The IDL parser for the Microsoft Extension of the C706: DCE/RPC 1.1.
The client stub generator for many MSRPC / DCOM services including (but not limited to - see complete list below) Netlogon, Windows Registry, Eventlog, DCOM (OXID resolver), WMI (query and method exec) support.
See examples/samples_with_config and msrpc package documentation.
# run using string binding extension.
go run examples/samples_with_config/dnsp.go Administrator%P@ssw0rd@ncacn_ip_tcp:dc01.msad.local[privacy,spnego,krb5]
go run examples/samples_with_config/wmic.go Administrator%P@ssw0rd@ncacn_ip_tcp:dc01.msad.local[privacy,spnego,krb5] \
--query "SELECT * FROM Win32_ComputerSystem"
# same as above, but using command-line args
go run examples/samples_with_config/dnsp.go \
--username=Administrator \
--domain=MSAD.LOCAL \
--password=P@ssw0rd \
--auth-level=privacy \
--auth-spnego \
--auth-type=krb5 \
--server=dc01.msad.localSee examples and dcerpc package documentation.
Examples rely on following environment variables:
| Name | Description | Example |
|---|---|---|
| USERNAME | The Domain\Username | "MSAD2.COM\User" |
| PASSWORD | The password | "password" |
| PASSWORD_MD4 | The password hash (use go run examples/helpers/nt_hash.go -d $PASSWORD to generate the hash) | "f077ca4b7d73486a45e75dcdd74cd5bd" |
| WORKSTATION | The workstation name | "Ubuntu" |
| SERVER | The server FQDN or IP | "192.168.0.22" |
| SERVER_NAME | The server NetBIOS name | "WIN2019" |
| SERVER_HOST | The server FQDN | "my-server.win2019.com" |
| SAM_USERNAME | The machine account name (see examples/netlogon_sec_channel.go) | "COMPUTER$" |
| SAM_PASSWORD | The machine account password (see examples/netlogon_sec_channel.go) | "password" |
| SAM_WORKSTATION | The machine account workstation name | "COMPUTER" |
| TARGET | The target name (SPN) for kerberos. | "host/my-server.win2019.com" |
| KRB5_CONFIG | The kerberos config path. | "/path/to/krb5.conf" |
For codegeneration, run make all to regenerate all sources, or make nrpc.go.
The library implements the CO RPC v5 (dcerpc package) with following features:
-
Transfer Syntax NDR2.0 and NDR64
-
CO transport over Named Pipe (SMB2/3) and TCP.
-
Connection Multiplexing: multiple clients over single connection
-
Multiple Connection per Association Group: ability to use context handles from one connection on another, flexibility in arranging the clients-per-connection-per-association
-
Verification Trailer: ability to add verification trailer to the request payload
-
Kerberos, Netlogon, NTLM, SPNEGO Authentication
-
Endpoint mapper / string binding support
-
DCOM basic support
-
Eventlog BinXML parser
-
WMIO object unmarshaler / marshaler.
The library implements some of the extensions defined in MS-RPCE document:
-
Security Context Multiplexing: ability to create multiple security contexts over the same logical connection.
-
Bind-time Feature Negotiation: (actually not a feature).
-
Header Signing: (legacy thing)
-
NDR64
The library contains the GSS-API interface definitions. (ssp/gssapi)
The library contains the ssp package which has an implementation for the
various security service providers, like Kerberos, NTLM, Netlogon (Secure Channel),
SPNEGO.
The kerberos implementation is based on the jcmturner/gokrb5 fork. Any changes or feature requests should be addressed there.
-
GSSAPI interface implementation including Wrap/GetMic-Ex-methods defined in Microsoft documentation
-
Kerberos:
-
Supported Encryption Types:
-
RC4-HMAC
-
DES-CBC-MD5
-
DES-CBC-CRC
-
AES128-CTS-HMAC-SHA1
-
AES256-CTS-HMAC-SHA1
-
-
DCE Style AP Request and AP Reply
-
Mutual and Non-mutual Authn
-
-
NTLM
- Supported Versions: NTLMv1, NTLMv2
-
Netlogon:
-
Supported Encryption Types:
-
RC4-HMAC
-
AES-SHA2
-
-
-
SPNEGO:
-
Supported Mech List MIC
-
Supported NegTokenInit2
-
The SMB2 client implementation is based on the hirochachacha/go-smb2 fork. Any changes or feature requests should be addressed there.
The set of changes includes:
-
SMB2 Force-Encryption Support
-
Integration with ssp/gssapi for Kerberos/NTLM authentication.
