Noam Rathaus
Noam Rathaus
I think what you are asking to add already exists: ``` msf6 auxiliary(scanner/smb/smb_version) > run 172.22.0.2 [*] 172.22.0.2:445 - SMB Detected (versions:1, 2, 3) (preferred dialect:SMB 3.1.1) (compression capabilities:) (encryption...
This information is processed in these two lines of code: ``` response = smb2_ntlmssp_negotiate challenge_packet = smb2_ntlmssp_challenge_packet(response) ```
Specifically, the: `packet = RubySMB::SMB2::Packet::SessionSetupResponse.read(raw_response)`
There seems to be no parsing of the `GSS-API Generic Security Service Application Program Interface` section of the data
There seems to be some thought placed into the code to support GSS? ``` def set_type2_blob(type1_message) gss_blob = RubySMB::Gss.gss_type2(type1_message) self.security_buffer_length = gss_blob.length self.buffer = gss_blob end ``` But no one...
Parsing this data while coding it in Ruby is at the moment beyond my technical skills
BTW It seems to be in fact (the security blob) ASN.1 encoded content: https://gchq.github.io/CyberChef/#recipe=Parse_ASN.1_hex_string(0,32)&input=ICAgYTEgODEgZDYgMzAgODEgZDMgYTAgMDMgMGEgMDEgMDEgYTEgMGMgMDYgMGEgMmIKICAgMDYgMDEgMDQgMDEgODIgMzcgMDIgMDIgMGEgYTIgODEgYmQgMDQgODEgYmEgNGUKICAgNTQgNGMgNGQgNTMgNTMgNTAgMDAgMDIgMDAgMDAgMDAgMTggMDAgMTggMDAgMzgKICAgMDAgMDAgMDAgMzUgODIgOGEgZTIgY2IgOGMgOWQgNTkgMjkgNTcgNzYgNTkgMDAKICAgMDAgMDAgMDAgMDAgMDAgMDAgMDAgNmEgMDAgNmEgMDAgNTAgMDAgMDAgMDAgMDYKICAgMDEgMDAgMDAgMDAgMDAgMDAgMGYgMzYgMDAgMzMgMDAgMzQgMDAgNDUgMDAgMzIKICAgMDAgNDQgMDAgNDQgMDAgMzkgMDAgNDYgMDAgMzggMDAgMzMgMDAgMzAgMDAgMDIKICAgMDAgMTggMDAgMzYgMDAgMzMgMDAgMzQgMDAgNDUgMDAgMzIgMDAgNDQgMDAgNDQKICAgMDAgMzkgMDAgNDYgMDAgMzggMDAgMzMgMDAgMzAgMDAgMDEgMDAgMTggMDAgMzYKICAgMDAgMzMgMDAgMzQgMDAgNDUgMDAgMzIgMDAgNDQgMDAgNDQgMDAgMzkgMDAgNDYKICAgMDAgMzggMDAgMzMgMDAgMzAgMDAgMDQgMDAgMDIgMDAgMDAgMDAgMDMgMDAgMTgKICAgMDAgMzYgMDAgMzMgMDAgMzQgMDAgNjUgMDAgMzIgMDAgNjQgMDAgNjQgMDAgMzkKICAgMDAgNjYgMDAgMzggMDAgMzMgMDAgMzAgMDAgMDcgMDAgMDggMDAgZTggNGQgMGEKICAgNzAgZmEgOTYgZGEgMDEgMDAgMDAgMDAgMDAK
Is RubyNTLM being shipped/used by metasploit atm? or do I need to copy-paste the code there into the smb.rb that comes with Metasploit?
@h00die which script are you referring to? that is not giving output
Dev setup, use 5.0.0 `openemr`: ``` # Use admin/pass as user/password credentials to login to openemr (from OE_USER and OE_PASS below) # MYSQL_HOST and MYSQL_ROOT_PASS are required for openemr #...