1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58

func main() {

    conn, err := net.Dial("tcp", fmt.Sprintf("%s:%d", targetIP, targetPort))
    if err != nil {
        log.Fatalf("Failed to connnect target ip: %v", err)
    }
    defer conn.Close()

    ldapSearchRequest := LDAPSearchRequest{
        BaseDN:     "dc=example,dc=com",
        Scope:      2,  // Whole Subtree
        Filter:     "(objectClass=*)",
        Attributes: []string{"All User Attributes"},
    }

    ldapSearchRequestBytes, err := asn1.Marshal(ldapSearchRequest)
    if err != nil {
        log.Fatalf("Failed to encode LDAP search request : %v", err)
    }

    ldapPacket := gopacket.NewSerializeBuffer()
    opts := gopacket.SerializeOptions{}

    tcpLayer := &layers.TCP{
        SrcPort: layers.TCPPort(12345),
        DstPort: layers.TCPPort(389),
        Seq:     110,
        Ack:     200,
        SYN:     true,
        Window:  14600,
    }
    err = tcpLayer.SerializeTo(ldapPacket, opts)
    if err != nil {
        log.Fatalf("Failed to add to tcp layer: %v", err)
    }

    err = gopacket.SerializeLayers(ldapPacket, opts, gopacket.Payload(ldapSearchRequestBytes))
    if err != nil {
        log.Fatalf("Failed to add payload: %v", err)
    }

    _, err = conn.Write(ldapPacket.Bytes())
    if err != nil {
        log.Fatalf("Failed to send packet: %v", err)
    }

}

type LDAPSearchRequest struct {
    BaseDN     string   `asn1:"octetstring"`
    Scope      int      `asn1:"enumerated"`
    DerefAlias int      `asn1:"enumerated"`
    SizeLimit  int      `asn1:"integer"`
    TimeLimit  int      `asn1:"integer"`
    TypesOnly  bool     `asn1:"boolean"`
    Filter     string   `asn1:"octetstring"`
    Attributes []string `asn1:"set"`
}