Redo TRANS2_QUERY_PATH_INFORMATION dispatching
jvazquez-r7
parent
a06d07d6da
commit
87176b9b37
|
|
@ -8,21 +8,29 @@ module Msf
|
|||
# This mixin provides methods to handle TRAN2_QUERY_PATH_INFORMATION subcommands
|
||||
module QueryPathInformation
|
||||
def smb_cmd_trans2_query_path_information(c, buff)
|
||||
#dprint("[smb_cmd_trans2_query_path_information]")
|
||||
#smb_cmd_trans2_query_file_information(c, buff)
|
||||
dprint("[smb_cmd_trans2_query_path_information]")
|
||||
ar = Rex::Text.to_hex(buff, '').to_s
|
||||
mdc = ar[86..89].unpack('n*').reverse.pack('n*').to_i(16)
|
||||
loi = ar[144..147].unpack('n*').reverse.pack('n*').to_i(16)
|
||||
|
||||
case mdc # MAX DATA COUNT
|
||||
when CONST::SMB_QUERY_BASIC_MDC
|
||||
#case mdc # MAX DATA COUNT
|
||||
#when CONST::SMB_QUERY_BASIC_MDC
|
||||
case loi
|
||||
when CONST::SMB_QUERY_FILE_BASIC_INFO
|
||||
when CONST::SMB_QUERY_FILE_BASIC_INFO, CONST::SMB_QUERY_FILE_BASIC_INFO_ALIAS, CONST::SMB_SET_FILE_BASIC_INFO_ALIAS
|
||||
dprint("\t\t[query_file_info_basic]")
|
||||
smb_cmd_trans_query_file_info_basic(c, buff)
|
||||
smb_cmd_trans_query_path_info_basic(c, buff)
|
||||
when CONST::SMB_QUERY_FILE_STANDARD_INFO, CONST::SMB_QUERY_FILE_STANDARD_INFO_ALIAS
|
||||
dprint("\t\t[query_file_info_standard]")
|
||||
#smb_cmd_trans_query_file_info_standard(c, buff)
|
||||
smb_cmd_trans_query_path_info_standard(c, buff)
|
||||
else
|
||||
dprint("\t\tUnknown LOI [smb_cmd_trans_query_path_info_basic] - #{loi.to_s}")
|
||||
#TODO: SEND ERROR IF IT'S AN UKNNOWN REQUEST....
|
||||
smb_cmd_trans_query_path_info_basic(c, buff)
|
||||
end
|
||||
=begin
|
||||
when CONST::SMB_QUERY_STANDARD_MDC1, CONST::SMB_QUERY_STANDARD_MDC2
|
||||
dprint("\t\t[query_path_info_standard]")
|
||||
smb_cmd_trans_query_path_info_standard(c, buff)
|
||||
|
|
@ -36,6 +44,7 @@ module Msf
|
|||
dprint("\t\tUnknown MDC - Sending to [query_path_info_standard]: #{mdc.to_s}")
|
||||
smb_cmd_trans_query_path_info_standard(c, buff)
|
||||
end
|
||||
=end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -52,13 +52,17 @@ module Msf
|
|||
c.put(pkt.to_s)
|
||||
end
|
||||
|
||||
# TODO: delete?
|
||||
def smb_cmd_trans_query_file_info_standard(c, buff)
|
||||
dprint("****** [smb_cmd_trans_query_file_info_standard] ****** ")
|
||||
|
||||
trans2_params = CONST::SMB_TRANS2_QUERY_PATH_INFORMATION_RES_PARAMETERS.make_struct
|
||||
trans2_params.v['EaErrorOffset'] = 0
|
||||
|
||||
query_path_info = CONST::SMB_QUERY_FILE_STANDARD_INFO_HDR.make_struct
|
||||
query_path_info.v['AllocationSize'] = 1048576
|
||||
query_path_info.v['EndOfFile'] = exe_contents.length
|
||||
query_path_info.v['NumberOfLinks'] = 1
|
||||
query_path_info.v['DeletePending'] = 0
|
||||
query_path_info.v['Directory'] = 0 #isdir == false
|
||||
|
||||
pkt = CONST::SMB_TRANS_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
|
||||
|
|
@ -74,11 +78,10 @@ module Msf
|
|||
pkt['Payload'].v['DataOffset'] = 60
|
||||
pkt['Payload'].v['Payload'] =
|
||||
"\x00" + # Padding
|
||||
# QUERY_FILE Parameters
|
||||
trans2_params.to_s +
|
||||
"\x00\x00" + # Padding
|
||||
# QUERY_FILE_INFO Data
|
||||
"\x95\x1c\x02\x00\x00\x00\x00\x00"
|
||||
query_path_info.to_s +
|
||||
"\x00\x00" # Unknown
|
||||
c.put(pkt.to_s)
|
||||
end
|
||||
|
||||
|
|
@ -169,6 +172,8 @@ module Msf
|
|||
# if QUERY_PATH_INFO_PARAMETERS doesn't include a file name,
|
||||
# return a Directory answer
|
||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY # File attributes => directory
|
||||
else
|
||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||
end
|
||||
|
||||
if (payext and payext.downcase.eql?(fileext.downcase)) or payload.length.to_s.eql?('1') or payload.length.to_s.eql?('4') or payload.eql?(path)
|
||||
|
|
|
|||
Loading…
Reference in New Issue