Skip to content

smb_enumshares: Allow for SMB1 ruby_smb & rex backends#21345

Open
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:smb_enumshares
Open

smb_enumshares: Allow for SMB1 ruby_smb & rex backends#21345
g0tmi1k wants to merge 1 commit intorapid7:masterfrom
g0tmi1k:smb_enumshares

Conversation

@g0tmi1k
Copy link
Copy Markdown
Contributor

@g0tmi1k g0tmi1k commented Apr 21, 2026
edited
Loading

Target is metasploitable 2 VM.

Before

msf auxiliary(scanner/smb/smb_enumshares) > options

Module options (auxiliary/scanner/smb/smb_enumshares):

   Name                    Current Setting                         Required  Description
   ----                    ---------------                         --------  -----------
   HIGHLIGHT_NAME_PATTERN  username|password|user|pass|Groups.xml  yes       PCRE regex of resource names to highlight
   LogSpider               3                                       no        0 = disabled, 1 = CSV, 2 = table (txt), 3 = one liner (txt) (Accepted: 0, 1, 2, 3)
   MaxDepth                999                                     yes       Max number of subdirectories to spider
   Share                                                           no        Show only the specified share
   ShowFiles               false                                   yes       Show detailed information when spidering
   SpiderProfiles          true                                    no        Spider only user profiles when share is a disk share
   SpiderShares            true                                    no        Spider shares recursively


   Used when connecting via an existing SESSION:

   Name     Current Setting  Required  Description
   ----     ---------------  --------  -----------
   SESSION                   no        The session to run this module on


   Used when making a new connection via RHOSTS:

   Name       Current Setting  Required  Description
   ----       ---------------  --------  -----------
   RHOSTS     10.0.0.10        no        The target host(s), see https://docs.metasploit.com/docs/using-metasploit/basics/using-metasploit.html
   SMBDomain  .                no        The Windows domain to use for authentication
   SMBPass                     no        The password for the specified username
   SMBUser                     no        The username to authenticate as
   THREADS    1                yes       The number of concurrent threads (max one per host)


View the full module info with the info, or info -d command.

msf auxiliary(scanner/smb/smb_enumshares) >
msf auxiliary(scanner/smb/smb_enumshares) > run
[*] 10.0.0.10: - Connecting to the server...
[-] 10.0.0.10: - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[-] 10.0.0.10: - Error: '10.0.0.10' 'NoMethodError' 'undefined method `empty?' for nil'
[*] 10.0.0.10: - Connecting to the server...
[-] 10.0.0.10: - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[-] 10.0.0.10: - Error: '10.0.0.10' 'NoMethodError' 'undefined method `empty?' for nil'
[*] 10.0.0.10: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/smb/smb_enumshares) >

After

msf auxiliary(scanner/smb/smb_enumshares) > reload
[*] Reloading module...
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf auxiliary(scanner/smb/smb_enumshares) >
msf auxiliary(scanner/smb/smb_enumshares) > run
[*] 10.0.0.10:139 - Connecting using SMB v1 via ruby_smb
[-] 10.0.0.10:139 - Invalid packet received when trying to enumerate shares - The response seems to be an SMB1 NtCreateAndxResponse but an error occurs while parsing it. It is probably missing the required extended information.
[*] 10.0.0.10:445 - Connecting using SMB v1/2/3 via rex
[+] 10.0.0.10:445 - print$ - (DISK) Printer Drivers
[+] 10.0.0.10:445 - tmp - (DISK) oh noes!
[+] 10.0.0.10:445 - opt - (DISK)
[+] 10.0.0.10:445 - IPC$ - (IPC) IPC Service (metasploitable server (Samba 3.0.20-Debian))
[+] 10.0.0.10:445 - ADMIN$ - (IPC) IPC Service (metasploitable server (Samba 3.0.20-Debian))
[!] 10.0.0.10:445 - This is not available for this server (unable to use RubySMB)
[*] 10.0.0.10: - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
msf auxiliary(scanner/smb/smb_enumshares) >

smcintyre-r7
smcintyre-r7 reviewed Apr 21, 2026
View reviewed changes
Comment thread modules/auxiliary/scanner/smb/smb_enumshares.rb Outdated
@g0tmi1k g0tmi1k force-pushed the smb_enumshares branch 5 times, most recently from 71d2d8e to 694570f Compare April 23, 2026 12:00
smcintyre-r7
smcintyre-r7 requested changes Apr 23, 2026
View reviewed changes
Comment thread modules/auxiliary/scanner/smb/smb_enumshares.rb Outdated
@github-project-automation github-project-automation Bot moved this from Todo to Waiting on Contributor in Metasploit Kanban Apr 23, 2026
@g0tmi1k g0tmi1k force-pushed the smb_enumshares branch 3 times, most recently from ec26a5c to 0ca161b Compare April 23, 2026 17:32
@g0tmi1k g0tmi1k requested a review from smcintyre-r7 April 23, 2026 17:32
@Z6543
Copy link
Copy Markdown

Z6543 commented Apr 25, 2026

FYI I also had a similar PR about this issue
#21123

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smcintyre-r7 smcintyre-r7 Awaiting requested review from smcintyre-r7

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

Metasploit Kanban
Status: Waiting on Contributor

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@g0tmi1k @Z6543 @smcintyre-r7