forked from gentilkiwi/mimikatz
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathkull_m_samlib.h
300 lines (264 loc) · 12.8 KB
/
kull_m_samlib.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
/* Benjamin DELPY `gentilkiwi`
http://blog.gentilkiwi.com
Licence : https://creativecommons.org/licenses/by/4.0/
*/
#pragma once
#include "globals.h"
typedef PVOID SAMPR_HANDLE;
typedef enum _USER_INFORMATION_CLASS {
UserInternal1Information = 18,
UserAllInformation = 21,
} USER_INFORMATION_CLASS, *PUSER_INFORMATION_CLASS;
typedef struct _SAMPR_SR_SECURITY_DESCRIPTOR {
DWORD Length;
PUCHAR SecurityDescriptor;
} SAMPR_SR_SECURITY_DESCRIPTOR, *PSAMPR_SR_SECURITY_DESCRIPTOR;
typedef struct _GROUP_MEMBERSHIP {
DWORD RelativeId;
DWORD Attributes;
} GROUP_MEMBERSHIP, *PGROUP_MEMBERSHIP;
typedef struct _CYPHER_BLOCK {
CHAR data[8];
} CYPHER_BLOCK, *PCYPHER_BLOCK;
typedef struct _NT_OWF_PASSWORD {
CYPHER_BLOCK data[2];
} NT_OWF_PASSWORD, *PNT_OWF_PASSWORD, ENCRYPTED_NT_OWF_PASSWORD, *PENCRYPTED_NT_OWF_PASSWORD, USER_SESSION_KEY;
typedef struct _SAMPR_LOGON_HOURS {
unsigned short UnitsPerWeek;
unsigned char* LogonHours;
} SAMPR_LOGON_HOURS, *PSAMPR_LOGON_HOURS;
typedef struct _SAMPR_USER_INTERNAL1_INFORMATION {
BYTE NTHash[LM_NTLM_HASH_LENGTH];
BYTE LMHash[LM_NTLM_HASH_LENGTH];
BYTE NtPasswordPresent;
BYTE LmPasswordPresent;
BYTE PasswordExpired;
BYTE PrivateDataSensitive;
} SAMPR_USER_INTERNAL1_INFORMATION, *PSAMPR_USER_INTERNAL1_INFORMATION;
typedef struct _SAMPR_USER_ALL_INFORMATION {
FILETIME LastLogon;
FILETIME LastLogoff;
FILETIME PasswordLastSet;
FILETIME AccountExpires;
FILETIME PasswordCanChange;
FILETIME PasswordMustChange;
LSA_UNICODE_STRING UserName;
LSA_UNICODE_STRING FullName;
LSA_UNICODE_STRING HomeDirectory;
LSA_UNICODE_STRING HomeDirectoryDrive;
LSA_UNICODE_STRING ScriptPath;
LSA_UNICODE_STRING ProfilePath;
LSA_UNICODE_STRING AdminComment;
LSA_UNICODE_STRING WorkStations;
LSA_UNICODE_STRING UserComment;
LSA_UNICODE_STRING Parameters;
LSA_UNICODE_STRING LmOwfPassword;
LSA_UNICODE_STRING NtOwfPassword;
LSA_UNICODE_STRING PrivateData;
SAMPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor;
DWORD UserId;
DWORD PrimaryGroupId;
DWORD UserAccountControl;
DWORD WhichFields;
SAMPR_LOGON_HOURS LogonHours;
WORD BadPasswordCount;
WORD LogonCount;
WORD CountryCode;
WORD CodePage;
BOOLEAN LmPasswordPresent;
BOOLEAN NtPasswordPresent;
BOOLEAN PasswordExpired;
BOOLEAN PrivateDataSensitive;
} SAMPR_USER_ALL_INFORMATION, *PSAMPR_USER_ALL_INFORMATION;
typedef union _SAMPR_USER_INFO_BUFFER {
SAMPR_USER_INTERNAL1_INFORMATION Internal1;
SAMPR_USER_ALL_INFORMATION All;
} SAMPR_USER_INFO_BUFFER, *PSAMPR_USER_INFO_BUFFER;
typedef struct _SAMPR_RID_ENUMERATION {
DWORD RelativeId;
LSA_UNICODE_STRING Name;
} SAMPR_RID_ENUMERATION, *PSAMPR_RID_ENUMERATION;
typedef struct _SAMPR_GET_MEMBERS_BUFFER {
DWORD MemberCount;
DWORD *Members;
DWORD *Attributes;
} SAMPR_GET_MEMBERS_BUFFER, *PSAMPR_GET_MEMBERS_BUFFER;
extern NTSTATUS WINAPI SamConnect(IN PUNICODE_STRING ServerName, OUT SAMPR_HANDLE * ServerHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted);
