Merge pull request #20461 from adfoster-r7/improve-login-summary-for-ldap-scanner

cgranleese-r7 · web-flow · commit ec7d47c2718d · 2025-08-12T11:25:50.000+01:00
Improve login summary for ldap schannel scanner
diff --git a/lib/msf/core/auxiliary/report_summary.rb b/lib/msf/core/auxiliary/report_summary.rb
@@ -71,11 +71,23 @@ def login_credentials(credential_data)
       def create_credential_login(credential_data)
         return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report
 
-        @report[rhost] = { successful_logins: [] }
+        @report[rhost] ||= {}
+        @report[rhost][:successful_logins] ||= []
         @report[rhost][:successful_logins] << login_credentials(credential_data)
         super
       end
 
+      def report_successful_login(public:, private:)
+        return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report
+
+        @report[rhost] ||= {}
+        @report[rhost][:successful_logins] ||= []
+        @report[rhost][:successful_logins] << {
+          public: public,
+          private_data: private
+        }
+      end
+
       # Creates a credential and adds to to the DB if one is present, then calls create_credential_login to
       # attempt a login
       #
@@ -90,7 +102,8 @@ def create_credential_login(credential_data)
       def create_credential_and_login(credential_data)
         return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins'] && @report
 
-        @report[rhost] = { successful_logins: [] }
+        @report[rhost] ||= {}
+        @report[rhost][:successful_logins] ||= []
         @report[rhost][:successful_logins] << login_credentials(credential_data)
         super
       end
@@ -107,14 +120,9 @@ def create_credential_and_login(credential_data)
       def start_session(obj, info, ds_merge, crlf = false, sock = nil, sess = nil)
         return super unless framework.features.enabled?(Msf::FeatureManager::SHOW_SUCCESSFUL_LOGINS) && datastore['ShowSuccessfulLogins']
 
-        unless @report && @report[rhost]
-          elog("No RHOST found in report, skipping reporting for #{rhost}")
-          print_brute level: :error, ip: rhost, msg: "No RHOST found in report, skipping reporting for #{rhost}"
-          return super
-        end
-
         result = super
-        @report[rhost].merge!({ successful_sessions: [] })
+        @report[rhost] ||= {}
+        @report[rhost][:successful_sessions] ||= []
         @report[rhost][:successful_sessions] << result
         result
       end
@@ -127,6 +135,7 @@ def start_session(obj, info, ds_merge, crlf = false, sock = nil, sess = nil)
       #
       # @return [Hash] Rhost keys mapped to successful logins and sessions for each host
       def print_report_summary
+        return unless @report
         report = @report
 
         logins = report.flat_map { |_k, v| v[:successful_logins] }.compact
diff --git a/modules/auxiliary/scanner/ldap/ldap_login.rb b/modules/auxiliary/scanner/ldap/ldap_login.rb
@@ -71,7 +71,7 @@ def create_session?
 
   def run
     validate_connect_options!
-    results = super
+    results = super || {}
     logins = results.flat_map { |_k, v| v[:successful_logins] }
     sessions = results.flat_map { |_k, v| v[:successful_sessions] }
     print_status("Bruteforce completed, #{logins.size} #{logins.size == 1 ? 'credential was' : 'credentials were'} successful.")
@@ -169,6 +169,10 @@ def run_host(ip)
         if opts[:ldap_auth] == Msf::Exploit::Remote::AuthOption::SCHANNEL
           # Schannel auth has no meaningful credential information to store in the DB
           msg = opts[:ldap_pkcs12].nil? ? 'Using stored certificate' : "Cert File #{opts[:ldap_pkcs12][:path]} (#{opts[:ldap_pkcs12][:value].certificate.subject})"
+          report_successful_login(
+            public: opts[:ldap_pkcs12][:value].certificate.subject.to_s,
+            private: opts[:ldap_pkcs12][:path]
+          )
           print_brute level: :good, ip: ip, msg: "Success: '#{msg}'"
         else
           create_credential_and_login(credential_data) if result.credential.private
