relay

package
v0.0.0-...-7d23d5e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 12, 2026 License: Apache-2.0 Imports: 54 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	SMB2_NEGOTIATE       = 0x0000
	SMB2_SESSION_SETUP   = 0x0001
	SMB2_LOGOFF          = 0x0002
	SMB2_TREE_CONNECT    = 0x0003
	SMB2_TREE_DISCONNECT = 0x0004
	SMB2_CREATE          = 0x0005
	SMB2_CLOSE           = 0x0006
	SMB2_READ            = 0x0008
	SMB2_WRITE           = 0x0009
	SMB2_IOCTL           = 0x000B
)

SMB2 Commands

View Source 
const (
	STATUS_SUCCESS                  = 0x00000000
	STATUS_MORE_PROCESSING_REQUIRED = 0xC0000016
	STATUS_LOGON_FAILURE            = 0xC000006D
	STATUS_PENDING                  = 0x00000103
	STATUS_BUFFER_OVERFLOW          = 0x80000005
)

SMB2 Status codes

View Source 
const (
	SMB2_DIALECT_WILDCARD = 0x02FF // Multi-protocol negotiate response (triggers SMB2 upgrade)
	SMB2_DIALECT_0202     = 0x0202
	SMB2_DIALECT_0210     = 0x0210
	SMB2_DIALECT_0300     = 0x0300
)

SMB2 Dialect

View Source 
const (
	FILE_READ_DATA        = 0x00000001
	FILE_WRITE_DATA       = 0x00000002
	FILE_APPEND_DATA      = 0x00000004
	FILE_READ_EA          = 0x00000008
	FILE_WRITE_EA         = 0x00000010
	FILE_READ_ATTRIBUTES  = 0x00000080
	FILE_WRITE_ATTRIBUTES = 0x00000100
	DELETE                = 0x00010000
	SYNCHRONIZE           = 0x00100000
	GENERIC_READ          = 0x80000000
	GENERIC_WRITE         = 0x40000000
)

SMB2 CREATE access

View Source 
const (
	FILE_SHARE_READ  = 0x00000001
	FILE_SHARE_WRITE = 0x00000002
)

SMB2 CREATE share access

View Source 
const (
	FILE_NON_DIRECTORY_FILE = 0x00000040
	FILE_DELETE_ON_CLOSE    = 0x00001000
)

SMB2 CREATE options

View Source 
const (
	FILE_ATTRIBUTE_NORMAL = 0x00000080
)

SMB2 CREATE file attributes

View Source 
const (
	FILE_OPEN = 0x00000001
)

SMB2 CREATE disposition

View Source 
const (
	FSCTL_PIPE_TRANSCEIVE = 0x0011C017
)

IOCTL codes

View Source 
const (
	SMB2_FLAGS_SERVER_TO_REDIR = 0x00000001
)

SMB2 Flags

View Source 
const (
	SMB2_FLAGS_SIGNED = 0x00000008
)

SMB2 flags used by the SOCKS plugin

View Source 
const (
	SMB2_NEGOTIATE_SIGNING_ENABLED = 0x0001
)

SMB2 SecurityMode

View Source 
const (
	SMB2_SESSION_FLAG_IS_GUEST = 0x0001
)

SMB2 session flags

Variables

This section is empty.

Functions

func DefaultPort 

func DefaultPort(scheme string) int

DefaultPort returns the default port for a protocol scheme.

func Run 

func Run(cfg *Config) error

Run starts the relay orchestrator.

Types

type ACLAbuseAttack 

type ACLAbuseAttack struct{}

ACLAbuseAttack grants DCSync rights via LDAP.

func (*ACLAbuseAttack) Name 

func (a *ACLAbuseAttack) Name() string

func (*ACLAbuseAttack) Run 

func (a *ACLAbuseAttack) Run(session interface{}, config *Config) error

type ADCSAttack 

type ADCSAttack struct{}

ADCSAttack implements the ADCS ESC8 relay attack. Requests a certificate via relayed HTTP session to AD CS Web Enrollment (/certsrv/certfnsh.asp). Matches Impacket's adcsattack.py behavior.

func (*ADCSAttack) Name 

func (a *ADCSAttack) Name() string

func (*ADCSAttack) Run 

func (a *ADCSAttack) Run(session interface{}, config *Config) error

type APIServer 

type APIServer struct {
	// contains filtered or unexported fields
}

APIServer exposes relay session data as a REST API, matching Impacket's Flask server on port 9090 when SOCKS mode is enabled.

func NewAPIServer 

func NewAPIServer(addr string, socks *SOCKSServer) *APIServer

NewAPIServer creates a new REST API server.

func (*APIServer) Start 

func (a *APIServer) Start() error

Start begins serving the REST API in a background goroutine.

func (*APIServer) Stop 

func (a *APIServer) Stop()

Stop shuts down the REST API server.

type ActiveRelay 

type ActiveRelay struct {
	Target   string // host:port
	Username string // DOMAIN\user
	Scheme   string // smb, ldap, ldaps, http, https, mssql
	Client   ProtocolClient
	LastUsed time.Time
	InUse    bool // true when a SOCKS client is actively using this relay
	// contains filtered or unexported fields
}

ActiveRelay represents a relayed session available for SOCKS proxying.

type AddComputerAttack 

type AddComputerAttack struct{}

AddComputerAttack creates a machine account via LDAP.

func (*AddComputerAttack) Name 

func (a *AddComputerAttack) Name() string

func (*AddComputerAttack) Run 

func (a *AddComputerAttack) Run(session interface{}, config *Config) error

type AttackModule 

type AttackModule interface {
	// Name returns the attack name for display.
	Name() string

	// Run executes the attack using the given session and config.
	// The session type depends on the protocol client that produced it.
	Run(session interface{}, config *Config) error
}

AttackModule executes post-authentication actions on a relayed session.

type AuthResult 

type AuthResult struct {
	NTLMType1  []byte   // Raw NTLMSSP Negotiate
	NTLMType3  []byte   // Raw NTLMSSP Authenticate (filled after Type2 relay)
	Username   string   // DOMAIN\user extracted from Type3
	Domain     string   // Domain from Type3
	SourceAddr string   // Victim IP:port
	ServerConn net.Conn // Victim connection (for SOCKS keep-alive)

