Allow setting the RPORT option for smb_version

rapid7 · May 7, 2024 · 88efba7 · 88efba7
1 parent cec01fb
commit 88efba7
Showing 1 changed file with 22 additions and 7 deletions.
diff --git a/modules/auxiliary/scanner/smb/smb_version.rb b/modules/auxiliary/scanner/smb/smb_version.rb
@@ -40,22 +40,26 @@ def initialize
       'License' => MSF_LICENSE
     )
 
+    register_options([
+      Msf::Opt::RPORT(nil, false)
+    ])
+
     register_advanced_options(
       [
         *kerberos_storage_options(protocol: 'SMB'),
         *kerberos_auth_options(protocol: 'SMB', auth_methods: Msf::Exploit::Remote::AuthOption::SMB_OPTIONS),
       ]
     )
 
-    deregister_options('RPORT', 'SMBDIRECT', 'SMB::ProtocolVersion')
+    deregister_options('SMB::ProtocolVersion')
   end
 
   def rport
-    @smb_port
+    @rport
   end
 
-  def smb_direct
-    (@smb_port == 445)
+  def connect(*args, **kwargs)
+    super(*args, **kwargs, direct: @smb_direct)
   end
 
   def seconds_to_timespan(seconds)
@@ -189,10 +193,21 @@ def smb_os_description(res, nd_smb_fingerprint)
   # Fingerprint a single host
   #
   def run_host(ip)
-    smb_ports = [445, 139]
+    if datastore['RPORT'].blank? || datastore['RPORT'] == 0
+      smb_services = [
+        { port: 139, direct: false },
+        { port: 445, direct: true }
+      ]
+    else
+      smb_services = [
+        { port: datastore['RPORT'], direct: datastore['SMBDirect'] }
+      ]
+    end
+
     lines = [] # defer status output to the very end to group lines together by host
-    smb_ports.each do |pnum|
-      @smb_port = pnum
+    smb_services.each do |smb_service|
+      @rport = smb_service[:port]
+      @smb_direct = smb_service[:direct]
       self.simple = nil
 
       begin