ldapmodules

package
v0.0.0-...-70b7ca1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 30, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func EnumADCS 

func EnumADCS(s *ldap.Session) ([]CAEntry, []TemplateEntry, error)

EnumADCS enumerates Certificate Authorities and enabled certificate templates. It detects ESC1/ESC2/ESC3/ESC4/ESC9 vulnerable templates.

Types

type ASREPRoastEntry 

type ASREPRoastEntry struct {
	SAMAccountName string
	DN             string
}

func EnumASREPRoastable 

func EnumASREPRoastable(s *ldap.Session) ([]ASREPRoastEntry, error)

type AdminCountEntry 

type AdminCountEntry struct {
	SAMAccountName string
	DN             string
	ObjectType     string // "user", "group", or "computer"
}

func EnumAdminCount 

func EnumAdminCount(s *ldap.Session) ([]AdminCountEntry, error)

EnumAdminCount finds all objects with adminCount=1, indicating they are or were protected by AdminSDHolder. This includes users and groups that are (or were) members of privileged groups. Note: adminCount is not reset when an object is removed from a privileged group, so stale entries are common and noteworthy.

type AdminEntry 

type AdminEntry struct {
	SAMAccountName string
	DN             string
}

func EnumAdmins 

func EnumAdmins(s *ldap.Session) ([]AdminEntry, error)

type CAEntry 

type CAEntry struct {
	Name        string
	DNSHostname string
	DN          string
	Templates   []string
}

type ComputerEntry 

type ComputerEntry struct {
	Name        string
	DNSHostname string
	DN          string
	OS          string
	OSVersion   string
}

func EnumComputers 

func EnumComputers(s *ldap.Session) ([]ComputerEntry, error)

type ConstrainedDelegationEntry 

type ConstrainedDelegationEntry struct {
	SAMAccountName     string
	DN                 string
	AllowedServices    []string
	ProtocolTransition bool // TRUSTED_TO_AUTH_FOR_DELEGATION (0x1000000) — S4U2Self enabled
}

func EnumConstrainedDelegation 

func EnumConstrainedDelegation(s *ldap.Session) ([]ConstrainedDelegationEntry, error)

EnumConstrainedDelegation finds objects with msDS-AllowedToDelegateTo set. ProtocolTransition is true when userAccountControl has the TRUSTED_TO_AUTH_FOR_DELEGATION bit (0x1000000), meaning the account can impersonate any user via S4U2Self without requiring a service ticket.

type DCEntry 

type DCEntry struct {
	DN       string
	Hostname string
	ReadOnly bool
}

func EnumDCs 

func EnumDCs(s *ldap.Session) ([]DCEntry, error)

type DomainInfo 

type DomainInfo struct {
	DN              string
	DNSName         string
	NetBIOSName     string
	SID             string
	FunctionalLevel string
	PDC             string
	DNSServers      []string
	NamingContexts  []string
}

func GetDomainInfo 

func GetDomainInfo(s *ldap.Session, domain string) (*DomainInfo, error)

GetDomainInfo retrieves key domain information using Manticore's domain utilities: distinguished name, DNS name, NetBIOS name, SID, functional level, PDC, DNS servers, and naming contexts.

type GPOEntry 

type GPOEntry struct {
	Name        string
	DisplayName string
	DN          string
	FileSysPath string
}

func EnumGPOs 

func EnumGPOs(s *ldap.Session) ([]GPOEntry, error)

type GroupEntry 

type GroupEntry struct {
	Name    string
	DN      string
	Members []string
}

func EnumGroups 

func EnumGroups(s *ldap.Session) ([]GroupEntry, error)

type KerberoastableEntry 

type KerberoastableEntry struct {
	SAMAccountName string
	DN             string
	SPNs           []string
}

func EnumKerberoastable 

func EnumKerberoastable(s *ldap.Session) ([]KerberoastableEntry, error)

type LAPSEntry 

type LAPSEntry struct {
	ComputerName string
	Password     string
	Expiration   string
	Version      int // 1 = LAPSv1, 2 = LAPSv2
}

func EnumLAPS 

func EnumLAPS(s *ldap.Session) ([]LAPSEntry, error)

