diff --git a/lib/msf/core/exploit/remote/smb/client.rb b/lib/msf/core/exploit/remote/smb/client.rb index 1092b925454f6..5a40a07b2ea5b 100644 --- a/lib/msf/core/exploit/remote/smb/client.rb +++ b/lib/msf/core/exploit/remote/smb/client.rb @@ -186,21 +186,27 @@ def smb_login(simple_client = self.simple, opts: {}) simple_client.client.kerberos_authenticator = kerberos_authenticator end - simple_client.login( - datastore['SMBName'], - username, - password, - domain, - datastore['SMB::VerifySignature'], - datastore['NTLM::UseNTLMv2'], - datastore['NTLM::UseNTLM2_session'], - datastore['NTLM::SendLM'], - datastore['NTLM::UseLMKey'], - datastore['NTLM::SendNTLM'], - datastore['SMB::Native_OS'], - datastore['SMB::Native_LM'], - { :use_spn => datastore['NTLM::SendSPN'], :name => simple_client.peerhost } - ) + begin + simple_client.login( + datastore['SMBName'], + username, + password, + domain, + datastore['SMB::VerifySignature'], + datastore['NTLM::UseNTLMv2'], + datastore['NTLM::UseNTLM2_session'], + datastore['NTLM::SendLM'], + datastore['NTLM::UseLMKey'], + datastore['NTLM::SendNTLM'], + datastore['SMB::Native_OS'], + datastore['SMB::Native_LM'], + { :use_spn => datastore['NTLM::SendSPN'], :name => simple_client.peerhost } + ) + ensure + if simple_client.client.dialect.present? + report_smb_service(client: simple_client) + end + end # XXX: Any reason to connect to the IPC$ share in this method? simple_client.client.tree_connect("\\\\#{simple_client.peerhost}\\IPC$") end @@ -904,6 +910,38 @@ def smb_lanman_netshareenumall shares end + def report_smb_service(client: nil) + info = "Module: #{fullname}" + + client = simple.client if client.nil? && simple.present? + client = client.client if client.is_a?(Rex::Proto::SMB::SimpleClient) + + # simple is only set if the global option is true when calling #connect, which it is by default + if client.present? + peerhost = client.dispatcher.tcp_socket.peerhost + peerport = client.dispatcher.tcp_socket.peerport + smb_version = client.respond_to?(:negotiated_smb_version) ? client.negotiated_smb_version : 1 + info << ", last negotiated version: SMBv#{smb_version} (dialect = #{client.dialect})" + else + peerhost = rhost + peerport = rport + end + + report_service( + name: 'smb', + host: peerhost, + port: peerport, + proto: 'tcp', + info: info, + parents: { + name: 'tcp', + host: peerhost, + port: peerport, + proto: 'tcp' + } + ) + end + # @return [Rex::Proto::SMB::SimpleClient] attr_accessor :simple end diff --git a/lib/msf/core/exploit/remote/smb/client/ipc.rb b/lib/msf/core/exploit/remote/smb/client/ipc.rb index 945695403aeff..1dba4089142b8 100644 --- a/lib/msf/core/exploit/remote/smb/client/ipc.rb +++ b/lib/msf/core/exploit/remote/smb/client/ipc.rb @@ -46,19 +46,7 @@ def report_dcerpc_service port: simple.peerport, proto: 'tcp', resource: { smb: { share: 'IPC$' } }, - parents: { - name: 'smb', - host: simple.peerhost, - port: simple.peerport, - proto: 'tcp', - info: "Module: #{fullname}, last negotiated version: SMBv#{simple.client.negotiated_smb_version} (dialect = #{simple.client.dialect})", - parents: { - name: 'tcp', - host: simple.peerhost, - port: simple.peerport, - proto: 'tcp' - } - } + parents: report_smb_service ) end