msrpc

package
v0.0.97 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 15, 2025 License: Apache-2.0 Imports: 35 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	ProtocolSequenceRPC uint16 = 7
	ProtocolSequenceNP  uint16 = 15
)

WMI protocol constants for DCOM communication

Variables

View Source 
var (
	ComVersion = &dcom.COMVersion{
		MajorVersion: 5,
		MinorVersion: 7,
	}
	ORPCThis = &dcom.ORPCThis{Version: ComVersion}
)

Functions

func ParseKerberosKeys 

func ParseKerberosKeys(ctx context.Context, data []byte, username string) []*msrpcfern.KerberosKeyEntry

ParseKerberosKeys parses Kerberos keys from supplemental credentials

func SetupAdauthOptions added in v0.0.81 

func SetupAdauthOptions(username, domain, extractedHostname, fallbackTarget string, kerberosTicket *string, password string, ntlmHash *string) (*adauth.Options, error)

SetupAdauthOptions configures adauth options for authentication

func SetupKerberosTicketWithHostname added in v0.0.81 

func SetupKerberosTicketWithHostname(ticketBase64 string) (string, func(), error)

SetupKerberosTicketWithHostname creates ccache file, extracts hostname, and sets KRB5CCNAME Returns: extractedHostname, cleanup function, error

Types

type DRSUAPIClient 

type DRSUAPIClient struct {
	Host        string
	AuthOptions []dcerpc.Option
	// contains filtered or unexported fields
}

DRSUAPIClient provides functionality for interacting with the Directory Replication Service API

func NewDRSUAPIClient 

func NewDRSUAPIClient(host string, authOptions []dcerpc.Option) *DRSUAPIClient

NewDRSUAPIClient creates a new DRSUAPI client with dcerpc auth options

func (*DRSUAPIClient) Bind 

func (c *DRSUAPIClient) Bind(ctx context.Context) error

Bind performs the DRSBind operation to establish a session

func (*DRSUAPIClient) Close 

func (c *DRSUAPIClient) Close(ctx context.Context) error

Close closes the connection to the DRSUAPI service

func (*DRSUAPIClient) Connect 

func (c *DRSUAPIClient) Connect(ctx context.Context, drsuapiBinding dcerpc.StringBinding) error

Connect establishes a connection to the DRSUAPI service on the specified endpoint

func (*DRSUAPIClient) ExtractAllUserCredentials 

func (c *DRSUAPIClient) ExtractAllUserCredentials(ctx context.Context, domain string, domainInfo *DomainInfo, config *msrpcfern.PentestMsrpcDcSyncConfig) ([]*msrpcfern.DcSyncUserEntry, int, int, error)

ExtractAllUserCredentials extracts credentials for all users in the domain using DRSUAPI

func (*DRSUAPIClient) ExtractUserCredentials 

func (c *DRSUAPIClient) ExtractUserCredentials(ctx context.Context, username, domain string, resp *drsuapi.GetNCChangesResponse, config *msrpcfern.PentestMsrpcDcSyncConfig) (*msrpcfern.DcSyncUserEntry, error)

ExtractUserCredentials extracts credentials from DRSUAPI replication data

func (*DRSUAPIClient) Unbind 

func (c *DRSUAPIClient) Unbind(ctx context.Context) error

Unbind closes the DRSUAPI session

type DomainInfo 

type DomainInfo struct {
	DomainSID   *dtyp.SID
	UserEntries []UserEntry
}

DomainInfo represents domain information including SID and users

type EndpointMapper 

type EndpointMapper struct {
	Host        string
	AuthOptions []dcerpc.Option
}

EndpointMapper provides functionality for discovering RPC endpoints via EPM

func NewEndpointMapper 

func NewEndpointMapper(host string, authOptions []dcerpc.Option) *EndpointMapper

NewEndpointMapper creates a new endpoint mapper client with dcerpc auth options

func (*EndpointMapper) DiscoverDRSUAPIEndpoints 

func (m *EndpointMapper) DiscoverDRSUAPIEndpoints(ctx context.Context) ([]dcerpc.StringBinding, error)

DiscoverDRSUAPIEndpoints queries EPM for DRSUAPI TCP endpoints using the library

type SAMRClient 

type SAMRClient struct {
	Host        string
	AuthOptions []dcerpc.Option
}

SAMRClient provides functionality for interacting with the SAM Remote protocol

func NewSAMRClient 

func NewSAMRClient(host string, authOptions []dcerpc.Option) *SAMRClient

NewSAMRClient creates a new SAMR client with dcerpc auth options

func (*SAMRClient) EnumerateDomainUsers 

func (c *SAMRClient) EnumerateDomainUsers(ctx context.Context, domain string) (*DomainInfo, error)

EnumerateDomainUsers connects to SAMR and enumerates all users with RID info

type UserEntry 

type UserEntry struct {
	Username string
	RID      uint32
}

UserEntry represents a domain user with RID information for SID construction

type WMIExecutor added in v0.0.81 

type WMIExecutor struct {
	// contains filtered or unexported fields
}

WMIExecutor provides WMI command execution functionality

func NewWMIExecutor added in v0.0.81 

func NewWMIExecutor(ctx context.Context, host, username, password, domain string) (*WMIExecutor, error)

NewWMIExecutor creates a new WMI executor with proper authentication

func (*WMIExecutor) Close added in v0.0.81 

func (w *WMIExecutor) Close(ctx context.Context) error

Close closes the WMI executor connection

func (*WMIExecutor) ExecuteCommand added in v0.0.81 

func (w *WMIExecutor) ExecuteCommand(ctx context.Context, command string) (map[string]any, error)

ExecuteCommand executes a command using WMI Win32_Process.Create

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.