Documentation
¶
Overview ¶
Package telnetmini is a library for interacting with Telnet servers. it supports
- Basic Authentication phase (username/password)
- Encryption detection via encryption negotiation packet
- Minimal porting of https://github.com/nmap/nmap/blob/master/nselib/smbauth.lua SMB via NTLM negotiations (TNAP Login Packet + Raw NTLM response parsing)
Index ¶
- Constants
- func CalculateTimestampSkew(ntlmTimestamp uint64) int64
- func CreateLMResponse(challenge []byte, password string) []byte
- func CreateNTCreatePacket(fileName string) []byte
- func CreateNTLMAuthPacket(username, password, domain, workstation string, challenge []byte, ...) []byte
- func CreateNTLMChallengePacket(challenge []byte, targetInfo []byte) []byte
- func CreateNTLMNegotiateBlob() []byte
- func CreateNTLMNegotiatePacket() []byte
- func CreateNTResponse(challenge []byte, password string) []byte
- func CreateNegotiateProtocolPacket() []byte
- func CreateSMBv2NegotiatePacket() []byte
- func CreateSessionSetupPacket(username, password, domain string, sessionKey uint64) []byte
- func CreateTNAPLoginPacket() []byte
- func CreateTreeConnectPacket(shareName string, password string) []byte
- type Client
- type EncryptionInfo
- type NTLMInfoResponse
- type SMBHeader
- type SMBPacket
Constants ¶
const ( // SMB Commands SMB_COM_NEGOTIATE_PROTOCOL = 0x72 SMB_COM_SESSION_SETUP_ANDX = 0x73 SMB_COM_TREE_CONNECT_ANDX = 0x75 SMB_COM_NT_CREATE_ANDX = 0xA2 SMB_COM_READ_ANDX = 0x2E SMB_COM_WRITE_ANDX = 0x2F SMB_COM_CLOSE = 0x04 SMB_COM_TREE_DISCONNECT = 0x71 SMB_COM_LOGOFF_ANDX = 0x74 // SMB Flags SMB_FLAGS_CANONICAL_PATHNAMES = 0x10 SMB_FLAGS_CASELESS_PATHNAMES = 0x08 SMB_FLAGS2_UNICODE_STRINGS = 0x8000 SMB_FLAGS2_ERRSTATUS = 0x4000 SMB_FLAGS2_READ_IF_EXECUTE = 0x2000 SMB_FLAGS2_32_BIT_ERRORS = 0x1000 SMB_FLAGS2_DFS = 0x0800 SMB_FLAGS2_EXTENDED_SECURITY = 0x0400 SMB_FLAGS2_REPARSE_PATH = 0x0200 SMB_FLAGS2_SMB_SECURITY_SIGNATURE = 0x0100 SMB_FLAGS2_SMB_SECURITY_SIGNATURE_REQUIRED = 0x0080 // SMB Security modes SMB_SECURITY_SHARE = 0x00 SMB_SECURITY_USER = 0x01 SMB_SECURITY_DOMAIN = 0x02 // SMB Capabilities SMB_CAP_EXTENDED_SECURITY = 0x80000000 SMB_CAP_COMPRESSED_DATA = 0x40000000 SMB_CAP_BULK_TRANSFER = 0x20000000 SMB_CAP_UNIX = 0x00800000 SMB_CAP_LARGE_READX = 0x00400000 SMB_CAP_LARGE_WRITEX = 0x00200000 SMB_CAP_INFOLEVEL_PASSTHRU = 0x00100000 SMB_CAP_DFS = 0x00080000 SMB_CAP_NT_FIND = 0x00040000 SMB_CAP_LOCK_AND_READ = 0x00020000 SMB_CAP_LEVEL_II_OPLOCKS = 0x00010000 SMB_CAP_STATUS32 = 0x00008000 SMB_CAP_RPC_REMOTE_APIS = 0x00004000 SMB_CAP_NT_SMBS = 0x00002000 // NTLM constants NTLMSSP_NEGOTIATE_56 = 0x80000000 NTLMSSP_NEGOTIATE_KEY_EXCH = 0x40000000 NTLMSSP_NEGOTIATE_128 = 0x20000000 NTLMSSP_NEGOTIATE_VERSION = 0x02000000 NTLMSSP_NEGOTIATE_TARGET_INFO = 0x00800000 NTLMSSP_REQUEST_NON_NT_SESSION_KEY = 0x00400000 NTLMSSP_NEGOTIATE_IDENTIFY = 0x00100000 NTLMSSP_NEGOTIATE_EXTENDED_SESSION_SECURITY = 0x00080000 NTLMSSP_TARGET_TYPE_SERVER = 0x00020000 NTLMSSP_NEGOTIATE_ALWAYS_SIGN = 0x00008000 NTLMSSP_NEGOTIATE_NTLM = 0x00000200 NTLMSSP_NEGOTIATE_LM_KEY = 0x00000080 NTLMSSP_NEGOTIATE_DATAGRAM = 0x00000040 NTLMSSP_NEGOTIATE_SEAL = 0x00000020 NTLMSSP_NEGOTIATE_SIGN = 0x00000010 NTLMSSP_REQUEST_TARGET = 0x00000004 NTLMSSP_NEGOTIATE_UNICODE = 0x00000001 )
SMB constants for packet crafting
const ( IAC = 255 // Interpret As Command WILL = 251 // Will WONT = 252 // Won't DO = 253 // Do DONT = 254 // Don't SB = 250 // Subnegotiation Begin SE = 240 // Subnegotiation End ENCRYPT = 38 // Encryption option (0x26) )
Telnet protocol constants
Variables ¶
This section is empty.
