Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixes a nil error if login is successful with ldap_login module #19438

Merged
merged 1 commit into from
Sep 3, 2024
Merged

Fixes a nil error if login is successful with ldap_login module #19438

merged 1 commit into from
Sep 3, 2024

Conversation

cgranleese-r7
Copy link
Contributor

This PR fixes an issue when create_credential_and_login in lib/metasploit/framework/data_service/proxy/credential_data_proxy.rb is called, which doesn't call of to create_credential_login at any point to initialize @report[rhost]. This was causing the nil error as the ldap_login module made use of the Msf::Auxiliary::ReportSummary mixin but never called create_credential_login which is the method the mixin had original overridden. This also wasn't been caught on the CI LDAP acceptance testing as the ldap_session_type feature is set to false by default currently.

Before

[+] 127.0.0.1:389 - Success: 'DEV-AD\Administrator:admin123!'
[*] LDAP session 2 opened (127.0.0.1:54963 -> 127.0.0.1:389) at 2024-09-03 12:16:10 +0100
[-] 127.0.0.1:389 - Failed to setup the session - NoMethodError undefined method `merge!' for nil:NilClass
[*] Scanned 1 of 1 hosts (100% complete)
[*] Scan completed, 0 credentials were successful.
[*] 0 sessions were opened successfully.
[*] Bruteforce completed, 1 credential was successful.
[*] 1 LDAP session was opened successfully.
[*] Auxiliary module execution completed

After

msf6 auxiliary(scanner/ldap/ldap_login) > run

[+] 127.0.0.1:389 - Success: 'DEV-AD\Administrator:admin123!'
[*] LDAP session 4 opened (127.0.0.1:55067 -> 127.0.0.1:389) at 2024-09-03 12:27:32 +0100
[*] Scanned 1 of 1 hosts (100% complete)
[*] Scan completed, 1 credential was successful.

Successful logins
=================

    Host       Public                Private
    ----       ------                -------
    127.0.0.1  DEV-AD\Administrator  admin123!


[*] 1 session was opened successfully.
[*] Bruteforce completed, 1 credential was successful.
[*] 1 LDAP session was opened successfully.
[*] Auxiliary module execution completed

Verification

  • Enable the new LDAP session feature features set ldap_session_type true
  • Run auxiliary/scanner/ldap/ldap_login against an ldap server to get a session (an example of running an ldap container can be found in the ldap acceptance tests here

    metasploit-framework/.github/workflows/ldap_acceptance.yml

    Lines 67 to 71 in 33ffc14

    - name: Run samba/ldap docker container
    working-directory: 'test/ldap'
    run: |
    docker compose build
    docker compose up --wait -d
  • Run SPEC_OPTS='--tag acceptance' SPEC_HELPER_LOAD_METASPLOIT=false bundle exec rspec ./spec/acceptance/ldap_spec.rb and ensure those pass locally.

@cgranleese-r7 cgranleese-r7 added the rn-fix release notes fix label Sep 3, 2024
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-ldap-login-nil-issue branch from 6ade2ea to 5db266c Compare September 3, 2024 12:55
@cgranleese-r7 cgranleese-r7 force-pushed the fixes-ldap-login-nil-issue branch from 5db266c to 242d91e Compare September 3, 2024 13:00
@dwelch-r7 dwelch-r7 self-assigned this Sep 3, 2024
@dwelch-r7 dwelch-r7 merged commit 5f65ce2 into rapid7:master Sep 3, 2024
62 checks passed
@dwelch-r7
Copy link
Contributor

Release Notes

Fixes a nil error if login is successful with ldap_login module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@dwelch-r7 dwelch-r7

Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@cgranleese-r7 @dwelch-r7