Skip to content

Commit

Permalink
Renames LDAP datastore options
Browse files Browse the repository at this point in the history
  • Loading branch information
cgranleese-r7 committed Oct 31, 2024
1 parent 58e6947 commit 9e5ac3b
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 14 deletions.
12 changes: 6 additions & 6 deletions lib/msf/core/exploit/remote/ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -30,9 +30,9 @@ def initialize(info = {})
Opt::RHOST,
Opt::RPORT(389),
OptBool.new('SSL', [false, 'Enable SSL on the LDAP connection', false]),
Msf::OptString.new('DOMAIN', [false, 'The domain to authenticate to']),
Msf::OptString.new('USERNAME', [false, 'The username to authenticate with'], aliases: ['BIND_DN']),
Msf::OptString.new('PASSWORD', [false, 'The password to authenticate with'], aliases: ['BIND_PW'])
Msf::OptString.new('LDAPDomain', [false, 'The domain to authenticate to']),
Msf::OptString.new('LDAPUsername', [false, 'The username to authenticate with'], aliases: ['BIND_DN']),
Msf::OptString.new('LDAPPassword', [false, 'The password to authenticate with'], aliases: ['BIND_PW'])
])

register_advanced_options(
Expand Down Expand Up @@ -76,9 +76,9 @@ def peer
# LDAP server.
def get_connect_opts
opts = {
username: datastore['USERNAME'],
password: datastore['PASSWORD'],
domain: datastore['DOMAIN'],
username: datastore['LDAPUsername'],
password: datastore['LDAPPassword'],
domain: datastore['LDAPDomain'],
base: datastore['BASE_DN'],
domain_controller_rhost: datastore['DomainControllerRhost'],
ldap_auth: datastore['LDAP::Auth'],
Expand Down
2 changes: 1 addition & 1 deletion lib/msf/core/optional_session/ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ module OptionalSession
module LDAP
include Msf::OptionalSession

RHOST_GROUP_OPTIONS = %w[RHOSTS RPORT DOMAIN USERNAME PASSWORD THREADS]
RHOST_GROUP_OPTIONS = %w[RHOSTS RPORT LDAPDomain LDAPUsername LDAPPassword THREADS]
REQUIRED_OPTIONS = %w[RHOSTS RPORT THREADS]

def initialize(info = {})
Expand Down
14 changes: 9 additions & 5 deletions modules/auxiliary/scanner/ldap/ldap_login.rb
Original file line number Diff line number Diff line change
Expand Up @@ -37,12 +37,16 @@ def initialize(info = {})
'APPEND_DOMAIN', [true, 'Appends `@<DOMAIN> to the username for authentication`', false],
conditions: ['LDAP::Auth', 'in', [Msf::Exploit::Remote::AuthOption::AUTO, Msf::Exploit::Remote::AuthOption::PLAINTEXT]]
),
Msf::OptString.new('LDAPDomain', [false, 'The domain to authenticate to']),
Msf::OptString.new('LDAPUsername', [false, 'The username to authenticate with'], aliases: ['BIND_DN']),
Msf::OptString.new('LDAPPassword', [false, 'The password to authenticate with'], aliases: ['BIND_PW']),
OptInt.new('SessionKeepalive', [true, 'Time (in seconds) for sending protocol-level keepalive messages', 10 * 60])
]
)

# A password must be supplied unless doing anonymous login
options_to_deregister = %w[BLANK_PASSWORDS]
# De-registering USERNAME and PASSWORD as they are pulled in via the Msf::Auxiliary::AuthBrute mixin
options_to_deregister = %w[USERNAME PASSWORD BLANK_PASSWORDS]

if framework.features.enabled?(Msf::FeatureManager::LDAP_SESSION_TYPE)
add_info('The %grnCreateSession%clr option within this module can open an interactive session')
Expand Down Expand Up @@ -90,15 +94,15 @@ def validate_connect_options!

def run_host(ip)
cred_collection = build_credential_collection(
username: datastore['USERNAME'],
password: datastore['PASSWORD'],
realm: datastore['DOMAIN'],
username: datastore['LDAPUsername'],
password: datastore['LDAPPassword'],
realm: datastore['LDAPDomain'],
anonymous_login: datastore['ANONYMOUS_LOGIN'],
blank_passwords: false
)

opts = {
domain: datastore['DOMAIN'],
domain: datastore['LDAPDomain'],
append_domain: datastore['APPEND_DOMAIN'],
ssl: datastore['SSL'],
proxies: datastore['PROXIES'],
Expand Down
4 changes: 2 additions & 2 deletions spec/acceptance/ldap_spec.rb
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,8 @@
datastore: {
global: {},
module: {
username: ENV.fetch('LDAP_USERNAME', "'DEV-AD\\Administrator'"),
password: ENV.fetch('LDAP_PASSWORD', 'admin123!'),
ldapusername: ENV.fetch('LDAP_LDAPUsername', "'DEV-AD\\Administrator'"),
ldappassword: ENV.fetch('LDAP_LDAPPassword', 'admin123!'),
rhost: ENV.fetch('LDAP_RHOST', '127.0.0.1'),
rport: ENV.fetch('LDAP_RPORT', '389'),
ssl: ENV.fetch('LDAP_SSL', 'false')
Expand Down

0 comments on commit 9e5ac3b

Please sign in to comment.