Added the REQUEST_TARGET flag to the extended authentication packet. I have no clue what that flag does, and I can't find any documentation, but Nmap completely fails against Windows 7 unless it's set.

2025-12-10 07:01:32 +00:00 · 2010-09-24 03:42:38 +00:00
parent f71008bcd3
commit 9ae7fb6a5d
1 changed files with 1 additions and 1 deletions
--- a/nselib/smbauth.lua
+++ b/nselib/smbauth.lua
@@ -658,7 +658,7 @@ end
 function get_security_blob(security_blob, ip, username, domain, password, password_hash, hash_type)
 	local pos = 1
 	local new_blob
-	local flags = 0x00008211 -- (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | NEGOTIATE_UNICODE)
+	local flags = 0x00008215 -- (NEGOTIATE_SIGN_ALWAYS | NEGOTIATE_NTLM | NEGOTIATE_SIGN | REQUEST_TARGET | NEGOTIATE_UNICODE)

 	if(security_blob == nil) then
 		-- If security_blob is nil, this is the initial packet