First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

decrypt smb2 on a test environment

  • retag add tags

I want monitor the data pushed to destination server, the protocol used is smb2 which I want to observe what are the contents (for further analysis) this is being done in a test environement where the username pwd , hostname, etc is available with me

aakashgaikwad's avatar
1
aakashgaikwad
asked 2022-05-13 08:20:40 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

Have a look at the SMB2 protocol preferences. There's a table you can fill in with that information.

Jaap's avatar
13.7k
Jaap
answered 2022-05-13 09:36:12 +0000
edit flag offensive 0 remove flag delete link
more

Comments

from where do I get the session key.. I got the session Id from trace.. however session key which is something hard to get

aakashgaikwad's avatar aakashgaikwad (2022-05-13 12:22:21 +0000) edit
more
  • delete

You need the session key, which is determined individually for each client and each share (or TreeConnect).

Recent SAMBA versions support a debug function to record the session key: https://wiki.samba.org/index.php/Wire... for a decent decryption

At this time, I am not aware of a similar function for Windows servers.

Eddi's avatar Eddi (2022-05-13 18:28:26 +0000) edit
more
  • delete

We are using windows client we we have(or where can we get) similar function for windws system

aakashgaikwad's avatar aakashgaikwad (2022-05-14 09:40:00 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer