Skip to content

Log SMB services #21266

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zeroSteiner wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Log SMB services #21266

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7ab7141
Log SMB services
zeroSteiner Apr 9, 2026
f3baacd
Use #dialect for old rex client code
zeroSteiner Apr 16, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
68 changes: 53 additions & 15 deletions lib/msf/core/exploit/remote/smb/client.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -186,21 +186,27 @@ def smb_login(simple_client = self.simple, opts: {})
simple_client.client.kerberos_authenticator = kerberos_authenticator
end

simple_client.login(
datastore['SMBName'],
username,
password,
domain,
datastore['SMB::VerifySignature'],
datastore['NTLM::UseNTLMv2'],
datastore['NTLM::UseNTLM2_session'],
datastore['NTLM::SendLM'],
datastore['NTLM::UseLMKey'],
datastore['NTLM::SendNTLM'],
datastore['SMB::Native_OS'],
datastore['SMB::Native_LM'],
{ :use_spn => datastore['NTLM::SendSPN'], :name => simple_client.peerhost }
)
begin
simple_client.login(
datastore['SMBName'],
username,
password,
domain,
datastore['SMB::VerifySignature'],
datastore['NTLM::UseNTLMv2'],
datastore['NTLM::UseNTLM2_session'],
datastore['NTLM::SendLM'],
datastore['NTLM::UseLMKey'],
datastore['NTLM::SendNTLM'],
datastore['SMB::Native_OS'],
datastore['SMB::Native_LM'],
{ :use_spn => datastore['NTLM::SendSPN'], :name => simple_client.peerhost }
)
ensure
if simple_client.client.dialect.present?
Copy link
Copy Markdown
Contributor

@dwelch-r7 dwelch-r7 Apr 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

NAB: Let's consider wrappingthis detection up in a function so it's more obvious to future travellers what the intent is and so we can potentially change the underlying implementation in the future/add error handling etc.

report_smb_service(client: simple_client)
end
end
# XXX: Any reason to connect to the IPC$ share in this method?
simple_client.client.tree_connect("\\\\#{simple_client.peerhost}\\IPC$")
end
Expand Down Expand Up @@ -904,6 +910,38 @@ def smb_lanman_netshareenumall
shares
end

def report_smb_service(client: nil)
info = "Module: #{fullname}"

client = simple.client if client.nil? && simple.present?
client = client.client if client.is_a?(Rex::Proto::SMB::SimpleClient)

# simple is only set if the global option is true when calling #connect, which it is by default
if client.present?
peerhost = client.dispatcher.tcp_socket.peerhost
peerport = client.dispatcher.tcp_socket.peerport
smb_version = client.respond_to?(:negotiated_smb_version) ? client.negotiated_smb_version : 1
info << ", last negotiated version: SMBv#{smb_version} (dialect = #{client.dialect})"
else
peerhost = rhost
peerport = rport
end

report_service(
name: 'smb',
host: peerhost,
port: peerport,
proto: 'tcp',
info: info,
parents: {
name: 'tcp',
host: peerhost,
port: peerport,
proto: 'tcp'
}
)
end

# @return [Rex::Proto::SMB::SimpleClient]
attr_accessor :simple
end
Expand Down
14 changes: 1 addition & 13 deletions lib/msf/core/exploit/remote/smb/client/ipc.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,19 +46,7 @@ def report_dcerpc_service
port: simple.peerport,
proto: 'tcp',
resource: { smb: { share: 'IPC$' } },
parents: {
name: 'smb',
host: simple.peerhost,
port: simple.peerport,
proto: 'tcp',
info: "Module: #{fullname}, last negotiated version: SMBv#{simple.client.negotiated_smb_version} (dialect = #{simple.client.dialect})",
parents: {
name: 'tcp',
host: simple.peerhost,
port: simple.peerport,
proto: 'tcp'
}
}
parents: report_smb_service
)
end

Expand Down
Loading