Skip to content

Latest commit

 

History

History
257 lines (189 loc) · 21.5 KB

README.md

File metadata and controls

257 lines (189 loc) · 21.5 KB

MS-RPC IDL Parser/Codegen for Go / MS-RPC/DCOM Client

The IDL parser for the Microsoft Extension of the C706: DCE/RPC 1.1.

The client stub generator for many MSRPC / DCOM services including (but not limited to - see complete list below) Netlogon, Windows Registry, Eventlog, DCOM (OXID resolver), WMI (query and method exec) support.

Usage

See examples and dcerpc package documentation.

Examples rely on following environment variables:

Name Description Example
USERNAME The Domain\Username "MSAD2.COM\User"
PASSWORD The password "password"
PASSWORD_MD4 The password hash (use go run examples/helpers/nt_hash.go -d $PASSWORD to generate the hash) "f077ca4b7d73486a45e75dcdd74cd5bd"
WORKSTATION The workstation name "Ubuntu"
SERVER The server FQDN or IP "192.168.0.22"
SERVER_NAME The server NetBIOS name "WIN2019"
SERVER_HOST The server FQDN "my-server.win2019.com"
SAM_USERNAME The machine account name (see examples/netlogon_sec_channel.go) "COMPUTER$"
SAM_PASSWORD The machine account password (see examples/netlogon_sec_channel.go) "password"
SAM_WORKSTATION The machine account workstation name "COMPUTER"
TARGET The target name (SPN) for kerberos. "host/my-server.win2019.com"
KRB5_CONFIG The kerberos config path. "/path/to/krb5.conf"

For codegeneration, run make all to regenerate all sources, or make nrpc.go.

Features

Connection-oriented DCE/RPC v5 client implementation

The library implements the CO RPC v5 (dcerpc package) with following features:

  • Connection Multiplexing: multiple clients over single connection

  • Multiple Connection per Association Group: ability to use context handles from one connection on another, flexibility in arranging the clients-per-connection-per-association

  • Verification Trailer: ability to add verification trailer to the request payload

  • Kerberos, Netlogon, NTLM, SPNEGO Authentication

  • Endpoint mapper / string binding support

  • DCOM basic support

  • Eventlog BinXML parser

  • WMIO object unmarshaler / marshaler.

MS-RPCE Extensions

The library implements some of the extensions defined in MS-RPCE document:

  • Security Context Multiplexing: ability to create multiple security contexts over the same logical connection.

  • Bind-time Feature Negotiation: (actually not a feature).

  • Header Signing: (legacy thing,

GSS-API / SSP Client Side

The library contains the GSS-API interface definitions. (ssp/gssapi)

The library contains the ssp package which has an implementation for the various security service providers, like Kerberos, NTLM, Netlogon (Secure Channel), SPNEGO.

  • GSSAPI interface implementation including Ex-methods defined in Microsoft documentation

  • Kerberos:

    • Supported Enc Types: RC4-HMAC, AES128-CTS-HMAC-SHA1, AES256-CTS-HMAC-SHA1

    • DCE and non-DCE APReq/APRep style

  • NTLM

    • Supported Versions: NTLMv1, NTLMv2
  • Netlogon:

    • Supported Encryption Types: RC4-HMAC, AES-SHA2
  • SPNEGO:

