID) FromString(sidStr string) error

func (*SID) ToString 

func (s *SID) ToString() string

type SamrRPC 

type SamrRPC struct {
	BaseRPC
	Client samr.SamrClient
}

SamrRPC wraps a SAM RPC client

func NewSamrRPC 

func NewSamrRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*SamrRPC, error)

NewSamrRPC creates a new SAM RPC client

func (*SamrRPC) GetLocalGroupMembers 

func (m *SamrRPC) GetLocalGroupMembers(isDC bool) ([]GroupAlias, error)

func (*SamrRPC) GetMachineSid 

func (m *SamrRPC) GetMachineSid(testName string) (*dtyp.SID, error)

type Session 

type Session struct {
	ClientName string
	UserName   string
	Time       uint32
	IdleTime   uint32
}

type SrvsvcRPC 

type SrvsvcRPC struct {
	BaseRPC
	Client srvsvc.SrvsvcClient
}

SrvsvcRPC wraps a Server Service RPC client

func NewSrvsvcRPC 

func NewSrvsvcRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*SrvsvcRPC, error)

NewSrvsvcRPC creates a new Server Service RPC client

func (*SrvsvcRPC) GetSessions 

func (m *SrvsvcRPC) GetSessions(ctx context.Context) ([]Session, error)

type WinregRPC 

type WinregRPC struct {
	BaseRPC
	Client winreg.WinregClient
}

WinregRPC wraps a Windows Registry RPC client

func NewWinregRPC 

func NewWinregRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*WinregRPC, error)

NewWinregRPC creates a new Windows Registry RPC client

func (*WinregRPC) GetRegistryKeyData 

func (m *WinregRPC) GetRegistryKeyData(subkey string, subvalue string) ([]byte, error)

GetRegistryKeyData is a convenience function that opens HKLM, queries a value, and returns the data. For multiple queries, consider using OpenLocalMachine() + QueryRegistryValue() instead to avoid repeated OpenLocalMachine calls.

func (*WinregRPC) GetRegistrySigningRequired added in v0.2.0 

func (m *WinregRPC) GetRegistrySigningRequired() (bool, bool, error)

GetRegistrySigningRequired determines SMB signing requirements from registry values. It follows the logic from SharpHound's CheckRegistrySigningRequired method. Returns: (signingRequired bool, determined bool, error) - signingRequired: whether SMB signing is required - determined: whether we could determine the result conclusively - error: any error that occurred

func (*WinregRPC) GetSessionsFromRegistry 

func (m *WinregRPC) GetSessionsFromRegistry() ([]string, error)

func (*WinregRPC) OpenLocalMachine added in v0.2.0 

func (m *WinregRPC) OpenLocalMachine() (*winreg.Key, error)

OpenLocalMachine opens the HKEY_LOCAL_MACHINE hive and returns the handle. The caller is responsible for closing this handle when done.

func (*WinregRPC) QueryRegistryValue added in v0.2.0 

func (m *WinregRPC) QueryRegistryValue(hiveHandle *winreg.Key, subkey string, subvalue string) ([]byte, error)

QueryRegistryValue queries a registry value using an already-opened hive handle. This allows reusing the same hive handle for multiple queries without repeated OpenLocalMachine calls.

type WkssvcRPC 

type WkssvcRPC struct {
	BaseRPC
	Client wkssvc.WkssvcClient
}

WkssvcRPC wraps a Workstation Service RPC client

func NewWkssvcRPC 

func NewWkssvcRPC(ctx context.Context, targetHost string, auth *config.CredentialMgr) (*WkssvcRPC, error)

NewWkssvcRPC creates a new Workstation Service RPC client

func (*WkssvcRPC) GetLoggedOnUsers 

func (m *WkssvcRPC) GetLoggedOnUsers(ctx context.Context) ([]LoggedOnUser, error)

func (*WkssvcRPC) GetWkstaInfo 

func (m *WkssvcRPC) GetWkstaInfo(ctx context.Context) (*WkstaInfo, error)

type WkstaInfo 

type WkstaInfo struct {
	PlatformID   uint32
	ComputerName string
	LANGroup     string
	VerMajor     uint32
	VerMinor     uint32
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.