Simpleclient/SMB2 support
parent
d54992674f
commit
ff202a5f5b
|
@ -218,7 +218,7 @@ module Msf
|
||||||
# @raise [Rex::Proto::SMB::Exceptions::ErrorCode]
|
# @raise [Rex::Proto::SMB::Exceptions::ErrorCode]
|
||||||
def smb_file_exist?(file)
|
def smb_file_exist?(file)
|
||||||
begin
|
begin
|
||||||
fd = simple.open(file, 'ro')
|
fd = simple.open(file, 'o')
|
||||||
rescue XCEPT::ErrorCode => e
|
rescue XCEPT::ErrorCode => e
|
||||||
# If attempting to open the file results in a "*_NOT_FOUND" error,
|
# If attempting to open the file results in a "*_NOT_FOUND" error,
|
||||||
# then we can be sure the file is not there.
|
# then we can be sure the file is not there.
|
||||||
|
|
|
@ -75,7 +75,7 @@ module Exploit::Remote::SMB::Client::Psexec
|
||||||
def smb_read_file(smbshare, host, file)
|
def smb_read_file(smbshare, host, file)
|
||||||
begin
|
begin
|
||||||
simple.connect("\\\\#{host}\\#{smbshare}")
|
simple.connect("\\\\#{host}\\#{smbshare}")
|
||||||
file = simple.open(file, 'ro')
|
file = simple.open(file, 'o')
|
||||||
contents = file.read
|
contents = file.read
|
||||||
file.close
|
file.close
|
||||||
simple.disconnect("\\\\#{host}\\#{smbshare}")
|
simple.disconnect("\\\\#{host}\\#{smbshare}")
|
||||||
|
|
|
@ -158,7 +158,7 @@ require 'rex/proto/smb/exceptions'
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
data = self.socket.read( read_cnt, rand(1024)+1)
|
data = self.socket.read(read_cnt, rand(1024)+1)
|
||||||
break if !(data and data.length > 0)
|
break if !(data and data.length > 0)
|
||||||
raw_response += data
|
raw_response += data
|
||||||
|
|
||||||
|
|
|
@ -165,17 +165,26 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
||||||
def open(path, perm, chunk_size = 48000)
|
def open(path, perm, chunk_size = 48000, read: true, write: false)
|
||||||
mode = UTILS.open_mode_to_mode(perm)
|
mode = 0
|
||||||
access = UTILS.open_mode_to_access(perm)
|
perm.each_byte { |c|
|
||||||
|
case [c].pack('C').downcase
|
||||||
|
when 'x', 'c'
|
||||||
|
mode |= RubySMB::Dispositions::FILE_CREATE
|
||||||
|
when 'o'
|
||||||
|
mode |= RubySMB::Dispositions::FILE_OPEN
|
||||||
|
when 's'
|
||||||
|
mode |= RubySMB::Dispositions::FILE_SUPERSEDE
|
||||||
|
end
|
||||||
|
}
|
||||||
|
|
||||||
ok = self.client.open(path, mode, access)
|
if write
|
||||||
file_id = if ok.respond_to?(:guid)
|
ok = self.client.open(path, mode, read: true, write: true)
|
||||||
ok.guid
|
else
|
||||||
elsif ok.respond_to?(:fid)
|
ok = self.client.open(path, mode, read: true)
|
||||||
ok.fid
|
end
|
||||||
end
|
|
||||||
fh = OpenFile.new(self.client, path, self.client.last_tree_id, file_id)
|
fh = OpenFile.new(self.client, path, self.client.last_tree_id, ok)
|
||||||
fh.chunk_size = chunk_size
|
fh.chunk_size = chunk_size
|
||||||
fh
|
fh
|
||||||
end
|
end
|
||||||
|
@ -186,12 +195,7 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
|
||||||
|
|
||||||
def create_pipe(path, perm = 'c')
|
def create_pipe(path, perm = 'c')
|
||||||
disposition = UTILS.create_mode_to_disposition(perm)
|
disposition = UTILS.create_mode_to_disposition(perm)
|
||||||
ok = self.client.create_pipe(path, disposition)
|
file_id = self.client.create_pipe(path, disposition)
