Do minor cleanup
jvazquez-r7
parent
6d6d5a7dca
commit
c73ffea1b9
|
|
@ -9,10 +9,6 @@ module Msf
|
|||
# Responds to a client CLOSE request
|
||||
#
|
||||
def smb_cmd_close(c, buff)
|
||||
dprint("[SMB_CMD_CLOSE]")
|
||||
pkt = CONST::SMB_CLOSE_PKT.make_struct
|
||||
pkt.from_s(buff)
|
||||
|
||||
pkt = CONST::SMB_CLOSE_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
|
||||
|
|
|
|||
|
|
@ -9,12 +9,10 @@ module Msf
|
|||
# Negotiates a SHARE session with the client
|
||||
#
|
||||
def smb_cmd_negotiate(c, buff)
|
||||
dprint("[SMB_CMD_NEGOTIATE]")
|
||||
pkt = CONST::SMB_NEG_PKT.make_struct
|
||||
pkt.from_s(buff)
|
||||
|
||||
dialects = pkt['Payload'].v['Payload'].gsub(/\x00/, '').split(/\x02/).grep(/^\w+/)
|
||||
|
||||
dialect = dialects.index("NT LM 0.12") || dialects.length-1
|
||||
|
||||
pkt = CONST::SMB_NEG_RES_NT_PKT.make_struct
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ module Msf
|
|||
# Responds to a client NT_CREATE_ANDX request
|
||||
#
|
||||
def smb_cmd_create(c, buff)
|
||||
dprint("[SMB_CMD_CREATE]")
|
||||
smb = @state[c]
|
||||
pkt = CONST::SMB_CREATE_PKT.make_struct
|
||||
pkt.from_s(buff)
|
||||
|
|
@ -25,12 +24,12 @@ module Msf
|
|||
|
||||
if payload.ends_with?(file_name)
|
||||
fid = smb[:file_id].to_i
|
||||
attribs = 0x80 # File Attributes
|
||||
attribs = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||
eof = exe_contents.length
|
||||
is_dir = 0
|
||||
elsif payload.eql?(path_name)
|
||||
fid = smb[:dir_id].to_i
|
||||
attribs = 0x10 # Ordinary Dir
|
||||
attribs = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||
eof = 0
|
||||
is_dir = 1
|
||||
else
|
||||
|
|
@ -51,7 +50,7 @@ module Msf
|
|||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
|
||||
pkt['Payload']['SMB'].v['WordCount'] = 42
|
||||
pkt['Payload'].v['AndX'] = 0xff # no further commands
|
||||
pkt['Payload'].v['AndX'] = CONST::SMB_COM_NO_ANDX_COMMAND
|
||||
pkt['Payload'].v['OpLock'] = CONST::LEVEL_II_OPLOCK # Grant Oplock on File
|
||||
pkt['Payload'].v['FileID'] = fid
|
||||
pkt['Payload'].v['Action'] = CONST::FILE_OPEN # The file existed and was opened
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ module Msf
|
|||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
|
||||
pkt['Payload']['SMB'].v['WordCount'] = 12
|
||||
pkt['Payload'].v['AndX'] = 0xff # no more commands
|
||||
pkt['Payload'].v['AndX'] = CONST::SMB_COM_NO_ANDX_COMMAND
|
||||
pkt['Payload'].v['Remaining'] = 0xffff
|
||||
pkt['Payload'].v['DataLenLow'] = length
|
||||
pkt['Payload'].v['DataOffset'] = CONST::SMB_READ_RES_HDR_PKT_LENGTH
|
||||
|
|
|
|||
|
|
@ -13,7 +13,7 @@ module Msf
|
|||
|
||||
tree_connect_response = CONST::SMB_TREE_CONN_ANDX_RES_PKT.make_struct
|
||||
tree_connect_response.v['WordCount'] = 7
|
||||
tree_connect_response.v['AndXCommand'] = 0xff
|
||||
tree_connect_response.v['AndXCommand'] = CONST::SMB_COM_NO_ANDX_COMMAND
|
||||
tree_connect_response.v['AndXReserved'] = 0
|
||||
tree_connect_response.v['AndXOffset'] = 0
|
||||
tree_connect_response.v['OptionalSupport'] = 1
|
||||
|
|
@ -28,7 +28,7 @@ module Msf
|
