Closed filipesam closed 4 years ago
As a workaround, I think you can do -u notausername
and it will then work
It seems to support NULL session just fine for my tests:
$ ./smbmap.py -u '' -p '' --host-file test.txt
[!] Authentication error on 192.168.86.46
[+] IP: 192.168.86.43:445 Name: shawnevans-pc.lan
[+] IP: 127.0.0.1:445 Name: localhost
Disk Permissions Comment
---- ----------- -------
print$ NO ACCESS Printer Drivers
IPC$ NO ACCESS IPC Service (pop-os server (Samba, Ubuntu))
HP-LaserJet-1020 NO ACCESS HP LaserJet 1020
I'd suggest cloning the latest to see if that resolves anything.
I ran into a similar issue and the problem was that I was using the -L
option which doesn't do anything if not authenticated (unless I'm mistaken):
mex_group2.add_argument("-L", dest='list_drives', action="store_true", help="List all drives on the specified host")
...
if args.list_drives:
if is_admin:
mysmb.list_drives(host, args.share)
else:
mysmb.kill_loader()
Using only the -H
option or with -R
or -r
worked as expected.
I think it would be nice to add an error message when is_admin
is false and add a note in the readme.
Let me know if you would be interested in a pull request.
I should probably make this more clear in the argparse help. -L lists the physical and connected network drives on a given host, which are different than the SMB shared resources being served. The -L argument also requires remote command execution, which implies admin access.
Added a bit more context to the -L arg in the help. Verified and validated that it works with NULL sessions. Added logic to indicate the type of session (Guest, Admin, Authenticated). I think we should be good. Log a new issue if this bug persists. Thanks!
smbmap -H 10.10.22.163 -L
[!] Authentication error on 10.10.22.163
smbmap -H 10.10.22.163 -r
[!] Authentication error on 10.10.22.163
smbmap -H 10.10.22.163 -R
[!] Authentication error on 10.10.22.163
smbclient //10.10.22.163/anonymous
Enter WORKGROUP\root's password:
<I leave blank>
Try "help" to get a list of possible commands.
smb: \>
This is actually an issue with Impaket based on what other users have experienced. Try updating Impacket, and let me know if that does the trick. There's a chance I may need to update the requirements.txt.
Regarding -L, this actually lists the network and physical local drives on the system you're interacting with, not the SMB shared resources. As such -L requires admin rights on the target host. SMBMap is just running a few commands via WMI execution, and parsing the output a bit.
Thanks for the bug report. Let me know if the Impacket update does the trick.
Cheers!
Your suggestion worked ;)
pip3 install --upgrade impacket
Then:
smbmap -H 10.10.100.118
[+] Guest session IP: 10.10.100.118:445 Name: 10.10.100.118
Disk Permissions Comment
---- ----------- -------
print$ NO ACCESS Printer Drivers
anonymous READ ONLY Skynet Anonymous Share
milesdyson NO ACCESS Miles Dyson Personal Share
IPC$ NO ACCESS IPC Service (skynet server (Samba, Ubuntu))
Thank you.
Awesome! I'm glad to hear that did the trick!
I'm afraid there's still an issue with null sessions. Executing just smbmap -H 12.34.56.78
gives me "Access Denied". However, executing smbmap -H 11.22.33.44 -u SomeRandomUsername
works. I have updated impacket to the latest version
Smbmap can't login with null sessions, i've tried
smbmap -u '' -p '' -H 192.168.6.10
, and without user and password (smbmap -H 192.168.6.10), since the docs say it should use null when username is not provided. On the same host and share usingsmbclient -L //192.168.6.10 -U '' -N
i'm able to see the share and login with null sessions. Please check the attached image:thanks for this great tool :)