ntlm

package
v0.0.141 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 16, 2026 License: Apache-2.0 Imports: 8 Imported by: 0

Documentation

Index

Constants

View Source 
const EmptyNTHash = "31D6CFE0D16AE931B73C59D7E0C089C0"

EmptyNTHash is the empty NT hash (for empty password)

View Source 
const StandardLMHash = "aad3b435b51404eeaad3b435b51404ee"

StandardLMHash is the standard empty LM hash value (always the same)

Variables

View Source 
var WindowsBuildMapping = map[string]string{

	"20348": "Windows Server 2022",

	"17763": "Windows 10 1809 / Server 2019",
	"14393": "Windows 10 1607 / Server 2016",
	"9600":  "Windows 8.1 / Server 2012 R2",
	"9200":  "Windows 8 / Server 2012",
	"7601":  "Windows 7 SP1 / Server 2008 R2 SP1",
	"6002":  "Windows Vista SP2 / Server 2008 SP2",
	"6001":  "Windows Vista SP1 / Server 2008 SP1",
	"6000":  "Windows Vista / Server 2008",

	"22631": "Windows 11 23H2",
	"22621": "Windows 11 22H2",
	"22000": "Windows 11 21H2",

	"19045": "Windows 10 22H2",
	"19044": "Windows 10 21H2",
	"19043": "Windows 10 21H1",
	"19042": "Windows 10 20H2 / Server 2019 20H2",
	"19041": "Windows 10 2004 / Server 2019 v2004",
	"18363": "Windows 10 1909 / Server 2019 1909",
	"18362": "Windows 10 1903 / Server 2019 1903",
	"17134": "Windows 10 1803 / Server, version 1803",
	"16299": "Windows 10 1709 / Server, version 1709",
	"15063": "Windows 10 1703",
	"10586": "Windows 10 1511",
	"10240": "Windows 10 1507",

	"7600": "Windows 7 / Server 2008 R2",
}

WindowsBuildMapping maps Windows build numbers to human-readable versions. Some builds are shared between client and server editions (e.g., 19041 is both Windows 10 2004 and Windows Server 2019 v2004). NTLM challenges cannot distinguish between them, so ambiguous builds show both possibilities.

Functions

func ConvertToLDAPServerInfo 

func ConvertToLDAPServerInfo(ntlmInfo *commonprotocolfern.NtlmServerInfo) *commonprotocolfern.LdapServerInfo

ConvertToLDAPServerInfo converts common NTLM server info to LDAP-specific format

func ExtractServerInfoFromChallenge 

func ExtractServerInfoFromChallenge(challengeMessage []byte, log svc1log.Logger) (*commonprotocolfern.NtlmServerInfo, error)

ExtractServerInfoFromChallenge extracts server information from NTLM Type 2 challenge message

func GetDomainName 

func GetDomainName(serverInfo *commonprotocolfern.NtlmServerInfo) string

GetDomainName extracts domain name from server info, preferring DNS domain name

func GetLDAPDomainName 

func GetLDAPDomainName(serverInfo *commonprotocolfern.LdapServerInfo) string

func GetLDAPServerName 

func GetLDAPServerName(serverInfo *commonprotocolfern.LdapServerInfo) string

GetLDAPServerName extracts server name from LDAP server info, preferring DNS computer name

func GetOSVersion 

func GetOSVersion(serverInfo *commonprotocolfern.NtlmServerInfo) string

GetOSVersion extracts parsed OS version from server info

func GetSMBDomainName 

func GetSMBDomainName(serverInfo *commonprotocolfern.SmbServerInfo) string

func GetSMBNetbiosDomain 

func GetSMBNetbiosDomain(serverInfo *commonprotocolfern.SmbServerInfo) string

GetSMBNetbiosDomain extracts NetBIOS domain name from SMB server info

func GetSMBOSVersion 

func GetSMBOSVersion(serverInfo *commonprotocolfern.SmbServerInfo) string

func GetSMBServerName 

func GetSMBServerName(serverInfo *commonprotocolfern.SmbServerInfo) string

GetSMBServerName extracts server name from SMB server info, preferring DNS computer name

func GetSMBSigningRequired 

func GetSMBSigningRequired(serverInfo *commonprotocolfern.SmbServerInfo) bool

func GetServerName 

func GetServerName(serverInfo *commonprotocolfern.NtlmServerInfo) string

GetServerName extracts server name from server info, preferring DNS computer name

func LogServerInfoDetails 

func LogServerInfoDetails(serverInfo *commonprotocolfern.NtlmServerInfo, target string, log svc1log.Logger)

LogServerInfoDetails logs detailed server info with all available fields

func ParseWindowsVersion 

func ParseWindowsVersion(rawOSVersion string) string

ParseWindowsVersion extracts and enhances Windows version information

Types

type HashProcessor 

type HashProcessor struct{}

HashProcessor provides utilities for processing NTLM hashes

func NewHashProcessor 

func NewHashProcessor() *HashProcessor

NewHashProcessor creates a new NTLM hash processor

func (*HashProcessor) IsEmptyNTHash 

func (p *HashProcessor) IsEmptyNTHash(hash string) bool

IsEmptyNTHash checks if the hash represents an empty password

func (*HashProcessor) IsValidNTHash 

func (p *HashProcessor) IsValidNTHash(hash string) bool

IsValidNTHash checks if a hash looks like a valid NT hash

func (*HashProcessor) ParseNTLMHash added in v0.0.80 

func (p *HashProcessor) ParseNTLMHash(ntlmHash string) ([]byte, error)

ParseNTLMHash parses an NTLM hash and returns the NT portion as bytes

func (*HashProcessor) ProcessHashForLDAP 

func (p *HashProcessor) ProcessHashForLDAP(ntlmHash string) string

ProcessHashForLDAP processes an NTLM hash for LDAP authentication (returns LM:NT format)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.