v0.55.0 — DFS namespace root walking (Multimaster live-validated)
Closes the Multimaster DFS scenario end-to-end. After v0.54.1 let DFS shares pass the probe gate, the walker still failed with STATUS_INVALID_PARAMETER on the namespace root — smbprotocol's regular Open + query_directory doesn't work because the namespace root isn't a real directory, just a referral table.
Fixes
_list_directory DFS root fallback
When tree is DFS-capable and CREATE returns INVALID_PARAMETER, fall back to smbclient.scandir which handles the namespace-root listing via its internal _resolve_dfs.
walk() PATH_NOT_COVERED graceful skip
DFS-link descent typically fails because the resolved fileserver needs operator-managed DNS (standard engagement prep — /etc/hosts entry). Walker now catches PATH_NOT_COVERED, records the skipped link in self._skipped_dfs_links, and continues. Share scan completes cleanly.
Smbclient package shadow workaround
impacket ships a smbclient.py script in venv bin/ that shadows the smbprotocol package under uv run. New _import_real_smbclient helper strips bin dirs from sys.path during the import.
Live-validated against HTB Multimaster
sharesift hunt //10.129.13.28 -u tushikikatomo -p finance1:
dfsshare probe → R ✅ (v0.54.1)- Namespace root listing →
Developmentlink ✅ (v0.55 fallback) - Link descent → PATH_NOT_COVERED → skipped gracefully ✅ (v0.55 walk fix)
- Share scan completes, pipeline continues to NETLOGON + SYSVOL ✅
The v0.53 resolver correctly resolved Development → \\FSMO\Development; walking that requires FSMO in /etc/hosts (engagement prep).
Tests
+7 (test_smb_dfs_walk_v0p55.py). Full suite: 1425 passed, 29 skipped, 0 failed.
Status
DFS scenario is now end-to-end correct from probe → list root → discover links → walk-or-skip. Combined with v0.53's referral resolution and v0.54's three engagement fixes, ShareSift handles:
- Anonymous SMB shares (Active.htb pattern)
- Legacy SMB targets (Server 2008 R2)
- DFS namespace roots + links
Queued for v0.56: GOAD-validated head-to-head benchmark.