ditreader

package

v0.0.0-...-d5bf94b Latest Latest Go to latest Published: Aug 9, 2023 License: GPL-3.0 Imports: 16 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/lesnuages/gosecretsdump

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func DecryptAES(key, value, iv []byte) ([]byte, error)
func DeriveKey(baseKey uint32) (k1, k2 []byte)
func NewPekKey(lData []byte) []byte
func RemoveDES(b []byte, rid uint32) ([]byte, error)
type CryptedHash
- func NewCryptedHash(inData []byte) (CryptedHash, error)
type CryptedHashW16
- func NewCryptedHashW16(data []byte) CryptedHashW16
type CryptedHashW16History
- func NewCryptedHashW16History(data []byte) CryptedHashW16History
type DitReader
- func New(system, ntds string) (DitReader, error)
- func (d *DitReader) DecryptRecord(record esent.Esent_record) (DumpedHash, error)
- func (d DitReader) Dump() error
- func (d DitReader) GetOutChan() <-chan DumpedHash
- func (d DitReader) PEK() ([][]byte, error)
type DumpedHash
- func (d DumpedHash) HashString() string
- func (d DumpedHash) HistoryString() string
- func (d DumpedHash) HistoryStrings() []string
type PekKey
type PeklistEnc
- func NewPeklistEnc(lData []byte) (PeklistEnc, error)
type PeklistPlain
- func NewPeklistPlain(lData []byte) PeklistPlain
type PwdHistory
type SAMRKerbKeyDataNew
- func NewSAMRKerbKeyDataNew(d []byte) SAMRKerbKeyDataNew
type SAMRKerbStoredCredNew
- func NewSAMRKerbStoredCredNew(d []byte) SAMRKerbStoredCredNew
type SAMRRPCSID
- func NewSAMRRPCSID(data []byte) (SAMRRPCSID, error)
- func (s SAMRRPCSID) FormatCanonical() string
- func (s SAMRRPCSID) Rid() uint32
type SAMRUserProperties
- func NewSAMRUserProperties(data []byte) SAMRUserProperties
type SAMRUserProperty
type SuppInfo
- func (s SuppInfo) ClearString() string
- func (s SuppInfo) KerbString() string

Constants ¶

This section is empty.

Variables ¶

View Source

var EmptyLM = []byte{0xaa, 0xd3, 0xb4, 0x35, 0xb5, 0x14, 0x04, 0xee, 0xaa, 0xd3, 0xb4, 0x35, 0xb5, 0x14, 0x04, 0xee}

View Source

var EmptyNT = []byte{0x31, 0xd6, 0xcf, 0xe0, 0xd1, 0x6a, 0xe9, 0x31, 0xb7, 0x3c, 0x59, 0xd7, 0xe0, 0xc0, 0x89, 0xc0}

Functions ¶

func DecryptAES ¶

func DecryptAES(key, value, iv []byte) ([]byte, error)

func DeriveKey ¶

func DeriveKey(baseKey uint32) (k1, k2 []byte)

func NewPekKey ¶

func NewPekKey(lData []byte) []byte

NewPekKey returns a Pek key (the key portion of the PekKey structure)

func RemoveDES ¶

func RemoveDES(b []byte, rid uint32) ([]byte, error)

Types ¶

type CryptedHash ¶

type CryptedHash struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	EncryptedHash []byte
}

func NewCryptedHash ¶

func NewCryptedHash(inData []byte) (CryptedHash, error)

NewCryptedHash creates a CryptedHash object containing key material and encrypted content.

type CryptedHashW16 ¶

type CryptedHashW16 struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	Unknown       uint32
	EncryptedHash [32]byte
}

func NewCryptedHashW16 ¶

func NewCryptedHashW16(data []byte) CryptedHashW16

type CryptedHashW16History ¶

type CryptedHashW16History struct {
	Header        [8]byte
	KeyMaterial   [16]byte
	Unknown       uint32
	EncryptedHash []byte
}

func NewCryptedHashW16History ¶

func NewCryptedHashW16History(data []byte) CryptedHashW16History

type DitReader ¶

type DitReader struct {
	// contains filtered or unexported fields
}

func New ¶

func New(system, ntds string) (DitReader, error)

New Creates a new dit dumper

func (*DitReader) DecryptRecord ¶

func (d *DitReader) DecryptRecord(record esent.Esent_record) (DumpedHash, error)

func (DitReader) Dump ¶

func (d DitReader) Dump() error

func (DitReader) GetOutChan ¶

func (d DitReader) GetOutChan() <-chan DumpedHash

GetOutChan returns a reference to the objects output channel for read only operations

func (DitReader) PEK ¶

func (d DitReader) PEK() ([][]byte, error)

type DumpedHash ¶

type DumpedHash struct {
	Username string
	LMHash   []byte
	NTHash   []byte
	Rid      uint32
	Enabled  bool
	UAC      uacFlags
	Supp     SuppInfo
	History  PwdHistory
}

func (DumpedHash) HashString ¶

func (d DumpedHash) HashString() string

func (DumpedHash) HistoryString ¶

func (d DumpedHash) HistoryString() string

func (DumpedHash) HistoryStrings ¶

func (d DumpedHash) HistoryStrings() []string

type PekKey ¶

type PekKey struct {
	Header  [1]byte
	Padding [3]byte
	Key     [16]byte
}

type PeklistEnc ¶

type PeklistEnc struct {
	Header       [8]byte
	KeyMaterial  [16]byte
	EncryptedPek []byte // ":"
}

func NewPeklistEnc ¶

func NewPeklistEnc(lData []byte) (PeklistEnc, error)

NewPeklistEnc returns an encrypted peklist object from the passed in record

type PeklistPlain ¶

type PeklistPlain struct {
	Header       [32]byte
	DecryptedPek []byte // ":"
}

func NewPeklistPlain ¶

func NewPeklistPlain(lData []byte) PeklistPlain

NewPeklistPlain returns a cleartext peklist object from the passed in record

type PwdHistory ¶

type PwdHistory struct {
	LmHist [][]byte
	NTHist [][]byte
}

type SAMRKerbKeyDataNew ¶

type SAMRKerbKeyDataNew struct {
	Reserved1, Reserved2 uint16
	Reserved3, IterationCount,
	KeyType, KeyLength, KeyOffset uint32
}

func NewSAMRKerbKeyDataNew ¶

func NewSAMRKerbKeyDataNew(d []byte) SAMRKerbKeyDataNew

type SAMRKerbStoredCredNew ¶

type SAMRKerbStoredCredNew struct {
	/*
	   structure = (
	       ('Revision','<H=4'),
	       ('Flags','<H=0'),
	       ('CredentialCount','<H=0'),
	       ('ServiceCredentialCount','<H=0'),
	       ('OldCredentialCount','<H=0'),
	       ('OlderCredentialCount','<H=0'),
	       ('DefaultSaltLength','<H=0'),
	       ('DefaultSaltMaximumLength','<H=0'),
	       ('DefaultSaltOffset','<L=0'),
	       ('DefaultIterationCount','<L=0'),
	       ('Buffer',':'),
	   )
	*/
	Revision, Flags, CredentialCount,
	ServiceCredentialCount, OldCredentialCount,
	OlderCredentialCount, DefaultSaltLength,
	DefaultSaltMaximumLength uint16
	DefaultSaltOffset, DefaultIterationCount uint32
	Buffer                                   []byte
}

func NewSAMRKerbStoredCredNew ¶

func NewSAMRKerbStoredCredNew(d []byte) SAMRKerbStoredCredNew

type SAMRRPCSID ¶

type SAMRRPCSID struct {
	Revision            uint8   //'<B'
	SubAuthorityCount   uint8   //'<B'
	IdentifierAuthority [6]byte //SAMR_RPC_SID_IDENTIFIER_AUTHORITY
	SubLen              int     //    ('SubLen','_-SubAuthority','self["SubAuthorityCount"]*4'),
	SubAuthority        []byte  //':'
}

func NewSAMRRPCSID ¶

func NewSAMRRPCSID(data []byte) (SAMRRPCSID, error)

func (SAMRRPCSID) FormatCanonical ¶

func (s SAMRRPCSID) FormatCanonical() string

func (SAMRRPCSID) Rid ¶

func (s SAMRRPCSID) Rid() uint32

type SAMRUserProperties ¶

type SAMRUserProperties struct {
	Reserved1         uint32
	Length            uint32
	Reserved2         uint16
	Reserved3         uint16
	Reserved4         [96]byte
	PropertySignature uint16
	PropertyCount     uint16
	Properties        []SAMRUserProperty
}

func NewSAMRUserProperties ¶

func NewSAMRUserProperties(data []byte) SAMRUserProperties

type SAMRUserProperty ¶

type SAMRUserProperty struct {
	/*
			class USER_PROPERTY(Structure):
		    structure = (
		        ('NameLength','<H=0'),
		        ('ValueLength','<H=0'),
		        ('Reserved','<H=0'),
		        ('_PropertyName','_-PropertyName', "self['NameLength']"),
		        ('PropertyName',':'),
		        ('_PropertyValue','_-PropertyValue', "self['ValueLength']"),
		        ('PropertyValue',':'),
		)
	*/
	NameLength    uint16
	ValueLength   uint16
	Reserved      uint16
	PropertyName  []byte
	PropertyValue []byte
}

type SuppInfo ¶

type SuppInfo struct {
	Username      string
	ClearPassword string
	NotASCII      bool
	KerbKeys      []string
}

func (SuppInfo) ClearString ¶

func (s SuppInfo) ClearString() string

func (SuppInfo) KerbString ¶

func (s SuppInfo) KerbString() string

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL