Land #10560, ms17_010_eternalblue: use SMBDomain value when provided

instead of ignoring it Merge branch 'land-10560' into upstream-master
2018-09-13 10:08:54 -05:00
parent 68a51da27b d489cd7248
commit 2fbbf88ea9
1 changed files with 16 additions and 2 deletions
@@ -322,7 +322,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def smb1_anonymous_connect_ipc
    sock = connect(false)
    dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-    client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, password: smb_pass)
+    client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, domain: smb_domain, password: smb_pass)
    response_code = client.login

    unless response_code == ::WindowsError::NTStatus::STATUS_SUCCESS
@@ -365,7 +365,7 @@ class MetasploitModule < Msf::Exploit::Remote
  def smb1_free_hole(start)
    sock = connect(false)
    dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-    client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, password: smb_pass)
+    client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, domain: smb_domain, password: smb_pass)
    client.negotiate

    pkt = ""
@@ -696,4 +696,18 @@ class MetasploitModule < Msf::Exploit::Remote
      ''
    end
  end
+
+  # Returns the value to be passed to SMB clients for
+  # the domain. If the user has not supplied a domain
+  # it returns an empty string to trigger an anonymous
+  # logon.
+  #
+  # @return [String] the domain value
+  def smb_domain
+    if datastore['SMBDomain'].present?
+      datastore['SMBDomain']
+    else
+      ''
+    end
+  end
 end