SMB: Parse SMB Versions and Dialects.

This parses the SMB Version response, and the dialect, to determine the full SMB version. This is done in accordance to "[MS-SMB2] - v20190430" from Microsoft, Section 2.2.4.
2019-05-24 09:38:40 -04:00 · 2019-05-24 09:38:40 -04:00 · 79a96f08ae
commit 79a96f08ae
parent 2e71f25c85
2 changed files with 70 additions and 1 deletions
--- a/lib/smb/smb/zgrab.go
+++ b/lib/smb/smb/zgrab.go
@ -81,12 +81,32 @@ type SessionSetupLog struct {
 	NegotiateFlags uint32 `json:"negotiate_flags"`
 }

+// Parse the SMB version and dialect; version string
+// will be of the form: Major.Minor.Revision.
+//
+// 'Revisions' are set to 0 if not specified (e.g. 2.1 is 2.1.0)
+// The following versions/dialects are known:
+// SMB 1.0.0
+// SMB 2.0.2
+// SMB 2.1.0
+// SMB 3.0.0
+// SMB 3.0.2
+// SMB 3.1.1
+type SMBVersions struct {
+	Major     int    `json:"major"`
+	Minor     int    `json:"minor"`
+	Revision  int    `json:"revision"`
+	VerString string `json:"version_string"`
+}
+
 // SMBLog logs the relevant information about the session.
 type SMBLog struct {
 	// SupportV1 is true if the server's protocol ID indicates support for
 	// version 1.
 	SupportV1 bool `json:"smbv1_support"`

+	Version *SMBVersions `json:"smb_version,omitempty"`
+
 	// HasNTLM is true if the server supports the NTLM authentication method.
 	HasNTLM bool `json:"has_ntlm"`

@ -214,7 +234,49 @@ func (ls *LoggedSession) LoggedNegotiateProtocol(setup bool) error {
 	logStruct := new(SMBLog)

 	ls.Log = logStruct
-	ls.Log.SupportV1 = string(negRes.Header.ProtocolID) == ProtocolSmb
+
+	switch string(negRes.Header.ProtocolID) {
+	case ProtocolSmb:
+		ls.Log.SupportV1 = true
+		ls.Log.Version = &SMBVersions{Major: 1,
+			Minor:     0,
+			Revision:  0,
+			VerString: "SMB 1.0"}
+	case ProtocolSmb2:
+		switch negRes.DialectRevision {
+		case 0x0202:
+			ls.Log.Version = &SMBVersions{
+				Major: 2,
+				Minor: 0,
+				Revision: 2,
+				VerString: "SMB 2.0.2"}
+		case 0x0210:
+			ls.Log.Version = &SMBVersions{
+				Major: 2,
+				Minor: 1,
+				Revision: 0,
+				VerString: "SMB 2.1"}
+		case 0x0300:
+			ls.Log.Version = &SMBVersions{
+				Major: 3,
+				Minor: 0,
+				Revision: 0,
+				VerString: "SMB 3.0"}
+		case 0x0302:
+			ls.Log.Version = &SMBVersions{
+				Major: 3,
+				Minor: 0,
+				Revision: 2,
+				VerString: "SMB 3.0.2"}
+		case 0x0311:
+			ls.Log.Version = &SMBVersions{
+				Major: 3,
+				Minor: 1,
+				Revision: 1,
+				VerString: "SMB 3.1.1"}
+		}
+	}
+
 	logStruct.NegotiationLog = &NegotiationLog{
 		HeaderLog:       getHeaderLog(&negRes.Header),
 		SecurityMode:    negRes.SecurityMode,
--- a/zgrab2_schemas/zgrab2/smb.py
+++ b/zgrab2_schemas/zgrab2/smb.py
@ -42,9 +42,16 @@ session_setup_log = SubRecord(extended(header_log, {
    'negotiate_flags': Unsigned32BitInteger(),
 }))

+
 smb_scan_response = SubRecord({
    'result': SubRecord({
        'smbv1_support': Boolean(),
+        "smb_version": SubRecord({
+            "major": Uinsigned8BitInteger(doc="Major version"),
+            "minor": Unsigned8BitInteger(doc="Minor version"),
+            "revision": Unsigned8BitInteger(doc="Protocol Revision"),
+            "version_string": String(doc="Full SBM Version String"),
+            }),
        'negotiation_log': negotiate_log,
        'has_ntlm': Boolean(),
        'session_setup_log': session_setup_log,