force mixin to utilize ruby_smb

[jmartin-tech]

When refactored recently the new code expects a RubySMB object this ensures the client returned meets that expectation.

The following stack trace can occur (seen on macOS dev env):

[-] 10.10.10.10:139       - Error: '10.10.10.10' 'NoMethodError' 'undefined method `net_share_enum_all' for #<Rex::Proto::SMB::Client:0x00007fbf17523478 @socket=#<Socket:fd 15>, @native_os="Windows 2000 2195", @native_lm="Windows 2000 5.0", @encrypt_passwords=true, @extended_security=true, @multiplex_id=10968, @process_id=1767, @read_timeout=10, @evasion_opts={"pad_data"=>0, "pad_file"=>0, "obscure_trans_pipe"=>0}, @verify_signature=false, @use_ntlmv2=true, @usentlm2_session=true, @send_lm=true, @use_lanman_key=false, @send_ntlm=true, @sequence_counter=0, @signing_key="", @require_signing=false, @peer_require_signing=false, @spnopt={:use_spn=>true, :name=>"10.10.10.10"}, @default_max_buffer_size=65503, @smb_recv_cache=[], @dialect="NT LANMAN 1.0", @security_mode=3, @challenge_key="metasploitable-\x00`(\x06\x06+\x06\x01\x05\x05\x02\xA0\x1E0\x1C\xA0\x0E0\f\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xA3\n0\b\xA0\x06\e\x04NONE", @session_id=8867, @server_guid="metasploitable-\x00", @system_time=2022-12-12 13:10:00 -0600, @system_zone=-18000, @auth_user_id=100, @peer_native_os="Unix", @peer_native_lm="Samba 3.0.20-Debian", @default_domain="WORKGROUP", @last_tree_id=1>'

Verification

List the steps needed to make sure this thing works

• Start msfconsole
• use auxiliary/scanner/smb/smb_enumshares
• Verify consistent function for SMB 1,2,3 for valid targets
• Test against a metasploitable2 target and expect to receive the following for each port 139 & 445

msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 10.10.10.10:139       - Starting module
[-] 10.10.10.10:139       - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 10.10.10.10:445       - Starting module
[-] 10.10.10.10:445       - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 10.10.10.10:          - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

[gwillcox-r7]

Confirmed the Metasploitable 2 output is what is expected:

msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 192.168.153.130:139   - Starting module
[-] 192.168.153.130:139   - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 192.168.153.130:445   - Starting module
[-] 192.168.153.130:445   - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 192.168.153.130:      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > 

[gwillcox-r7]

Before:

msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 192.168.153.130:139   - Starting module
[*] 192.168.153.130:445   - Starting module
[-] 192.168.153.130:445   - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 192.168.153.130:      - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > 

[gwillcox-r7]

Seems to still be working with just SMBv1 enabled though we do get a bit of a funny message:

msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 172.31.181.172:139    - Starting module
[-] 172.31.181.172:139    - Login Failed: Unable to negotiate SMB1 with the remote host: Not a valid SMB packet
[*] 172.31.181.172:445    - Starting module
[+] 172.31.181.172:445    - address - (DISK) 
[+] 172.31.181.172:445    - ADMIN$ - (DISK|SPECIAL) Remote Admin
[+] 172.31.181.172:445    - C$ - (DISK|SPECIAL) Default share
[+] 172.31.181.172:445    - IPC$ - (IPC|SPECIAL) Remote IPC
[+] 172.31.181.172:445    - NETLOGON - (DISK) Logon server share 
[+] 172.31.181.172:445    - SYSVOL - (DISK) Logon server share 
[*] 172.31.181.172:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) >

[gwillcox-r7]

Following shows only SMBv1, then no protocol support, then SMB3 and SMBv2 support. I'll try just SMBv2 support next and if that works then I'll land this:

msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 172.31.181.172:139    - Starting module
[-] 172.31.181.172:139    - Login Failed: Unable to negotiate SMB1 with the remote host: Not a valid SMB packet
[*] 172.31.181.172:445    - Starting module
[+] 172.31.181.172:445    - address - (DISK) 
[+] 172.31.181.172:445    - ADMIN$ - (DISK|SPECIAL) Remote Admin
[+] 172.31.181.172:445    - C$ - (DISK|SPECIAL) Default share
[+] 172.31.181.172:445    - IPC$ - (IPC|SPECIAL) Remote IPC
[+] 172.31.181.172:445    - NETLOGON - (DISK) Logon server share 
[+] 172.31.181.172:445    - SYSVOL - (DISK) Logon server share 
[*] 172.31.181.172:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > edit
msf6 auxiliary(scanner/smb/smb_enumshares) > reload
[*] Reloading module...
msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 172.31.181.172:139    - Starting module
[-] 172.31.181.172:139    - Login Failed: Unable to negotiate SMB1 with the remote host: Not a valid SMB packet
[*] 172.31.181.172:445    - Starting module
[-] 172.31.181.172:445    - Login Failed: Unable to negotiate SMB1 with the remote host: An error occurred reading from the Socket Connection reset by peer
[*] 172.31.181.172:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > run

[*] 172.31.181.172:139    - Starting module
[-] 172.31.181.172:139    - Login Failed: Unable to negotiate SMB1 with the remote host: Not a valid SMB packet
[*] 172.31.181.172:445    - Starting module
[!] 172.31.181.172:445    - peer_native_os is only available with SMB1 (current version: SMB3)
[!] 172.31.181.172:445    - peer_native_lm is only available with SMB1 (current version: SMB3)
[+] 172.31.181.172:445    - address - (DISK) 
[+] 172.31.181.172:445    - ADMIN$ - (DISK|SPECIAL) Remote Admin
[+] 172.31.181.172:445    - C$ - (DISK|SPECIAL) Default share
[+] 172.31.181.172:445    - IPC$ - (IPC|SPECIAL) Remote IPC
[+] 172.31.181.172:445    - NETLOGON - (DISK) Logon server share 
[+] 172.31.181.172:445    - SYSVOL - (DISK) Logon server share 
[*] 172.31.181.172:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/smb_enumshares) > 

[gwillcox-r7]

Release Notes

A bug has been fixed in the smb_enumshares.rb whereby if a SMBv1 connection is used a call was made to the net_share_enum_all function on the wrong object. This has since been updated to address this error.