Web lists-archives.com

Re: [Samba] any reliable way to discover Windows hostname over SMB2+?




I forgot to mention in the previous email that smbclient works over SMB2.
You just have increase the max protocol by adding the flag "-m SMB2".

I.e. "smbclient -m SMB2 -L 1.2.3.4 -N -d10 2>&1|grep AvNbComputerName"

rpcclient is potentially a more efficient way to get this information.

On Thu, Jul 13, 2017 at 3:40 AM, Jason Haar via samba <samba@xxxxxxxxxxxxxxx
> wrote:

> Hi there
>
> The WannaCry drama has got us pushing forward plans to  turn off SMB1
> globally. Great, well, errr....
>
> Well not so great. I'm in the security team and we've relied on using
> smbclient in debug mode to reliably discover the Windows hostname.
> nmblookup sometime's doesn't work, and let's not even mention DNS PTR
> records! "smbclient -L 1.2.3.4 -N -d10 2>&1|grep AvNbComputerName" works a
> treat.
>
> From what I can see, one of the changes that is in SMB2 is that it's a lot
> less chatty and doesn't hand over the Windows hostname like SMB1 does, so
> the days of this smbclient hack will soon be over.
>
> So does anyone have ideas on how to discover Windows hostnames when all you
> have is an IP address? Currently I'm moving to scraping the TLS data off
> the RDP port - but that doesn't work if you're set for NLA, don't have it
> enabled, etc. Has to be unauthenticated too (if all you have is an IP
> address, you can't even guess at what random creds to throw at it).
> Basically, is there a SMB2 trick to make the system give up it's hostname?
>
> Thanks!
>
> --
> Cheers
>
> Jason Haar
> Information Security Manager, Trimble Navigation Ltd.
> Phone: +1 408 481 8171
> PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
> --
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/options/samba
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba