Skip to content

racktopsystems/ntlmnego

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
LICENSE
LICENSE
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
ntlmnego.go
ntlmnego.go
 
 

Repository files navigation

A custom NTLM Negotiator for go-ldap implementing support for TLS channel bindings.

Many AD deployments nowadays are configured to require channel bindings for TLS connections using authentication methods that support it (https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-channel-binding-token-requirements). The library go-ldap uses to handle ntlm authentication - go-ntlmssp - has no support for that, and also has no support for sasl-based integrity or confidentiality (which these same AD deployments require for non-TLS connections: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/domain-controller-ldap-server-signing-requirements). go-ldap v3.4.11 added support for a 'custom NTLM Negotiator', which can be used to interpose between go-ldap and go-ntlmssp in order to modify the authentication blob. This can be leveraged to implement channel-bindings support.

Forked from https://github.com/RedTeamPentesting/adauth.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages