Skip to content

Commit 93f9d58

Browse files
p0daliriusp0dalirius
committed
Public release
1 parent fd9d66b commit 93f9d58

File tree

18 files changed

+1156
-2
lines changed

18 files changed

+1156
-2
lines changed

.github/FUNDING.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
# These are supported funding model platforms
2+
3+
github: p0dalirius
4+
patreon: Podalirius

.github/banner.png

11.8 KB
Loading

.github/example_dn.png

205 KB
Loading

.github/example_value.png

175 KB
Loading

.github/workflows/commit.yaml

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
name: Build on commit
2+
3+
on:
4+
push:
5+
branches:
6+
- '*'
7+
8+
jobs:
9+
build:
10+
name: Build Release Assets
11+
runs-on: ubuntu-latest
12+
13+
strategy:
14+
matrix:
15+
os: [linux, windows, darwin]
16+
arch: [amd64, arm64, 386]
17+
binaryname: [DescribeNTSecurityDescriptor]
18+
# Exclude incompatible couple of GOOS and GOARCH values
19+
exclude:
20+
- os: darwin
21+
arch: 386
22+
23+
env:
24+
GO111MODULE: 'on'
25+
CGO_ENABLED: '0'
26+
27+
steps:
28+
- name: Checkout Repository
29+
uses: actions/checkout@v3
30+
31+
- name: Set up Go
32+
uses: actions/setup-go@v4
33+
with:
34+
go-version: '1.22.1'
35+
36+
- name: Build Binary
37+
env:
38+
GOOS: ${{ matrix.os }}
39+
GOARCH: ${{ matrix.arch }}
40+
run: |
41+
mkdir -p build
42+
ls -lha
43+
OUTPUT_PATH="../build/${{ matrix.binaryname }}-${{ matrix.os }}-${{ matrix.arch }}"
44+
# Build the binary
45+
cd ./src/;
46+
go build -ldflags="-s -w" -o $OUTPUT_PATH${{ matrix.os == 'windows' && '.exe' || '' }}

.github/workflows/release.yaml

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,59 @@
1+
name: Build and Release
2+
3+
on:
4+
release:
5+
types: [published]
6+
7+
jobs:
8+
build:
9+
name: Build Release Assets
10+
runs-on: ubuntu-latest
11+
12+
strategy:
13+
matrix:
14+
os: [linux, windows, darwin]
15+
arch: [amd64, arm64, 386]
16+
binaryname: [DescribeNTSecurityDescriptor]
17+
# Exclude incompatible couple of GOOS and GOARCH values
18+
exclude:
19+
- os: darwin
20+
arch: 386
21+
22+
env:
23+
GO111MODULE: 'on'
24+
CGO_ENABLED: '0'
25+
26+
steps:
27+
- name: Checkout Repository
28+
uses: actions/checkout@v3
29+
30+
- name: Set up Go
31+
uses: actions/setup-go@v4
32+
with:
33+
go-version: '1.22.1'
34+
35+
- name: Build Binary
36+
env:
37+
GOOS: ${{ matrix.os }}
38+
GOARCH: ${{ matrix.arch }}
39+
run: |
40+
mkdir -p bin
41+
ls -lha
42+
OUTPUT_PATH="../build/${{ matrix.binaryname }}-${{ matrix.os }}-${{ matrix.arch }}"
43+
# Build the binary
44+
cd ./src/;
45+
go build -ldflags="-s -w" -o $OUTPUT_PATH${{ matrix.os == 'windows' && '.exe' || '' }}
46+
47+
- name: Prepare Release Assets
48+
if: ${{ success() }}
49+
run: |
50+
mkdir -p ./release/
51+
cp ./build/${{ matrix.binaryname }}-* ./release/
52+
53+
- name: Upload the Release binaries
54+
uses: svenstaro/upload-release-action@v2
55+
with:
56+
repo_token: ${{ secrets.GITHUB_TOKEN }}
57+
tag: ${{ github.ref }}
58+
file: ./release/${{ matrix.binaryname }}-*
59+
file_glob: true

