PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-06 12:41:29 +00:00
Code Issues Projects Releases Wiki Activity

fixed bug with empty contexts not returning any data from ldap servers

Browse Source 
add objectClass person to qfilter users so that users are properly shown
add error msg for invalid credentials
[patrik]
This commit is contained in:
patrik
2010-07-16 21:59:27 +00:00
parent efd89b5e17
commit db0093ccd0
1 changed files with 9 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
scripts/ldap-search.nse
View File

@@ -48,12 +48,13 @@ anonymous bind will be used as a last attempt.
-- ------ -- ------
-- o Martin Swende who provided me with the initial code that got me started writing this. -- o Martin Swende who provided me with the initial code that got me started writing this.
-- Version 0.4 -- Version 0.5
-- Created 01/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net> -- Created 01/12/2010 - v0.1 - created by Patrik Karlsson <patrik@cqure.net>
-- Revised 01/20/2010 - v0.2 - added SSL support -- Revised 01/20/2010 - v0.2 - added SSL support
-- Revised 01/26/2010 - v0.3 - Changed SSL support to comm.tryssl, prefixed arguments with ldap, changes in determination of namingContexts -- Revised 01/26/2010 - v0.3 - Changed SSL support to comm.tryssl, prefixed arguments with ldap, changes in determination of namingContexts
-- Revised 02/17/2010 - v0.4 - Added dependencie to ldap-brute and the abilitity to check for ldap accounts (credentials) stored in nmap registry -- Revised 02/17/2010 - v0.4 - Added dependencie to ldap-brute and the abilitity to check for ldap accounts (credentials) stored in nmap registry
-- Capped output to 20 entries, use ldap.maxObjects to override -- Capped output to 20 entries, use ldap.maxObjects to override
-- Revised 07/16/2010 - v0.5 - Fixed bug with empty contexts, added objectClass person to qfilter users, add error msg for invalid credentials
author = "Patrik Karlsson" author = "Patrik Karlsson"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html" license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
@@ -125,8 +126,9 @@ function action(host,port)
table.insert(contexts, base) table.insert(contexts, base)
end end
if #contexts == 0 then if ( not(contexts) or #contexts == 0 ) then
stdnse.print_debug( "Failed to retrieve namingContexts" ) stdnse.print_debug( "Failed to retrieve namingContexts" )
contexts = {""}
end end
-- perform a bind only if we have valid credentials -- perform a bind only if we have valid credentials
@@ -136,7 +138,7 @@ function action(host,port)
if not status then if not status then
stdnse.print_debug( string.format("ldap-search failed to bind: %s", errmsg) ) stdnse.print_debug( string.format("ldap-search failed to bind: %s", errmsg) )
return return " \n ERROR: Authentication failed"
end end
-- or if ldap-brute found us something -- or if ldap-brute found us something
elseif ( accounts ) then elseif ( accounts ) then
@@ -154,7 +156,8 @@ function action(host,port)
filter = { op=ldap.FILTER._or, val= filter = { op=ldap.FILTER._or, val=
{ {
{ op=ldap.FILTER.equalityMatch, obj='objectClass', val='user' }, { op=ldap.FILTER.equalityMatch, obj='objectClass', val='user' },
{ op=ldap.FILTER.equalityMatch, obj='objectClass', val='posixAccount' } { op=ldap.FILTER.equalityMatch, obj='objectClass', val='posixAccount' },
{ op=ldap.FILTER.equalityMatch, obj='objectClass', val='person' }
} }
} }
elseif qfilter == "computers" or qfilter == "computer" then elseif qfilter == "computers" or qfilter == "computer" then
@@ -196,7 +199,7 @@ function action(host,port)
result_part.name = "" result_part.name = ""
if ( context ) then if ( context ) then
result_part.name = ("Context: %s"):format(context) result_part.name = ("Context: %s"):format(#context > 0 and context or "<empty>")
end end
if ( qfilter ) then if ( qfilter ) then
result_part.name = result_part.name .. ("; QFilter: %s"):format(qfilter) result_part.name = result_part.name .. ("; QFilter: %s"):format(qfilter)
@@ -230,7 +233,7 @@ function action(host,port)
local output = stdnse.format_output(true, result ) local output = stdnse.format_output(true, result )
if ( maxObjects ~= -1 and objCount == maxObjects ) then if ( maxObjects ~= -1 and objCount == maxObjects ) then
output = output .. (" \n\nResult limited to %d objects"):format(maxObjects) output = output .. (" \n\nResult limited to %d objects (see ldap.maxobjects)"):format(maxObjects)
end end
return output return output