EnumLAPS reads LAPS passwords from computer objects. It tries LAPSv2 first (msLAPS-Password), then falls back to LAPSv1 (ms-Mcs-AdmPwd).

type OUEntry 

type OUEntry struct {
	Name string
	DN   string
}

func EnumOUs 

func EnumOUs(s *ldap.Session) ([]OUEntry, error)

type PasswordPolicy 

type PasswordPolicy struct {
	MinPwdLength     string
	MaxPwdAge        string
	MinPwdAge        string
	PwdHistoryLength string
	LockoutThreshold string
	LockoutDuration  string
	PwdProperties    string
	PwdComplexity    bool
}

func GetPasswordPolicy 

func GetPasswordPolicy(s *ldap.Session) (*PasswordPolicy, error)

type PrivilegedGroupEntry 

type PrivilegedGroupEntry struct {
	Name    string
	DN      string
	Members []string
}

func EnumPrivilegedGroups 

func EnumPrivilegedGroups(s *ldap.Session, domain string) ([]PrivilegedGroupEntry, error)

EnumPrivilegedGroups enumerates high-value AD groups using Manticore's RID constants to locate well-known domain groups, then resolves member SAMAccountNames.

type RBCDEntry 

type RBCDEntry struct {
	SAMAccountName string
	DN             string
	ObjectType     string // "computer" or "user"
}

func EnumRBCD 

func EnumRBCD(s *ldap.Session) ([]RBCDEntry, error)

EnumRBCD finds objects with msDS-AllowedToActOnBehalfOfOtherIdentity set, meaning another principal has been granted the ability to impersonate any user to this object via Resource-Based Constrained Delegation.

type ShadowCredEntry 

type ShadowCredEntry struct {
	SAMAccountName string
	DN             string
	ObjectType     string // "computer" or "user"
	Keys           []ShadowKey
}

func EnumShadowCreds 

func EnumShadowCreds(s *ldap.Session) ([]ShadowCredEntry, error)

EnumShadowCreds finds objects with msDS-KeyCredentialLink set and parses each key using Manticore's KeyCredentialLink parser.

type ShadowKey 

type ShadowKey struct {
	Identifier   string
	Usage        string
	Source       string
	CreationTime string
}

type TemplateEntry 

type TemplateEntry struct {
	Name           string
	DN             string
	EKUs           []string
	IsESC1         bool
	IsESC2         bool
	IsESC3         bool
	IsESC9         bool
	IsESC4         bool
	ESC4Principals []string // SIDs with dangerous write rights
}

type TrustEntry 

type TrustEntry struct {
	Name       string
	TrustType  string
	Direction  string
	Attributes string
}

func EnumTrusts 

func EnumTrusts(s *ldap.Session) ([]TrustEntry, error)

type UnconstrainedDelegationEntry 

type UnconstrainedDelegationEntry struct {
	SAMAccountName string
	DN             string
	ObjectType     string // "computer" or "user"
}

func EnumUnconstrainedDelegation 

func EnumUnconstrainedDelegation(s *ldap.Session) ([]UnconstrainedDelegationEntry, error)

EnumUnconstrainedDelegation finds computers and users with TRUSTED_FOR_DELEGATION (0x80000) set, excluding DCs which have SERVER_TRUST_ACCOUNT (0x2000) and are expected to have it.

type UserEntry 

type UserEntry struct {
	SAMAccountName string
	DN             string
	UAC            ldap_attributes.UserAccountControl
}

func EnumUsers 

func EnumUsers(s *ldap.Session) ([]UserEntry, error)

func (UserEntry) IsEnabled 

func (u UserEntry) IsEnabled() bool

type WeakAccountEntry 

type WeakAccountEntry struct {
	SAMAccountName string
	DN             string
	Flags          []string
}

func EnumWeakAccounts 

func EnumWeakAccounts(s *ldap.Session) ([]WeakAccountEntry, error)

EnumWeakAccounts finds user accounts with weak or dangerous UAC flags: - PASSWD_NOTREQD: account can have an empty password - ENCRYPTED_TEXT_PWD_ALLOWED: password stored with reversible encryption - USE_DES_KEY_ONLY: Kerberos only uses weak DES encryption - DONT_EXPIRE_PASSWORD: password never expires

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.