Add support for LDAP target URIs

zeroSteiner · zeroSteiner · commit 70df033d8dff · 2025-04-03T16:25:22.000-04:00
diff --git a/lib/msf/core/rhosts_walker.rb b/lib/msf/core/rhosts_walker.rb
@@ -15,6 +15,8 @@ class RhostsWalker
       file
       http
       https
+      ldap
+      ldaps
       mysql
       postgres
       smb
@@ -251,6 +253,45 @@ def parse_http_uri(value, datastore)
     end
     alias parse_https_uri parse_http_uri
 
+    # Parses a uri string such as ldap://user:password@example.com into a hash which can safely be
+    # merged with a [Msf::DataStore] datastore for setting ldap options.
+    #
+    # @see https://datatracker.ietf.org/doc/html/rfc4516
+    #
+    # @param value [String] the ldap string
+    # @return [Hash] A hash where keys match the required datastore options associated with
+    #   the uri value
+    def parse_ldap_uri(value, datastore)
+      uri = ::Addressable::URI.parse(value)
+      result = {}
+
+      result['RHOSTS'] = uri.hostname
+      is_ssl = %w[ssl ldaps].include?(uri.scheme)
+      result['RPORT'] = uri.port || (is_ssl ? 636 : 389)
+      result['SSL'] = is_ssl
+
+      if uri.path.present?
+        base_dn = uri.path.delete_prefix('/').split('?', 2).first
+        result['BASE_DN'] = base_dn if base_dn.present?
+      end
+
+      set_hostname(datastore, result, uri.hostname)
+
+      if uri.user && uri.user.include?(';')
+        domain, user = uri.user.split(';')
+        result['LDAPDomain'] = domain
+        set_username(datastore, result, user)
+      elsif uri.user
+        result['LDAPDomain'] = ''
+        set_username(datastore, result, uri.user)
+      end
+
+      set_password(datastore, result, uri.password) if uri.password
+
+      result
+    end
+    alias parse_ldaps_uri parse_ldap_uri
+
     # Parses a uri string such as mysql://user:password@example.com into a hash
     # which can safely be merged with a [Msf::DataStore] datastore for setting mysql options.
     #
@@ -353,7 +394,7 @@ def set_hostname(datastore, result, hostname)
     def set_username(datastore, result, username)
       # Preference setting application specific values first
       username_set = false
-      option_names = %w[SMBUser FtpUser Username user USER USERNAME username]
+      option_names = %w[SMBUser FtpUser LDAPUsername Username user USER USERNAME username]
       option_names.each do |option_name|
         if datastore.options.include?(option_name)
           result[option_name] = username
@@ -372,7 +413,7 @@ def set_username(datastore, result, username)
     def set_password(datastore, result, password)
       # Preference setting application specific values first
       password_set = false
-      password_option_names = %w[SMBPass FtpPass Password pass PASSWORD password]
+      password_option_names = %w[SMBPass FtpPass LDAPPassword Password pass PASSWORD password]
       password_option_names.each do |option_name|
         if datastore.options.include?(option_name)
           result[option_name] = password
