Call LDAP whoami when the username is not present

zeroSteiner · zeroSteiner · commit 468f168f0460 · 2025-03-27T15:00:53.000-04:00
diff --git a/lib/msf/base/sessions/ldap.rb b/lib/msf/base/sessions/ldap.rb
@@ -42,7 +42,17 @@ def bootstrap(datastore = {}, handler = nil)
     session = self
     session.init_ui(user_input, user_output)
 
-    @info = "LDAP #{datastore['USERNAME']} @ #{@peer_info}"
+    username = datastore['USERNAME']
+    if username.blank?
+      begin
+        whoami = client.ldapwhoami
+      rescue Net::LDAP::Error => e
+        ilog('ldap session opened with no username and the target does not support the LDAP whoami extension')
+      else
+        username = whoami.delete_prefix('u:').split('\\').last
+      end
+    end
+    @info = "LDAP #{username} @ #{@peer_info}"
   end
 
   def execute_file(full_path, args)
diff --git a/spec/lib/msf/base/sessions/ldap_spec.rb b/spec/lib/msf/base/sessions/ldap_spec.rb
@@ -23,6 +23,7 @@
     allow(client).to receive(:peerinfo).and_return(peer_info)
     allow(client).to receive(:peerhost).and_return(address)
     allow(client).to receive(:peerport).and_return(port)
+    allow(client).to receive(:ldapwhoami).and_return("u:WORKGROUP\\Administrator")
   end
 
   it_behaves_like 'client session'
