From a6f8d27efc7b0b37c641878da446952c1d06f987 Mon Sep 17 00:00:00 2001 From: Max Dymond Date: Mon, 3 Jul 2017 11:00:04 +0100 Subject: test1451: add SMB support to the testbed Add test 1451 which does some very basic SMB testing using the impacket SMB server. Closes #1630 --- tests/python_dependencies/impacket/smbserver.py | 766 ++++++++---------------- 1 file changed, 259 insertions(+), 507 deletions(-) (limited to 'tests/python_dependencies') diff --git a/tests/python_dependencies/impacket/smbserver.py b/tests/python_dependencies/impacket/smbserver.py index 4baebbb20..aa795e52e 100644 --- a/tests/python_dependencies/impacket/smbserver.py +++ b/tests/python_dependencies/impacket/smbserver.py @@ -8,7 +8,7 @@ # # TODO: # [-] Functions should return NT error codes -# [-] Handling errors in all situations, right now it's just raising exceptions. +# [-] Handling errors in all situations, right now it's just raising exceptions. # [*] Standard authentication support # [ ] Organize the connectionData stuff # [*] Add capability to send a bad user ID if the user is not authenticated, @@ -38,8 +38,7 @@ import errno import sys import random import shutil -import string -from binascii import unhexlify, hexlify +from binascii import hexlify # For signing from impacket import smb, nmb, ntlm, uuid, LOG @@ -56,8 +55,8 @@ STATUS_SMB_BAD_UID = 0x005B0002 STATUS_SMB_BAD_TID = 0x00050002 # Utility functions -# and general functions. -# There are some common functions that can be accessed from more than one SMB +# and general functions. +# There are some common functions that can be accessed from more than one SMB # command (or either TRANSACTION). That's why I'm putting them here # TODO: Return NT ERROR Codes @@ -96,7 +95,7 @@ def writeJohnOutputToFile(hash_string, hash_version, file_name): with open(output_filename,"a") as f: f.write(hash_string) - f.write('\n') + f.write('\n') def decodeSMBString( flags, text ): @@ -110,7 +109,7 @@ def encodeSMBString( flags, text ): return (text).encode('utf-16le') else: return text - + def getFileTime(t): t *= 10000000 t += 116444736000000000 @@ -131,7 +130,7 @@ def getSMBDate(t): def getSMBTime(t): # TODO: Fix this :P d = datetime.datetime.fromtimestamp(t) - return (d.hour << 8) + (d.minute << 4) + d.second + return (d.hour << 8) + (d.minute << 4) + d.second def getShares(connId, smbServer): config = smbServer.getServerConfig() @@ -222,7 +221,7 @@ def queryFsInformation(path, filename, level=0): data = smb.SMBQueryFsVolumeInfo() data['VolumeLabel'] = '' data['VolumeCreationTime'] = getFileTime(ctime) - return data.getData() + return data.getData() elif level == smb.SMB_QUERY_FS_SIZE_INFO: data = smb.SMBQueryFsSizeInfo() return data.getData() @@ -242,9 +241,9 @@ def queryFsInformation(path, filename, level=0): fileAttributes = attribs return fileSize, lastWriteTime, fileAttributes -def findFirst2(path, fileName, level, searchAttributes, isSMB2 = False): +def findFirst2(path, fileName, level, searchAttributes, isSMB2 = False): # TODO: Depending on the level, this could be done much simpler - + #print "FindFirs2 path:%s, filename:%s" % (path, fileName) fileName = os.path.normpath(fileName.replace('\\','/')) # Let's choose the right encoding depending on the request @@ -269,7 +268,7 @@ def findFirst2(path, fileName, level, searchAttributes, isSMB2 = False): pattern = os.path.basename(pathName) dirName = os.path.dirname(pathName) - # Always add . and .. Not that important for Windows, but Samba whines if + # Always add . and .. Not that important for Windows, but Samba whines if # not present (for * search only) if pattern == '*': files.append(os.path.join(dirName,'.')) @@ -310,7 +309,7 @@ def findFirst2(path, fileName, level, searchAttributes, isSMB2 = False): else: LOG.error("Wrong level %d!" % level) return searchResult, searchCount, STATUS_NOT_SUPPORTED - + (mode, ino, dev, nlink, uid, gid, size, atime, mtime, ctime) = os.stat(i) if os.path.isdir(i): item['ExtFileAttributes'] = smb.ATTR_DIRECTORY @@ -430,7 +429,7 @@ def queryPathInformation(path, filename, level): infoRecord['FileAttributes'] = smb.ATTR_DIRECTORY else: infoRecord['FileAttributes'] = smb.ATTR_NORMAL | smb.ATTR_ARCHIVE - elif level == smb.SMB_QUERY_FILE_EA_INFO or level == smb2.SMB2_FILE_EA_INFO: + elif level == smb.SMB_QUERY_FILE_EA_INFO or level == smb2.SMB2_FILE_EA_INFO: infoRecord = smb.SMBQueryFileEaInfo() elif level == smb2.SMB2_FILE_STREAM_INFO: infoRecord = smb.SMBFileStreamInformation() @@ -508,7 +507,7 @@ class TRANSCommands: respParameters = smb.SMBNetShareGetInfoResponse() shares = getShares(connId, smbServer) share = shares[request['ShareName'].upper()] - shareInfo = smb.NetShareInfo1() + shareInfo = smb.NetShareInfo1() shareInfo['NetworkName'] = request['ShareName'].upper() + '\x00' shareInfo['Type'] = int(share['share type']) respData = shareInfo.getData() @@ -516,7 +515,7 @@ class TRANSCommands: shareInfo['RemarkOffsetLow'] = len(respData) respData += share['comment'] + '\x00' respParameters['TotalBytesAvailable'] = len(respData) - + else: # We don't know how to handle anything else errorCode = STATUS_NOT_SUPPORTED @@ -717,7 +716,7 @@ class TRANS2Commands: respData = infoRecord else: errorCode = STATUS_SMB_BAD_TID - + smbServer.setConnectionData(connId, connData) return respSetup, respParameters, respData, errorCode @@ -765,7 +764,7 @@ class TRANS2Commands: searchCount +=1 respData += data totalData += lenData - + # Have we reached the end of the search or still stuff to send? if endOfSearch > 0: # Let's remove the SID from our ConnData @@ -773,10 +772,10 @@ class TRANS2Commands: respParameters['EndOfSearch'] = endOfSearch respParameters['SearchCount'] = searchCount - else: + else: errorCode = STATUS_INVALID_HANDLE else: - errorCode = STATUS_SMB_BAD_TID + errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) @@ -794,9 +793,9 @@ class TRANS2Commands: if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] - searchResult, searchCount, errorCode = findFirst2(path, - decodeSMBString( recvPacket['Flags2'], findFirst2Parameters['FileName'] ), - findFirst2Parameters['InformationLevel'], + searchResult, searchCount, errorCode = findFirst2(path, + decodeSMBString( recvPacket['Flags2'], findFirst2Parameters['FileName'] ), + findFirst2Parameters['InformationLevel'], findFirst2Parameters['SearchAttributes'] ) respParameters = smb.SMBFindFirst2Response_Parameters() @@ -832,7 +831,7 @@ class TRANS2Commands: respParameters['EndOfSearch'] = endOfSearch respParameters['SearchCount'] = searchCount else: - errorCode = STATUS_SMB_BAD_TID + errorCode = STATUS_SMB_BAD_TID smbServer.setConnectionData(connId, connData) @@ -851,12 +850,12 @@ class SMBCommands: # Do the stuff if transParameters['ParameterCount'] != transParameters['TotalParameterCount']: - # TODO: Handle partial parameters + # TODO: Handle partial parameters raise Exception("Unsupported partial parameters in TRANSACT2!") else: transData = smb.SMBTransaction_SData(flags = recvPacket['Flags2']) - # Standard says servers shouldn't trust Parameters and Data comes - # in order, so we have to parse the offsets, ugly + # Standard says servers shouldn't trust Parameters and Data comes + # in order, so we have to parse the offsets, ugly paramCount = transParameters['ParameterCount'] transData['Trans_ParametersLength'] = paramCount @@ -872,26 +871,26 @@ class SMBCommands: if transParameters['DataOffset'] > 0: dataOffset = transParameters['DataOffset'] - 63 - transParameters['SetupLength'] transData['Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] - else: + else: transData['Trans_Data'] = '' - + # Call the handler for this TRANSACTION if transParameters['SetupCount'] == 0: # No subcommand, let's play with the Name command = decodeSMBString(recvPacket['Flags2'],transData['Name']) else: command = struct.unpack(' 0 or remainingParameters > 0: + while remainingData > 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransactionResponse_Parameters() respData = smb.SMBTransaction2Response_Data() @@ -936,11 +935,11 @@ class SMBCommands: respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if len(parameters) > 0: - #padLen = 4 - (55 + len(setup)) % 4 + #padLen = 4 - (55 + len(setup)) % 4 padLen = (4 - (55 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes - respParameters['ParameterOffset'] = 55 + len(setup) + padLen + respParameters['ParameterOffset'] = 55 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 @@ -956,9 +955,9 @@ class SMBCommands: respData['Pad2'] = '' respData['Trans_Parameters'] = parameters[:respParameters['ParameterCount']] - respData['Trans_Data'] = data[:respParameters['DataCount']] + respData['Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] @@ -978,7 +977,7 @@ class SMBCommands: errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -993,12 +992,12 @@ class SMBCommands: NTTransParameters= smb.SMBNTTransaction_Parameters(SMBCommand['Parameters']) # Do the stuff if NTTransParameters['ParameterCount'] != NTTransParameters['TotalParameterCount']: - # TODO: Handle partial parameters + # TODO: Handle partial parameters raise Exception("Unsupported partial parameters in NTTrans!") else: NTTransData = smb.SMBNTTransaction_Data() - # Standard says servers shouldn't trust Parameters and Data comes - # in order, so we have to parse the offsets, ugly + # Standard says servers shouldn't trust Parameters and Data comes + # in order, so we have to parse the offsets, ugly paramCount = NTTransParameters['ParameterCount'] NTTransData['NT_Trans_ParametersLength'] = paramCount @@ -1014,7 +1013,7 @@ class SMBCommands: if NTTransParameters['DataOffset'] > 0: dataOffset = NTTransParameters['DataOffset'] - 73 - NTTransParameters['SetupLength'] NTTransData['NT_Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] - else: + else: NTTransData['NT_Trans_Data'] = '' # Call the handler for this TRANSACTION @@ -1024,11 +1023,11 @@ class SMBCommands: setup = '' parameters = '' data = '' - try: + try: setup, parameters, data, errorCode = transCommands[command](connId, - smbServer, - recvPacket, - NTTransData['NT_Trans_Parameters'], + smbServer, + recvPacket, + NTTransData['NT_Trans_Parameters'], NTTransData['NT_Trans_Data'], NTTransParameters['MaxDataCount']) except Exception, e: @@ -1041,7 +1040,7 @@ class SMBCommands: respParameters = '' respData = '' if errorCode == STATUS_SUCCESS: - errorCode = STATUS_ACCESS_DENIED + errorCode = STATUS_ACCESS_DENIED else: # Build the answer data = str(data) @@ -1050,7 +1049,7 @@ class SMBCommands: remainingParameters = len(parameters) commands = [] dataDisplacement = 0 - while remainingData > 0 or remainingParameters > 0: + while remainingData > 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBNTTransactionResponse_Parameters() respData = smb.SMBNTTransactionResponse_Data() @@ -1073,11 +1072,11 @@ class SMBCommands: respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if len(parameters) > 0: - #padLen = 4 - (71 + len(setup)) % 4 + #padLen = 4 - (71 + len(setup)) % 4 padLen = (4 - (73 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes - respParameters['ParameterOffset'] = 73 + len(setup) + padLen + respParameters['ParameterOffset'] = 73 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 @@ -1093,9 +1092,9 @@ class SMBCommands: respData['Pad2'] = '' respData['NT_Trans_Parameters'] = parameters[:respParameters['ParameterCount']] - respData['NT_Trans_Data'] = data[:respParameters['DataCount']] + respData['NT_Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] @@ -1115,7 +1114,7 @@ class SMBCommands: errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1131,13 +1130,13 @@ class SMBCommands: # Do the stuff if trans2Parameters['ParameterCount'] != trans2Parameters['TotalParameterCount']: - # TODO: Handle partial parameters + # TODO: Handle partial parameters #print "Unsupported partial parameters in TRANSACT2!" raise