Change how ldap_login generate its specific credentials for SCHANNEL && KERBEROS auth

Mathiou04 · smcintyre-r7 · commit 14bc1f14fc47 · 2025-09-08T13:02:30.000-04:00
diff --git a/modules/auxiliary/scanner/ldap/ldap_login.rb b/modules/auxiliary/scanner/ldap/ldap_login.rb
@@ -93,22 +93,9 @@ def validate_connect_options!
   end
 
   def run_host(ip)
-    ignore_public = ignore_private = false
-    case datastore['LDAP::Auth']
-    when Msf::Exploit::Remote::AuthOption::SCHANNEL
-      ignore_public = ignore_private = true
-    when Msf::Exploit::Remote::AuthOption::KERBEROS
-      ignore_private = !datastore['ANONYMOUS_LOGIN'] && !datastore['LDAPPassword']
-    end
-
-    cred_collection = build_credential_collection(
-      username: datastore['LDAPUsername'],
-      password: datastore['LDAPPassword'],
-      realm: datastore['LDAPDomain'],
-      anonymous_login: datastore['ANONYMOUS_LOGIN'],
-      blank_passwords: false,
-      ignore_public: ignore_public,
-      ignore_private: ignore_private
+    cred_collection = build_specific_credential_collection(
+      void_login: datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::SCHANNEL,
+      no_password_login: datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::KERBEROS && !datastore['ANONYMOUS_LOGIN'] && !datastore['LDAPPassword']
     )
 
     pkcs12_storage = Msf::Exploit::Remote::Pkcs12::Storage.new(framework: framework, framework_module: self)
@@ -215,4 +202,25 @@ def session_setup(result)
 
     start_session(self, nil, merge_me, false, my_session.rstream, my_session)
   end
+
+  def build_specific_credential_collection(void_login:, no_password_login:)
+    if void_login
+      Metasploit::Framework::PrivateCredentialCollection.new({
+        nil_passwords: true
+      })
+    elsif no_password_login
+      Metasploit::Framework::CredentialCollection.new({
+        username: datastore['LDAPUsername'],
+        nil_passwords: true
+      })
+    else
+      build_credential_collection(
+        username: datastore['LDAPUsername'],
+        password: datastore['LDAPPassword'],
+        realm: datastore['DOMAIN'],
+        anonymous_login: datastore['ANONYMOUS_LOGIN'],
+        blank_passwords: false
+      )
+    end
+  end
 end
