From 6a52dde21e726663876834851e807429deafeaf0 Mon Sep 17 00:00:00 2001
From: wreck1t <871662178@qq.com>
Date: Sun, 17 Nov 2019 02:12:31 +0800
Subject: [PATCH] Fixed bug in SMBv2 server

When using Responder SMBv2 server,  the first time client authenticate The Responder SMBv2 server ,the Message ID of the packet with Net-NTML hash is 3(Responder capture the first Net-NTLM hashes).then the Responder SMBv2 server will send client the ACCESS-DENIED message to make client to try the second time ,thus the server can capture the a new Net-NTLM hash,In this time ,the Message ID of the packet with Net-NTML hash is 2. so delete  '   and GrabMessageID(data)[0:1] == "\x02"  ' to make sure Responder can capture Net-NTLM hashes twice.(make Responder SMBv2 server works better )
---
 servers/SMB.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/servers/SMB.py b/servers/SMB.py
index 417345a..9329edd 100644
--- a/servers/SMB.py
+++ b/servers/SMB.py
@@ -236,7 +236,7 @@ class SMB1(BaseRequestHandler):  # SMB1 & SMB2 Server class, NTLMSSP
               				self.request.send(buffer1)
               				data = self.request.recv(1024)
                                 ## Session Setup 3 answer SMBv2.
-				if data[16:18] == "\x01\x00" and GrabMessageID(data)[0:1] == "\x03" and data[4:5] == "\xfe":
+				if data[16:18] == "\x01\x00" and data[4:5] == "\xfe":
               				ParseSMBHash(data, self.client_address[0], Challenge)
               				head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data), Credits=GrabCreditRequested(data), NTStatus="\x22\x00\x00\xc0", SessionID=GrabSessionID(data))
               				t = SMB2Session2Data()