Re: smb_login and "security = share"

[Nicob <nicob () nicob net>]

Hello,

I found a patch for this bug.

In simpleclient.rb :

- modify connect() to receive an additional argument 'pass'
- transmit this argument to tree_connect() which already accept an
optional password

        def connect(share, pass = '')
                print "In simpleclient.connect() [modified]\n"
                ok = self.client.tree_connect(share, pass)

In samba_symlink_traversal.rb :

- modify the call to connect() in order to user the password from the
datastore

        self.simple.connect(
                "\\\\#{rhost}\\#{datastore['SMBSHARE']}",
                 datastore['SMBPass'])

This works with "user" or "share" security settings :

[*] Connecting to the server...
In simpleclient.connect() [modified]
In client.tree_connect() : pass = 
[*] Trying to mount writeable share 'NAS'...
In simpleclient.connect() [modified]
In client.tree_connect() : pass = tototo
[*] Trying to link 'escape' to the root filesystem...
[*] Now access the following share to browse the root filesystem:
[*]     \\127.0.0.1\NAS\escape\

Nicob

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework