Closed zeroSteiner closed 4 years ago
coveralls
commented
4 years ago Coverage increased (+0.002%) to 97.681% when pulling 2a61d9e628cf2262f68756f83df83fe5661ef0e8 on zeroSteiner:feat/times into c329891cc17a7ca362c27d0d1e1b2d140e3a0f15 on rapid7:master.
zeroSteiner
commented
4 years ago I added another value to store: server_guid which will allow SMB servers that have multiple NICs to be uniquely identified. Changes added in commit f726317c0de0d4003287683e16ac3477c7182767.
Output from WIP smb_version:
[*] 192.168.159.31:445 - SMB Detected (versions:1, 2) (preferred dialect:SMB 2.1) (signatures:optional) (uptime:3h 16m) (guid:{6e73395c-f006-4657-a132-b25e96ba2cfb})
[+] 192.168.159.31:445 - Host is running Windows 7 Professional SP1 (build:7601) (name:WIN-9NSI4A6AIHJ) (workgroup:WORKGROUP)
[*] Scanned 1 of 2 hosts (50% complete)
[*] 192.168.250.100:445 - SMB Detected (versions:1, 2) (preferred dialect:SMB 2.1) (signatures:optional) (uptime:3h 16m) (guid:{6e73395c-f006-4657-a132-b25e96ba2cfb})
[+] 192.168.250.100:445 - Host is running Windows 7 Professional SP1 (build:7601) (name:WIN-9NSI4A6AIHJ) (workgroup:WORKGROUP)
[*] Scanned 2 of 2 hosts (100% complete)
[*] Auxiliary module execution completedMoved to parse_negotiate_response in commit 2a61d9e. Thanks for the review!
cdelafuente-r7
commented
4 years ago I tested with the smb_version WIP module against multiple Windows versions and verified that uptime and server_guid information was reported each time.
This stores the server start and system times in the client object. This will be necessary for upcoming changes to Metasploit's
smb_versionmodule which will consolidate theauxilary/scanner/smb/smb2module. Thesmb2scanner module currently reports the amount of time the remote system has been booted, so to not lose this we'll need it in RubySMB.For testing you can inspect the object manually, or check out the
smb_versionWIP. If you choose to go with the later,uptimeshould be reported for any server that reports both the system and start times.