	// Channels used for the relay handshake between server and orchestrator
	Type2Ch  chan []byte // Orchestrator sends Type2 challenge here
	Type3Ch  chan []byte // Server sends Type3 auth here
	ResultCh chan bool   // Orchestrator signals success/failure
}

AuthResult carries relayed auth results from server to orchestrator.

type Config 

type Config struct {
	// Target
	TargetAddr string        // Single target URL (smb://host:port)
	TargetList []TargetEntry // Parsed from -tf file

	// Server
	ListenAddr string // Default ":445" for SMB
	SMBPort    int    // Default 445
	HTTPPort   int    // Default 80
	HTTPSPort  int    // Default 443
	WCFPort    int    // Default 9389
	RawPort    int    // Default 6666
	RPCPort    int    // Default 135
	WinRMPort  int    // Default 5985
	WinRMSPort int    // Default 5986

	// Server toggles
	NoSMBServer   bool
	NoHTTPServer  bool
	NoWCFServer   bool
	NoRawServer   bool
	NoRPCServer   bool
	NoWinRMServer bool

	// TLS
	CertFile string
	KeyFile  string
	BindIP   string

	// Attack
	Attack  string // shares, smbexec, samdump, ldapdump, delegate, etc.
	Command string // command for smbexec/tschexec
	ExeFile string // executable to upload and run

	// LDAP attack options
	EscalateUser      string
	DelegateAccess    bool
	ShadowCredentials bool
	ShadowTarget      string
	AddComputer       string

	DumpDomain      bool
	DumpLAPS        bool
	DumpGMSA        bool
	DumpADCS        bool
	AddDNSRecord    [2]string // [name, IP]
	NoDump          bool
	NoDA            bool
	NoACL           bool
	NoValidatePrivs bool

	// ADCS
	ADCSAttack bool
	Template   string
	AltName    string

	// RPC relay
	RPCMode    string // "TSCH" or "ICPR" (default: "TSCH")
	ICPRCAName string // CA name for ICPR certificate request

	// MSSQL
	Queries []string

	// NTLM manipulation
	RemoveMIC  bool
	RemoveSign bool
	NTLMv1     bool

	// SOCKS
	SOCKSEnabled bool
	SOCKSAddr    string // Default "127.0.0.1:1080"
	APIPort      int    // REST API port (default 9090, Impacket -http-api-port)

	// Relay behavior
	KeepRelaying bool
	NoMultiRelay bool
	RandomTarget bool

	// General
	Debug       bool
	LootDir     string
	OutputFile  string
	IPv6        bool
	Interactive bool
	EnumAdmins  bool

	// WPAD
	WPADHost    string
	WPADAuthNum int
	ServeImage  string
	// contains filtered or unexported fields
}

Config holds the full relay configuration.

func (*Config) GetFinishedAttacks 

func (c *Config) GetFinishedAttacks() map[string][]string

GetFinishedAttacks returns a snapshot of finished attacks: targetURL → []identity (thread-safe).

func (*Config) GetOriginalTargets 

func (c *Config) GetOriginalTargets() []TargetEntry

GetOriginalTargets returns a copy of the original targets list (thread-safe).

func (*Config) GetTarget 

func (c *Config) GetTarget() *TargetEntry

GetTarget returns the next target for a relay session. For single targets, returns that target directly. For multi-target, selects based on the identity (DOMAIN\user) and tracking state.

func (*Config) GetTargetForIdentity 

func (c *Config) GetTargetForIdentity(identity string) *TargetEntry

GetTargetForIdentity returns the next target for a specific relayed identity. Matches Impacket's TargetsProcessor.getTarget() behavior: - Pops targets from candidates list (consumed on use) - When candidates empty, reloads from originalTargets minus already-attacked - With identity: skips targets this user already attacked - In --no-multirelay mode, each target is attacked only once regardless of user

func (*Config) InitTargets 

func (c *Config) InitTargets()

InitTargets initializes the target processor. Call once before relay loop starts. Shuffles targets if RandomTarget is set (matches Impacket -ra behavior).

func (*Config) RegisterAttack 

func (c *Config) RegisterAttack(target *TargetEntry, identity string, success bool)

RegisterAttack records that a target was attacked by a specific identity. success=true means relay succeeded; success=false means it failed. Matches Impacket's TargetsProcessor.registerTarget().

func (*Config) Shutdown 

func (c *Config) Shutdown()

Shutdown signals all relay goroutines to stop by closing the stop channel.

type DNSRecordAttack 

type DNSRecordAttack struct{}

DNSRecordAttack adds a DNS record via LDAP.

func (*DNSRecordAttack) Name 

func (a *DNSRecordAttack) Name() string

func (*DNSRecordAttack) Run 

func (a *DNSRecordAttack) Run(session interface{}, config *Config) error

type DelegateAttack 

type DelegateAttack struct{}

DelegateAttack performs RBCD delegation via LDAP.

func (*DelegateAttack) Name 

func (a *DelegateAttack) Name() string

func (*DelegateAttack) Run 

func (a *DelegateAttack) Run(session interface{}, config *Config) error

type EnumLocalAdminsAttack 

type EnumLocalAdminsAttack struct{}

EnumLocalAdminsAttack enumerates local administrators via SAMR. This matches Impacket's --enum-local-admins fallback when relay auth succeeds but user is not admin.

func (*EnumLocalAdminsAttack) Name 

func (a *EnumLocalAdminsAttack) Name() string

func (*EnumLocalAdminsAttack) Run 

func (a *EnumLocalAdminsAttack) Run(session interface{}, config *Config) error

type GMSADumpAttack 

type GMSADumpAttack struct{}

GMSADumpAttack reads gMSA passwords via LDAP.

func (*GMSADumpAttack) Name 

func (a *GMSADumpAttack) Name() string

func (*GMSADumpAttack) Run 

func (a *GMSADumpAttack) Run(session interface{}, config *Config) error

type HTTPRelayClient 

type HTTPRelayClient struct {
	// contains filtered or unexported fields
}

HTTPRelayClient implements ProtocolClient for relaying NTLM auth to HTTP/HTTPS targets. Matches Impacket's httprelayclient.py behavior.

func NewHTTPRelayClient 

func NewHTTPRelayClient(addr string, useTLS bool) *HTTPRelayClient

NewHTTPRelayClient creates a new HTTP relay client.

func (*HTTPRelayClient) DoRequest 

func (c *HTTPRelayClient) DoRequest(method, path, body string, headers map[string]string) (*http.Response, error)