Exception("Unsupported partial parameters in TRANSACT2!") else: trans2Data = smb.SMBTransaction2_Data() - # Standard says servers shouldn't trust Parameters and Data comes - # in order, so we have to parse the offsets, ugly + # Standard says servers shouldn't trust Parameters and Data comes + # in order, so we have to parse the offsets, ugly paramCount = trans2Parameters['ParameterCount'] trans2Data['Trans_ParametersLength'] = paramCount @@ -1153,7 +1152,7 @@ class SMBCommands: if trans2Parameters['DataOffset'] > 0: dataOffset = trans2Parameters['DataOffset'] - 63 - trans2Parameters['SetupLength'] trans2Data['Trans_Data'] = SMBCommand['Data'][dataOffset:dataOffset + dataCount] - else: + else: trans2Data['Trans_Data'] = '' # Call the handler for this TRANSACTION @@ -1162,9 +1161,9 @@ class SMBCommands: # Call the TRANS2 subcommand try: setup, parameters, data, errorCode = transCommands[command](connId, - smbServer, - recvPacket, - trans2Data['Trans_Parameters'], + smbServer, + recvPacket, + trans2Data['Trans_Parameters'], trans2Data['Trans_Data'], trans2Parameters['MaxDataCount']) except Exception, e: @@ -1185,7 +1184,7 @@ class SMBCommands: remainingParameters = len(parameters) commands = [] dataDisplacement = 0 - while remainingData > 0 or remainingParameters > 0: + while remainingData > 0 or remainingParameters > 0: respSMBCommand = smb.SMBCommand(recvPacket['Command']) respParameters = smb.SMBTransaction2Response_Parameters() respData = smb.SMBTransaction2Response_Data() @@ -1208,11 +1207,11 @@ class SMBCommands: respParameters['Setup'] = setup # TODO: Make sure we're calculating the pad right if len(parameters) > 0: - #padLen = 4 - (55 + len(setup)) % 4 + #padLen = 4 - (55 + len(setup)) % 4 padLen = (4 - (55 + len(setup)) % 4 ) % 4 padBytes = '\xFF' * padLen respData['Pad1'] = padBytes - respParameters['ParameterOffset'] = 55 + len(setup) + padLen + respParameters['ParameterOffset'] = 55 + len(setup) + padLen else: padLen = 0 respParameters['ParameterOffset'] = 0 @@ -1228,9 +1227,9 @@ class SMBCommands: respData['Pad2'] = '' respData['Trans_Parameters'] = parameters[:respParameters['ParameterCount']] - respData['Trans_Data'] = data[:respParameters['DataCount']] + respData['Trans_Data'] = data[:respParameters['DataCount']] respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData data = data[respParameters['DataCount']:] remainingData -= respParameters['DataCount'] @@ -1250,7 +1249,7 @@ class SMBCommands: errorCode = STATUS_NOT_IMPLEMENTED respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1267,7 +1266,7 @@ class SMBCommands: errorCode = STATUS_SUCCESS respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1311,7 +1310,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1334,7 +1333,7 @@ class SMBCommands: if fileHandle != PIPE_FILE_DESCRIPTOR: # TODO: Handle big size files # If we're trying to write past the file end we just skip the write call (Vista does this) - if os.lseek(fileHandle, 0, 2) >= comWriteParameters['Offset']: + if os.lseek(fileHandle, 0, 2) >= comWriteParameters['Offset']: os.lseek(fileHandle,comWriteParameters['Offset'],0) os.write(fileHandle,comWriteData['Data']) else: @@ -1353,7 +1352,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1384,7 +1383,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1430,7 +1429,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1479,7 +1478,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1522,7 +1521,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1569,7 +1568,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1592,7 +1591,7 @@ class SMBCommands: writeAndXData['DataLength'] = writeAndX['DataLength'] writeAndXData['DataOffset'] = writeAndX['DataOffset'] writeAndXData.fromString(SMBCommand['Data']) - + if connData['OpenedFiles'].has_key(writeAndX['Fid']): fileHandle = connData['OpenedFiles'][writeAndX['Fid']]['FileHandle'] @@ -1623,7 +1622,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1663,7 +1662,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1710,7 +1709,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1728,7 +1727,7 @@ class SMBCommands: # Get the Tid associated if connData['ConnectedShares'].has_key(recvPacket['Tid']): fileSize, lastWriteTime, fileAttributes = queryFsInformation( - connData['ConnectedShares'][recvPacket['Tid']]['path'], + connData['ConnectedShares'][recvPacket['Tid']]['path'], decodeSMBString(recvPacket['Flags2'],queryInformation['FileName'])) respParameters['FileSize'] = fileSize @@ -1742,7 +1741,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1773,7 +1772,7 @@ class SMBCommands: respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1792,7 +1791,7 @@ class SMBCommands: respData['Data'] = echoData['Data'] respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData errorCode = STATUS_SUCCESS smbServer.setConnectionData(connId, connData) @@ -1817,7 +1816,7 @@ class SMBCommands: errorCode = STATUS_SMB_BAD_TID respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1838,7 +1837,7 @@ class SMBCommands: errorCode = STATUS_SUCCESS respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData connData['Uid'] = 0 smbServer.setConnectionData(connId, connData) @@ -1883,7 +1882,7 @@ class SMBCommands: respData = '' respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -1934,12 +1933,12 @@ class SMBCommands: mode |= os.O_TRUNC | os.O_CREAT elif createDisposition & smb.FILE_OVERWRITE == smb.FILE_OVERWRITE: if os.path.exists(pathName) is True: - mode |= os.O_TRUNC + mode |= os.O_TRUNC else: errorCode = STATUS_NO_SUCH_FILE elif createDisposition & smb.FILE_OPEN_IF == smb.FILE_OPEN_IF: if os.path.exists(pathName) is True: - mode |= os.O_TRUNC + mode |= os.O_TRUNC else: mode |= os.O_TRUNC | os.O_CREAT elif createDisposition & smb.FILE_CREATE == smb.FILE_CREATE: @@ -1958,14 +1957,14 @@ class SMBCommands: if (desiredAccess & smb.FILE_WRITE_DATA) or (desiredAccess & smb.GENERIC_WRITE): if (desiredAccess & smb.FILE_READ_DATA) or (desiredAccess & smb.GENERIC_READ): mode |= os.O_RDWR #| os.O_APPEND - else: + else: mode |= os.O_WRONLY #| os.O_APPEND if desiredAccess & smb.GENERIC_ALL: mode |= os.O_RDWR #| os.O_APPEND createOptions = ntCreateAndXParameters['CreateOptions'] if mode & os.O_CREAT == os.O_CREAT: - if createOptions & smb.FILE_DIRECTORY_FILE == smb.FILE_DIRECTORY_FILE: + if createOptions & smb.FILE_DIRECTORY_FILE == smb.FILE_DIRECTORY_FILE: try: # Let's create the directory os.mkdir(pathName) @@ -1982,7 +1981,7 @@ class SMBCommands: if createOptions & smb.FILE_DELETE_ON_CLOSE == smb.FILE_DELETE_ON_CLOSE: deleteOnClose = True - + if errorCode == STATUS_SUCCESS: try: if os.path.isdir(pathName) and sys.platform == 'win32': @@ -2056,9 +2055,9 @@ class SMBCommands: else: respParameters = '' respData = '' - + respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -2078,16 +2077,16 @@ class SMBCommands: if connData['ConnectedShares'].has_key(recvPacket['Tid']): path = connData['ConnectedShares'][recvPacket['Tid']]['path'] openedFile, mode, pathName, errorCode = openFile(path, - decodeSMBString(recvPacket['Flags2'],openAndXData['FileName']), - openAndXParameters['DesiredAccess'], - openAndXParameters['FileAttributes'], + decodeSMBString(recvPacket['Flags2'],openAndXData['FileName']), + openAndXParameters['DesiredAccess'], + openAndXParameters['FileAttributes'], openAndXParameters['OpenMode']) else: errorCode = STATUS_SMB_BAD_TID if errorCode == STATUS_SUCCESS: # Simple way to generate a fid - fid = len(connData['OpenedFiles']) + 1 + fid = len(connData['OpenedFiles']) + 1 if len(connData['OpenedFiles']) == 0: fid = 1 else: @@ -2105,7 +2104,7 @@ class SMBCommands: else: # File existed and was truncated respParameters['Action'] = 0x3 - + # Let's store the fid for the connection #smbServer.log('Opening file %s' % pathName) connData['OpenedFiles'][fid] = {} @@ -2115,9 +2114,9 @@ class SMBCommands: else: respParameters = '' respData = '' - + respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData smbServer.setConnectionData(connId, connData) return [respSMBCommand], None, errorCode @@ -2158,7 +2157,7 @@ class SMBCommands: else: path = ntpath.basename(UNCOrShare) - share = searchShare(connId, path, smbServer) + share = searchShare(connId, path, smbServer) if share is not None: # Simple way to generate a Tid if len(connData['ConnectedShares']) == 0: @@ -2185,7 +2184,7 @@ class SMBCommands: respData['NativeFileSystem'] = encodeSMBString(recvPacket['Flags2'], 'NTFS' ) respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData resp['Uid'] = connData['Uid'] resp.addCommand(respSMBCommand) @@ -2200,7 +2199,7 @@ class SMBCommands: respSMBCommand = smb.SMBCommand(smb.SMB.SMB_COM_SESSION_SETUP_ANDX) # From [MS-SMB] - # When extended security is being used (see section 3.2.4.2.4), the + # When extended security is being used (see section 3.2.4.2.4), the # request MUST take the following form # [..] # WordCount (1 byte): The value of this field MUST be 0x0C. @@ -2229,17 +2228,17 @@ class SMBCommands: else: mechStr = hexlify(mechType) smbServer.log("Unsupported MechType '%s'" % mechStr, logging.CRITICAL) - # We don't know the token, we answer back again saying + # We don't know the token, we answer back again saying # we just support NTLM. # ToDo: Build this into a SPNEGO_NegTokenResp() respToken = '\xa1\x15\x30\x13\xa0\x03\x0a\x01\x03\xa1\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a' respParameters['SecurityBlobLength'] = len(respToken) - respData['SecurityBlobLength'] = respParameters['SecurityBlobLength'] + respData['SecurityBlobLength'] = respParameters['SecurityBlobLength'] respData['SecurityBlob'] = respToken respData['NativeOS'] = encodeSMBString(recvPacket['Flags2'], smbServer.getServerOS()) respData['NativeLanMan'] = encodeSMBString(recvPacket['Flags2'], smbServer.getServerOS()) respSMBCommand['Parameters'] = respParameters - respSMBCommand['Data'] = respData + respSMBCommand['Data'] = respData return [respSMBCommand], None, STATUS_MORE_PROCESSING_REQUIRED elif struct.unpack('B',sessionSetupData['SecurityBlob'][0])[0] == ASN1_SUPPORTED_MECH: @@ -2251,7 +2250,7 @@ class SMBCommands: rawNTLM = True token = sessionSetupData['SecurityBlob'] - # Here we only handle NTLMSSP, depending on what stage of the + # Here we only handle NTLMSSP, depending on what stage of the # authentication we are, we act on it messageType = struct.unpack(' set Open.EnumerationLocation to 0 + # If SMB2_REOPEN is set in the Flags field of the SMB2 QUERY_DIRECTORY + # Request, the server SHOULD<326> set Open.EnumerationLocation to 0 # and Open.EnumerationSearchPattern to an empty string. if queryDirectoryRequest['Flags'] & smb2.SMB2_REOPEN: connData['OpenedFiles'][fileID]['Open']['EnumerationLocation'] = 0 connData['OpenedFiles'][fileID]['Open']['EnumerationSearchPattern'] = '' - - # If SMB2_RESTART_SCANS is set in the Flags field of the SMB2 - # QUERY_DIRECTORY Request, the server MUST set + + # If SMB2_RESTART_SCANS is set in the Flags field of the SMB2 + # QUERY_DIRECTORY Request, the server MUST set # Open.EnumerationLocation to 0. if queryDirectoryRequest['Flags'] & smb2.SMB2_RESTART_SCANS: connData['OpenedFiles'][fileID]['Open']['EnumerationLocation'] = 0 - # If Open.EnumerationLocation is 0 and Open.EnumerationSearchPattern - # is an empty string, then Open.EnumerationSearchPattern MUST be set - # to the search pattern specified in the SMB2 QUERY_DIRECTORY by - # FileNameOffset and FileNameLength. If FileNameLength is 0, the server + # If Open.EnumerationLocation is 0 and Open.EnumerationSearchPattern + # is an empty string, then Open.EnumerationSearchPattern MUST be set + # to the search pattern specified in the SMB2 QUERY_DIRECTORY by + # FileNameOffset and FileNameLength. If FileNameLength is 0, the server # SHOULD<327> set Open.EnumerationSearchPattern as "*" to search all entries. pattern = queryDirectoryRequest['Buffer'].decode('utf-16le') @@ -3308,8 +3307,8 @@ class SMB2Commands: pattern = '*' connData['OpenedFiles'][fileID]['Open']['EnumerationSearchPattern'] = pattern - # If SMB2_INDEX_SPECIFIED is set and FileNameLength is not zero, - # the server MUST set Open.EnumerationSearchPattern to the search pattern + # If SMB2_INDEX_SPECIFIED is set and FileNameLength is not zero, + # the server MUST set Open.EnumerationSearchPattern to the search pattern # specified in the request by FileNameOffset and FileNameLength. if queryDirectoryRequest['Flags'] & smb2.SMB2_INDEX_SPECIFIED and \ queryDirectoryRequest['FileNameLength'] > 0: @@ -3318,7 +3317,7 @@ class SMB2Commands: pathName = os.path.join(os.path.normpath(connData['OpenedFiles'][fileID]['FileName']),pattern) searchResult, searchCount, errorCode = findFirst2(os.path.dirname(pathName), os.path.basename(pathName), - queryDirectoryRequest['FileInformationClass'], + queryDirectoryRequest['FileInformationClass'], smb.ATTR_DIRECTORY, isSMB2 = True ) if errorCode != STATUS_SUCCESS: @@ -3345,7 +3344,7 @@ class SMB2Commands: data = searchResult[nItem].getData() lenData = len(data) padLen = (8-(lenData % 8)) %8 - + if (totalData+lenData) >= queryDirectoryRequest['OutputBufferLength']: connData['OpenedFiles'][fileID]['Open']['EnumerationLocation'] -= 1 break @@ -3473,7 +3472,7 @@ class Ioctls: @staticmethod def fsctlPipeTransceive(connId, smbServer, ioctlRequest): connData = smbServer.getConnectionData(connId) - + ioctlResponse = '' if connData['OpenedFiles'].has_key(str(ioctlRequest['FileID'])): @@ -3498,7 +3497,7 @@ class Ioctls: @staticmethod def fsctlValidateNegotiateInfo(connId, smbServer, ioctlRequest): connData = smbServer.getConnectionData(connId) - + errorCode = STATUS_SUCCESS validateNegotiateInfo = smb2.VALIDATE_NEGOTIATE_INFO(ioctlRequest['Buffer']) @@ -3534,14 +3533,14 @@ class SMBSERVERHandler(SocketServer.BaseRequestHandler): except nmb.NetBIOSTimeout: raise except nmb.NetBIOSError: - break + break if p.get_type() == nmb.NETBIOS_SESSION_REQUEST: # Someone is requesting a session, we're gonna accept them all :) _, rn, my = p.get_trailer().split(' ') remote_name = nmb.decode_name('\x20'+rn) - myname = nmb.decode_name('\x20'+my) - self.__SMB.log("NetBIOS Session request (%s,%s,%s)" % (self.__ip, remote_name[1].strip(), myname[1])) + myname = nmb.decode_name('\x20'+my) + self.__SMB.log("NetBIOS Session request (%s,%s,%s)" % (self.__ip, remote_name[1].strip(), myname[1])) r = nmb.NetBIOSSessionPacket() r.set_type(nmb.NETBIOS_SESSION_POSITIVE_RESPONSE) r.set_trailer(p.get_trailer()) @@ -3594,7 +3593,7 @@ class SMBSERVER(SocketServer.ThreadingMixIn, SocketServer.TCPServer): # SMB2 Support flag = default not active self.__SMB2Support = False - + # Our list of commands we will answer, by default the NOT IMPLEMENTED one self.__smbCommandsHandler = SMBCommands() self.__smbTrans2Handler = TRANS2Commands() @@ -3622,13 +3621,13 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe smb.SMB.TRANS2_SET_PATH_INFORMATION :self.__smbTrans2Handler.setPathInformation } - self.__smbCommands = { - #smb.SMB.SMB_COM_FLUSH: self.__smbCommandsHandler.smbComFlush, - smb.SMB.SMB_COM_CREATE_DIRECTORY: self.__smbCommandsHandler.smbComCreateDirectory, - smb.SMB.SMB_COM_DELETE_DIRECTORY: self.__smbCommandsHandler.smbComDeleteDirectory, - smb.SMB.SMB_COM_RENAME: self.__smbCommandsHandler.smbComRename, - smb.SMB.SMB_COM_DELETE: self.__smbCommandsHandler.smbComDelete, - smb.SMB.SMB_COM_NEGOTIATE: self.__smbCommandsHandler.smbComNegotiate, + self.__smbCommands = { + #smb.SMB.SMB_COM_FLUSH: self.__smbCommandsHandler.smbComFlush, + smb.SMB.SMB_COM_CREATE_DIRECTORY: self.__smbCommandsHandler.smbComCreateDirectory, + smb.SMB.SMB_COM_DELETE_DIRECTORY: self.__smbCommandsHandler.smbComDeleteDirectory, + smb.SMB.SMB_COM_RENAME: self.__smbCommandsHandler.smbComRename, + smb.SMB.SMB_COM_DELETE: self.__smbCommandsHandler.smbComDelete, + smb.SMB.SMB_COM_NEGOTIATE: self.__smbCommandsHandler.smbComNegotiate, smb.SMB.SMB_COM_SESSION_SETUP_ANDX: self.__smbCommandsHandler.smbComSessionSetupAndX, smb.SMB.SMB_COM_LOGOFF_ANDX: self.__smbCommandsHandler.smbComLogOffAndX, smb.SMB.SMB_COM_TREE_CONNECT_ANDX: self.__smbCommandsHandler.smbComTreeConnectAndX, @@ -3652,50 +3651,50 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe 0xFF: self.__smbCommandsHandler.default } - self.__smb2Ioctls = { - smb2.FSCTL_DFS_GET_REFERRALS: self.__IoctlHandler.fsctlDfsGetReferrals, -# smb2.FSCTL_PIPE_PEEK: self.__IoctlHandler.fsctlPipePeek, -# smb2.FSCTL_PIPE_WAIT: self.__IoctlHandler.fsctlPipeWait, - smb2.FSCTL_PIPE_TRANSCEIVE: self.__IoctlHandler.fsctlPipeTransceive, -# smb2.FSCTL_SRV_COPYCHUNK: self.__IoctlHandler.fsctlSrvCopyChunk, -# smb2.FSCTL_SRV_ENUMERATE_SNAPSHOTS: self.__IoctlHandler.fsctlSrvEnumerateSnapshots, -# smb2.FSCTL_SRV_REQUEST_RESUME_KEY: self.__IoctlHandler.fsctlSrvRequestResumeKey, -# smb2.FSCTL_SRV_READ_HASH: self.__IoctlHandler.fsctlSrvReadHash, -# smb2.FSCTL_SRV_COPYCHUNK_WRITE: self.__IoctlHandler.fsctlSrvCopyChunkWrite, -# smb2.FSCTL_LMR_REQUEST_RESILIENCY: self.__IoctlHandler.fsctlLmrRequestResiliency, -# smb2.FSCTL_QUERY_NETWORK_INTERFACE_INFO: self.__IoctlHandler.fsctlQueryNetworkInterfaceInfo, -# smb2.FSCTL_SET_REPARSE_POINT: self.__IoctlHandler.fsctlSetReparsePoint, -# smb2.FSCTL_DFS_GET_REFERRALS_EX: self.__IoctlHandler.fsctlDfsGetReferralsEx, -# smb2.FSCTL_FILE_LEVEL_TRIM: self.__IoctlHandler.fsctlFileLevelTrim, - smb2.FSCTL_VALIDATE_NEGOTIATE_INFO: self.__IoctlHandler.fsctlValidateNegotiateInfo, + self.__smb2Ioctls = { + smb2.FSCTL_DFS_GET_REFERRALS: self.__IoctlHandler.fsctlDfsGetReferrals, +# smb2.FSCTL_PIPE_PEEK: self.__IoctlHandler.fsctlPipePeek, +# smb2.FSCTL_PIPE_WAIT: self.__IoctlHandler.fsctlPipeWait, + smb2.FSCTL_PIPE_TRANSCEIVE: self.__IoctlHandler.fsctlPipeTransceive, +# smb2.FSCTL_SRV_COPYCHUNK: self.__IoctlHandler.fsctlSrvCopyChunk, +# smb2.FSCTL_SRV_ENUMERATE_SNAPSHOTS: self.