View Issue Details

IDProjectCategoryView StatusLast Update
0005739Kali Linux[All Projects] Feature Requestspublic2019-10-25 15:06
ReporterTonghuaRoot Assigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version2019.3 
Target VersionFixed in Version 
Summary0005739: It seems that the version bug of smbclient causes no way to enumerate the smb service version.
DescriptionHi,Bro

When I use enum4linux,I can't get smb version info,and I get this message:

```
Use of uninitialized value $os_info in concatenation (.) or string at ./enum4linux.pl line 464.
```

Then I search some link,like https://github.com/portcullislabs/enum4linux/issues/5,seems is smbclient's bug.

I use this command can't get any thing.

```
smbclient -W 'MYGROUP' //'192.168.199.230'/ipc$ -U''%'' -c 'q' 2>&1
```

In bug tracker have link https://bugs.kali.org/view.php?id=4495,the same problem exists,But it doesn't seem to be fixed, in the new version of kali.
The way of modifying the configuration file mentioned in it does not solve the problem.

Use the Metasploit Auxiliary smb_version scanner can do it,but seems it deny in OSCP.

Could you give me some suggestion?
Steps To Reproducesmbclient -L <target>

ex:
smbclient -L 192.168.199.230

or:
smbclient -W 'MYGROUP' //'192.168.199.230'/ipc$ -U''%'' -c 'q' 2>&1

or:
enum4linux 192.168.199.230

Additional Informationroot@kali:~# uname -a
Linux kali 5.2.0-kali2-amd64 0000001 SMP Debian 5.2.9-2kali1 (2019-08-22) x86_64 GNU/Linux
root@kali:~# smbclient -V
Version 4.9.11-Debian
root@kali:~# smbclient -L 192.168.199.230
Server does not support EXTENDED_SECURITY but 'client use spnego = yes' and 'client ntlmv2 auth = yes' is set
Anonymous login successful
Enter WORKGROUP\root's password:

    Sharename Type Comment
    --------- ---- -------
    IPC$ IPC IPC Service (Samba Server)
    ADMIN$ IPC IPC Service (Samba Server)
Reconnecting with SMB1 for workgroup listing.
Server does not support EXTENDED_SECURITY but 'client use spnego = yes' and 'client ntlmv2 auth = yes' is set
Anonymous login successful

    Server Comment
    --------- -------
    KIOPTRIX Samba Server

    Workgroup Master
    --------- -------
    MYGROUP KIOPTRIX
root@kali:~#

Activities

TonghuaRoot

2019-10-13 12:06

reporter  

enum4linux_bug.png (198,571 bytes)
enum4linux_bug.png (198,571 bytes)

SecurityWaffle

2019-10-25 15:06

reporter   ~0011223

This bug is caused by a bug in the smbclient package where rpcclient doesn't return any information when enumerating.

Issue History

Date Modified Username Field Change
2019-10-13 12:06 TonghuaRoot New Issue
2019-10-13 12:06 TonghuaRoot File Added: enum4linux_bug.png
2019-10-25 15:06 SecurityWaffle Note Added: 0011223