Class: Msf::Exploit::Remote::SMB::Relay::NTLM::Server

Inherits:

RubySMB::Server

Object
RubySMB::Server
Msf::Exploit::Remote::SMB::Relay::NTLM::Server

show all

Defined in:: lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb

Overview

This class provides the SMB server core. Settings that are relevant server wide are managed by this object. Currently, the server only supports negotiating and authenticating requests. No other server functionality is available at this time. The negotiating and authentication is supported for SMB versions 1 through 3.1.1.

Constant Summary collapse

SUPPORTED_SERVER_DIALECTS = The supported server dialects. SMB 1 is allowed, so that it can be reported as a failure to the user github.com/rapid7/metasploit-framework/issues/16261 Note there are similar supported dialects for both the server and the relay clients Msf::Exploit::Remote::SMB::Relay::NTLM::SUPPORTED_SERVER_DIALECTS and Target::SMB::Client::SUPPORTED_CLIENT_DIALECTS

[
  RubySMB::Client::SMB1_DIALECT_SMB1_DEFAULT,

  RubySMB::Client::SMB2_DIALECT_0202,
  RubySMB::Client::SMB2_DIALECT_0210,
  RubySMB::Client::SMB2_DIALECT_0300,
  RubySMB::Client::SMB2_DIALECT_0302,
]

Instance Method Summary collapse

#close ⇒ Object
#closed? ⇒ Boolean
#initialize(relay_timeout:, relay_targets:, listener:, thread_manager:, **kwargs) ⇒ Server constructor

A new instance of Server.
#run(&block) ⇒ Object

Run the server and accept any connections.

Constructor Details

#initialize(relay_timeout:, relay_targets:, listener:, thread_manager:, **kwargs) ⇒ `Server`

Returns a new instance of Server.

# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 21

def initialize(relay_timeout:, relay_targets:, listener:, thread_manager:, **kwargs)
  super(**kwargs)

  @dialects = SUPPORTED_SERVER_DIALECTS
  @relay_targets = relay_targets
  @relay_timeout = relay_timeout
  @listener = listener
  @thread_manager = thread_manager
  @closed = false
end

Instance Method Details

#close ⇒ `Object`

# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 67

def close
  @closed = true
  @connections.each do |connection|
    begin
      connection.thread.kill
    rescue StandardError => e
      elog('Failed SMBRelayServerClient', error: e)
    end
  end
end

#closed? ⇒ `Boolean`

Returns:

(Boolean)



63
64
65

# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 63

def closed?
  @closed
end

#run(&block) ⇒ `Object`

Run the server and accept any connections. For each connection, the block will be executed if specified. When the block returns false, the loop will exit and the server will no long accept new connections.

# File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server.rb', line 34

def run(&block)
  until closed? do
    sock = @socket.accept
    return if closed?

    server_client = Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient.new(
      self,
      RubySMB::Dispatcher::Socket.new(sock),
      relay_targets: @relay_targets,
      relay_timeout: @relay_timeout,
      listener: @listener,
    )
    @connections << Connection.new(server_client, @thread_manager.spawn("SMBRelayServerClient for #{sock.peerinfo}", false, server_client) do |server_client|
      begin
        _port, ip_address = ::Socket::unpack_sockaddr_in(server_client.getpeername)
        logger.print_status("New request from #{ip_address}")
        logger.info("Starting thread for connection from #{ip_address}")
        server_client.run
      rescue => e
        logger.print_error "#{e.message}"
        elog(e)
      end
      logger.info("Ending thread for connection from #{ip_address}")
    end)

    break unless block.nil? || block.call(server_client)
  end
end