__IoctlHandler.fsctlSrvEnumerateSnapshots, +# smb2.FSCTL_SRV_REQUEST_RESUME_KEY: self.__IoctlHandler.fsctlSrvRequestResumeKey, +# smb2.FSCTL_SRV_READ_HASH: self.__IoctlHandler.fsctlSrvReadHash, +# smb2.FSCTL_SRV_COPYCHUNK_WRITE: self.__IoctlHandler.fsctlSrvCopyChunkWrite, +# smb2.FSCTL_LMR_REQUEST_RESILIENCY: self.__IoctlHandler.fsctlLmrRequestResiliency, +# smb2.FSCTL_QUERY_NETWORK_INTERFACE_INFO: self.__IoctlHandler.fsctlQueryNetworkInterfaceInfo, +# smb2.FSCTL_SET_REPARSE_POINT: self.__IoctlHandler.fsctlSetReparsePoint, +# smb2.FSCTL_DFS_GET_REFERRALS_EX: self.__IoctlHandler.fsctlDfsGetReferralsEx, +# smb2.FSCTL_FILE_LEVEL_TRIM: self.__IoctlHandler.fsctlFileLevelTrim, + smb2.FSCTL_VALIDATE_NEGOTIATE_INFO: self.__IoctlHandler.fsctlValidateNegotiateInfo, } - self.__smb2Commands = { - smb2.SMB2_NEGOTIATE: self.__smb2CommandsHandler.smb2Negotiate, - smb2.SMB2_SESSION_SETUP: self.__smb2CommandsHandler.smb2SessionSetup, - smb2.SMB2_LOGOFF: self.__smb2CommandsHandler.smb2Logoff, - smb2.SMB2_TREE_CONNECT: self.__smb2CommandsHandler.smb2TreeConnect, - smb2.SMB2_TREE_DISCONNECT: self.__smb2CommandsHandler.smb2TreeDisconnect, - smb2.SMB2_CREATE: self.__smb2CommandsHandler.smb2Create, - smb2.SMB2_CLOSE: self.__smb2CommandsHandler.smb2Close, - smb2.SMB2_FLUSH: self.__smb2CommandsHandler.smb2Flush, - smb2.SMB2_READ: self.__smb2CommandsHandler.smb2Read, - smb2.SMB2_WRITE: self.__smb2CommandsHandler.smb2Write, - smb2.SMB2_LOCK: self.__smb2CommandsHandler.smb2Lock, - smb2.SMB2_IOCTL: self.__smb2CommandsHandler.smb2Ioctl, - smb2.SMB2_CANCEL: self.__smb2CommandsHandler.smb2Cancel, - smb2.SMB2_ECHO: self.__smb2CommandsHandler.smb2Echo, - smb2.SMB2_QUERY_DIRECTORY: self.__smb2CommandsHandler.smb2QueryDirectory, - smb2.SMB2_CHANGE_NOTIFY: self.__smb2CommandsHandler.smb2ChangeNotify, - smb2.SMB2_QUERY_INFO: self.__smb2CommandsHandler.smb2QueryInfo, - smb2.SMB2_SET_INFO: self.__smb2CommandsHandler.smb2SetInfo, -# smb2.SMB2_OPLOCK_BREAK: self.__smb2CommandsHandler.smb2SessionSetup, + self.__smb2Commands = { + smb2.SMB2_NEGOTIATE: self.__smb2CommandsHandler.smb2Negotiate, + smb2.SMB2_SESSION_SETUP: self.__smb2CommandsHandler.smb2SessionSetup, + smb2.SMB2_LOGOFF: self.__smb2CommandsHandler.smb2Logoff, + smb2.SMB2_TREE_CONNECT: self.__smb2CommandsHandler.smb2TreeConnect, + smb2.SMB2_TREE_DISCONNECT: self.__smb2CommandsHandler.smb2TreeDisconnect, + smb2.SMB2_CREATE: self.__smb2CommandsHandler.smb2Create, + smb2.SMB2_CLOSE: self.__smb2CommandsHandler.smb2Close, + smb2.SMB2_FLUSH: self.__smb2CommandsHandler.smb2Flush, + smb2.SMB2_READ: self.__smb2CommandsHandler.smb2Read, + smb2.SMB2_WRITE: self.__smb2CommandsHandler.smb2Write, + smb2.SMB2_LOCK: self.__smb2CommandsHandler.smb2Lock, + smb2.SMB2_IOCTL: self.__smb2CommandsHandler.smb2Ioctl, + smb2.SMB2_CANCEL: self.__smb2CommandsHandler.smb2Cancel, + smb2.SMB2_ECHO: self.__smb2CommandsHandler.smb2Echo, + smb2.SMB2_QUERY_DIRECTORY: self.__smb2CommandsHandler.smb2QueryDirectory, + smb2.SMB2_CHANGE_NOTIFY: self.__smb2CommandsHandler.smb2ChangeNotify, + smb2.SMB2_QUERY_INFO: self.__smb2CommandsHandler.smb2QueryInfo, + smb2.SMB2_SET_INFO: self.__smb2CommandsHandler.smb2SetInfo, +# smb2.SMB2_OPLOCK_BREAK: self.__smb2CommandsHandler.smb2SessionSetup, 0xFF: self.__smb2CommandsHandler.default } # List of active connections self.__activeConnections = {} - + def getIoctls(self): return self.__smb2Ioctls @@ -3729,7 +3728,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe def setConnectionData(self, connId, data): self.__activeConnections[connId] = data - #print "setConnectionData" + #print "setConnectionData" #print self.__activeConnections def getConnectionData(self, connId, checkStatus = True): @@ -3758,7 +3757,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe del(self.__smbTransCommands[transCommand]) def hookTransaction(self, transCommand, callback): - # If you call this function, callback will replace + # If you call this function, callback will replace # the current Transaction sub command. # (don't get confused with the Transaction smbCommand) # If the transaction sub command doesn't not exist, it is added @@ -3769,14 +3768,14 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # # WHERE: # - # connId : the connection Id, used to grab/update information about + # connId : the connection Id, used to grab/update information about # the current connection - # smbServer : the SMBServer instance available for you to ask + # smbServer : the SMBServer instance available for you to ask # configuration data # recvPacket : the full SMBPacket that triggered this command # parameters : the transaction parameters # data : the transaction data - # maxDataCount: the max amount of data that can be transfered agreed + # maxDataCount: the max amount of data that can be transfered agreed # with the client # # and MUST return: @@ -3787,12 +3786,12 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # respSetup: the setup response of the transaction # respParameters: the parameters response of the transaction # respData: the data reponse of the transaction - # errorCode: the NT error code + # errorCode: the NT error code if self.__smbTransCommands.has_key(transCommand): originalCommand = self.__smbTransCommands[transCommand] else: - originalCommand = None + originalCommand = None self.__smbTransCommands[transCommand] = callback return originalCommand @@ -3807,7 +3806,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe if self.__smbTrans2Commands.has_key(transCommand): originalCommand = self.__smbTrans2Commands[transCommand] else: - originalCommand = None + originalCommand = None self.__smbTrans2Commands[transCommand] = callback return originalCommand @@ -3822,7 +3821,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe if self.__smbNTTransCommands.has_key(transCommand): originalCommand = self.__smbNTTransCommands[transCommand] else: - originalCommand = None + originalCommand = None self.__smbNTTransCommands[transCommand] = callback return originalCommand @@ -3833,7 +3832,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe def hookSmbCommand(self, smbCommand, callback): # Here we should add to self.__smbCommands - # If you call this function, callback will replace + # If you call this function, callback will replace # the current smbCommand. # If smbCommand doesn't not exist, it is added # If SMB command exists, it returns the original function replaced @@ -3843,19 +3842,19 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # # WHERE: # - # connId : the connection Id, used to grab/update information about + # connId : the connection Id, used to grab/update information about # the current connection - # smbServer : the SMBServer instance available for you to ask + # smbServer : the SMBServer instance available for you to ask # configuration data - # SMBCommand: the SMBCommand itself, with its data and parameters. + # SMBCommand: the SMBCommand itself, with its data and parameters. # Check smb.py:SMBCommand() for a reference # recvPacket: the full SMBPacket that triggered this command # # and MUST return: # , , errorCode - # has higher preference over commands, in case you - # want to change the whole packet - # errorCode: the NT error code + # has higher preference over commands, in case you + # want to change the whole packet + # errorCode: the NT error code # # For SMB_COM_TRANSACTION2, SMB_COM_TRANSACTION and SMB_COM_NT_TRANSACT # the callback function is slightly different: @@ -3863,18 +3862,18 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # callback(connId, smbServer, SMBCommand, recvPacket, transCommands) # # WHERE: - # + # # transCommands: a list of transaction subcommands already registered # if self.__smbCommands.has_key(smbCommand): originalCommand = self.__smbCommands[smbCommand] else: - originalCommand = None + originalCommand = None self.__smbCommands[smbCommand] = callback return originalCommand - + def unregisterSmb2Command(self, smb2Command): if self.__smb2Commands.has_key(smb2Command): del(self.__smb2Commands[smb2Command]) @@ -3883,7 +3882,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe if self.__smb2Commands.has_key(smb2Command): originalCommand = self.__smb2Commands[smb2Command] else: - originalCommand = None + originalCommand = None self.__smb2Commands[smb2Command] = callback return originalCommand @@ -3896,13 +3895,13 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe def getServerOS(self): return self.__serverOS - + def getServerDomain(self): return self.__serverDomain def getSMBChallenge(self): return self.__challenge - + def getServerConfig(self): return self.__serverConfig @@ -3950,22 +3949,22 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe if isSMB2 is False: if packet['Command'] == smb.SMB.SMB_COM_TRANSACTION2: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet, self.__smbTrans2Commands) elif packet['Command'] == smb.SMB.SMB_COM_NT_TRANSACT: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet, self.__smbNTTransCommands) elif packet['Command'] == smb.SMB.SMB_COM_TRANSACTION: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet, self.__smbTransCommands) @@ -3980,26 +3979,26 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe self.log('SMB2_NEGOTIATE: %s' % e, logging.ERROR) # If something went wrong, let's fallback to SMB1 respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet) #self.__SMB2Support = False pass else: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet) else: respCommands, respPackets, errorCode = self.__smbCommands[packet['Command']]( - connId, - self, + connId, + self, SMBCommand, packet) else: - respCommands, respPackets, errorCode = self.__smbCommands[255](connId, self, SMBCommand, packet) + respCommands, respPackets, errorCode = self.__smbCommands[255](connId, self, SMBCommand, packet) compoundedPacketsResponse.append((respCommands, respPackets, errorCode)) compoundedPackets.append(packet) @@ -4010,13 +4009,13 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe if self.__smb2Commands.has_key(packet['Command']): if self.__SMB2Support is True: respCommands, respPackets, errorCode = self.__smb2Commands[packet['Command']]( - connId, - self, + connId, + self, packet) else: respCommands, respPackets, errorCode = self.__smb2Commands[255](connId, self, packet) else: - respCommands, respPackets, errorCode = self.__smb2Commands[255](connId, self, packet) + respCommands, respPackets, errorCode = self.__smb2Commands[255](connId, self, packet) # Let's store the result for this compounded packet compoundedPacketsResponse.append((respCommands, respPackets, errorCode)) compoundedPackets.append(packet) @@ -4024,7 +4023,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe data = data[packet['NextCommand']:] packet = smb2.SMB2Packet(data = data) else: - done = True + done = True except Exception, e: #import traceback @@ -4050,7 +4049,7 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # packet['ErrorClass'] = errorCode & 0xff # return [packet] - self.setConnectionData(connId, connData) + self.setConnectionData(connId, connData) packetsToSend = [] for packetNum in range(len(compoundedPacketsResponse)): @@ -4064,21 +4063,21 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe # TODO this should come from a per session configuration respPacket['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES | packet['Flags2'] & smb.SMB.FLAGS2_UNICODE - #respPacket['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES + #respPacket['Flags2'] = smb.SMB.FLAGS2_EXTENDED_SECURITY | smb.SMB.FLAGS2_NT_STATUS | smb.SMB.FLAGS2_LONG_NAMES #respPacket['Flags1'] = 0x98 #respPacket['Flags2'] = 0xc807 - + respPacket['Tid'] = packet['Tid'] respPacket['Mid'] = packet['Mid'] respPacket['Pid'] = packet['Pid'] respPacket['Uid'] = connData['Uid'] - + respPacket['ErrorCode'] = errorCode >> 16 respPacket['_reserved'] = errorCode >> 8 & 0xff respPacket['ErrorClass'] = errorCode & 0xff respPacket.addCommand(respCommand) - + packetsToSend.append(respPacket) else: respPacket = smb2.SMB2Packet() @@ -4146,9 +4145,9 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe self.