|||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
|
||||
pkt['Payload']['SMB'].v['WordCount'] = 3
|
||||
pkt['Payload'].v['AndX'] = 0x75
|
||||
pkt['Payload'].v['AndX'] = CONST::SMB_COM_TREE_CONNECT_ANDX
|
||||
pkt['Payload'].v['Reserved1'] = 00
|
||||
pkt['Payload'].v['AndXOffset'] = 96
|
||||
pkt['Payload'].v['Action'] = CONST::SMB_SETUP_GUEST
|
||||
|
|
|
|||
|
|
@ -24,25 +24,22 @@ module Msf
|
|||
data_trans2.from_s(pkt['Payload'].v['SetupData'])
|
||||
|
||||
sub_command = data_trans2.v['SubCommand']
|
||||
parameters = data_trans2.v['Parameters'].gsub(/^[\x00]*/, '') #delete padding
|
||||
|
||||
case sub_command
|
||||
when CONST::TRANS2_QUERY_FILE_INFO
|
||||
parameters = data_trans2.v['Parameters'].gsub(/^[\x00]*/, '') #delete padding
|
||||
smb_cmd_trans2_query_file_information(c, parameters)
|
||||
when CONST::TRANS2_QUERY_PATH_INFO
|
||||
parameters = data_trans2.v['Parameters'].gsub(/^[\x00]*/, '') #delete padding
|
||||
smb_cmd_trans2_query_path_information(c, parameters)
|
||||
when CONST::TRANS2_FIND_FIRST2
|
||||
parameters = data_trans2.v['Parameters'].gsub(/^[\x00]*/, '') #delete padding
|
||||
smb_cmd_trans2_find_first2(c, parameters)
|
||||
else
|
||||
dprint("\t[Unsupported/Unknown command] SUB_COMMAND: #{sub_command}")
|
||||
pkt = CONST::SMB_TRANS_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
|
||||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
|
||||
pkt['Payload']['SMB'].v['ErrorClass'] = 0xc0000225 # NT_STATUS_NOT_FOUND
|
||||
pkt['Payload']['SMB'].v['ErrorClass'] = CONST::SMB_NT_STATUS_NOT_FOUND
|
||||
c.put(pkt.to_s)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -18,8 +18,8 @@ module Msf
|
|||
search_path.gsub!(/[\x00]*/, '') #delete padding
|
||||
search_path.gsub!(/\\x([0-9a-f]{2})/i, '') # delete hex chars
|
||||
|
||||
# Do some dummy managing for wildcards
|
||||
# TODO: improve
|
||||
# Do some managing for wildcards
|
||||
# TODO: Make it better / complete
|
||||
search_path.gsub!(/<\./, '*.') # manage wildcards
|
||||
extension = File.extname(file_name)
|
||||
if search_path == "#{path_name}*#{extension}"
|
||||
|
|
@ -34,8 +34,7 @@ module Msf
|
|||
when CONST::SMB_FIND_FILE_FULL_DIRECTORY_INFO
|
||||
smb_cmd_find_file_full_directory_info(c, search_path)
|
||||
else
|
||||
dprint("\t\tUnknown LOI [smb_cmd_trans2_find_first2] - #{loi}")
|
||||
# SEND success with the hope of going ahead...
|
||||
# Send STATUS_SUCCESS with the hope of going ahead
|
||||
smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_SUCCESS)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -9,7 +9,6 @@ module Msf
|
|||
module QueryFileInformation
|
||||
|
||||
def smb_cmd_trans2_query_file_information(c, buff)
|
||||
|
||||
params = CONST::SMB_TRANS2_QUERY_FILE_PARAMETERS.make_struct
|
||||
params.from_s(buff)
|
||||
|
||||
|
|
@ -22,8 +21,7 @@ module Msf
|
|||
when CONST::SMB_QUERY_FILE_BASIC_INFO, CONST::SMB_QUERY_FILE_BASIC_INFO_ALIAS, CONST::SMB_SET_FILE_BASIC_INFO_ALIAS
|
||||
smb_cmd_trans_query_file_info_basic(c, fid)
|
||||
else
|
||||
dprint("\t\tUnknown LOI [smb_cmd_trans2_query_file_information] - #{loi.to_s}")
