Delete unused code

2015-02-19 13:16:24 -06:00 · 2015-02-19 13:16:24 -06:00 · d9b9de8e89
parent 5510000bf1
commit d9b9de8e89
1 changed files with 0 additions and 69 deletions
--- a/lib/msf/core/exploit/smb/server/share.rb
+++ b/lib/msf/core/exploit/smb/server/share.rb
@ -109,9 +109,6 @@ module Msf
            if wordcount == 0x0D # Share Security Mode sessions
              dprint("[smb_cmd_session_setup] wordcount is: #{wordcount.to_s}")
              smb_cmd_session_setup(c, buff)
-            #elsif wordcount == 0x0C # Also Share Security Mode sessions with NTLMSSP
-            #  dprint("[smb_cmd_ntlmssp_session_setup] wordcount is: #{wordcount.to_s}")
-            # smb_cmd_ntlmssp_session_setup(c, buff)
            else
              dprint("SMB Capture - #{smb[:ip]} Unknown SMB_COM_SESSION_SETUP_ANDX request type , ignoring... ")
              smb_error(cmd, c, CONST::SMB_STATUS_SUCCESS)
@ -262,18 +259,14 @@ module Msf
        pkt['Payload']['SMB'].v['WordCount'] = 17
        pkt['Payload'].v['Dialect'] = dialect
        pkt['Payload'].v['SecurityMode'] = 2 # SHARE Security Mode
-        #pkt['Payload'].v['SecurityMode'] = 3 # USER Security Mode
        pkt['Payload'].v['MaxMPX'] = 50
        pkt['Payload'].v['MaxVCS'] = 1
-        #pkt['Payload'].v['MaxBuff'] = 16644
        pkt['Payload'].v['MaxBuff'] = 4356
        pkt['Payload'].v['MaxRaw'] = 65536
        pkt['Payload'].v['SystemTimeLow'] = lo
        pkt['Payload'].v['SystemTimeHigh'] = hi
        pkt['Payload'].v['ServerTimeZone'] = 0x0
        pkt['Payload'].v['SessionKey'] = 0
-        #pkt['Payload'].v['Capabilities'] = 0x8080f3fd NTLMSSP capabilities
-        #pkt['Payload'].v['Capabilities'] = 0xd4
        pkt['Payload'].v['Capabilities'] = 0x0080f3fd
        pkt['Payload'].v['KeyLength'] = 8
        pkt['Payload'].v['Payload'] = Rex::Text.rand_text_hex(8)
@ -281,60 +274,6 @@ module Msf
        c.put(pkt.to_s)
      end

