Public release

Author: p0dalirius

.github/FUNDING.yml

@@ -0,0 +1,3 @@
+# These are supported funding model platforms
+
+github: p0dalirius

.github/banner.png

@@ -0,0 +1,86 @@
+name: Auto-prefix & Label Issues
+
+on:
+  issues:
+    types: [opened, edited]
+
+jobs:
+  prefix_and_label:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Ensure labels exist, then prefix titles & add labels
+        uses: actions/github-script@v6
+        with:
+          script: |
+            const owner = context.repo.owner;
+            const repo  = context.repo.repo;
+
+            // 1. Ensure required labels exist
+            const required = [
+              { name: 'bug',         color: 'd73a4a', description: 'Something isn\'t working' },
+              { name: 'enhancement', color: 'a2eeef', description: 'New feature or request' }
+            ];
+
+            // Fetch current labels in the repo
+            const { data: existingLabels } = await github.rest.issues.listLabelsForRepo({
+              owner, repo, per_page: 100
+            });
+            const existingNames = new Set(existingLabels.map(l => l.name));
+
+            // Create any missing labels
+            for (const lbl of required) {
+              if (!existingNames.has(lbl.name)) {
+                await github.rest.issues.createLabel({
+                  owner,
+                  repo,
+                  name: lbl.name,
+                  color: lbl.color,
+                  description: lbl.description
+                });
+                console.log(`Created label "${lbl.name}"`);
+              }
+            }
+
+            // 2. Fetch all open issues
+            const issues = await github.paginate(
+              github.rest.issues.listForRepo,
+              { owner, repo, state: 'open', per_page: 100 }
+            );
+
+            // 3. Keyword sets
+            const enhancementWords = ["add", "added", "improve", "improved"];
+            const bugWords         = ["bug", "error", "problem", "crash", "failed", "fix", "fixed"];
+
+            // 4. Process each issue
+            for (const issue of issues) {
+              const origTitle = issue.title;
+              const lower     = origTitle.toLowerCase();
+
+              // skip if already prefixed
+              if (/^\[(bug|enhancement)\]/i.test(origTitle)) continue;
+
+              let prefix, labelToAdd;
+              if (enhancementWords.some(w => lower.includes(w))) {
+                prefix     = "[enhancement]";
+                labelToAdd = "enhancement";
+              } else if (bugWords.some(w => lower.includes(w))) {
+                prefix     = "[bug]";
+                labelToAdd = "bug";
+              }
+
+              if (prefix) {
+                // update title
+                await github.rest.issues.update({
+                  owner, repo, issue_number: issue.number,
+                  title: `${prefix} ${origTitle}`
+                });
+                console.log(`Prefixed title of #${issue.number}`);
+
+                // add label
+                await github.rest.issues.addLabels({
+                  owner, repo, issue_number: issue.number,
+                  labels: [labelToAdd]
+                });
+                console.log(`Added label "${labelToAdd}" to #${issue.number}`);
+              }
+            }

.github/example_dn.png

@@ -0,0 +1,44 @@
+name: Build on commit
+
+on:
+  push:
+    branches:
+      - '*'
+
+jobs:
+  build:
+    name: Build Release Assets
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        os: [linux, windows, darwin]
+        arch: [amd64, arm64, 386]
+        binaryname: [DescribeKeyCredentialLink]
+        # Exclude incompatible couple of GOOS and GOARCH values
+        exclude:
+          - os: darwin
+            arch: 386
+
+    env:
+      GO111MODULE: 'on'
+      CGO_ENABLED: '0'
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22.1'
+
+      - name: Build Binary
+        env:
+          GOOS: ${{ matrix.os }}
+          GOARCH: ${{ matrix.arch }}
+        run: |
+          mkdir -p build
+          OUTPUT_PATH="../build/${{ matrix.binaryname }}-${{ matrix.os }}-${{ matrix.arch }}"
+          # Build the binary
+          go build -ldflags="-s -w" -o $OUTPUT_PATH${{ matrix.os == 'windows' && '.exe' || '' }}

