Ask Your Question
0

decrypt smb2 on a test environment

asked 2022-05-13 08:20:40 +0000

I want monitor the data pushed to destination server, the protocol used is smb2 which I want to observe what are the contents (for further analysis) this is being done in a test environement where the username pwd , hostname, etc is available with me

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-05-13 09:36:12 +0000

Jaap gravatar image

Have a look at the SMB2 protocol preferences. There's a table you can fill in with that information.

edit flag offensive delete link more

Comments

from where do I get the session key.. I got the session Id from trace.. however session key which is something hard to get

aakashgaikwad gravatar imageaakashgaikwad ( 2022-05-13 12:22:21 +0000 )edit

You need the session key, which is determined individually for each client and each share (or TreeConnect).

Recent SAMBA versions support a debug function to record the session key: https://wiki.samba.org/index.php/Wire... for a decent decryption

At this time, I am not aware of a similar function for Windows servers.

Eddi gravatar imageEddi ( 2022-05-13 18:28:26 +0000 )edit

We are using windows client we we have(or where can we get) similar function for windws system

aakashgaikwad gravatar imageaakashgaikwad ( 2022-05-14 09:40:00 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2022-05-13 08:20:40 +0000

Seen: 24 times

Last updated: May 13