Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fixing case insensitive issue for show options #17459 #17663

Merged
merged 1 commit into from
Feb 18, 2023
Merged

fixing case insensitive issue for show options #17459 #17663

merged 1 commit into from
Feb 18, 2023

Conversation

manishkumarr1017
Copy link
Contributor

@manishkumarr1017 manishkumarr1017 commented Feb 18, 2023
edited by gwillcox-r7
Loading

Fixes #17459 where the show options fails to show the action if the action is set in different case case.

Verification

  • Start msfconsole
  • use auxiliary/gather/ldap_query
  • set action run_query_file
  • show options
  • Verify that the auxiliary action has been properly set
msf6 > use auxiliary/gather/ldap_query
msf6 auxiliary(gather/ldap_query) > set action run_query_file
action => run_query_file
msf6 auxiliary(gather/ldap_query) > show options

Module options (auxiliary/gather/ldap_query):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   BASE_DN                         no        LDAP base DN if you already have it
   DOMAIN                          no        The domain to authenticate to
   OUTPUT_FORMAT  table            yes       The output format to use (Accepted: csv, table, json)
   PASSWORD                        no        The password to authenticate with
   RHOSTS                          yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploi
                                             t.html
   RPORT          389              yes       The target port
   SSL            false            no        Enable SSL on the LDAP connection
   USERNAME                        no        The username to authenticate with


   When ACTION is RUN_SINGLE_QUERY:

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   QUERY_ATTRIBUTES                   no        Comma seperated list of attributes to retrieve from the server
   QUERY_FILTER                       no        Filter to send to the target LDAP server to perform the query


   When ACTION is RUN_QUERY_FILE:

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   QUERY_FILE_PATH                   no        Path to the JSON or YAML file to load and run queries from


Auxiliary action:

   Name            Description
   ----            -----------
   RUN_QUERY_FILE  Execute a custom set of LDAP queries from the JSON or YAML file specified by QUERY_FILE.



View the full module info with the info, or info -d command.

msf6 auxiliary(gather/ldap_query) >

Normal Flow

  • Start msfconsole
  • use auxiliary/gather/ldap_query
  • set action RUN_QUERY_FILE
  • show options
  • Verify that the auxiliary action has been properly set
msf6 > use auxiliary/gather/ldap_query
msf6 auxiliary(gather/ldap_query) > set action RUN_QUERY_FILE
action => RUN_QUERY_FILE
msf6 auxiliary(gather/ldap_query) > show options

Module options (auxiliary/gather/ldap_query):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   BASE_DN                         no        LDAP base DN if you already have it
   DOMAIN                          no        The domain to authenticate to
   OUTPUT_FORMAT  table            yes       The output format to use (Accepted: csv, table, json)
   PASSWORD                        no        The password to authenticate with
   RHOSTS                          yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploi
                                             t.html
   RPORT          389              yes       The target port
   SSL            false            no        Enable SSL on the LDAP connection
   USERNAME                        no        The username to authenticate with


   When ACTION is RUN_SINGLE_QUERY:

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   QUERY_ATTRIBUTES                   no        Comma seperated list of attributes to retrieve from the server
   QUERY_FILTER                       no        Filter to send to the target LDAP server to perform the query


   When ACTION is RUN_QUERY_FILE:

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   QUERY_FILE_PATH                   no        Path to the JSON or YAML file to load and run queries from


Auxiliary action:

   Name            Description
   ----            -----------
   RUN_QUERY_FILE  Execute a custom set of LDAP queries from the JSON or YAML file specified by QUERY_FILE.



View the full module info with the info, or info -d command.

msf6 auxiliary(gather/ldap_query) >

@bcoles bcoles added the bug label Feb 18, 2023
@gwillcox-r7 gwillcox-r7 self-assigned this Feb 18, 2023
@gwillcox-r7
Copy link
Contributor

Before:

msf6 > use auxiliary/gather/ldap_query 
msf6 auxiliary(gather/ldap_query) > set action run_query_file
action => run_query_file
msf6 auxiliary(gather/ldap_query) > show optinos
[-] Invalid parameter "optinos", use "show -h" for more information
msf6 auxiliary(gather/ldap_query) > show options