    • Supported Mech List MIC

    • Supported NegTokenInit2

Generated Stubs

Code Description Package
MS-ADTS Active Directory Technical Specification: Claims github.com/oiweiwei/go-msrpc/msrpc/adts
MS-EVEN6-BINXML BinXml encodes an XML document so that the original XML text can be correctly reproduced from the encoding. github.com/oiweiwei/msrpc/binxml
MS-BKRP BackupKey Remote Protocol github.com/oiweiwei/msrpc/bkrp
MS-BPAU Background Intelligent Transfer Service (BITS) Peer-Caching: Peer Authentication Protocol github.com/oiweiwei/msrpc/bpau
MS-BRWSA Common Internet File System (CIFS) Browser Auxiliary Protocol github.com/oiweiwei/msrpc/brwsa
MS-CAPR Central Access Policy Identifier (ID) Retrieval Protocol github.com/oiweiwei/msrpc/capr
MS-CMPO MSDTC Connection Manager: OleTx Transports Protocol github.com/oiweiwei/msrpc/cmpo
MS-CMRP Failover Cluster: Management API (ClusAPI) Protocol github.com/oiweiwei/msrpc/cmrp
MS-DFSNM Distributed File System (DFS): Namespace Management Protocol github.com/oiweiwei/msrpc/dfsnm
MS-DHCPM Microsoft Dynamic Host Configuration Protocol (DHCP) Server Management Protocol github.com/oiweiwei/msrpc/dhcpm
MS-DLTM Distributed Link Tracking: Central Manager Protocol github.com/oiweiwei/msrpc/dltm
MS-DLTW Distributed Link Tracking: Workstation Protocol github.com/oiweiwei/msrpc/dltw
MS-DNSP Domain Name Service (DNS) Server Management ProtocolDomain Name Service (DNS) Server Management Protocol github.com/oiweiwei/msrpc/dnsp
MS-DRSR Directory Replication Service (DRS) Remote Protocol github.com/oiweiwei/msrpc/drsr
MS-DSSP Directory Services Setup Remote Protocol github.com/oiweiwei/msrpc/dssp
MS-DTYP Windows Data Types github.com/oiweiwei/msrpc/dtyp
MS-EERR ExtendedError Remote Data Structure github.com/oiweiwei/msrpc/eerr
MS-RPCE-EPM C706-EPM Endpoint Mapper github.com/oiweiwei/msrpc/epm
MS-ERREF Windows Error Codes github.com/oiweiwei/msrpc/erref
MS-EVEN EventLog Remoting Protocol github.com/oiweiwei/msrpc/even
MS-EVEN6 EventLog Remoting Protocol Version 6.0 github.com/oiweiwei/msrpc/even6
MS-FASP Firewall and Advanced Security Protocol github.com/oiweiwei/msrpc/fasp
MS-FAX Fax Server and Client Remote Protocol github.com/oiweiwei/msrpc/fax
MS-ICPR ICertPassage Remote Protocol github.com/oiweiwei/msrpc/icpr
MS-IRP Internet Information Services (IIS) Inetinfo Remote Protocol github.com/oiweiwei/msrpc/irp
MS-LREC Live Remote Event Capture (LREC) Protocol github.com/oiweiwei/msrpc/lrec
MS-LSAD Local Security Authority (Domain Policy) Remote Protocol github.com/oiweiwei/msrpc/lsad
MS-LSAT Local Security Authority (Translation Methods) Remote Protocol github.com/oiweiwei/msrpc/lsat
MS-MQDS Message Queuing (MSMQ): Directory Service Protocol github.com/oiweiwei/msrpc/mqds
MS-MQMP Message Queuing (MSMQ): Queue Manager Client Protocol github.com/oiweiwei/msrpc/mqmp
MS-MQMQ Message Queuing (MSMQ): Data Structures github.com/oiweiwei/msrpc/mqmq
MS-MQMR Message Queuing (MSMQ): Queue Manager Management Protocol github.com/oiweiwei/msrpc/mqmr
MS-MQQP Message Queuing (MSMQ): Queue Manager to Queue Manager Protocol github.com/oiweiwei/msrpc/mqqp
MS-MQRR Message Queuing (MSMQ): Queue Manager Remote Read Protocol github.com/oiweiwei/msrpc/mqrr
MS-MSRP Messenger Service Remote Protocol github.com/oiweiwei/msrpc/msrp
MS-NEGOEX SPNEGO Extended Negotiation (NEGOEX) Security Mechanism github.com/oiweiwei/msrpc/negoex
MS-NRPC Netlogon Remote Protocol github.com/oiweiwei/msrpc/nrpc
MS-NRPC-SECCHANNEL Secure Channel Establishment and Maintenance github.com/oiweiwei/msrpc/nrpc
MS-NSPI Name Service Provider Interface (NSPI) Protocol github.com/oiweiwei/msrpc/nspi
MS-OXABREF Address Book Name Service Provider Interface (NSPI) Referral Protocol
MS-OXCRPC Wire Format Protocol github.com/oiweiwei/msrpc/oxcrpc
MS-PAC Privilege Attribute Certificate Data Structure github.com/oiweiwei/msrpc/pac
MS-PAN Print System Asynchronous Notification Protocol github.com/oiweiwei/msrpc/pan
MS-PAR Print System Asynchronous Remote Protocol github.com/oiweiwei/msrpc/par
MS-PCQ Performance Counter Query Protocol github.com/oiweiwei/msrpc/pcq
MS-RAA Remote Authorization API Protocol github.com/oiweiwei/msrpc/raa
MS-RAIW Remote Administrative Interface: WINS github.com/oiweiwei/msrpc/raiw
MS-RPCL Remote Procedure Call Location Services Extensions github.com/oiweiwei/msrpc/rpcl
MS-RPRN Print System Remote Protocol github.com/oiweiwei/msrpc/rprn
MS-RRP Windows Remote Registry Protocol github.com/oiweiwei/msrpc/rrp
MS-RSP Remote Shutdown Protocol github.com/oiweiwei/msrpc/rsp
MS-SAMR Security Account Manager (SAM) Remote Protocol (Client-to-Server) github.com/oiweiwei/msrpc/samr
MS-SCH Task Scheduler Service Remoting Protocol github.com/oiweiwei/msrpc/sch
MS-SCMR Service Control Manager Remote Protocol github.com/oiweiwei/msrpc/scmr
MS-SRVS Server Service Remote Protocol github.com/oiweiwei/msrpc/srvs
MS-SSP Single Sign-On Protocol github.com/oiweiwei/msrpc/ssp
MS-SWN Service Witness Protocol github.com/oiweiwei/msrpc/swn
MS-TRP Telephony Remote Protocol github.com/oiweiwei/msrpc/trp
MS-TSCH Task Scheduler Service Remoting Protocol github.com/oiweiwei/msrpc/tsch
MS-TSGU Terminal Services Gateway Server Protocol github.com/oiweiwei/msrpc/tsgu
MS-W32T W32Time Remote Protocol github.com/oiweiwei/msrpc/w32t
MS-WDSC Windows Deployment Services Control Protocol github.com/oiweiwei/msrpc/wdsc
MS-WKST Workstation Service Remote Protocol github.com/oiweiwei/msrpc/wkst

