Display hostname of DuT
archi opened this issue · 0 comments
I was looking at the SMB traffic in wireshark and noticed that it also contained the hostname of the DuT. This information isn't displayed, yet, and I was wondering if it was possible to add it?
Often it's no new/relevant information, but maybe it might be useful in some scenarios.
Both variants of saveToDb (from utils.py and Report.py) seem to already accept a hostname field. So it's likely just a matter of parsing this at
Line 127 in e918fe0
I'll played around with this, and this trivial diff works for me:
diff --git a/servers/SMB.py b/servers/SMB.py
index b93ebb7..3ba37c8 100644
--- a/servers/SMB.py
+++ b/servers/SMB.py
@@ -125,6 +125,9 @@ def ParseSMBHash(data,client, Challenge): #Parse SMB NTLMSSP v1/v2
UserLen = struct.unpack('<H',SSPIString[38:40])[0]
UserOffset = struct.unpack('<H',SSPIString[40:42])[0]
Username = SSPIString[UserOffset:UserOffset+UserLen].decode('UTF-16LE')
+ HostLen = struct.unpack('<H',SSPIString[46:48])[0]
+ HostOffset = struct.unpack('<H',SSPIString[48:50])[0]
+ Hostname = SSPIString[HostOffset:HostOffset+HostLen].decode('UTF-16LE')
WriteHash = '%s::%s:%s:%s:%s' % (Username, Domain, codecs.encode(Challenge,'hex').decode('latin-1'), SMBHash[:32], SMBHash[32:])
SaveToDb({
@@ -132,6 +135,7 @@ def ParseSMBHash(data,client, Challenge): #Parse SMB NTLMSSP v1/v2
'type': 'NTLMv2-SSP',
'client': client,
'user': Domain+'\\'+Username,
+ 'hostname': Hostname,
'hash': SMBHash,
'fullhash': WriteHash,
})What surprises me is how there is a provision for this, but it's unused. Any reason that's not wanted, or is it just that no one got around to add this?
btw: Thanks for sharing the awesome work with the world! :)