Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: improve ldap output with custom type: #5387

Merged
merged 3 commits into from
Jul 15, 2024
Merged

feat: improve ldap output with custom type: #5387

merged 3 commits into from
Jul 15, 2024

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Jul 8, 2024
edited
Loading

Proposed Changes

  • in ldap module earlier we were only returning a very small portion of what's available and i.e why it most of times returned empty response , this is now fixed by adding new type with some normalization
  • closes ldap javascript module return empty response #5388

Before

$ nuclei -u x.x.x.x:3268 -t x.yaml               

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.9

		projectdiscovery.io

[INF] Current nuclei version: v3.2.9 (latest)
[INF] Current nuclei-templates version: v9.9.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 164
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[ldap-obb] [javascript] [high] x.x.x.x:3268 ["DistinguishedName: '' ,SAMAccountName: '' ,PWDLastSet: 'Not Set' ,LastLogon: 'Not Set' ,MemberOf: '' ,ServicePrincipalName: '' ,"]

After

$ ./nuclei -u x.x.x.x:3268 -t a.yaml                                                                                             

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.0-dev

		projectdiscovery.io

[INF] Current nuclei version: v3.3.0-dev (development)
[INF] Current nuclei-templates version: v9.9.0 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 164
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[ldap-obb] [javascript] [high] x.x.x.x:3268 ["[{DN: Attributes:{CurrentTime:[Not Set] SubschemaSubentry:[CN=Aggregate,CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com] DsServiceName:[CN=NTDS Settings,CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cloudshark-a,DC=example,DC=com] NamingContexts:[DC=cloudshark-a,DC=example,DC=com CN=Configuration,DC=cloudshark-a,DC=example,DC=com CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com DC=DomainDnsZones,DC=cloudshark-a,DC=example,DC=com DC=ForestDnsZones,DC=cloudshark-a,DC=example,DC=com] DefaultNamingContext:[DC=cloudshark-a,DC=example,DC=com] SchemaNamingContext:[CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com] ConfigurationNamingContext:[CN=Configuration,DC=cloudshark-a,DC=example,DC=com] RootDomainNamingContext:[DC=cloudshark-a,DC=example,DC=com] SupportedLDAPVersion:[3 2] HighestCommittedUSN:[16423] SupportedSASLMechanisms:[GSSAPI GSS-SPNEGO EXTERNAL DIGEST-MD5] DnsHostName:[AD1.cloudshark-a.example.com] LdapServiceName:[cloudshark-a.example.com:ad1$@CLOUDSHARK-A.EXAMPLE.COM] ServerName:[CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cloudshark-a,DC=example,DC=com] IsSynchronized:[TRUE] IsGlobalCatalogReady:[TRUE] DomainFunctionality:[2] ForestFunctionality:[2] DomainControllerFunctionality:[4] DistinguishedName:[] SAMAccountName:[] PWDLastSet:[] LastLogon:[] MemberOf:[] ServicePrincipalName:[] Extra:map[supportedCapabilities:[1.2.840.113556.1.4.800 1.2.840.113556.1.4.1670 1.2.840.113556.1.4.1791 1.2.840.113556.1.4.1935 1.2.840.113556.1.4.2080] supportedControl:[1.2.840.113556.1.4.319 1.2.840.113556.1.4.801 1.2.840.113556.1.4.473 1.2.840.113556.1.4.528 1.2.840.113556.1.4.417 1.2.840.113556.1.4.619 1.2.840.113556.1.4.841 1.2.840.113556.1.4.529 1.2.840.113556.1.4.805 1.2.840.113556.1.4.521 1.2.840.113556.1.4.970 1.2.840.113556.1.4.1338 1.2.840.113556.1.4.474 1.2.840.113556.1.4.1339 1.2.840.113556.1.4.1340 1.2.840.113556.1.4.1413 2.16.840.1.113730.3.4.9 2.16.840.1.113730.3.4.10 1.2.840.113556.1.4.1504 1.2.840.113556.1.4.1852 1.2.840.113556.1.4.802 1.2.840.113556.1.4.1907 1.2.840.113556.1.4.1948 1.2.840.113556.1.4.1974 1.2.840.113556.1.4.1341 1.2.840.113556.1.4.2026 1.2.840.113556.1.4.2064 1.2.840.113556.1.4.2065 1.2.840.113556.1.4.2066] supportedExtension:[1.3.6.1.4.1.1466.20037 1.3.6.1.4.1.1466.101.119.1 1.2.840.113556.1.4.1781 1.3.6.1.4.1.4203.1.11.3] supportedLDAPPolicies:[MaxPoolThreads MaxDatagramRecv MaxReceiveBuffer InitRecvTimeout MaxConnections MaxConnIdleTime MaxPageSize MaxQueryDuration MaxTempTableSize MaxResultSetSize MinResultSets MaxResultSetsPerConn MaxNotificationPerConn MaxValRange]]}}]"]

