Fixed bug in SMBv2 server

When using Responder SMBv2 server, the first time client authenticate The Responder SMBv2 server ,the Message ID of the packet with Net-NTML hash is 3(Responder capture the first Net-NTLM hashes).then the Responder SMBv2 server will send client the ACCESS-DENIED message to make client to try the second time ,thus the server can capture the a new Net-NTLM hash,In this time ,the Message ID of the packet with Net-NTML hash is 2. so delete ' and GrabMessageID(data)[0:1] == "\x02" ' to make sure Responder can capture Net-NTLM hashes twice.(make Responder SMBv2 server works better )
2025-08-22 06:13:39 -07:00 · 2019-11-17 02:12:31 +08:00 · 2019-11-17 02:12:31 +08:00 · 6a52dde21e
commit 6a52dde21e
parent d6a7217b4e
1 changed files with 1 additions and 1 deletions
--- a/servers/SMB.py
+++ b/servers/SMB.py
@ -236,7 +236,7 @@ class SMB1(BaseRequestHandler):  # SMB1 & SMB2 Server class, NTLMSSP
              				self.request.send(buffer1)
              				data = self.request.recv(1024)
                                ## Session Setup 3 answer SMBv2.
-				if data[16:18] == "\x01\x00" and GrabMessageID(data)[0:1] == "\x03" and data[4:5] == "\xfe":
+				if data[16:18] == "\x01\x00" and data[4:5] == "\xfe":
              				ParseSMBHash(data, self.client_address[0], Challenge)
              				head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data), Credits=GrabCreditRequested(data), NTStatus="\x22\x00\x00\xc0", SessionID=GrabSessionID(data))
              				t = SMB2Session2Data()