Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor smb lookupsid module #19170

Merged
merged 5 commits into from
May 17, 2024
Merged

Refactor smb lookupsid module #19170

merged 5 commits into from
May 17, 2024

Conversation

sjanusz-r7
Copy link
Contributor

@sjanusz-r7 sjanusz-r7 commented May 8, 2024
edited
Loading

This PR fixes the smb_lookupsid module hanging with 'STATUS_PENDING' when running vs. Samba in a Docker container. This is similar to #19053

This PR requires the changes from: rapid7/ruby_smb#267

This PR:

  • Pulls out the connect_ipc method into an MsIpc mixin. This code would have been copy-pasta'd three times with the changes in this PR otherwise.
  • Adds a disconnect_ipc method that can be called during cleaup
  • Adds LSARPC wrappers around the DCERPC calls added to RubySMB
  • Refactors the smb_lookupsid module to use the rubySMB code; this fixes the linked issue.

Before

image

After

image

Verification

  • Start msfconsole
  • use smb_login
  • confirm you get an SMB session vs a Windows Server VM
  • use smb_lookupsid
  • Confirm you can run vs. the SMB session multiple times with no errors.
  • use smb_login
  • Confirm you get an SMB session vs a Samba Docker container
  • use smb_lookupsid
  • Confirm you can run vs. the SMB session multiple times with no errors.

@sjanusz-r7 sjanusz-r7 force-pushed the refactor-smb_lookupsid-module branch 3 times, most recently from 7b22cd7 to af8a18a Compare May 8, 2024 14:20
@smcintyre-r7 smcintyre-r7 self-assigned this May 9, 2024
cgranleese-r7
cgranleese-r7 reviewed May 9, 2024
View reviewed changes
lib/msf/core/exploit/remote/ms_lsarpc.rb Outdated Show resolved Hide resolved
modules/auxiliary/scanner/smb/smb_lookupsid.rb

# Brute force through a common RID range
min_rid.upto(max_rid) do |rid|
print "%bld%blu[*]%clr Trying RID #{rid} / #{max_rid}\r"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Potentially we have a library we can use here.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It should probably be behind verbose printing logic

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well when I run it with the default MinRID and MaxRID options, it takes a few minutes to finish against my DC. If this weren't printed, there wouldn't be anything displayed and it would appear as though the module had hung.

spec/acceptance/smb_spec.rb Show resolved Hide resolved
@smcintyre-r7 smcintyre-r7 added module bug rn-fix release notes fix labels May 10, 2024
@sjanusz-r7 sjanusz-r7 force-pushed the refactor-smb_lookupsid-module branch from 9f07444 to 3158074 Compare May 13, 2024 17:16
@sjanusz-r7 sjanusz-r7 force-pushed the refactor-smb_lookupsid-module branch 3 times, most recently from 24a548f to 6911c35 Compare May 14, 2024 11:30
@smcintyre-r7 smcintyre-r7 mentioned this pull request May 16, 2024
Merged
smcintyre-r7
smcintyre-r7 approved these changes May 16, 2024
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I fixed a couple of error classes that weren't renamed in 2c561b5 and landed the RubySMB side of things. All that should be left to do is revert the Gemfile changes and bump to ruby_smb 3.3.8. Thanks for all of your work on this!

@sjanusz-r7 sjanusz-r7 force-pushed the refactor-smb_lookupsid-module branch from 2c561b5 to 638ad36 Compare May 17, 2024 09:59
@adfoster-r7
Copy link
Contributor

Will land since Spencer's approved 👍

@adfoster-r7 adfoster-r7 merged commit 25a1318 into rapid7:master May 17, 2024
62 checks passed
@adfoster-r7
Copy link
Contributor

adfoster-r7 commented May 17, 2024
edited
Loading

Release Notes

Fixes the smb_lookupsid module hanging with STATUS_PENDING when running against Samba targets

@NtAlexio2 NtAlexio2 mentioned this pull request Sep 2, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cgranleese-r7 cgranleese-r7 cgranleese-r7 left review comments

@adfoster-r7 adfoster-r7 adfoster-r7 left review comments

@smcintyre-r7 smcintyre-r7 smcintyre-r7 approved these changes

Assignees

@smcintyre-r7 smcintyre-r7

Labels
bug module rn-fix release notes fix
Projects
Metasploit Kanban
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sjanusz-r7 @adfoster-r7 @smcintyre-r7 @cgranleese-r7