Integrate SMBv1 setup on first connection into create_conn_obj

NeffIsBack · NeffIsBack · commit 19ed5d31e14f · 2025-10-04T07:08:40.000-04:00
diff --git a/nxc/protocols/smb.py b/nxc/protocols/smb.py
@@ -121,7 +121,7 @@ def __init__(self, args, db, host):
         self.output_filename = None
         self.smbv1 = None   # Check if SMBv1 is supported
         self.smbv3 = None   # Check if SMBv3 is supported
-        self.is_timeouted = False
+        self.is_timed_out = False
         self.signing = False
         self.smb_share_name = smb_share_name
         self.pvkbytes = None
@@ -171,10 +171,6 @@ def enum_host_info(self):
         self.local_ip = self.conn.getSMBServer().get_socket().getsockname()[0]
         self.is_host_dc()
 
-        # Create SMBv1 connection to get host info, connection will be reinitiated on login
-        if not self.args.no_smbv1:
-            self.smbv1 = self.create_smbv1_conn()
-
         try:
             self.conn.login("", "")
             self.null_auth = True
@@ -562,7 +558,7 @@ def create_smbv1_conn(self, check=False):
             if "Connection reset by peer" in str(e):
                 self.logger.info(f"SMBv1 might be disabled on {self.host}")
             elif "timed out" in str(e):
-                self.is_timeouted = True
+                self.is_timed_out = True
                 self.logger.debug(f"Timeout creating SMBv1 connection to {self.host}")
             else:
                 self.logger.info(f"Error creating SMBv1 connection to {self.host}: {e}")
@@ -588,28 +584,34 @@ def create_smbv3_conn(self):
             self.smbv3 = True
         except (Exception, NetBIOSTimeout, OSError) as e:
             if "timed out" in str(e):
-                self.is_timeouted = True
+                self.is_timed_out = True
                 self.logger.debug(f"Timeout creating SMBv3 connection to {self.host}")
             else:
                 self.logger.info(f"Error creating SMBv3 connection to {self.host}: {e}")
             return False
         return True
 
-    def create_conn_obj(self):
+    def create_conn_obj(self, no_smbv1=False):
         """
         Tries to create a connection object to the target host.
-        On first try, it will try to create a SMBv3 connection.
-        On further tries, it will remember which SMB version is supported and create a connection object accordingly.
+        On first try, it will try to create a SMBv1 connection to be able to get the plaintext server OS version if available.
+        On further tries, it will remember which SMB version is supported and create a connection object accordingly, preferably SMBv3.
+
+        :param no_smbv1: If True, it will not try to create a SMBv1 connection
         """
         # Initial negotiation
-        if self.smbv3 is None:
-            self.smbv3 = self.create_smbv3_conn()
-            if self.smbv3:
+        if self.smbv1 is None and not no_smbv1 and not self.args.no_smbv1:
+            if not self.create_smbv1_conn() and not self.is_timed_out:
+                # Fallback if SMBv1 fails
+                return self.create_smbv3_conn()
+            else:
                 return True
-            elif not self.is_timeouted:
+        elif self.smbv3 is not False:
+            if not self.create_smbv3_conn():
+                # Fallback if SMBv3 fails
                 return self.create_smbv1_conn()
-        elif self.smbv3:
-            return self.create_smbv3_conn()
+            else:
+                return True
         else:
             return self.create_smbv1_conn()
 
