infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add template for SMB_QUERY_FILE_BASIC_INFO

bug/bundler_fix
jvazquez-r7 2015-02-20 10:40:45 -06:00
parent cf63e09188
commit 21978a1bfe
2 changed files with 47 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/msf/core/exploit/smb/server/share.rb
View File

@ -655,19 +655,33 @@ module Msf
# For MS13-071, payload is an empty unicode request (4 bytes) # For MS13-071, payload is an empty unicode request (4 bytes)
if payload.downcase.eql?(file.downcase) or payload.length.to_s.eql?('4') if payload.downcase.eql?(file.downcase) or payload.length.to_s.eql?('4')
if payload.length.to_s.eql?('4') if payload.length.to_s.eql?('4')
attrib = "\x10\x00\x00\x00" # File attributes => directory attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY # File attributes => directory
else else
attrib = "\x80\x00\x00\x00" # File attributes => file attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File attributes => file
end end
else else
if payload.downcase.include?(file.downcase) if payload.downcase.include?(file.downcase)
attrib = "\x80\x00\x00\x00" # File attributes => file attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File attributes => file
else else
# QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer # QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer
attrib = "\x10\x00\x00\x00" # File attributes => directory attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY # File attributes => directory
end end
end end
trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
trans2_params.v['EaErrorOffset'] = 0
query_path_info = CONST::SMB_QUERY_FILE_BASIC_INFO_HDR.make_struct
query_path_info.v['loCreationTime'] = lo
query_path_info.v['hiCreationTime'] = hi
query_path_info.v['loLastAccessTime'] = lo
query_path_info.v['hiLastAccessTime'] = hi
query_path_info.v['loLastWriteTime'] = lo
query_path_info.v['hiLastWriteTime'] = hi
query_path_info.v['loLastChangeTime'] = lo
query_path_info.v['hiLastChangeTime'] = hi
query_path_info.v['ExtFileAttributes'] = attrib
# If payload contains our file, send the response # If payload contains our file, send the response
if payload.downcase.eql?(file.downcase) or payload.length.to_s.eql?('4') or payload.downcase.include?(file.downcase) if payload.downcase.eql?(file.downcase) or payload.length.to_s.eql?('4') or payload.downcase.include?(file.downcase)
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2 pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
@ -682,16 +696,9 @@ module Msf
pkt['Payload'].v['DataOffset'] = 60 pkt['Payload'].v['DataOffset'] = 60
pkt['Payload'].v['Payload'] = pkt['Payload'].v['Payload'] =
"\x00" + # Padding "\x00" + # Padding
# QUERY_PATH_INFO Parameters trans2_params.to_s +
"\x00\x00" + # EA Error Offset
"\x00\x00" + # Padding "\x00\x00" + # Padding
#QUERY_PATH_INFO Data query_path_info.to_s
[lo, hi].pack("VV") + # Created
[lo, hi].pack("VV") + # Last Access
[lo, hi].pack("VV") + # Last Write
[lo, hi].pack("VV") + # Change
attrib +
"\x00\x00\x00\x00" # Unknown
c.put(pkt.to_s) c.put(pkt.to_s)
else else
# Else send not found # Else send not found
@ -741,7 +748,7 @@ module Msf
return return
end end
trans2_params = CONST::SMB_TRANS2_PARAMETERS.make_struct trans2_params = CONST::SMB_TRANS2_FIND_FIRST2_RES_PARAMETERS.make_struct
trans2_params.v['SID'] = 0xfffd trans2_params.v['SID'] = 0xfffd
trans2_params.v['SearchCount'] = search trans2_params.v['SearchCount'] = search
trans2_params.v['EndOfSearch'] = search trans2_params.v['EndOfSearch'] = search
@ -776,10 +783,9 @@ module Msf
pkt['Payload'].v['DataOffset'] = 68 pkt['Payload'].v['DataOffset'] = 68
pkt['Payload'].v['Payload'] = pkt['Payload'].v['Payload'] =
"\x00" + # Padding "\x00" + # Padding
trans2_params.to_s + # FIND_FIRST2 Parameters trans2_params.to_s +
"\x00\x00" + # Padding "\x00\x00" + # Padding
find_file.to_s find_file.to_s
#QUERY_PATH_INFO Data
c.put(pkt.to_s) c.put(pkt.to_s)
end end
@ -813,7 +819,7 @@ module Msf
find_file.v['FileIndex'] = 0 find_file.v['FileIndex'] = 0
find_file.v['FileName'] = data find_file.v['FileName'] = data
trans2_params = CONST::SMB_TRANS2_PARAMETERS.make_struct trans2_params = CONST::SMB_TRANS2_FIND_FIRST2_RES_PARAMETERS.make_struct
trans2_params.v['SID'] = 0xfffd trans2_params.v['SID'] = 0xfffd
trans2_params.v['SearchCount'] = 1 trans2_params.v['SearchCount'] = 1
trans2_params.v['EndOfSearch'] = 1 trans2_params.v['EndOfSearch'] = 1
@ -833,9 +839,8 @@ module Msf
pkt['Payload'].v['DataOffset'] = 68 pkt['Payload'].v['DataOffset'] = 68
pkt['Payload'].v['Payload'] = pkt['Payload'].v['Payload'] =
"\x00" + # Padding "\x00" + # Padding
trans2_params.to_s + # FIND_FIRST2 Parameters trans2_params.to_s +
"\x00\x00" + # Padding "\x00\x00" + # Padding
# QUERY_PATH_INFO Data
find_file.to_s find_file.to_s
c.put(pkt.to_s) c.put(pkt.to_s)
end end
@ -892,7 +897,7 @@ module Msf
find_file.v['ExtFileAttributes'] = attrib find_file.v['ExtFileAttributes'] = attrib
find_file.v['FileName'] = data find_file.v['FileName'] = data
trans2_params = CONST::SMB_TRANS2_PARAMETERS.make_struct trans2_params = CONST::SMB_TRANS2_FIND_FIRST2_RES_PARAMETERS.make_struct
trans2_params.v['SID'] = 0xfffd trans2_params.v['SID'] = 0xfffd
trans2_params.v['SearchCount'] = search trans2_params.v['SearchCount'] = search
trans2_params.v['EndOfSearch'] = search trans2_params.v['EndOfSearch'] = search
@ -911,7 +916,7 @@ module Msf
pkt['Payload'].v['DataOffset'] = 68 pkt['Payload'].v['DataOffset'] = 68
pkt['Payload'].v['Payload'] = pkt['Payload'].v['Payload'] =
"\x00" + # Padding "\x00" + # Padding
trans2_params.to_s + # FIND_FIRST2 Parameters trans2_params.to_s +
"\x00\x00" + # Padding "\x00\x00" + # Padding
find_file.to_s find_file.to_s