extern NTSTATUS WINAPI SamConnectWithCreds(IN PUNICODE_STRING ServerName, OUT SAMPR_HANDLE * ServerHandle, IN ACCESS_MASK DesiredAccess, IN LSA_OBJECT_ATTRIBUTES * ObjectAttributes, IN RPC_AUTH_IDENTITY_HANDLE AuthIdentity, IN PWSTR ServerPrincName, OUT ULONG * unk0);
extern NTSTATUS WINAPI SamEnumerateDomainsInSamServer(IN SAMPR_HANDLE ServerHandle, OUT DWORD * EnumerationContext, OUT PSAMPR_RID_ENUMERATION* Buffer, IN DWORD PreferedMaximumLength, OUT DWORD * CountReturned);
extern NTSTATUS WINAPI SamLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PUNICODE_STRING Name, OUT PSID * DomainId);
extern NTSTATUS WINAPI SamOpenDomain(IN SAMPR_HANDLE SamHandle, IN ACCESS_MASK DesiredAccess, IN PSID DomainId, OUT SAMPR_HANDLE * DomainHandle);
extern NTSTATUS WINAPI SamOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN DWORD UserId, OUT SAMPR_HANDLE * UserHandle);
extern NTSTATUS WINAPI SamOpenGroup(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN DWORD GroupId, OUT SAMPR_HANDLE * GroupHandle);
extern NTSTATUS WINAPI SamOpenAlias(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN DWORD AliasId, OUT SAMPR_HANDLE * AliasHandle);
extern NTSTATUS WINAPI SamQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, PSAMPR_USER_INFO_BUFFER* Buffer);
extern NTSTATUS WINAPI SamSetInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, PSAMPR_USER_INFO_BUFFER Buffer);
extern NTSTATUS WINAPI SamiChangePasswordUser(IN SAMPR_HANDLE UserHandle, IN BOOL isOldLM, IN const BYTE oldLM[LM_NTLM_HASH_LENGTH], IN const BYTE newLM[LM_NTLM_HASH_LENGTH], IN BOOL isNewNTLM, IN const BYTE oldNTLM[LM_NTLM_HASH_LENGTH], IN const BYTE newNTLM[LM_NTLM_HASH_LENGTH]);
extern NTSTATUS WINAPI SamGetGroupsForUser(IN SAMPR_HANDLE UserHandle, OUT PGROUP_MEMBERSHIP * Groups, OUT DWORD * CountReturned);
extern NTSTATUS WINAPI SamGetAliasMembership(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PSID * Sid, OUT DWORD * CountReturned, OUT PDWORD * RelativeIds);
extern NTSTATUS WINAPI SamGetMembersInGroup(IN SAMPR_HANDLE GroupHandle, OUT PDWORD *Members, OUT PDWORD *Attributes, OUT DWORD * CountReturned); // todo !!!
extern NTSTATUS WINAPI SamGetMembersInAlias(IN SAMPR_HANDLE AliasHandle, OUT PSID ** Members, OUT DWORD * CountReturned);
extern NTSTATUS WINAPI SamEnumerateUsersInDomain(IN SAMPR_HANDLE DomainHandle, IN OUT PDWORD EnumerationContext, IN DWORD UserAccountControl, OUT PSAMPR_RID_ENUMERATION* Buffer, IN DWORD PreferedMaximumLength, OUT PDWORD CountReturned);
extern NTSTATUS WINAPI SamEnumerateGroupsInDomain(IN SAMPR_HANDLE DomainHandle, IN OUT PDWORD EnumerationContext, OUT PSAMPR_RID_ENUMERATION * Buffer, IN DWORD PreferedMaximumLength, OUT PDWORD CountReturned);
extern NTSTATUS WINAPI SamEnumerateAliasesInDomain(IN SAMPR_HANDLE DomainHandle, IN OUT PDWORD EnumerationContext, OUT PSAMPR_RID_ENUMERATION * Buffer, IN DWORD PreferedMaximumLength, OUT PDWORD CountReturned);
extern NTSTATUS WINAPI SamLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PUNICODE_STRING Names, OUT PDWORD * RelativeIds, OUT PDWORD * Use);
extern NTSTATUS WINAPI SamLookupIdsInDomain(IN SAMPR_HANDLE DomainHandle, IN DWORD Count, IN PDWORD RelativeIds, OUT PUNICODE_STRING * Names, OUT PDWORD * Use);
