Class: Metasploit::Framework::LoginScanner::LDAP
- Inherits:
-
Object
- Object
- Metasploit::Framework::LoginScanner::LDAP
- Defined in:
- lib/metasploit/framework/login_scanner/ldap.rb
Constant Summary collapse
- LIKELY_PORTS =
[ 389, 636 ]
- LIKELY_SERVICE_NAMES =
[ 'ldap', 'ldaps', 'ldapssl' ]
- PRIVATE_TYPES =
[:password, :ntlm_hash]
Instance Attribute Summary collapse
-
#opts ⇒ Object
Returns the value of attribute opts.
-
#realm_key ⇒ Object
Returns the value of attribute realm_key.
-
#use_client_as_proof ⇒ Boolean
If a login is successful and this attribute is true - an LDAP::Client instance is used as proof.
Instance Method Summary collapse
- #attempt_login(credential) ⇒ Object
- #do_login(credential) ⇒ Object
- #each_credential ⇒ Object
-
#set_sane_defaults ⇒ Object
This method sets the sane defaults for things like timeouts and TCP evasion options.
- #status_code(ldap_client) ⇒ Object
Methods included from Msf::Exploit::Remote::LDAP
#get_connect_opts, #initialize, #ldap_connect, #ldap_escape_filter, #ldap_new, #ldap_open, #peer, #resolve_connect_opts, #rhost, #rport, #validate_bind_success!, #validate_query_result!
Methods included from Metasploit::Framework::LDAP::Client
Methods included from Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::Options
Methods included from Msf::Exploit::Remote::Kerberos::Ticket::Storage
#initialize, #kerberos_storage_options, #kerberos_ticket_storage, store_ccache
Instance Attribute Details
#opts ⇒ Object
Returns the value of attribute opts.
18 19 20 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 18 def opts @opts end |
#realm_key ⇒ Object
Returns the value of attribute realm_key.
18 19 20 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 18 def realm_key @realm_key end |
#use_client_as_proof ⇒ Boolean
Returns If a login is successful and this attribute is true - an LDAP::Client instance is used as proof.
21 22 23 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 21 def use_client_as_proof @use_client_as_proof end |
Instance Method Details
#attempt_login(credential) ⇒ Object
31 32 33 34 35 36 37 38 39 40 41 42 43 44 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 31 def attempt_login(credential) result_opts = { credential: credential, status: Metasploit::Model::Login::Status::INCORRECT, proof: nil, host: host, port: port, protocol: 'tcp', service_name: 'ldap' } result_opts.merge!(do_login(credential)) Result.new(result_opts) end |
#do_login(credential) ⇒ Object
46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 46 def do_login(credential) opts = { username: credential.public, password: credential.private, framework_module: framework_module, ldap_auth: 'auto' }.merge(@opts) connect_opts = ldap_connect_opts(host, port, connection_timeout, ssl: opts[:ssl], opts: opts) begin ldap_client = ldap_open(connect_opts, keep_open: true) return status_code(ldap_client) rescue StandardError => e { status: Metasploit::Model::Login::Status::UNABLE_TO_CONNECT, proof: e } end end |
#each_credential ⇒ Object
78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 78 def each_credential cred_details.each do |raw_cred| # This could be a Credential object, or a Credential Core, or an Attempt object # so make sure that whatever it is, we end up with a Credential. credential = raw_cred.to_credential if opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::KERBEROS && opts[:ldap_krb5_cname] # If we're using kerberos auth with a ccache then the password is irrelevant # Remove it from the credential so we don't store it credential.private = nil elsif opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL # If we're using kerberos auth with schannel then the user/password is irrelevant # Remove the password from the credential so we don't store it # Note that the username is kept since it is needed for the certificate lookup. credential.private = nil end if credential.realm.present? && realm_key.present? credential.realm_key = realm_key elsif credential.realm.present? && realm_key.blank? # This service has no realm key, so the realm will be # meaningless. Strip it off. credential.realm = nil credential.realm_key = nil end yield credential if opts[:append_domain] && credential.realm.nil? credential.public = "#{credential.public}@#{opts[:domain]}" yield credential end end end |
#set_sane_defaults ⇒ Object
This method sets the sane defaults for things like timeouts and TCP evasion options
25 26 27 28 29 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 25 def set_sane_defaults self.opts ||= {} self.connection_timeout = 30 if self.connection_timeout.nil? nil end |
#status_code(ldap_client) ⇒ Object
63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/metasploit/framework/login_scanner/ldap.rb', line 63 def status_code(ldap_client) operation_result = ldap_client.get_operation_result.table[:code] case operation_result when 0 result = { status: Metasploit::Model::Login::Status::SUCCESSFUL } if use_client_as_proof result[:proof] = ldap_client result[:connection] = ldap_client.socket end result else { status: Metasploit::Model::Login::Status::INCORRECT, proof: "Bind Result: #{operation_result}" } end end |