Class: Metasploit::Framework::LoginScanner::LDAP
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::LDAP
- Defined in:
- lib/metasploit/framework/login_scanner/ldap.rb
Instance Attribute Summary collapse
-
#opts ⇒ Object
Returns the value of attribute opts.
-
#realm_key ⇒ Object
Returns the value of attribute realm_key.
Instance Method Summary collapse
- #attempt_login(credential) ⇒ Object
- #do_login(credential) ⇒ Object
- #each_credential ⇒ Object
- #status_code(operation_result) ⇒ Object
Methods included from Msf::Exploit::Remote::LDAP
#discover_base_dn, #get_connect_opts, #get_naming_contexts, #initialize, #ldap_connect, #ldap_new, #ldap_open, #peer, #resolve_connect_opts, #rhost, #rport, #validate_bind_success!, #validate_query_result!
Methods included from Metasploit::Framework::LDAP::Client
Methods included from Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options
Methods included from Msf::Exploit::Remote::Kerberos::Ticket::Storage
#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache
Instance Attribute Details
#opts ⇒ Object
Returns the value of attribute opts.
14 15 16 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 14 def opts @opts end |
#realm_key ⇒ Object
Returns the value of attribute realm_key.
15 16 17 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 15 def realm_key @realm_key end |
Instance Method Details
#attempt_login(credential) ⇒ Object
17 18 19 20 21 22 23 24 25 26 27 28 29 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 17 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'ldap' } result_opts.merge!(do_login(credential)) Result.new(result_opts) end |
#do_login(credential) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 31 def do_login(credential) opts = { username: credential.public, password: credential.private, framework_module: framework_module }.merge(@opts) connect_opts = ldap_connect_opts(host, port, connection_timeout, ssl: opts[:ssl], opts: opts) ldap_open(connect_opts) do |ldap| return status_code(ldap.get_operation_result.table) rescue StandardError => e { status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e } end end |
#each_credential ⇒ Object
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 55 def each_credential cred_details.each do |raw_cred| # This could be a Credential object, or a Credential Core, or an Attempt object # so make sure that whatever it is, we end up with a Credential. credential = raw_cred.to_credential if opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::KERBEROS && opts[:ldap_krb5_cname] # If we're using kerberos auth with a ccache then the password is irrelevant # Remove it from the credential so we don't store it credential.private = nil elsif opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL # If we're using kerberos auth with schannel then the user/password is irrelevant # Remove it from the credential so we don't store it credential.public = nil credential.private = nil end if credential.realm.present? && realm_key.present? credential.realm_key = realm_key elsif credential.realm.present? && realm_key.blank? # This service has no realm key, so the realm will be # meaningless. Strip it off. credential.realm = nil credential.realm_key = nil end yield credential if opts[:append_domain] && credential.realm.nil? credential.public = "#{credential.public}@#{opts[:domain]}" yield credential end end end |
#status_code(operation_result) ⇒ Object
46 47 48 49 50 51 52 53 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 46 def status_code(operation_result) case operation_result[:code] when 0 { status: Metasploit::Model::Login::Status::SUCCESSFUL } else { status: Metasploit::Model::Login::Status::INCORRECT, proof: "Bind Result: #{operation_result}" } end end |