infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More flexible domain and DN

bug/bundler_fix
Meatballs 2014-01-25 13:17:00 +00:00
parent 08885bde19
commit 27a434205c
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
1 changed files with 29 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
lib/msf/core/post/windows/ldap.rb
View File

@ -84,28 +84,47 @@ module LDAP
super super
register_options( register_options(
[ [
OptString.new('DOMAIN', [false, 'The domain to query.', nil]), OptString.new('DOMAIN', [false, 'The domain to query or distinguished name (e.g. DC=test,DC=com)', nil]),
OptInt.new('MAX_SEARCH', [true, 'Maximum values to retrieve, 0 for all.', 50]), OptInt.new('MAX_SEARCH', [true, 'Maximum values to retrieve, 0 for all.', 500]),
OptString.new('FIELDS', [true, 'FIELDS to retrieve.', nil]), OptString.new('FIELDS', [true, 'FIELDS to retrieve.', nil]),
OptString.new('FILTER', [true, 'Search filter.', nil]) OptString.new('FILTER', [true, 'Search filter.', nil])
], self.class) ], self.class)
end end
# Converts a Distinguished Name to DNS name
#
# @param [String] Distinguished Name
# @return [String] DNS name
def dn_to_domain(dn)
if dn.include? "DC="
return dn.gsub(',','').split('DC=')[1..-1].join('.')
else
return dn
end
end
# Performs an ldap query # Performs an ldap query
# #
# @param [String] LDAP search filter # @param [String] LDAP search filter
# @param [Integer] Maximum results # @param [Integer] Maximum results
# @param [Array] String array containing attributes to retrieve # @param [Array] String array containing attributes to retrieve
# @param [String] Optional domain or distinguished name
# @return [Hash] Entries found # @return [Hash] Entries found
def query(filter, max_results, fields) def query(filter, max_results, fields, domain=nil)
if load_extapi domain ||= datastore['DOMAIN']
default_naming_context = datastore['DOMAIN'] domain ||= get_domain
default_naming_context ||= get_default_naming_context
return session.extapi.adsi.domain_query(default_naming_context, filter, max_results, DEFAULT_PAGE_SIZE, fields)
else
default_naming_context = get_default_naming_context(datastore['DOMAIN'])
bind_default_ldap_server(max_results, datastore['DOMAIN']) do |session_handle| if load_extapi
return session.extapi.adsi.domain_query(domain, filter, max_results, DEFAULT_PAGE_SIZE, fields)
else
if domain and domain.include? "DC="
default_naming_context = domain
domain = dn_to_domain(domain)
else
default_naming_context = get_default_naming_context(domain)
end
bind_default_ldap_server(max_results, domain) do |session_handle|
return query_ldap(session_handle, default_naming_context, 2, filter, fields) return query_ldap(session_handle, default_naming_context, 2, filter, fields)
end end
end end
@ -304,9 +323,6 @@ module LDAP
def bind_default_ldap_server(size_limit, domain=nil) def bind_default_ldap_server(size_limit, domain=nil)
vprint_status ("Initializing LDAP connection.") vprint_status ("Initializing LDAP connection.")
# If no supplied domain use netapi to retrieve current domain
domain ||= get_domain
# If domain is still null the API may be able to handle it... # If domain is still null the API may be able to handle it...
init_result = wldap32.ldap_sslinitA(domain, 389, 0) init_result = wldap32.ldap_sslinitA(domain, 389, 0)
session_handle = init_result['return'] session_handle = init_result['return']