Smbmap fail to enumerate shares and permissions with anonymous login

[0xfalafel]

Hello,

I have noticed that smbmap fail to enumerate shares with anonymous login recently. I am using the Active machine from hackthebox in this example with the latest version of smbmap.

Smbclient.py from impacket and smbclient can successfully show the shares.

root@kali:/opt/tools/smbmap# git log
commit b36dc82796e89b0c52ee819fbf4467987c6fdb6d (grafted, HEAD -> master, origin/master, origin/HEAD)
Author: Shawn Evans <shawnevans@pop-os.localdomain>
Date:   Mon May 4 13:27:51 2020 -0400

    Improved NULL sesssion negotiation...I think

```bash
root@kali:/opt/tools/smbmap# python3 ./smbmap.py -H 10.10.10.100
[!] Authentication error on 10.10.10.100

root@kali:/opt/tools/smbmap# /usr/share/doc/python3-impacket/examples/smbclient.py 10.10.10.100
Impacket v0.9.20 - Copyright 2019 SecureAuth Corporation

Type help for list of commands
# shares
ADMIN$
C$
IPC$
NETLOGON
Replication
SYSVOL
Users
# 

Best regards and thanks a lot for this very useful tool.

[ShawnDEvans]

Been chasing this one for a minute here. Thanks for letting me know, i'll look into it!

[ShawnDEvans]

Pushed a change, i'm shooting in the dark here. Clone the latest, take it for a test drive, and let me know if you're cruising. Fingers crossed. Thanks!

[stevcoll]

Having the same issue here with "Authentication error". I have attached some plain-text network captures of smbmap and smbclient running against the 10.10.10.100 target, as seen below. Not sure if that will be helpful. Let me know if you need any more info. Thanks for the great tool!

smbclient.txt smbmap.txt

Commit: 05c0d12c6665f952d25025a1c97aca62c473eeb7 

root@kali:~/smbmap# python3 smbmap.py -H 10.10.10.100
[!] Authentication error on 10.10.10.100

root@kali:~/smbmap# smbclient -L //10.10.10.100
Enter WORKGROUP\root's password:
Anonymous login successful

        Sharename       Type      Comment
        ---------       ----      -------
        ADMIN$          Disk      Remote Admin
        C$              Disk      Default share
        IPC$            IPC       Remote IPC
        NETLOGON        Disk      Logon server share
        Replication     Disk
        SYSVOL          Disk      Logon server share
        Users           Disk
SMB1 disabled -- no workgroup available

[ShawnDEvans]

Try different combos of "NULL" . Space as username and password, zero length string, some some combination of these things. I can't seem to find a solution that is universal. I'm trying to find a more satisfactory answer, but I lack enough VMs to exhaustively test all Windows versions.

[stevcoll]

I found another closed issue saying it was impacket. This fixed the problem:

git clone https://github.com/SecureAuthCorp/impacket
cd impacket
pip3 install .

---

root@kali:~# smbmap -H 10.10.10.100
[+] IP: 10.10.10.100:445        Name: active.htb
        Disk                                                    Permissions     Comment
        ----                                                    -----------     -------
        ADMIN$                                                  NO ACCESS       Remote Admin
        C$                                                      NO ACCESS       Default share
        IPC$                                                    NO ACCESS       Remote IPC
        NETLOGON                                                NO ACCESS       Logon server share
        Replication                                             READ ONLY
        SYSVOL                                                  NO ACCESS       Logon server share
        Users                                                   NO ACCESS

[ShawnDEvans]

Good to know!! Thanks! Trying to get this working on all Windows versions was a challenge. Every time I fixed it for one situation, it would seemingly break another. Super frustrating! Really hoping an Impacket update clears it up for good.

[Lednerb]

@stevcoll Had the same error and can confirm that updating impacket fixed this problem!

[ShawnDEvans]

Awesome, thanks for the positive feedback!! Seems like updating Impacket is a solid solution.