Dockerfile

Lines changed: 38 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,38 @@
1+
FROM debian:latest
2+
3+
RUN apt-get -y -q update \
4+
&& apt-get -y -q install nano git wget build-essential librust-gobject-sys-dev libnss3 libnss3-dev
5+
6+
RUN wget https://go.dev/dl/go1.22.1.linux-amd64.tar.gz -O /tmp/go.tar.gz \
7+
&& rm -rf /usr/local/go \
8+
&& tar -C /usr/local -xzf /tmp/go.tar.gz \
9+
&& echo 'export PATH=$PATH:/usr/local/go/bin' >> /root/.bashrc \
10+
&& echo 'export PATH=$PATH:/root/go/bin' >> /root/.bashrc
11+
12+
RUN echo "go clean; go build -v" >> /root/.bash_history
13+
14+
RUN echo '#!/bin/bash' > /entrypoint.sh \
15+
&& echo 'mkdir -p /workspace/bin/' >> /entrypoint.sh \
16+
&& echo 'cd /workspace/src/' >> /entrypoint.sh \
17+
&& echo '/usr/local/go/bin/go clean' >> /entrypoint.sh \
18+
&& echo 'echo "[+] Building"' >> /entrypoint.sh \
19+
# && echo 'echo " ├──[>] Building for linux i386"' >> /entrypoint.sh \
20+
# && echo 'mkdir -p /workspace/bin/linux/x86/' >> /entrypoint.sh >> /entrypoint.sh \
21+
# && echo 'GOOS=linux GOARCH=386 /usr/local/go/bin/go build -o /workspace/bin/linux/x86/ -buildvcs=false' >> /entrypoint.sh \
22+
&& echo 'echo " ├──[>] Building for linux amd64"' >> /entrypoint.sh \
23+
&& echo 'mkdir -p /workspace/bin/linux/x64/' >> /entrypoint.sh >> /entrypoint.sh \
24+
&& echo 'GOOS=linux GOARCH=amd64 /usr/local/go/bin/go build -o /workspace/bin/linux/x64/ -buildvcs=false' >> /entrypoint.sh \
25+
# && echo 'echo " ├──[>] Building for Windows i386"' >> /entrypoint.sh \
26+
# && echo 'mkdir -p /workspace/bin/windows/x86/' >> /entrypoint.sh >> /entrypoint.sh \
27+
# && echo 'GOOS=windows GOARCH=386 /usr/local/go/bin/go build -o /workspace/bin/windows/x86/ -buildvcs=false' >> /entrypoint.sh \
28+
# && echo 'echo " └──[>] Building for Windows amd64"' >> /entrypoint.sh \
29+
# && echo 'mkdir -p /workspace/bin/windows/x64/' >> /entrypoint.sh >> /entrypoint.sh \
30+
# && echo 'GOOS=windows GOARCH=amd64 /usr/local/go/bin/go build -o /workspace/bin/windows/x64/ -buildvcs=false' >> /entrypoint.sh \
31+
&& chmod +x /entrypoint.sh
32+
33+
# Prepare workspace volume
34+
RUN mkdir -p /workspace/
35+
VOLUME /workspace/
36+
WORKDIR /workspace/
37+
38+
CMD ["/bin/bash", "/entrypoint.sh"]

Makefile

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
.PHONY: all build_docker compile
2+
3+
IMGNAME := build_golang_project
4+
5+
all: build_docker compile
6+
7+
build_docker:
8+
docker build -t $(IMGNAME):latest -f Dockerfile .
9+
10+
compile: build_docker
11+
docker run --rm -v "$(shell pwd):/workspace" -it $(IMGNAME)