DoRequest makes an authenticated HTTP request using the relayed session. Used by attack modules (e.g., ADCS) to interact with the target after auth.

func (*HTTPRelayClient) GetSession 

func (c *HTTPRelayClient) GetSession() interface{}

GetSession returns this client for use by attack modules. Implements ProtocolClient.

func (*HTTPRelayClient) InitConnection 

func (c *HTTPRelayClient) InitConnection() error

InitConnection creates the HTTP client with connection reuse for NTLM handshake. Implements ProtocolClient.

func (*HTTPRelayClient) IsAdmin 

func (c *HTTPRelayClient) IsAdmin() bool

IsAdmin returns false — HTTP doesn't have an admin check concept. Implements ProtocolClient.

func (*HTTPRelayClient) KeepAlive 

func (c *HTTPRelayClient) KeepAlive() error

KeepAlive sends a HEAD request to keep the connection alive. Implements ProtocolClient.

func (*HTTPRelayClient) Kill 

func (c *HTTPRelayClient) Kill()

Kill terminates the connection. Implements ProtocolClient.

func (*HTTPRelayClient) SendAuth 

func (c *HTTPRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth relays the NTLM Type3 authenticate to the target. Unwraps SPNEGO if present (matching Impacket behavior). Implements ProtocolClient.

func (*HTTPRelayClient) SendNegotiate 

func (c *HTTPRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate relays the NTLM Type1 and returns the Type2 challenge from the target. Matches Impacket's sendNegotiate(): initial GET to check auth, then GET with Type1. Implements ProtocolClient.

func (*HTTPRelayClient) SetPath 

func (c *HTTPRelayClient) SetPath(path string)

SetPath sets the URL path for NTLM negotiation requests. Matches Impacket's initConnection() which preserves self.target.path.

type HTTPRelayServer 

type HTTPRelayServer struct {
	// contains filtered or unexported fields
}

HTTPRelayServer listens for incoming HTTP connections and captures NTLM authentication via WWW-Authenticate/Authorization headers. Used for WebDAV/WPAD coercion → LDAP relay attacks.

func NewHTTPRelayServer 

func NewHTTPRelayServer(listenAddr string, config *Config) *HTTPRelayServer

NewHTTPRelayServer creates a new HTTP relay server.

func (*HTTPRelayServer) ServeHTTP 

func (s *HTTPRelayServer) ServeHTTP(w http.ResponseWriter, r *http.Request)

ServeHTTP handles each HTTP request in the NTLM authentication flow.

func (*HTTPRelayServer) Start 

func (s *HTTPRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for HTTP connections, implements ProtocolServer.

func (*HTTPRelayServer) Stop 

func (s *HTTPRelayServer) Stop() error

Stop closes the HTTP server, implements ProtocolServer.

type HTTPSRelayServer 

type HTTPSRelayServer struct {
	// contains filtered or unexported fields
}

HTTPSRelayServer wraps HTTPRelayServer with TLS. Reuses the same ServeHTTP handler — only the listener is TLS-wrapped.

func NewHTTPSRelayServer 

func NewHTTPSRelayServer(listenAddr string, config *Config) (*HTTPSRelayServer, error)

NewHTTPSRelayServer creates a new HTTPS relay server. If CertFile/KeyFile are set in config, loads them; otherwise generates a self-signed cert.

func (*HTTPSRelayServer) Start 

func (s *HTTPSRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for HTTPS connections, implements ProtocolServer.

func (*HTTPSRelayServer) Stop 

func (s *HTTPSRelayServer) Stop() error

Stop closes the HTTPS server, implements ProtocolServer.

type HTTPSocksPlugin 

type HTTPSocksPlugin struct{}

HTTPSocksPlugin implements the SOCKS plugin for HTTP/HTTPS protocol. Uses HTTP Basic authentication for username matching (not NTLM). Matches Impacket's socksplugins/http.py.

func (*HTTPSocksPlugin) InitConnection 

func (p *HTTPSocksPlugin) InitConnection(clientConn net.Conn) error

func (*HTTPSocksPlugin) SkipAuthentication 

func (p *HTTPSocksPlugin) SkipAuthentication(clientConn net.Conn, sd *SessionData, lookupRelay func(string) *ActiveRelay) (string, error)

func (*HTTPSocksPlugin) TunnelConnection 

func (p *HTTPSocksPlugin) TunnelConnection(clientConn net.Conn, relay *ActiveRelay) error

type LAPSDumpAttack 

type LAPSDumpAttack struct{}

LAPSDumpAttack reads LAPS passwords via LDAP.

func (*LAPSDumpAttack) Name 

func (a *LAPSDumpAttack) Name() string

func (*LAPSDumpAttack) Run 

func (a *LAPSDumpAttack) Run(session interface{}, config *Config) error

type LDAPDumpAttack 

type LDAPDumpAttack struct{}

LDAPDumpAttack enumerates domain objects via LDAP.

func (*LDAPDumpAttack) Name 

func (a *LDAPDumpAttack) Name() string

func (*LDAPDumpAttack) Run 

func (a *LDAPDumpAttack) Run(session interface{}, config *Config) error

type LDAPRelayClient 

type LDAPRelayClient struct {
	// contains filtered or unexported fields
}

LDAPRelayClient relays NTLM authentication to an LDAP target via SICILY bind. After successful auth, exposes a *goldap.Conn for post-auth LDAP operations. Implements the ProtocolClient interface.

func NewLDAPRelayClient 

func NewLDAPRelayClient(targetAddr string, useTLS bool) *LDAPRelayClient

NewLDAPRelayClient creates a new LDAP relay client for the given target.

func (*LDAPRelayClient) GetSession 

func (c *LDAPRelayClient) GetSession() interface{}

GetSession returns a *gopacketldap.Client wrapping the authenticated connection. LDAP attack modules use this for Search, Modify, etc. Creates the goldap.Conn lazily on first call (not in SendAuth, to avoid spawning a background reader goroutine that would conflict with SOCKS plugin raw reads). Implements ProtocolClient.

func (*LDAPRelayClient) InitConnection 

func (c *LDAPRelayClient) InitConnection() error

InitConnection establishes a TCP connection to the LDAP target. For LDAPS targets, wraps the connection in TLS. Implements ProtocolClient.

