You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Right now RubySMB assumes that the loaded version of OpenSSL provides all of the used encryption algorithms. It will proceed with negotiation ignoring what algorithms it can actually use.
RubySMB should be updated to provide a subset of encryption algorithms based on what OpenSSL is capable of providing. We should likely throw an exception if encryption is explicitly required but OpenSSL offers no usable algorithms. Once this issue is addressed, we'll also want to make sure that Metasploit's smb_version module continues to enumerate all possible algorithms regardless of what OpenSSL offers since that process doesn't require any of them to actually be used.
Originally reported as an error manifesting itself by way of a psexec failure.
msf6 exploit(windows/smb/psexec) > run
[*] 192.168.222.151:445 - Connecting to the server...
[*] 192.168.222.151:445 - Authenticating to 192.168.222.151:445 as user 'vagrant'...
[-] 192.168.222.151:445 - Exploit failed: RuntimeError unsupported cipher algorithm (AES-128-GCM)
[*] Exploit completed, but no session was created.
The text was updated successfully, but these errors were encountered:
Right now RubySMB assumes that the loaded version of OpenSSL provides all of the used encryption algorithms. It will proceed with negotiation ignoring what algorithms it can actually use.
RubySMB should be updated to provide a subset of encryption algorithms based on what OpenSSL is capable of providing. We should likely throw an exception if encryption is explicitly required but OpenSSL offers no usable algorithms. Once this issue is addressed, we'll also want to make sure that Metasploit's smb_version module continues to enumerate all possible algorithms regardless of what OpenSSL offers since that process doesn't require any of them to actually be used.
Originally reported as an error manifesting itself by way of a psexec failure.
The text was updated successfully, but these errors were encountered: