Skip to content

Commit

Permalink
Add the ldapwhoami command support
Browse files Browse the repository at this point in the history
  • Loading branch information
zeroSteiner committed Oct 9, 2024
1 parent 50beffb commit f91c0cc
Show file tree
Hide file tree
Showing 3 changed files with 57 additions and 1 deletion.
9 changes: 8 additions & 1 deletion lib/rex/post/ldap/ui/console/command_dispatcher/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ class Console::CommandDispatcher::Client
#
def commands
cmds = {
'query' => 'Run an LDAP query'
'query' => 'Run an LDAP query',
'getuid' => 'Get the user that the connection is running as'
}

reqs = {}
Expand Down Expand Up @@ -102,6 +103,12 @@ def cmd_query_help
print @@query_opts.usage
end

def cmd_getuid
username = client.ldapwhoami
username.delete_prefix!('u:')
print_status("Server username: #{username}")
end

private

def parse_scope(str)
Expand Down
39 changes: 39 additions & 0 deletions lib/rex/proto/ldap.rb
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@

# Update Net::LDAP's initialize and new_connection method to honor a tracking proxies setting
class Net::LDAP
WhoamiOid = '1.3.6.1.4.1.4203.1.11.3'.freeze

# fix the definition for ExtendedResponse
AsnSyntax[Net::BER::TAG_CLASS[:universal] + Net::BER::ENCODING_TYPE[:constructed] + 107] = :string

# Reference the old initialize method, and ensure `reload_lib -a` doesn't attempt to refine the method
alias_method :_old_initialize, :initialize unless defined?(_old_initialize)

Expand Down Expand Up @@ -457,6 +462,40 @@ def modify(args)

pdu
end

# Monkeypatch upstream library to support the extended Whoami request. Delete
# this after https://github.com/ruby-ldap/ruby-net-ldap/pull/425 is landed.
# This is not the only occurrence of a patch for this functionality.
def ldapwhoami
ext_seq = [Net::LDAP::WhoamiOid.to_ber_contextspecific(0)]
request = ext_seq.to_ber_appsequence(Net::LDAP::PDU::ExtendedRequest)

message_id = next_msgid

write(request, nil, message_id)
pdu = queued_read(message_id)

if !pdu || pdu.app_tag != Net::LDAP::PDU::ExtendedResponse
raise Net::LDAP::ResponseMissingOrInvalidError, "response missing or invalid"
end

pdu
end
end

class Net::LDAP::PDU
# Monkeypatch upstream library to support the extended Whoami request. Delete
# this after https://github.com/ruby-ldap/ruby-net-ldap/pull/425 is landed.
# This is not the only occurrence of a patch for this functionality.
def parse_extended_response(sequence)
sequence.length.between?(3, 5) or raise Net::LDAP::PDU::Error, "Invalid LDAP result length."
@ldap_result = {
:resultCode => sequence[0],
:matchedDN => sequence[1],
:errorMessage => sequence[2],
}
@extended_response = sequence.last
end
end

module Rex
Expand Down
10 changes: 10 additions & 0 deletions lib/rex/proto/ldap/client.rb
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,16 @@ def discover_base_dn
dlog("#{peerinfo} Discovered base DN: #{base_dn}")
base_dn
end

# Monkeypatch upstream library to support the extended Whoami request. Delete
# this after https://github.com/ruby-ldap/ruby-net-ldap/pull/425 is landed.
# This is not the only occurrence of a patch for this functionality.
def ldapwhoami(args = {})
instrument "ldapwhoami.net_ldap", args do |payload|
@result = use_connection(args, &:ldapwhoami)
@result.success? ? @result.extended_response : nil
end
end
end
end
end
Expand Down

0 comments on commit f91c0cc

Please sign in to comment.