Generated DCOM Stubs

Code Description Package
MS-DCOM Distributed Component Object Model (DCOM) Remote Protocol github.com/oiweiwei/msrpc/dcom
MS-ADTG Remote Data Services (RDS) Transport Protocol github.com/oiweiwei/msrpc/adtg
MC-CCFG Server Cluster: Configuration (ClusCfg) Protocol github.com/oiweiwei/msrpc/ccfg
MS-COM Component Object Model Plus (COM+) Protocol github.com/oiweiwei/msrpc/com
MS-COMA Component Object Model Plus (COM+) Remote Administration Protocol github.com/oiweiwei/msrpc/coma
MS-COMEV Component Object Model Plus (COM+) Event System Protocol github.com/oiweiwei/msrpc/comev
MS-COMT Component Object Model Plus (COM+) Tracker Service Protocol github.com/oiweiwei/msrpc/comt
MS-CSRA Certificate Services Remote Administration Protocol github.com/oiweiwei/msrpc/csra
MS-CSVP Failover Cluster: Setup and Validation Protocol (ClusPrep) github.com/oiweiwei/msrpc/csvp
MS-DFSRH DFS Replication Helper Protocol github.com/oiweiwei/msrpc/dfsrh
MS-DMRP Disk Management Remote Protocol github.com/oiweiwei/msrpc/dmrp
MS-FSRM File Server Resource Manager Protocol github.com/oiweiwei/msrpc/fsrm
MC-IISA Internet Information Services (IIS) Application Host COM Protocol github.com/oiweiwei/msrpc/iisa
MS-IISS Internet Information Services (IIS) ServiceControl Protocol github.com/oiweiwei/msrpc/iiss
MS-IMSA Internet Information Services (IIS) IMSAdminBaseW Remote Protocol github.com/oiweiwei/msrpc/imsa
MS-IOI IManagedObject Interface Protocol github.com/oiweiwei/msrpc/ioi
MS-OAUT OLE Automation Protocol github.com/oiweiwei/msrpc/oaut
MS-OCSPA Microsoft OCSP Administration Protocol github.com/oiweiwei/msrpc/ocspa
MS-PLA Performance Logs and Alerts Protocol github.com/oiweiwei/msrpc/pla
MS-RAI Remote Assistance Initiation Protocol github.com/oiweiwei/msrpc/rai
MS-RDPESC Remote Desktop Protocol: Smart Card Virtual Channel Extension github.com/oiweiwei/msrpc/rdpesc
MS-VDS Virtual Disk Service (VDS) Protocol github.com/oiweiwei/msrpc/vds
MS-WCCE Windows Client Certificate Enrollment Protocol github.com/oiweiwei/msrpc/wcce
MS-WMI Windows Management Instrumentation Remote Protocol github.com/oiweiwei/msrpc/wmi
MS-WMIO Windows Management Instrumentation Encoding Version 1.0 Protocol github.com/oiweiwei/msrpc/wmio

Documentation

The codegen package also generates the documentation for the generated code pulled from the MSDN portal. (it can be quite inaccurate with determining general comment boundaries vs actual field descriptions, so inaccurate can be an HTML on MSDN side).

Naming

The codegen/go_names contains the ad-hoc naming engine, which sometimes quite sucks (so does the overall naming convention in IDL documents, seriously, how much time the average microsoft developer saves by writing para instead of param), but for most of the situations, provide a way to generate the names that comply with golang naming convention and give more intuition behind this or that field.

Generated Stubs

MIDL Implementation Limitations

  • L.0001: #define statements are applicable only for constant declaration;

  • L.0002: cpp_quote contents are limited only for constant declaration;

  • L.0005: int const declaration is not supported.

  • L.0006: wchar_t, status_error_t are predefined.

TODO

  • Testing (I don't have much time)

  • Handle reserved arguments/structure fields used for switch_is and size_is statements.

  • Derive the type from field name, like ^f[A-Z] -> boolean.

  • Pipes support

  • Callbacks Support / Server-Side Support

  • Static strings

  • Handle anonymous structures inside union arms

  • Kerberos HMAC-RC4 NT Hash support via Keytab.

References

Without these projects, it would be absolutely impossible to implement go-msrpc.

Collaboration

Don't hesitate to raise an issues (and only then raise a PR), the project is quite raw, and I don't have much time, so, a lot of errors and issues are yet to discover.