STATUS_OBJECT_NAME_NOT_FOUND when opening cyrillic files with smb1

[apavlyut]

HI, i've got issue opening cyrillic files in smb share with this example https://github.com/rapid7/ruby_smb/blob/master/examples/read_file.rb

When filename is: 'Мой файл.md' in root of my share - i see error STATUS_OBJECT_NAME_NOT_FOUND

When filename is 'My File.md' - it works perfect.

Any ideas how to deal with it?

[cdelafuente-r7]

Hi @apavlyut, thanks for reporting this. I was not able to reproduce the issue when targeting a Windows 10 version 1909. I can read a file named Мой файл.txt without error. Please, can you provide more detail? The exact command you ran and the output error. Also, a packet capture (.pcap) would be the best to understand what's going on. This can be sent to the Metasploit email: msfdev [@] metasploit.com

[adfoster-r7]

@cdelafuente-r7 We've been taking a look at replicating similar issues on the framework side. Our latest thoughts are that the target machine is in a different language, and potentially the target is running an older OS too. That information may or may not be related, but we'll find out tomorrow or so 😄

[adfoster-r7]

Although a pcap would definitely help this issue progress further, regardless of our tangential ascii/utf-8 issues for framework itself 💯

[cgranleese-r7]

@cdelafuente-r7 I spent some time looking into this for another ticket with ascii/utf-8 issues. So on master if you encode 的.txt, you get no errors:

I got a Windows 8 VM set up (the target is running an older version of windows than windows 10) and tried this same test with language packs and could not replicate the issue, this made me think language packs must just be bolted-on, rather than actual altering the system. However, if you changed the region setting (I followed this guide) to Chinese and then try to encode the same string as above within irb, you get this output:

So this lead me to believe changing the region setting may help in replicating these errors.

I tried to then use https://github.com/rapid7/ruby_smb/blob/master/examples/read_file.rb to replicate this issue but couldn't seem to get the same output as @apavlyut when testing it against a file created on my VM when using the Chinese/Russian region setting.

So this is my share folder on my VM:

This is what I get when I run it against each file:

jim.txt

вцуккецы.txt

畈.txt

I'm not too familiar with smb, so I may be doing something wrong.

Let me know if you have any questions and I can try my best to help out.

[cdelafuente-r7]

Thanks for looking into this @cgranleese-r7 ! I might missing something but I changed the language setting to Russian on a Windows 10 test host and could not reproduce the error:

❯ ruby examples/read_file.rb 192.168.2.5 <redacted> <redacted> share_test "Мой файл.txt"
SMB3 : (0x00000000) STATUS_SUCCESS: The operation completed successfully.
Connected to \\192.168.144.120\share_test successfully!
foooooo

Also, I couldn't find the smb_file_read.rb script you are using in these screenshots. Is it just a wrapper around examples/read_file.rb?

That said, the stack trace suggests that the server RST the connection, which might be related to SMBv3 encryption support. This is a known issue with Windows 8. Can you try to disable encryption? or using SMBv2 instead?

• Disable encryption: set always_encrypt to false when instantiating the RubySMB client.
• Force SMBv2: set smb1 and smb3 to false when instantiating the RubySMB client or just pass 2 as the last argument when using examples/read_file.rb (e.g. ruby examples/read_file.rb 192.168.2.5 <redacted> <redacted> share_test "Мой файл.txt" 2).

[adfoster-r7]

I think the target is running an older version of windows than windows 10, probably worth adding those details too @cgranleese-r7 :+1:

[cgranleese-r7]

Also, I couldn't find the smb_file_read.rb script you are using in these screenshots. Is it just a wrapper around examples/read_file.rb?

@cdelafuente-r7 Oh, that was the examples/read_file.rb script, I just gave it that other filename when I was making the file via vim. Sorry about the confusion.

Ok, I'll take a look into trying it with SMBv2 like you suggested.

Thanks

[cgranleese-r7]

@cdelafuente-r7 So I looked into testing forcing SMBv2

ruby read_file.rb 192.168.215.190 Jim password Share 抽.txt 2

I tested this on the Windows 8 VM first and forcing SMBv2 removed the RubySMB::Error::EncryptionError, however I was still getting back the other two errors: RubySMB::Error::CommunicationError Errno::ECONNRESET

@adfoster-r7 and I looked into this and we realised when testing that I was getting these errors above due to the files not having any contents. When I added some text to those files, the command ran successfully.

Empty File

File with contents

I then tested this on a Windows 10 VM to see if the functionality was the same. The Windows 10 VM functioned the exact same, worked fine when the file had contents, same to errors if the file was empty.

Opened a separate issue, just thought I'd call this out incase anyone else runs into it 👍

[apavlyut]

Guys, thanks for investigating.

We are switched to sftp. I think there was a smb server issue, server is not in my scope, so i can't get any details about connection from server side setup.

Another case - i've just start docker container with https://hub.docker.com/r/dperson/samba and it's works, but switching to sftp stopped me from investigating more on this issue.

Thanks!

[cdelafuente-r7]

Thanks for the update @apavlyut. I'm closing this issue since we could not reproduce it.