smb_fingerprint_windows_os() returns wrong XP service pack

[ghost]

I installed directly from RTM CD:

Windows XP - NT 5.1 (Build 2600.xpsp_sp2_rtm.040803-2158 : Service Pack 2).

In lib/msf/core/exploit/smb/client.rb there is smb_fingerprint_windows_sp(os), where if os is Windows XP it calls smb_create("\\SRVSVC"). There is a comment that says SRVSVC was blocked in SP2.

Well it appears not all of them (and probably not all configs). I don't have a better solution.

msf5 auxiliary(scanner/smb/smb_version) > exploit

[+] 192.168.1.120:445    - Host is running Windows XP SP0 / 1 (name:LEGOFZZPAE)
[*] 192.168.1.120:445    - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

[wvu]

https://github.com/rapid7/metasploit-framework/blob/5d927399c79b27bde2a23713c1befe6f3753c632/lib/msf/core/exploit/smb/client.rb#L385-L395

Hmm, tough call. I think it needs more research on SRVSVC or an auxiliary method of fingerprinting.

[github-actions[bot]]

Hi!

This issue has been left open with no activity for a while now.

We get a lot of issues, so we currently close issues after 60 days of inactivity. It’s been at least 30 days since the last update here. If we missed this issue or if you want to keep it open, please reply here. You can also add the label "not stale" to keep this issue open!

As a friendly reminder: the best way to see this issue, or any other, fixed is to open a Pull Request.