From 12d2e31c76a358f71f45fde8d5c650bbb903fadc Mon Sep 17 00:00:00 2001
From: Zach Goldman <zach_goldman@rapid7.com>
Date: Tue, 30 Jul 2024 18:28:16 -0500
Subject: [PATCH] add necessary metadata for bruteforce

---
 lib/metasploit/framework/login_scanner/ldap.rb | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/lib/metasploit/framework/login_scanner/ldap.rb b/lib/metasploit/framework/login_scanner/ldap.rb
index 2d63ddb94c129..2569dcdaeb65b 100644
--- a/lib/metasploit/framework/login_scanner/ldap.rb
+++ b/lib/metasploit/framework/login_scanner/ldap.rb
@@ -11,11 +11,23 @@ class LDAP
         include Metasploit::Framework::LDAP::Client
         include Msf::Exploit::Remote::LDAP
 
+        # TODO: Verify if we need this additional metadata: https://github.com/rapid7/metasploit-framework/blob/master/lib/metasploit/framework/login_scanner/http.rb#L15-L23
+        LIKELY_PORTS         = [ 389, 636 ]
+        LIKELY_SERVICE_NAMES = [ 'ldap', 'ldaps', 'ldapssl' ]
+
         attr_accessor :opts, :realm_key
         # @!attribute use_client_as_proof
         #   @return [Boolean] If a login is successful and this attribute is true - an LDAP::Client instance is used as proof
         attr_accessor :use_client_as_proof
 
+        # This method sets the sane defaults for things
+        # like timeouts and TCP evasion options
+        def set_sane_defaults
+          self.opts ||= {}
+          self.connection_timeout = 30 if self.connection_timeout.nil?
+          nil
+        end
+
         def attempt_login(credential)
           result_opts = {
             credential: credential,
@@ -23,7 +35,8 @@ def attempt_login(credential)
             proof: nil,
             host: host,
             port: port,
-            protocol: 'ldap'
+            protocol: 'tcp',
+            service_name: 'ldap'
           }
 
           result_opts.merge!(do_login(credential))