Readme update and small SMB2 fix

Fixed an error catch with SMB2.
author: Kevin Robertson <robertsonk@gmail.com> 2017-01-15 18:52:30 -0500
committer: Kevin Robertson <robertsonk@gmail.com> 2017-01-15 18:52:30 -0500
commit: 2318def4dbf419c31a088cf4a222d0ac9851b5d9 (patch)
tree: e4ae314e1887fa3cad80a91b2ec98fc6b4924c0c
parent: abe8d271bd61ddd70deb33a4b074ddbc7c671389 (diff)
download: Invoke-TheHash-2318def4dbf419c31a088cf4a222d0ac9851b5d9.tar.gz
Invoke-TheHash-2318def4dbf419c31a088cf4a222d0ac9851b5d9.zip
2 files changed, 12 insertions, 2 deletions
diff --git a/Invoke-SMBExec.ps1 b/Invoke-SMBExec.ps1
index 1a2c3a0..3a4654e 100644
--- a/Invoke-SMBExec.ps1
+++ b/Invoke-SMBExec.ps1
@@ -1523,6 +1523,11 @@ if($SMB_client.Connected)
                             $SMB_client_stage = 'ReadAndXRequest'
                             $SMB_client_stage_next = 'DeleteServiceW'  
                         }
+                        elseif([System.BitConverter]::ToString($SMB_client_receive[112..115]) -eq '31-04-00-00')
+                        {
+                            Write-Output "Service $SMB_service creation failed on $Target"
+                            $SMBExec_failed = $true
+                        }
                         else
                         {
                             Write-Output "Service creation fault context mismatch"
@@ -2037,7 +2042,7 @@ if($SMB_client.Connected)
                     'StartServiceW'
                     {
                     
-                        if([System.BitConverter]::ToString($SMB_client_receive[112..115]) -eq '00-00-00-00')
+                        if([System.BitConverter]::ToString($SMB_client_receive[132..135]) -eq '00-00-00-00')
                         {
                             Write-Verbose "Service $SMB_service created on $Target"
                             $SMB_service_context_handle = $SMB_client_receive[112..131]
@@ -2078,6 +2083,11 @@ if($SMB_client.Connected)
                             $SMB_client_stage = 'ReadRequest'
                             $SMB_client_stage_next = 'DeleteServiceW'     
                         }
+                        elseif([System.BitConverter]::ToString($SMB_client_receive[132..135]) -eq '31-04-00-00')
+                        {
+                            Write-Output "Service $SMB_service creation failed on $Target"
+                            $SMBExec_failed = $true
+                        }
                         else
                         {
                             Write-Output "Service creation fault context mismatch"
diff --git a/README.md b/README.md
index 0862ba1..ddc18e9 100644
--- a/README.md
+++ b/README.md
@@ -1,5 +1,5 @@
 # Invoke-TheHash
-Invoke-TheHash contains PowerShell functions for performing NTLMv2 pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Local administrator privilege is not required client-side.  
+Invoke-TheHash contains PowerShell functions for performing pass the hash WMI and SMB command execution. WMI and SMB services are accessed through .NET TCPClient connections. Authentication is performed by passing an NTLM hash into the NTLMv2 authentication protocol. Local administrator privilege is not required client-side.  
 
 # Requirements
 Minimum PowerShell 2.0
author	Kevin Robertson <robertsonk@gmail.com>	2017-01-15 18:52:30 -0500
committer	Kevin Robertson <robertsonk@gmail.com>	2017-01-15 18:52:30 -0500
commit	2318def4dbf419c31a088cf4a222d0ac9851b5d9 (patch)
tree	e4ae314e1887fa3cad80a91b2ec98fc6b4924c0c
parent	abe8d271bd61ddd70deb33a4b074ddbc7c671389 (diff)
download	Invoke-TheHash-2318def4dbf419c31a088cf4a222d0ac9851b5d9.tar.gz Invoke-TheHash-2318def4dbf419c31a088cf4a222d0ac9851b5d9.zip