Complete Info

{
  "Controls": [],
  "Entries": [
    {
      "Attributes": {
        "ConfigurationNamingContext": [
          "CN=Configuration,DC=cloudshark-a,DC=example,DC=com"
        ],
        "CurrentTime": [
          "Not Set"
        ],
        "DefaultNamingContext": [
          "DC=cloudshark-a,DC=example,DC=com"
        ],
        "DistinguishedName": [],
        "DnsHostName": [
          "AD1.cloudshark-a.example.com"
        ],
        "DomainControllerFunctionality": [
          "4"
        ],
        "DomainFunctionality": [
          "2"
        ],
        "DsServiceName": [
          "CN=NTDS Settings,CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cloudshark-a,DC=example,DC=com"
        ],
        "Extra": {
          "supportedCapabilities": [
            "1.2.840.113556.1.4.800",
            "1.2.840.113556.1.4.1670",
            "1.2.840.113556.1.4.1791",
            "1.2.840.113556.1.4.1935",
            "1.2.840.113556.1.4.2080"
          ],
          "supportedControl": [
            "1.2.840.113556.1.4.319",
            "1.2.840.113556.1.4.801",
            "1.2.840.113556.1.4.473",
            "1.2.840.113556.1.4.528",
            "1.2.840.113556.1.4.417",
            "1.2.840.113556.1.4.619",
            "1.2.840.113556.1.4.841",
            "1.2.840.113556.1.4.529",
            "1.2.840.113556.1.4.805",
            "1.2.840.113556.1.4.521",
            "1.2.840.113556.1.4.970",
            "1.2.840.113556.1.4.1338",
            "1.2.840.113556.1.4.474",
            "1.2.840.113556.1.4.1339",
            "1.2.840.113556.1.4.1340",
            "1.2.840.113556.1.4.1413",
            "2.16.840.1.113730.3.4.9",
            "2.16.840.1.113730.3.4.10",
            "1.2.840.113556.1.4.1504",
            "1.2.840.113556.1.4.1852",
            "1.2.840.113556.1.4.802",
            "1.2.840.113556.1.4.1907",
            "1.2.840.113556.1.4.1948",
            "1.2.840.113556.1.4.1974",
            "1.2.840.113556.1.4.1341",
            "1.2.840.113556.1.4.2026",
            "1.2.840.113556.1.4.2064",
            "1.2.840.113556.1.4.2065",
            "1.2.840.113556.1.4.2066"
          ],
          "supportedExtension": [
            "1.3.6.1.4.1.1466.20037",
            "1.3.6.1.4.1.1466.101.119.1",
            "1.2.840.113556.1.4.1781",
            "1.3.6.1.4.1.4203.1.11.3"
          ],
          "supportedLDAPPolicies": [
            "MaxPoolThreads",
            "MaxDatagramRecv",
            "MaxReceiveBuffer",
            "InitRecvTimeout",
            "MaxConnections",
            "MaxConnIdleTime",
            "MaxPageSize",
            "MaxQueryDuration",
            "MaxTempTableSize",
            "MaxResultSetSize",
            "MinResultSets",
            "MaxResultSetsPerConn",
            "MaxNotificationPerConn",
            "MaxValRange"
          ]
        },
        "ForestFunctionality": [
          "2"
        ],
        "HighestCommittedUSN": [
          "16423"
        ],
        "IsGlobalCatalogReady": [
          "TRUE"
        ],
        "IsSynchronized": [
          "TRUE"
        ],
        "LastLogon": [],
        "LdapServiceName": [
          "cloudshark-a.example.com:ad1$@CLOUDSHARK-A.EXAMPLE.COM"
        ],
        "MemberOf": [],
        "NamingContexts": [
          "DC=cloudshark-a,DC=example,DC=com",
          "CN=Configuration,DC=cloudshark-a,DC=example,DC=com",
          "CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com",
          "DC=DomainDnsZones,DC=cloudshark-a,DC=example,DC=com",
          "DC=ForestDnsZones,DC=cloudshark-a,DC=example,DC=com"
        ],
        "PWDLastSet": [],
        "RootDomainNamingContext": [
          "DC=cloudshark-a,DC=example,DC=com"
        ],
        "SAMAccountName": [],
        "SchemaNamingContext": [
          "CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com"
        ],
        "ServerName": [
          "CN=AD1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=cloudshark-a,DC=example,DC=com"
        ],
        "ServicePrincipalName": [],
        "SubschemaSubentry": [
          "CN=Aggregate,CN=Schema,CN=Configuration,DC=cloudshark-a,DC=example,DC=com"
        ],
        "SupportedLDAPVersion": [
          "3",
          "2"
        ],
        "SupportedSASLMechanisms": [
          "GSSAPI",
          "GSS-SPNEGO",
          "EXTERNAL",
          "DIGEST-MD5"
        ]
      },
      "DN": ""
    }
  ],
  "Referrals": []
}

@tarunKoyalwar tarunKoyalwar self-assigned this Jul 8, 2024
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review July 8, 2024 14:21
@tarunKoyalwar tarunKoyalwar requested a review from ehsandeep July 8, 2024 14:52
@tarunKoyalwar
Copy link
Member Author

we can later on add oidc -> string conversion when required

@ehsandeep ehsandeep merged commit 6cbd73f into dev Jul 15, 2024
10 of 12 checks passed
@ehsandeep ehsandeep deleted the feat-ldap-response branch July 15, 2024 13:12
@BrewTestBot BrewTestBot mentioned this pull request Jul 17, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

ldap javascript module return empty response
2 participants
@tarunKoyalwar @ehsandeep