Merge pull request #1179 from ly4k/master

Disable anonymous logon in ntlmrelayx

impacket/examples/ntlmrelayx/servers/smbrelayserver.py

@@ -72,6 +72,8 @@ def __init__(self,config):
         else:
             smbConfig.set("global", "SMB2Support", "False")
 
+        smbConfig.set("global", "anonymous_logon", "False")
+
         if self.config.outputFile is not None:
             smbConfig.set('global','jtr_dump_path',self.config.outputFile)
 

impacket/smbserver.py

@@ -2978,9 +2978,13 @@ def smb2SessionSetup(connId, smbServer, recvPacket):
                 # No credentials provided, let's grant access
                 if authenticateMessage['flags'] & ntlm.NTLMSSP_NEGOTIATE_ANONYMOUS:
                     isAnonymus = True
+                    if smbServer._SMBSERVER__anonymousLogon == False:
+                        errorCode = STATUS_ACCESS_DENIED
+                    else:
+                        errorCode = STATUS_SUCCESS
                 else:
                     isGuest = True
-                errorCode = STATUS_SUCCESS
+                    errorCode = STATUS_SUCCESS
 
             if errorCode == STATUS_SUCCESS:
                 connData['Authenticated'] = True
@@ -3961,6 +3965,9 @@ def __init__(self, server_address, handler_class=SMBSERVERHandler, config_parser
         # SMB2 Support flag = default not active
         self.__SMB2Support = False
 
+        # Allow anonymous logon
+        self.__anonymousLogon = True
+
         # Our list of commands we will answer, by default the NOT IMPLEMENTED one
         self.__smbCommandsHandler = SMBCommands()
         self.__smbTrans2Handler = TRANS2Commands()
@@ -4601,6 +4608,12 @@ def processConfigFile(self, configFile=None):
         else:
             self.__SMB2Support = False
 
+
+        if self.__serverConfig.has_option("global", "anonymous_logon"):
+            self.__anonymousLogon = self.__serverConfig.getboolean("global", "anonymous_logon")
+        else:
+            self.__anonymousLogon = True
+
         if self.__logFile != 'None':
             logging.basicConfig(filename=self.__logFile,
                                 level=logging.DEBUG,