├── .github └── workflows │ ├── release.yml │ └── semgrep.yml ├── .gitignore ├── README.md ├── build_lin.sh ├── build_mac.sh ├── build_win.sh ├── go.mod ├── go.sum └── src ├── golaps.go ├── main.go └── parser.go /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # Release a new golang binary for windows and linux when I push to main 2 | name: release-when-push-to-main 3 | run-name: Release when push to main 4 | on: 5 | push: 6 | tags: 7 | - v* 8 | jobs: 9 | build: 10 | name: Build for ${{ matrix.os }} 11 | runs-on: ubuntu-latest 12 | strategy: 13 | matrix: 14 | os: [linux, windows, darwin] 15 | 16 | steps: 17 | - name: Checkout repository 18 | uses: actions/checkout@v2 19 | - name: Set up Go 20 | uses: actions/setup-go@v2 21 | with: 22 | go-version: 1.22 23 | 24 | - name: Build for ${{ matrix.os }} 25 | run: | 26 | if [ ${{ matrix.os }} == 'darwin' ]; then 27 | GOOS=${{ matrix.os }} GOARCH=arm64 go build -o bin/golaps-${{ github.ref_name }}-${{ matrix.os }}-arm64 src/*.go 28 | else 29 | GOOS=${{ matrix.os }} GOARCH=amd64 go build -o bin/golaps-${{ github.ref_name }}-${{ matrix.os }}-amd64 src/*.go 30 | fi 31 | 32 | - name: Upload windows and linux artifact 33 | uses: actions/upload-artifact@v2 34 | with: 35 | name: golaps-${{ github.ref_name }}-${{ matrix.os }}-amd64 36 | path: bin/golaps-${{ github.ref_name }}-${{ matrix.os }}-amd64 37 | 38 | - name: Upload Macos artifact 39 | uses: actions/upload-artifact@v2 40 | with: 41 | name: golaps-${{ github.ref_name }}-darwin-arm64 42 | path: bin/golaps-${{ github.ref_name }}-darwin-arm64 43 | 44 | publish: 45 | name: Publish Releases 46 | runs-on: ubuntu-latest 47 | 48 | needs: build 49 | if: startsWith(github.ref, 'refs/tags/v') 50 | steps: 51 | - name: Checkout repository 52 | uses: actions/checkout@v2 53 | 54 | - name: Download artifacts - Windows 55 | uses: actions/download-artifact@v2 56 | with: 57 | name: golaps-${{ github.ref_name }}-windows-amd64 58 | 59 | - name: Download artifacts - Linux 60 | uses: actions/download-artifact@v2 61 | with: 62 | name: golaps-${{ github.ref_name }}-linux-amd64 63 | 64 | - name: Download artifacts - MacOS 65 | uses: actions/download-artifact@v2 66 | with: 67 | name: golaps-${{ github.ref_name }}-darwin-arm64 68 | 69 | - name: Create Release 70 | id: create_release 71 | uses: actions/create-release@v1 72 | with: 73 | tag_name: ${{ github.ref_name }} 74 | release_name: ${{ github.ref_name }} 75 | draft: false 76 | prerelease: false 77 | env: 78 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 79 | 80 | - name: Upload Release Asset - Linux 81 | id: upload-release-asset-linux 82 | uses: actions/upload-release-asset@v1 83 | with: 84 | upload_url: ${{ steps.create_release.outputs.upload_url }} 85 | asset_path: ./golaps-${{ github.ref_name }}-linux-amd64 86 | asset_name: golaps-${{ github.ref_name }}-linux-amd64 87 | asset_content_type: application/octet-stream 88 | env: 89 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 90 | 91 | 92 | - name: Upload Release Asset - Windows 93 | id: upload-release-asset-windows 94 | uses: actions/upload-release-asset@v1 95 | with: 96 | upload_url: ${{ steps.create_release.outputs.upload_url }} 97 | asset_path: ./golaps-${{ github.ref_name }}-windows-amd64 98 | asset_name: golaps-${{ github.ref_name }}-windows-amd64.exe 99 | asset_content_type: application/octet-stream 100 | env: 101 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 102 | 103 | - name: Upload Release Asset - MacOS 104 | id: upload-release-asset-macos 105 | uses: actions/upload-release-asset@v1 106 | with: 107 | upload_url: ${{ steps.create_release.outputs.upload_url }} 108 | asset_path: ./golaps-${{ github.ref_name }}-darwin-arm64 