search

Kevin-Robertson / Inveigh

.NET IPv4/IPv6 machine-in-the-middle tool for penetration testers
BSD 3-Clause "New" or "Revised" License
2.44k stars 433 forks source link

Fails to capture challenge over SMB #2

Closed Kevin-Robertson closed 8 years ago

Kevin-Robertson commented 8 years ago

I received a report of failed challenge capture over SMB. I found that there is at least one variation of an SMB2 NTLMSSP Challenge packet with that will prevent the challenge from being captured. I captured a packet from Windows 10 to Windows 10 showing 2 less bytes than expected between supportedMech and the NTLMSSP identifier in Wireshark. This causes the NTLMSSP type check to fail. Modifying the offset (line 829 of current version) can resolve the issue as a temp fix. Changing it to 27 worked for the Windows 10 scenario above. I will add in a better fix.

Kevin-Robertson commented 8 years ago

Should now be corrected for Windows 10.

Kevin-Robertson commented 8 years ago

Changed the SMB capture functions to base everything off of the index of NTLMSSP. Tested on Windows 7, Windows 8.1, Windows XP, and Windows 10.