Class: Metasploit::Framework::LoginScanner::LDAP
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::LDAP
- Defined in:
- lib/metasploit/framework/login_scanner/ldap.rb
Instance Attribute Summary collapse
-
#opts ⇒ Object
Returns the value of attribute opts.
-
#realm_key ⇒ Object
Returns the value of attribute realm_key.
-
#use_client_as_proof ⇒ Boolean
If a login is successful and this attribute is true - an LDAP::Client instance is used as proof.
Instance Method Summary collapse
- #attempt_login(credential) ⇒ Object
- #do_login(credential) ⇒ Object
- #each_credential ⇒ Object
- #status_code(ldap_client) ⇒ Object
Methods included from Msf::Exploit::Remote::LDAP
#get_connect_opts, #initialize, #ldap_connect, #ldap_escape_filter, #ldap_new, #ldap_open, #peer, #resolve_connect_opts, #rhost, #rport, #validate_bind_success!, #validate_query_result!
Methods included from Metasploit::Framework::LDAP::Client
Methods included from Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options
Methods included from Msf::Exploit::Remote::Kerberos::Ticket::Storage
#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache
Instance Attribute Details
#opts ⇒ Object
Returns the value of attribute opts.
14 15 16 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 14 def opts @opts end |
#realm_key ⇒ Object
Returns the value of attribute realm_key.
14 15 16 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 14 def realm_key @realm_key end |
#use_client_as_proof ⇒ Boolean
Returns If a login is successful and this attribute is true - an LDAP::Client instance is used as proof.
17 18 19 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 17 def use_client_as_proof @use_client_as_proof end |
Instance Method Details
#attempt_login(credential) ⇒ Object
19 20 21 22 23 24 25 26 27 28 29 30 31 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 19 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'ldap' } result_opts.merge!(do_login(credential)) Result.new(result_opts) end |
#do_login(credential) ⇒ Object
33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 33 def do_login(credential) opts = { username: credential.public, password: credential.private, framework_module: framework_module }.merge(@opts) connect_opts = ldap_connect_opts(host, port, connection_timeout, ssl: opts[:ssl], opts: opts) begin ldap_client = ldap_open(connect_opts, keep_open: true) return status_code(ldap_client) rescue StandardError => e { status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e } end end |
#each_credential ⇒ Object
64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 64 def each_credential cred_details.each do |raw_cred| # This could be a Credential object, or a Credential Core, or an Attempt object # so make sure that whatever it is, we end up with a Credential. credential = raw_cred.to_credential if opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::KERBEROS && opts[:ldap_krb5_cname] # If we're using kerberos auth with a ccache then the password is irrelevant # Remove it from the credential so we don't store it credential.private = nil elsif opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL # If we're using kerberos auth with schannel then the user/password is irrelevant # Remove it from the credential so we don't store it credential.public = nil credential.private = nil end if credential.realm.present? && realm_key.present? credential.realm_key = realm_key elsif credential.realm.present? && realm_key.blank? # This service has no realm key, so the realm will be # meaningless. Strip it off. credential.realm = nil credential.realm_key = nil end yield credential if opts[:append_domain] && credential.realm.nil? credential.public = "#{credential.public}@#{opts[:domain]}" yield credential end end end |
#status_code(ldap_client) ⇒ Object
49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 49 def status_code(ldap_client) operation_result = ldap_client.get_operation_result.table[:code] case operation_result when 0 result = { status: Metasploit::Model::Login::Status::SUCCESSFUL } if use_client_as_proof result[:proof] = ldap_client result[:connection] = ldap_client.socket end result else { status: Metasploit::Model::Login::Status::INCORRECT, proof: "Bind Result: #{operation_result}" } end end |