Don't connect to SMBv2 server

Question

Don't connect to SMBv2 server

joelfranco opened this issue 9 months ago · 5 comments

Hi,

I can't connect to a (supposed) smb2 host. I have no control or detailed info about the server. I can't connect to it using smbclient:

smbclient //ip/share -U DOMAIN\\USER%PASS:

wireshark:

    1 0.000000000 172.28.120.110 → 10.2.0.142   TCP 74 55208 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=620089998 TSecr=0 WS=128
    3 0.011530811   10.2.0.142 → 172.28.120.110 TCP 74 445 → 55208 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068524379 TSecr=620089998
    4 0.011564344 172.28.120.110 → 10.2.0.142   TCP 66 55208 → 445 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=620090010 TSecr=3068524379
    5 0.011805340 172.28.120.110 → 10.2.0.142   SMB2 298 Negotiate Protocol Request
    6 0.016529865   10.2.0.142 → 172.28.120.110 TCP 74 139 → 47462 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068524379 TSecr=620090003

But with pysmb, the server host do not reply with any errors and the pysmb can not detect that it's talking to a smbv2 server to switch itself to smbv2:

from smb.SMBConnection import SMBConnection
c = SMBConnection('user', 'pass', 'client', IP, 'domain', is_direct_tcp=True)
c.connect(IP, port=445)

wireshark:

    1 0.000000000 172.28.120.110 → 10.2.0.142   TCP 74 36250 → 445 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=621411900 TSecr=0 WS=128
    2 0.011390598   10.2.0.142 → 172.28.120.110 TCP 74 445 → 36250 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3068656568 TSecr=621411900
    3 0.011435655 172.28.120.110 → 10.2.0.142   TCP 66 36250 → 445 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=621411912 TSecr=3068656568
    4 0.011533045 172.28.120.110 → 10.2.0.142   SMB 128 Negotiate Protocol Request
    5 0.222132729 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412123 TSecr=3068656568
    6 0.434130032 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412335 TSecr=3068656568
    7 0.858151094 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 36250 → 445 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=621412759 TSecr=3068656568

What is wrong?

Thank you

Answer 1 · 2023-10-25T03:49:30.000Z

@joelfranco : can you adjust the port parameter in your connect() call to use 139? It seems that your smb server seems to respond on port 139.

Answer 2 · 2023-10-25T14:32:05.000Z

Hi @miketeo,

I changed the port. Same issue:

   c.connect('10.2.0.142', port=139)

And the wireshark capture:

    2 6.880105272 172.28.120.110 → 10.2.0.142   TCP 74 38514 → 139 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM TSval=662497687 TSecr=0 WS=128
    3 6.898225446   10.2.0.142 → 172.28.120.110 TCP 74 139 → 38514 [SYN, ACK] Seq=0 Ack=1 Win=8192 Len=0 MSS=1460 WS=256 SACK_PERM TSval=3072765106 TSecr=662497687
    4 6.898258557 172.28.120.110 → 10.2.0.142   TCP 66 38514 → 139 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=662497705 TSecr=3072765106
    5 6.898355605 172.28.120.110 → 10.2.0.142   SMB 128 Negotiate Protocol Request
    6 7.120027551 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662497927 TSecr=3072765106
    7 7.347975774 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662498155 TSecr=3072765106
    8 7.807999580 172.28.120.110 → 10.2.0.142   TCP 128 [TCP Retransmission] 38514 → 139 [PSH, ACK] Seq=1 Ack=1 Win=64256 Len=62 TSval=662498615 TSecr=3072765106

Observe that smbclient works with 445 port.

Thank you very much

Answer 3 · 2023-10-26T00:53:20.000Z

It will be good if the wireshark capture can provide more information on the server's response to the smbclient's Negotiate Protocol Request. That may reveal why the server is not responding to pysmb's connection request; the server could possibly be using a dialect that is not supported by pysmb.

Answer 4 · 2023-11-01T12:37:36.000Z

Hi Miketeo, in this print you can see the first packet after the TCP handshake and following it, just retransmissions.

And this one is with the working smbclient:

Observe that in this one, the protocol is described as "SMB2" by wireshark and the pysmb packet it calls just "SMB", and that packets are very different.

Is it clearer now?

Thank you.

Answer 5 · 2023-11-06T06:36:01.000Z

Your server seems to be supporting the new SMB2 variants and SMB3 protocols which is not supported by pysmb.
Unfortunately, I don't have time to upgrade the current pysmb to support SMB3. I'm sorry but you may have to check out other projects for your needs.