Class: Msf::Exploit::Remote::SMB::Relay::NTLM::Server

Inherits:
RubySMB::Server
  • Object
show all
Defined in:
lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb

Overview

This class provides the SMB server core. Settings that are relevant server wide are managed by this object. Currently, the server only supports negotiating and authenticating requests. No other server functionality is available at this time. The negotiating and authentication is supported for SMB versions 1 through 3.1.1.

Constant Summary collapse

SUPPORTED_SERVER_DIALECTS =

The supported server dialects. SMB 1 is allowed, so that it can be reported as a failure to the user github.com/rapid7/metasploit-framework/issues/16261 Note there are similar supported dialects for both the server and the relay clients Msf::Exploit::Remote::SMB::Relay::NTLM::SUPPORTED_SERVER_DIALECTS and Msf::Exploit::Remote::SMB::Relay::NTLM::SMBRelayTargetClient::SUPPORTED_CLIENT_DIALECTS

[
  RubySMB::Client::SMB1_DIALECT_SMB1_DEFAULT,

  RubySMB::Client::SMB2_DIALECT_0202,
  RubySMB::Client::SMB2_DIALECT_0210,
  RubySMB::Client::SMB2_DIALECT_0300,
  RubySMB::Client::SMB2_DIALECT_0302,
]

Instance Method Summary collapse

Constructor Details

#initialize(relay_timeout:, relay_targets:, listener:, thread_manager:, **kwargs) ⇒ Server

Returns a new instance of Server.


21
22
23
24
25
26
27
28
29
30
# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 21

def initialize(relay_timeout:, relay_targets:, listener:, thread_manager:, **kwargs)
  super(**kwargs)

  @dialects = SUPPORTED_SERVER_DIALECTS
  @relay_targets = relay_targets
  @relay_timeout = relay_timeout
  @listener = listener
  @thread_manager = thread_manager
  @closed = false
end

Instance Method Details

#closeObject


67
68
69
70
71
72
73
74
75
76
# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 67

def close
  @closed = true
  @connections.each do |connection|
    begin
      connection.thread.kill
    rescue StandardError => e
      elog('Failed SMBRelayServerClient', error: e)
    end
  end
end

#closed?Boolean

Returns:

  • (Boolean)

63
64
65
# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 63

def closed?
  @closed
end

#run(&block) ⇒ Object

Run the server and accept any connections. For each connection, the block will be executed if specified. When the block returns false, the loop will exit and the server will no long accept new connections.


34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 34

def run(&block)
  until closed? do
    sock = @socket.accept
    return if closed?

    server_client = Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient.new(
      self,
      RubySMB::Dispatcher::Socket.new(sock),
      relay_targets: @relay_targets,
      relay_timeout: @relay_timeout,
      listener: @listener,
    )
    @connections << Connection.new(server_client, @thread_manager.spawn("SMBRelayServerClient for #{sock.peerinfo}", false, server_client) do |server_client|
      begin
        _port, ip_address = ::Socket::unpack_sockaddr_in(server_client.getpeername)
        logger.print_status("New request from #{ip_address}")
        logger.info("starting thread for connection")
        server_client.run
      rescue => e
        logger.print_error "#{e.message}"
        elog(e)
      end
      logger.info("ending thread for connection")
    end)

    break unless block.nil? || block.call(server_client)
  end
end