|
||||||
file_id = if ok.respond_to? :guid
|
|
||||||
ok.guid.to_binary_s
|
|
||||||
elsif ok.respond_to? :fid
|
|
||||||
ok.fid.to_binary_s
|
|
||||||
end
|
|
||||||
fh = OpenPipe.new(self.client, path, self.client.last_tree_id, file_id)
|
fh = OpenPipe.new(self.client, path, self.client.last_tree_id, file_id)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -32,32 +32,27 @@ class OpenFile
|
||||||
def read(length = nil, offset = 0)
|
def read(length = nil, offset = 0)
|
||||||
if (length == nil)
|
if (length == nil)
|
||||||
data = ''
|
data = ''
|
||||||
|
max_size = self.client.open_files[self.client.last_file_id].size
|
||||||
fptr = offset
|
fptr = offset
|
||||||
ok = self.client.read(self.file_id, fptr, self.chunk_size)
|
|
||||||
while (ok and ok['Payload'].v['DataLenLow'] > 0)
|
|
||||||
buff = ok.to_s.slice(
|
|
||||||
ok['Payload'].v['DataOffset'] + 4,
|
|
||||||
ok['Payload'].v['DataLenLow']
|
|
||||||
)
|
|
||||||
data << buff
|
|
||||||
if ok['Payload'].v['Remaining'] == 0
|
|
||||||
break
|
|
||||||
end
|
|
||||||
fptr += ok['Payload'].v['DataLenLow']
|
|
||||||
|
|
||||||
begin
|
if max_size < self.chunk_size
|
||||||
ok = self.client.read(self.file_id, fptr, self.chunk_size)
|
chunk = max_size
|
||||||
rescue XCEPT::ErrorCode => e
|
else
|
||||||
case e.error_code
|
chunk = self.chunk_size
|
||||||
when 0x00050001
|
|
||||||
# Novell fires off an access denied error on EOF
|
|
||||||
ok = nil
|
|
||||||
else
|
|
||||||
raise e
|
|
||||||
end
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
||||||
|
ok = self.client.read(self.file_id, fptr, chunk)
|
||||||
|
data << ok.pack('C*')
|
||||||
|
fptr = data.length
|
||||||
|
|
||||||
|
while (ok && data.length < max_size)
|
||||||
|
if (max_size - data.length) < chunk
|
||||||
|
chunk = max_size - data.length
|
||||||
|
end
|
||||||
|
ok = self.client.read(self.file_id, fptr, chunk)
|
||||||
|
data << ok.pack('C*')
|
||||||
|
fptr = data.length
|
||||||
|
end
|
||||||
return data
|
return data
|
||||||
else
|
else
|
||||||
ok = self.client.read(self.file_id, offset, length)
|
ok = self.client.read(self.file_id, offset, length)
|
||||||
|
|
|
@ -51,7 +51,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
vprint_status("Trying to download #{remote_path}...")
|
vprint_status("Trying to download #{remote_path}...")
|
||||||
|
|
||||||
data = ''
|
data = ''
|
||||||
fd = simple.open("\\#{remote_path}", 'ro')
|
fd = simple.open("#{remote_path}", 'o')
|
||||||
begin
|
begin
|
||||||
data = fd.read
|
data = fd.read
|
||||||
ensure
|
ensure
|
||||||
|
|
|
@ -63,7 +63,7 @@ class MetasploitModule < Msf::Auxiliary
|
||||||
begin
|
begin
|
||||||
vprint_status("Trying to upload #{local_path} to #{remote_path}...")
|
vprint_status("Trying to upload #{local_path} to #{remote_path}...")
|
||||||
|
|
||||||
fd = simple.open("\\#{remote_path}", 'rwct')
|
fd = simple.open("#{remote_path}", 's', write: true)
|
||||||
data = ::File.read(datastore['LPATH'], ::File.size(datastore['LPATH']))
|
data = ::File.read(datastore['LPATH'], ::File.size(datastore['LPATH']))
|
||||||
fd.write(data)
|
fd.write(data)
|
||||||
fd.close
|
fd.close
|
||||||
|
|
Loading…
Reference in New Issue