1

2

3
/**
4
 * ASRepToHashcat converts an AS-REP message to a hashcat format
5
 */
6
export function ASRepToHashcat(asrep: any): string | null {
7
    return null;
8
}
9

10

11

12
/**
13
 * CheckKrbError checks if the response bytes from the KDC are a KRBError.
14
 */
15
export function CheckKrbError(b: Uint8Array): Uint8Array | null {
16
    return null;
17
}
18

19

20

21
/**
22
 * NewKerberosClientFromString creates a new kerberos client from a string
23
 * by parsing krb5.conf
24
 * @example
25
 * ```javascript
26
 * const kerberos = require('nuclei/kerberos');
27
 * const client = kerberos.NewKerberosClientFromString(`
28
 * [libdefaults]
29
 * default_realm = ACME.COM
30
 * dns_lookup_kdc = true
31
 * `);
32
 * ```
33
 */
34
export function NewKerberosClientFromString(cfg: string): Client | null {
35
    return null;
36
}
37

38

39

40
/**
41
 * sendtokdc.go deals with actual sending and receiving responses from KDC
42
 * SendToKDC sends a message to the KDC and returns the response.
43
 * It first tries to send the message over TCP, and if that fails, it falls back to UDP.(and vice versa)
44
 * @example
45
 * ```javascript
46
 * const kerberos = require('nuclei/kerberos');
47
 * const client = new kerberos.Client('acme.com');
48
 * const response = kerberos.SendToKDC(client, 'message');
49
 * ```
50
 */
51
export function SendToKDC(kclient: Client, msg: string): string | null {
52
    return null;
53
}
54

55

56

57
/**
58
 * TGStoHashcat converts a TGS to a hashcat format.
59
 */
60
export function TGStoHashcat(tgs: any, username: string): string | null {
61
    return null;
62
}
63

64

65

66
/**
67
 * Known Issues:
68
 * Hardcoded timeout in gokrb5 library
69
 * TGT / Session Handling not exposed
70
 * Client is kerberos client
71
 * @example
72
 * ```javascript
73
 * const kerberos = require('nuclei/kerberos');
74
 * // if controller is empty a dns lookup for default kdc server will be performed
75
 * const client = new kerberos.Client('acme.com', 'kdc.acme.com');
76
 * ```
77
 */
78
export class Client {
79
    
80

81
    
82
    public Krb5Config?: Config;
83
    
84

85
    
86
    public Realm?: string;
87
    
88

89
    // Constructor of Client
90
    constructor(public domain: string, public controller?: string ) {}
91
    
92

93
    /**
94
    * SetConfig sets additional config for the kerberos client
95
    * Note: as of now ip and timeout overrides are only supported
96
    * in EnumerateUser due to fastdialer but can be extended to other methods currently
97
    * @example
98
    * ```javascript
99
    * const kerberos = require('nuclei/kerberos');
100
    * const client = new kerberos.Client('acme.com', 'kdc.acme.com');
101
    * const cfg = new kerberos.Config();
102
    * cfg.SetIPAddress('192.168.100.22');
103
    * cfg.SetTimeout(5);
104
    * client.SetConfig(cfg);
105
    * ```
106
    */
107
    public SetConfig(cfg: Config): void {
108
        return;
109
    }
110
    
111

112
    /**
113
    * EnumerateUser and attempt to get AS-REP hash by disabling PA-FX-FAST
114
    * @example
115
    * ```javascript
116
    * const kerberos = require('nuclei/kerberos');
117
    * const client = new kerberos.Client('acme.com', 'kdc.acme.com');
118
    * const resp = client.EnumerateUser('pdtm');
119
    * log(resp);
120
    * ```
121
    */
122
    public EnumerateUser(username: string): EnumerateUserResponse | null {
123
        return null;
124
    }
125
    
126

127
    /**
128
    * GetServiceTicket returns a TGS for a given user, password and SPN
129
    * @example
130
    * ```javascript
131
    * const kerberos = require('nuclei/kerberos');
132
    * const client = new kerberos.Client('acme.com', 'kdc.acme.com');
133
    * const resp = client.GetServiceTicket('pdtm', 'password', 'HOST/CLIENT1');
134
    * log(resp);
135
    * ```
136
    */
137
    public GetServiceTicket(User: string): TGS | null {
138
        return null;
139
    }
140
    
141

142
}
143

144

145

146
/**
147
 * Config is extra configuration for the kerberos client
148
 */
149
export class Config {
150
    
151

152
    // Constructor of Config
153
    constructor() {}
154
    /**
155
    * SetIPAddress sets the IP address for the kerberos client
156
    * @example
157
    * ```javascript
158
    * const kerberos = require('nuclei/kerberos');
159
    * const cfg = new kerberos.Config();
160
    * cfg.SetIPAddress('10.10.10.1');
161
    * ```
162
    */
163
    public SetIPAddress(ip: string): Config | null {
164
        return null;
165
    }
166
    
167

168
    /**
169
    * SetTimeout sets the RW timeout for the kerberos client
170
    * @example
171
    * ```javascript
172
    * const kerberos = require('nuclei/kerberos');
173
    * const cfg = new kerberos.Config();
174
    * cfg.SetTimeout(5);
175
    * ```
176
    */
177
    public SetTimeout(timeout: number): Config | null {
178
        return null;
179
    }
180
    
181

182
}
183

184

185

186
/**
187
 * AuthorizationDataEntry Interface
188
 */
189
export interface AuthorizationDataEntry {
190
    