extern NTSTATUS WINAPI SamRidToSid(IN SAMPR_HANDLE ObjectHandle, IN DWORD Rid, OUT PSID * Sid);
extern NTSTATUS WINAPI SamCloseHandle(IN SAMPR_HANDLE SamHandle);
extern NTSTATUS WINAPI SamFreeMemory(IN PVOID Buffer);
#define SAM_SERVER_CONNECT 0x00000001
#define SAM_SERVER_SHUTDOWN 0x00000002
#define SAM_SERVER_INITIALIZE 0x00000004
#define SAM_SERVER_CREATE_DOMAIN 0x00000008
#define SAM_SERVER_ENUMERATE_DOMAINS 0x00000010
#define SAM_SERVER_LOOKUP_DOMAIN 0x00000020
#define SAM_SERVER_ALL_ACCESS 0x000f003f
#define SAM_SERVER_READ 0x00020010
#define SAM_SERVER_WRITE 0x0002000e
#define SAM_SERVER_EXECUTE 0x00020021
#define SAM_DOMAIN_OBJECT 0x00000000
#define SAM_GROUP_OBJECT 0x10000000
#define SAM_NON_SECURITY_GROUP_OBJECT 0x10000001
#define SAM_ALIAS_OBJECT 0x20000000
#define SAM_NON_SECURITY_ALIAS_OBJECT 0x20000001
#define SAM_USER_OBJECT 0x30000000
#define SAM_MACHINE_ACCOUNT 0x30000001
#define SAM_TRUST_ACCOUNT 0x30000002
#define SAM_APP_BASIC_GROUP 0x40000000
#define SAM_APP_QUERY_GROUP 0x40000001
#define DOMAIN_READ_PASSWORD_PARAMETERS 0x00000001
#define DOMAIN_WRITE_PASSWORD_PARAMS 0x00000002
#define DOMAIN_READ_OTHER_PARAMETERS 0x00000004
#define DOMAIN_WRITE_OTHER_PARAMETERS 0x00000008
#define DOMAIN_CREATE_USER 0x00000010
#define DOMAIN_CREATE_GROUP 0x00000020
#define DOMAIN_CREATE_ALIAS 0x00000040
#define DOMAIN_GET_ALIAS_MEMBERSHIP 0x00000080
#define DOMAIN_LIST_ACCOUNTS 0x00000100
#define DOMAIN_LOOKUP 0x00000200
#define DOMAIN_ADMINISTER_SERVER 0x00000400
#define DOMAIN_ALL_ACCESS 0x000f07ff
#define DOMAIN_READ 0x00020084
#define DOMAIN_WRITE 0x0002047a
#define DOMAIN_EXECUTE 0x00020301
#define GROUP_READ_INFORMATION 0x00000001
#define GROUP_WRITE_ACCOUNT 0x00000002
#define GROUP_ADD_MEMBER 0x00000004
#define GROUP_REMOVE_MEMBER 0x00000008
#define GROUP_LIST_MEMBERS 0x00000010
#define GROUP_ALL_ACCESS 0x000F001F
#define GROUP_READ 0x00020010
#define GROUP_WRITE 0x0002000E
#define GROUP_EXECUTE 0x00020001
#define ALIAS_ADD_MEMBER 0x00000001
#define ALIAS_REMOVE_MEMBER 0x00000002
#define ALIAS_LIST_MEMBERS 0x00000004
#define ALIAS_READ_INFORMATION 0x00000008
#define ALIAS_WRITE_ACCOUNT 0x00000010
#define ALIAS_ALL_ACCESS 0x000F001F
#define ALIAS_READ 0x00020004
#define ALIAS_WRITE 0x00020013
#define ALIAS_EXECUTE 0x00020008
#define USER_READ_GENERAL 0x00000001
#define USER_READ_PREFERENCES 0x00000002
#define USER_WRITE_PREFERENCES 0x00000004
#define USER_READ_LOGON 0x00000008
#define USER_READ_ACCOUNT 0x00000010
#define USER_WRITE_ACCOUNT 0x00000020
#define USER_CHANGE_PASSWORD 0x00000040
#define USER_FORCE_PASSWORD_CHANGE 0x00000080
#define USER_LIST_GROUPS 0x00000100
#define USER_READ_GROUP_INFORMATION 0x00000200
#define USER_WRITE_GROUP_INFORMATION 0x00000400
#define USER_ALL_ACCESS 0x000f07ff
#define USER_READ 0x0002031a
#define USER_WRITE 0x00020044
#define USER_EXECUTE 0x00020041
#define USER_ALL_USERNAME 0x00000001
#define USER_ALL_FULLNAME 0x00000002
#define USER_ALL_USERID 0x00000004
#define USER_ALL_PRIMARYGROUPID 0x00000008
#define USER_ALL_ADMINCOMMENT 0x00000010