README.md

Lines changed: 89 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,89 @@
1-
# DescribeNTSecurityDescriptor
2-
A cross-platforms tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
1+
![](./.github/banner.png)
2+
3+
<p align="center">
4+
A cross-platforms tool to parse and describe the contents of a raw ntSecurityDescriptor structure.
5+
<br>
6+
<a href="https://github.com/p0dalirius/DescribeNTSecurityDescriptor/actions/workflows/release.yaml" title="Build"><img alt="Build and Release" src="https://github.com/p0dalirius/DescribeNTSecurityDescriptor/actions/workflows/release.yaml/badge.svg"></a>
7+
<img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/p0dalirius/DescribeNTSecurityDescriptor">
8+
<a href="https://twitter.com/intent/follow?screen_name=podalirius_" title="Follow"><img src="https://img.shields.io/twitter/follow/podalirius_?label=Podalirius&style=social"></a>
9+
<a href="https://www.youtube.com/c/Podalirius_?sub_confirmation=1" title="Subscribe"><img alt="YouTube Channel Subscribers" src="https://img.shields.io/youtube/channel/subscribers/UCF_x5O7CSfr82AfNVTKOv_A?style=social"></a>
10+
<br>
11+
</p>
12+
13+
## Features
14+
15+
- [x] Reads source value from a file containing a raw ntSecurityDescriptor structure, in raw bytes, hex string or base64 string formats.
16+
- [x] Reads source value from the LDAP.
17+
- [ ] Outputs a human readable summary of accesses with `--summary`
18+
- [x] Parsing of Access Control Entries (ACE) of various types:
19+
- [x] ACE type [`ACCESS_ALLOWED_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/72e7c7ea-bc02-4c74-a619-818a16bf6adb?wt.mc_id=SEC-MVP-5005286)
20+
- [x] ACE type [`ACCESS_ALLOWED_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c79a383c-2b3f-4655-abe7-dcbb7ce0cfbe?wt.mc_id=SEC-MVP-5005286)
21+
- [x] ACE type [`ACCESS_DENIED_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/b1e1321d-5816-4513-be67-b65d8ae52fe8?wt.mc_id=SEC-MVP-5005286)
22+
- [x] ACE type [`ACCESS_DENIED_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/8720fcf3-865c-4557-97b1-0b3489a6c270?wt.mc_id=SEC-MVP-5005286)
23+
- [x] ACE type [`ACCESS_ALLOWED_CALLBACK_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c9579cf4-0f4a-44f1-9444-422dfb10557a?wt.mc_id=SEC-MVP-5005286)
24+
- [x] ACE type [`ACCESS_DENIED_CALLBACK_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/35adad6b-fda5-4cc1-b1b5-9beda5b07d2e?wt.mc_id=SEC-MVP-5005286)
25+
- [x] ACE type [`ACCESS_ALLOWED_CALLBACK_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/fe1838ea-ea34-4a5e-b40e-eb870f8322ae?wt.mc_id=SEC-MVP-5005286)
26+
- [x] ACE type [`ACCESS_DENIED_CALLBACK_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/4652f211-82d5-4b90-bd58-43bf3b0fc48d?wt.mc_id=SEC-MVP-5005286)
27+
- [x] ACE type [`SYSTEM_AUDIT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/9431fd0f-5b9a-47f0-b3f0-3015e2d0d4f9?wt.mc_id=SEC-MVP-5005286)
28+
- [x] ACE type [`SYSTEM_AUDIT_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/c8da72ae-6b54-4a05-85f4-e2594936d3d5?wt.mc_id=SEC-MVP-5005286)
29+
- [x] ACE type [`SYSTEM_AUDIT_CALLBACK_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/bd6b6fd8-4bef-427e-9a43-b9b46457e934?wt.mc_id=SEC-MVP-5005286)
30+
- [x] ACE type [`SYSTEM_MANDATORY_LABEL_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/25fa6565-6cb0-46ab-a30a-016b32c4939a?wt.mc_id=SEC-MVP-5005286)
31+
- [x] ACE type [`SYSTEM_AUDIT_CALLBACK_OBJECT_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/949b02e7-f55d-4c26-969f-52a009597469?wt.mc_id=SEC-MVP-5005286)
32+
- [x] ACE type [`SYSTEM_RESOURCE_ATTRIBUTE_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/352944c7-4fb6-4988-8036-0a25dcedc730?wt.mc_id=SEC-MVP-5005286)
33+
- [x] ACE type [`SYSTEM_SCOPED_POLICY_ID_ACE`](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/aa0c0f62-4b4c-44f0-9718-c266a6accd9f?wt.mc_id=SEC-MVP-5005286)
34+
