Expand description
Utils to extract data from ldap network packets
Modules§
Structs§
- Access
Allowed Ace - Structure for Access Allowed Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/72e7c7ea-bc02-4c74-a619-818a16bf6adb
- Access
Allowed Object Ace - Structure for Access Allowed Object Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe
- Ace
- Structure for Ace network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/628ebb1d-c509-4ea0-a10f-77ef97ca4586
- Acl
- Structure for Acl network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428
- Directory
Paths - Ldap directory path.
- LdapSid
- Structure for LDAPSID network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/f992ad60-0fe4-4b87-9fed-beb478836861
- Ldap
SidIdentified Authority - Strcuture for Sid Identified Authority network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c6ce4275-3d90-4890-ab3a-514745e4637e
- Mask
Flags - Object
AceFlags - AceFlags
- Security
Descriptor - Structure for Security Descriptor network packet. https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7d4dac05-9cef-4563-a058-f108abecce1d
Enums§
- AceFormat
- Enum to get the same output for data switch in Ace structure.
- Type
- Enum to get ldap object type.
Statics§
- COMMON_
RE1 - GPLINK_
RE1 - https://docs.rs/regex/latest/regex/#avoid-re-compiling-regexes-especially-in-a-loop
- GPLINK_
RE2 - IS_
SID_ RE1 - OBJECT_
SID_ RE1 - PARSER_
MOD_ RE1 - PARSER_
MOD_ RE2 - SID_
PART1_ RE1
Functions§
- _decode_
guid - Function to decode objectGUID binary to string value. src: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/001eec5a-7f8b-4293-9e21-ca349392db40 Thanks to: https://github.com/picketlink/picketlink/blob/master/modules/common/src/main/java/org/picketlink/common/util/LDAPUtil.java
- bin_
to_ string - Function to get uuid from bin to string format
- check_
spn - Function to check if spns start with mssqlsvc to make SPNTargets https://github.com/BloodHoundAD/SharpHound3/blob/master/SharpHound3/Tasks/SPNTasks.cs#L22
- decode_
guid_ le - Function to decode GUID from binary to string format with correct little-endian handling
- get_
flag - Get the UAC flags from “userAccountControl” LDAP attribut.
- get_
forest_ level - Get the forest level from “msDS-Behavior-Version” LDAP attribute.
- get_
pki_ cert_ name_ flags - Get the PKI flags from “msPKI-Certificate-Name-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/1192823c-d839-4bc3-9b6b-fa8c53507ae1
- get_
pki_ enrollment_ flags - Get the PKI flags from “msPKI-Enrollment-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/ec71fd43-61c2-407b-83c9-b52272dec8a1
- get_
pki_ private_ flags - Get the PKI flags from “msPKI-Private-Key-Flag” LDAP attribut. MS: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-crtd/f6122d87-b999-4b92-bff8-f465e8949667
- get_
trust_ flag - Get the trust flags from “trustDomain”.
- get_
type - Get object type, like (“user”,“group”,“computer”,“ou”, “container”, “gpo”, “domain” “trust”).
- hex_
push - Function to get a hexadecimal representation from bytes Thanks to: https://newbedev.com/how-do-i-convert-a-string-to-hex-in-rust
- is_sid
- Function to check if string is SID
- objectsid_
to_ vec8 - Change SID value to correct format.
- parse_
ca_ security - Function to get relations for CASecurity from LDAP attribute.
- parse_
gmsa - Function to parse GMSA DACL which states which users (or groups) can read the password
- parse_
gplink - Function to parse gplink and push it in json format
- parse_
ntsecuritydescriptor - This function allows to parse the attribut nTSecurityDescriptor from secdesc.rs http://www.selfadsi.org/deep-inside/ad-security-descriptors.htm#SecurityDescriptorStructure
- sid_
maker - Function to make SID String from ldap_sid struct
- templates_
enabled_ change_ displayname_ to_ sid - Function to replace displayname by SID in enabled cert templates.