Coder Social home page Coder Social logo

STATUS_LOGON_FAILURE about smblibrary HOT 12 OPEN

YildirimMesut avatar YildirimMesut commented on August 20, 2024
STATUS_LOGON_FAILURE

from smblibrary.

Comments (12)

YildirimMesut avatar YildirimMesut commented on August 20, 2024

I also tried NetBiosOverTCP but, I got "A connection must be successfully established before attempting login". And I know, Ofcourse, this is perfectly normal because I didnt check for status before trying to login.

from smblibrary.

TalAloni avatar TalAloni commented on August 20, 2024

Hi, this is not a support forum and I don't have the time to help people figure out what mistake they made when using the library.

When people get a login failure, 99.9% of the time it's either invalid credentials or lack of permissions. ( Did you specify the correct domain? )

Regarding "A connection must be successfully established before attempting login", this is because your code does not check the value returned from the Connect method.

Closing the issue. figure this out.
If you can prove that this is a bug with the library - then open an issue.

from smblibrary.

YildirimMesut avatar YildirimMesut commented on August 20, 2024

Hi, Sorry but I'm definetly sure there is a bug with the library. I tried this code and also netexec program with same credentials (this is a test enviroment so don't worry about credentials). As you can see my credentials are correct but I still get STATUS_LOGON_FAILURE. On the other hand, I can list shares with netexec without any problem. Also, if you want, you can try it yourself (https://tryhackme.com/r/room/enterprise). (Note: I tried this in 3 different AD enviroments, 2 different accounts and 2 different computers but result always same.)

smb-client

from smblibrary.

YildirimMesut avatar YildirimMesut commented on August 20, 2024

and also, if you want I can provide wireshark results of these connections. Just let me know if you want. Thanks in advance for your time.

from smblibrary.

TalAloni avatar TalAloni commented on August 20, 2024

Thanks for setting up a lab, I will test in the coming days and report back.

from smblibrary.

TalAloni avatar TalAloni commented on August 20, 2024

Apparently this server requires signing but expects guest sessions to not sign requests, I'll have to check the specifications to determine if the library handles this correctly.

from smblibrary.

TalAloni avatar TalAloni commented on August 20, 2024

I am now under the impression that the server does not behave according to the specifications,
The server sets SMB2_NEGOTIATE_SIGNING_REQUIRED bit in the Negotiate response,
and sets the SMB2_SESSION_FLAG_IS_GUEST bit in the session setup response.

  1. If you believe I am mistaken please direct me to the relevant quotes.
  2. Which software are you using as your SMB server? which version?

According to the SMB2 specifications:

From Section 3.2.5.2:

If the SecurityMode field in the SMB2 header of the response has the
SMB2_NEGOTIATE_SIGNING_REQUIRED bit set, the client MUST set Connection.RequireSigning to TRUE

From Section 3.2.5.3.1:

If the global setting RequireMessageSigning is set to TRUE or Connection.RequireSigning is set
to TRUE then Session.SigningRequired MUST be set to TRUE, otherwise
Session.SigningRequired MUST be set to FALSE

From Section 3.2.5.3.1:

If the SMB2_SESSION_FLAG_IS_GUEST bit is set in the SessionFlags field of the SMB2
SESSION_SETUP Response and if Session.SigningRequired is TRUE, this indicates a
SESSION_SETUP failure and the connection MUST be terminated.

from smblibrary.