Module options (auxiliary/gather/ldap_query):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   BASE_DN                         no        LDAP base DN if you already have it
   DOMAIN                          no        The domain to authenticate to
   OUTPUT_FORMAT  table            yes       The output format to use (Accepted: csv, table, json)
   PASSWORD                        no        The password to authenticate with
   RHOSTS                          yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT          389              yes       The target port
   SSL            false            no        Enable SSL on the LDAP connection
   USERNAME                        no        The username to authenticate with


   When ACTION is RUN_SINGLE_QUERY:

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   QUERY_ATTRIBUTES                   no        Comma seperated list of attributes to retrieve from the server
   QUERY_FILTER                       no        Filter to send to the target LDAP server to perform the query


   When ACTION is RUN_QUERY_FILE:

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   QUERY_FILE_PATH                   no        Path to the JSON or YAML file to load and run queries from


View the full module info with the info, or info -d command.

msf6 auxiliary(gather/ldap_query) >

@gwillcox-r7
Copy link
Contributor

After:

msf6 > use auxiliary/gather/ldap_query
msf6 auxiliary(gather/ldap_query) > show options

Module options (auxiliary/gather/ldap_query):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   BASE_DN                         no        LDAP base DN if you already have it
   DOMAIN                          no        The domain to authenticate to
   OUTPUT_FORMAT  table            yes       The output format to use (Accepted: csv, table, json)
   PASSWORD                        no        The password to authenticate with
   RHOSTS                          yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT          389              yes       The target port
   SSL            false            no        Enable SSL on the LDAP connection
   USERNAME                        no        The username to authenticate with


   When ACTION is RUN_SINGLE_QUERY:

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   QUERY_ATTRIBUTES                   no        Comma seperated list of attributes to retrieve from the server
   QUERY_FILTER                       no        Filter to send to the target LDAP server to perform the query


   When ACTION is RUN_QUERY_FILE:

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   QUERY_FILE_PATH                   no        Path to the JSON or YAML file to load and run queries from


Auxiliary action:

   Name           Description
   ----           -----------
   ENUM_ACCOUNTS  Dump info about all known user accounts in the domain.



View the full module info with the info, or info -d command.

msf6 auxiliary(gather/ldap_query) > set action run_query_file
action => run_query_file
msf6 auxiliary(gather/ldap_query) > show options

Module options (auxiliary/gather/ldap_query):

   Name           Current Setting  Required  Description
   ----           ---------------  --------  -----------
   BASE_DN                         no        LDAP base DN if you already have it
   DOMAIN                          no        The domain to authenticate to
   OUTPUT_FORMAT  table            yes       The output format to use (Accepted: csv, table, json)
   PASSWORD                        no        The password to authenticate with
   RHOSTS                          yes       The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   RPORT          389              yes       The target port
   SSL            false            no        Enable SSL on the LDAP connection
   USERNAME                        no        The username to authenticate with


   When ACTION is RUN_SINGLE_QUERY:

   Name              Current Setting  Required  Description
   ----              ---------------  --------  -----------
   QUERY_ATTRIBUTES                   no        Comma seperated list of attributes to retrieve from the server
   QUERY_FILTER                       no        Filter to send to the target LDAP server to perform the query


   When ACTION is RUN_QUERY_FILE:

   Name             Current Setting  Required  Description
   ----             ---------------  --------  -----------
   QUERY_FILE_PATH                   no        Path to the JSON or YAML file to load and run queries from


Auxiliary action:

   Name            Description
   ----            -----------
   RUN_QUERY_FILE  Execute a custom set of LDAP queries from the JSON or YAML file specified by QUERY_FILE.



View the full module info with the info, or info -d command.

msf6 auxiliary(gather/ldap_query) >

@gwillcox-r7
Copy link
Contributor

@manishkumarr1017 Changes look good will get this landed now 👍

@gwillcox-r7 gwillcox-r7 merged commit 066d0a6 into rapid7:master Feb 18, 2023
@gwillcox-r7 gwillcox-r7 added the rn-fix release notes fix label Feb 18, 2023
@gwillcox-r7 gwillcox-r7 mentioned this pull request Feb 18, 2023
Closed
@smcintyre-r7
Copy link
Contributor

Release Notes

This fixes an issue where action names were being treated as case sensitive.

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gwillcox-r7 gwillcox-r7 gwillcox-r7 approved these changes

Assignees

@gwillcox-r7 gwillcox-r7

Labels
bug library rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Update show options to be case insensitive
4 participants
@manishkumarr1017 @gwillcox-r7 @smcintyre-r7 @bcoles