Fix a stack trace when the SMBUser isn't set
For some reason an invalid user/pass don't seem to trigger STATUS_ACCESS_DENIED responses, but an empty user does.
This commit is contained in:
parent
d68d832c9d
commit
6ab66dc59e
|
@ -75,7 +75,7 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
)
|
)
|
||||||
rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e
|
rescue ::Rex::Proto::SMB::Exceptions::ErrorCode => e
|
||||||
#STATUS_NOT_SUPPORTED
|
#STATUS_NOT_SUPPORTED
|
||||||
if( e.error_code == 0xC00000BB )
|
if( e.error_code == 0xC00000BB )
|
||||||
srvsvc_netshareenum
|
srvsvc_netshareenum
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
@ -108,11 +108,16 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
|
|
||||||
simple.connect("IPC$")
|
simple.connect("IPC$")
|
||||||
handle = dcerpc_handle('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0', 'ncacn_np', ["\\srvsvc"])
|
handle = dcerpc_handle('4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0', 'ncacn_np', ["\\srvsvc"])
|
||||||
dcerpc_bind(handle)
|
begin
|
||||||
|
dcerpc_bind(handle)
|
||||||
|
rescue Rex::Proto::SMB::Exceptions::ErrorCode => e
|
||||||
|
print_error("#{rhost} : #{e.message}")
|
||||||
|
return
|
||||||
|
end
|
||||||
|
|
||||||
stubdata =
|
stubdata =
|
||||||
NDR.uwstring("\\\\#{rhost}") +
|
NDR.uwstring("\\\\#{rhost}") +
|
||||||
NDR.long(1) #level
|
NDR.long(1) #level
|
||||||
|
|
||||||
ref_id = stubdata[0,4].unpack("V")[0]
|
ref_id = stubdata[0,4].unpack("V")[0]
|
||||||
ctr = [1, ref_id + 4 , 0, 0].pack("VVVV")
|
ctr = [1, ref_id + 4 , 0, 0].pack("VVVV")
|
||||||
|
@ -132,9 +137,9 @@ class Metasploit3 < Msf::Auxiliary
|
||||||
share_count = res.slice!(0, 4).unpack("V")[0]
|
share_count = res.slice!(0, 4).unpack("V")[0]
|
||||||
res.slice!(0,4) # Reference ID of CTR1
|
res.slice!(0,4) # Reference ID of CTR1
|
||||||
share_max_count = res.slice!(0, 4).unpack("V")[0]
|
share_max_count = res.slice!(0, 4).unpack("V")[0]
|
||||||
|
|
||||||
raise "Dce/RPC error : Unknow situation encountered count != count max (#{share_count}/#{share_max_count})" if share_max_count != share_count
|
raise "Dce/RPC error : Unknow situation encountered count != count max (#{share_count}/#{share_max_count})" if share_max_count != share_count
|
||||||
|
|
||||||
types = res.slice!(0, share_count * 12).scan(/.{12}/n).map{|a| a[4,2].unpack("v")[0]} # RerenceID / Type / ReferenceID of Comment
|
types = res.slice!(0, share_count * 12).scan(/.{12}/n).map{|a| a[4,2].unpack("v")[0]} # RerenceID / Type / ReferenceID of Comment
|
||||||
|
|
||||||
share_count.times do |t|
|
share_count.times do |t|
|
||||||
|
|
Loading…
Reference in New Issue