func (*LDAPRelayClient) IsAdmin 

func (c *LDAPRelayClient) IsAdmin() bool

IsAdmin returns true. For LDAP, privilege depends on the relayed account's ACLs, not a binary admin check. Attacks will fail individually if insufficient rights. Implements ProtocolClient.

func (*LDAPRelayClient) KeepAlive 

func (c *LDAPRelayClient) KeepAlive() error

KeepAlive sends a rootDSE query to keep the session alive. In SOCKS mode (ldapConn is nil), uses raw BER on the TCP connection to avoid spawning goldap's background reader goroutine. This matches Impacket's approach where ldap3 operations are synchronous and don't interfere with SOCKS tunnel reads. Implements ProtocolClient.

func (*LDAPRelayClient) Kill 

func (c *LDAPRelayClient) Kill()

Kill terminates the LDAP connection. Implements ProtocolClient.

func (*LDAPRelayClient) SendAuth 

func (c *LDAPRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth relays the NTLM Type3 authenticate via SICILY_RESPONSE_NTLM. On success, creates a goldap.Conn for post-auth LDAP operations. Implements ProtocolClient.

func (*LDAPRelayClient) SendNegotiate 

func (c *LDAPRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate performs SICILY package discovery and NTLM negotiate. Returns the Type2 challenge from the LDAP server. Implements ProtocolClient.

type LDAPSocksPlugin 

type LDAPSocksPlugin struct {
	// contains filtered or unexported fields
}

LDAPSocksPlugin implements the SOCKS plugin for LDAP/LDAPS protocol. Fakes SICILY NTLM bind with the SOCKS client using the stored challenge, then proxies BER-encoded LDAP messages. Matches Impacket's socksplugins/ldap.py.

func (*LDAPSocksPlugin) InitConnection 

func (p *LDAPSocksPlugin) InitConnection(clientConn net.Conn) error

func (*LDAPSocksPlugin) SkipAuthentication 

func (p *LDAPSocksPlugin) SkipAuthentication(clientConn net.Conn, sd *SessionData, lookupRelay func(string) *ActiveRelay) (string, error)

func (*LDAPSocksPlugin) TunnelConnection 

func (p *LDAPSocksPlugin) TunnelConnection(clientConn net.Conn, relay *ActiveRelay) error

type MSSQLQueryAttack 

type MSSQLQueryAttack struct{}

MSSQLQueryAttack executes SQL queries on a relayed MSSQL session.

func (*MSSQLQueryAttack) Name 

func (a *MSSQLQueryAttack) Name() string

func (*MSSQLQueryAttack) Run 

func (a *MSSQLQueryAttack) Run(session interface{}, config *Config) error

type MSSQLRelayClient 

type MSSQLRelayClient struct {
	// contains filtered or unexported fields
}

MSSQLRelayClient relays NTLM authentication to a MSSQL target via TDS protocol. After successful auth, exposes a *tds.Client for post-auth SQL operations. Implements the ProtocolClient interface.

func NewMSSQLRelayClient 

func NewMSSQLRelayClient(targetAddr string) *MSSQLRelayClient

NewMSSQLRelayClient creates a new MSSQL relay client for the given target.

func (*MSSQLRelayClient) GetRelayRawAuthAnswer 

func (c *MSSQLRelayClient) GetRelayRawAuthAnswer() []byte

GetRelayRawAuthAnswer returns the raw TDS LOGIN_ACK packet for SOCKS replay.

func (*MSSQLRelayClient) GetRelayRawChallenge 

func (c *MSSQLRelayClient) GetRelayRawChallenge() []byte

GetRelayRawChallenge returns the raw TDS SSPI challenge packet for SOCKS replay.

func (*MSSQLRelayClient) GetSession 

func (c *MSSQLRelayClient) GetSession() interface{}

GetSession returns the *tds.Client for post-auth SQL operations. Implements ProtocolClient.

func (*MSSQLRelayClient) InitConnection 

func (c *MSSQLRelayClient) InitConnection() error

InitConnection establishes a TCP connection to the MSSQL target and performs PRELOGIN + TLS setup. Implements ProtocolClient.

func (*MSSQLRelayClient) IsAdmin 

func (c *MSSQLRelayClient) IsAdmin() bool

IsAdmin checks if the relayed session has sysadmin privileges. Implements ProtocolClient.

func (*MSSQLRelayClient) KeepAlive 

func (c *MSSQLRelayClient) KeepAlive() error

KeepAlive sends a simple query to keep the session alive. Implements ProtocolClient.

func (*MSSQLRelayClient) Kill 

func (c *MSSQLRelayClient) Kill()

Kill terminates the MSSQL connection. Implements ProtocolClient.

func (*MSSQLRelayClient) SendAuth 

func (c *MSSQLRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth sends the NTLM Type3 authenticate message via TDS SSPI. On success, the TDS session is authenticated and ready for queries. Implements ProtocolClient.

func (*MSSQLRelayClient) SendNegotiate 

func (c *MSSQLRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate sends the NTLM Type1 via TDS LOGIN7 with integrated security, and returns the Type2 challenge from the server. Implements ProtocolClient.

type MSSQLSocksPlugin 

type MSSQLSocksPlugin struct{}

MSSQLSocksPlugin implements the SOCKS plugin for MSSQL/TDS protocol. Fakes TDS PRELOGIN and LOGIN7 authentication with the SOCKS client using stored TDS challenge/auth packets from the relay handshake. Matches Impacket's socksplugins/mssql.py.

func (*MSSQLSocksPlugin) InitConnection 

func (p *MSSQLSocksPlugin) InitConnection(clientConn net.Conn) error

func (*MSSQLSocksPlugin) SkipAuthentication 

func (p *MSSQLSocksPlugin) SkipAuthentication(clientConn net.Conn, sd *SessionData, lookupRelay func(string) *ActiveRelay) (string, error)

func (*MSSQLSocksPlugin) TunnelConnection 

func (p *MSSQLSocksPlugin) TunnelConnection(clientConn net.Conn, relay *ActiveRelay) error

type ProtocolClient 

type ProtocolClient interface {
	// InitConnection establishes the connection to the target.
	InitConnection() error

	// SendNegotiate relays the NTLM Type1 negotiate and returns the Type2 challenge.
	SendNegotiate(ntlmType1 []byte) (ntlmType2 []byte, err error)

	// SendAuth relays the NTLM Type3 authenticate. Returns nil on success.
	SendAuth(ntlmType3 []byte) error

	// GetSession returns the protocol-specific session object for use by attacks.
	// For SMB this returns the *SMBRelayClient, for LDAP the *ldap.Client, etc.
	GetSession() interface{}

	// KeepAlive sends a heartbeat to prevent session timeout.
	KeepAlive() error

	// Kill terminates the connection.
	Kill()

	// IsAdmin returns true if the relayed session has admin privileges.
	IsAdmin() bool
}

ProtocolClient relays auth to a target and maintains a session.

type ProtocolServer 

type ProtocolServer interface {
	Start(resultChan chan<- AuthResult) error
	Stop() error
}

ProtocolServer captures victim authentication.

type RAWRelayServer 

type RAWRelayServer struct {
	// contains filtered or unexported fields
}

RAWRelayServer listens for incoming raw TCP connections and captures NTLM authentication using a simple length-prefixed wire format. Wire format (all lengths are 2-byte little-endian): 

Client→Server: [2-byte LE len][NTLM Type1]
Server→Client: [2-byte LE len][NTLM Type2]
Client→Server: [2-byte LE len][NTLM Type3]
Server→Client: [2-byte LE len=1][1-byte bool success]

Matches Impacket's rawrelayserver.py.

func NewRAWRelayServer 

func NewRAWRelayServer(listenAddr string) *RAWRelayServer

NewRAWRelayServer creates a new RAW relay server.

func (*RAWRelayServer) Start 

func (s *RAWRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for raw TCP connections, implements ProtocolServer.

func (*RAWRelayServer) Stop 

func (s *RAWRelayServer) Stop() error

Stop closes the listener, implements ProtocolServer.

type RPCICPRAttack 

type RPCICPRAttack struct{}

RPCICPRAttack requests a certificate via the ICPR interface over a direct RPC connection. This is the RPC-based alternative to ADCSAttack (which uses HTTP relay to /certsrv/). Matches Impacket's ICPRRPCAttack in rpcattack.py.

func (*RPCICPRAttack) Name 

func (a *RPCICPRAttack) Name() string

func (*RPCICPRAttack) Run 

func (a *RPCICPRAttack) Run(session interface{}, config *Config) error

type RPCRelayClient 

type RPCRelayClient struct {
	// contains filtered or unexported fields
}

RPCRelayClient relays NTLM authentication over DCE/RPC BIND/AUTH3. Connects to the target's endpoint mapper to resolve the dynamic TCP port, then performs NTLM relay via the BIND/AUTH3 handshake. Matches Impacket's rpcrelayclient.py.

func NewRPCRelayClient 

func NewRPCRelayClient(targetAddr, rpcMode string) *RPCRelayClient

NewRPCRelayClient creates a new RPC relay client.

func (*RPCRelayClient) GetSession 

func (c *RPCRelayClient) GetSession() interface{}

GetSession returns the RPCRelaySession for attack modules.

func (*RPCRelayClient) InitConnection 

func (c *RPCRelayClient) InitConnection() error

InitConnection resolves the endpoint via epmapper and connects to the dynamic port.

func (*RPCRelayClient) IsAdmin 

func (c *RPCRelayClient) IsAdmin() bool

IsAdmin returns true — RPC relay auth implies access to the endpoint.

func (*RPCRelayClient) KeepAlive 

func (c *RPCRelayClient) KeepAlive() error

KeepAlive sends a heartbeat to prevent session timeout.

func (*RPCRelayClient) Kill 

func (c *RPCRelayClient) Kill()

Kill terminates the connection.

func (*RPCRelayClient) SendAuth 

func (c *RPCRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth sends AUTH3 with NTLM Type3 and verifies authentication via DummyOp.

func (*RPCRelayClient) SendNegotiate 

func (c *RPCRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate sends a BIND with NTLM Type1 and returns the Type2 challenge.

type RPCRelayServer 

type RPCRelayServer struct {
	// contains filtered or unexported fields
}

RPCRelayServer listens for incoming DCE/RPC connections on port 135 and captures NTLM authentication from BIND/AUTH3 packets. Responds to IObjectExporter::ServerAlive2 and epmapper::ept_map requests to keep the RPC handshake flowing. Matches Impacket's rpcrelayserver.py.

func NewRPCRelayServer 

func NewRPCRelayServer(listenAddr string) *RPCRelayServer

NewRPCRelayServer creates a new RPC relay server.

func (*RPCRelayServer) Start 

func (s *RPCRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for RPC connections, implements ProtocolServer.

func (*RPCRelayServer) Stop 

func (s *RPCRelayServer) Stop() error

Stop closes the listener, implements ProtocolServer.

type RPCRelaySession 

type RPCRelaySession struct {
	Client *dcerpc.Client
	Mode   string // "TSCH" or "ICPR"
}

RPCRelaySession holds the authenticated DCE/RPC session for attack modules.

type RPCTschExecAttack 

type RPCTschExecAttack struct{}

RPCTschExecAttack executes a command via the Task Scheduler over a direct RPC connection. Unlike TschExecAttack (which goes through SMB named pipes), this uses RPC-level auth from the BIND/AUTH3 relay, bypassing the need for SMB session-level admin. Matches Impacket's TSCHRPCAttack in rpcattack.py.

func (*RPCTschExecAttack) Name 

func (a *RPCTschExecAttack) Name() string

func (*RPCTschExecAttack) Run 

func (a *RPCTschExecAttack) Run(session interface{}, config *Config) error

type RelayInfo 

type RelayInfo struct {
	Protocol    string // "SMB", "LDAP", etc.
	Target      string // host IP/name
	Username    string // "DOMAIN\user"
	AdminStatus string // "TRUE", "FALSE", "N/A"
	Port        string // "445"
}

RelayInfo holds structured relay session info for console display.

type RelayPipeTransport 

type RelayPipeTransport struct {
	// contains filtered or unexported fields
}

RelayPipeTransport implements dcerpc.Transport over a raw SMB2 relay pipe. Uses SMB2 WRITE + READ for pipe communication (more compatible than IOCTL).

func NewRelayPipeTransport 

func NewRelayPipeTransport(client *SMBRelayClient, fileID [16]byte) *RelayPipeTransport

NewRelayPipeTransport creates a transport adapter for the given pipe.

