use RubySMB for anonymous login

David Maloney · David Maloney · commit dc67fcd5a800 · 2017-05-24T15:40:05.000-05:00
use the new anonymous login capabilities in
RubySMB
diff --git a/Gemfile b/Gemfile
@@ -6,6 +6,7 @@ gemspec name: 'metasploit-framework'
 gem 'bit-struct', git: 'https://github.com/busterb/bit-struct', branch: 'ruby-2.4'
 gem 'method_source', git: 'https://github.com/banister/method_source', branch: 'master'
 
+
 # separate from test as simplecov is not run on travis-ci
 group :coverage do
   # code coverage for tests
diff --git a/Gemfile.lock b/Gemfile.lock
@@ -345,7 +345,7 @@ GEM
       rspec-mocks (~> 3.6.0)
       rspec-support (~> 3.6.0)
     rspec-support (3.6.0)
-    ruby_smb (0.0.14)
+    ruby_smb (0.0.17)
       bindata
       rubyntlm
       windows_error
diff --git a/modules/exploits/windows/smb/ms17_010_eternalblue.rb b/modules/exploits/windows/smb/ms17_010_eternalblue.rb
@@ -283,30 +283,8 @@ def smb1_anonymous_connect_ipc()
     sock = connect(false)
     dispatcher = RubySMB::Dispatcher::Socket.new(sock)
     client = RubySMB::Client.new(dispatcher, smb1: true, smb2: false, username: '', password: '')
-    client.negotiate
-
-    pkt = make_smb1_anonymous_login_packet
-    sock.put(pkt)
-
-    code, raw, response = smb1_get_response(sock)
-
-    if code.nil?
-      raise RubySMB::Error::UnexpectedStatusCode, "No response to login request"
-    end
-
-    unless code == 0 # WindowsError::NTStatus::STATUS_SUCCESS
-      raise RubySMB::Error::UnexpectedStatusCode, "Error with anonymous login"
-    end
-
-    client.user_id = response.uid
-
-
-    # todo: RubySMB throwing exceptions
-    # sess = RubySMB::SMB1::Packet::SessionSetupResponse.new(raw)
-    os = raw.split("\x00\x00")[-2]
-    # todo: rubysmb should set this automatically?
-    #client.peer_native_os = os
-
+    client.login
+    os = client.peer_native_os
     tree = client.tree_connect("\\\\#{datastore['RHOST']}\\IPC$")
 
     return client, tree, sock, os
