| You should now have all you need to create an SMB session with an SMB server. As you become more comfortable with the system, you will likely become curious about the vast uncharted jungle of Extended Security. Don't be afraid to go exploring. With the background provided here, and the guidebooks listed in the References section, you are well prepared. If you get it all mapped out, do us all a favor: write it up so that everyone can share what you've learned. A few more bits of advice before we move along... -
Know what you've got to work with. This is one of Andrew Bartlett's rules of thumb. If you are trying to figure out how an encrypted token or key or somesuch is derived, consider the available functions and inputs. Existing tools and values are often reused. Just look through the calculation of the NTLMv2 Response and you'll see what we mean. -
Trust but verify. Read the available documentation and make notes, but don't assume that the documentation is always right. The truth is on the wire. In some cases implementations stray from the specifications, and in other cases (e.g. this book) the documentation is a best-effort attempt at presenting what has been learned. There are few truly definitive sources. Another factor, as you are by now aware, is that there is a tremendous amount of variation in the CIFS world. Something may work correctly in one instance only to surprise you in another. -
Don't be surprised. Don't go looking for weirdness in CIFS, but don't be surprised when you find it. If you expect bad behavior, you may miss the sane and obvious. A lot of CIFS does, in fact, make some sort of sense when you think about it. There are gotchas, though, so be prepared. These guidelines are quite general, but they apply particularly well to the study of SMB security and authentication. |
