Class: Msf::Exploit::Remote::LDAP::ActiveDirectory::SecurityDescriptorMatcher::Base

Inherits:
Object
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/ldap/active_directory/security_descriptor_matcher.rb

Overview

This is a Base matcher class that can be used while analyzing security descriptors. It abstracts away the checking of the permissions but relies on an external source to identify when particular ACEs will be in effect based on a target principal SID.

Direct Known Subclasses

Allow, MultipleAny

Instance Method Summary collapse

Instance Method Details

#apply_ace!(ace) ⇒ Object

Apply the specified ACE to the internal state of the matcher because it will be applied in the hypothetical access operation that is being analyzed.

Parameters:



30
31
32
 
# File 'lib/msf/core/exploit/remote/ldap/active_directory/security_descriptor_matcher.rb', line 30

def apply_ace!(ace)
  nil
end

#ignore_ace?(ace) ⇒ Boolean

Check the ACE and determine if it should be ignored while processing. This allows processing to skip querying the LDAP server when it’s known that the ACE is irrelevant.

Parameters:

Returns:

  • (Boolean) 


21
22
23
 
# File 'lib/msf/core/exploit/remote/ldap/active_directory/security_descriptor_matcher.rb', line 21

def ignore_ace?(ace)
  false
end

#matches?Boolean

The matcher matches when it is satisfied and confident that the desired affect will be applied in the hypothetical access operation.

Returns:

  • (Boolean) 


42
43
44
 
# File 'lib/msf/core/exploit/remote/ldap/active_directory/security_descriptor_matcher.rb', line 42

def matches?
  false
end

#satisfied?Boolean

The matcher is satisfied when it has all the information it needs from previous calls to #apply_ace! to make a determination with #matches?.

Returns:

  • (Boolean) 


36
37
38
 
# File 'lib/msf/core/exploit/remote/ldap/active_directory/security_descriptor_matcher.rb', line 36

def satisfied?
  false
end