func (*RelayPipeTransport) Close 

func (t *RelayPipeTransport) Close() error

Close closes the pipe handle.

func (*RelayPipeTransport) Read 

func (t *RelayPipeTransport) Read(b []byte) (int, error)

Read sends buffered write data via SMB2 WRITE, then reads response via SMB2 READ.

func (*RelayPipeTransport) Write 

func (t *RelayPipeTransport) Write(b []byte) (int, error)

Write buffers data for the next send operation.

type SAMDumpAttack 

type SAMDumpAttack struct{}

SAMDumpAttack dumps local SAM hashes via remote registry (Impacket default SMB attack).

func (*SAMDumpAttack) Name 

func (a *SAMDumpAttack) Name() string

func (*SAMDumpAttack) Run 

func (a *SAMDumpAttack) Run(session interface{}, config *Config) error

type SMB2Header 

type SMB2Header struct {
	ProtocolID    [4]byte // \xfeSMB
	StructureSize uint16  // 64
	CreditCharge  uint16
	Status        uint32
	Command       uint16
	CreditReqResp uint16
	Flags         uint32
	NextCommand   uint32
	MessageID     uint64
	Reserved      uint32
	TreeID        uint32
	SessionID     uint64
	Signature     [16]byte
}

SMB2 Header (64 bytes)

type SMBExecAttack 

type SMBExecAttack struct{}

SMBExecAttack executes a command on the target via service creation.

func (*SMBExecAttack) Name 

func (a *SMBExecAttack) Name() string

func (*SMBExecAttack) Run 

func (a *SMBExecAttack) Run(session interface{}, config *Config) error

type SMBRelayClient 

type SMBRelayClient struct {
	TargetAddr string
	// contains filtered or unexported fields
}

SMBRelayClient manages the SMB2 connection to the target server. It uses raw SMB2 packets to avoid needing session signing keys. Implements the ProtocolClient interface.

func NewSMBRelayClient 

func NewSMBRelayClient(targetAddr string) *SMBRelayClient

NewSMBRelayClient creates a new SMB relay client for the given target.

func (*SMBRelayClient) Close 

func (c *SMBRelayClient) Close() error

Close closes the TCP connection

func (*SMBRelayClient) CloseFile 

func (c *SMBRelayClient) CloseFile(fileID [16]byte) error

CloseFile closes a file handle (same protocol as ClosePipe)

func (*SMBRelayClient) ClosePipe 

func (c *SMBRelayClient) ClosePipe(fileID [16]byte) error

ClosePipe closes a pipe handle

func (*SMBRelayClient) CreateFile 

func (c *SMBRelayClient) CreateFile(path string) ([16]byte, uint64, error)

CreateFile opens a file for reading and returns the file handle and size

func (*SMBRelayClient) CreatePipe 

func (c *SMBRelayClient) CreatePipe(name string) ([16]byte, error)

CreatePipe opens a named pipe on the target (e.g., "srvsvc", "svcctl")

func (*SMBRelayClient) DeleteFile 

func (c *SMBRelayClient) DeleteFile(share, path string) error

DeleteFile opens a file with DELETE_ON_CLOSE and closes it to delete

func (*SMBRelayClient) DownloadFile 

func (c *SMBRelayClient) DownloadFile(share, path string) ([]byte, error)

DownloadFile reads an entire file by TreeConnecting to the share and reading in chunks

func (*SMBRelayClient) GetSession 

func (c *SMBRelayClient) GetSession() interface{}

GetSession returns this client for use by attack modules. Implements ProtocolClient.

func (*SMBRelayClient) InitConnection 

func (c *SMBRelayClient) InitConnection() error

InitConnection establishes a TCP connection and performs SMB2 NEGOTIATE. Implements ProtocolClient.

func (*SMBRelayClient) IsAdmin 

func (c *SMBRelayClient) IsAdmin() bool

IsAdmin checks if the session has admin access by trying to open SCManager. Implements ProtocolClient.

func (*SMBRelayClient) KeepAlive 

func (c *SMBRelayClient) KeepAlive() error

KeepAlive sends a heartbeat to prevent session timeout. Implements ProtocolClient.

func (*SMBRelayClient) Kill 

func (c *SMBRelayClient) Kill()

Kill terminates the connection. Implements ProtocolClient.

func (*SMBRelayClient) ReadFileAt 

func (c *SMBRelayClient) ReadFileAt(fileID [16]byte, offset uint64, length uint32) ([]byte, error)

ReadFileAt reads data from a file at a given offset

func (*SMBRelayClient) ReadPipe 

func (c *SMBRelayClient) ReadPipe(fileID [16]byte, length int) ([]byte, error)

ReadPipe reads data from the pipe

func (*SMBRelayClient) SendAuth 

func (c *SMBRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth relays the NTLM Type3 authenticate. Returns nil on success. Sends raw NTLM in SESSION_SETUP (no SPNEGO wrapping), matching Impacket relay behavior. Implements ProtocolClient.

func (*SMBRelayClient) SendNegotiate 

func (c *SMBRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate relays the NTLM Type1 negotiate and returns the Type2 challenge. Sends raw NTLM in SESSION_SETUP (no SPNEGO wrapping), matching Impacket relay behavior. Implements ProtocolClient.

func (*SMBRelayClient) Transact 

func (c *SMBRelayClient) Transact(fileID [16]byte, input []byte, maxOutput int) ([]byte, error)

Transact performs an IOCTL FSCTL_PIPE_TRANSCEIVE on the pipe

func (*SMBRelayClient) TreeConnect 

func (c *SMBRelayClient) TreeConnect(share string) error

TreeConnect connects to a share on the target (e.g., IPC$)

func (*SMBRelayClient) WritePipe 

func (c *SMBRelayClient) WritePipe(fileID [16]byte, data []byte) error

WritePipe writes data to the pipe

type SMBRelayServer 

type SMBRelayServer struct {
	// contains filtered or unexported fields
}

SMBRelayServer listens for incoming SMB2 connections from victims and captures NTLM authentication for relay.

func NewSMBRelayServer 

func NewSMBRelayServer(listenAddr string) *SMBRelayServer

NewSMBRelayServer creates a new SMB relay server.

func (*SMBRelayServer) Start 

func (s *SMBRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for victim connections, implements ProtocolServer.

func (*SMBRelayServer) Stop 

func (s *SMBRelayServer) Stop() error

Stop closes the listener, implements ProtocolServer.

