Use constants for DataCount and DataCountTotal

lib/msf/core/exploit/smb/server/share.rb

@@ -66,6 +66,8 @@ module Msf
         CONST::SMB_WRITE_OWNER_ACCESS |
         CONST::SMB_SYNC_ACCESS
 
+      UNICODE_NULL_LENGTH = 2
+
       attr_accessor :unc
       attr_accessor :share
       attr_accessor :path_name

lib/msf/core/exploit/smb/server/share/information_level/find.rb

@@ -106,16 +106,18 @@ module Msf
             trans2_params.v['EaErrorOffset'] = 0
             trans2_params.v['LastNameOffset'] = 0
 
+            puts "length: #{find_file.to_s.length}"
+
             # If its asking for a file, return file
             pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
             pkt['Payload']['SMB'].v['Flags1'] = FLAGS
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = 10
-            pkt['Payload'].v['DataCountTotal'] = 14 + data.length
+            pkt['Payload'].v['DataCountTotal'] = CONST::SMB_FIND_FILE_NAMES_INFO_HDR_LENGTH + data.length + UNICODE_NULL_LENGTH
             pkt['Payload'].v['ParamCount'] = 10
             pkt['Payload'].v['ParamOffset'] = 56
-            pkt['Payload'].v['DataCount'] = 14 + data.length
+            pkt['Payload'].v['DataCount'] = CONST::SMB_FIND_FILE_NAMES_INFO_HDR_LENGTH + data.length + UNICODE_NULL_LENGTH
             pkt['Payload'].v['DataOffset'] = 68
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding
@@ -178,15 +180,15 @@ module Msf
             trans2_params.v['LastNameOffset'] = 0
 
             pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_TRANSACTION2
-            pkt['Payload']['SMB'].v['Flags1'] = 0x88
+            pkt['Payload']['SMB'].v['Flags1'] = FLAGS
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = 10
-            pkt['Payload'].v['DataCountTotal'] = 68 + data.length
+            pkt['Payload'].v['DataCountTotal'] = CONST::SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH + data.length
             pkt['Payload'].v['ParamCount'] = 10
             pkt['Payload'].v['ParamOffset'] = 56
-            pkt['Payload'].v['DataCount'] = 68 + data.length
-            pkt['Payload'].v['DataOffset'] = 68
+            pkt['Payload'].v['DataCount'] = CONST::SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH + data.length
+            pkt['Payload'].v['DataOffset'] = CONST::SMB_FIND_FILE_FULL_DIRECTORY_INFO_HDR_LENGTH
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding
               trans2_params.to_s +

lib/msf/core/exploit/smb/server/share/information_level/query.rb

@@ -39,10 +39,10 @@ module Msf
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = 2
-            pkt['Payload'].v['DataCountTotal'] = 24
+            pkt['Payload'].v['DataCountTotal'] = CONST::SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH + UNICODE_NULL_LENGTH
             pkt['Payload'].v['ParamCount'] = 2
             pkt['Payload'].v['ParamOffset'] = 56
-            pkt['Payload'].v['DataCount'] = 24
+            pkt['Payload'].v['DataCount'] = CONST::SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH + UNICODE_NULL_LENGTH
             pkt['Payload'].v['DataOffset'] = 60
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding
@@ -99,10 +99,10 @@ module Msf
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = 2
-            pkt['Payload'].v['DataCountTotal'] = 40
+            pkt['Payload'].v['DataCountTotal'] = CONST::SMB_QUERY_FILE_BASIC_INFO_HDR_LENGTH
             pkt['Payload'].v['ParamCount'] = 2
             pkt['Payload'].v['ParamOffset'] = 56
-            pkt['Payload'].v['DataCount'] = 40
+            pkt['Payload'].v['DataCount'] = CONST::SMB_QUERY_FILE_BASIC_INFO_HDR_LENGTH
             pkt['Payload'].v['DataOffset'] = 60
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding
@@ -160,10 +160,10 @@ module Msf
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 10
             pkt['Payload'].v['ParamCountTotal'] = 2
-            pkt['Payload'].v['DataCountTotal'] = 24
+            pkt['Payload'].v['DataCountTotal'] = CONST::SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH + UNICODE_NULL_LENGTH
             pkt['Payload'].v['ParamCount'] = 2
             pkt['Payload'].v['ParamOffset'] = 56
-            pkt['Payload'].v['DataCount'] = 24
+            pkt['Payload'].v['DataCount'] = CONST::SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH + UNICODE_NULL_LENGTH
             pkt['Payload'].v['DataOffset'] = 60
             pkt['Payload'].v['Payload'] =
               "\x00" + # Padding

lib/rex/proto/smb/constants.rb

@@ -1292,6 +1292,8 @@ class Constants
     ['uint32v', 'Reserved', 0]
   )
 
+  SMB_QUERY_FILE_BASIC_INFO_HDR_LENGTH = 40
+
   # A template for SMB_QUERY_FILE_STANDARD_INFO query path information level
   SMB_QUERY_FILE_STANDARD_INFO_HDR = Rex::Struct2::CStructTemplate.new(
     ['uint64v', 'AllocationSize', 0],
@@ -1301,6 +1303,8 @@ class Constants
     ['uint8',   'Directory',      0]
   )
 
+  SMB_QUERY_FILE_STANDARD_INFO_HDR_LENGTH = 22
+
   # A template for SMB_Data blocks of the SMB_COM_TRANSACTION2 requests
   SMB_DATA_TRANS2 = Rex::Struct2::CStructTemplate.new(
     ['uint16v', 'SubCommand',          0],