Exception while calling proto_flow() #332
Comments
|
Thanks for the report. We'll have to check if Impacket supports SMB/Samba to non-Windows, but I don't think it does... so I agree with your expectation that these errors should be handled with better output shown. |
|
Impacket definitely supports non windows SMB servers, not sure why this one breaks though. Can you provide the SMB version the server uses? |
|
Okay after taking a second look it looks to me like you have found valid credentials against that SMB server and nxc now tries to evaluate if you have admin privileges with MSRPC stuff which therefore fails because it isn't a windows host. So the best fix would probably be to not run the windows admin check if we can detect, that it is a linux host. |
|
That would be great to have the OS check, no clue how comprehensive it can be but being able to see Windows/Unix hosts in the output is handy. Currently I think it reports Windows 6.1 or something when the host is Unix running Samba. |
|
So i took a deep dive into how to detect Unix systems.
I will add a check that will display "Unix" if we match these criteria and than also prevents the admin check. |
|
Hi again, managed to create this error again with the latest build (just re-installed today). Works fine without any domain -d flag supplied, however once I do supplied a domain for use with authentication, the proto_flow() exception happens, except on different lines of connection.py. Commands are exactly the same as before, without domain is works fine but doesn't report the host as Unix, this may also be due to invalid creds; This could be specific to this host, as other Unix hosts the login and OS reporting works correctly Perhaps this is something to do with QUMULO and some proprietary Samba service going on, I really don't know enough to say for sure but thought I would post as it does still create allot of messy output that IMO, should be reserved for verbose or debug flag, especially in this case where I'm scanning a /24 and this clusters the output. Particularity as a lot of users of this tool may run into proprietary and undocumented technology built of standard tech (like being build off the Samba/SMB RFC) that may break functions.
|
|
Ah yes this is because this service reports the build number 7600. @mpgn showed me another system reporting that build number. If anyone of you can manage to get root on the system so we could figure out which service hosts the smb server that would be really helpful. Maybe we can identify another smb service which we can detect. Besides that I will add exception handling for that use case |
|
Unfortunatly the test ended before we could get anymore info from that server, so it will remain a mystery. Exception handling would very useful however. |
|
Well, atleast the stack trace should be fixed now :) |
|
Closing for now, as this should be handled with #356 |
Describe the bug
This bug seems to occur either due to login failing, or more likely because the host is not running Windows, and SMB connection was with a Samba host. The target was runnig Ubuntu This was noticed when scanning a network with credentials to determine which hosts the creds worked on. Output was unusable due to the errors taking up all the terminal output.
To Reproduce
Username/password/domain have been redacted
Command:
netexec smb 172.16.10.241 -u username -p password -d domainResulted in:
Expected behavior
At the least this level of output should be reserved for a verbose or debug flag, this would ensure the output would remain clean and allow the use to optionall view this information to debug issues with certain hosts.
However it would be nice to have some level of detection done to determine if it is a Unix host running Samba or a Winodws host.
NetExec info
The text was updated successfully, but these errors were encountered: