Cannot connect to my NVIDIA SHIELD shared folder

[l1l0l]

Client Configuration

impacket version: 0.9.21.dev0 Python version: 3.7.5 Target OS: MacOS MOJAVE 10.14.5

SMB SERVER

The native SMB Server of Nvidia Shield

Context

I want to connect to my NVIDIA SHILED shared folder, which is accessible from all my other machines MacOS 10.14.5, Raspberry..

Code :

from impacket.smbconnection import SMBConnection
conn = SMBConnection('Shield', '192.168.0.10', preferredDialect=smb.SMB_DIALECT)
conn.login('anass.raissouni', 'password' )

Output:

---------------------------------------------------------------------------
ValueError                                Traceback (most recent call last)
<ipython-input-119-16ec58e71142> in <module>()
      1 conn = SMBConnection('Shield', '192.168.0.10')
      2 
----> 3 conn.login('anass.raissouni', 'password' )

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/smbconnection.py in login(self, user, password, domain, lmhash, nthash, ntlmFallback)
    267         try:
    268             if self.getDialect() == smb.SMB_DIALECT:
--> 269                 return self._SMBConnection.login(user, password, domain, lmhash, nthash, ntlmFallback)
    270             else:
    271                 return self._SMBConnection.login(user, password, domain, lmhash, nthash)

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/smb.py in login(self, user, password, domain, lmhash, nthash, ntlm_fallback)
   3421         if self._dialects_parameters['Capabilities'] & SMB.CAP_EXTENDED_SECURITY:
   3422             try:
-> 3423                 self.login_extended(user, password, domain, lmhash, nthash, use_ntlmv2 = True)
   3424             except:
   3425                 # If the target OS is Windows 5.0 or Samba, let's try using NTLMv1

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/smb.py in login_extended(self, user, password, domain, lmhash, nthash, use_ntlmv2)
   3285             sessionData       = SMBSessionSetupAndX_Extended_Response_Data(flags = smb['Flags2'])
   3286             sessionData['SecurityBlobLength'] = sessionParameters['SecurityBlobLength']
-> 3287             sessionData.fromString(sessionResponse['Data'])
   3288             respToken = SPNEGO_NegTokenResp(sessionData['SecurityBlob'])
   3289 

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/structure.py in fromString(self, data)
    140             if self.debug:
    141                 print("fromString( %s | %s | %r )" % (field[0], field[1], data))
--> 142             size = self.calcUnpackSize(field[1], data, field[0])
    143             if self.debug:
    144                 print("  size = %d" % size)

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/structure.py in calcUnpackSize(self, format, data, field)
    486         two = format.split('=')
    487         if len(two) >= 2:
--> 488             return self.calcUnpackSize(two[0], data)
    489 
    490         # length specifier

/anaconda3/envs/factory/lib/python3.5/site-packages/impacket/structure.py in calcUnpackSize(self, format, data, field)
    522         # asciiz specifier
    523         if format[:1] == 'u':
--> 524             l = data.index(b('\x00\x00'))
    525             return l + (l & 1 and 3 or 2)
    526 

ValueError: substring not found

Additional context

I tried unsuccessfully without prefferedDialect and with the other dialects which I import like this:

from impacket import smb
from impacket.smb3structs import SMB2_DIALECT_002, SMB2_DIALECT_21, SMB2_DIALECT_30

[asolino]

Hey @l1l0l

I have never tested the library against the macOS SMB Server. There's definitely something not working there. A PCAP traffic would be appreciated, in case it is a minor stuff.

[l1l0l]

Hey @asolino

I must have expressed myself badly. It's the native SMB Server of my Nvidia Shield. Please find attached:

• Host Annoucement of the concerned SMB Server Host Annoucement.txt

• PCAP of Session Setup AndX Request and Session Setup AndX Response related to the login command: Request.txt Response.txt

Best regards,