23
lib/rex/proto/smb/constants.rb
View File

@ -1089,8 +1089,8 @@ SMB_SEARCH_HDR_PKT = Rex::Struct2::CStructTemplate.new(
) )
SMB_SEARCH_PKT = self.make_nbs(SMB_SEARCH_HDR_PKT) SMB_SEARCH_PKT = self.make_nbs(SMB_SEARCH_HDR_PKT)
# A template for SMB TRANS2 parameters # A template for SMB TRANS2_FIND_FIRST response parameters
SMB_TRANS2_PARAMETERS = Rex::Struct2::CStructTemplate.new( SMB_TRANS2_FIND_FIRST2_RES_PARAMETERS = Rex::Struct2::CStructTemplate.new(
['uint16v', 'SID', 0], ['uint16v', 'SID', 0],
['uint16v', 'SearchCount', 0], ['uint16v', 'SearchCount', 0],
['uint16v', 'EndOfSearch', 0], ['uint16v', 'EndOfSearch', 0],
@ -1161,6 +1161,25 @@ SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR = Rex::Struct2::CStructTemplate.new(
SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH = 68 SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH = 68
# A template for SMB FIND_FIRST2 TRANS2 response parameters
SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS = Rex::Struct2::CStructTemplate.new(
['uint16v', 'EaErrorOffset', 0]
)
# A template for SMB_QUERY_FILE_BASIC_INFO query path information level
SMB_QUERY_FILE_BASIC_INFO_HDR = Rex::Struct2::CStructTemplate.new(
['uint32v', 'loCreationTime', 0],
['uint32v', 'hiCreationTime', 0],
['uint32v', 'loLastAccessTime', 0],
['uint32v', 'hiLastAccessTime', 0],
['uint32v', 'loLastWriteTime', 0],
['uint32v', 'hiLastWriteTime', 0],
['uint32v', 'loLastChangeTime', 0],
['uint32v', 'hiLastChangeTime', 0],
['uint32v', 'ExtFileAttributes', 0],
['uint32v', 'Reserved', 0]
)
end end
end end
end end