SMB bugfix

[VakarisZ]

SBM exploiter couldn't exploit my windows 10 machine. After a bit of investigation and following the example here I've found that if we remove the specific SMB dialect and allow impacket to negotiate the protocol itself here exploitation happens.

PR Checklist

• Have you added an explanation of what your changes do and why you'd like to include them?
• Is the TravisCI build passing?

Testing Checklist

• Have you successfully tested your changes locally? Elaborate:

  Tested on Windows 10

[codecov]

Codecov Report

Merging #895 (55f4684) into develop (db20ee1) will not change coverage.
The diff coverage is n/a.

@@           Coverage Diff            @@
##           develop     #895   +/-   ##
========================================
  Coverage    60.56%   60.56%           
========================================
  Files          166      166           
  Lines         4953     4953           
========================================
  Hits          3000     3000           
  Misses        1953     1953           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update db20ee1...55f4684. Read the comment docs.

[acepace]

This makes sense. W10 OOB since 1803 (I think?) disables SMBv1 and refuses to communicate unless opt in. So this is a good fix.

What information does the fingerprinter give you on your machine in this case?

[VakarisZ]

Error getting smb fingerprint: [WinError 10054] An existing connection was forcibly closed by the remote host. Likely also broken with smb v3

[acepace]

Error getting smb fingerprint: [WinError 10054] An existing connection was forcibly closed by the remote host. Likely also broken with smb v3

Problem isn't v3, but disabling of v1.
Check if we can remove that code and replace with impacket. Answer is probably yes with a stripped down version of the smbexec code.