Re: [Samba] any reliable way to discover Windows hostname over SMB2+?
- Date: Thu, 13 Jul 2017 10:51:22 -0500
- From: Andrew Walker via samba <samba@xxxxxxxxxxxxxxx>
- Subject: Re: [Samba] any reliable way to discover Windows hostname over SMB2+?
What about using rpcclient?
rpcclient -U "" -c srvinfo -N 192.168.42.42
On Thu, Jul 13, 2017 at 3:40 AM, Jason Haar via samba <samba@xxxxxxxxxxxxxxx
> Hi there
> The WannaCry drama has got us pushing forward plans to turn off SMB1
> globally. Great, well, errr....
> Well not so great. I'm in the security team and we've relied on using
> smbclient in debug mode to reliably discover the Windows hostname.
> nmblookup sometime's doesn't work, and let's not even mention DNS PTR
> records! "smbclient -L 18.104.22.168 -N -d10 2>&1|grep AvNbComputerName" works a
> From what I can see, one of the changes that is in SMB2 is that it's a lot
> less chatty and doesn't hand over the Windows hostname like SMB1 does, so
> the days of this smbclient hack will soon be over.
> So does anyone have ideas on how to discover Windows hostnames when all you
> have is an IP address? Currently I'm moving to scraping the TLS data off
> the RDP port - but that doesn't work if you're set for NLA, don't have it
> enabled, etc. Has to be unauthenticated too (if all you have is an IP
> address, you can't even guess at what random creds to throw at it).
> Basically, is there a SMB2 trick to make the system give up it's hostname?
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> To unsubscribe from this list go to the following URL and read the
> instructions: https://lists.samba.org/mailman/options/samba
To unsubscribe from this list go to the following URL and read the