vanhauser-thc
commented
7 months ago Thank you for your report. Can you send a pr with a fix? If not please provide the output I need to implement it
Open gatsu38 opened 7 months ago
vanhauser-thc
commented
7 months ago Thank you for your report. Can you send a pr with a fix? If not please provide the output I need to implement it
gatsu38
commented
7 months ago I am sorry I am not skilled enough to fix this. I am not sure what you mean with "output" other than the one I already posted.
DaddyBigFish
commented
3 months ago if you have a blank line in a password file, hysdra assumes blank is success, and doesn't continue looking for real passwords, so just false positive is "", remove the "" line from the password file and it finds as it should... still a bug and would be best fixes
Using smb2 Hydra successfully discerns between valid and non valid passwords, with the exception of blank ones, in the latter always returns a false positive, even for non existing accounts. A different SPNEGO message is shown if using hydra or smbclient, which authenticates correctly. Furthermore the
-e nswitch has a bug on it's own.smbclient -L 192.168.47.1 -U "John%" -d7
INFO: Current debug levels: all: 7 tdb: 7 printdrivers: 7 lanman: 7 smb: 7 rpc_parse: 7 rpc_srv: 7 rpc_cli: 7 passdb: 7 sam: 7 auth: 7 winbind: 7 vfs: 7 idmap: 7 quota: 7 acls: 7 locking: 7 msdfs: 7 dmapi: 7 registry: 7 scavenger: 7 dns: 7 ldb: 7 tevent: 7 auth_audit: 7 auth_json_audit: 7 kerberos: 7 drs_repl: 7 smb2: 7 smb2_credits: 7 dsdb_audit: 7 dsdb_json_audit: 7 dsdb_password_audit: 7 dsdb_password_json_audit: 7 dsdb_transaction_audit: 7 dsdb_transaction_json_audit: 7 dsdb_group_audit: 7 dsdb_group_json_audit: 7 lp_load_ex: refreshing parameters Initialising global parameters rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384) INFO: Current debug levels: all: 7 tdb: 7 printdrivers: 7 lanman: 7 smb: 7 rpc_parse: 7 rpc_srv: 7 rpc_cli: 7 passdb: 7 sam: 7 auth: 7 winbind: 7 vfs: 7 idmap: 7 quota: 7 acls: 7 locking: 7 msdfs: 7 dmapi: 7 registry: 7 scavenger: 7 dns: 7 ldb: 7 tevent: 7 auth_audit: 7 auth_json_audit: 7 kerberos: 7 drs_repl: 7 smb2: 7 smb2_credits: 7 dsdb_audit: 7 dsdb_json_audit: 7 dsdb_password_audit: 7 dsdb_password_json_audit: 7 dsdb_transaction_audit: 7 dsdb_transaction_json_audit: 7 dsdb_group_audit: 7 dsdb_group_json_audit: 7 Processing section "[global]" doing parameter workgroup = WORKGROUP doing parameter server string = %h server (Samba, Ubuntu) doing parameter log file = /var/log/samba/log.%m doing parameter max log size = 1000 doing parameter logging = file doing parameter panic action = /usr/share/samba/panic-action %d doing parameter server role = standalone server doing parameter obey pam restrictions = yes doing parameter unix password sync = yes doing parameter passwd program = /usr/bin/passwd %u doing parameter passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* . doing parameter pam password change = yes doing parameter map to guest = bad user doing parameter usershare allow guests = yes pm_process() returned Yes lp_servicenumber: couldn't find homes added interface ens33 ip=192.168.47.133 bcast=192.168.47.255 netmask=255.255.255.0 Client started (version 4.15.13-Ubuntu). Connecting to 192.168.47.1 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 session request ok negotiated dialect[SMB3_11] against server[192.168.47.1] cli_session_setup_spnego_send: Connect to 192.168.47.1 as John@WORKGROUP using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism gse_krb5 Cannot do GSE to an IP address Failed to start GENSEC client mech gse_krb5: NT_STATUS_INVALID_PARAMETER Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62088215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH SPNEGO login failed: Indicates a referenced user name and authentication information are valid, but some user account restriction has prevented successful authentication (such as time-of-day restrictions). session setup failed: NT_STATUS_ACCOUNT_RESTRICTIONPlease note that the account restriction error does confirm the validity of the credential but doesn't allow access to the shares due to other windows restrictions
hydra -vvv -d -l John -p "" 192.168.47.1 -m workgroup:{WORKGROUP} smb2
Hydra v9.6dev (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). [DEBUG] Output color flag is 1 Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-02-24 11:47:18 [DEBUG] cmdline: ./hydra -vvv -d -l John -p -m workgroup:{WORKGROUP} 192.168.47.1 smb2 [DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task [DATA] attacking smb2://192.168.47.1:445/workgroup:{WORKGROUP} [VERBOSE] Resolving addresses ... [DEBUG] resolving 192.168.47.1 [VERBOSE] resolving done [VERBOSE] Set workgroup to: WORKGROUP [DEBUG] Code: attack Time: 1708742838 [DEBUG] Options: mode 0 ssl 0 restore 0 showAttempt 0 tasks 1 max_use 1 tnp 0 tpsal 0 tprl 0 exit_found 0 miscptr workgroup:{WORKGROUP service smb2 [DEBUG] Brains: active 0 targets 1 finished 0 todo_all 1 todo 1 sent 0 found 0 countlogin 1 sizelogin 5 countpass 1 sizepass 1 [DEBUG] Target 0 - target 192.168.47.1 ip 192.168.47.1 login_no 0 pass_no 0 sent 0 pass_state 0 redo_state 0 (0 redos) use_count 0 failed 0 done 0 fail_count 0 login_ptr John pass_ptr [DEBUG] Task 0 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null) [DEBUG] Tasks 1 inactive 0 active [DEBUG] child 0 got target 0 selected [DEBUG] child 0 spawned for target 0 with pid 5900 [DEBUG] head_no 0 has pid 5900 [DEBUG] head_no[0] read n [DEBUG] send_next_pair_init target 0, head 0, redo 0, redo_state 0, pass_state 0. loop_mode 0, curlogin (null), curpass (null), tlogin John, tpass , logincnt 0/1, passcnt 0/1, loop_cnt 1 [DEBUG] send_next_pair_mid done 1, pass_state 0, clogin John, cpass , tlogin -p, tpass , redo 0 [ATTEMPT] target 192.168.47.1 - login "John" - pass "" - 1 of 1 [child 0] (0/0) INFO: Current debug levels: all: 7 tdb: 7 printdrivers: 7 lanman: 7 smb: 7 rpc_parse: 7 rpc_srv: 7 rpc_cli: 7 passdb: 7 sam: 7 auth: 7 winbind: 7 vfs: 7 idmap: 7 quota: 7 acls: 7 locking: 7 msdfs: 7 dmapi: 7 registry: 7 scavenger: 7 dns: 7 ldb: 7 tevent: 7 auth_audit: 7 auth_json_audit: 7 kerberos: 7 drs_repl: 7 smb2: 7 smb2_credits: 7 dsdb_audit: 7 dsdb_json_audit: 7 dsdb_password_audit: 7 dsdb_password_json_audit: 7 dsdb_transaction_audit: 7 dsdb_transaction_json_audit: 7 dsdb_group_audit: 7 dsdb_group_json_audit: 7 Using netbios name MASTERING-VIRTUAL-MACHINE. Using workgroup WORKGROUP. [INFO] Connecting to: smb://192.168.47.1/IPC$ with WORKGROUP\John% parsed path: fname='smb://192.168.47.1/IPC$' server='192.168.47.1' share='IPC$' path='' options='' SMBC_check_options(): server='192.168.47.1' share='IPC$' path='' options='' SMBC_server: server_n=[192.168.47.1] server=[192.168.47.1] -> server_n=[192.168.47.1] server=[192.168.47.1] Connecting to 192.168.47.1 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 cli_session_setup_spnego_send: Connect to 192.168.47.1 as John@WORKGROUP using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH gensec_update_done: ntlmssp[0x55ae039e8490]: NT_STATUS_WRONG_CREDENTIAL_HANDLE gensec_spnego_client_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_CREDENTIAL_HANDLE gensec_update_done: spnego[0x55ae039e3a20]: NT_STATUS_WRONG_CREDENTIAL_HANDLE SPNEGO login failed: The supplied credential handle does not match the credential that is associated with the security context. cli_session_setup_spnego_send: Connect to 192.168.47.1 as (null) using SPNEGO Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - using NTLM1 SPNEGO login failed: {Access Denied} A process has requested access to an object but has not been granted those access rights. Performing aggressive shutdown. Context 0x55ae039d2800 successfully freed Freeing parametrics: [DEBUG] head_no[0] read F [445][smb2] host: 192.168.47.1 login: John [DEBUG] head_no[0] read n [STATUS] attack finished for 192.168.47.1 (waiting for children to complete tests) [DEBUG] head_no 0, kill 1, fail 0 [DEBUG] all targets done and all heads finished [DEBUG] while loop left with 1 1 of 1 target successfully completed, 1 valid password found [DEBUG] killing all remaining children now that might be stuck Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-02-24 11:47:18If instead of the
-p ""we use-e nswitch:hydra -vvv -d -l John -e n 192.168.47.1 -m workgroup:{WORKGROUP} smb2
Hydra v9.6dev (c) 2023 by van Hauser/THC & David Maciejak - Please do not use in military or secret service organizations, or for illegal purposes (this is non-binding, these *** ignore laws and ethics anyway). [DEBUG] Output color flag is 1 Hydra (https://github.com/vanhauser-thc/thc-hydra) starting at 2024-02-24 11:46:15 [DEBUG] cmdline: ./hydra -vvv -d -l John -e n -m workgroup:{WORKGROUP} 192.168.47.1 smb2 [DATA] max 1 task per 1 server, overall 1 task, 1 login try (l:1/p:1), ~1 try per task [DATA] attacking smb2://192.168.47.1:445/workgroup:{WORKGROUP} [VERBOSE] Resolving addresses ... [DEBUG] resolving 192.168.47.1 [VERBOSE] resolving done [VERBOSE] Set workgroup to: WORKGROUP [DEBUG] Code: attack Time: 1708742775 [DEBUG] Options: mode 16 ssl 0 restore 0 showAttempt 0 tasks 1 max_use 1 tnp 1 tpsal 0 tprl 0 exit_found 0 miscptr workgroup:{WORKGROUP service smb2 [DEBUG] Brains: active 0 targets 1 finished 0 todo_all 1 todo 1 sent 0 found 0 countlogin 1 sizelogin 5 countpass 1 sizepass 1 [DEBUG] Target 0 - target 192.168.47.1 ip 192.168.47.1 login_no 0 pass_no 0 sent 0 pass_state 0 redo_state 0 (0 redos) use_count 0 failed 0 done 0 fail_count 0 login_ptr John pass_ptr [DEBUG] Task 0 - pid 0 active 0 redo 0 current_login_ptr (null) current_pass_ptr (null) [DEBUG] Tasks 1 inactive 0 active [DEBUG] child 0 got target 0 selected [DEBUG] child 0 spawned for target 0 with pid 5781 [DEBUG] head_no 0 has pid 5781 [DEBUG] head_no[0] read n [DEBUG] send_next_pair_init target 0, head 0, redo 0, redo_state 0, pass_state 0. loop_mode 0, curlogin (null), curpass (null), tlogin John, tpass , logincnt 0/1, passcnt 0/1, loop_cnt 1 [DEBUG] send_next_pair_mid done 1, pass_state 2, clogin John, cpass , tlogin John, tpass , redo 0 [ATTEMPT] target 192.168.47.1 - login "John" - pass "" - 1 of 1 [child 0] (0/0) INFO: Current debug levels: all: 7 tdb: 7 printdrivers: 7 lanman: 7 smb: 7 rpc_parse: 7 rpc_srv: 7 rpc_cli: 7 passdb: 7 sam: 7 auth: 7 winbind: 7 vfs: 7 idmap: 7 quota: 7 acls: 7 locking: 7 msdfs: 7 dmapi: 7 registry: 7 scavenger: 7 dns: 7 ldb: 7 tevent: 7 auth_audit: 7 auth_json_audit: 7 kerberos: 7 drs_repl: 7 smb2: 7 smb2_credits: 7 dsdb_audit: 7 dsdb_json_audit: 7 dsdb_password_audit: 7 dsdb_password_json_audit: 7 dsdb_transaction_audit: 7 dsdb_transaction_json_audit: 7 dsdb_group_audit: 7 dsdb_group_json_audit: 7 Using netbios name MASTERING-VIRTUAL-MACHINE. Using workgroup WORKGROUP. [INFO] Connecting to: smb://192.168.47.1/IPC$ with WORKGROUP\John% parsed path: fname='smb://192.168.47.1/IPC$' server='192.168.47.1' share='IPC$' path='' options='' SMBC_check_options(): server='192.168.47.1' share='IPC$' path='' options='' SMBC_server: server_n=[192.168.47.1] server=[192.168.47.1] -> server_n=[192.168.47.1] server=[192.168.47.1] Connecting to 192.168.47.1 at port 445 socket options: SO_KEEPALIVE=0, SO_REUSEADDR=0, SO_BROADCAST=0, TCP_NODELAY=1, TCP_KEEPCNT=9, TCP_KEEPIDLE=7200, TCP_KEEPINTVL=75, IPTOS_LOWDELAY=0, IPTOS_THROUGHPUT=0, SO_REUSEPORT=0, SO_SNDBUF=87040, SO_RCVBUF=131072, SO_SNDLOWAT=1, SO_RCVLOWAT=1, SO_SNDTIMEO=0, SO_RCVTIMEO=0, TCP_QUICKACK=1, TCP_DEFER_ACCEPT=0, TCP_USER_TIMEOUT=0 cli_session_setup_spnego_send: Connect to 192.168.47.1 as John@WORKGROUP using SPNEGO GENSEC backend 'gssapi_spnego' registered GENSEC backend 'gssapi_krb5' registered GENSEC backend 'gssapi_krb5_sasl' registered GENSEC backend 'spnego' registered GENSEC backend 'schannel' registered GENSEC backend 'naclrpc_as_system' registered GENSEC backend 'sasl-EXTERNAL' registered GENSEC backend 'ntlmssp' registered GENSEC backend 'ntlmssp_resume_ccache' registered GENSEC backend 'http_basic' registered GENSEC backend 'http_ntlm' registered GENSEC backend 'http_negotiate' registered GENSEC backend 'krb5' registered GENSEC backend 'fake_gssapi_krb5' registered Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH gensec_update_done: ntlmssp[0x557254ed2490]: NT_STATUS_WRONG_CREDENTIAL_HANDLE gensec_spnego_client_negTokenTarg_step: SPNEGO(ntlmssp) login failed: NT_STATUS_WRONG_CREDENTIAL_HANDLE gensec_update_done: spnego[0x557254ecda20]: NT_STATUS_WRONG_CREDENTIAL_HANDLE SPNEGO login failed: The supplied credential handle does not match the credential that is associated with the security context. cli_session_setup_spnego_send: Connect to 192.168.47.1 as (null) using SPNEGO Starting GENSEC mechanism spnego Starting GENSEC submechanism ntlmssp Got challenge flags: Got NTLMSSP neg_flags=0x628a8215 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_TARGET_TYPE_SERVER NTLMSSP_NEGOTIATE_EXTENDED_SESSIONSECURITY NTLMSSP_NEGOTIATE_TARGET_INFO NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x62008a15 NTLMSSP_NEGOTIATE_UNICODE NTLMSSP_REQUEST_TARGET NTLMSSP_NEGOTIATE_SIGN NTLMSSP_NEGOTIATE_NTLM NTLMSSP_ANONYMOUS NTLMSSP_NEGOTIATE_ALWAYS_SIGN NTLMSSP_NEGOTIATE_VERSION NTLMSSP_NEGOTIATE_128 NTLMSSP_NEGOTIATE_KEY_EXCH NTLMSSP Sign/Seal - using NTLM1 SPNEGO login failed: {Access Denied} A process has requested access to an object but has not been granted those access rights. Performing aggressive shutdown. Context 0x557254ebc800 successfully freed Freeing parametrics: [DEBUG] head_no[0] read F [445][smb2] host: 192.168.47.1 login: John [DEBUG] skipping username John [DEBUG] head_no[0] read n [STATUS] attack finished for 192.168.47.1 (waiting for children to complete tests) [DEBUG] head_no 0, kill 1, fail 0 [DEBUG] all targets done and all heads finished [DEBUG] while loop left with 1 1 of 1 target successfully completed, 1 valid password found [DEBUG] killing all remaining children now that might be stuck Hydra (https://github.com/vanhauser-thc/thc-hydra) finished at 2024-02-24 11:46:15This is the Session id of the smb2 session setup request's header, identical for both hydra -p and smbclient: Session Id: 0x0001640004000061 Acct:John Domain:WORKGROUP Host:MASTERING-VIRTUAL-MACHINE
This is the Session id but for hydra -e n Session Id: 0x0001640004000065 Acct: Domain: Host:
I am using: Hydra v9.6dev compiled from github with libsmbclient 2:4.15.13 on ubuntu 22.04.1
Thanks for your time and interest