type SMBSocksPlugin 

type SMBSocksPlugin struct{}

SMBSocksPlugin implements the SOCKS plugin for SMB protocol. Fakes SMB negotiate + session setup with the SOCKS client using the stored NTLM challenge, then tunnels SMB2 traffic with MessageID rewriting and signature stripping. Matches Impacket's socksplugins/smb.py.

func (*SMBSocksPlugin) InitConnection 

func (p *SMBSocksPlugin) InitConnection(clientConn net.Conn) error

func (*SMBSocksPlugin) SkipAuthentication 

func (p *SMBSocksPlugin) SkipAuthentication(clientConn net.Conn, sd *SessionData, lookupRelay func(string) *ActiveRelay) (string, error)

func (*SMBSocksPlugin) TunnelConnection 

func (p *SMBSocksPlugin) TunnelConnection(clientConn net.Conn, relay *ActiveRelay) error

type SOCKSPlugin 

type SOCKSPlugin interface {
	// InitConnection performs any protocol-specific connection setup
	// (e.g., wrapping the socket in a framing layer).
	InitConnection(clientConn net.Conn) error

	// SkipAuthentication fakes the protocol-level authentication with the SOCKS client.
	// It replays the stored NTLM challenge, extracts the username from the client's
	// response, and looks up the corresponding relay session.
	// Returns the matched username (for InUse tracking) and any error.
	SkipAuthentication(clientConn net.Conn, sessionData *SessionData, lookupRelay func(username string) *ActiveRelay) (string, error)

	// TunnelConnection proxies traffic between the SOCKS client and the relayed target.
	// Protocol-specific: handles message framing, strips signing, intercepts logoff, etc.
	TunnelConnection(clientConn net.Conn, relay *ActiveRelay) error
}

SOCKSPlugin defines the interface for protocol-aware SOCKS proxy plugins. Each plugin handles the protocol-specific authentication faking and tunneling for a particular protocol (SMB, LDAP, HTTP, MSSQL). Matches Impacket's SocksRelay base class in socksserver.py.

type SOCKSServer 

type SOCKSServer struct {
	// contains filtered or unexported fields
}

SOCKSServer implements a SOCKS5 proxy that routes connections through relayed sessions. Uses protocol-aware plugins (SMB, LDAP, HTTP, MSSQL) to fake authentication and tunnel traffic, matching Impacket's socksserver.py + socksplugins/ architecture.

func NewSOCKSServer 

func NewSOCKSServer(addr string) *SOCKSServer

NewSOCKSServer creates a new SOCKS5 proxy server.

func (*SOCKSServer) AddRelay 

func (s *SOCKSServer) AddRelay(target, username, scheme string, client ProtocolClient, sd *SessionData)

AddRelay registers a new relayed session for SOCKS proxying.

func (*SOCKSServer) GetRelay 

func (s *SOCKSServer) GetRelay(host string, port int) *ActiveRelay

GetRelay finds an active relay for the given target.

func (*SOCKSServer) GetRelayByUsername 

func (s *SOCKSServer) GetRelayByUsername(host string, port int, username string) *ActiveRelay

GetRelayByUsername finds an active relay for the given target and username. Tries both "DOMAIN\USER" and "DOMAIN_NETBIOS\USER" formats (Impacket does both).

func (*SOCKSServer) GetSessionData 

func (s *SOCKSServer) GetSessionData(host string, port int) *SessionData

GetSessionData returns the SessionData for a given target.

func (*SOCKSServer) ListRelayDetails 

func (s *SOCKSServer) ListRelayDetails() []RelayInfo

ListRelayDetails returns structured relay info matching Impacket's API format.

func (*SOCKSServer) ListRelays 

func (s *SOCKSServer) ListRelays() []string

ListRelays returns all active relays for display.

func (*SOCKSServer) Start 

func (s *SOCKSServer) Start() error

Start begins listening for SOCKS5 connections.

func (*SOCKSServer) Stop 

func (s *SOCKSServer) Stop()

Stop shuts down the SOCKS5 server.

type SecretsdumpAttack 

type SecretsdumpAttack struct{}

SecretsdumpAttack dumps SAM hashes and LSA secrets via remote registry.

func (*SecretsdumpAttack) Name 

func (a *SecretsdumpAttack) Name() string

func (*SecretsdumpAttack) Run 

func (a *SecretsdumpAttack) Run(session interface{}, config *Config) error

type SessionData 

type SessionData struct {
	// ChallengeMessage is the raw NTLM Type2 challenge from the target.
	// Used by SMB and LDAP plugins to present to SOCKS clients.
	ChallengeMessage []byte

	// MSSQLChallengeTDS is the full TDS packet containing the NTLM challenge.
	// Used by the MSSQL plugin.
	MSSQLChallengeTDS []byte

	// MSSQLAuthAnswer is the TDS LOGIN_ACK response from the real server.
	// Replayed to SOCKS clients after fake auth.
	MSSQLAuthAnswer []byte
}

SessionData holds NTLM challenge data from the original relay handshake, replayed to SOCKS clients during skipAuthentication. Matches Impacket's sessionData dict stored in activeRelays.

type ShadowCredsAttack 

type ShadowCredsAttack struct{}

ShadowCredsAttack writes msDS-KeyCredentialLink via LDAP.

func (*ShadowCredsAttack) Name 

func (a *ShadowCredsAttack) Name() string

func (*ShadowCredsAttack) Run 

func (a *ShadowCredsAttack) Run(session interface{}, config *Config) error

type SharesAttack 

type SharesAttack struct{}

SharesAttack enumerates shares on the target via SRVSVC.

func (*SharesAttack) Name 

func (a *SharesAttack) Name() string

func (*SharesAttack) Run 

func (a *SharesAttack) Run(session interface{}, config *Config) error

type TargetEntry 

type TargetEntry struct {
	Scheme string // "smb", "ldap", "ldaps", "http", "https", "mssql", "rpc", "imap", "winrm", "winrms"
	Host   string
	Port   int
	Path   string // URL path (e.g., "/certsrv/certfnsh.asp") — used by HTTP relay client
}

TargetEntry represents a parsed relay target URL.

func ParseTargetURL 

func ParseTargetURL(raw string) (*TargetEntry, error)

