Module: Msf::Exploit::Remote::LDAP::Server
- Includes:
- SocketServer
- Included in:
- JndiInjection
- Defined in:
- lib/msf/core/exploit/remote/ldap/server.rb
Instance Attribute Summary collapse
-
#service ⇒ Object
:nodoc:.
Instance Method Summary collapse
-
#initialize(info = {}) ⇒ Object
Initializes an exploit module that serves LDAP requests.
-
#on_dispatch_request(cli, data) ⇒ Object
Handle incoming requests Override this method in modules to take flow control.
-
#on_send_response(cli, data) ⇒ Object
Handle incoming requests Override this method in modules to take flow control.
-
#read_ldif ⇒ Object
Read LDIF file - from github.com/ruby-ldap/ruby-net-ldap/blob/master/testserver/ldapserver.rb#L162.
-
#start_service ⇒ Object
Starts the server.
Methods included from SocketServer
#_determine_server_comm, #bindhost, #bindport, #cleanup, #cleanup_service, #exploit, #on_client_data, #primer, #regenerate_payload, #srvhost, #srvport, #via_string
Instance Attribute Details
#service ⇒ Object
:nodoc:
34 35 36 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 34 def service @service end |
Instance Method Details
#initialize(info = {}) ⇒ Object
Initializes an exploit module that serves LDAP requests
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 16 def initialize(info = {}) super ( [ OptPort.new('SRVPORT', [true, 'The local port to listen on.', 389]), OptPath.new('LDIF_FILE', [ false, 'Directory LDIF file path']), ], Exploit::Remote::LDAP::Server ) ( [ OptBool.new('LdapServerUdp', [true, 'Serve UDP LDAP requests', true]), OptBool.new('LdapServerTcp', [true, 'Serve TCP LDAP requests', true]) ], Exploit::Remote::LDAP::Server ) end |
#on_dispatch_request(cli, data) ⇒ Object
Handle incoming requests Override this method in modules to take flow control
62 63 64 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 62 def on_dispatch_request(cli, data) service.default_dispatch_request(cli, data) end |
#on_send_response(cli, data) ⇒ Object
Handle incoming requests Override this method in modules to take flow control
70 71 72 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 70 def on_send_response(cli, data) cli.write(data) end |
#read_ldif ⇒ Object
Read LDIF file - from github.com/ruby-ldap/ruby-net-ldap/blob/master/testserver/ldapserver.rb#L162
@ return [Hash] parsed ldif file
40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 40 def read_ldif return if datastore['LDIF_FILE'].blank? || !File.exist?(datastore['LDIF_FILE']) ary = File.readlines(datastore['LDIF_FILE']) ldif = {} while (line = ary.shift) && line.chomp! next unless line =~ /^dn:\s*/i dn = Regexp.last_match.post_match ldif[dn] = {} while (attrib = ary.shift) && attrib.chomp! && attrib =~ /^(\w+)\s*:\s*/ ldif[dn][Regexp.last_match(1)] ||= [] ldif[dn][Regexp.last_match(1)] << Regexp.last_match.post_match end end ldif end |
#start_service ⇒ Object
Starts the server
77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 |
# File 'lib/msf/core/exploit/remote/ldap/server.rb', line 77 def start_service comm = _determine_server_comm(bindhost) self.service = Rex::ServiceManager.start( Rex::Proto::LDAP::Server, bindhost, bindport, datastore['LdapServerUdp'], datastore['LdapServerTcp'], read_ldif, comm, { 'Msf' => framework, 'MsfExploit' => self } ) service.dispatch_request_proc = proc do |cli, data| on_dispatch_request(cli, data) end service.send_response_proc = proc do |cli, data| on_send_response(cli, data) end rescue ::Errno::EACCES => e raise Rex::BindFailed, e. end |