SMB negociation error

[Mera-balou]

Hi Junyu Zhou,

I have just seeing your zero nights talk. I 'm impressed because i thought that NTLM relay to the same machine was dead... So i just want to reproduce your demo but i 've some issue.
@ip of the attacker (Ubuntu 17.04) : 192.168.1.46
@ip of the victim (windows 7 with FW disabled) : 192.168.1.68

I launch ultrarelay script, and then, i launch inside Win7 my cayenne project (same as yours) in order to make a java connection trought the HTTP server up by ultrarelay script. But there is an issue when ultrarelay have to deal with SMB server:

~/ultrarelay$ sudo python ultrarelay.py -ip 192.168.1.46
UltraRealy v0.1 - md5_salt & tomato
Based on Impacket and Responder

[*] Protocol Client HTTP loaded..
[*] Protocol Client HTTPS loaded..
[*] Protocol Client MSSQL loaded..
[*] Protocol Client IMAPS loaded..
[*] Protocol Client IMAP loaded..
[*] Protocol Client SMTP loaded..
[*] Protocol Client LDAPS loaded..
[*] Protocol Client LDAP loaded..
[*] Protocol Client SMB loaded..
[*] Running in reflection mode
[*] Setting up SMB Server

[*] Setting up HTTP Server
[*] Servers started, waiting for connections
[*] HTTPD: Received connection from 192.168.1.68, attacking target smb://192.168.1.68:445
[*] HTTPD: Client requested path: /
[*] HTTPD: Received connection from 192.168.1.68, attacking target smb://192.168.1.68:445
[*] HTTPD: Client requested path: /
[-] SessionSetup Error!
[-] Exception in HTTP request handler: SMB SessionError: class: ERRSRV, code: ERRerror(Non-specific error code.)

Here is attached pcap of the whole negociation : NTLM_relay-SMB-error.zip.pcapng.gz
Error given : Session Setup AndX Response, Error: Non specific error code

Do you have any idea?

Regards,

Mera