Functions ¶
func CalculateTimestampSkew ¶
CalculateTimestampSkew calculates the time skew from NTLM timestamp This implements the timestamp calculation from the Nmap script: local unixstamp = ntlm_decoded.timestamp // 10000000 - 11644473600
func CreateLMResponse ¶
Helper function to create LM hash response
func CreateNTCreatePacket ¶
CreateNTCreatePacket creates an SMB NT create packet
func CreateNTLMAuthPacket ¶
func CreateNTLMAuthPacket(username, password, domain, workstation string, challenge []byte, lmResponse, ntResponse []byte) []byte
CreateNTLMAuthPacket creates an NTLM authenticate packet
func CreateNTLMChallengePacket ¶
CreateNTLMChallengePacket creates an NTLM challenge packet (for testing)
func CreateNTLMNegotiateBlob ¶
func CreateNTLMNegotiateBlob() []byte
CreateNTLMNegotiateBlob creates the NTLM negotiate blob with specific flags This matches the flags used in the Nmap script
func CreateNTLMNegotiatePacket ¶
func CreateNTLMNegotiatePacket() []byte
CreateNTLMNegotiatePacket creates an NTLM negotiate packet for SMB authentication
func CreateNTResponse ¶
Helper function to create NT hash response
func CreateNegotiateProtocolPacket ¶
func CreateNegotiateProtocolPacket() []byte
CreateNegotiateProtocolPacket creates an SMB negotiate protocol packet
func CreateSMBv2NegotiatePacket ¶
func CreateSMBv2NegotiatePacket() []byte
CreateSMBv2NegotiatePacket creates an SMBv2 negotiate protocol packet
func CreateSessionSetupPacket ¶
CreateSessionSetupPacket creates an SMB session setup packet
func CreateTNAPLoginPacket ¶
func CreateTNAPLoginPacket() []byte
CreateTNAPLoginPacket creates the MS-TNAP Login Packet (Option Command IS) This implements the exact packet structure from the Nmap script
func CreateTreeConnectPacket ¶
CreateTreeConnectPacket creates an SMB tree connect packet
Types ¶
type Client ¶
type Client struct {
Conn net.Conn
LoginPrompts []string // matched case-insensitively
UserPrompts []string // alternative to LoginPrompts; if empty, LoginPrompts used for username step
PasswordPrompts []string
FailBanners []string // e.g., "login incorrect", "authentication failed"
ShellPrompts []string // e.g., "$ ", "# ", "> "
ReadCapBytes int // safety cap while scanning (default 64 KiB)
// contains filtered or unexported fields
}
Client wraps a Telnet connection with tiny helpers.
func (*Client) Auth ¶
Auth performs a minimal Telnet username/password interaction. It waits for a username/login prompt, sends username, waits for a password prompt, sends password, and then looks for fail banners or shell prompts. A timeout should be enforced via ctx.
type EncryptionInfo ¶
EncryptionInfo contains information about telnet encryption support
func DetectEncryption ¶
DetectEncryption detects if a telnet server supports encryption. Based on Nmap's telnet-encryption.nse script functionality. WARNING: The connection becomes unusable after calling this function due to the encryption negotiation packets sent.
type NTLMInfoResponse ¶
type NTLMInfoResponse struct {
TargetName string // Target_Name from script
NetBIOSDomainName string // NetBIOS_Domain_Name from script
NetBIOSComputerName string // NetBIOS_Computer_Name from script
DNSDomainName string // DNS_Domain_Name from script
DNSComputerName string // DNS_Computer_Name from script
DNSTreeName string // DNS_Tree_Name from script
ProductVersion string // Product_Version from script
Timestamp uint64 // Raw timestamp for skew calculation
}
NTLMInfoResponse represents the response from NTLM information gathering This matches exactly the output structure from the Nmap telnet-ntlm-info.nse script
func ParseNTLMResponse ¶
func ParseNTLMResponse(data []byte) (*NTLMInfoResponse, error)
ParseNTLMResponse parses the NTLM response to extract system information This implements the exact parsing logic from the Nmap telnet-ntlm-info.nse script
type SMBHeader ¶
type SMBHeader struct {
ProtocolID [4]byte // 0xFF, 'S', 'M', 'B'
Command byte
Status uint32
Flags byte
Flags2 uint16
PIDHigh uint16
Signature [8]byte
Reserved uint16
TreeID uint16
ProcessID uint16
UserID uint16
MultiplexID uint16
}
SMBHeader represents the SMB header structure
func ParseSMBResponse ¶
ParseSMBResponse parses an SMB response packet
type SMBPacket ¶
SMBPacket represents a complete SMB packet
func CreateSMBPacket ¶
CreateSMBPacket creates a complete SMB packet with NetBIOS header
Source Files