109 | asset_name: golaps-${{ github.ref_name }}-darwin-arm64 110 | asset_content_type: application/octet-stream 111 | env: 112 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 113 | 114 | -------------------------------------------------------------------------------- /.github/workflows/semgrep.yml: -------------------------------------------------------------------------------- 1 | on: 2 | workflow_dispatch: {} 3 | pull_request: {} 4 | push: 5 | branches: 6 | - main 7 | - master 8 | paths: 9 | - .github/workflows/semgrep.yml 10 | schedule: 11 | # random HH:MM to avoid a load spike on GitHub Actions at 00:00 12 | - cron: 34 19 * * * 13 | name: Semgrep 14 | jobs: 15 | semgrep: 16 | name: semgrep/ci 17 | runs-on: ubuntu-latest 18 | permissions: 19 | contents: read 20 | env: 21 | SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }} 22 | container: 23 | image: semgrep/semgrep 24 | steps: 25 | - uses: actions/checkout@v4 26 | - run: semgrep ci 27 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | logs/* 2 | *.exe 3 | .vscode 4 | golaps 5 | bin/* 6 | launch.json 7 | sync.sh 8 | .DS_Store -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # goLAPS 2 | Retrieve LAPS passwords from a domain. 3 | The tools is inspired in [pyLAPS](https://github.com/p0dalirius/pyLAPS). This project was just a personal excuse to learn Golang. 4 | 5 | # Capabilities 6 | * It can get all LAPS passwords from a domain controler using the "get" command 7 | * It can set the target computer LAPS password using the "set" command 8 | * For now, it only works with simple binding on LDAP and LDAPS protocols 9 | * You can provide a filter (-f, --filter) to retrieve computers in the domain that follow a specific patter on their samAccountName 10 | 11 | # Usage 12 | ## Get LAPS passwords 13 | ```bash 14 | ./golaps get -h 15 | 16 | ________ ________ ___ ________ ________ ________ 17 | |\ ____\|\ __ \|\ \ |\ __ \|\ __ \|\ ____\ 18 | \ \ \___|\ \ \|\ \ \ \ \ \ \|\ \ \ \|\ \ \ \___|_ 19 | \ \ \ __\ \ \\\ \ \ \ \ \ __ \ \ ____\ \_____ \ 20 | \ \ \|\ \ \ \\\ \ \ \____\ \ \ \ \ \ \___|\|____|\ \ 21 | \ \_______\ \_______\ \_______\ \__\ \__\ \__\ ____\_\ \ 22 | \|_______|\|_______|\|_______|\|__|\|__|\|__| |\_________\ 23 | \|_________| 24 | Retrieve LAPS passwords from a domain controler 25 | (author: @felmoltor) 26 | Inspired by pyLAPS (https://github.com/p0dalirius/pyLAPS) 27 | 28 | usage: golaps get [-h|--help] -D|--dc "" -u|--username "" 29 | -p|--password "" -d|--domain "" [-f|--filter 30 | ""] [-o|--out ""] 31 | 32 | 33 | 34 | Arguments: 35 | 36 | -h --help Print help information 37 | -D --dc of the Domain Controller to query. 38 | -u --username Username to authenticate with. 39 | -p --password Password to authenticate with. 40 | -d --domain Domain of the user authenticating. 41 | -f --filter Substring of the computer name (samAccountName) to search 42 | for. 43 | -o --out File name of the csv file to write the results. 44 | ``` 45 | 46 | ## Set LAPS password 47 | ```bash 48 | ./golaps set -h 49 | usage: golaps set [-h|--help] [-D|--dc ""] [-u|--username ""] 50 | [-p|--password ""] [-d|--domain ""] [-t|--target 51 | ""] [-P|--lapspass ""] 52 | Arguments: 53 | 54 | -h --help Print help information 55 | -D --dc of the Domain Controller to target. 56 | -u --username Username to authenticate with. 57 | -p --password Password to authenticate with. 58 | -d --domain Domain of the user authenticating. 59 | -t --target FQDN of the computer to set the LAPS password. 60 | -P --lapspass Password to set. 61 | ``` 62 | 63 | # Version 64 | 27/05/2024 - SenseCon 2024 Edition 65 | 66 | # Authors 67 | Felipe Molina de la Torre ([@felmoltor](https://infosec.exchange/@felmoltor)). 