diff --git a/lib/msf/core/exploit/remote/ldap.rb b/lib/msf/core/exploit/remote/ldap.rb index 216ea212f9b5..4027dffa1f8e 100644 --- a/lib/msf/core/exploit/remote/ldap.rb +++ b/lib/msf/core/exploit/remote/ldap.rb @@ -30,9 +30,9 @@ def initialize(info = {}) Opt::RHOST, Opt::RPORT(389), OptBool.new('SSL', [false, 'Enable SSL on the LDAP connection', false]), - Msf::OptString.new('DOMAIN', [false, 'The domain to authenticate to']), - Msf::OptString.new('USERNAME', [false, 'The username to authenticate with'], aliases: ['BIND_DN']), - Msf::OptString.new('PASSWORD', [false, 'The password to authenticate with'], aliases: ['BIND_PW']) + Msf::OptString.new('LDAPDomain', [false, 'The domain to authenticate to']), + Msf::OptString.new('LDAPUsername', [false, 'The username to authenticate with'], aliases: ['BIND_DN']), + Msf::OptString.new('LDAPPassword', [false, 'The password to authenticate with'], aliases: ['BIND_PW']) ]) register_advanced_options( @@ -76,9 +76,9 @@ def peer # LDAP server. def get_connect_opts opts = { - username: datastore['USERNAME'], - password: datastore['PASSWORD'], - domain: datastore['DOMAIN'], + username: datastore['LDAPUsername'], + password: datastore['LDAPPassword'], + domain: datastore['LDAPDomain'], base: datastore['BASE_DN'], domain_controller_rhost: datastore['DomainControllerRhost'], ldap_auth: datastore['LDAP::Auth'], diff --git a/lib/msf/core/optional_session/ldap.rb b/lib/msf/core/optional_session/ldap.rb index 1bbeb61dbfc5..d8c9358104fa 100644 --- a/lib/msf/core/optional_session/ldap.rb +++ b/lib/msf/core/optional_session/ldap.rb @@ -5,7 +5,7 @@ module OptionalSession module LDAP include Msf::OptionalSession - RHOST_GROUP_OPTIONS = %w[RHOSTS RPORT DOMAIN USERNAME PASSWORD THREADS] + RHOST_GROUP_OPTIONS = %w[RHOSTS RPORT LDAPDomain LDAPUsername LDAPPassword THREADS] REQUIRED_OPTIONS = %w[RHOSTS RPORT THREADS] def initialize(info = {}) diff --git a/modules/auxiliary/scanner/ldap/ldap_login.rb b/modules/auxiliary/scanner/ldap/ldap_login.rb index 7c5efbabf439..56cc69772988 100644 --- a/modules/auxiliary/scanner/ldap/ldap_login.rb +++ b/modules/auxiliary/scanner/ldap/ldap_login.rb @@ -37,12 +37,16 @@ def initialize(info = {}) 'APPEND_DOMAIN', [true, 'Appends `@ to the username for authentication`', false], conditions: ['LDAP::Auth', 'in', [Msf::Exploit::Remote::AuthOption::AUTO, Msf::Exploit::Remote::AuthOption::PLAINTEXT]] ), + Msf::OptString.new('LDAPDomain', [false, 'The domain to authenticate to']), + Msf::OptString.new('LDAPUsername', [false, 'The username to authenticate with'], aliases: ['BIND_DN']), + Msf::OptString.new('LDAPPassword', [false, 'The password to authenticate with'], aliases: ['BIND_PW']), OptInt.new('SessionKeepalive', [true, 'Time (in seconds) for sending protocol-level keepalive messages', 10 * 60]) ] ) # A password must be supplied unless doing anonymous login - options_to_deregister = %w[BLANK_PASSWORDS] + # De-registering USERNAME and PASSWORD as they are pulled in via the Msf::Auxiliary::AuthBrute mixin + options_to_deregister = %w[USERNAME PASSWORD BLANK_PASSWORDS] if framework.features.enabled?(Msf::FeatureManager::LDAP_SESSION_TYPE) add_info('The %grnCreateSession%clr option within this module can open an interactive session') @@ -90,15 +94,15 @@ def validate_connect_options! def run_host(ip) cred_collection = build_credential_collection( - username: datastore['USERNAME'], - password: datastore['PASSWORD'], - realm: datastore['DOMAIN'], + username: datastore['LDAPUsername'], + password: datastore['LDAPPassword'], + realm: datastore['LDAPDomain'], anonymous_login: datastore['ANONYMOUS_LOGIN'], blank_passwords: false ) opts = { - domain: datastore['DOMAIN'], + domain: datastore['LDAPDomain'], append_domain: datastore['APPEND_DOMAIN'], ssl: datastore['SSL'], proxies: datastore['PROXIES'], diff --git a/spec/acceptance/ldap_spec.rb b/spec/acceptance/ldap_spec.rb index 74773dff6985..74967bb36031 100644 --- a/spec/acceptance/ldap_spec.rb +++ b/spec/acceptance/ldap_spec.rb @@ -14,8 +14,8 @@ datastore: { global: {}, module: { - username: ENV.fetch('LDAP_USERNAME', "'DEV-AD\\Administrator'"), - password: ENV.fetch('LDAP_PASSWORD', 'admin123!'), + ldapusername: ENV.fetch('LDAP_LDAPUsername', "'DEV-AD\\Administrator'"), + ldappassword: ENV.fetch('LDAP_LDAPPassword', 'admin123!'), rhost: ENV.fetch('LDAP_RHOST', '127.0.0.1'), rport: ENV.fetch('LDAP_RPORT', '389'), ssl: ENV.fetch('LDAP_SSL', 'false')