-      #
-      # Negotiates an NTLMSSP Session with the client
-      # Currently unimplemented
-      #
-      def smb_cmd_ntlmssp_session_setup(c, buff)
-        # TODO: Havent implemented ntlmssp yet
-        dprint("Broken here...")
-
-        pkt = CONST::SMB_SETUP_RES_PKT.make_struct
-        smb_set_defaults(c, pkt)
-
-        pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_SESSION_SETUP_ANDX
-        pkt['Payload']['SMB'].v['Flags1'] = 0x88
-        pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
-        pkt['Payload']['SMB'].v['WordCount'] = 4
-        pkt['Payload'].v['AndX'] = 0xff
-        pkt['Payload'].v['Reserved1'] = 00
-        pkt['Payload'].v['AndXOffset'] = 0
-        #pkt['Payload'].v['Action'] = 0 # Not Logged in as GUEST
-        pkt['Payload'].v['Action'] = 0x1 # Logged in as GUEST
-        pkt['Payload'].v['Payload'] =
-          Rex::Text.to_unicode("Unix", 'utf-16be') + "\x00\x00" + # Native OS # Samba signature
-          Rex::Text.to_unicode("Samba 3.4.7", 'utf-16be') + "\x00\x00" + # Native LAN Manager # Samba signature
-          Rex::Text.to_unicode("WORKGROUP", 'utf-16be') + "\x00\x00\x00" + # Primary DOMAIN # Samba signature
-        tree_connect_response = ""
-        tree_connect_response << [7].pack("C")  # Tree Connect Response : WordCount
-        tree_connect_response << [0xff].pack("C") # Tree Connect Response : AndXCommand
-        tree_connect_response << [0].pack("C") # Tree Connect Response : Reserved
-        tree_connect_response << [0].pack("v")  # Tree Connect Response : AndXOffset
-        tree_connect_response << [0x1].pack("v")  # Tree Connect Response : Optional Support
-        #tree_connect_response << [0xff].pack("C") # Access Mask All Flags On
-        #tree_connect_response << [0x01].pack("C")
-        #tree_connect_response << [0x1f].pack("C")
-        #tree_connect_response << [0xff].pack("C")
-        tree_connect_response << [0xa9].pack("C") # Access Mask for just Read and Exec
-        tree_connect_response << [0x00].pack("C")
-        tree_connect_response << [0x12].pack("C")
-        tree_connect_response << [0x00].pack("C")
-        tree_connect_response << [0].pack("v") # Tree Connect Response : Word Parameter
-        tree_connect_response << [0].pack("v") # Tree Connect Response : Word Parameter
-        tree_connect_response << [13].pack("v") # Tree Connect Response : ByteCount
-        tree_connect_response << "A:\x00" # Service
-        tree_connect_response << "#{Rex::Text.to_unicode("NTFS")}\x00\x00" # Extra byte parameters
-        # Fix the Netbios Session Service Message Length
-        # to have into account the tree_connect_response,
-        # need to do this because there isn't support for
-        # AndX still
-        my_pkt = pkt.to_s + tree_connect_response
-        original_length = my_pkt[2, 2].unpack("n").first
-        original_length = original_length +  tree_connect_response.length
-        my_pkt[2, 2] = [original_length].pack("n")
-        c.put(my_pkt)
-      end
-
      #
      # Sets up an SMB session in response to a SESSION_SETUP_ANDX request
      #
@ -360,10 +299,6 @@ module Msf
        tree_connect_response << [0].pack("C") # Tree Connect Response : Reserved
        tree_connect_response << [0].pack("v")  # Tree Connect Response : AndXOffset
        tree_connect_response << [0x1].pack("v")  # Tree Connect Response : Optional Support
-        #tree_connect_response << [0xff].pack("C") # Access Mask All Flags On
-        #tree_connect_response << [0x01].pack("C")
-        #tree_connect_response << [0x1f].pack("C")
-        #tree_connect_response << [0xff].pack("C")
        tree_connect_response << [0xa9].pack("C") # Access Mask for just Read and Exec
        tree_connect_response << [0x00].pack("C")
        tree_connect_response << [0x12].pack("C")
@ -434,8 +369,6 @@ module Msf
        pkt['Payload'].v['WriteTimeHigh'] = hi
        pkt['Payload'].v['ChangeTimeLow'] = lo
        pkt['Payload'].v['ChangeTimeHigh'] = hi
-        #pkt['Payload'].v['Attributes'] = 0x20 # Not an archive
-        #pkt['Payload'].v['AllocLow'] = 1048576 # 1Mb
        pkt['Payload'].v['Attributes'] = attribs
        pkt['Payload'].v['AllocLow'] = 0x100000
        pkt['Payload'].v['AllocHigh'] = 0
@ -713,7 +646,6 @@ module Msf

        # If payload contains our file extension, send file response
        if payext and payext.downcase.eql?(fileext.downcase)
-          #attrib = "\x20\x00\x00\x00" # File attributes => archive: file has been modified
          attrib = "\x80\x00\x00\x00" # File attributes => file
          dprint("[smb_cmd_trans_query_file_info_basic] Sending file response: #{file} with length: #{exe_contents.length.to_s}")
        elsif payload.length.to_s.eql?('1') or payload.eql?(path)
@ -781,7 +713,6 @@ module Msf
          if payload.length.to_s.eql?('4')
            attrib = "\x10\x00\x00\x00" # File attributes => directory
            dprint("[smb_cmd_trans_query_path_info_basic] Sending directory response")
-            #attrib = "\x20\x00\x00\x00" # File attributes => archive: file has been modified
          else
            attrib = "\x80\x00\x00\x00" # File attributes => file
            dprint("[smb_cmd_trans_query_path_info_basic] Sending file response")