68 | Help from François Reinaud on the argument parsing functionality and Deon Wilemse on the testing infrastructure. 69 | -------------------------------------------------------------------------------- /build_lin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Build the Linux version of goLAPS 4 | GOOS=linux GOARCH=amd64 go build -o bin/golaps-amd64 src/*.go -------------------------------------------------------------------------------- /build_mac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Build the Linux version of goLAPS 4 | GOOS=darwin GOARCH=arm64 go build -o bin/golaps-arm64 src/*.go -------------------------------------------------------------------------------- /build_win.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Build the Windows version of goLAPS 4 | GOOS=windows GOARCH=amd64 go build -o bin/golaps.exe src/*.go -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module golaps 2 | 3 | go 1.22.3 4 | 5 | require github.com/go-ldap/ldap/v3 v3.4.8 6 | 7 | require ( 8 | github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect 9 | github.com/akamensky/argparse v1.4.0 10 | github.com/go-asn1-ber/asn1-ber v1.5.5 // indirect 11 | github.com/google/uuid v1.6.0 // indirect 12 | golang.org/x/crypto v0.21.0 // indirect 13 | ) 14 | -------------------------------------------------------------------------------- /go.sum: -------------------------------------------------------------------------------- 1 | github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= 2 | github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= 3 | github.com/akamensky/argparse v1.4.0 h1:YGzvsTqCvbEZhL8zZu2AiA5nq805NZh75JNj4ajn1xc= 4 | github.com/akamensky/argparse v1.4.0/go.mod h1:S5kwC7IuDcEr5VeXtGPRVZ5o/FdhcMlQz4IZQuw64xA= 5 | github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa h1:LHTHcTQiSGT7VVbI0o4wBRNQIgn917usHWOd6VAffYI= 6 | github.com/alexbrainman/sspi v0.0.0-20231016080023-1a75b4708caa/go.mod h1:cEWa1LVoE5KvSD9ONXsZrj0z6KqySlCCNKHlLzbqAt4= 7 | github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 8 | github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= 9 | github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= 10 | github.com/go-asn1-ber/asn1-ber v1.5.5 h1:MNHlNMBDgEKD4TcKr36vQN68BA00aDfjIt3/bD50WnA= 11 | github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= 12 | github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= 13 | github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= 14 | github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= 15 | github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= 16 | github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4= 17 | github.com/gorilla/sessions v1.2.1/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM= 18 | github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= 19 | github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= 20 | github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= 21 | github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= 22 | github.com/jcmturner/aescts/v2 v2.0.0/go.mod h1:AiaICIRyfYg35RUkr8yESTqvSy7csK90qZ5xfvvsoNs= 23 | github.com/jcmturner/dnsutils/v2 v2.0.0 h1:lltnkeZGL0wILNvrNiVCR6Ro5PGU/SeBvVO/8c/iPbo= 24 | github.com/jcmturner/dnsutils/v2 v2.0.0/go.mod h1:b0TnjGOvI/n42bZa+hmXL+kFJZsFT7G4t3HTlQ184QM= 25 | github.com/jcmturner/gofork v1.7.6 h1:QH0l3hzAU1tfT3rZCnW5zXl+orbkNMMRGJfdJjHVETg= 26 | github.com/jcmturner/gofork v1.7.6/go.mod h1:1622LH6i/EZqLloHfE7IeZ0uEJwMSUyQ/nDd82IeqRo= 27 | github.com/jcmturner/goidentity/v6 v6.0.1 h1:VKnZd2oEIMorCTsFBnJWbExfNN7yZr3EhJAxwOkZg6o= 28 | github.com/jcmturner/goidentity/v6 