Re-add session support to the smb_enumusers module

rapid7 · Apr 22, 2024 · 4484316 · 4484316
1 parent eefa762
commit 4484316
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 21 deletions.
diff --git a/modules/auxiliary/scanner/smb/smb_enumusers.rb b/modules/auxiliary/scanner/smb/smb_enumusers.rb
@@ -27,10 +27,6 @@ def initialize
       ])
   end
 
-  def rport
-    @rport || super
-  end
-
   def domain
     @smb_domain || super
   end
@@ -40,6 +36,11 @@ def connect(*args, **kwargs)
   end
 
   def run_host(_ip)
+    if session
+      run_session
+      return
+    end
+
     if datastore['RPORT'].blank? || datastore['RPORT'] == 0
       smb_services = [
         { port: 139, direct: false },
@@ -56,6 +57,26 @@ def run_host(_ip)
     end
   end
 
+  def run_session
+    simple_client = session.simple_client
+    @rhost = simple_client.peerhost
+    @rport = simple_client.peerport
+    print_status('Connecting to IPC$...')
+    ipc_connect_result = simple_client.connect('IPC$')
+    unless ipc_connect_result
+      print_error "Failed to connect to IPC in session #{session.sid}"
+      return
+    end
+    print_status('Connected!')
+    tree = simple_client.tree_connects.last
+
+    run_service_domain(tree)
+    run_service_domain(tree, smb_domain: 'Builtin')
+  rescue ::Timeout::Error
+  rescue ::Exception => e
+    print_error("Error: #{e.class} #{e}")
+  end
+
   def run_service(port, direct)
     @rport = port
     @smb_direct = direct

diff --git a/spec/acceptance/smb_spec.rb b/spec/acceptance/smb_spec.rb
@@ -45,23 +45,19 @@
         #     },
         #   }
         # },
-        # Flaky:
-        # RubySMB::Error::CommunicationError Communication error with the remote host: Read timeout expired when reading from the Socket (timeout=30).
-        # The server supports encryption and this error may have been caused by encryption issues, but not always.
-        # Fixed here: https://github.com/rapid7/metasploit-framework/pull/19095
-        # {
-        #   name: "auxiliary/scanner/smb/smb_enumusers",
-        #   platforms: [:linux, :osx, :windows],
-        #   targets: [:session, :rhost],
-        #   skipped: false,
-        #   lines: {
-        #     all: {
-        #       required: [
-        #         "acceptance_tests_user",
-        #       ],
-        #     },
-        #   }
-        # },
+        {
+          name: "auxiliary/scanner/smb/smb_enumusers",
+          platforms: [:linux, :osx, :windows],
+          targets: [:session, :rhost],
+          skipped: false,
+          lines: {
+            all: {
+              required: [
+                "acceptance_tests_user",
+              ],
+            },
+          }
+        },
         {
           name: "auxiliary/scanner/smb/pipe_auditor",
           platforms: [:linux, :osx, :windows],