-
Notifications
You must be signed in to change notification settings - Fork 56
pkg ldap
Jacob Paullus edited this page Apr 17, 2026
·
1 revision
LDAP client with support for password bind, NTLM hash bind, and Kerberos GSSAPI bind. Handles LDAP, LDAPS (implicit TLS), and STARTTLS.
func NewClient(target session.Target, creds *session.Credentials) *Clientfunc (c *Client) Connect(useTLS bool) error
func (c *Client) Close()useTLS |
Port | Behavior |
|---|---|---|
false |
389 (default) | Plain LDAP |
true |
636 | Implicit TLS (LDAPS) |
true |
389 | STARTTLS upgrade |
| Method | Description |
|---|---|
Login() |
Auto-detect: Kerberos -> NTLM hash -> password |
LoginWithKerberos() |
Kerberos GSSAPI SASL bind |
LoginWithHash() |
NTLM hash bind |
LoginWithUser(username string) |
Simple or NTLM bind with specific username |
Login() checks credentials in priority order:
-
creds.UseKerberos-> Kerberos GSSAPI -
creds.Hash != ""-> NTLM bind - Default -> simple bind with password
func (c *Client) Search(baseDN, filter string, attributes []string) (*goldap.SearchResult, error)
func (c *Client) SearchBase(baseDN, filter string, attributes []string) (*goldap.SearchResult, error)
func (c *Client) SearchWithPaging(baseDN, filter string, attributes []string, pageSize uint32) (*goldap.SearchResult, error)
func (c *Client) SearchWithControls(baseDN, filter string, attributes []string, controls []goldap.Control) (*goldap.SearchResult, error)| Method | Signature | Description |
|---|---|---|
GetDefaultNamingContext |
() (string, error) |
Get root DN from RootDSE |
GetSchemaNamingContext |
() (string, error) |
Get schema DN from RootDSE |
| File | Methods | Description |
|---|---|---|
operations.go |
Modify, Add, Delete
|
Standard LDAP write operations |
delegation.go |
FindDelegation |
Delegation enumeration |
spnusers.go |
GetSPNUsers |
SPN user enumeration for Kerberoasting |
npusers.go |
GetNPUsers |
AS-REP roast target enumeration |
package main
import (
"fmt"
"gopacket/pkg/ldap"
"gopacket/pkg/session"
)
func main() {
target := session.Target{Host: "dc01.corp.local"}
creds := &session.Credentials{
Domain: "CORP",
Username: "user",
Password: "Password1",
}
client := ldap.NewClient(target, creds)
defer client.Close()
client.Connect(false)
client.Login()
baseDN, _ := client.GetDefaultNamingContext()
result, err := client.SearchWithPaging(
baseDN,
"(&(objectCategory=person)(objectClass=user))",
[]string{"sAMAccountName", "distinguishedName", "userAccountControl"},
1000,
)
if err != nil {
fmt.Printf("[-] %v\n", err)
return
}
for _, entry := range result.Entries {
fmt.Printf("[+] %s\n", entry.GetAttributeValue("sAMAccountName"))
}
}