191
    ADData?: Uint8Array,
192
    
193
    ADType?: number,
194
}
195

196

197

198
/**
199
 * BitString Interface
200
 */
201
export interface BitString {
202
    
203
    Bytes?: Uint8Array,
204
    
205
    BitLength?: number,
206
}
207

208

209

210
/**
211
 * BitString Interface
212
 */
213
export interface BitString {
214
    
215
    Bytes?: Uint8Array,
216
    
217
    BitLength?: number,
218
}
219

220

221

222
/**
223
 * Config Interface
224
 */
225
export interface Config {
226
    
227
    LibDefaults?: LibDefaults,
228
    
229
    Realms?: Realm,
230
}
231

232

233

234
/**
235
 * EncTicketPart Interface
236
 */
237
export interface EncTicketPart {
238
    
239
    EndTime?: Date,
240
    
241
    RenewTill?: Date,
242
    
243
    CRealm?: string,
244
    
245
    AuthTime?: Date,
246
    
247
    StartTime?: Date,
248
    
249
    Flags?: BitString,
250
    
251
    Key?: EncryptionKey,
252
    
253
    CName?: PrincipalName,
254
    
255
    Transited?: TransitedEncoding,
256
    
257
    CAddr?: HostAddress,
258
    
259
    AuthorizationData?: AuthorizationDataEntry,
260
}
261

262

263

264
/**
265
 * EncryptedData Interface
266
 */
267
export interface EncryptedData {
268
    
269
    EType?: number,
270
    
271
    KVNO?: number,
272
    
273
    Cipher?: Uint8Array,
274
}
275

276

277

278
/**
279
 * EncryptionKey Interface
280
 */
281
export interface EncryptionKey {
282
    
283
    KeyType?: number,
284
    
285
    KeyValue?: Uint8Array,
286
}
287

288

289

290
/**
291
 * EnumerateUserResponse is the response from EnumerateUser
292
 */
293
export interface EnumerateUserResponse {
294
    
295
    Valid?: boolean,
296
    
297
    ASREPHash?: string,
298
    
299
    Error?: string,
300
}
301

302

303

304
/**
305
 * HostAddress Interface
306
 */
307
export interface HostAddress {
308
    
309
    AddrType?: number,
310
    
311
    Address?: Uint8Array,
312
}
313

314

315

316
/**
317
 * LibDefaults Interface
318
 */
319
export interface LibDefaults {
320
    
321
    CCacheType?: number,
322
    
323
    K5LoginAuthoritative?: boolean,
324
    
325
    Proxiable?: boolean,
326
    
327
    RDNS?: boolean,
328
    
329
    K5LoginDirectory?: string,
330
    
331
    KDCTimeSync?: number,
332
    
333
    VerifyAPReqNofail?: boolean,
334
    
335
    DefaultTGSEnctypes?: string[],
336
    
337
    DefaultTGSEnctypeIDs?: number[],
338
    
339
    DNSCanonicalizeHostname?: boolean,
340
    
341
    Forwardable?: boolean,
342
    
343
    /**
344
    * time in nanoseconds
345
    */
346
    
347
    RenewLifetime?: number,
348
    
349
    /**
350
    * time in nanoseconds
351
    */
352
    
353
    TicketLifetime?: number,
354
    
355
    DefaultClientKeytabName?: string,
356
    
357
    DefaultTktEnctypeIDs?: number[],
358
    
359
    DNSLookupRealm?: boolean,
360
    
361
    ExtraAddresses?: Uint8Array,
362
    
363
    DefaultRealm?: string,
364
    
365
    NoAddresses?: boolean,
366
    
367
    PreferredPreauthTypes?: number[],
368
    
369
    PermittedEnctypeIDs?: number[],
370
    
371
    RealmTryDomains?: number,
372
    
373
    DefaultKeytabName?: string,
374
    
375
    DefaultTktEnctypes?: string[],
376
    
377
    DNSLookupKDC?: boolean,
378
    
379
    IgnoreAcceptorHostname?: boolean,
380
    
381
    AllowWeakCrypto?: boolean,
382
    
383
    Canonicalize?: boolean,
384
    
385
    SafeChecksumType?: number,
386
    
387
    UDPPreferenceLimit?: number,
388
    
389
    /**
390
    * time in nanoseconds
391
    */
392
    
393
    Clockskew?: number,
394
    
395
    PermittedEnctypes?: string[],
396
    
397
    KDCDefaultOptions?: BitString,
398
}
399

400

401

402
/**
403
 * PrincipalName Interface
404
 */
405
export interface PrincipalName {
406
    
407
    NameString?: string[],
408
    
409
    NameType?: number,
410
}
411

412

413

414
/**
415
 * Realm Interface
416
 */
417
export interface Realm {
418
    
419
    Realm?: string,
420
    
421
    AdminServer?: string[],
422
    
423
    DefaultDomain?: string,
424
    
425
    KDC?: string[],
426
    
427
    KPasswdServer?: string[],
428
    
429
    MasterKDC?: string[],
430
}
431

432

433

434
/**
435
 * TGS is the response from GetServiceTicket
436
 */
437
export interface TGS {
438
    
439
    Ticket?: Ticket,
440
    
441
    Hash?: string,
442
    
443
    ErrMsg?: string,
444
}
445

446

447

448
/**
449
 * Ticket Interface
450
 */
451
export interface Ticket {
452
    
453
    TktVNO?: number,
454
    
455
    Realm?: string,
456
    
457
    SName?: PrincipalName,
458
    
459
    EncPart?: EncryptedData,
460
    
461
    DecryptedEncPart?: EncTicketPart,
462
}
463

464

465

466
/**
467
 * TransitedEncoding Interface
468
 */
469
export interface TransitedEncoding {
470
    
471
    TRType?: number,
472
    
473
    Contents?: Uint8Array,
474
}
475

476

477