ParseTargetURL parses a target URL string into a TargetEntry. Accepted formats: smb://host, smb://host:port, host, host:port

func (TargetEntry) Addr 

func (t TargetEntry) Addr() string

Addr returns host:port for dialing.

func (TargetEntry) URL 

func (t TargetEntry) URL() string

URL returns the target as a URL string.

type TschExecAttack 

type TschExecAttack struct{}

TschExecAttack executes a command via the Task Scheduler service (ATSVC/SchRpc). This matches Impacket's rpcattack.py TSCH mode.

func (*TschExecAttack) Name 

func (a *TschExecAttack) Name() string

func (*TschExecAttack) Run 

func (a *TschExecAttack) Run(session interface{}, config *Config) error

type WCFRelayServer 

type WCFRelayServer struct {
	// contains filtered or unexported fields
}

WCFRelayServer listens for incoming WCF/ADWS (port 9389) connections and captures NTLM authentication via the .NET Message Framing Protocol (MC-NMF) and .NET NegotiateStream Protocol (MS-NNS) over NetTcpBinding.

Matches Impacket's wcfrelayserver.py.

Protocol flow:

  1. Preamble: VersionRecord, ModeRecord, ViaRecord, KnownEncodingRecord, UpgradeRequestRecord
  2. Server sends UpgradeResponse (0x0a)
  3. NegotiateStream: NTLM handshake via handshake_in_progress (0x16) records
  4. Extract Type1, relay, send Type2 challenge, receive Type3

func NewWCFRelayServer 

func NewWCFRelayServer(listenAddr string) *WCFRelayServer

NewWCFRelayServer creates a new WCF relay server.

func (*WCFRelayServer) Start 

func (s *WCFRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for WCF connections, implements ProtocolServer.

func (*WCFRelayServer) Stop 

func (s *WCFRelayServer) Stop() error

Stop closes the listener, implements ProtocolServer.

type WinRMExecAttack 

type WinRMExecAttack struct{}

WinRMExecAttack implements AttackModule for WinRM command execution. Creates a cmd.exe shell via WS-Man SOAP, executes the command, retrieves output. Matches Impacket's winrmattack.py behavior.

func (*WinRMExecAttack) Name 

func (a *WinRMExecAttack) Name() string

func (*WinRMExecAttack) Run 

func (a *WinRMExecAttack) Run(session interface{}, config *Config) error

type WinRMRelayClient 

type WinRMRelayClient struct {
	// contains filtered or unexported fields
}

WinRMRelayClient implements ProtocolClient for relaying NTLM auth to WinRM targets. WinRM uses HTTP(S) POST /wsman with SOAP XML bodies and NTLM auth in HTTP headers. Matches Impacket's winrmrelayclient.py behavior.

func NewWinRMRelayClient 

func NewWinRMRelayClient(addr string, useTLS bool) *WinRMRelayClient

NewWinRMRelayClient creates a new WinRM relay client.

func (*WinRMRelayClient) DoWinRMRequest 

func (c *WinRMRelayClient) DoWinRMRequest(body string) (string, error)

DoWinRMRequest sends a SOAP request to /wsman and returns the response body. Used by the attack module and interactive shell for all WS-Man operations.

func (*WinRMRelayClient) GetSession 

func (c *WinRMRelayClient) GetSession() interface{}

GetSession returns this client for use by attack modules. Implements ProtocolClient.

func (*WinRMRelayClient) InitConnection 

func (c *WinRMRelayClient) InitConnection() error

InitConnection creates the HTTP client with connection reuse for NTLM handshake. Implements ProtocolClient.

func (*WinRMRelayClient) IsAdmin 

func (c *WinRMRelayClient) IsAdmin() bool

IsAdmin returns false — WinRM access itself implies elevated privileges but there's no programmatic way to check via relay. Implements ProtocolClient.

func (*WinRMRelayClient) KeepAlive 

func (c *WinRMRelayClient) KeepAlive() error

KeepAlive sends a WS-Man shell creation request as a heartbeat (matches Impacket). Implements ProtocolClient.

func (*WinRMRelayClient) Kill 

func (c *WinRMRelayClient) Kill()

Kill terminates the connection. Implements ProtocolClient.

func (*WinRMRelayClient) SendAuth 

func (c *WinRMRelayClient) SendAuth(ntlmType3 []byte) error

SendAuth relays the NTLM Type3 authenticate to the WinRM target. Unwraps SPNEGO if present (matching Impacket behavior). Implements ProtocolClient.

func (*WinRMRelayClient) SendNegotiate 

func (c *WinRMRelayClient) SendNegotiate(ntlmType1 []byte) ([]byte, error)

SendNegotiate relays the NTLM Type1 and returns the Type2 challenge from the WinRM target. Uses POST /wsman with SOAP content type and dummy XML body (matches Impacket). Implements ProtocolClient.

type WinRMRelayServer 

type WinRMRelayServer struct {
	// contains filtered or unexported fields
}

WinRMRelayServer wraps an HTTPRelayServer on port 5985 for WinRM relay. WinRM uses HTTP+NTLM on /wsman — identical to existing HTTP server. Matches Impacket's winrmrelayserver.py.

func NewWinRMRelayServer 

func NewWinRMRelayServer(listenAddr string, config *Config) *WinRMRelayServer

NewWinRMRelayServer creates a new WinRM relay server on the given address.

func (*WinRMRelayServer) Start 

func (s *WinRMRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for WinRM (HTTP) connections, implements ProtocolServer.

func (*WinRMRelayServer) Stop 

func (s *WinRMRelayServer) Stop() error

Stop closes the WinRM server, implements ProtocolServer.

type WinRMSRelayServer 

type WinRMSRelayServer struct {
	// contains filtered or unexported fields
}

WinRMSRelayServer wraps an HTTPSRelayServer on port 5986 for WinRM over HTTPS.

func NewWinRMSRelayServer 

func NewWinRMSRelayServer(listenAddr string, config *Config) (*WinRMSRelayServer, error)

NewWinRMSRelayServer creates a new WinRM over HTTPS relay server.

func (*WinRMSRelayServer) Start 

func (s *WinRMSRelayServer) Start(resultChan chan<- AuthResult) error

Start begins listening for WinRM (HTTPS) connections, implements ProtocolServer.

func (*WinRMSRelayServer) Stop 

func (s *WinRMSRelayServer) Stop() error

Stop closes the WinRMS server, implements ProtocolServer.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.