#define USER_ALL_USERCOMMENT 0x00000020
#define USER_ALL_HOMEDIRECTORY 0x00000040
#define USER_ALL_HOMEDIRECTORYDRIVE 0x00000080
#define USER_ALL_SCRIPTPATH 0x00000100
#define USER_ALL_PROFILEPATH 0x00000200
#define USER_ALL_WORKSTATIONS 0x00000400
#define USER_ALL_LASTLOGON 0x00000800
#define USER_ALL_LASTLOGOFF 0x00001000
#define USER_ALL_LOGONHOURS 0x00002000
#define USER_ALL_BADPASSWORDCOUNT 0x00004000
#define USER_ALL_LOGONCOUNT 0x00008000
#define USER_ALL_PASSWORDCANCHANGE 0x00010000
#define USER_ALL_PASSWORDMUSTCHANGE 0x00020000
#define USER_ALL_PASSWORDLASTSET 0x00040000
#define USER_ALL_ACCOUNTEXPIRES 0x00080000
#define USER_ALL_USERACCOUNTCONTROL 0x00100000
#define USER_ALL_PARAMETERS 0x00200000
#define USER_ALL_COUNTRYCODE 0x00400000
#define USER_ALL_CODEPAGE 0x00800000
#define USER_ALL_NTPASSWORDPRESENT 0x01000000
#define USER_ALL_LMPASSWORDPRESENT 0x02000000
#define USER_ALL_PRIVATEDATA 0x04000000
#define USER_ALL_PASSWORDEXPIRED 0x08000000
#define USER_ALL_SECURITYDESCRIPTOR 0x10000000
#define USER_ALL_UNDEFINED_MASK 0xc0000000
#define USER_NORMAL_ACCOUNT 0x00000010
#define USER_DONT_EXPIRE_PASSWORD 0x00000200
//
// Special Values and Constants - User
//
//
// Bit masks for field usriX_flags of USER_INFO_X (X = 0/1).
//
#define UF_SCRIPT 0x0001
#define UF_ACCOUNTDISABLE 0x0002
#define UF_HOMEDIR_REQUIRED 0x0008
#define UF_LOCKOUT 0x0010
#define UF_PASSWD_NOTREQD 0x0020
#define UF_PASSWD_CANT_CHANGE 0x0040
#define UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED 0x0080
//
// Account type bits as part of usri_flags.
//
#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100
#define UF_NORMAL_ACCOUNT 0x0200
#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800
#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000
#define UF_SERVER_TRUST_ACCOUNT 0x2000
#define UF_MACHINE_ACCOUNT_MASK ( UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT ) // !!!
#define UF_ACCOUNT_TYPE_MASK ( UF_TEMP_DUPLICATE_ACCOUNT | UF_NORMAL_ACCOUNT | UF_INTERDOMAIN_TRUST_ACCOUNT | UF_WORKSTATION_TRUST_ACCOUNT | UF_SERVER_TRUST_ACCOUNT ) // !!!
#define UF_DONT_EXPIRE_PASSWD 0x10000
#define UF_MNS_LOGON_ACCOUNT 0x20000
#define UF_SMARTCARD_REQUIRED 0x40000
#define UF_TRUSTED_FOR_DELEGATION 0x80000
#define UF_NOT_DELEGATED 0x100000
#define UF_USE_DES_KEY_ONLY 0x200000
#define UF_DONT_REQUIRE_PREAUTH 0x400000
#define UF_PASSWORD_EXPIRED 0x800000
#define UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION 0x1000000
#define UF_NO_AUTH_DATA_REQUIRED 0x2000000
#define UF_PARTIAL_SECRETS_ACCOUNT 0x4000000
#define UF_USE_AES_KEYS 0x8000000
#define UF_SETTABLE_BITS ( \
UF_SCRIPT | \
UF_ACCOUNTDISABLE | \
UF_LOCKOUT | \
UF_HOMEDIR_REQUIRED | \
UF_PASSWD_NOTREQD | \
UF_PASSWD_CANT_CHANGE | \
UF_ACCOUNT_TYPE_MASK | \
UF_DONT_EXPIRE_PASSWD | \
UF_MNS_LOGON_ACCOUNT |\
UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED |\
UF_SMARTCARD_REQUIRED | \
UF_TRUSTED_FOR_DELEGATION | \
UF_NOT_DELEGATED | \
UF_USE_DES_KEY_ONLY | \
UF_DONT_REQUIRE_PREAUTH |\
UF_PASSWORD_EXPIRED |\
UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION |\
UF_NO_AUTH_DATA_REQUIRED \
) // !!!