v6.0.1/go.mod h1:X1YW3bgtvwAXju7V3LCIMpY0Gbxyjn/mY9zx4tFonSg= 29 | github.com/jcmturner/gokrb5/v8 v8.4.4 h1:x1Sv4HaTpepFkXbt2IkL29DXRf8sOfZXo8eRKh687T8= 30 | github.com/jcmturner/gokrb5/v8 v8.4.4/go.mod h1:1btQEpgT6k+unzCwX1KdWMEwPPkkgBtP+F6aCACiMrs= 31 | github.com/jcmturner/rpc/v2 v2.0.3 h1:7FXXj8Ti1IaVFpSAziCZWNzbNuZmnvw/i6CqLNdWfZY= 32 | github.com/jcmturner/rpc/v2 v2.0.3/go.mod h1:VUJYCIDm3PVOEHw8sgt091/20OJjskO/YJki3ELg/Hc= 33 | github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= 34 | github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= 35 | github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= 36 | github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= 37 | github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= 38 | github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= 39 | github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= 40 | github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= 41 | github.com/stretchr/testify v1.8.1 h1:w7B6lhMri9wdJUVmEZPGGhZzrYTPvgJArz7wNPgYKsk= 42 | github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= 43 | github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= 44 | golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= 45 | golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= 46 | golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= 47 | golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= 48 | golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= 49 | golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= 50 | golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= 51 | golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= 52 | golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 53 | golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= 54 | golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= 55 | golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= 56 | golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= 57 | golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= 58 | golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= 59 | golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= 60 | golang.org/x/net v0.22.0 h1:9sGLhx7iRIHEiX0oAJ3MRZMUCElJgy7Br1nO+AMN3Tc= 61 | golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= 62 | golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 63 | golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 64 | golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= 65 | golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= 66 | golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= 67 | golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 68 | golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 69 | golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 70 | golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 71 | golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= 72 | golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 73 | golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= 74 | golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= 75 | golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= 76 | golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= 77 | golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= 78 | golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= 79 | golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= 80 | golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= 81 | golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= 82 | golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= 83 | golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= 