Remote::JndiInjection: handle LDAP UnbindRequest

[sempervictus]

@ErikWynter showed me this output during his effort to pwn APC servers:

The unexpected request 2 bit is misleading - thats the LDAP component not handling the session termination in the catch-all. This takes developers down the wrong debug path, and is easy to remedy.
Resolve by explicitly adding a case for the UnbindRequest type.

Ping @smcintyre-r7 - requesting eyes-on in case i broke something (its kinda late). 😄

[smcintyre-r7]

Would you mind also updating

metasploit-framework/lib/rex/proto/ldap/server.rb

Line 185 in 4b082b9

else

to include these changes so they stay in sync?

[sempervictus]

Would you mind also updating

metasploit-framework/lib/rex/proto/ldap/server.rb

Line 185 in 4b082b9

else

to include these changes so they stay in sync?

set

[smcintyre-r7]

Changes look good to me. I tested this by using the exploit/multi/http/log4shell_header_injection module and setting WfsDelay to 300. While the module was waiting for a shell, I was able to use a client to perform bind and unbind requests to ensure things were functioning properly.

msf6 exploit(multi/http/log4shell_header_injection) > run

[+] mkfifo /tmp/lasod; (nc -l -p 4444 ||nc -l 4444)0</tmp/lasod | /bin/sh >/tmp/lasod 2>&1; rm /tmp/lasod
[*] Running automatic check ("set AutoCheck false" to disable)
[*] Using auxiliary/scanner/http/log4shell_scanner as check
[*] Scanned 1 of 1 hosts (100% complete)
[*] Sleeping 300 seconds for any last LDAP connections
[*] Client sent unbind request

[smcintyre-r7]

Release Notes

This updates the LDAP server library to handle unbind requests.