Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Don't connect to SMBv2 server #214

Open
joelfranco opened this issue Oct 25, 2023 · 5 comments
Open

Don't connect to SMBv2 server #214

joelfranco opened this issue Oct 25, 2023 · 5 comments

Comments

@joelfranco
Copy link

Hi,

I can't connect to a (supposed) smb2 host. I have no control or detailed info about the server. I can't connect to it using smbclient:

smbclient //ip/share -U DOMAIN\\USER%PASS:

wireshark:

    1 0.000000000 172.28.120.110 → 10.2.0.142   TCP 74 55208 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=620089998 TSecr=0 WS=128
    3 0.011530811   10.2.0.142 → 172.28.120.110 TCP 74 445 → 55208 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068524379 TSecr=620089998
    4 0.011564344 172.28.120.110 → 10.2.0.142   TCP 66 55208 → 445 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=620090010 TSecr=3068524379
    5 0.011805340 172.28.120.110 → 10.2.0.142   SMB2 298 Negotiate Protocol Request
    6 0.016529865   10.2.0.142 → 172.28.120.110 TCP 74 139 → 47462 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068524379 TSecr=620090003

But with pysmb, the server host do not reply with any errors and the pysmb can not detect that it's talking to a smbv2 server to switch itself to smbv2:

from smb.SMBConnection import SMBConnection
c = SMBConnection('user', 'pass', 'client', IP, 'domain', is_direct_tcp=True)
c.connect(IP, port=445)

wireshark:

    1 0.000000000 172.28.120.110 → 10.2.0.142   TCP 74 36250 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=621411900 TSecr=0 WS=128
    2 0.011390598   10.2.0.142 → 172.28.120.110 TCP 74 445 → 36250 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068656568 TSecr=621411900
    3 0.011435655 172.28.120.110 → 10.2.0.142   TCP 66 36250 → 445 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=621411912 TSecr=3068656568
    4 0.011533045 172.28.120.110 → 10.2.0.142   SMB 128 Negotiate Protocol Request
    5 0.222132729 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412123 TSecr=3068656568
    6 0.434130032 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412335 TSecr=3068656568
    7 0.858151094 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412759 TSecr=3068656568

What is wrong?

Thank you
@miketeo
Copy link
Owner

miketeo commented Oct 25, 2023

@joelfranco : can you adjust the port parameter in your connect() call to use 139? It seems that your smb server seems to respond on port 139.

@joelfranco
Copy link
Author

Hi @miketeo,

I changed the port. Same issue:

   c.connect('10.2.0.142', port=139)

And the wireshark capture:

    2 6.880105272 172.28.120.110 → 10.2.0.142   TCP 74 38514 → 139 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=662497687 TSecr=0 WS=128
    3 6.898225446   10.2.0.142 → 172.28.120.110 TCP 74 139 → 38514 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3072765106 TSecr=662497687
    4 6.898258557 172.28.120.110 → 10.2.0.142   TCP 66 38514 → 139 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=662497705 TSecr=3072765106
    5 6.898355605 172.28.120.110 → 10.2.0.142   SMB 128 Negotiate Protocol Request
    6 7.120027551 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662497927 TSecr=3072765106
    7 7.347975774 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662498155 TSecr=3072765106
    8 7.807999580 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662498615 TSecr=3072765106

Observe that smbclient works with 445 port.

Thank you very much

@miketeo
Copy link
Owner

miketeo commented Oct 26, 2023

It will be good if the wireshark capture can provide more information on the server's response to the smbclient's Negotiate Protocol Request. That may reveal why the server is not responding to pysmb's connection request; the server could possibly be using a dialect that is not supported by pysmb.

@joelfranco
Copy link
Author

image

Hi Miketeo, in this print you can see the first packet after the TCP handshake and following it, just retransmissions.

And this one is with the working smbclient:

image

Observe that in this one, the protocol is described as "SMB2" by wireshark and the pysmb packet it calls just "SMB", and that packets are very different.

Is it clearer now?

Thank you.

@miketeo
Copy link
Owner

miketeo commented Nov 6, 2023

Your server seems to be supporting the new SMB2 variants and SMB3 protocols which is not supported by pysmb.
Unfortunately, I don't have time to upgrade the current pysmb to support SMB3. I'm sorry but you may have to check out other projects for your needs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@miketeo @joelfranco