84 | golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= 85 | golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= 86 | golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= 87 | golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= 88 | golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= 89 | golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= 90 | golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= 91 | gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= 92 | gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= 93 | gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 94 | gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= 95 | gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= 96 | -------------------------------------------------------------------------------- /src/golaps.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "crypto/tls" 5 | csv "encoding/csv" 6 | "fmt" 7 | "io" 8 | "log" 9 | "os" 10 | filepath "path/filepath" 11 | "time" 12 | 13 | "github.com/go-ldap/ldap/v3" 14 | ) 15 | 16 | // Struct to hold the credentials of the GoLaps client 17 | type Credentials struct { 18 | Username string 19 | Password string 20 | Domain string 21 | } 22 | 23 | // Struct to hold the configuration of the GoLaps client 24 | type GoLaps struct { 25 | Credentials Credentials // The credentials to bind to the DC 26 | TargetDC string // This could be an IP or the FQDN of the DC 27 | BaseDN string // The base DN to search for the computers 28 | ComputernameFilter string // The filter to search for the computernames to read the LAPS password from 29 | Targetcomputer string // The FQDN of the computer to set the LAPS password 30 | } 31 | 32 | func (gl GoLaps) InitLogging() { 33 | // Create the logs folder if it does not exits 34 | if _, err := os.Stat("logs"); os.IsNotExist(err) { 35 | os.Mkdir("logs", 0755) 36 | } 37 | // Log to a file 38 | logPath := filepath.Join("logs", time.Now().Format("2006-01-02_150405")+"_golaps.log") 39 | file, err := os.OpenFile(logPath, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0666) 40 | if err != nil { 41 | log.Fatal("Error opening log file:", err) 42 | } 43 | // defer file.Close() // I'm new to this language. I guess I shouldn't close the file stream if I want to keep writing to the log file, innit? 44 | 45 | // Direct logs to both stdout and the file 46 | log.SetOutput(io.MultiWriter(os.Stdout, file)) 47 | } 48 | 49 | // ConnectToDC connects to the DC using LDAPS or LDAP 50 | func (gl GoLaps) ConnectToDC() (*ldap.Conn, error) { 51 | ldapsURL := "ldaps://" + gl.TargetDC + ":636" 52 | l, err := ldap.DialURL(ldapsURL, ldap.DialWithTLSConfig(&tls.Config{InsecureSkipVerify: true})) // I don't care about the cert, take me to jail, officer 53 | if err != nil { 54 | log.Println("Error connecting to LDAP server using LDAPS: " + err.Error()) 55 | ldapURL := "ldap://" + gl.TargetDC + ":389" 56 | l, err = ldap.DialURL(ldapURL) 57 | if err != nil { 58 | log.Fatal("Error connecting to LDAP server using LDAP: " + err.Error()) 59 | } 60 | } 61 | // defer l.Close() // Close the connection when the function returns 62 | return l, err 63 | } 64 | 65 | func (gl GoLaps) CloseConnection(l *ldap.Conn) { 66 | l.Close() 67 | } 68 | 69 | // Bind to the DC using the username and password if they are set 70 | func (gl GoLaps) BindToDC(l *ldap.Conn) error { 71 | // Choose the type of binding, Unauthenticated or Authenticated 72 | if gl.Credentials.Username == "" || gl.Credentials.Password == "" { 73 | log.Println("Username or password not set. Using unauthenticated bind") 74 | err := l.UnauthenticatedBind("") 75 | if err != nil { 76 | log.Println("Error unauthenticated binding to LDAP server" + err.Error()) 77 | } 78 | } else { 79 | err := l.Bind(gl.Credentials.Username+"@"+gl.Credentials.Domain, gl.Credentials.Password) 80 | if err != nil { 81 | log.Fatal("Error binding to LDAP server" + err.Error()) 82 | } 83 | return err 84 | } 85 | return nil 86 | } 87 | 88 | // Receive the Pointer to the LDAP connection and return and updates the domain DN 89 | func (gl *GoLaps) GetDomainDN(l *ldap.Conn) (string, error) { 90 | // Get the domain DN (Distinguished Name) 91 | // Create a search request 92 | searchRequest := ldap.NewSearchRequest( 93 | "", // Base DN (empty string for Root DSE) 94 | ldap.ScopeBaseObject, ldap.NeverDerefAliases, 0, 0, false, 95 | "(objectClass=*)", // Search filter for domain object 96 | []string{"defaultNamingContext"}, // Attribute to retrieve (DN) 97 | nil, 98 | ) 99 | 100 | sr, err := l.Search(searchRequest) 101 | if err != nil { 102 | log.Fatal("Error searching LDAP server" + err.Error()) 103 | } 104 | 105 | domainDN := "" 106 | // Print the DN of the domain 107 | if len(sr.Entries) > 0 { 108 | domainDN = sr.Entries[0].GetAttributeValue("defaultNamingContext") 109 | log.Println("DN of the domain:", domainDN) 110 | } else { 111 | log.Println("Domain not found") 112 | } 113 | 114 | gl.BaseDN = domainDN 115 | 116 | return domainDN, err 117 | } 118 | 119 | func (gl GoLaps) SearchComputersWithLaps(l *ldap.Conn, csvfile string) (*ldap.SearchResult, error) { 120 | searchFilter := fmt.Sprintf("(&(objectCategory=computer)(ms-MCS-AdmPwd=*)(sAMAccountName=*%s*))", ldap.EscapeFilter(gl.ComputernameFilter)) 121 | if gl.ComputernameFilter == "" { 122 | searchFilter = "(&(objectCategory=computer)(ms-MCS-AdmPwd=*))" 123 | } 124 | // Construct LDAP search request 125 | searchRequest := ldap.NewSearchRequest( 126 | gl.BaseDN, // Base DN 127 | ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, 128 | searchFilter, // Search filter 129 | []string{"sAMAccountName", "ms-Mcs-AdmPwd"}, // Attributes to retrieve 130 | nil, 131 | ) 132 | sr, err := l.Search(searchRequest) 133 | if err != nil { 134 | log.Fatal("Error searching for Computers with ms-Mcs-AdmPwd attributes" + err.Error()) 135 | } 136 | 137 | // Open the CSV file to write the search results 138 | var w *csv.Writer 139 | if csvfile != "" { 140 | // Export to CSV 141 | file, err := os.OpenFile(csvfile, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0644) 142 | if err != nil { 143 | log.Println("Error opening CSV file" + err.Error()) 144 | } 145 | defer file.Close() 146 | w = csv.NewWriter(file) 147 | defer w.Flush() 148 | row := []string{"sAMAccountNamE", "ms-Mcs-AdmPwd"} 149 | w.Write(row) 150 | } 151 | 152 | // Print search results 153 | log.Println("Search Results:") 154 | for _, entry := range sr.Entries { 155 | log.Printf("DN: %s\n", entry.DN) 156 | name := entry.GetAttributeValue("sAMAccountName") 157 | pass := entry.GetAttributeValue("ms-Mcs-AdmPwd") 158 | log.Printf(" %s: %s\n", name, pass) 159 | // Write to CSV if the writer is not nil 160 | if w != nil { 161 | row := []string{name, pass} 162 | w.Write(row) 163 | } 164 | } 165 | 166 | return sr, err 167 | } 168 | 169 | func (gl GoLaps) SetLapsPassword(l *ldap.Conn, LapsPassword string) error { 170 | // query for the target computer 171 | searchFilter := fmt.Sprintf("(&(objectCategory=computer)(sAMAccountName=%s))", ldap.EscapeFilter(gl.Targetcomputer)) 172 | searchRequest := ldap.NewSearchRequest( 173 | gl.BaseDN, // Base DN 174 | ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, 175 | searchFilter, // Search filter 176 | []string{"sAMAccountName", "ms-Mcs-AdmPwd"}, // Attributes to retrieve 177 | nil, 178 | ) 179 | sr, err := l.Search(searchRequest) 180 | if err != nil { 181 | log.Fatal("Error searching for target computer %s" + err.Error()) 182 | return err 183 | } 184 | targetComputerDN := "" 185 | for _, entry := range sr.Entries { 186 | targetComputerDN = entry.DN 187 | log.Printf("Target computer DN: %s\n", targetComputerDN) 188 | for _, attr := range entry.Attributes { 189 | log.Printf(" %s: %v\n", attr.Name, attr.Values) 190 | } 191 | } 192 | // TODO: Finish this 193 | log.Println("Set the LAPS password of " + gl.Targetcomputer + " to " + LapsPassword) 194 | modifyRequest := ldap.ModifyRequest{ 195 | DN: targetComputerDN, 196 | Changes: nil, 197 | Controls: nil, 198 | } 199 | modifyRequest.Replace("ms-Mcs-AdmPwd", []string{LapsPassword}) 200 | // Perform the modification 201 | err = l.Modify(&modifyRequest) 202 | if err != nil { 203 | log.Fatalf("Failed to modify attribute 'ms-Mcs-AdmPwd': %v", err) 204 | return err 205 | } 206 | 207 | log.Println("Successfully modified the ms-Mcs-AdmPwd attribute") 208 | 209 | return nil 210 | } 211 | -------------------------------------------------------------------------------- /src/main.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "log" 6 | ) 7 | 8 | func printBanner() { 9 | fmt.Print(` 10 | ________ ________ ___ ________ ________ ________ 11 | |\ ____\|\ __ \|\ \ |\ __ \|\ __ \|\ ____\ 12 | \ \ \___|\ \ \|\ \ \ \ \ \ \|\ \ \ \|\ \ \ \___|_ 13 | \ \ \ __\ \ \\\ \ \ \ \ \ __ \ \ ____\ \_____ \ 14 | \ \ \|\ \ \ \\\ \ \ \____\ \ \ \ \ \ \___|\|____|\ \ 15 | \ \_______\ \_______\ \_______\ \__\ \__\ \__\ ____\_\ \ 16 | \|_______|\|_______|\|_______|\|__|\|__|\|__| |\_________\ 17 | \|_________| 18 | Retrieve LAPS passwords from a domain controler 19 | (author: @felmoltor) 20 | Inspired by pyLAPS (https://github.com/p0dalirius/pyLAPS) 21 | 22 | `) 23 | } 24 | 25 | func getLapsPassword(args *GetArgs) { 26 | gl := GoLaps{ 27 | Credentials: Credentials{ 28 | Username: args.Username, 29 | Password: args.Password, 30 | Domain: args.Domain, 31 | }, 32 | TargetDC: args.Dc, 33 | ComputernameFilter: args.Filter, 34 | } 35 | gl.InitLogging() 36 | l, err := gl.ConnectToDC() 37 | if err != nil { 38 | log.Fatal("Error connecting to DC" + err.Error()) 39 | } 40 | err = gl.BindToDC(l) 41 | if err != nil { 42 | log.Fatal("Error binding to DC" + err.Error()) 43 | } 44 | _, err = gl.GetDomainDN(l) 45 | if err != nil { 46 | log.Fatal("Error getting domain DN" + err.Error()) 47 | } 48 | _, err = gl.SearchComputersWithLaps(l, args.Outfile) 49 | if err != nil { 50 | log.Fatal("Error searching for computers with LAPS" + err.Error()) 51 | } 52 | gl.CloseConnection(l) 53 | } 54 | 55 | func setLapsPassword(args *SetArgs) { 56 | gl := GoLaps{ 57 | Credentials: Credentials{ 58 | Username: args.Username, 59 | Password: args.Password, 60 | Domain: args.Domain, 61 | }, 62 | TargetDC: args.Dc, 63 | Targetcomputer: args.Target, 64 | } 65 | gl.InitLogging() 66 | l, err := gl.ConnectToDC() 67 | if err != nil { 68 | log.Fatal("Error connecting to DC" + err.Error()) 69 | } 70 | err = gl.BindToDC(l) 71 | if err != nil { 72 | log.Fatal("Error binding to DC" + err.Error()) 73 | } 74 | _, err = gl.GetDomainDN(l) 75 | if err != nil { 76 | log.Fatal("Error getting domain DN" + err.Error()) 77 | } 78 | // TODO: Complete the method to set the LAPS password of this computer 79 | err = gl.SetLapsPassword(l, args.Lapspass) 80 | if err != nil { 81 | log.Fatal("Error setting the LAPS password" + err.Error()) 82 | } 83 | gl.CloseConnection(l) 84 | } 85 | 86 | // main 87 | func main() { 88 | printBanner() 89 | args := parseArgs() 90 | 91 | if args.get != nil { 92 | getLapsPassword(args.get) 93 | } else if args.set != nil { 94 | setLapsPassword(args.set) 95 | } else { 96 | fmt.Println("No command specified") 97 | } 98 | } 99 | -------------------------------------------------------------------------------- /src/parser.go: -------------------------------------------------------------------------------- 1 | package main 2 | 3 | import ( 4 | "fmt" 5 | "os" 6 | 7 | "github.com/akamensky/argparse" 8 | ) 9 | 10 | // SetArgs holds the arguments for the 'set' command 11 | type SetArgs struct { 12 | Dc string 13 | Username string 14 | Password string 15 | Domain string 16 | Target string 17 | Lapspass string 18 | } 19 | 20 | // GetArgs holds the arguments for the 'get' command 21 | type GetArgs struct { 22 | Dc string 23 | Username string 24 | Password string 25 | Domain string 26 | Filter string 27 | Outfile string // To write the results to a csv file 28 | } 29 | 30 | // Args holds the parsed command-line arguments 31 | type Args struct { 32 | set *SetArgs 33 | get *GetArgs 34 | } 35 | 36 | // Partially implemented by Francois Reynaud and modified by Felipe Molina 37 | func parseArgs() *Args { 38 | parser := argparse.NewParser("golaps", "Get or set the LAPS password of the computers in the domain.") 39 | 40 | // Parse "get" subcommand 41 | getCmd := parser.NewCommand("get", "") 42 | getCmd_dc := getCmd.String("D", "dc", &argparse.Options{Required: true, Help: " of the Domain Controller to query."}) 43 | getCmd_username := getCmd.String("u", "username", &argparse.Options{Required: true, Help: "Username to authenticate with."}) 44 | getCmd_password := getCmd.String("p", "password", &argparse.Options{Required: true, Help: "Password to authenticate with."}) 45 | getCmd_domain := getCmd.String("d", "domain", &argparse.Options{Required: true, Help: "Domain of the user authenticating."}) 46 | getCmd_filter := getCmd.String("f", "filter", &argparse.Options{Required: false, Help: "Substring of the computer name (samAccountName) to search for."}) 47 | getCmd_outfile := getCmd.String("o", "out", &argparse.Options{Required: false, Help: "File name of the csv file to write the results."}) 48 | 49 | // Parse "set" subcommand 50 | setCmd := parser.NewCommand("set", "") 51 | setCmd_dc := setCmd.String("D", "dc", &argparse.Options{Required: true, Help: " of the Domain Controller to target."}) 52 | setCmd_username := setCmd.String("u", "username", &argparse.Options{Required: true, Help: "Username to authenticate with."}) 53 | setCmd_password := setCmd.String("p", "password", &argparse.Options{Required: true, Help: "Password to authenticate with."}) 54 | setCmd_domain := setCmd.String("d", "domain", &argparse.Options{Required: true, Help: "Domain of the user authenticating."}) 55 | setCmd_targetcomputer := setCmd.String("t", "target", &argparse.Options{Required: true, Help: "FQDN of the computer to set the LAPS password."}) 56 | setCmd_lapspass := setCmd.String("P", "lapspass", &argparse.Options{Required: true, Help: "Password to set."}) 57 | 58 | err := parser.Parse(os.Args) 59 | if err != nil { 60 | fmt.Print(parser.Usage(err)) 61 | os.Exit(1) 62 | } 63 | args := &Args{} 64 | if setCmd.Happened() { 65 | args.set = &SetArgs{ 66 | Dc: *setCmd_dc, 67 | Username: *setCmd_username, 68 | Password: *setCmd_password, 69 | Domain: *setCmd_domain, 70 | Target: *setCmd_targetcomputer, 71 | Lapspass: *setCmd_lapspass, 72 | } 73 | } 74 | 75 | if getCmd.Happened() { 76 | args.get = &GetArgs{ 77 | Dc: *getCmd_dc, 78 | Username: *getCmd_username, 79 | Password: *getCmd_password, 80 | Domain: *getCmd_domain, 81 | Filter: *getCmd_filter, 82 | Outfile: *getCmd_outfile, 83 | } 84 | } 85 | 86 | return args 87 | } 88 | --------------------------------------------------------------------------------