gwillcox-r7
commented
2 years ago Alright so looks like this is working. For reference since no code uses this currently this is what I used to test it out. This is just a copy of the examples\file_server.rb code however I added in a thread_factory variable that mimicks the expected behavior, but also prints out the recieved client_server's details r.e the connecting clients host and port number they are connecting from.
Here is the code looks:
Code snippet
``` #!/usr/bin/ruby require 'bundler/setup' require 'optparse' require 'ruby_smb' require 'ruby_smb/gss/provider/ntlm' # we just need *a* default encoding to handle the strings from the NTLM messages Encoding.default_internal = 'UTF-8' if Encoding.default_internal.nil? options = { allow_anonymous: true, domain: nil, username: 'RubySMB', password: 'password', share_name: 'home', share_path: '.', smbv1: true, smbv2: true, smbv3: true } OptionParser.new do |opts| opts.banner = "Usage: #{File.basename(__FILE__)} [options]" opts.on("--path PATH", "The path to share (default: #{options[:share_path]})") do |path| options[:share_path] = path end opts.on("--share SHARE", "The share name (default: #{options[:share_name]})") do |share| options[:share_name] = share end opts.on("--[no-]anonymous", "Allow anonymous access (default: #{options[:allow_anonymous]})") do |allow_anonymous| options[:allow_anonymous] = allow_anonymous end opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1| options[:smbv1] = smbv1 end opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2| options[:smbv2] = smbv2 end opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3| options[:smbv3] = smbv3 end opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username| if username.include?('\\') options[:domain], options[:username] = username.split('\\', 2) else options[:username] = username end end opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password| options[:password] = password end end.parse! ntlm_provider = RubySMB::Gss::Provider::NTLM.new(allow_anonymous: options[:allow_anonymous]) ntlm_provider.put_account(options[:username], options[:password], domain: options[:domain]) # password can also be an NTLM hash thread_factory = Proc.new do |server_client, &block| peer_host = ::Socket::unpack_sockaddr_in(server_client.getpeername)[1] peer_port = ::Socket::unpack_sockaddr_in(server_client.getpeername)[0] print "Accepting new connection from #{peer_host}:#{peer_port}\r\n" Thread.new(&block) end server = RubySMB::Server.new( gss_provider: ntlm_provider, logger: :stdout, thread_factory: thread_factory ) server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1] server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2] server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3] if server.dialects.empty? puts "at least one version must be enabled" exit false end server.add_share(RubySMB::Server::Share::Provider::Disk.new(options[:share_name], options[:share_path])) puts "server is running" server.run do puts "received connection" true end ```And here is the resulting output from my tests:
SMB Server Output Showing Client Connection Details and Successful Connection Still
``` ~/git/ruby_smb/examples │ land-pr216:pr/216 !1 sudo ruby file_server.rb --path /var/public --share public --username TESTINGDOMAIN\\normal --password normal1 D, [2022-04-22T17:41:12.175342 #78324] DEBUG -- : Adding disk share: public server is running Accepting new connection from 172.23.126.176:51746 received connection I, [2022-04-22T17:41:26.637925 #78324] INFO -- : Negotiated dialect: SMB v3.1.1 D, [2022-04-22T17:41:26.640340 #78324] DEBUG -- : Dispatching request to do_session_setup_smb2 (session: nil) D, [2022-04-22T17:41:26.644660 #78324] DEBUG -- : Dispatching request to do_session_setup_smb2 (session: #And finally we can see this worked successfully on the Windows 11 target:
This adds support to the RubySMB server to use a custom thread factory. This allows Metasploit to use its preferred
Rex::ThreadFactorymethod to allow framework users to identify and kill threads as desired. The thread factory block is passed theServerClientinstance. At this point, it's not set up yet, but it does expose the connection information.Testing is probably most easily done with PR 16481 from Metasploit Framework. The example server should continue to work as intended. See https://github.com/rapid7/metasploit-framework/pull/16481#discussion_r854657538 for context.