SMB

Section [SMB]

SMB.Server: list

Each entry corresponds to an instance of smb.SMBServerConfig

Defines a list of SMB server configuration sections. For instructions on configuring section lists, refer to the general configuration guide Array Tables for TOML.

Attributes listed below can alternatively be specified in the global [SMB] section to serve as default values for all individual server entries.

Server.Port: int

Maps to smb.SMBServerConfig.smb_port

Specifies the port on which the SMB server instance listens. This setting is required and cannot be used in the [SMB] section.

Important

This attribute must be defined within a dedicated [[SMB.Server]] section.

Server.ServerOS: str

Map to smb.SMBServerConfig.smb_server_os. May also be set in [SMB]

Defines the operating system for the SMB server. These values are used when crafting responses.

Server.ServerName: str
Server.ServerDomain: str

Map to smb.SMBServerConfig.smb_server_XXX. May also be set in [SMB]

Defines identification metadata for the SMB server. These values are used when crafting responses.

Removed in version 1.0.0.dev8: ServerName and ServerDomain were merged into SMB.Server.FQDN

Server.FQDN: str = "Dementor"

Linked to smb.SMBServerConfig.smb_fqdn. Can also be set in [SMB] or [Globals]

Specifies the Fully Qualified Domain Name (FQDN) hostname used by the SMB server. The hostname portion of the FQDN will be included in server responses. The domain part is optional and will point to WORKGROUP by default.

Added in version 1.0.0.dev8.

Server.ErrorCode: str | int = nt_errors.STATUS_SMB_BAD_UID

Maps to smb.SMBServerConfig.smb_error_code. May also be set in [SMB]

Specifies the NT status code returned when access is denied. Accepts either integer codes or their string representations (e.g., "STATUS_ACCESS_DENIED"). Example values:

  • 3221225506 or "STATUS_ACCESS_DENIED"

  • 5963778 or "STATUS_SMB_BAD_UID"

For a comprehensive list of status codes, refer to the impacket.nt_errors module.

See also

Use case: Tricking Windows SMB clients into falling back to WebDav.

Server.SMB2Support: bool = true

Maps to smb.SMBServerConfig.smb2_support. May also be set in [SMB]

Enables support for the SMB2 protocol. Recommended for improved client compatibility.

Server.ExtendedSessionSecurity: bool = true

Maps to smb.SMBServerConfig.smb_ess. May also be set in [SMB]

Enables Extended Session Security (ESS) during NTLM authentication. When ESS is enabled, the server captures NTLMv1/v2-SSP hashes instead of standard NTLMv1/v2 hashes. Resolution precedence:

  1. If defined, SMB.Server.ExtendedSessionSecurity takes precedence.

  2. If not, SMB.ExtendedSessionSecurity is used.

  3. Finally, falls back to NTLM.ExtendedSessionSecurity if the above are unset.

Server.Challenge: str = NTLM.Challenge

Maps to smb.SMBServerConfig.smb_challenge. May also be set in [SMB]

Defines the challenge value used during NTLM authentication. Resolution precedence:

  1. SMB.Server.Challenge (if defined)

  2. SMB.Challenge (fallback)

  3. NTLM.Challenge (final fallback)

Note

If none of the above attributes are set, the SMB server will generate a random challenge value for each session.

class smb.SMBServerConfig

Configuration class for entries under SMB.Server

Represents the configuration for a single SMB server instance.

smb_port: int

Corresponds to SMB.Server.Port

smb_server_os: str = "Windows"

Corresponds to SMB.Server.ServerOS

smb_server_name: str = "DEMENTOR"

Corresponds to SMB.Server.ServerName

Removed in version 1.0.0.dev8: Merged into SMB.Server.FQDN

smb_server_domain: str = "WORKGROUP"

Corresponds to SMB.Server.ServerDomain

Removed in version 1.0.0.dev8: Merged into SMB.Server.FQDN

smb_fqdn: str = "DEMENTOR"

Corresponds to SMB.Server.FQDN

Added in version 1.0.0.dev8.

smb_error_code: str | int = nt_errors.STATUS_SMB_BAD_UID

Corresponds to SMB.Server.ErrorCode

You can use set_smb_error_code() to set this attribute using a string or an integer.

smb2_support: bool = True

Corresponds to SMB.Server.SMB2Support

smb_ess: bool = True

Corresponds to SMB.Server.ExtendedSessionSecurity

smb_challenge: bytes = b""

Corresponds to SMB.Server.Challenge

By default, a random challenge will be generated based on the rules described in SMB.Server.Challenge.

Default Configuration

SMB configuration section (default values)
 1[SMB]
 2ServerOS = "Windows"
 3FQDN = "DEMENTOR"
 4SMB2Support = true
 5ErrorCode = "STATUS_SMB_BAD_UID"
 6
 7[[SMB.Server]]
 8Port = 139
 9
10[[SMB.Server]]
11Port = 445