Module: PWN::Plugins::DAOLDAP

Defined in:
lib/pwn/plugins/dao_ldap.rb

Overview

This plugin is a data access object used for interacting w/ Active Directory/LDAP Servers

Class Method Summary collapse

Class Method Details

.authorsObject

Author(s)

0day Inc. <[email protected]>



98
99
100
101
102
 
# File 'lib/pwn/plugins/dao_ldap.rb', line 98

public_class_method def self.authors
  "AUTHOR(S):
    0day Inc. <[email protected]>
  "
end

.connect(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOLDAP.connect(

host: 'required host or IP',
port: 'optional port (defaults to 636)',
base: 'required ldap base to search from (e.g. dc=domain,dc=com)'
encryption: 'optional parameter to protect communication in transit, :simple_tls OR :start_tls'
auth_method: 'required ldap auth bind method, :simple, :sasl, OR :gss_spnego'
username: 'required username (e.g. [email protected])',
password: 'optional (prompts if left blank)',

)



20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
# File 'lib/pwn/plugins/dao_ldap.rb', line 20

public_class_method def self.connect(opts = {})
  host = opts[:host].to_s
  port = opts[:port].to_i
  base = opts[:base]
  encryption = opts[:encryption]
  auth_method = opts[:auth_method]

  username = opts[:username].to_s

  password = if opts[:password].nil?
               PWN::Plugins::AuthenticationHelper.mask_password
             else
               opts[:password].to_s
             end

  if encryption
    ldap_obj = Net::LDAP.new(
      host: host,
      port: port,
      base: base,
      encryption: encryption,
      auth: {
        method: auth_method,
        username: username,
        password: password
      }
    )
  else
    ldap_obj = Net::LDAP.new(
      host: host,
      port: port,
      base: base,
      auth: {
        method: auth_method,
        username: username,
        password: password
      }
    )
  end

  ldap_obj.bind

  ldap_obj
rescue StandardError => e
  raise e
end

.disconnect(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOLDAP.disconnect(

ldap_obj: ldap_obj

)



89
90
91
92
93
94
 
# File 'lib/pwn/plugins/dao_ldap.rb', line 89

public_class_method def self.disconnect(opts = {})
  ldap_obj = opts[:ldap_obj]
  ldap_obj = nil
rescue StandardError => e
  raise e
end

.get_employee_by_username(opts = {}) ⇒ Object

Supported Method Parameters

PWN::Plugins::DAOLDAP.get_employee_by_username(

ldap_obj: 'required ldap_obj returned from #connect method',
username: 'required username of employee to retrieve from LDAP server'

)



73
74
75
76
77
78
79
80
81
82
 
# File 'lib/pwn/plugins/dao_ldap.rb', line 73

public_class_method def self.get_employee_by_username(opts = {})
  ldap_obj = opts[:ldap_obj]
  username = opts[:username].to_s.scrub
  treebase = ldap_obj.base

  filter = Net::LDAP::Filter.eq('samaccountname', username)
  ldap_obj.search(base: treebase, filter: filter)
rescue StandardError => e
  raise e
end

.helpObject

Display Usage for this Module



106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
 
# File 'lib/pwn/plugins/dao_ldap.rb', line 106

public_class_method def self.help
  puts "USAGE:
    ldap_obj = #{self}.connect(
      host: 'required host or IP',
      port: 'required port',
      base: 'required ldap base to search from (e.g. dc=domain,dc=com)',
      encryption: 'optional parameter to protect communication in transit, :simple_tls OR :start_tls',
      auth_method: 'required ldap auth bind method, :simple, :sasl, OR :gss_spnego'
      username: 'required username',
      password: 'optional (prompts if left blank)',
    )

    employee = #{self}.get_employee_by_username(
      ldap_obj: 'required ldap_obj returned from #connect method',
      username: 'required username of employee to retrieve from LDAP server'
    )
    puts employee[0][:dn]

    #{self}.disconnect(:ldap_obj => ldap_obj)

    #{self}.authors
  "
end