- [x] Parsing of SID
35+
- [x] Connect to LDAP to resolve sAMAccountNames of not well known SIDs
36+
- [x] Resolve names of well known SIDs
37+
- [ ] Parsing of Access Control Lists (ACL):
38+
- [ ] Print if ACL is in [canonical form](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/20233ed8-a6c6-4097-aafa-dd545ed24428?wt.mc_id=SEC-MVP-5005286)
39+
40+
41+
## Usage
42+
43+
```
44+
$ ./DescribeNTSecurityDescriptor -h
45+
DescribeNTSecurityDescriptor - by Remi GASCOU (Podalirius) - v1.2
46+
47+
Usage: DescribeNTSecurityDescriptor [--debug] [--domain <string>] [--username <string>] [--password <string>] [--hashes <string>] [--dc-ip <string>] [--port <tcp port>] [--use-ldaps] [--distinguished-name <string>] [--file-hex <string>] [--file-base64 <string>] [--file-raw <string>] [--value-hex <string>] [--value-base64 <string>]
48+
49+
-d, --debug Debug mode. (default: false)
50+
51+
Authentication:
52+
-d, --domain <string> Active Directory domain to authenticate to. (default: "")
53+
-u, --username <string> User to authenticate as. (default: "")
54+
-p, --password <string> Password to authenticate with. (default: "")
55+
-H, --hashes <string> NT/LM hashes, format is LMhash:NThash. (default: "")
56+
57+
LDAP Connection Settings:
58+
-dc, --dc-ip <string> IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter. (default: "")
59+
-P, --port <tcp port> Port number to connect to LDAP server. (default: 389)
60+
-l, --use-ldaps Use LDAPS instead of LDAP. (default: false)
61+
62+
Source Values:
63+
-D, --distinguished-name <string> Distinguished Name. (default: "")
64+
-fh, --file-hex <string> Path to file containing the hexadecimal string value of NTSecurityDescriptor. (default: "")
65+
-fb, --file-base64 <string> Path to file containing the base64 encoded value of NTSecurityDescriptor. (default: "")
66+
-fr, --file-raw <string> Path to file containing the raw binary value of NTSecurityDescriptor. (default: "")
67+
-vh, --value-hex <string> Raw hexadecimal string value of NTSecurityDescriptor. (default: "")
68+
-vb, --value-base64 <string> Raw base64 encoded value of NTSecurityDescriptor. (default: "")
69+
```
70+
71+
## Demonstration with a `--distinguished-name`
72+
73+
```bash
74+
./DescribeNTSecurityDescriptor --debug --username "Administrator" --domain "LAB.local" --password "Admin123!" --dc-ip "10.0.0.201" --distinguished-name "CN=Administrator,CN=Users,DC=LAB,DC=local"
75+
```
76+
77+
![](./.github/example_dn.png)
78+
79+
## Demonstration with a `--value-hex`
80+
81+
```bash
82+
./DescribeNTSecurityDescriptor --username "Administrator" --domain "LAB.local" --password "Admin123!" --dc-ip "10.0.0.201" --debug --value-hex "0100149ccc000000e800000014000000a000000004008c00030000000240140020000c00010100000000000100000000075a38002000000003000000be3b0ef3f09fd111b6030000f80367c1a57a96bfe60dd011a28500aa003049e2010100000000000100000000075a38002000000003000000bf3b0ef3f09fd111b6030000f80367c1a57a96bfe60dd011a28500aa003049e201010000000000010000000002002c000100000000002400ff010f0001050000000000051500000028bb82279261b9fe2474aa5d0002000001050000000000051500000028bb82279261b9fe2474aa5d0002000001050000000000051500000028bb82279261b9fe2"
83+
```
84+
85+
![](./.github/example_value.png)
86+
87+
## Contributing
88+
89+
Pull requests are welcome. Feel free to open an issue if you want to add other features.

src/go.mod

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
module DescribeNTSecurityDescriptor
2+
3+
go 1.22.1
4+
5+
require (
6+
github.com/go-ldap/ldap/v3 v3.4.8
7+
github.com/p0dalirius/goopts v1.0.0
8+
)
9+
10+
require (
11+
github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect
12+
github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect
13+
github.com/google/uuid v1.6.0 // indirect
14+
github.com/p0dalirius/winacl v1.2.1
15+
golang.org/x/crypto v0.28.0 // indirect
16+
)

0 commit comments

Comments
 (0)