mirror of
https://github.com/rapid7/metasploit-framework
synced 2024-10-09 04:26:11 +02:00
db8f4ffa6f
In order to detect scan callbacks, serve payloads, and otherwise interact with the LDAP protocol handler in JNDI, Metasploit needs a native LDAP service properly exposed to various parts of the Framework and users/consumers. Implement Rex::Protocol::LDAP::Server with TCP and UDP socket handlers abstracted to a common access pattern between L4 stacks. Extend the socket clients to hold a state attibute for LDAP bind authentication, and use the UDP client abstraction to implement consistent callback semantics for data receipt from a client and handling response on the other side. The server utilizes Rex' native sockets, permitting full pivot and proxy support over the Switchboard. Implement the Msf::Exploit::Remote::LDAP::Server mixin to manage service abstraction and shared methods exposed to Metasploit modules. Note: during implementation of this functionality, it was discovered that the Scanner mixin's :replicant method resulted in :dup calls to the Rex::ServiceManager service created by this new mixin (and any others leveraging ServiceManager). As a result, double-bind attempts created failures in service instantiation from the duplicated MetasploitModules which also dropped the @service instance variable reference to the actual running service; leaving the socket inexorably bound until Framework was halted and Ruby released the FDs. See https://github.com/rapid7/rex-core/pull/19 and the Issues/Pull Requests sections of R7's MSF GitHub. Expose the new LDAP infrastructure to users by way of a basic LDAP server MetasploitModule which consumes a tiny sample LDIF (provided) and performs queries against it. This is intended to be a template for future work such as LDAP authentication capture, protocol proxy for MITM and intercept, and other more specific implementations for exploits and auxiliary modules. For feature completeness, provide a Rex::Socket override for Net::LDAP::Connection until we have a proper, native to Rex, LDAP client class implemented. Testing: Basic functionality only, this is an early effort which will be extended for feature-completeness over time |
||
---|---|---|
.. | ||
msf.ldif |