smb_enumshares: Allow for SMB1 ruby_smb & rex backends

g0tmi1k · g0tmi1k · commit 71d2d8e98519 · 2026-04-23T10:56:17.000+01:00
diff --git a/modules/auxiliary/scanner/smb/smb_enumshares.rb b/modules/auxiliary/scanner/smb/smb_enumshares.rb
@@ -27,7 +27,7 @@ def initialize(info = {})
           directories, files, time stamps, etc.
 
           By default, a RubySMB net_share_enum_all request is done in order to retrieve share information,
-          which uses SRVSVC.
+          which uses SRVSVC, otherwise will use Rex SMB.
         },
         'Author' => [
           'hdm',
@@ -298,20 +298,23 @@ def run_host(ip)
       self.simple = session.simple_client
       enum_shares(session.address)
     else
-      [{ port: SMB1_PORT }, { port: SMB2_3_PORT } ].each do |info|
-        vprint_status("Connecting to the server...")
+      [
+        # Force RubySMB library for SMB1 mode otherwise `Rex::Proto::SMB::Client` does not supply `net_share_enum_all`
+        { port: SMB1_PORT, versions: [1], backend: :ruby_smb, label: 'SMB v1' },
+        { port: SMB2_3_PORT, versions: [1, 2, 3], backend: :rex, label: 'SMB v1/2/3' },
+        # Use Rex SMB library fallback for SMB1 mode, as it can handle when NtCreateAndxResponse missing fields
+        # (Windows server 2019 has issues, but Samba 3.0.20 (metasploitable2) is fine with SMB1 & RubySMB)
+        { port: SMB1_PORT, versions: [1], backend: :rex, label: 'SMB v1' },
+      ].each do |info|
+        # Update line prefix, as port changes
+        remove_instance_variable(:@print_prefix) if instance_variable_defined?(:@print_prefix)
         # Assign @rport so that it is accessible via the rport method in this module,
         # as well as making it accessible to the module mixins
         @rport = info[:port]
-        if rport == SMB1_PORT
-          # force library in smb1 mode otherwise simple.client is a
-          # `Rex::Proto::SMB::Client` that does not supply `net_share_enum_all`
-          connect(versions: [1], backend: :ruby_smb)
-        else
-          connect(versions: [1, 2, 3])
-        end
+        vprint_status("Connecting using #{info[:label]} via #{info[:backend]}")
+        connect(versions: info[:versions], backend: info[:backend])
         smb_login
-        break unless enum_shares(ip).empty?
+        break if enum_shares(ip)&.any?
       rescue ::Interrupt
         raise $ERROR_INFO
       rescue Errno::ECONNRESET => e
@@ -340,22 +343,31 @@ def enum_shares(ip)
     shares = []
 
     begin
-      # Return all shares if `Shares` option has not been set
-      if datastore['Share'].nil?
-        shares = simple.client.net_share_enum_all(ip)
-      else
+      # RubySMB
+      if simple.client.respond_to?(:net_share_enum_all)
+        # Return all shares if `Shares` option has not been set
+        if datastore['Share'].nil?
+          shares = simple.client.net_share_enum_all(ip)
         # Return specific share if the `Share` option has been set
-        simple.client.net_share_enum_all(ip).each { |share| shares = [share] if share[:name] == datastore['Share'] }
-        # Return an error if `Share` option has been set but no matches were found
-        if shares.empty?
-          print_error("No shares match #{datastore['Share']}")
+        else
+          simple.client.net_share_enum_all(ip).each { |share| shares = [share] if share[:name] == datastore['Share'] }
         end
+      # Rex SMB: smb_netshareenumall tries SRVSVC then falls back to LANMAN
+      else
+        raw = smb_netshareenumall
+        shares = raw.map { |s| { name: s[0], type: s[1], comment: s[2] } }
+        shares = shares.select { |s| s[:name] == datastore['Share'] } if datastore['Share']
       end
+      # Return an error if `Share` option has been set but no matches were found
+      print_error("No shares match #{datastore['Share']}") if shares.empty?
     rescue RubySMB::Error::UnexpectedStatusCode => e
       print_error("Error when trying to enumerate shares - #{e.status_code.name}")
       return
     rescue RubySMB::Error::InvalidPacket => e
-      print_error("Invalid packet received when trying to enumerate shares - #{e}")
+      vprint_error("Invalid packet received when trying to enumerate shares - #{e}")
+      return
+    rescue Rex::Proto::SMB::Exceptions::ErrorCode => e
+      print_error("Error when trying to enumerate shares - #{e.message}")
       return
     end
 
@@ -381,7 +393,11 @@ def enum_shares(ip)
       )
 
       if datastore['SpiderShares']
-        get_files_info(ip, shares)
+        if simple.client.is_a?(RubySMB::Client)
+          get_files_info(ip, shares)
+        else
+          print_warning('This is not available for this server (unable to use RubySMB)')
+        end
       end
     end
 
