search

jfjallid / go-smb

A client library to interact with Windows RPC services such as MS-SRVS and MS-RRP.
MIT License
44 stars 9 forks source link

[enhancement] Adding SMBv1 support #16

Open p0dalirius opened 1 month ago

p0dalirius commented 1 month ago

Hi!

Thank you for this library.

Do you have any plans to implement SMBv1? That would be useful to be able to scan for hosts and detect which one still have ntlv1 enabled. like in CrackMapExec when you run cme smb 192.168.1.0/24 and see the banners.

Edit: To be extra precise, I was trying to write an example of GoLang code to be able to detect if SMBv1 is supported by the remote.


import (
    "github.com/jfjallid/go-smb/smb"
)

// ...

func main() {

options := smb.Options{
    Host:      "10.0.0.201",
    Port:      445,
    ForceSMB2: false,
    Initiator: &smb.NTLMInitiator{
        User:     "Administrator",
        Password: "Admin123!",
        Domain:   "LAB",
    },
}

// Connect to remote machine
session, err := smb.NewConnection(options)
if err != nil {
    return "error"
}
defer session.Close()

req, err := session.NewSMB1NegotiateReq()
if err != nil {
    if config.Debug {
        logger.Debug(fmt.Sprintf("session.NewSMB1NegotiateReq() raised error: %s", err))
    }
}

fmt.Print("req.Dialects:")
fmt.Println(req.Dialects)

fmt.Print("req.Header.Protocol:")
fmt.Println(req.Header.Protocol)

}

But my results are not useful, With only SMB2 enabled I get:

req.Dialects:[{2 SMB 2.100} {2 SMB 2.???}]
req.Header.Protocol:[255 83 77 66]

With SMBv1 enabled I get:

req.Dialects:[{2 SMB 2.100} {2 SMB 2.???}]
req.Header.Protocol:[255 83 77 66]

Do you know if this is possible given the current state of implementation or does it need to be implemented in your library? If so do you plan on implementing it?

Best regards,

jfjallid commented 1 month ago

I'm not planning on implementing support for SMB1 communication as it is a bit too much work for something I have no use for. But I would happily accept and review any pull requests towards that end.

I've implemented support for handling servers that only speak SMB1 to shutdown a bit more gracefully by performing multi-protocol negotiation. If all you are interested in is checking if SMB1 is supported I think that should be possible with perhaps some minor changes to the library to expose the result of that protocol negotiation.

However, I don't have access to any SMB1 servers currently like Windows Server 2003 to test any new code against so such a change will probably not be done by me anytime soon unless that changes.