[Samba] any reliable way to discover Windows hostname over SMB2+?

Giulio giulioo at gmail.com
Thu Jul 13 22:32:24 UTC 2017


AFAIK:
- smbclient supports smb2/smb3 starting from samba-4x, and you need to
use -m smb2/smb3.
- starting from samba 4.7.0rc1 smbclient defaults to -m smb3_11 (no
need to use -m")
- samba-3.x  supports smb2  server side only (setting "max protocol"),
smbclient is smb1/nt1 only in 3.x.

I did some tests running smbclient against a win7 machine

smbclient 3.x (smb1 only)
  $ smbclient  -d 10 -L 192.168.1.171 -N  2>&1|grep AvNb|wc -l
  8   <== info is present

smbclient 4.7.0rc1 smb1 mode:
  $ smbclient  -d 10 -L 192.168.1.171 -N -m nt1 2>&1|grep AvNb|wc-l
  0   <== no more

smbclient 4.7.0rc1 smb2 mode:
  $ ./smbclient  -d 10 -L 192.168.1.171 -N -m smb2 2>&1|grep AvNb|wc -l
  0   <== no more

It seems that kind of debug messages is gone even when using smb1 with
newer smbclient versions.

======

rpcclient 3.x
  $ rpcclient -U ""  -c srvinfo -N 192.168.1.171 -d 10 2>&1|grep AvNb|wc -l
  0

  $ rpcclient -U wrong%wrong  -c srvinfo -N 192.168.1.171 -d 10 2>&1
|grep AvNb|wc -l
  8  <== works

rpcclient 4.7.0rc1 is like newer smbclient, the info is not there anymore.

========

If you need this, I'd investigate using some kind of LLMNR client,
since this is the "zeroconf" way to get Windows names: when you
disable smb1 on Windows, netbios name resolution gets disabled too,
and automatic name resolution is LLMNR only.

For instance, this https://nmap.org/nsedoc/scripts/llmnr-resolve.html
will do name-to-IP via LLMNR using nmap from command line.

To do the reverse lookup, I tried changing the script where it uses
"0x0001 Host address" to "0x000C "PTR" and asking for
171.1.168.192.in-addr.arpa; the Windows PC will answer something but
the script output is garbled because it expects to print an IP, and I
don't know LUA to change the script to properly format the new answer,
however I can see the Windows PC name in the tcpdump output (in an UDP
packet coming from the Windows PC), so it's possible.



More information about the samba mailing list