kimocrossman1 / opendlp

Automatically exported from code.google.com/p/opendlp
0 stars 0 forks source link

Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr #28

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
today,I installed the a new VM based on OpenDLP 0.4.1, when i start scan, the 
/var/log/apace2/error.log report following info :

HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
HASH PASS: Substituting user supplied LM HASH...
HASH PASS: Substituting user supplied NTLM HASH...
Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr at 
/usr/local/lib/perl/5.10.1/Filesys/SmbClient.pm line 347.

I'm use SMBhash ,the hash value copy from website. assume i don't kown the 
target machine Administrator passwd, How can I scan the machine, thanks a lot.

Original issue reported on code.google.com by yjdwbj on 15 Aug 2011 at 11:58

GoogleCodeExporter commented 9 years ago
Hello,

From another windows system, can you execute the following command (from a 
"cmd.exe" command line):

net use \\1.2.3.4\C$ "password" /u:"domain\username"

Substitute the target machine's IP address for 1.2.3.4.

If this does not work, it means you cannot mount the root drive and OpenDLP 
will be unable to copy its files and use "winexe" to execute commands. You will 
have to modify a registry setting on the target system to get it working 
(http://www.howtogeek.com/howto/windows-vista/enable-mapping-to-hostnamec-share-
on-windows-vista/). The cause of this is usually because the system is not in a 
Windows domain environment and is just a standalone system.

Original comment by andrew.O...@gmail.com on 15 Aug 2011 at 1:49

GoogleCodeExporter commented 9 years ago
Hello,

I can execute the following command:

net use \\192.168.8.38\c$ "123456"  /u:"administrator"

the command completed successfully!

but the /var/log/apache2/error.log still repoart following errors:

Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr at 
/usr/local/lib/perl/5.10.1/Filesys/SmbClient.pm line 347.

Original comment by yjdwbj on 19 Aug 2011 at 2:28

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
I just released OpenDLP 0.4.3. Can you try this version to see if I fixed this 
bug?

Original comment by andrew.O...@gmail.com on 7 Jan 2012 at 10:43

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I am having the same issue as discussed here even with new 0.4.4 OpenDLP. I 
aslo tried different VirtualBox releases.

The error is "Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr at 
/usr/local/lib/perl/5.10.1/Filesys/SmbClient.pm line 347"

The following is my setup:

Host:  
  OS: XP SP3
  IP: 192.168.1.123
  VirtualBox : 4.0.12  also  4.1.8
  Firewall: Off
  Domain: None (WORKGROUP)

VM: 
  OpenDLP 0.4.4
  IP 192.168.1.107
  Firewall: off
  Ubuntu 11.04

Client/Victim:
  XP SP3
  Domain: None (WORKGROUP)

Verified the following:

- VM can ping to victim and host

- C:\Tools\opendlp_4016>net use * \\192.168.1.125\temp_opendlp "xxxxxxxxx" 
/u:"helpdesk"   
  Drive Y: is now connected to \\192.168.1.125\temp_opendlp.
  The command completed successfully.

- use "/" instead of "\" for directory path

Please see attached for Policy profile.

Should I try Linux for Host? Please advice.

Thank you in advance

Tom

Original comment by tomh...@gmail.com on 6 Mar 2012 at 1:40

Attachments:

GoogleCodeExporter commented 9 years ago
tomhoho: What happens when you try this "net use" command instead?

net use \\192.168.1.125\C$ "xxxxxxxxx" /u:"helpdesk"

Original comment by andrew.O...@gmail.com on 6 Mar 2012 at 2:06

GoogleCodeExporter commented 9 years ago
Hi Andrew,

-  Access is denied, When entered C$, even for account as "administrator"

   C:\Documents and Settings\Tom>net use X: \\192.168.1.125\c$ "xxxxxxxx" /u:helpdesk"
   System error 5 has occurred.
   Access is denied.

   C:\Documents and Settings\Tom>net use X: \\192.168.1.125\c$ "yyyyyyy" /u:"administrator"
   System error 5 has occurred.
   Access is denied.

-  It worked. When entered temp_opendlp, because it is a shared directory, with 
any bogus password.  I forgot I made that change and not mentioned it earlier, 
my apology.

   C:\Documents and Settings\Tom>net use X: \\192.168.1.125\temp_opendlp wwwwww   /u:"helpdesk"
   The command completed successfully.

-  Also failed, When entered non-shared directory 

   C:\Documents and Settings\Tom>net use * \\192.168.1.125\tools "xxxxxx" /u:"helpdesk"
   System error 53 has occurred.
   The network path was not found.

   C:\Documents and Settings\Tom>net use *  \\192.168.1.125\windows "xxxxxxxx" /u:"helpdesk"
   System error 53 has occurred.
   The network path was not found.

I have also unchecked "Use Simple File Sharing" as you described in FAQ.

Attached please find helpdesk properties, in case I missed something.

Many thanks

Tom

Original comment by tom...@ogilvy.com on 6 Mar 2012 at 8:49

Attachments:

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I just discovered this behavior does not happen in Windows 7. I am going to 
install OpenDLP tonight. I will keep you posted.

Thanks

Tom

Original comment by tomh...@gmail.com on 6 Mar 2012 at 9:19

GoogleCodeExporter commented 9 years ago
Hi Andrew,

I can now deploy the scan. Thank You! My setup is Windows 7, both OpenDLP and 
"victim" are in the same Domain. However ... the scan has been running for 1/2 
hour, when I became impatient, and ran it again with the same Scan Name, it 
prompted to give unique name. It seems it is still running. Under Task Manager 
of "victim", I didn't see sc.exe was running, what is the Task Name or services 
should I look for?

Here was the reply from Submission Screen

10.29.28.10: Trying to deploy (0 systems remain in queue)
10.29.28.10: OpenDLP deployed and started

Thanks again

Tom 

Original comment by tomh...@gmail.com on 7 Mar 2012 at 1:13

GoogleCodeExporter commented 9 years ago
Hi Andrew.

It was my mistake, silly me. VM IP has changed (DHCP), once I corrected. I saw 
the report.

Thank you very very much!

Tom

Original comment by tomh...@gmail.com on 7 Mar 2012 at 2:27

GoogleCodeExporter commented 9 years ago
In reply to comment 10, the service is OpenDLP.exe.

Original comment by andrew.O...@gmail.com on 7 Mar 2012 at 2:38

GoogleCodeExporter commented 9 years ago
We are experiencing the same issue on 0.4.4

"Filesys::SmbClient::_write: fd is not of type SMBCFILEPtr at 
/usr/lib/perl5/Filesys/SmbClient.pm line 347., referer: 
http://192.168.1.2/OpenDLP/startscan.html"

net use works after changing registry setting on target as mentioned in Comment 
1:
"C:\Users\Me>net use \\10.0.0.54\C$ "*******" /u:"user"
The command completed successfully."

Original comment by erin.ing...@arxcorp.com on 3 Apr 2012 at 11:27

GoogleCodeExporter commented 9 years ago
I'm also getting the same error.  However, I'm trying to do the agent, not 
Windows share.  I've tried this on both a XP SP3 computer non-domain and a win7 
domain computer with the same results.  The files never download to the client 
machine

Original comment by alphawe...@gmail.com on 5 Jun 2012 at 8:36

GoogleCodeExporter commented 9 years ago
I've encountered this same error message when trying to connect to Windows 
hosts that require NTLMv2 with the Filesys::SmbClient library that is used 
within OpenDLP.

As of right now, it does not appear that OpenDLP supports scanning targets that 
required NTLMv2.

To check if your targets require NLTMv2, do the following:*
1. Go to Local Security Policy
2. Select "Local Policies"
3. Select "Security Options"
4. View the setting for "Network security: LAN Manager authentication level"

If that setting is set to "Send NTLMv2 response only.  Refuse LM & NTLM" that 
could be the source of your problem.

If possible, consider temporarily changing that to a lower setting while you 
perform the OpenDLP scans and then changing it back.

*Hosts on an AD domain may have this policy enforce via Group Policy, so you 
would need to check there instead.

Original comment by burnfrom...@gmail.com on 4 Apr 2013 at 6:12