-2

I'm trying to implement an authentication section into the smbserver.py from the impacket lib.

I changed the errorCode at the Line 2201 to STATUS_LOGON_FAILURE under some conditions, but my windows client keeps requesting with the same credentials like 10 times before he asks the user to enter new credentials. When I submit the windows dialog the credentials dont get sent to the script.

Heres my code section:

                if not authenticateMessage['user_name'] == "testUser":
                print "username not valid"
                errorCode = STATUS_LOGON_FAILURE
                respToken['NegResult'] = '\x02'
            else:
                print "logged in" + authenticateMessage['user_name']
                errorCode = STATUS_SUCCESS
                respToken['NegResult'] = '\x00'

Did somebody write a working authentication section there? Thanks!

ivan_pozdeev
  • 28,628
  • 13
  • 85
  • 130
user3822293
  • 1
  • 1
  • 1

1 Answers1

2

The link you have provided is not the official repository for the library. Use https://github.com/CoreSecurity/impacket in the future.

The code you specified is almost right except the fact that the user_name field inside the authenticateMessage is Unicode encoded. You can see the contents of the authenticateMessage structure by calling its dump() method (authenticateMessage.dump()).

I've replaced your code with:

authenticateMessage.dump()
respToken = SPNEGO_NegTokenResp()
if authenticateMessage['user_name'].decode('utf-16le') == "testUser":
    errorCode = STATUS_SUCCESS
    respToken['NegResult'] = '\x00'
else:
    errorCode = STATUS_LOGON_FAILURE
    respToken['NegResult'] = '\x02'

If you cloned master (https://github.com/CoreSecurity/impacket) you will see a new example called examples/smbserver.py (don't get confused with the impacket/smbserver.py library) which makes it easier to launch a simple server. Just run:

smbserver.py shareName sharePath 
(e.g. smbserver.py TMP /tmp)

I made the aforementioned changes and ran the smbserver.py example and then, from a windows 7 cmd.exe prompt I ran (assuming the SMB server runs at 172.16.123.1 and the logged in username is not testUser):

start \\172.16.123.1

If you sniff the traffic you will see three attempts to login unsuccessfully and then Windows Explorer will popup a dialog box asking for new credentials. If you specify testUser as username (password can be anything) you will end up connecting to the target SMB server.

beto
  • 126
  • 3