mirror of https://github.com/daffainfo/nuclei.git
define frequently used filters and AD UAC filters
parent
cb0d98e4b2
commit
6bf8f8769b
|
@ -105,6 +105,60 @@ func (c *LdapClient) AuthenticateWithNTLMHash(realm string, username, hash strin
|
||||||
return true, nil
|
return true, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// LDAP makes you search using an OID
|
||||||
|
// http://oid-info.com/get/1.2.840.113556.1.4.803
|
||||||
|
//
|
||||||
|
// The one for the userAccountControl in MS Active Directory is
|
||||||
|
// 1.2.840.113556.1.4.803 (LDAP_MATCHING_RULE_BIT_AND)
|
||||||
|
//
|
||||||
|
// We can look at the enabled flags using a query like (!(userAccountControl:1.2.840.113556.1.4.803:=2))
|
||||||
|
//
|
||||||
|
// https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/useraccountcontrol-manipulate-account-properties
|
||||||
|
const (
|
||||||
|
FilterIsPerson = "(objectCategory=person)"
|
||||||
|
FilterIsGroup = "(objectCategory=group)"
|
||||||
|
FilterIsComputer = "(objectCategory=computer)"
|
||||||
|
FilterIsAdmin = "(adminCount=1)"
|
||||||
|
FilterLogonScript = "(userAccountControl:1.2.840.113556.1.4.803:=1)" // The logon script will be run.
|
||||||
|
FilterAccountDisabled = "(userAccountControl:1.2.840.113556.1.4.803:=2)" // The user account is disabled.
|
||||||
|
FilterAccountEnabled = "(!(userAccountControl:1.2.840.113556.1.4.803:=2))" // The user account is enabled.
|
||||||
|
FilterHomedirRequired = "(userAccountControl:1.2.840.113556.1.4.803:=8)" // The home folder is required.
|
||||||
|
FilterLockout = "(userAccountControl:1.2.840.113556.1.4.803:=16)" // The user is locked out.
|
||||||
|
FilterPasswordNotRequired = "(userAccountControl:1.2.840.113556.1.4.803:=32)" // No password is required.
|
||||||
|
FilterPasswordCantChange = "(userAccountControl:1.2.840.113556.1.4.803:=64)" // The user can't change the password.
|
||||||
|
FilterCanSendEncryptedPassword = "(userAccountControl:1.2.840.113556.1.4.803:=128)" // The user can send an encrypted password.
|
||||||
|
FilterIsDuplicateAccount = "(userAccountControl:1.2.840.113556.1.4.803:=256)" // It's an account for users whose primary account is in another domain.
|
||||||
|
FilterIsNormalAccount = "(userAccountControl:1.2.840.113556.1.4.803:=512)" // It's a default account type that represents a typical user.
|
||||||
|
FilterInterdomainTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=2048)" // It's a permit to trust an account for a system domain that trusts other domains.
|
||||||
|
FilterWorkstationTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=4096)" // It's a computer account for a computer that is running old Windows builds.
|
||||||
|
FilterServerTrustAccount = "(userAccountControl:1.2.840.113556.1.4.803:=8192)" // It's a computer account for a domain controller that is a member of this domain.
|
||||||
|
FilterDontExpirePassword = "(userAccountControl:1.2.840.113556.1.4.803:=65536)" // Represents the password, which should never expire on the account.
|
||||||
|
FilterMnsLogonAccount = "(userAccountControl:1.2.840.113556.1.4.803:=131072)" // It's an MNS logon account.
|
||||||
|
FilterSmartCardRequired = "(userAccountControl:1.2.840.113556.1.4.803:=262144)" // When this flag is set, it forces the user to log on by using a smart card.
|
||||||
|
FilterTrustedForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=524288)" // When this flag is set, the service account (the user or computer account) under which a service runs is trusted for Kerberos delegation.
|
||||||
|
FilterNotDelegated = "(userAccountControl:1.2.840.113556.1.4.803:=1048576)" // When this flag is set, the security context of the user isn't delegated to a service even if the service account is set as trusted for Kerberos delegation.
|
||||||
|
FilterUseDesKeyOnly = "(userAccountControl:1.2.840.113556.1.4.803:=2097152)" // Restrict this principal to use only Data Encryption Standard (DES) encryption types for keys.
|
||||||
|
FilterDontRequirePreauth = "(userAccountControl:1.2.840.113556.1.4.803:=4194304)" // This account doesn't require Kerberos pre-authentication for logging on.
|
||||||
|
FilterPasswordExpired = "(userAccountControl:1.2.840.113556.1.4.803:=8388608)" // The user's password has expired.
|
||||||
|
FilterTrustedToAuthForDelegation = "(userAccountControl:1.2.840.113556.1.4.803:=16777216)" // The account is enabled for delegation.
|
||||||
|
FilterPartialSecretsAccount = "(userAccountControl:1.2.840.113556.1.4.803:=67108864)" // The account is a read-only domain controller (RODC).
|
||||||
|
|
||||||
|
)
|
||||||
|
|
||||||
|
func JoinFilters(filters ...string) string {
|
||||||
|
var builder strings.Builder
|
||||||
|
builder.WriteString("(&")
|
||||||
|
for _, s := range filters {
|
||||||
|
builder.WriteString(s)
|
||||||
|
}
|
||||||
|
builder.WriteString(")")
|
||||||
|
return builder.String()
|
||||||
|
}
|
||||||
|
|
||||||
|
func NegativeFilter(filter string) string {
|
||||||
|
return fmt.Sprintf("(!%s)", filter)
|
||||||
|
}
|
||||||
|
|
||||||
// Search is a method that uses the already Connect()'ed client to query the LDAP
|
// Search is a method that uses the already Connect()'ed client to query the LDAP
|
||||||
// server, works for openldap and for Microsoft's Active Directory Ldap
|
// server, works for openldap and for Microsoft's Active Directory Ldap
|
||||||
//
|
//
|
||||||
|
|
Loading…
Reference in New Issue