Re: Failed authentication with smb-psexec.nse

[Ron <ron () skullsecurity net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hey,

I'm out of town right now, but I'll take a look at this when I get home (unless somebody else wants to delve into it). 

Thanks for the great report/pcaps! 

Ron

On Tue, 23 Nov 2010 11:21:53 -0600 Francois Lachance <digitallachance () gmail com> wrote:
> I have been trying to use the smb-psexec.nse script in order to run
> executable on a Windows target.  Unfortunately, I am not getting past
> the authentication part.
>
> I have attached two packet captures, one of the nmap attempt and one
> of a Windows client making a drive connection.  The capture shows the
> SMB Command: Negotiate Protocol (0x72) and the result from the
> target.  From what I can tell, the key difference is found when
> comparing the returned result on line 239 of nmap-nego-ptoto.txt and
> line 243 of explorer-nego-proto.txt.  In the successful connection,
> the returned response is "Dialect Index: 5: NT LM 0.12", whereas in
> the failed attempt, the returned response is "Dialect Index: 0: NT LM
> 0.12".
>
> > From what I can see, our network has been configured (through GPO)
> > to only
> use NTLMv2 authentication (Send NTLMv2 response only\refuse LM).
>
> Since I am not seeing NTLMv2 in the list of requested protocol in the
> packet trace of the nmap capture (lines 112-121 in
> nmap-nego-proto.txt), am I right in assuming that smb-psexec will
> never work in my environment?
>
> I would wager that implementing NTLMv2 is not a trivial task...
>
> Thanks!


- -- 
Ron Bowes

Blog: http://www.skullsecurity.org
Twitter: https://twitter.com/iagox86

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)

iEYEARECAAYFAkzuqNUACgkQ2t2zxlt4g/TPIACgxCZnqzVBuUgiGyOkEzZn/Eka
40EAoJNHFFUFVMnHRn6AhCU0obEQg8gJ
=xFYU
-----END PGP SIGNATURE-----
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/