github/Responder
1
0
Fork 0
mirror of https://github.com/lgandx/Responder.git synced 2025-08-21 22:03:30 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed bug in SMBv2 server

Browse source 
When using Responder SMBv2 server,  the first time client authenticate The Responder SMBv2 server ,the Message ID of the packet with Net-NTML hash is 3(Responder capture the first Net-NTLM hashes).then the Responder SMBv2 server will send client the ACCESS-DENIED message to make client to try the second time ,thus the server can capture the a new Net-NTLM hash,In this time ,the Message ID of the packet with Net-NTML hash is 2. so delete  '   and GrabMessageID(data)[0:1] == "\x02"  ' to make sure Responder can capture Net-NTLM hashes twice.(make Responder SMBv2 server works better )
This commit is contained in:
wreck1t 2019-11-17 02:12:31 +08:00 committed by GitHub
commit 6a52dde21e
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
servers/SMB.py
View file

@ -236,7 +236,7 @@ class SMB1(BaseRequestHandler): # SMB1 & SMB2 Server class, NTLMSSP
self.request.send(buffer1)
data = self.request.recv(1024)
## Session Setup 3 answer SMBv2.
if data[16:18] == "\x01\x00" and GrabMessageID(data)[0:1] == "\x03" and data[4:5] == "\xfe":
if data[16:18] == "\x01\x00" and data[4:5] == "\xfe":
ParseSMBHash(data, self.client_address[0], Challenge)
head = SMB2Header(Cmd="\x01\x00", MessageId=GrabMessageID(data), PID="\xff\xfe\x00\x00", CreditCharge=GrabCreditCharged(data), Credits=GrabCreditRequested(data), NTStatus="\x22\x00\x00\xc0", SessionID=GrabSessionID(data))
t = SMB2Session2Data()