Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix recursive call to ldap_open #19138

Merged
merged 1 commit into from
Apr 26, 2024
Merged

Fix recursive call to ldap_open #19138

merged 1 commit into from
Apr 26, 2024

Conversation

dwelch-r7
Copy link
Contributor

The certifried module seems to have been broken since this PR https://github.com/rapid7/metasploit-framework/pull/18197/files#diff-b7c1aff5ecd40aff88dfb3e8186dcf9b5c82c767ffb28cd69d083545a536609bR112

Issue is caused by both the mixin and the module defining ldap_open then when ldap_connect is called it ends up calling the ldap_open in the module rather than in the mixin, this is just a simple name change to avoid that

Before:

msf6 auxiliary(admin/dcerpc/cve_2022_26923_certifried) > run
[*] Running module against 127.0.0.1

[*] 192.168.176.3:445 - Requesting the ms-DS-MachineAccountQuota value to see if we can add any computer accounts...
[-] 192.168.176.3:445 - Auxiliary failed: ArgumentError wrong number of arguments (given 1, expected 0)
[-] 192.168.176.3:445 - Call stack:
[-] 192.168.176.3:445 -   /Users/dwelch/dev/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb:293:in `ldap_open'
[-] 192.168.176.3:445 -   /Users/dwelch/dev/metasploit-framework/lib/msf/core/exploit/remote/ldap.rb:99:in `ldap_connect'
[-] 192.168.176.3:445 -   /Users/dwelch/dev/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb:305:in `ldap_open'
[-] 192.168.176.3:445 -   /Users/dwelch/dev/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb:261:in `can_add_computer?'
[-] 192.168.176.3:445 -   /Users/dwelch/dev/metasploit-framework/modules/auxiliary/admin/dcerpc/cve_2022_26923_certifried.rb:100:in `run'
[*] Auxiliary module execution completed

After:

msf6 auxiliary(admin/dcerpc/cve_2022_26923_certifried) > run
[*] Running module against 127.0.0.1

[*] 127.0.0.1:445 - Requesting the ms-DS-MachineAccountQuota value to see if we can add any computer accounts...
[-] 127.0.0.1:445 - 127.0.0.1:445 LDAP error 49: Invalid Credentials - 8009030C: LdapErr: DSID-0C0904DC, comment: AcceptSecurityContext error, data 51f, v1db1
[!] 127.0.0.1:445 - Received no result when trying to obtain ms-DS-MachineAccountQuota. Adding a computer account may not work.
[*] 127.0.0.1:445 - Connecting SMB with vagrant.windomain.local:vagrant
[-] 127.0.0.1:445 - Auxiliary aborted due to failure: unreachable: The connection was refused by the remote host (127.0.0.1:445).
[*] Auxiliary module execution completed

Verification Steps:

  • Run the certifried module
  • Verify we no longer get the ArgumentError exception

@adfoster-r7 adfoster-r7 merged commit 7e2e3ee into rapid7:master Apr 26, 2024
34 checks passed
@adfoster-r7 adfoster-r7 added the rn-fix release notes fix label Apr 26, 2024
@adfoster-r7
Copy link
Contributor

Release Notes

Fixes a crash in the cve_2022_26923_certifried module

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
rn-fix release notes fix
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@dwelch-r7 @adfoster-r7