Support SMB Relay Net NTLM Downgrading #19754
Labels
suggestion-feature
New feature suggestions
Comments
smcintyre-r7
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We should update our SMB/NTLM relaying support to allow downgrading NetNTLMv2 to NetNTLMv1. I don't think this can be done automatically in which case we should offer a datastore option to toggle it. If it is possible to do so automatically, we'd want to try the downgrade initially to obtain the NetNTLMv1 hash which is easier for our users to work with. If that fails and the client will re-attempt the authentication flow, we should fall back to the NetNTLMv2 authentication process without tampering with it. This would require some testing.
Making this work would likely involve some updates to the server-client code that handles the NTLM requests and dispatches them to the protocol-specific relay connections.
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb
The text was updated successfully, but these errors were encountered: