#!/usr/bin/ruby

$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))

require 'test/unit'
require 'rex/proto/smb'
require 'rex/proto/dcerpc'
require 'rex/socket'

class Rex::Proto::SMB::SimpleClient::UnitTest < Test::Unit::TestCase
	
	Klass = Rex::Proto::SMB::SimpleClient

	# Alias over the Rex DCERPC protocol modules
	DCERPCPacket   = Rex::Proto::DCERPC::Packet
	DCERPCClient   = Rex::Proto::DCERPC::Client
	DCERPCResponse = Rex::Proto::DCERPC::Response
	DCERPCUUID     = Rex::Proto::DCERPC::UUID
	XCEPT          = Rex::Proto::SMB::Exceptions
	
	FILE_CREATE = 0x10
	FILE_TRUNC  = 0x02
	FILE_OPEN   = 0x01
	
	
    @@host = '192.168.0.219'
    # @@host = '10.4.10.58'
	@@port = 445

	def test_smb_open_share
		user = 'SMBTest'
		pass = 'SMBTest'
		share = 'C$'
		
		write_data = ('A' * (1024 * 8))
		filename = 'smb_tester.txt'
		
		s = Rex::Socket.create_tcp(
			'PeerHost' => @@host,
			'PeerPort' => @@port
		)

		c = Klass.new(s, true)
		c.client.evasion_level = 0
		
		begin
			c.login('*SMBSERVER', user, pass)
			c.connect(share)
			
			f = c.open(filename, 'rwct')
			f << write_data
			f.close
			
			f = c.open(filename, 'ro')
			d = f.read()
			f.close
			
			c.delete(filename)
			c.disconnect(share)
			
		rescue
			puts $!.to_s + $!.backtrace.join("\n")
			return
		end

		s.close	
	end

    def test_smb_dcerpc
		s = Rex::Socket.create_tcp(
			'PeerHost' => @@host,
			'PeerPort' => @@port
		)

		c = Klass.new(s, true)
		c.client.evasion_level = 0

        user = ''
        pass = ''

        begin
            c.login('*SMBSERVER', user, pass)
            c.connect('IPC$')
			f = c.create_pipe('\BROWSER')
			
			bind, ctx = DCERPCPacket.make_bind_fake_multi(
				'4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0',
				 10, 
				 4
			)
			
			# Evasion techniques:
			# 	1) Write the bind out a few bytes at a time with a random offset
			#	2) Read the response back a few bytes at a time with a random offset
			
			# Write the bind request out in random chunk sizes
			while (bind.length > 0)
				f.write( bind.slice!(0, (rand(20)+5)), rand(1024)+1 )
			end
			
			d = ''
			# Read the response back a few bytes a time
			begin
				while(true)
					t = (f.read((rand(20)+5), rand(1024)+1))
					last if ! t.length
					d << t
				end
			rescue XCEPT::NoReply
			end

			r = DCERPCResponse.new(d)
			assert_equal(r.type, 12)
			assert_equal(r.ack_result[ctx-0], 0)
			assert_equal(r.ack_result[ctx-1], 2)
        rescue
            puts $!.to_s + $!.backtrace.join("\n")
            return
        end

		s.close	
    end
	
end