Pipe Auditor - add support to SMBv2

[cdelafuente-r7]

pipe_auditor auxiliary module only support SMB1 and fails with modern Windows, which only support SMBv2.

This PR add support to SMBv2.

Verification

Use a Windows 10 as a target with default configuration (SMBv1 disabled).

• Start msfconsole
• use auxiliary/scanner/smb/pipe_auditor
• set RHOSTS <host>
• set SMBUser <username>
• set SMBPass <password>
• run
• Verify the accessible named pipes are listed

[dwelch-r7]

Gave this a test against windows 10
got this:

[+] 172.16.128.162:445    - Pipes: \netlogon, \lsarpc, \samr, \atsvc, \epmapper, \eventlog, \InitShutdown, \lsass, \LSM_API_service, \ntsvcs, \protected_storage, \scerpc, \srvsvc, \trkwks, \wkssvc
[*] 172.16.128.162:       - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed

I presume that's what you'd expect? Can't say I'm overly familiar with the module...

[cdelafuente-r7]

Yes, exactly, it is the expected result. The accessible named pipes are listed and no errors showed up.
Thanks for testing!

[dwelch-r7]

Fantastic, I'll fire ahead and land it

[dwelch-r7]

Release Notes

Adds support for SMBv2 to the pipe auditor auxiliary module.

[cdelafuente-r7]

Thanks @dwelch-r7 !

[wvu]

Cool, the mixin still works. 😎

[cdelafuente-r7]

I've found these references to check_named_pipes:

• lib/msf/core/exploit/smb/client/psexec_ms17_010.rb, used by:
  • modules/exploits/windows/smb/ms17_010_psexec.rb
  • modules/auxiliary/admin/smb/ms17_010_command.rb
• modules/auxiliary/scanner/smb/smb_ms17_010.rb

These should work better with SMBv2 now, since the RubySMB exception is correctly handled now. I think, before this fix, an exception was raised on the first non-accessible named pipe with SMBv2, which breaks everything. It could be interesting to run some tests with these modules to compare.