removing dup trans function with a no_response argument to trans
git-svn-id: file:///home/svn/incoming/trunk@3650 4d416f70-5f16-0410-b530-b9f4589650daunstable
bmc
parent
09786d3eaa
commit
c9a3258f81
|
|
@ -981,13 +981,13 @@ EVADE = Rex::Proto::SMB::Evasions
|
|||
|
||||
|
||||
# Perform a transaction against a named pipe
|
||||
def trans_named_pipe(file_id, data = '')
|
||||
def trans_named_pipe(file_id, data = '', no_response = nil)
|
||||
pipe = EVADE.make_trans_named_pipe_name(evasion_opts['pad_file'])
|
||||
self.trans(pipe, '', data, 2, [0x26, file_id].pack('vv') )
|
||||
self.trans(pipe, '', data, 2, [0x26, file_id].pack('vv'), no_response)
|
||||
end
|
||||
|
||||
# Perform a transaction against a given pipe name
|
||||
def trans(pipe, param = '', body = '', setup_count = 0, setup_data = '')
|
||||
def trans(pipe, param = '', body = '', setup_count = 0, setup_data = '', no_response = nil)
|
||||
|
||||
# Null-terminate the pipe parameter if needed
|
||||
if (pipe[-1] != 0)
|
||||
|
|
@ -1017,7 +1017,7 @@ EVADE = Rex::Proto::SMB::Evasions
|
|||
|
||||
# Throw some form of a warning out?
|
||||
if (data.length > mlen)
|
||||
# This call will more than likely fail :-(
|
||||
# XXX This call will more than likely fail :-(
|
||||
end
|
||||
|
||||
# Calculate all of the offsets
|
||||
|
|
@ -1042,82 +1042,18 @@ EVADE = Rex::Proto::SMB::Evasions
|
|||
pkt['Payload'].v['SetupData'] = setup_data
|
||||
|
||||
pkt['Payload'].v['Payload'] = data
|
||||
|
||||
self.smb_send(pkt.to_s)
|
||||
ack = self.smb_recv_parse(CONST::SMB_COM_TRANSACTION)
|
||||
|
||||
return ack
|
||||
end
|
||||
if no_response
|
||||
pkt['Payload'].v['Flags'] = 2
|
||||
end
|
||||
|
||||
response = self.smb_send(pkt.to_s)
|
||||
if no_response
|
||||
return response
|
||||
end
|
||||
|
||||
|
||||
# Perform a transaction against a named pipe
|
||||
def trans_named_pipe_oneway(file_id, data = '')
|
||||
pipe = EVADE.make_trans_named_pipe_name(evasion_opts['pad_file'])
|
||||
self.trans_oneway(pipe, '', data, 2, [0x26, file_id].pack('vv') )
|
||||
return self.smb_recv_parse(CONST::SMB_COM_TRANSACTION)
|
||||
end
|
||||
|
||||
# Perform a transaction against a given pipe name (one way)
|
||||
def trans_oneway(pipe, param = '', body = '', setup_count = 0, setup_data = '')
|
||||
|
||||
# Null-terminate the pipe parameter if needed
|
||||
if (pipe[-1] != 0)
|
||||
pipe << "\x00"
|
||||
end
|
||||
|
||||
pkt = CONST::SMB_TRANS_PKT.make_struct
|
||||
self.smb_defaults(pkt['Payload']['SMB'])
|
||||
|
||||
# Packets larger than mlen will cause XP SP2 to disconnect us ;-(
|
||||
mlen = 4200
|
||||
|
||||
# Figure out how much space is taken up by our current arguments
|
||||
xlen = pipe.length + param.length + body.length
|
||||
|
||||
filler1 = ''
|
||||
filler2 = ''
|
||||
|
||||
# Fill any available space depending on the evasion settings
|
||||
if (xlen < mlen)
|
||||
filler1 = EVADE.make_offset_filler(evasion_opts['pad_data'], (mlen-xlen)/2)
|
||||
filler2 = EVADE.make_offset_filler(evasion_opts['pad_data'], (mlen-xlen)/2)
|
||||
end
|
||||
|
||||
# Squish the whole thing together
|
||||
data = pipe + filler1 + param + filler2 + body
|
||||
|
||||
# Throw some form of a warning out?
|
||||
if (data.length > mlen)
|
||||
# This call will more than likely fail :-(
|
||||
end
|
||||
|
||||
# Calculate all of the offsets
|
||||
base_offset = pkt.to_s.length + (setup_count * 2) - 4
|
||||
param_offset = base_offset + pipe.length + filler1.length
|
||||
data_offset = param_offset + filler2.length + param.length
|
||||
|
||||
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION
|
||||
pkt['Payload']['SMB'].v['Flags1'] = 0x18
|
||||
pkt['Payload']['SMB'].v['Flags2'] = 0x2001
|
||||
pkt['Payload']['SMB'].v['WordCount'] = 14 + setup_count
|
||||
|
||||
pkt['Payload'].v['ParamCountTotal'] = param.length
|
||||
pkt['Payload'].v['DataCountTotal'] = body.length
|
||||
pkt['Payload'].v['ParamCountMax'] = 1024
|
||||
pkt['Payload'].v['DataCountMax'] = 65504
|
||||
pkt['Payload'].v['ParamCount'] = param.length
|
||||
pkt['Payload'].v['ParamOffset'] = param_offset
|
||||
pkt['Payload'].v['DataCount'] = body.length
|
||||
pkt['Payload'].v['DataOffset'] = data_offset
|
||||
pkt['Payload'].v['SetupCount'] = setup_count
|
||||
pkt['Payload'].v['SetupData'] = setup_data
|
||||
|
||||
pkt['Payload'].v['Payload'] = data
|
||||
pkt['Payload'].v['Flags'] = 2
|
||||
|
||||
self.smb_send(pkt.to_s)
|
||||
return ack
|
||||
end
|
||||
|
||||
# Perform a transaction2 request using the specified subcommand, parameters, and data
|
||||
def trans2(subcommand, param = '', body = '')
|
||||
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ EVADE = Rex::Proto::SMB::Evasions
|
|||
|
||||
# Keep writing data until we run out
|
||||
while (chunk.length > 0)
|
||||
ok = self.client.write(self.file_id, fptr, chunk)
|
||||
ok = self.client.write(self.file_id, fptr, chunk)
|
||||
cl = ok['Payload'].v['CountLow']
|
||||
|
||||
# Partial write, push the failed data back into the queue
|
||||
|
|
@ -217,12 +217,8 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
|
|||
fh = OpenPipe.new(self.client, path, self.client.last_tree_id, file_id)
|
||||
end
|
||||
|
||||
def trans_pipe(fid, data)
|
||||
client.trans_named_pipe(fid, data)
|
||||
end
|
||||
|
||||
def trans_pipe_oneway(fid, data)
|
||||
client.trans_named_pipe_oneway(fid, data)
|
||||
def trans_pipe(fid, data, no_response = nil)
|
||||
client.trans_named_pipe(fid, data, no_response)
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
|||
Loading…
Reference in New Issue