samba - Sep 2015 - Cannot access the (old) samba server on my router from Linux

Hello,

my isp provided me with an ont+wireless router combo.
The router can share via samba a mounted usb thumb drive.
The problem is that it's a very old samba version (apparently 1.9.16p10) 
and I cannot access it from Linux:

luca at seis:~$ smbclient -s /dev/null -L 192.168.10.1
Enter luca's password:
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.16p10]
tree connect failed: NT_STATUS_BAD_NETWORK_NAME


I tried also with -d 10, but it doesn't give too much information, e.g. 
these are the last few lines of output:

Connecting to 192.168.10.1 at port 445
Connecting to 192.168.10.1 at port 139
Socket options:
         SO_KEEPALIVE = 0
         SO_REUSEADDR = 0
         SO_BROADCAST = 0
         TCP_NODELAY = 1
         TCP_KEEPCNT = 9
         TCP_KEEPIDLE = 7200
         TCP_KEEPINTVL = 75
         IPTOS_LOWDELAY = 0
         IPTOS_THROUGHPUT = 0
         SO_REUSEPORT = 0
         SO_SNDBUF = 87040
         SO_RCVBUF = 372480
         SO_SNDLOWAT = 1
         SO_RCVLOWAT = 1
         SO_SNDTIMEO = 0
         SO_RCVTIMEO = 0
         TCP_QUICKACK = 1
         TCP_DEFER_ACCEPT = 0
  session request ok
cli_init_creds: user luca domain WORKGROUP
Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.16p10]
  session setup ok
tree connect failed: NT_STATUS_BAD_NETWORK_NAME


The behaviour is even stranger if I use mount.cifs:

luca at seis:~$ sudo mount -t cifs -o guest //192.168.10.1/rootdir test
luca at seis:~$ LC_ALL= LANG= sudo ls -l test
ls: cannot access test/b: No such file or directory
ls: cannot access test/e: No such file or directory
ls: cannot access test/k: No such file or directory
ls: cannot access test/s: No such file or directory
ls: cannot access test/t: No such file or directory
ls: cannot access test/l: No such file or directory
ls: cannot access test/p: No such file or directory
ls: cannot access test/u: No such file or directory
ls: cannot access test/h: No such file or directory
ls: cannot access test/r: No such file or directory
ls: cannot access test/w: No such file or directory
ls: cannot access test/u: No such file or directory
ls: cannot access test/s: No such file or directory
ls: cannot access test/t: No such file or directory
ls: cannot access test/t: No such file or directory
ls: cannot access test/l: No such file or directory
ls: cannot access test/d: No such file or directory
ls: cannot access test/m: No such file or directory
ls: cannot access test/w: No such file or directory
ls: cannot access test/v: No such file or directory
total 0
d????????? ? ? ? ?            ? b
d????????? ? ? ? ?            ? d
d????????? ? ? ? ?            ? e
d????????? ? ? ? ?            ? h
d????????? ? ? ? ?            ? k
-????????? ? ? ? ?            ? l
d????????? ? ? ? ?            ? l
d????????? ? ? ? ?            ? m
d????????? ? ? ? ?            ? p
d????????? ? ? ? ?            ? r
d????????? ? ? ? ?            ? s
d????????? ? ? ? ?            ? s
d????????? ? ? ? ?            ? t
d????????? ? ? ? ?            ? t
d????????? ? ? ? ?            ? t
d????????? ? ? ? ?            ? u
d????????? ? ? ? ?            ? u
d????????? ? ? ? ?            ? v
d????????? ? ? ? ?            ? w
d????????? ? ? ? ?            ? w

Needless to say, everything works fine with windows (and of course those 
single letter directories are completely bogus).

Looking with wireshark, the main difference I see is that smbclient does 
a "Session Setup AndX Request" which succeeds and then does a
"Tree
Connect AndX Request, Path: \\192.168.10.1\IPC$" which fails ("Invalid
network name. Service not found"), while a "net view" from
windows does
a "Session Setup AndX Request, User: WETRON\luca; Tree Connect AndX, 
Path: \\192.168.10.1\IPC$" in a single step.

Note that, when listing the files, both from Linux and from windows the 
reply to FIND_FIRST2 appears to be the same, bogus, one from wireshark 
("Trans2 Response, FIND_FIRST2, Files: b e k s t l p u h r w u s t t l d 
m w v") but windows manages to show the correct directory listing.
Most probably the bug is in wireshark (copied from samba?), since the 
correct filenames are visible in the raw reply.


Any hint?

