Right now RubySMB assumes that the loaded version of OpenSSL provides all of the used encryption algorithms. It will proceed with negotiation ignoring what algorithms it can actually use.
RubySMB should be updated to provide a subset of encryption algorithms based on what OpenSSL is capable of providing. We should likely throw an exception if encryption is explicitly required but OpenSSL offers no usable algorithms. Once this issue is addressed, we'll also want to make sure that Metasploit's smb_version module continues to enumerate all possible algorithms regardless of what OpenSSL offers since that process doesn't require any of them to actually be used.
Originally reported as an error manifesting itself by way of a psexec failure.
msf6 exploit(windows/smb/psexec) > run
[*] 192.168.222.151:445 - Connecting to the server...
[*] 192.168.222.151:445 - Authenticating to 192.168.222.151:445 as user 'vagrant'...
[-] 192.168.222.151:445 - Exploit failed: RuntimeError unsupported cipher algorithm (AES-128-GCM)
[*] Exploit completed, but no session was created.
Right now RubySMB assumes that the loaded version of OpenSSL provides all of the used encryption algorithms. It will proceed with negotiation ignoring what algorithms it can actually use.
RubySMB should be updated to provide a subset of encryption algorithms based on what OpenSSL is capable of providing. We should likely throw an exception if encryption is explicitly required but OpenSSL offers no usable algorithms. Once this issue is addressed, we'll also want to make sure that Metasploit's smb_version module continues to enumerate all possible algorithms regardless of what OpenSSL offers since that process doesn't require any of them to actually be used.
Originally reported as an error manifesting itself by way of a psexec failure.