Fix unnecessary paddings

lib/msf/core/exploit/smb/server/share/information_level/find.rb

@@ -73,6 +73,7 @@ module Msf
               trans2_params.to_s +
               "\x00\x00" + # Padding
               find_file.to_s
+
             c.put(pkt.to_s)
           end
 

lib/msf/core/exploit/smb/server/share/information_level/query.rb

@@ -12,8 +12,6 @@ module Msf
           #
           def smb_cmd_trans_query_file_info_basic(c, fid)
             smb = @state[c]
-            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
-            smb_set_defaults(c, pkt)
 
             if fid.eql?smb[:file_id].to_i
               attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File attributes => file
@@ -25,6 +23,9 @@ module Msf
               return
             end
 
+            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
+            smb_set_defaults(c, pkt)
+
             trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
             trans2_params.v['EaErrorOffset'] = 0
 
@@ -97,24 +98,22 @@ module Msf
           # Responds to QUERY_PATH_INFO (Basic) requests
           #
           def smb_cmd_trans_query_path_info_basic(c, path)
-            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
-            smb_set_defaults(c, pkt)
-
             if path && path.ends_with?(file_name) #TODO: do it better
-              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File attributes => file
+              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
             elsif path && path.ends_with?(file_name + '.Local')
-              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File attributes => file
+              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
             elsif path && path == path_name
-              # QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer
-              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY # File attributes => directory
+              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
             elsif path.nil? || path.empty? || path == "\x00" # empty path
-              # QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer
-              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY # File attributes => directory
+              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
             else
               smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND, true)
               return
             end
 
+            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
+            smb_set_defaults(c, pkt)
+
             trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
             trans2_params.v['EaErrorOffset'] = 0
 
@@ -154,8 +153,7 @@ module Msf
           # At the moment we just support '\\' path always send a SUCCESS...
           def smb_cmd_trans_query_path_info_standard(c, path)
 
-            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
-            smb_set_defaults(c, pkt)
+            puts "[smb_cmd_trans_query_path_info_standard] #{path}"
 
             if path && path.include?(file_name) #TODO: do it better
               attrib = 0 # File attributes => file
@@ -168,6 +166,9 @@ module Msf
               return
             end
 
+            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
+            smb_set_defaults(c, pkt)
+
             trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
             trans2_params.v['EaErrorOffset'] = 0
 
@@ -186,17 +187,20 @@ module Msf
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = trans2_params.to_s.length
-            pkt['Payload'].v['DataCountTotal'] = query_path_info.to_s.length + UNICODE_NULL_LENGTH
+            #pkt['Payload'].v['DataCountTotal'] = query_path_info.to_s.length + UNICODE_NULL_LENGTH
+            pkt['Payload'].v['DataCountTotal'] = query_path_info.to_s.length
             pkt['Payload'].v['ParamCount'] = trans2_params.to_s.length
             pkt['Payload'].v['ParamOffset'] = CONST::SMB_TRANS_RES_PKT_LENGTH
-            pkt['Payload'].v['DataCount'] = query_path_info.to_s.length + UNICODE_NULL_LENGTH
+            #pkt['Payload'].v['DataCount'] = query_path_info.to_s.length + UNICODE_NULL_LENGTH
+            pkt['Payload'].v['DataCount'] = query_path_info.to_s.length
             pkt['Payload'].v['DataOffset'] = CONST::SMB_TRANS_RES_PKT_LENGTH + trans2_params.to_s.length + UNICODE_NULL_LENGTH
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding
               trans2_params.to_s +
               "\x00\x00" + # Padding
-              query_path_info.to_s +
-              "\x00\x00" # Unknown
+              query_path_info.to_s #+
+              #"\x00\x00" # Unknown
+
             c.put(pkt.to_s)
           end
 
@@ -206,9 +210,6 @@ module Msf
           # At the moment we just support '\\' path always send a SUCCESS...
           def smb_cmd_trans_query_path_info_network(c, path)
 
-            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
-            smb_set_defaults(c, pkt)
-
             if path && path.include?(file_name) #TODO: do it better
               attrib = 0 # File attributes => file
             elsif path && path == path_name
@@ -222,6 +223,9 @@ module Msf
               return
             end
 
+            pkt = CONST::SMB_TRANS_RES_PKT.make_struct
+            smb_set_defaults(c, pkt)
+
             trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
             trans2_params.v['EaErrorOffset'] = 0
 
@@ -256,6 +260,7 @@ module Msf
               trans2_params.to_s +
               "\x00\x00" + # Padding
               query_path_info.to_s
+
             c.put(pkt.to_s)
           end
         end