From dfc3b359a35d601b5a5c227c6b962db4f5709ff0 Mon Sep 17 00:00:00 2001 From: cddmp Date: Mon, 12 Feb 2024 10:23:05 +0100 Subject: [PATCH 1/2] Fix session handling --- enum4linux-ng.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/enum4linux-ng.py b/enum4linux-ng.py index e5a96be..08f4ed7 100755 --- a/enum4linux-ng.py +++ b/enum4linux-ng.py @@ -350,7 +350,7 @@ class Target: passed during the enumeration to the various modules. This allows to modify/update target information during enumeration. ''' - def __init__(self, host, credentials, port=None, tls=None, timeout=None, samba_config=None, sessions={}): + def __init__(self, host, credentials, port=None, tls=None, timeout=None, samba_config=None, sessions={'sessions_possible':False}): self.host = host self.creds = credentials self.port = port @@ -2954,7 +2954,7 @@ def run_modules(self, modules): # If sessions are not possible, we regenerate the list of modules again. # This will only leave those modules in, which don't require authentication. - if self.target.sessions and not self.target.sessions[self.creds.auth_method]: + if self.target.sessions and self.creds.auth_method in self.target.sessions and not self.target.sessions[self.creds.auth_method]: modules = self.get_modules(self.target.listeners, session=False) # Try to get domain name and sid via lsaquery From 85aa4ea976eb742889dde44941dfe007a75174d8 Mon Sep 17 00:00:00 2001 From: cddmp Date: Mon, 12 Feb 2024 10:52:38 +0100 Subject: [PATCH 2/2] Fix session handling --- enum4linux-ng.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/enum4linux-ng.py b/enum4linux-ng.py index 08f4ed7..30d8d6e 100755 --- a/enum4linux-ng.py +++ b/enum4linux-ng.py @@ -350,14 +350,13 @@ class Target: passed during the enumeration to the various modules. This allows to modify/update target information during enumeration. ''' - def __init__(self, host, credentials, port=None, tls=None, timeout=None, samba_config=None, sessions={'sessions_possible':False}): + def __init__(self, host, credentials, port=None, tls=None, timeout=None, samba_config=None): self.host = host self.creds = credentials self.port = port self.timeout = timeout self.tls = tls self.samba_config = samba_config - self.sessions = sessions self.ip_version = None self.smb_ports = [] @@ -367,6 +366,14 @@ def __init__(self, host, credentials, port=None, tls=None, timeout=None, samba_c self.smb1_supported = False self.smb1_only = False + self.sessions = {"sessions_possible":False, + AUTH_NULL:False, + AUTH_PASSWORD:False, + AUTH_KERBEROS:False, + AUTH_NTHASH:False, + "random_user":False, + } + result = self.valid_host(host) if not result.retval: raise Exception(result.retmsg) @@ -2950,11 +2957,12 @@ def run_modules(self, modules): if ENUM_SESSIONS in modules: result = EnumSessions(self.target, self.creds).run() self.output.update(result) + # Overwrite sessions self.target.sessions = self.output.as_dict()['sessions'] # If sessions are not possible, we regenerate the list of modules again. # This will only leave those modules in, which don't require authentication. - if self.target.sessions and self.creds.auth_method in self.target.sessions and not self.target.sessions[self.creds.auth_method]: + if not self.target.sessions[self.creds.auth_method]: modules = self.get_modules(self.target.listeners, session=False) # Try to get domain name and sid via lsaquery