YildirimMesut avatar YildirimMesut commented on August 20, 2024

Sorry for the late answer, I was sick. I guess it's default windows smb. Btw, you can RDP this machine with this credentials bitbucket:littleredbucket . And also, if you think there is a problem with server, I also tried the code in a real corporate enviroment with default smb settings but result was same. Here, you can find smb configuration and system information of this lab.:

PS C:\temp> Get-SmbServerConfiguration


AnnounceComment                 :
AnnounceServer                  : False
AsynchronousCredits             : 512
AuditSmb1Access                 : False
AutoDisconnectTimeout           : 15
AutoShareServer                 : True
AutoShareWorkstation            : True
CachedOpenLimit                 : 10
DurableHandleV2TimeoutInSeconds : 180
EnableAuthenticateUserSharing   : False
EnableDownlevelTimewarp         : False
EnableForcedLogoff              : True
EnableLeasing                   : True
EnableMultiChannel              : True
EnableOplocks                   : True
EnableSecuritySignature         : True
EnableSMB1Protocol              : False
EnableSMB2Protocol              : True
EnableStrictNameChecking        : True
EncryptData                     : False
IrpStackSize                    : 15
KeepAliveTime                   : 2
MaxChannelPerSession            : 32
MaxMpxCount                     : 50
MaxSessionPerConnection         : 16384
MaxThreadsPerQueue              : 20
MaxWorkItems                    : 1
NullSessionPipes                : ,netlogon,samr,lsarpc
NullSessionShares               : Users
OplockBreakWait                 : 35
PendingClientTimeoutInSeconds   : 120
RejectUnencryptedAccess         : True
RequireSecuritySignature        : True
ServerHidden                    : True
Smb2CreditsMax                  : 8192
Smb2CreditsMin                  : 512
SmbServerNameHardeningLevel     : 0
TreatHostAsStableStorage        : False
ValidateAliasNotCircular        : True
ValidateShareScope              : True
ValidateShareScopeNotAliased    : True
ValidateTargetName              : True



PS C:\temp> systeminfo

Host Name:                 LAB-DC
OS Name:                   Microsoft Windows Server 2019 Standard
OS Version:                10.0.17763 N/A Build 17763
OS Manufacturer:           Microsoft Corporation
OS Configuration:          Primary Domain Controller
OS Build Type:             Multiprocessor Free
Registered Owner:          Windows User
Registered Organization:
Product ID:                00429-70000-00000-AA467
Original Install Date:     3/11/2021, 1:23:37 PM
System Boot Time:          7/18/2024, 7:52:12 AM
System Manufacturer:       Xen
System Model:              HVM domU
System Type:               x64-based PC
Processor(s):              1 Processor(s) Installed.
                           [01]: Intel64 Family 6 Model 79 Stepping 1 GenuineIntel ~2300 Mhz
BIOS Version:              Xen 4.11.amazon, 8/24/2006
Windows Directory:         C:\Windows
System Directory:          C:\Windows\system32
Boot Device:               \Device\HarddiskVolume1
System Locale:             en-us;English (United States)
Input Locale:              en-us;English (United States)
Time Zone:                 (UTC-08:00) Pacific Time (US & Canada)
Total Physical Memory:     2,048 MB
Available Physical Memory: 277 MB
Virtual Memory: Max Size:  2,432 MB
Virtual Memory: Available: 548 MB
Virtual Memory: In Use:    1,884 MB
Page File Location(s):     C:\pagefile.sys
Domain:                    LAB.ENTERPRISE.THM
Logon Server:              \\LAB-DC
Hotfix(s):                 6 Hotfix(s) Installed.
                           [01]: KB4601558
                           [02]: KB4512577
                           [03]: KB4577586
                           [04]: KB4580325
                           [05]: KB5000859
                           [06]: KB5000822
Network Card(s):           1 NIC(s) Installed.
                           [01]: AWS PV Network Device
                                 Connection Name: Ethernet
                                 DHCP Enabled:    Yes
                                 DHCP Server:     10.10.0.1
                                 IP address(es)
                                 [01]: 10.10.176.26
                                 [02]: fe80::c0c0:1222:40f4:42df
Hyper-V Requirements:      A hypervisor has been detected. Features required for Hyper-V will not be displayed.

from smblibrary.

TalAloni avatar TalAloni commented on August 20, 2024

I've requested a clarification from Microsoft

from smblibrary.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.