Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix missing attributes on LDAP SSL sockets #19751

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Fix missing attributes on LDAP SSL sockets #19751

wants to merge 1 commit into from

Conversation

zeroSteiner
Copy link
Contributor

Metasploit's LDAP sockets use the SSL wrapping logic provided by the Net::LDAP module. This means the socket gets swapped to an OpenSSL socket when SSL is enabled and the socket doesn't have some attributes that Metasploit expects. When that socket is treated as one used for a session, this missing information gets propagated up and is shown to the user. This is the issue described in #19744.

This change fixes it by extending the SSL socket after it's setup with the Forwardable module and defines delegators for the #localinfo and #peerinfo to come from the underlying socket (@io). This allows the local and peer socket address to be passed up and displayed to the user. Previously, the missing attribute would cause an exception to be raised which would result in an address of 127.0.0.1 being shown to the user for a session.

Verification

  • Start msfconsole
  • Use the ldap/ldap_login module
  • Set CreateSession and SSL to true, enable the SSL session feature if necessary
  • Set the rest of the options to valid values so a session can be opened
  • Run the module and get a session
  • See the correct address information shown in the output instead of 127.0.0.1

Demo (Old and Broken)

metasploit-framework (S:3 J:0) auxiliary(scanner/ldap/ldap_login) > run LDAP::Auth=ntlm
[+] 192.168.159.10:636 - Success: 'smcintyre:Password1!'
[*] LDAP session 4 opened (127.0.0.1 -> 127.0.0.1) at 2024-12-19 13:58:46 -0500
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 1 credential was successful.
[*] 1 LDAP session was opened successfully.
[*] Auxiliary module execution completed
metasploit-framework (S:4 J:0) auxiliary(scanner/ldap/ldap_login) >

Demo (New and Fixed)

metasploit-framework (S:1 J:0) auxiliary(scanner/ldap/ldap_login) > run
[+] 192.168.159.10:636 - Success: 'smcintyre:Password1!'
[*] LDAP session 2 opened (192.168.159.128:36377 -> 192.168.159.10:636) at 2024-12-19 15:00:57 -0500
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 1 credential was successful.
[*] 1 LDAP session was opened successfully.
[*] Auxiliary module execution completed
metasploit-framework (S:2 J:0) auxiliary(scanner/ldap/ldap_login) >

@smcintyre-r7 smcintyre-r7 added library bug rn-fix release notes fix labels Dec 19, 2024
@smcintyre-r7 smcintyre-r7 linked an issue Dec 19, 2024 that may be closed by this pull request
ldap/ldap_login module reports incorrect IP addresses for sessions #19744
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
bug library rn-fix release notes fix
Projects
Metasploit Kanban
Status: Todo
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ldap/ldap_login module reports incorrect IP addresses for sessions
2 participants
@zeroSteiner @smcintyre-r7