|
||||
# SEND success with the hope of going ahead...
|
||||
# Send STATUS_SUCCESS with the hope of going ahead
|
||||
smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_SUCCESS)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -26,8 +26,7 @@ module Msf
|
|||
when CONST::SMB_QUERY_FILE_NETWORK_OPEN_INFO
|
||||
smb_cmd_trans_query_path_info_network(c, file_name)
|
||||
else
|
||||
dprint("\t\tUnknown LOI [smb_cmd_trans2_query_path_information] - #{loi.to_s}")
|
||||
# SEND success with the hope of going ahead...
|
||||
# Send STATUS_SUCCESS with the hope of going ahead
|
||||
smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_SUCCESS)
|
||||
end
|
||||
end
|
||||
|
|
|
|||
|
|
@ -81,10 +81,6 @@ module Msf
|
|||
# Command: Find File Names Info
|
||||
#
|
||||
def smb_cmd_find_file_names_info(c, payload)
|
||||
|
||||
pkt = CONST::SMB_TRANS_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
|
||||
if payload && payload.include?(file_name)
|
||||
data = Rex::Text.to_unicode(file_name)
|
||||
elsif payload && payload == path_name
|
||||
|
|
@ -94,6 +90,9 @@ module Msf
|
|||
return
|
||||
end
|
||||
|
||||
pkt = CONST::SMB_TRANS_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
|
||||
find_file = CONST::SMB_FIND_FILE_NAMES_INFO_HDR.make_struct
|
||||
find_file.v['NextEntryOffset'] = CONST::SMB_FIND_FILE_NAMES_INFO_HDR_LENGTH + data.length
|
||||
find_file.v['FileIndex'] = 0
|
||||
|
|
@ -106,8 +105,6 @@ module Msf
|
|||
trans2_params.v['EaErrorOffset'] = 0
|
||||
trans2_params.v['LastNameOffset'] = 0
|
||||
|
||||
puts "length: #{find_file.to_s.length}"
|
||||
|
||||
# If its asking for a file, return file
|
||||
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
|
||||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ module Msf
|
|||
query_path_info.v['EndOfFile'] = exe_contents.length
|
||||
query_path_info.v['NumberOfLinks'] = 1
|
||||
query_path_info.v['DeletePending'] = 0
|
||||
query_path_info.v['Directory'] = 0 #isdir == false
|
||||
query_path_info.v['Directory'] = 0
|
||||
|
||||
pkt = CONST::SMB_TRANS_RES_PKT.make_struct
|
||||
smb_set_defaults(c, pkt)
|
||||
|
|
@ -168,15 +168,13 @@ module Msf
|
|||
if path && path.include?(file_name) #TODO: do it better
|
||||
attrib = 0 # File attributes => file
|
||||
elsif path && path == path_name
|
||||
# QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer
|
||||
attrib = 1 # File attributes => directory
|
||||
elsif path.nil? || path.empty? || path == "\x00" # empty path
|
||||
# QUERY_PATH_INFO_PARAMETERS doesn't include a file name, return a Directory answer
|
||||
attrib = 1 # File attributes => directory
|
||||
else
|
||||
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
|
||||
pkt['Payload']['SMB'].v['ErrorClass'] = CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND # OBJECT_NAME_NOT_FOUND
|
||||
pkt['Payload']['SMB'].v['Flags1'] = 0x88
|
||||
pkt['Payload']['SMB'].v['Flags1'] = FLAGS
|
||||
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
|
||||
c.put(pkt.to_s)
|
||||
return
|
||||
|
|
|
|||
|
|
@ -403,6 +403,7 @@ class Constants
|
|||
SMB_STATUS_LOGON_FAILURE = 0xC000006D
|
||||
SMB_STATUS_NO_SUCH_FILE = 0xC000000F
|
||||
SMB_STATUS_OBJECT_NAME_NOT_FOUND = 0xc0000034
|
||||
SMB_NT_STATUS_NOT_FOUND = 0xc0000225
|
||||
|
||||
# SMB Resource types
|
||||
SMB_RESOURCE_FILE_TYPE_DISK = 0x0000
|
||||
|
|
|
|||
Loading…
Reference in New Issue