smb-signing-not-required: SMB Signing Not Required

日期: 2025-08-01 | 影响软件: SMB Signing Not Required | POC: 已公开

漏洞描述

Checks if SMB signing is not required, exposing SMB communications to man-in-the-middle attacks.

PoC代码[已公开]

id: smb-signing-not-required

info:
  name: SMB Signing Not Required
  author: princechaddha
  severity: high
  description: Checks if SMB signing is not required, exposing SMB communications to man-in-the-middle attacks.
  impact: |
    Not requiring SMB signing allows for tampering of data in transit, enabling man-in-the-middle attacks.
  remediation: |
    Configure SMB to require security signatures for communication.
  tags: windows,smb,signing,code,windows-audit

self-contained: true

code:
  - pre-condition: |
      IsWindows();
    engine:
      - powershell
      - powershell.exe
    args:
      - -ExecutionPolicy
      - Bypass
    pattern: "*.ps1"
    source: |
      Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters' -Name 'RequireSecuritySignature'

    matchers:
      - type: word
        words:
          - "requiresecuritysignature : 0"
# digest: 4a0a00473045022100b2dcff88005d225121f7d83c8b8c4478dff859539f616ee196f00e9bacfc3c270220111b6a93b764bcb732e77880347e664790eca1b9e30c14d54ecdc08837fc2c24:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/./code/windows/audit/smb-signing-not-required.yaml