PenTest/nmap
1
0
Fork 0
mirror of https://github.com/nmap/nmap.git synced 2025-12-09 22:21:29 +00:00
Code Issues Projects Releases Wiki Activity

Solve "unexpected signature" message in SMB extended session setup (NTLM type 2 message only sent once)

Browse Source
This commit is contained in:
dmiller
2016-01-07 20:33:10 +00:00
parent c8d64e9009
commit 68599ce140
1 changed files with 20 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
nselib/smb.lua
View File

@@ -1319,6 +1319,7 @@ local function start_session_extended(smb, log_errors, overrides)
sp_nego = ( oid == "\x2b\x06\x01\x05\x05\x02" ) -- check for SPNEGO OID 1.3.6.1.5.5.2 sp_nego = ( oid == "\x2b\x06\x01\x05\x05\x02" ) -- check for SPNEGO OID 1.3.6.1.5.5.2
end end
local ntlm_challenge_accepted = false
while result ~= false do while result ~= false do
-- These are loop variables -- These are loop variables
local security_blob = nil local security_blob = nil
@@ -1427,24 +1428,27 @@ local function start_session_extended(smb, log_errors, overrides)
-- Parse the data -- Parse the data
pos, security_blob, os, lanmanager = bin.unpack(string.format("<A%dzz", security_blob_length), data) pos, security_blob, os, lanmanager = bin.unpack(string.format("<A%dzz", security_blob_length), data)
if ( status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED" and sp_nego ) then if not ntlm_challenge_accepted then
local start = security_blob:find("NTLMSSP") if ( status_name == "NT_STATUS_MORE_PROCESSING_REQUIRED" and sp_nego ) then
security_blob = security_blob:sub(start) local start = security_blob:find("NTLMSSP")
end security_blob = security_blob:sub(start)
end
if(security_blob == nil or lanmanager == nil) then if(security_blob == nil or lanmanager == nil) then
return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [19]" return false, "SMB: ERROR: Server returned less data than it was supposed to (one or more fields are missing); aborting [19]"
end end
smb['os'] = os smb['os'] = os
smb['lanmanager'] = lanmanager smb['lanmanager'] = lanmanager
local host_info = smbauth.get_host_info_from_security_blob(security_blob) local host_info = smbauth.get_host_info_from_security_blob(security_blob)
if ( host_info ) then if ( host_info ) then
smb['fqdn'] = host_info['fqdn'] smb['fqdn'] = host_info['fqdn']
smb['domain_dns'] = host_info['dns_domain_name'] smb['domain_dns'] = host_info['dns_domain_name']
smb['forest_dns'] = host_info['dns_forest_name'] smb['forest_dns'] = host_info['dns_forest_name']
smb['server'] = host_info['netbios_computer_name'] smb['server'] = host_info['netbios_computer_name']
smb['domain'] = host_info['netbios_domain_name'] smb['domain'] = host_info['netbios_domain_name']
end
ntlm_challenge_accepted = true
end end