漏洞描述
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
smb-signing: SMB Signing Not Required
PoC代码[已公开]
id: smb-signing
info:
name: SMB Signing Not Required
author: pussycat0x
severity: medium
description: |
Signing is not required on the remote SMB server. An unauthenticated, remote attacker can exploit this to conduct man-in-the-middle attacks against the SMB server.
reference:
- https://www.tenable.com/plugins/nessus/57608
- https://nmap.org/nsedoc/scripts/smb2-security-mode.html
metadata:
verified: true
max-request: 1
shodan-query: port:445
product: dionaea
vendor: dionaea
tags: js,network,smb,enum,vuln
javascript:
- pre-condition: |
isPortOpen(Host,Port);
code: |
var m = require("nuclei/smb");
var c = m.SMBClient();
var response = c.ListSMBv2Metadata(Host, Port, User, Pass);
Export(response);
args:
Host: "{{Host}}"
Port: "445"
User: "test"
Pass: "test"
matchers:
- type: word
words:
- '"SigningEnabled": true'
- '"SigningRequired": false'
condition: and
# digest: 490a0046304402205f5c2e953552b87babd22e004b6007cfa09249332482fefed056a459c3d5a92902203d5b13ee00bbe82657fb99b181a5377d11c56b23adc467622ae6d693fc987696:922c64590222798bb761d5b6d8e72950