.github/example_value.png

@@ -0,0 +1,57 @@
+name: Build and Release
+
+on:
+  release:
+    types: [published]
+
+jobs:
+  build:
+    name: Build Release Assets
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        os: [linux, windows, darwin]
+        arch: [amd64, arm64, 386]
+        binaryname: [DescribeKeyCredentialLink]
+        # Exclude incompatible couple of GOOS and GOARCH values
+        exclude:
+          - os: darwin
+            arch: 386
+
+    env:
+      GO111MODULE: 'on'
+      CGO_ENABLED: '0'
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v3
+
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.22.1'
+
+      - name: Build Binary
+        env:
+          GOOS: ${{ matrix.os }}
+          GOARCH: ${{ matrix.arch }}
+        run: |
+          mkdir -p bin
+          OUTPUT_PATH="../build/${{ matrix.binaryname }}-${{ matrix.os }}-${{ matrix.arch }}"
+          # Build the binary
+          go build -ldflags="-s -w" -o $OUTPUT_PATH${{ matrix.os == 'windows' && '.exe' || '' }}
+
+      - name: Prepare Release Assets
+        if: ${{ success() }}
+        run: |
+          mkdir -p ./release/
+          cp ./build/${{ matrix.binaryname }}-* ./release/
+
+      - name: Upload the Release binaries
+        uses: svenstaro/upload-release-action@v2
+        with:
+          repo_token: ${{ secrets.GITHUB_TOKEN }}
+          tag: ${{ github.ref }}
+          file: ./release/${{ matrix.binaryname }}-*
+          file_glob: true

