metasploit-framework

mirror of https://github.com/rapid7/metasploit-framework synced 2024-10-09 04:26:11 +02:00

History

RageLtMan db8f4ffa6f Native LDAP infrastructure to support log4shell In order to detect scan callbacks, serve payloads, and otherwise interact with the LDAP protocol handler in JNDI, Metasploit needs a native LDAP service properly exposed to various parts of the Framework and users/consumers. Implement Rex::Protocol::LDAP::Server with TCP and UDP socket handlers abstracted to a common access pattern between L4 stacks. Extend the socket clients to hold a state attibute for LDAP bind authentication, and use the UDP client abstraction to implement consistent callback semantics for data receipt from a client and handling response on the other side. The server utilizes Rex' native sockets, permitting full pivot and proxy support over the Switchboard. Implement the Msf::Exploit::Remote::LDAP::Server mixin to manage service abstraction and shared methods exposed to Metasploit modules. Note: during implementation of this functionality, it was discovered that the Scanner mixin's :replicant method resulted in :dup calls to the Rex::ServiceManager service created by this new mixin (and any others leveraging ServiceManager). As a result, double-bind attempts created failures in service instantiation from the duplicated MetasploitModules which also dropped the @service instance variable reference to the actual running service; leaving the socket inexorably bound until Framework was halted and Ruby released the FDs. See https://github.com/rapid7/rex-core/pull/19 and the Issues/Pull Requests sections of R7's MSF GitHub. Expose the new LDAP infrastructure to users by way of a basic LDAP server MetasploitModule which consumes a tiny sample LDIF (provided) and performs queries against it. This is intended to be a template for future work such as LDAP authentication capture, protocol proxy for MITM and intercept, and other more specific implementations for exploits and auxiliary modules. For feature completeness, provide a Rex::Socket override for Net::LDAP::Connection until we have a proper, native to Rex, LDAP client class implemented. Testing: Basic functionality only, this is an early effort which will be extended for feature-completeness over time	2021-12-16 18:47:52 -05:00
..
msf.ldif	Native LDAP infrastructure to support log4shell	2021-12-16 18:47:52 -05:00

RageLtMan db8f4ffa6f Native LDAP infrastructure to support log4shell

In order to detect scan callbacks, serve payloads, and otherwise
interact with the LDAP protocol handler in JNDI, Metasploit needs
a native LDAP service properly exposed to various parts of the
Framework and users/consumers.

Implement Rex::Protocol::LDAP::Server with TCP and UDP socket
handlers abstracted to a common access pattern between L4 stacks.
Extend the socket clients to hold a state attibute for LDAP bind
authentication, and use the UDP client abstraction to implement
consistent callback semantics for data receipt from a client and
handling response on the other side. The server utilizes Rex'
native sockets, permitting full pivot and proxy support over the
Switchboard.

Implement the Msf::Exploit::Remote::LDAP::Server mixin to manage
service abstraction and shared methods exposed to Metasploit
modules.
Note: during implementation of this functionality, it was
discovered that the Scanner mixin's :replicant method resulted in
:dup calls to the Rex::ServiceManager service created by this new
mixin (and any others leveraging ServiceManager). As a result,
double-bind attempts created failures in service instantiation from
the duplicated MetasploitModules which also dropped the @service
instance variable reference to the actual running service; leaving
the socket inexorably bound until Framework was halted and Ruby
released the FDs. See https://github.com/rapid7/rex-core/pull/19
and the Issues/Pull Requests sections of R7's MSF GitHub.

Expose the new LDAP infrastructure to users by way of a basic LDAP
server MetasploitModule which consumes a tiny sample LDIF (provided)
and performs queries against it. This is intended to be a template
for future work such as LDAP authentication capture, protocol proxy
for MITM and intercept, and other more specific implementations for
exploits and auxiliary modules.

For feature completeness, provide a Rex::Socket override for
Net::LDAP::Connection until we have a proper, native to Rex, LDAP
client class implemented.

Testing:
  Basic functionality only, this is an early effort which will be
extended for feature-completeness over time

2021-12-16 18:47:52 -05:00

msf.ldif

Native LDAP infrastructure to support log4shell

2021-12-16 18:47:52 -05:00