Add hashes option and better error handling to wmiexec

[k0pak4]

This PR adds two things to the wmiexec module and fixes Issue 16218:

1. Ability to use hashes for authentication
2. Better error handling for failed SMB connections. The SessionError is now caught and logged to the console. I also added a more specific exception to the try except for DCOM connections.

Verification

Show the login error with an incorrect hash

• Start msfconsole
• use auxiliary/scanner/smb/impacket/wmiexec
• show options
• set SMBDomain bionicle.com
• set SMBUser Administrator
• set HASHES AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
• set COMMAND 'dir C:\'
• run

[k0pak4]

@bwatters-r7 have you gotten a chance to take a look at this? It's been open for a month without review and if there's anything that needs changing I'd be happy to make those changes. Thanks!

[bwatters-r7]

Ooops; I apologize.... I did not even remember grabbing this. Thank you for the reminder!
Testing:

msf6 > use auxiliary/scanner/smb/impacket/wmiexec 
msf6 auxiliary(scanner/smb/impacket/wmiexec) > show options

Module options (auxiliary/scanner/smb/impacket/wmiexec):

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   COMMAND                     yes       The command to execute
   HASHES                      no        The NTLM hash to use for authentication, format: LMHASH:NTHASH
   OUTPUT     true             yes       Get the output of the executed command
   RHOSTS                      yes       The target host(s), see https://github.com/rapid7/metasploit-framework/wiki/Using-Metasplo
                                         it
   SMBDomain  .                no        The Windows domain to use for authentication
   SMBPass                     no        The password for the specified username
   SMBUser                     yes       The username to authenticate as
   THREADS    1                yes       The number of concurrent threads (max one per host)

msf6 auxiliary(scanner/smb/impacket/wmiexec) > set rhosts 10.5.132.159
rhosts => 10.5.132.159
msf6 auxiliary(scanner/smb/impacket/wmiexec) > set SMBDOMAIN testdomain.com
SMBDOMAIN => testdomain.com
msf6 auxiliary(scanner/smb/impacket/wmiexec) > set HASHES AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
HASHES => AAD3B435B51404EEAAD3B435B51404EE:31D6CFE0D16AE931B73C59D7E0C089C0
msf6 auxiliary(scanner/smb/impacket/wmiexec) > set command 'dir C:\'
command => dir C:\
msf6 auxiliary(scanner/smb/impacket/wmiexec) > run

[-] Msf::OptionValidateError The following options failed to validate: SMBUser
msf6 auxiliary(scanner/smb/impacket/wmiexec) > set SMBUser Administrator
SMBUser => Administrator
msf6 auxiliary(scanner/smb/impacket/wmiexec) > run

[*] Running for 10.5.132.159...
[-] 10.5.132.159 - SMB SessionError: STATUS_LOGON_FAILURE(The attempted logon is invalid. This is either due to a bad username or authentication information.)
[-] 10.5.132.159 - rpc_s_access_denied
[*] Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/smb/impacket/wmiexec) > 

[bwatters-r7]

Release Notes

This PR adds the ability to authenticate via hash and improves the error reporting when authentication fails.