Module enums

Utils to extract data from ldap network packets

Modules

• acl
• adcs
• constants
• forestlevel
• gplink
• ldaptype
• secdesc
• sid
• spntasks
• trusts
• uacflags

Structs

• AccessAllowedAce
  Structure for Access Allowed Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/72e7c7ea-bc02-4c74-a619-818a16bf6adb
• AccessAllowedObjectAce
  Structure for Access Allowed Object Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe
• Ace
  Structure for Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/628ebb1d-c509-4ea0-a10f-77ef97ca4586
• Acl
  Structure for Acl network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428
• DirectoryPaths
  Ldap directory path.
• LdapSid
  Structure for LDAPSID network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f992ad60-0fe4-4b87-9fed-beb478836861
• LdapSidIdentifiedAuthority
  Strcuture for Sid Identified Authority network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c6ce4275-3d90-4890-ab3a-514745e4637e
• MaskFlags
• ObjectAceFlags
  AceFlags
• SecurityDescriptor
  Structure for Security Descriptor network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7d4dac05-9cef-4563-a058-f108abecce1d

Enums

• AceFormat
  Enum to get the same output for data switch in Ace structure.
• Type
  Enum to get ldap object type.

Functions

• _decode_guid
  Function to decode objectGUID binary to string value. src: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/001eec5a-7f8b-4293-9e21-ca349392db40 Thanks to: https://github.com/picketlink/picketlink/blob/master/modules/common/src/main/java/org/picketlink/common/util/LDAPUtil.java
• bin_to_string
  Function to get uuid from bin to string format
• check_spn
  Function to check if spns start with mssqlsvc to make SPNTargets https://github.com/BloodHoundAD/SharpHound3/blob/master/SharpHound3/Tasks/SPNTasks.cs#L22
• decode_guid_le
  Function to decode GUID from binary to string format with correct little-endian handling
• get_flag
  Get the UAC flags from “userAccountControl” LDAP attribut.
• get_forest_level
  Get the forest level from “msDS-Behavior-Version” LDAP attribute.
• get_pki_cert_name_flags
  Get the PKI flags from “msPKI-Certificate-Name-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/1192823c-d839-4bc3-9b6b-fa8c53507ae1
• get_pki_enrollment_flags
  Get the PKI flags from “msPKI-Enrollment-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1
• get_pki_private_flags
  Get the PKI flags from “msPKI-Private-Key-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/f6122d87-b999-4b92-bff8-f465e8949667
• get_trust_flag
  Get the trust flags from “trustDomain”.
• get_type
  Get object type, like (“user”,“group”,“computer”,“ou”, “container”, “gpo”, “domain” “trust”).
• hex_push
  Function to get a hexadecimal representation from bytes Thanks to: https://newbedev.com/how-do-i-convert-a-string-to-hex-in-rust
• is_sid
  Function to check if string is SID
• objectsid_to_vec8
  Change SID value to correct format.
• parse_ca_security
  Function to get relations for CASecurity from LDAP attribute.
• parse_gmsa
  Function to check the user can read Service Account password
• parse_gplink
  Function to parse gplink and push it in json format
• parse_ntsecuritydescriptor
  This function allows to parse the attribut nTSecurityDescriptor from secdesc.rs http://www.selfadsi.org/deep-inside/ad-security-descriptors.htm#SecurityDescriptorStructure
• sid_maker
  Function to make SID String from ldap_sid struct
• templates_enabled_change_displayname_to_sid
  Function to replace displayname by SID in enabled cert templates.