Web lists-archives.com

Re: [Samba] any reliable way to discover Windows hostname over SMB2+?




On Mon, 2017-07-24 at 08:51 +1200, Jason Haar wrote:
> Whoops - didn't see your reply until now :-/
> 
> Yes. In infosec a lot of "interesting events" begin with just knowing
> an IP address. So you need to somehow discover the hostname and  OS
> before you can check if you even have credentials you could use to
> properly interrogate the system. And with lateral movement being the
> security nightmare it is, arbitrarily throwing (local admin)
> credentials at every box you come across without contemplating the
> possible consequences is simply risky. So with SMB1 systems,
> smbclient-v3 could tell you the hostname and domain without using
> creds. But with smbclient-v4, we cannot get that debugging detail any
> more. (I now realise this isn't a SMB2 problem - it's smbclient-v4
> itself)

My suggestion is to patch auth/ntlmssp/ntlmssp_client.c to extract that
name again.  You could even make NTLMSSP a distinct debug class to make
printing that less verbose when you put it in the logs.

I would be happy to review and consider such a patch.

Thanks,

Andrew Bartlett
-- 
Andrew Bartlett
https://samba.org/~abartlet/
Authentication Developer, Samba Team         https://samba.org
Samba Development and Support, Catalyst IT   
https://catalyst.net.nz/services/samba





-- 
To unsubscribe from this list go to the following URL and read the
instructions:  https://lists.samba.org/mailman/options/samba