From 3854d08dd9175465beb1013fe2e9d13a17b6c96d Mon Sep 17 00:00:00 2001 From: Rich Lundeen Date: Tue, 23 Jul 2013 21:36:26 -0700 Subject: [PATCH 1/3] Fixed smb_enumshares to support dir list in SRVSVC --- modules/auxiliary/scanner/smb/smb_enumshares.rb | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb index 7693a582c8..a66d5ed162 100644 --- a/modules/auxiliary/scanner/smb/smb_enumshares.rb +++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb @@ -28,8 +28,7 @@ class Metasploit3 < Msf::Auxiliary directories, files, time stamps, etc. By default, a netshareenum request is done in order to retrieve share information, - but if this fails, you may also fall back to SRVSVC. When SRVSVC is used, please - note the module will not attempt to enumerate more info like netshareenum. + but if this fails, you may also fall back to SRVSVC. }, 'Author' => [ @@ -47,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptBool.new('DIR_SHARE', [true, 'Show all the folders and files', false ]), - OptBool.new('USE_SRVSVC_ONLY', [true, 'List shares only with SRVSVC', false ]) + OptBool.new('USE_SRVSVC_ONLY', [true, 'List shares with SRVSVC', false ]) ], self.class) deregister_options('RPORT', 'RHOST') @@ -79,13 +78,18 @@ class Metasploit3 < Msf::Auxiliary def eval_host(ip, share) read = write = false + + # srvsvc adds a null byte that needs to be removed + if datastore['USE_SRVSVC_ONLY'] + share = share[0..-2] + end + return false,false,nil,nil if share == 'IPC$' self.simple.connect("\\\\#{ip}\\#{share}") begin device_type = self.simple.client.queryfs_fs_device['device_type'] - unless device_type vprint_error("\\\\#{ip}\\#{share}: Error querying filesystem device type") return false,false,nil,nil @@ -373,7 +377,7 @@ class Metasploit3 < Msf::Auxiliary :update => :unique_data ) - if datastore['DIR_SHARE'] and not datastore['USE_SRVSVC_ONLY'] + if datastore['DIR_SHARE'] get_files_info(ip, rport, shares, info) end From e89e2af9dc986c9d17fff7ecce42857f23e4e159 Mon Sep 17 00:00:00 2001 From: Rich Lundeen Date: Wed, 24 Jul 2013 11:09:00 -0700 Subject: [PATCH 2/3] changed to chomp --- modules/auxiliary/scanner/smb/smb_enumshares.rb | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb index a66d5ed162..a3c48bf3f4 100644 --- a/modules/auxiliary/scanner/smb/smb_enumshares.rb +++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb @@ -80,9 +80,7 @@ class Metasploit3 < Msf::Auxiliary read = write = false # srvsvc adds a null byte that needs to be removed - if datastore['USE_SRVSVC_ONLY'] - share = share[0..-2] - end + share = share.chomp("\x00") return false,false,nil,nil if share == 'IPC$' From 9d032760ac379134e21562178b5a76ea1aa6c094 Mon Sep 17 00:00:00 2001 From: Rich Lundeen Date: Wed, 24 Jul 2013 11:51:06 -0700 Subject: [PATCH 3/3] changed description back --- modules/auxiliary/scanner/smb/smb_enumshares.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb index a3c48bf3f4..3fb09d8c2e 100644 --- a/modules/auxiliary/scanner/smb/smb_enumshares.rb +++ b/modules/auxiliary/scanner/smb/smb_enumshares.rb @@ -46,7 +46,7 @@ class Metasploit3 < Msf::Auxiliary register_options( [ OptBool.new('DIR_SHARE', [true, 'Show all the folders and files', false ]), - OptBool.new('USE_SRVSVC_ONLY', [true, 'List shares with SRVSVC', false ]) + OptBool.new('USE_SRVSVC_ONLY', [true, 'List shares only with SRVSVC', false ]) ], self.class) deregister_options('RPORT', 'RHOST')