Class: Metasploit::Framework::LoginScanner::LDAP

Inherits:
Object
  • Object
show all
Includes:
Metasploit::Framework::LDAP::Client, Base, Msf::Exploit::Remote::LDAP
Defined in:
lib/metasploit/framework/login_scanner/ldap.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Msf::Exploit::Remote::LDAP

#discover_base_dn, #get_connect_opts, #get_naming_contexts, #initialize, #ldap_connect, #ldap_new, #ldap_open, #peer, #resolve_connect_opts, #rhost, #rport, #validate_bind_success!, #validate_query_result!

Methods included from Metasploit::Framework::LDAP::Client

#ldap_connect_opts

Methods included from Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options

#kerberos_auth_options

Methods included from Msf::Exploit::Remote::Kerberos::Ticket::Storage

#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache

Instance Attribute Details

#optsObject

Returns the value of attribute opts.



14
15
16
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 14

def opts
  @opts
end

#realm_keyObject

Returns the value of attribute realm_key.



15
16
17
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 15

def realm_key
  @realm_key
end

Instance Method Details

#attempt_login(credential) ⇒ Object 



17
18
19
20
21
22
23
24
25
26
27
28
29
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 17

def (credential)
  result_opts = {
    credential: credential,
    status: Metasploit::Model::Login::Status::INCORRECT,
    proof: nil,
    host: host,
    port: port,
    protocol: 'ldap'
  }

  result_opts.merge!((credential))
  Result.new(result_opts)
end

#do_login(credential) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 31

def (credential)
  opts = {
    username: credential.public,
    password: credential.private,
    framework_module: framework_module
  }.merge(@opts)

  connect_opts = ldap_connect_opts(host, port, connection_timeout, ssl: opts[:ssl], opts: opts)
  ldap_open(connect_opts) do |ldap|
    return status_code(ldap.get_operation_result.table)
  rescue StandardError => e
    { status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e }
  end
end

#each_credentialObject 



55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 55

def each_credential
  cred_details.each do |raw_cred|
    # This could be a Credential object, or a Credential Core, or an Attempt object
    # so make sure that whatever it is, we end up with a Credential.
    credential = raw_cred.to_credential

    if opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::KERBEROS && opts[:ldap_krb5_cname]
      # If we're using kerberos auth with a ccache then the password is irrelevant
      # Remove it from the credential so we don't store it
      credential.private = nil
    elsif opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL
      # If we're using kerberos auth with schannel then the user/password is irrelevant
      # Remove it from the credential so we don't store it
      credential.public = nil
      credential.private = nil
    end

    if credential.realm.present? && realm_key.present?
      credential.realm_key = realm_key
    elsif credential.realm.present? && realm_key.blank?
      # This service has no realm key, so the realm will be
      # meaningless. Strip it off.
      credential.realm = nil
      credential.realm_key = nil
    end

    yield credential

    if opts[:append_domain] && credential.realm.nil?
      credential.public = "#{credential.public}@#{opts[:domain]}"
      yield credential
    end

  end
end

#status_code(operation_result) ⇒ Object 



46
47
48
49
50
51
52
53
 
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 46

def status_code(operation_result)
  case operation_result[:code]
  when 0
    { status: Metasploit::Model::Login::Status::SUCCESSFUL }
  else
    { status: Metasploit::Model::Login::Status::INCORRECT, proof: "Bind Result: #{operation_result}" }
  end
end