Don't store passwords to creds if the password wasn't needed for the auth type
This commit is contained in:
parent
09c757513f
commit
1609836ea2
|
@ -58,6 +58,13 @@ module Metasploit
|
|||
# so make sure that whatever it is, we end up with a Credential.
|
||||
credential = raw_cred.to_credential
|
||||
|
||||
if (opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::KERBEROS && opts[:ldap_krb5_cname]) ||
|
||||
opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL
|
||||
# If we're using kerberos auth with a ccache or doing schannel auth then the password is irrelevant
|
||||
# Remove it from the credential so we don't store it
|
||||
credential.private = nil
|
||||
end
|
||||
|
||||
if credential.realm.present? && realm_key.present?
|
||||
credential.realm_key = realm_key
|
||||
elsif credential.realm.present? && realm_key.blank?
|
||||
|
|
|
@ -27,6 +27,7 @@ module Auxiliary::AuthBrute
|
|||
OptBool.new('DB_ALL_PASS', [false,"Add all passwords in the current database to the list",false]),
|
||||
OptEnum.new('DB_SKIP_EXISTING', [false,"Skip existing credentials stored in the current database", 'none', %w[ none user user&realm ]]),
|
||||
OptBool.new('STOP_ON_SUCCESS', [ true, "Stop guessing when a credential works for a host", false]),
|
||||
OptBool.new('ANONYMOUS_LOGIN', [ true, "Attempt to login with a blank username and password", false])
|
||||
], Auxiliary::AuthBrute)
|
||||
|
||||
register_advanced_options([
|
||||
|
|
|
@ -57,7 +57,7 @@ class MetasploitModule < Msf::Auxiliary
|
|||
username: datastore['USERNAME'],
|
||||
password: datastore['PASSWORD'],
|
||||
realm: datastore['DOMAIN'],
|
||||
anonymous_login: false,
|
||||
anonymous_login: datastore['ANONYMOUS_LOGIN'],
|
||||
blank_passwords: false
|
||||
)
|
||||
|
||||
|
@ -71,7 +71,9 @@ class MetasploitModule < Msf::Auxiliary
|
|||
ldap_cert_file: datastore['LDAP::CertFile'],
|
||||
ldap_rhostname: datastore['Ldap::Rhostname'],
|
||||
ldap_krb_offered_enc_types: datastore['Ldap::KrbOfferedEncryptionTypes'],
|
||||
ldap_krb5_cname: datastore['Ldap::Krb5Ccname']
|
||||
ldap_krb5_cname: datastore['Ldap::Krb5Ccname'],
|
||||
# Write only cache so we keep all gathered tickets but don't reuse them for auth while running the module
|
||||
kerberos_ticket_storage: kerberos_ticket_storage({ read: false, write: true })
|
||||
}
|
||||
|
||||
realm_key = nil
|
||||
|
|
|
@ -87,7 +87,8 @@ class MetasploitModule < Msf::Auxiliary
|
|||
framework: framework,
|
||||
framework_module: self,
|
||||
cache_file: datastore['Smb::Krb5Ccname'].blank? ? nil : datastore['Smb::Krb5Ccname'],
|
||||
ticket_storage: kerberos_ticket_storage
|
||||
# Write only cache so we keep all gathered tickets but don't reuse them for auth while running the module
|
||||
ticket_storage: kerberos_ticket_storage({ read: false, write: true })
|
||||
)
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
require 'spec_helper'
|
||||
require 'metasploit/framework/login_scanner/ldap'
|
||||
|
||||
RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::LDAP' do
|
||||
RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::LDAP' do |ldap_auth_type|
|
||||
let(:mock_credential) do
|
||||
Metasploit::Framework::Credential.new(
|
||||
public: 'mock_public',
|
||||
|
@ -11,7 +11,11 @@ RSpec.shared_examples_for 'Metasploit::Framework::LoginScanner::LDAP' do
|
|||
end
|
||||
|
||||
let(:public) { 'root' }
|
||||
let(:private) { 'toor' }
|
||||
let(:private) do
|
||||
# SChannel auth doesn't use a password
|
||||
ldap_auth_type == Msf::Exploit::Remote::AuthOption::SCHANNEL ? nil : 'toor'
|
||||
end
|
||||
|
||||
let(:realm) { 'myrealm' }
|
||||
let(:realm_key) { Metasploit::Model::Realm::Key::ACTIVE_DIRECTORY_DOMAIN }
|
||||
|
||||
|
@ -129,7 +133,7 @@ RSpec.describe Metasploit::Framework::LoginScanner::LDAP do
|
|||
described_class.new(opts: { ldap_auth: auth_type })
|
||||
end
|
||||
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::LDAP'
|
||||
it_behaves_like 'Metasploit::Framework::LoginScanner::LDAP', auth_type
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue