5amu / goad Goto Github PK

File pkg/dcerpc/scmr.go contains only the skeleton for the data structures described in the Miscrosoft specification. Every opnum is declared without the internal fields. Each of them should be described as:

type OpnumNameRequest struct{
    // Declarations here
}

type OpnumNameResponse struct{
    // Declarations here
}

The request should use the same types (in Go notation) as the specification, except for DWORD (which can be declared as uint32) and all other basic types (for example WORD and BYTE). Also rename all the structs named OpnumNameStruct to OpnumNameRequest.

An example already defined in the code is Opnum 5. OpnumName is RSetServiceObjectSecurity and its declaration in Microsoft's specification is:

[in] SC_RPC_HANDLE hService,
[in] SECURITY_INFORMATION dwSecurityInformation,
[in, size_is(cbBufSize)] LPBYTE lpSecurityDescriptor,
[in] DWORD cbBufSize

And in the code is defined as:

type RSetServiceObjectSecurityStruct struct {
	HService              ScRpcHandle
	DWSecurityInformation uint32
	LPSecurityDescriptor  LpSecurityDescriptor
	CBBufSize             uint32
}

With no response.

Seems like if the response contains too many entries the domain controller just refuses to give it.
Find a way to get results in smaller batches :)

Hey @ellipsis-dev please implement an NTLM authenticator client that must be defined with the following structure:

type Client struct {
    User           string
    Password       string
    Hash           []byte
    Domain         string
    Workstation    string
    TargetSPN      string  
    ChannelBinding *ChannelBindings
}

You can expand the struct as needed. This client must implement the following interface:

type Authenticator interface {
    Negotiate() ([]byte, error)
    Authenticate(msg []byte) ([]byte, error)
    Metadata() interface{}
    Sign(msg []byte) ([]byte, error)
    Encrypt(msg []byte) ([]byte, error)
}

The client must implement the Authenticator interface, but can also extend it if needed. I want to use this client as an authenticator in different contexts, such as an authenticator for a SMB connection, as well as an authenticator for a MSRPCE connection.

Please implement this client to receive raw bytes (such as the NTLM challenge) and return raw bytes containing the NTLM response, store useful information about the server, such as the Netbios Computer Name, DNS computer name, Tree name etc...