Skip to content

Reauth after STATUS_NETWORK_SESSION_EXPIRED #292

Open
jheysel-r7 wants to merge 1 commit intorapid7:masterfrom
jheysel-r7:fix/lib/smb_relay_ruby_client_support
Open

Reauth after STATUS_NETWORK_SESSION_EXPIRED #292
jheysel-r7 wants to merge 1 commit intorapid7:masterfrom
jheysel-r7:fix/lib/smb_relay_ruby_client_support

Conversation

@jheysel-r7
Copy link
Contributor

@jheysel-r7 jheysel-r7 commented Feb 12, 2026
edited
Loading

This PR makes a small change to attempt to re-authenticate when the client receives the STATUS_NETWORK_SESSION_EXPIRED error. This is how Window's net use client responds to the error.
https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-smb/6ab6ca20-b404-41fd-b91a-2ed39e3762ea

The smb_relay Metasploit module makes it possible relay an authentication request to multiple targets, by making use of the SMB error STATUS_NETWORK_SESSION_EXPIRED. The relay server first tricks the client into thinking it's authentication attempt was successful, and then throws the error code STATUS_NETWORK_SESSION_EXPIRED which forces the client to re-authenticate and allows the relay server to relay to as many targets as it would like by sending that error code repeatedly.

It seems like this minor detail was never implemented in ruby_smb, nor was it implemented in python's smbprotocol implementation as seen here python smb issue. This is why the smb_relay could never relay authentication from any client other than net use.

Testing

See the metasploit-framework PR for testing instructions

@jheysel-r7 jheysel-r7 mentioned this pull request Feb 12, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jheysel-r7