.github/workflows/auto_prefix_issues.yml

@@ -23,3 +23,6 @@ go.work.sum
 
 # env file
 .env
+
+# Builds dir
+./bin/

.github/workflows/commit.yaml

@@ -1 +1,64 @@
-# ParseMsDSKeyCredentialLink
+![](./.github/banner.png)
+
+<p align="center">
+      A cross-platform tool to parse and describe the contents of a raw msDS-KeyCredentialLink data blob. 
+      <br>
+      <a href="https://github.com/TheManticoreProject/DescribeKeyCredentialLink/actions/workflows/release.yaml" title="Build"><img alt="Build and Release" src="https://github.com/TheManticoreProject/DescribeKeyCredentialLink/actions/workflows/release.yaml/badge.svg"></a>
+      <img alt="GitHub release (latest by date)" src="https://img.shields.io/github/v/release/TheManticoreProject/DescribeKeyCredentialLink">
+      <img alt="Go Report Card" src="https://goreportcard.com/badge/github.com/TheManticoreProject/DescribeKeyCredentialLink"> 
+      <br>
+</p>
+
+## Features
+
+- [x] Read msDS-KeyCredentialLink data blob:
+  - [x] from LDAP
+  - [x] from a file
+  - [x] from raw string
+
+## Usage
+
+```
+$ ./DescribeKeyCredentialLink -h
+DescribeKeyCredentialLink - by Remi GASCOU (Podalirius) @ TheManticoreProject - v1.3.0
+
+Usage: DescribeKeyCredentialLink [--quiet] [--debug] [--domain <string>] --username <string> [--password <string>] [--hashes <string>] [--dc-ip <string>] [--ldap-port <tcp port>] [--use-ldaps] [--distinguished-name <string>] [--value <string>]
+
+  -q, --quiet     Show no information at all. (default: false)
+  -d, --debug     Debug mode. (default: false)
+
+  Authentication:
+    -d, --domain <string>   Active Directory domain to authenticate to. (default: "")
+    -u, --username <string> User to authenticate as.
+    -p, --password <string> Password to authenticate with. (default: "")
+    -H, --hashes <string>   NT/LM hashes, format is LMhash:NThash. (default: "")
+
+  LDAP Connection Settings:
+    -dc, --dc-ip <string>       IP Address of the domain controller or KDC (Key Distribution Center) for Kerberos. If omitted, it will use the domain part (FQDN) specified in the identity parameter. (default: "")
+    -lp, --ldap-port <tcp port> Port number to connect to LDAP server. (default: 389)
+    -L, --use-ldaps             Use LDAPS instead of LDAP. (default: false)
+
+  Source Values:
+    -D, --distinguished-name <string> Distinguished Name. (default: "")
+    -v, --value <string>              Raw string value of of msDS-KeyCredentialLink, it typically starts with 'B:'. (default: "")
+```
+
+## Demonstration with a `--distinguished-name` in the LDAP
+
+```bash
+./DescribeKeyCredentialLink --domain "MANTICORE.local" --username "Administrator" --password "Admin123!" --dc-ip "192.168.56.101" --debug --distinguished-name "CN=DC01,CN=Computers,DC=MANTICORE,DC=local"
+```
+
+![](./.github/example_dn.png)
+
+## Demonstration with a `--value`
+
+```bash
+./DescribeKeyCredentialLink --debug --value "B:828:0002000020000108E2E5700BC0E9522D434C139C15B767678284D922DF7E92BA0DD17D62407E9D200002A786DBE1C8FD5259753E75E32DE90CA2CBE04D2A2AF4DACC29DB7C6B06FE3E411B0103525341310008000003000000000100000000000000000000010001CC86F6DEB74305A202C68F94489B82C499C6F21A74D5E290869E82FFF5B5774B961251741E42D7FEC1F5EEAE52B5C759DE321491987D6586F9F3672B4E5B88EB32827480D4444D958275113832EA7B52E91E8ED414796E6AE9061BE323D3BBFACF4448FE2451DF9325393FE1189CE53E7AE6D02E7710D71EB1F16B8ACCF13EB63F34834021DAF3398962A6C1DF4F359CE9A81BD2E6FA3D9DD095898C9FC2E2316DD10B59A5C0C09A71EA12CE70E3AC6EA42C74E258A0C13F102577B9AB2B55658A4F72CAFCDF26B0EBB124EEB3F7D97BD705D04FFA4B0D4C442F68CDC724A5DD4B42B114BB3A667A54F7A733A26F7AFC6FA09CEC688246EC32494668148C09950100040101000500100006335A9368151ACC785211B3C9DA8EC9720200070100080008A7E1A5606E06DA01080009A7E1A5606E06DA01:CN=PC12,CN=Computers,DC=LAB,DC=local"
+```
+
+![](./.github/example_value.png)
+
+## Contributing
+
+Pull requests are welcome. Feel free to open an issue if you want to add other features.

.github/workflows/release.yaml

@@ -0,0 +1,30 @@
+module github.com/TheManticoreProject/DescribeKeyCredentialLink
+
+go 1.24.0
+
+require (
+	github.com/TheManticoreProject/Manticore v1.0.9-0.20251112154051-eb49d08444c4
+	github.com/TheManticoreProject/goopts v1.2.4
+)
+
+require (
+	github.com/TheManticoreProject/winacl v1.2.14 // indirect
+	github.com/alexbrainman/sspi v0.0.0-20250919150558-7d374ff0d59e // indirect
+	github.com/go-ldap/ldap/v3 v3.4.12 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/jcmturner/aescts/v2 v2.0.0 // indirect
+	github.com/jcmturner/dnsutils/v2 v2.0.0 // indirect
+	github.com/jcmturner/gofork v1.7.6 // indirect
+	github.com/jcmturner/goidentity/v6 v6.0.1 // indirect
+	github.com/jcmturner/gokrb5/v8 v8.4.4 // indirect
+	github.com/jcmturner/rpc/v2 v2.0.3 // indirect
+	golang.org/x/net v0.47.0 // indirect
+)
+
+require (
+	github.com/Azure/go-ntlmssp v0.1.0 // indirect
+	// indirect
+	github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect
+	github.com/google/uuid v1.6.0 // indirect
+	golang.org/x/crypto v0.44.0 // indirect
+)