Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Smb detect linux and windows #9561

Open
wants to merge 4 commits into
base: main
Choose a base branch
from
Open

Smb detect linux and windows #9561

wants to merge 4 commits into from

Conversation

Puben
Copy link
Contributor

@Puben Puben commented Apr 11, 2024

Template / PR Information

While playing around with Nuclei for SMB stuff I noticed that the existing smb-detect template does not match on my Samba test setup. I believe this PR would match both Windows based SMB-servers and Samba SMB-servers.

Only changed the tag to include "linux" and condition from "and" to "or"

Attached screenshots for reference

example

example-after-change

Template Validation

I've validated this template locally?

  • YES
  • NO

Additional References:

@Puben
Change request for template network/detection/smb-detect.yaml to matc…
cfe66dc 
…h both linux-based (Samba) smb servers and windows servers
@Puben
Change request for template network/detection/smb-detect.yaml to matc…
e9ca472 
…h both linux-based (Samba) smb servers and windows servers
@GeorginaReeder
Copy link

Thanks so much for your contribution @Puben , we appreciate it!

@pussycat0x pussycat0x added the Status: In Progress This issue is being worked on, and has someone assigned. label Apr 18, 2024
@pussycat0x
Copy link
Contributor

pussycat0x commented May 6, 2024
edited

Hi @Puben Hi, I rewrote this template for Samba detection. Please review it and let me know your thoughts.

id: samba-detect

info:
  name: Samba - Detection
  author: pussycat0x
  severity: info
  description: |
    Samba allows file and print sharing between computers running Microsoft Windows and computers running Unix. It is an implementation of dozens of services and a dozen protocols, including: NetBIOS over TCP/IP (NBT) SMB (known as CIFS in some versions)
  metadata:
    max-request: 1
    shodan-query: "port:445"
  tags: js,network,samba,detect,linux

javascript:
  - code: |
      let m = require("nuclei/smb");
      let c = new m.SMBClient();
      let response = c.ConnectSMBInfoMode(Host, Port);

      const conditionsMet = (response.SupportV1 === true  && response.Version.VerString === "SMB 1.0");

      if (conditionsMet) {

      if (response.NTLM === "") {
      printedValue = "Samba detected";
      } else {
      printedValue = response.NTLM;
      }
      }
      else {
      process.exit(1);
      }

    args:
      Host: "{{Host}}"
      Port: 445

    extractors:
      - type: dsl
        dsl:
          - response

@Puben
Copy link
Contributor Author

Puben commented May 21, 2024

That is a way cleaner way to do it! Very cool 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@pussycat0x pussycat0x

Labels
Status: In Progress This issue is being worked on, and has someone assigned.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@Puben @GeorginaReeder @pussycat0x