[Feature request] null session test and support

[dogasantos]

Hey there! First and foremost thank you for your work on this.

I'm trying to use your library to perform a few security checks including list all msrpc endpoints and find specific matches (antivirus present or not, for instance) while learning golang for more complex tasks.

The code works well when we have a valid credential (for msrpc available entries list task), however, it does not work if no user/pass provided:

{"level":"error","error":"init security context: security provider: ntlm: init: authenticate: compute encrypted random session key: crypto/rc4: invalid key size 0","message":"selected transport error"} bind: could not bind the selected transport: init security context: security provider: ntlm: init: authenticate: compute encrypted random session key: crypto/rc4: invalid key size 0

Any chance of support this scenario in the future? Thanks

[oiweiwei]

Hello, @dogasantos! Thanks for your interest and your input, what you see is a bug. As per Samba and microsoft documentation for null session 16-byte all-zeroes base session key must be used (which was missed by me).

[oiweiwei]

@dogasantos please let me know if fix https://github.com/oiweiwei/go-msrpc/commit/f7c76e4aec74a3948889d3e9065728b714b41613 addresses your issue. feel free to reopen the issue if not.

[dogasantos]

you're fast! Thank you!

[dogasantos]

It worked! Thank you!