infosecn1nja
/
metasploit-framework
mirror of https://github.com/infosecn1nja/metasploit-framework.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Create Access rights constants

bug/bundler_fix
jvazquez-r7 2015-02-25 13:22:16 -06:00
parent 1caffbea2d
commit e967cfbfb3
3 changed files with 58 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
lib/msf/core/exploit/smb/server/share.rb
View File

@ -31,26 +31,41 @@ module Msf
FLAGS = CONST::FLAGS_REQ_RES + CONST::FLAGS_CASE_SENSITIVE FLAGS = CONST::FLAGS_REQ_RES + CONST::FLAGS_CASE_SENSITIVE
FLAGS2 = CONST::FLAGS2_UNICODE_STRINGS + FLAGS2 = CONST::FLAGS2_UNICODE_STRINGS |
CONST::FLAGS2_EXTENDED_SECURITY + CONST::FLAGS2_EXTENDED_SECURITY |
CONST::FLAGS2_32_BIT_ERROR_CODES + CONST::FLAGS2_32_BIT_ERROR_CODES |
CONST::FLAGS2_LONG_PATH_COMPONENTS CONST::FLAGS2_LONG_PATH_COMPONENTS
CAPABILITIES = CONST::CAP_UNIX_EXTENSIONS + CAPABILITIES = CONST::CAP_UNIX_EXTENSIONS |
CONST::CAP_LARGE_WRITEX + CONST::CAP_LARGE_WRITEX |
CONST::CAP_LARGE_READX + CONST::CAP_LARGE_READX |
CONST::CAP_PASSTHRU + CONST::CAP_PASSTHRU |
CONST::CAP_DFS + CONST::CAP_DFS |
CONST::CAP_NT_FIND + CONST::CAP_NT_FIND |
CONST::CAP_LOCK_AND_READ + CONST::CAP_LOCK_AND_READ |
CONST::CAP_LEVEL_II_OPLOCKS + CONST::CAP_LEVEL_II_OPLOCKS |
CONST::CAP_STATUS32 + CONST::CAP_STATUS32 |
CONST::CAP_RPC_REMOTE_APIS + CONST::CAP_RPC_REMOTE_APIS |
CONST::CAP_NT_SMBS + CONST::CAP_NT_SMBS |
CONST::CAP_LARGE_FILES + CONST::CAP_LARGE_FILES |
CONST::CAP_UNICODE + CONST::CAP_UNICODE |
CONST::CAP_RAW_MODE CONST::CAP_RAW_MODE
CREATE_MAX_ACCESS = CONST::SMB_READ_ACCESS |
CONST::SMB_WRITE_ACCESS |
CONST::SMB_APPEND_ACCESS |
CONST::SMB_READ_EA_ACCESS |
CONST::SMB_WRITE_EA_ACCESS |
CONST::SMB_EXECUTE_ACCESS |
CONST::SMB_DELETE_CHILD_ACCESS |
CONST::SMB_READ_ATTRIBUTES_ACCESS |
CONST::SMB_WRITE_ATTRIBUTES_ACCESS |
CONST::SMB_DELETE_ACCESS |
CONST::SMB_READ_CONTROL_ACCESS |
CONST::SMB_WRITE_DAC_ACCESS |
CONST::SMB_WRITE_OWNER_ACCESS |
CONST::SMB_SYNC_ACCESS
attr_accessor :unc attr_accessor :unc
attr_accessor :share attr_accessor :share
attr_accessor :path_name attr_accessor :path_name

