Module: Msf::Exploit::Remote::LDAP
- Defined in:
- lib/msf/core/exploit/ldap.rb
Instance Method Summary collapse
- #discover_base_dn(ldap) ⇒ Object
- #initialize(info = {}) ⇒ Object
- #ldap_connect(opts = {}, &block) ⇒ Object
- #peer ⇒ Object
- #rhost ⇒ Object
- #rport ⇒ Object
Instance Method Details
#discover_base_dn(ldap) ⇒ Object
57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 |
# File 'lib/msf/core/exploit/ldap.rb', line 57 def discover_base_dn(ldap) print_status('Searching root DSE for base DN') unless (root_dse = ldap.search_root_dse) print_error('Could not retrieve root DSE') return end vprint_line(root_dse.to_ldif) # NOTE: Net::LDAP converts attribute names to lowercase unless root_dse[:namingcontexts] print_error('Could not find namingContexts attribute') return end if root_dse[:namingcontexts].empty? print_error('Could not find base DN') return end # NOTE: We assume the first namingContexts value is the base DN base_dn = root_dse[:namingcontexts].first print_good("Discovered base DN: #{base_dn}") base_dn rescue Net::LDAP::Error => e print_error("#{e.class}: #{e.}") nil end |
#initialize(info = {}) ⇒ Object
12 13 14 15 16 17 18 19 20 21 22 23 24 |
# File 'lib/msf/core/exploit/ldap.rb', line 12 def initialize(info = {}) super ([ Opt::RHOST, Opt::RPORT(389), OptBool.new('SSL', [false, 'Enable SSL on the LDAP connection', false]) ]) ([ OptFloat.new('ConnectTimeout', [true, 'Timeout for LDAP connect', 10.0]) ]) end |
#ldap_connect(opts = {}, &block) ⇒ Object
38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 |
# File 'lib/msf/core/exploit/ldap.rb', line 38 def ldap_connect(opts = {}, &block) connect_opts = { host: rhost, port: rport, connect_timeout: datastore['ConnectTimeout'] } if datastore['SSL'] connect_opts[:encryption] = { method: :simple_tls, tls_options: { verify_mode: OpenSSL::SSL::VERIFY_NONE } } end Net::LDAP.open(connect_opts.merge(opts), &block) end |
#peer ⇒ Object
34 35 36 |
# File 'lib/msf/core/exploit/ldap.rb', line 34 def peer "#{rhost}:#{rport}" end |
#rhost ⇒ Object
26 27 28 |
# File 'lib/msf/core/exploit/ldap.rb', line 26 def rhost datastore['RHOST'] end |
#rport ⇒ Object
30 31 32 |
# File 'lib/msf/core/exploit/ldap.rb', line 30 def rport datastore['RPORT'] end |