Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[enhancement] Adding SMBv1 support #16

Open
p0dalirius opened this issue Sep 27, 2024 · 8 comments
Open

[enhancement] Adding SMBv1 support #16

p0dalirius opened this issue Sep 27, 2024 · 8 comments

Comments

@p0dalirius
Copy link

p0dalirius commented Sep 27, 2024
edited
Loading

Hi!

Thank you for this library.

Do you have any plans to implement SMBv1? That would be useful to be able to scan for hosts and detect which one still have ntlv1 enabled. like in CrackMapExec when you run cme smb 192.168.1.0/24 and see the banners.

Edit:
To be extra precise, I was trying to write an example of GoLang code to be able to detect if SMBv1 is supported by the remote.

import (
	"github.com/jfjallid/go-smb/smb"
)

// ...

func main() {

options := smb.Options{
	Host:      "10.0.0.201",
	Port:      445,
	ForceSMB2: false,
	Initiator: &smb.NTLMInitiator{
		User:     "Administrator",
		Password: "Admin123!",
		Domain:   "LAB",
	},
}

// Connect to remote machine
session, err := smb.NewConnection(options)
if err != nil {
	return "error"
}
defer session.Close()

req, err := session.NewSMB1NegotiateReq()
if err != nil {
	if config.Debug {
		logger.Debug(fmt.Sprintf("session.NewSMB1NegotiateReq() raised error: %s", err))
	}
}

fmt.Print("req.Dialects:")
fmt.Println(req.Dialects)

fmt.Print("req.Header.Protocol:")
fmt.Println(req.Header.Protocol)

}

But my results are not useful, With only SMB2 enabled I get:

req.Dialects:[{2 SMB 2.100} {2 SMB 2.???}]
req.Header.Protocol:[255 83 77 66]

With SMBv1 enabled I get:

req.Dialects:[{2 SMB 2.100} {2 SMB 2.???}]
req.Header.Protocol:[255 83 77 66]

Do you know if this is possible given the current state of implementation or does it need to be implemented in your library? If so do you plan on implementing it?

Best regards,
@jfjallid
Copy link
Owner

jfjallid commented Oct 1, 2024

I'm not planning on implementing support for SMB1 communication as it is a bit too much work for something I have no use for. But I would happily accept and review any pull requests towards that end.

I've implemented support for handling servers that only speak SMB1 to shutdown a bit more gracefully by performing multi-protocol negotiation. If all you are interested in is checking if SMB1 is supported I think that should be possible with perhaps some minor changes to the library to expose the result of that protocol negotiation.

However, I don't have access to any SMB1 servers currently like Windows Server 2003 to test any new code against so such a change will probably not be done by me anytime soon unless that changes.

@iamalsaher
Copy link

@p0dalirius I think we can try to collaborate and add support for smb v1. I have the exact same needs as you, and I am open to working an enhancing the capabilities of the library to be more towards impacket.

@iamalsaher
Copy link

@jfjallid If we can plan a roadmap on the features that we should be adding, maybe in a new issue, that can open opportunities for contribution?

@jfjallid
Copy link
Owner

jfjallid commented Dec 15, 2024
edited
Loading

@jfjallid If we can plan a roadmap on the features that we should be adding, maybe in a new issue, that can open opportunities for contribution?

@iamalsaher I've added a new issue to discuss a roadmap and ideas for changes #19 (comment) to keep this issue on topic.

@jfjallid
Copy link
Owner

If the goal is still to only implement the protocol negotiation but not implement full SMB1 support, I think a fairly easy way forward would be to change the NewSMB1NegotiateReq() to a function instead of a method on the session struct and add a boolean function argument to enable SMB1 support in which case the SMB1 dialects are added to the request.
That way we can avoid establishing a new connection and the need for more changes to the normal connection flow.

The flow would then be to open a TCP connection, create and send a SMB1NegotiateReq packet and parse the response with a function in the smb1.go part of the code.

@iamalsaher
Copy link

I think the main usecase is to identify machines which speak SMB v1, cause then they could be simple targets.

Regarding the implementation, let me check out the code, and see your approach, if it looks fine, I will add and put a PR.

@iamalsaher
Copy link

I was looking at this fork which seems to have added smb v1 support, I think we can implement this here?

https://github.com/hy05190134/smb

@jfjallid
Copy link
Owner

I was looking at this fork which seems to have added smb v1 support, I think we can implement this here?

https://github.com/hy05190134/smb

Only made a quick check of the project but seems like it is hardcoded for SMB2, same as this lib.
One thing about SMB vs SMB2 is that the packet headers have different structures so it won't work by just changing the protocol code in the header.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@jfjallid @iamalsaher @p0dalirius