SMB error : STATUS_USER_SESSION_DELETED

[BastienFaure]

Hello,

I'm having some trouble when using the tool. It worked some days ago, I was able to list shares. But after that success I did not managed to get I working. I get the following error :

python crackmapexec.py IP.AD.DR.ES -u user -d DOMAIN -p password --shares
99-99-1999 99:99:99 [*] IP.AD.DR.ES:445 is running **************** (name:*********) (domain:DOMAIN)
99-99-1999 99:99:99 [-] IP.AD.DR.ES:445 DOMAIN\user:password SMB SessionError: STATUS_USER_SESSION_DELETED(The remote user session has been deleted.)

But it is working with smbclient :

smbclient -W DOMAIN -U user -L IP.AD.DR.ES
Enter user's password: 
Domain=[DOMAIN] OS=[*********************] Server=[**********************]

    Sharename       Type      Comment
    ---------       ----      -------
    ADMIN$          Disk      ********************
    C$              Disk      *************************
    IPC$            IPC       ********************
Connection to IP.AD.DR.ES failed (Error NT_STATUS_RESOURCE_NAME_NOT_FOUND)
NetBIOS over TCP disabled -- no workgroup available

Could such issue be generated by a special group policy or an antivirus ?

Thanks anyway for this amazing tool dude :D

[byt3bl33d3r]

Sorry for the late response, this could be related to #36, although the error is slightly different, I've tried reproducing this with no success, could you give me some info about the OS you're targeting? It shouldn't have anything to do with the AV.

Thanks!

[BastienFaure]

No problem :D if I'm correct it was a Windows 7 professional on x86 architecture. I'm often dealing with strange SMB tools behaviour and I'm pretty sure I cannot help you on this use case :/

Good luck man, and thanks

[byt3bl33d3r]

Closing since this commit https://github.com/CoreSecurity/impacket/commit/dc4606822e489e62d276bc3c928af31cd860f4a0 seems to resolve this issue