add necessary metadata for bruteforce

rapid7 · Jul 30, 2024 · 12d2e31 · 12d2e31
1 parent 6a31ceb
commit 12d2e31
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/lib/metasploit/framework/login_scanner/ldap.rb b/lib/metasploit/framework/login_scanner/ldap.rb
@@ -11,19 +11,32 @@ class LDAP
         include Metasploit::Framework::LDAP::Client
         include Msf::Exploit::Remote::LDAP
 
+        # TODO: Verify if we need this additional metadata: https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/login_scanner/http.rb#L15-L23
+        LIKELY_PORTS         = [ 389, 636 ]
+        LIKELY_SERVICE_NAMES = [ 'ldap', 'ldaps', 'ldapssl' ]
+
         attr_accessor :opts, :realm_key
         # @!attribute use_client_as_proof
         #   @return [Boolean] If a login is successful and this attribute is true - an LDAP::Client instance is used as proof
         attr_accessor :use_client_as_proof
 
+        # This method sets the sane defaults for things
+        # like timeouts and TCP evasion options
+        def set_sane_defaults
+          self.opts ||= {}
+          self.connection_timeout = 30 if self.connection_timeout.nil?
+          nil
+        end
+
         def attempt_login(credential)
           result_opts = {
             credential: credential,
             status: Metasploit::Model::Login::Status::INCORRECT,
             proof: nil,
             host: host,
             port: port,
-            protocol: 'ldap'
+            protocol: 'tcp',
+            service_name: 'ldap'
           }
 
           result_opts.merge!(do_login(credential))