Give likely Windows versions for SMB v2-3

[smashery]

This addresses #17402 - listing OS information when the target doesn't support SMBv1.

There is information in the NTLM negotiation (os_version) that can be used to fingerprint this. On Windows this works well; on Samba servers, it's not entirely clear to me what it's supposed to be presenting (e.g. my Samba 4.6.2 on Ubuntu 20.04 reported a version of 6.1.0).

The approach I took was to look at our list of known Windows versions, and if we get an exact match, report it as Windows, with a meaningful name. If we can't match it as a Windows version, rather than saying that it's Windows, just report the version listed.

Verification

List the steps needed to make sure this thing works

• [ ] Start msfconsole
• [ ] use exploit/windows/smb/ms08_067_netapi
• [ ] ...
• [ ] Verify the thing does what it should
• [ ] Verify the thing does not do what it should not
• [ ] Document the thing and how it works (Example)

Demo

Server 2022:

msf6 auxiliary(scanner/smb/smb_version) > run rhost=4.237.57.48
[*] 4.237.57.48:445       - SMB Detected (versions:2, 3) (preferred dialect:SMB 3.1.1) (compression capabilities:LZNT1, Pattern_V1) (encryption capabilities:AES-256-GCM) (signatures:required) (guid:{0a6d1a52-f418-408e-a82d-ee5b034b4c0a}) (authentication domain:MSF)
[+] 4.237.57.48:445       -   Host is running Version 10.0.20348 (likely Windows Server 2022)
[*] 4.237.57.48:          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Samba:

msf6 auxiliary(scanner/smb/smb_version) > run rhost=127.0.0.1

[*] 127.0.0.1:445         - SMB Detected (versions:2, 3) (preferred dialect:SMB 3.1.1) (compression capabilities:) (encryption capabilities:AES-128-GCM) (signatures:optional) (guid:{6466736d-7665-6275-756e-747500000000}) (authentication domain:MSFDEVUBUNTU)
[+] 127.0.0.1:445         -   Host is running Version 6.1.0 (unknown OS)
[*] 127.0.0.1:            - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Win 2008 SP2:

msf6 auxiliary(scanner/smb/smb_version) > run rhost=192.168.20.99
[*] 192.168.20.99:445     - SMB Detected (versions:1, 2) (preferred dialect:SMB 2.0.2) (signatures:required) (uptime:3d 7h 0m 9s) (guid:{c8a8499c-1874-4b6d-8e74-47d71c95eb2f}) (authentication domain:POD7)
[+] 192.168.20.99:445     -   Host is running Windows 2008  Standard  SP2  (build:6002)
[*] 192.168.20.99:        - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

Windows 10:

msf6 auxiliary(scanner/smb/smb_version) > run rhost=192.168.20.214

[*] 192.168.20.214:445    - SMB Detected (versions:2, 3) (preferred dialect:SMB 3.1.1) (compression capabilities:LZNT1) (encryption capabilities:AES-128-GCM) (signatures:optional) (guid:{74e94c29-e27d-48bb-8346-9953cfb83999}) (authentication domain:WIN10BASE)
[+] 192.168.20.214:445    -   Host is running Version 10.0.19041 (likely Windows 10 version 2004)
[*] 192.168.20.214:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed