infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix #4119 - SMB lost search ID (sid) in find_first method 

This will fix issue #4119. A bug in the find_first method in rex
SMB.

When the SMB client requests a TRANS2_FIND_FIRST2 for retriving
information about what items a directory has, the server returns
a response that contains an SID - a search identifier for the
transaction. If the SMB client wants more data, it must send a
TRANS2_FIND_NEXT2 request with the same SID. And then the server
will continue sending more until it runs out.

The root cause of this bug is that after the TRANS2_FIND_FIRST2
request is sent, our SMB's find_first method forgets the SID at
the end of the loop (out of scope).
bug/bundler_fix
sinn3r 2014-11-11 12:35:07 -06:00
parent 96ba6da697
commit 719db5d2b1
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/rex/proto/smb/client.rb
View File

@ -1872,6 +1872,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
# Enumerates a specific path on the mounted tree
def find_first(path)
sid = nil
files = { }
parm = [
26, # Search for ALL files