Added reporting back, removed wfw dialect

loftwing · loftwing · commit d07fe2f1e778 · 2017-09-18T13:15:19.000-05:00
diff --git a/modules/auxiliary/scanner/smb/smb1.rb b/modules/auxiliary/scanner/smb/smb1.rb
@@ -9,6 +9,7 @@ class MetasploitModule < Msf::Auxiliary
 
   # Scanner mixin should be near last
   include Msf::Auxiliary::Scanner
+  include Msf::Auxiliary::Report
 
   # Aliases for common classes
   SIMPLE = Rex::Proto::SMB::SimpleClient
@@ -33,13 +34,13 @@ def run_host(ip)
       connect
 
       # Only accept NT LM 0.12 dialect and WfW3.0
-      dialects = ['Windows for Workgroups 3.0a', 'NT LM 0.12']
+      dialects = ['NT LM 0.12']
       data     = dialects.collect { |dialect| "\x02" + dialect + "\x00" }.join('')
 
       pkt = Rex::Proto::SMB::Constants::SMB_NEG_PKT.make_struct
       pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_NEGOTIATE
-      pkt['Payload']['SMB'].v['Flags1'] = 0x98
-      pkt['Payload']['SMB'].v['Flags2'] = 0xc807
+      pkt['Payload']['SMB'].v['Flags1'] = 0x08
+      pkt['Payload']['SMB'].v['Flags2'] = 0xc801
       pkt['Payload'].v['Payload']       = data
 
       pkt['Payload']['SMB'].v['ProcessID']     = rand(0x10000)
@@ -48,8 +49,18 @@ def run_host(ip)
       sock.put(pkt.to_s)
       res = sock.get_once
       # expecting \xff instead of \xfe
-      print_good("#{ip} supports SMBv1") if res && res.index("\xffSMB")
+      if res && res.index("\xffSMB")
+        print_good("#{ip} supports SMBv1 dialect.")
+        report_note(
+          host: ip,
+          proto: 'tcp',
+          sname: 'smb1',
+          port: rport,
+          type: "supports SMB 1"
+        )
+      end
     rescue ::Rex::ConnectionError
+    rescue EOFError
     rescue Errno::ECONNRESET
     rescue ::Exception => e
       print_error("#{rhost}: #{e.class} #{e} #{e.backtrace}")
