SMB loader crashes on startup when using unprivileged accounts
Closed this issue · 2 comments
Paradoxis commented
SMB loader crashes on startup when using low-privileged accounts. This issue occurs due to the fact that the SMB registry plugin assumes the current user has the privileges to do so, in turn resulting in a DCERPCException and SessionError.
$ target-shell 'smb://user@REDACTED?nt=REDACTED'
2023-12-01T12:13:32.712774Z [error ] .: Failed to load target with loader SmbLoader('.') [dissect.target.target]
Traceback (most recent call last):
File "venv/lib/python3.10/site-packages/dissect/target/target.py", line 408, in _load
ldr.map(target)
File "venv/lib/python3.10/site-packages/dissect/target/loaders/smb.py", line 172, in map
target.add_plugin(SmbRegistry(target, self._conn), check_compatible=False)
File "venv/lib/python3.10/site-packages/dissect/target/loaders/smb.py", line 186, in __init__
super().__init__(target)
File "venv/lib/python3.10/site-packages/dissect/target/plugins/os/windows/registry.py", line 84, in __init__
self._init_registry()
File "venv/lib/python3.10/site-packages/dissect/target/loaders/smb.py", line 193, in _init_registry
self._check_service_status()
File "venv/lib/python3.10/site-packages/dissect/target/loaders/smb.py", line 222, in _check_service_status
manager_handle = scmr.hROpenSCManagerW(self._svcctl)["lpScHandle"]
File "venv/lib/python3.10/site-packages/impacket/dcerpc/v5/scmr.py", line 1335, in hROpenSCManagerW
return dce.request(openSCManager)
File "venv/lib/python3.10/site-packages/impacket/dcerpc/v5/rpcrt.py", line 880, in request
raise exception
impacket.dcerpc.v5.rpcrt.DCERPCException: DCERPC Runtime Error: code: 0x5 - rpc_s_access_denied
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "venv/lib/python3.10/site-packages/dissect/target/target.py", line 287, in open_all
target = cls._load(sub_entry, ldr)
File "venv/lib/python3.10/site-packages/dissect/target/target.py", line 413, in _load
raise TargetError(f"Failed to load target: {path}", cause=e)
dissect.target.exceptions.TargetError: Failed to load target: .
Traceback (most recent call last):
File "venv/bin/target-shell", line 8, in <module>
sys.exit(main())
File "venv/lib/python3.10/site-packages/dissect/target/tools/utils.py", line 250, in wrapper
return func(*args, **kwargs)
File "venv/lib/python3.10/site-packages/dissect/target/tools/shell.py", line 1216, in main
open_shell(args.targets, args.python, args.registry)
File "venv/lib/python3.10/site-packages/dissect/target/tools/shell.py", line 1122, in open_shell
targets = list(Target.open_all(targets))
File "venv/lib/python3.10/site-packages/dissect/target/target.py", line 307, in open_all
raise TargetError(f"Failed to find any loader for targets: {paths}")
dissect.target.exceptions.TargetError: Failed to find any loader for targets: ['smb://user@REDACTED?nt=REDACTED']
Exception ignored in: <function SmbRegistry.__del__ at 0x7fadd1305bd0>
Traceback (most recent call last):
File "venv/lib/python3.10/site-packages/dissect/target/loaders/smb.py", line 219, in __del__
self._winreg.disconnect()
AttributeError: 'NoneType' object has no attribute 'disconnect'
Miauwkeru commented
Thank you for finding this, could you make a PR for it?
Paradoxis commented
@Miauwkeru PR ready to go #466 with an additional bug fix