Change how ldap_login generate its specific credentials for SCHANNEL …

…&& KERBEROS auth

lib/metasploit/framework/credential_collection.rb

@@ -212,23 +212,6 @@ class CredentialCollection < PrivateCredentialCollection
     #   @return [Boolean]
     attr_accessor :anonymous_login
 
-    # @!attribute ignore_private
-    #   Whether to ignore private (password). This is usually set when Kerberos
-    #   or Schannel authentication is requested and the credentials are
-    #   retrieved from cache or from a file. This attribute should be true in
-    #   these scenarios, otherwise validation will fail since the password is not
-    #   provided.
-    #   @return [Boolean]
-    attr_accessor :ignore_private
-
-    # @!attribute ignore_public
-    #   Whether to ignore public (username). This is usually set when Schannel
-    #   authentication is requested and the credentials are retrieved from a
-    #   file (certificate). This attribute should be true in this case,
-    #   otherwise validation will fail since the password is not provided.
-    #   @return [Boolean]
-    attr_accessor :ignore_public
-
     # @option opts [Boolean] :blank_passwords See {#blank_passwords}
     # @option opts [String] :pass_file See {#pass_file}
     # @option opts [String] :password See {#password}
@@ -267,15 +250,6 @@ def each_filtered
     alias each each_filtered
 
     def each_unfiltered(&block)
-      if ignore_private
-        if ignore_public
-          yield Metasploit::Framework::Credential.new(public: nil, private: nil, realm: realm)
-        else
-          yield Metasploit::Framework::Credential.new(public: username, private: nil, realm: realm)
-        end
-        return
-      end
-
       prepended_creds.each { |c| yield c }
 
       if anonymous_login
@@ -468,14 +442,14 @@ def empty?
     #
     # @return [Boolean]
     def has_users?
-      username.present? || user_file.present? || userpass_file.present? || !additional_publics.empty? || !!ignore_public
+      username.present? || user_file.present? || userpass_file.present? || !additional_publics.empty?
     end
 
     # Returns true when there are any private values set
     #
     # @return [Boolean]
     def has_privates?
-      super || userpass_file.present? || user_as_pass || !!ignore_private
+      super || userpass_file.present? || user_as_pass
     end
 
   end

modules/auxiliary/scanner/ldap/ldap_login.rb

@@ -89,19 +89,9 @@ def validate_connect_options!
   end
 
   def run_host(ip)
-    ignore_public = datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::SCHANNEL
-    ignore_private =
-      datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::SCHANNEL ||
-      (Msf::Exploit::Remote::AuthOption::KERBEROS && !datastore['ANONYMOUS_LOGIN'] && !datastore['PASSWORD'])
-
-    cred_collection = build_credential_collection(
-      username: datastore['USERNAME'],
-      password: datastore['PASSWORD'],
-      realm: datastore['DOMAIN'],
-      anonymous_login: datastore['ANONYMOUS_LOGIN'],
-      blank_passwords: false,
-      ignore_public: ignore_public,
-      ignore_private: ignore_private
+    cred_collection = build_specific_credential_collection(
+      void_login: datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::SCHANNEL,
+      no_password_login: datastore['LDAP::Auth'] == Msf::Exploit::Remote::AuthOption::KERBEROS && !datastore['ANONYMOUS_LOGIN'] && !datastore['PASSWORD']
     )
 
     opts = {
@@ -202,4 +192,25 @@ def session_setup(result)
 
     start_session(self, nil, merge_me, false, my_session.rstream, my_session)
   end
+
+  def build_specific_credential_collection(void_login:, no_password_login:)
+    if void_login
+      Metasploit::Framework::PrivateCredentialCollection.new({
+        nil_password: true
+      })
+    elsif no_password_login
+      Metasploit::Framework::CredentialCollection.new({
+        username: datastore['USERNAME'],
+        nil_password: true
+      })
+    else
+      build_credential_collection(
+        username: datastore['USERNAME'],
+        password: datastore['PASSWORD'],
+        realm: datastore['DOMAIN'],
+        anonymous_login: datastore['ANONYMOUS_LOGIN'],
+        blank_passwords: false
+      )
+    end
+  end
 end