switch default conn from smbv1 to smbv3

mpgn · mpgn · commit e74430542751 · 2025-01-05T02:28:00.000+01:00
diff --git a/nxc/protocols/smb.py b/nxc/protocols/smb.py
@@ -157,6 +157,7 @@ def __init__(self, args, db, host):
         self.bootkey = None
         self.output_filename = None
         self.smbv1 = None
+        self.smbv3 = None
         self.is_timeouted = False
         self.signing = False
         self.smb_share_name = smb_share_name
@@ -295,6 +296,10 @@ def enum_host_info(self):
         except Exception as e:
             self.logger.debug(f"Error logging off system: {e}")
 
+        # Check smbv1
+        if not self.args.no_smbv1:
+            self.smbv1 = self.create_smbv1_conn(check=True)
+
         # DCOM connection with kerberos needed
         self.remoteName = self.host if not self.kerberos else f"{self.hostname}.{self.targetDomain}"
 
@@ -538,17 +543,19 @@ def hash_login(self, domain, username, ntlm_hash):
             self.create_conn_obj()
             return False
 
-    def create_smbv1_conn(self):
-        self.logger.debug(f"Creating SMBv1 connection to {self.host}")
+    def create_smbv1_conn(self, check=False):
+        self.logger.info(f"Creating SMBv1 connection to {self.host}")
         try:
-            self.conn = SMBConnection(
+            conn = SMBConnection(
                 self.remoteName,
                 self.host,
                 None,
                 self.port,
                 preferredDialect=SMB_DIALECT,
                 timeout=self.args.smb_timeout,
             )
+            if check:
+                self.conn = conn
         except OSError as e:
             if "Connection reset by peer" in str(e):
                 self.logger.info(f"SMBv1 might be disabled on {self.host}")
@@ -567,7 +574,7 @@ def create_smbv1_conn(self):
         return True
 
     def create_smbv3_conn(self):
-        self.logger.debug(f"Creating SMBv3 connection to {self.host}")
+        self.logger.info(f"Creating SMBv3 connection to {self.host}")
         try:
             self.conn = SMBConnection(
                 self.remoteName,
@@ -581,27 +588,26 @@ def create_smbv3_conn(self):
             return False
         return True
 
-    def create_conn_obj(self, no_smbv1=False):
+    def create_conn_obj(self):
         """
         Tries to create a connection object to the target host.
-        On first try, it will try to create a SMBv1 connection.
+        On first try, it will try to create a SMBv3 connection.
         On further tries, it will remember which SMB version is supported and create a connection object accordingly.
 
         :param no_smbv1: If True, it will not try to create a SMBv1 connection
         """
-        no_smbv1 = self.args.no_smbv1 if self.args.no_smbv1 else no_smbv1
 
         # Initial negotiation
-        if not no_smbv1 and self.smbv1 is None:
-            self.smbv1 = self.create_smbv1_conn()
-            if self.smbv1:
+        if self.smbv3 is None:
+            self.smbv3 = self.create_smbv3_conn()
+            if self.smbv3:
                 return True
             elif not self.is_timeouted:
-                return self.create_smbv3_conn()
-        elif not no_smbv1 and self.smbv1:
-            return self.create_smbv1_conn()
-        else:
+                return self.create_smbv1_conn()
+        elif self.smbv3:
             return self.create_smbv3_conn()
+        else:
+            return self.create_smbv1_conn()
 
     def check_if_admin(self):
         self.logger.debug(f"Checking if user is admin on {self.host}")