-
Fix for
NT_STATUS_PENDINGerror -
Keying material export (Application Key, Session Key)
| Code | Description | Package |
|---|---|---|
| MS-DCOM | Distributed Component Object Model (DCOM) Remote Protocol | github.com/oiweiwei/msrpc/dcom |
| MS-ADTG | Remote Data Services (RDS) Transport Protocol | github.com/oiweiwei/msrpc/adtg |
| MC-CCFG | Server Cluster: Configuration (ClusCfg) Protocol | github.com/oiweiwei/msrpc/ccfg |
| MS-COM | Component Object Model Plus (COM+) Protocol | github.com/oiweiwei/msrpc/com |
| MS-COMA | Component Object Model Plus (COM+) Remote Administration Protocol | github.com/oiweiwei/msrpc/coma |
| MS-COMEV | Component Object Model Plus (COM+) Event System Protocol | github.com/oiweiwei/msrpc/comev |
| MS-COMT | Component Object Model Plus (COM+) Tracker Service Protocol | github.com/oiweiwei/msrpc/comt |
| MS-CSRA | Certificate Services Remote Administration Protocol | github.com/oiweiwei/msrpc/csra |
| MS-CSVP | Failover Cluster: Setup and Validation Protocol (ClusPrep) | github.com/oiweiwei/msrpc/csvp |
| MS-DFSRH | DFS Replication Helper Protocol | github.com/oiweiwei/msrpc/dfsrh |
| MS-DMRP | Disk Management Remote Protocol | github.com/oiweiwei/msrpc/dmrp |
| MS-FSRM | File Server Resource Manager Protocol | github.com/oiweiwei/msrpc/fsrm |
| MC-IISA | Internet Information Services (IIS) Application Host COM Protocol | github.com/oiweiwei/msrpc/iisa |
| MS-IISS | Internet Information Services (IIS) ServiceControl Protocol | github.com/oiweiwei/msrpc/iiss |
| MS-IMSA | Internet Information Services (IIS) IMSAdminBaseW Remote Protocol | github.com/oiweiwei/msrpc/imsa |
| MS-IOI | IManagedObject Interface Protocol | github.com/oiweiwei/msrpc/ioi |
| MS-OAUT | OLE Automation Protocol | github.com/oiweiwei/msrpc/oaut |
| MS-OCSPA | Microsoft OCSP Administration Protocol | github.com/oiweiwei/msrpc/ocspa |
| MS-PLA | Performance Logs and Alerts Protocol | github.com/oiweiwei/msrpc/pla |
| MS-RAI | Remote Assistance Initiation Protocol | github.com/oiweiwei/msrpc/rai |
| MS-RDPESC | Remote Desktop Protocol: Smart Card Virtual Channel Extension | github.com/oiweiwei/msrpc/rdpesc |
| MS-VDS | Virtual Disk Service (VDS) Protocol | github.com/oiweiwei/msrpc/vds |
| MS-WCCE | Windows Client Certificate Enrollment Protocol | github.com/oiweiwei/msrpc/wcce |
| MS-WMI | Windows Management Instrumentation Remote Protocol | github.com/oiweiwei/msrpc/wmi |
| MS-WMIO | Windows Management Instrumentation Encoding Version 1.0 Protocol | github.com/oiweiwei/msrpc/wmio |
The codegen package also generates the documentation for the generated code pulled from the MSDN portal. (it can be quite inaccurate with determining general comment boundaries vs actual field descriptions, so inaccurate can be an HTML on MSDN side).
The codegen/go_names contains the ad-hoc naming engine, which sometimes
quite sucks (so does the overall naming convention in IDL documents, seriously,
how much time the average microsoft developer saves by writing para instead of param),
but for most of the situations, provide a way to generate the
names that comply with golang naming convention and give more intuition behind
this or that field.
-
L.0001:
#definestatements are applicable only for constant declaration; -
L.0002:
cpp_quotecontents are limited only for constant declaration; -
L.0005:
int constdeclaration is not supported. -
L.0006:
wchar_t,status_error_tare predefined.
-
Testing (I don't have much time)
-
Handle reserved arguments/structure fields used for
switch_isandsize_isstatements. -
Derive the type from field name, like
^f[A-Z]->boolean. -
Pipes support
-
Callbacks Support / Server-Side Support
-
Static strings
-
Investigate: Association Group ID is not shared across several named pipe connections. (each NP requires dedicated connection).
-
Convenient way to combine SPNEGO and NTLM/KRB5 within connection option.
-
Why IObjectExporter does not support NDR64?
-
Why server returns indistinguishable pointers for NDR64?
-
Why SMB2 does not support certain auth levels (ie Winreg supports only Insecure and Privacy)?
Without these projects, it would be absolutely impossible to implement go-msrpc.
Don't hesitate to raise an issues (and only then raise a PR), the project is quite raw, and I don't have much time, so, a lot of errors and issues are yet to discover.