8
lib/msf/core/exploit/smb/server/share/command/nt_create_andx.rb
View File

@ -38,7 +38,7 @@ module Msf
pkt = CONST::SMB_CREATE_RES_PKT.make_struct pkt = CONST::SMB_CREATE_RES_PKT.make_struct
smb_set_defaults(c, pkt) smb_set_defaults(c, pkt)
pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_NT_CREATE_ANDX pkt['Payload']['SMB'].v['Command'] = CONST::SMB_COM_NT_CREATE_ANDX
pkt['Payload']['SMB'].v['ErrorClass'] = 0xC0000034 # OBJECT_NAME_NOT_FOUND pkt['Payload']['SMB'].v['ErrorClass'] = CONST::SMB_STATUS_OBJECT_NAME_NOT_FOUND
pkt['Payload']['SMB'].v['Flags1'] = FLAGS pkt['Payload']['SMB'].v['Flags1'] = FLAGS
pkt['Payload']['SMB'].v['Flags2'] = FLAGS2 pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
c.put(pkt.to_s) c.put(pkt.to_s)
@ -68,10 +68,10 @@ module Msf
pkt['Payload'].v['AllocHigh'] = 0 pkt['Payload'].v['AllocHigh'] = 0
pkt['Payload'].v['EOFLow'] = eof pkt['Payload'].v['EOFLow'] = eof
pkt['Payload'].v['EOFHigh'] = 0 pkt['Payload'].v['EOFHigh'] = 0
pkt['Payload'].v['FileType'] = 0 pkt['Payload'].v['FileType'] = CONST::SMB_RESOURCE_FILE_TYPE_DISK
pkt['Payload'].v['IPCState'] = 0x7 pkt['Payload'].v['IPCState'] = 0x7 # Number maxim of instance a named pipe can have
pkt['Payload'].v['IsDirectory'] = is_dir pkt['Payload'].v['IsDirectory'] = is_dir
pkt['Payload'].v['MaxAccess'] = 0x1f01ff pkt['Payload'].v['MaxAccess'] = CREATE_MAX_ACCESS
c.put(pkt.to_s) c.put(pkt.to_s)
end end
end end

24
lib/rex/proto/smb/constants.rb
View File

@ -195,6 +195,21 @@ class Constants
CREATE_ACCESS_OVEREXIST = 0x04 # Overwrite existing file and fail if it does not exist CREATE_ACCESS_OVEREXIST = 0x04 # Overwrite existing file and fail if it does not exist
CREATE_ACCESS_OVERCREATE = 0x05 # Overwrite existing file or create it if it does not exist CREATE_ACCESS_OVERCREATE = 0x05 # Overwrite existing file or create it if it does not exist
# Access Rights
SMB_READ_ACCESS = 1
SMB_WRITE_ACCESS = 2
SMB_APPEND_ACCESS = 4
SMB_READ_EA_ACCESS = 8
SMB_WRITE_EA_ACCESS = 0x10
SMB_EXECUTE_ACCESS = 0x20
SMB_DELETE_CHILD_ACCESS = 0x40
SMB_READ_ATTRIBUTES_ACCESS = 0x80
SMB_WRITE_ATTRIBUTES_ACCESS = 0x100
SMB_DELETE_ACCESS = 0x10000
SMB_READ_CONTROL_ACCESS = 0x20000
SMB_WRITE_DAC_ACCESS = 0x40000
SMB_WRITE_OWNER_ACCESS = 0x80000
SMB_SYNC_ACCESS = 0x100000
# Wildcard NetBIOS name # Wildcard NetBIOS name
NETBIOS_REDIR = 'CACACACACACACACACACACACACACACAAA' NETBIOS_REDIR = 'CACACACACACACACACACACACACACACAAA'
@ -217,7 +232,6 @@ class Constants
# 13 = create_directory # 13 = create_directory
# 14 = session_setup # 14 = session_setup
# SMB_COM_TRANSACTION2 SubCommands # SMB_COM_TRANSACTION2 SubCommands
TRANS2_OPEN2 = 0 TRANS2_OPEN2 = 0
TRANS2_FIND_FIRST2 = 1 TRANS2_FIND_FIRST2 = 1
@ -370,6 +384,14 @@ class Constants
SMB_STATUS_ACCESS_DENIED = 0xC0000022 SMB_STATUS_ACCESS_DENIED = 0xC0000022
SMB_STATUS_LOGON_FAILURE = 0xC000006D SMB_STATUS_LOGON_FAILURE = 0xC000006D
SMB_STATUS_NO_SUCH_FILE = 0xC000000F SMB_STATUS_NO_SUCH_FILE = 0xC000000F
SMB_STATUS_OBJECT_NAME_NOT_FOUND = 0xc0000034
# SMB Resource types
SMB_RESOURCE_FILE_TYPE_DISK = 0x0000
SMB_RESOURCE_FILE_TYPE_BYTE_MODE_PIPE = 0x0001
SMB_RESOURCE_FILE_TYPE_MESSAGE_MODE_PIPE = 0x0002
SMB_RESOURCE_FILE_TYPE_PRINTER = 0x0003
SMB_RESOURCE_FILE_TYPE_COMM_DEVICE = 0x0004
# SMB Dialect Compatibility # SMB Dialect Compatibility
DIALECT = {} DIALECT = {}