Merge pull request rapid7#19475 from NtAlexio2/smb_modules_rport

smcintyre-r7 · web-flow · commit b41caa22d938 · 2024-09-26T09:19:27.000-04:00
Allow setting the RPORT option for pipe_auditor
diff --git a/modules/auxiliary/scanner/smb/pipe_auditor.rb b/modules/auxiliary/scanner/smb/pipe_auditor.rb
@@ -23,8 +23,14 @@ def initialize
       'Author'      => 'hdm',
       'License'     => MSF_LICENSE,
     )
+  end
+
+  def connect(*args, **kwargs)
+    super(*args, **kwargs, direct: @smb_direct)
+  end
 
-    deregister_options('RPORT', 'SMBDirect')
+  def rport
+    @rport
   end
 
   # Fingerprint a single host
@@ -35,29 +41,50 @@ def run_host(ip)
     if session
       print_status("Using existing session #{session.sid}")
       client = session.client
-      datastore['RPORT'] = session.port
+      @rport = datastore['RPORT'] = session.port
       self.simple = ::Rex::Proto::SMB::SimpleClient.new(client.dispatcher.tcp_socket, client: client)
       self.simple.connect("\\\\#{session.address}\\IPC$")
-      pipes += check_pipes
+      report_pipes(ip, check_pipes)
     else
-      [[139, false], [445, true]].each do |info|
+      if datastore['RPORT'].blank? || datastore['RPORT'] == 0
+        smb_services = [
+          { port: 445, direct: true },
+          { port: 139, direct: false }
+        ]
+      else
+        smb_services = [
+          { port: datastore['RPORT'], direct: datastore['SMBDirect'] }
+        ]
+      end
 
-        datastore['RPORT'] = info[0]
-        datastore['SMBDirect'] = info[1]
+      smb_services.each do |smb_service|
+        @rport = smb_service[:port]
+        @smb_direct = smb_service[:direct]
 
         begin
           connect
           smb_login
           pipes += check_pipes
           disconnect
-          break
+          report_pipes(ip, pipes)
         rescue Rex::Proto::SMB::Exceptions::SimpleClientError, Rex::ConnectionError => e
-          vprint_error("SMB client Error with RPORT=#{info[0]} SMBDirect=#{info[1]}: #{e.to_s}")
+          vprint_error("SMB client Error with RPORT=#{@rport} SMBDirect=#{@smb_direct}: #{e.to_s}")
         end
+
       end
     end
 
+  end
 
+  def check_pipes
+    pipes = []
+    check_named_pipes.each do |pipe_name, _|
+      pipes.push(pipe_name)
+    end
+    pipes
+  end
+
+  def report_pipes(ip, pipes)
     if(pipes.length > 0)
       print_good("Pipes: #{pipes.join(", ")}")
       # Add Report
@@ -72,11 +99,4 @@ def run_host(ip)
     end
   end
 
-  def check_pipes
-    pipes = []
-    check_named_pipes.each do |pipe_name, _|
-      pipes.push(pipe_name)
-    end
-    pipes
-  end
 end
diff --git a/modules/auxiliary/scanner/smb/smb_enumusers.rb b/modules/auxiliary/scanner/smb/smb_enumusers.rb
@@ -27,6 +27,10 @@ def initialize
       ])
   end
 
+  def rport
+    @rport
+  end
+
   def domain
     @smb_domain || super
   end