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010)  Fax +34 93 5883007

On 02/09/15 18:06, Luca Olivetti wrote:
> Hello,
>
> my isp provided me with an ont+wireless router combo.
> The router can share via samba a mounted usb thumb drive.
> The problem is that it's a very old samba version (apparently 
> 1.9.16p10) and I cannot access it from Linux:
>
> luca at seis:~$ smbclient -s /dev/null -L 192.168.10.1
> Enter luca's password:
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.16p10]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>
>
> I tried also with -d 10, but it doesn't give too much information, 
> e.g. these are the last few lines of output:
>
> Connecting to 192.168.10.1 at port 445
> Connecting to 192.168.10.1 at port 139
> Socket options:
>         SO_KEEPALIVE = 0
>         SO_REUSEADDR = 0
>         SO_BROADCAST = 0
>         TCP_NODELAY = 1
>         TCP_KEEPCNT = 9
>         TCP_KEEPIDLE = 7200
>         TCP_KEEPINTVL = 75
>         IPTOS_LOWDELAY = 0
>         IPTOS_THROUGHPUT = 0
>         SO_REUSEPORT = 0
>         SO_SNDBUF = 87040
>         SO_RCVBUF = 372480
>         SO_SNDLOWAT = 1
>         SO_RCVLOWAT = 1
>         SO_SNDTIMEO = 0
>         SO_RCVTIMEO = 0
>         TCP_QUICKACK = 1
>         TCP_DEFER_ACCEPT = 0
>  session request ok
> cli_init_creds: user luca domain WORKGROUP
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.16p10]
>  session setup ok
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME
>
>
> The behaviour is even stranger if I use mount.cifs:
>
> luca at seis:~$ sudo mount -t cifs -o guest //192.168.10.1/rootdir test
> luca at seis:~$ LC_ALL= LANG= sudo ls -l test
> ls: cannot access test/b: No such file or directory
> ls: cannot access test/e: No such file or directory
> ls: cannot access test/k: No such file or directory
> ls: cannot access test/s: No such file or directory
> ls: cannot access test/t: No such file or directory
> ls: cannot access test/l: No such file or directory
> ls: cannot access test/p: No such file or directory
> ls: cannot access test/u: No such file or directory
> ls: cannot access test/h: No such file or directory
> ls: cannot access test/r: No such file or directory
> ls: cannot access test/w: No such file or directory
> ls: cannot access test/u: No such file or directory
> ls: cannot access test/s: No such file or directory
> ls: cannot access test/t: No such file or directory
> ls: cannot access test/t: No such file or directory
> ls: cannot access test/l: No such file or directory
> ls: cannot access test/d: No such file or directory
> ls: cannot access test/m: No such file or directory
> ls: cannot access test/w: No such file or directory
> ls: cannot access test/v: No such file or directory
> total 0
> d????????? ? ? ? ?            ? b
> d????????? ? ? ? ?            ? d
> d????????? ? ? ? ?            ? e
> d????????? ? ? ? ?            ? h
> d????????? ? ? ? ?            ? k
> -????????? ? ? ? ?            ? l
> d????????? ? ? ? ?            ? l
> d????????? ? ? ? ?            ? m
> d????????? ? ? ? ?            ? p
> d????????? ? ? ? ?            ? r
> d????????? ? ? ? ?            ? s
> d????????? ? ? ? ?            ? s
> d????????? ? ? ? ?            ? t
> d????????? ? ? ? ?            ? t
> d????????? ? ? ? ?            ? t
> d????????? ? ? ? ?            ? u
> d????????? ? ? ? ?            ? u
> d????????? ? ? ? ?            ? v
> d????????? ? ? ? ?            ? w
> d????????? ? ? ? ?            ? w
>
> Needless to say, everything works fine with windows (and of course 
> those single letter directories are completely bogus).
>
> Looking with wireshark, the main difference I see is that smbclient 
> does a "Session Setup AndX Request" which succeeds and then does
a
> "Tree Connect AndX Request, Path: \\192.168.10.1\IPC$" which
fails
> ("Invalid network name. Service not found"), while a "net
view" from
> windows does a "Session Setup AndX Request, User: WETRON\luca; Tree 
> Connect AndX, Path: \\192.168.10.1\IPC$" in a single step.
>
> Note that, when listing the files, both from Linux and from windows 
> the reply to FIND_FIRST2 appears to be the same, bogus, one from 
> wireshark ("Trans2 Response, FIND_FIRST2, Files: b e k s t l p u h r w
> u s t t l d m w v") but windows manages to show the correct directory 
> listing.
> Most probably the bug is in wireshark (copied from samba?), since the 
> correct filenames are visible in the raw reply.
>
>
> Any hint?
>
> Bye
I would go back to your ISP and ask them why they are supplying a router 
that uses a version of samba that is about 18 years old. Also if samba 
is this old, what version of linux is it running and how old is that, 
there are possibly major security implications here.

Rowland

El 02/09/15 a les 19:26, Rowland Penny ha escrit:
>
> I would go back to your ISP and ask them why they are supplying a router
> that uses a version of samba that is about 18 years old.
That's not going to happen, because...
> Also if samba
> is this old, what version of linux is it running and how old is that,
> there are possibly major security implications here.
...the only vulnerability they didn't address is related to samba (*not* 
in samba itself), and I used it to obtain the administration password 
(they just disclose a user password that can do almost nothing), as well 
as the voip password, so I don't really want them to fix it ;)
And that's why I won't disclose neither the brand/model or the 
vulnerability (it's not exploitable from the internet).
I'd just prefer to use Linux for further "explorations" ;)

Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010)  Fax +34 93 5883007

El 02/09/15 a les 19:06, Luca Olivetti ha escrit:
> Hello,
>
> my isp provided me with an ont+wireless router combo.
> The router can share via samba a mounted usb thumb drive.
> The problem is that it's a very old samba version (apparently
1.9.16p10)
> and I cannot access it from Linux:
>
> luca at seis:~$ smbclient -s /dev/null -L 192.168.10.1
> Enter luca's password:
> Domain=[WORKGROUP] OS=[Unix] Server=[Samba 1.9.16p10]
> tree connect failed: NT_STATUS_BAD_NETWORK_NAME

I managed to compile smbclient from the 1.9.16p10 tarball, but the 
result is the same[*].
Clearly, what's running on the router is *not* the stock 1.9.16p10, but 
windows manages to use it fine nevertheless.


[*] the message is

SMBtconX failed. ERRSRV - ERRinvnetname (Invalid network name in tree 
connect.)


Bye
-- 
Luca Olivetti
Wetron Automation Technology http://www.wetron.es/
Tel. +34 93 5883004 (Ext.3010)  Fax +34 93 5883007