Affected by 
README
¶
client/credentials
Overview
Credential management utilities including sniffers and import helpers for operators. Provides parsers, storage helpers, and output formatting for recovered secrets. Core logic addresses sniff within the credentials package.
Go Files
credentials.go– Implements credential storage, lookup, and formatting helpers for the client.sniff.go– Provides credential sniffing routines that parse captured outputs into structured records.sniff_test.go(tests) – Validates the sniffing/parsing helpers against sample credential data.
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
View Source
var ( CommonHashTypes = map[clientpb.HashType]string{ clientpb.HashType_LM: AllHashTypes[clientpb.HashType_LM], clientpb.HashType_NTLM: AllHashTypes[clientpb.HashType_NTLM], clientpb.HashType_DCC: AllHashTypes[clientpb.HashType_DCC], clientpb.HashType_DCC2: AllHashTypes[clientpb.HashType_DCC2], clientpb.HashType_KERBEROS_17_TGS_REP: AllHashTypes[clientpb.HashType_KERBEROS_17_TGS_REP], clientpb.HashType_KERBEROS_17_PREAUTH: AllHashTypes[clientpb.HashType_KERBEROS_17_PREAUTH], clientpb.HashType_KERBEROS_17_DB: AllHashTypes[clientpb.HashType_KERBEROS_17_DB], clientpb.HashType_KERBEROS_18_TGS_REP: AllHashTypes[clientpb.HashType_KERBEROS_18_TGS_REP], clientpb.HashType_KERBEROS_18_PREAUTH: AllHashTypes[clientpb.HashType_KERBEROS_18_PREAUTH], clientpb.HashType_KERBEROS_18_DB: AllHashTypes[clientpb.HashType_KERBEROS_18_DB], clientpb.HashType_KERBEROS_23_SA_REQ_PREAUTH: AllHashTypes[clientpb.HashType_KERBEROS_23_SA_REQ_PREAUTH], clientpb.HashType_KERBEROS_23_TGS_REP: AllHashTypes[clientpb.HashType_KERBEROS_23_TGS_REP], clientpb.HashType_KERBEROS_23_AS_REP: AllHashTypes[clientpb.HashType_KERBEROS_23_AS_REP], clientpb.HashType_NET_NTLM_V1: AllHashTypes[clientpb.HashType_NET_NTLM_V1], clientpb.HashType_NET_NTLM_V1_NT: AllHashTypes[clientpb.HashType_NET_NTLM_V1_NT], clientpb.HashType_NET_NTLM_V2: AllHashTypes[clientpb.HashType_NET_NTLM_V2], clientpb.HashType_NET_NTLM_V2_NT: AllHashTypes[clientpb.HashType_NET_NTLM_V2_NT], clientpb.HashType_MD5: AllHashTypes[clientpb.HashType_MD5], clientpb.HashType_SHA1: AllHashTypes[clientpb.HashType_SHA1], clientpb.HashType_SHA2_256: AllHashTypes[clientpb.HashType_SHA2_256], clientpb.HashType_SHA2_512: AllHashTypes[clientpb.HashType_SHA2_512], } AllHashTypes = map[clientpb.HashType]string{ clientpb.HashType_MD4: "MD4", clientpb.HashType_MD5: "MD5", clientpb.HashType_SHA1: "SHA1", clientpb.HashType_SHA2_224: "SHA2-224", clientpb.HashType_SHA2_256: "SHA2-256", clientpb.HashType_SHA2_384: "SHA2-384", clientpb.HashType_SHA2_512: "SHA2-512", clientpb.HashType_SHA3_224: "SHA3-224", clientpb.HashType_SHA3_256: "SHA3-256", clientpb.HashType_SHA3_384: "SHA3-384", clientpb.HashType_SHA3_512: "SHA3-512", clientpb.HashType_RIPEMD_160: "RIPEMD-160", clientpb.HashType_BLAKE2B_256: "BLAKE2B-256", clientpb.HashType_GOST_R_32_11_2012_256: "GOST R 34.11-2012 (Streebog) 256-bit, big-endian", clientpb.HashType_GOST_R_32_11_2012_512: "GOST R 34.11-2012 (Streebog) 512-bit, big-endian", clientpb.HashType_GOST_R_34_11_94: "GOST R 34.11-94", clientpb.HashType_GPG: "GPG (AES-128/AES-256 (SHA-1($pass)))", clientpb.HashType_HALF_MD5: "Half MD5", clientpb.HashType_KECCAK_224: "Keccak-224", clientpb.HashType_KECCAK_256: "Keccak-256", clientpb.HashType_KECCAK_384: "Keccak-384", clientpb.HashType_KECCAK_512: "Keccak-512", clientpb.HashType_WHIRLPOOL: "Whirlpool", clientpb.HashType_SIPHASH: "SipHash", clientpb.HashType_MD5_UTF16LE: "md5(utf16le($pass))", clientpb.HashType_SHA1_UTF16LE: "sha1(utf16le($pass))", clientpb.HashType_SHA256_UTF16LE: "sha2-256(utf16le($pass))", clientpb.HashType_SHA512_UTF16LE: "sha2-512(utf16le($pass))", clientpb.HashType_BLAKE2B_512_PW_SALT: "BLAKE2b-512($pass.$salt)", clientpb.HashType_BLAKE2B_512_SALT_PW: "BLAKE2b-512($salt.$pass)", clientpb.HashType_MD5_PW_SALT: "md5($pass.$salt)", clientpb.HashType_MD5_SALT_PW: "md5($salt.$pass)", clientpb.HashType_MD5_SALT_PW_SALT: "md5($salt.$pass.$salt)", clientpb.HashType_MD5_SALT_MD5_PW: "md5($salt.md5($pass))", clientpb.HashType_KERBEROS_17_TGS_REP: "Kerberos 5, etype 17, TGS-REP", clientpb.HashType_KERBEROS_17_PREAUTH: "Kerberos 5, etype 17, Pre-Auth", clientpb.HashType_KERBEROS_17_DB: "Kerberos 5, etype 17, DB", clientpb.HashType_KERBEROS_18_TGS_REP: "Kerberos 5, etype 18, TGS-REP", clientpb.HashType_KERBEROS_18_PREAUTH: "Kerberos 5, etype 18, Pre-Auth", clientpb.HashType_KERBEROS_18_DB: "Kerberos 5, etype 18, DB", clientpb.HashType_KERBEROS_23_SA_REQ_PREAUTH: "Kerberos 5, etype 23, AS-REQ Pre-Auth", clientpb.HashType_KERBEROS_23_TGS_REP: "Kerberos 5, etype 23, TGS-REP", clientpb.HashType_KERBEROS_23_AS_REP: "Kerberos 5, etype 23, AS-REP", clientpb.HashType_NET_NTLM_V1: "NetNTLMv1 / NetNTLMv1+ESS", clientpb.HashType_NET_NTLM_V1_NT: "NetNTLMv1 / NetNTLMv1+ESS (NT)", clientpb.HashType_NET_NTLM_V2: "NetNTLMv2", clientpb.HashType_NET_NTLM_V2_NT: "NetNTLMv2 (NT)", clientpb.HashType_LM: "LM", clientpb.HashType_NTLM: "NTLM", clientpb.HashType_DCC: "Domain Cached Credentials (DCC), MS Cache", clientpb.HashType_DCC2: "Domain Cached Credentials (DCC), MS Cache 2", clientpb.HashType_MACOS_10_8: "macOS v10.8+ (PBKDF2-SHA512)", } )
Functions ¶
func HashNameFromHashType ¶
func SniffHashType ¶
See EXAMPLES.md for example hashes, right now we just pick off low hanging fruit. Later on we can add length checks, regex, etc.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.