__SMB2Support = False if self.__logFile != 'None': - logging.basicConfig(filename = self.__logFile, - level = logging.DEBUG, - format="%(asctime)s: %(levelname)s: %(message)s", + logging.basicConfig(filename = self.__logFile, + level = logging.DEBUG, + format="%(asctime)s: %(levelname)s: %(message)s", datefmt = '%m/%d/%Y %I:%M:%S %p') self.__log = LOG @@ -4162,255 +4161,8 @@ smb.SMB.TRANS_TRANSACT_NMPIPE :self.__smbTransHandler.transactNamedPipe self.__credentials[name] = (domain, lmhash, nthash.strip('\r\n')) line = cred.readline() cred.close() - self.log('Config file parsed') + self.log('Config file parsed') # For windows platforms, opening a directory is not an option, so we set a void FD VOID_FILE_DESCRIPTOR = -1 PIPE_FILE_DESCRIPTOR = -2 - -###################################################################### -# HELPER CLASSES -###################################################################### - -from impacket.dcerpc.v5.rpcrt import DCERPCServer -from impacket.dcerpc.v5.dtypes import NULL -from impacket.dcerpc.v5.srvs import NetrShareEnum, NetrShareEnumResponse, SHARE_INFO_1, NetrServerGetInfo, NetrServerGetInfoResponse, NetrShareGetInfo, NetrShareGetInfoResponse -from impacket.dcerpc.v5.wkst import NetrWkstaGetInfo, NetrWkstaGetInfoResponse -from impacket.system_errors import ERROR_INVALID_LEVEL - -class WKSTServer(DCERPCServer): - def __init__(self): - DCERPCServer.__init__(self) - self.wkssvcCallBacks = { - 0: self.NetrWkstaGetInfo, - } - self.addCallbacks(('6BFFD098-A112-3610-9833-46C3F87E345A', '1.0'),'\\PIPE\\wkssvc', self.wkssvcCallBacks) - - def NetrWkstaGetInfo(self,data): - request = NetrWkstaGetInfo(data) - self.log("NetrWkstaGetInfo Level: %d" % request['Level']) - - answer = NetrWkstaGetInfoResponse() - - if request['Level'] not in (100, 101): - answer['ErrorCode'] = ERROR_INVALID_LEVEL - return answer - - answer['WkstaInfo']['tag'] = request['Level'] - - if request['Level'] == 100: - # Windows. Decimal value 500. - answer['WkstaInfo']['WkstaInfo100']['wki100_platform_id'] = 0x000001F4 - answer['WkstaInfo']['WkstaInfo100']['wki100_computername'] = NULL - answer['WkstaInfo']['WkstaInfo100']['wki100_langroup'] = NULL - answer['WkstaInfo']['WkstaInfo100']['wki100_ver_major'] = 5 - answer['WkstaInfo']['WkstaInfo100']['wki100_ver_minor'] = 0 - else: - # Windows. Decimal value 500. - answer['WkstaInfo']['WkstaInfo101']['wki101_platform_id'] = 0x000001F4 - answer['WkstaInfo']['WkstaInfo101']['wki101_computername'] = NULL - answer['WkstaInfo']['WkstaInfo101']['wki101_langroup'] = NULL - answer['WkstaInfo']['WkstaInfo101']['wki101_ver_major'] = 5 - answer['WkstaInfo']['WkstaInfo101']['wki101_ver_minor'] = 0 - answer['WkstaInfo']['WkstaInfo101']['wki101_lanroot'] = NULL - - return answer - -class SRVSServer(DCERPCServer): - def __init__(self): - DCERPCServer.__init__(self) - - self._shares = {} - self.__serverConfig = None - self.__logFile = None - - self.srvsvcCallBacks = { - 15: self.NetrShareEnum, - 16: self.NetrShareGetInfo, - 21: self.NetrServerGetInfo, - } - - self.addCallbacks(('4B324FC8-1670-01D3-1278-5A47BF6EE188', '3.0'),'\\PIPE\\srvsvc', self.srvsvcCallBacks) - - def setServerConfig(self, config): - self.__serverConfig = config - - def processConfigFile(self, configFile=None): - if configFile is not None: - self.__serverConfig = ConfigParser.ConfigParser() - self.__serverConfig.read(configFile) - sections = self.__serverConfig.sections() - # Let's check the log file - self.__logFile = self.__serverConfig.get('global','log_file') - if self.__logFile != 'None': - logging.basicConfig(filename = self.__logFile, - level = logging.DEBUG, - format="%(asctime)s: %(levelname)s: %(message)s", - datefmt = '%m/%d/%Y %I:%M:%S %p') - - # Remove the global one - del(sections[sections.index('global')]) - self._shares = {} - for i in sections: - self._shares[i] = dict(self.__serverConfig.items(i)) - - def NetrShareGetInfo(self,data): - request = NetrShareGetInfo(data) - self.log("NetrGetShareInfo Level: %d" % request['Level']) - - s = request['NetName'][:-1].upper() - answer = NetrShareGetInfoResponse() - if self._shares.has_key(s): - share = self._shares[s] - - answer['InfoStruct']['tag'] = 1 - answer['InfoStruct']['ShareInfo1']['shi1_netname']= s+'\x00' - answer['InfoStruct']['ShareInfo1']['shi1_type'] = share['share type'] - answer['InfoStruct']['ShareInfo1']['shi1_remark'] = share['comment']+'\x00' - answer['ErrorCode'] = 0 - else: - answer['InfoStruct']['tag'] = 1 - answer['InfoStruct']['ShareInfo1']= NULL - answer['ErrorCode'] = 0x0906 #WERR_NET_NAME_NOT_FOUND - - return answer - - def NetrServerGetInfo(self,data): - request = NetrServerGetInfo(data) - self.log("NetrServerGetInfo Level: %d" % request['Level']) - answer = NetrServerGetInfoResponse() - answer['InfoStruct']['tag'] = 101 - # PLATFORM_ID_NT = 500 - answer['InfoStruct']['ServerInfo101']['sv101_platform_id'] = 500 - answer['InfoStruct']['ServerInfo101']['sv101_name'] = request['ServerName'] - # Windows 7 = 6.1 - answer['InfoStruct']['ServerInfo101']['sv101_version_major'] = 6 - answer['InfoStruct']['ServerInfo101']['sv101_version_minor'] = 1 - # Workstation = 1 - answer['InfoStruct']['ServerInfo101']['sv101_type'] = 1 - answer['InfoStruct']['ServerInfo101']['sv101_comment'] = NULL - answer['ErrorCode'] = 0 - return answer - - def NetrShareEnum(self, data): - request = NetrShareEnum(data) - self.log("NetrShareEnum Level: %d" % request['InfoStruct']['Level']) - shareEnum = NetrShareEnumResponse() - shareEnum['InfoStruct']['Level'] = 1 - shareEnum['InfoStruct']['ShareInfo']['tag'] = 1 - shareEnum['TotalEntries'] = len(self._shares) - shareEnum['InfoStruct']['ShareInfo']['Level1']['EntriesRead'] = len(self._shares) - shareEnum['ErrorCode'] = 0 - - for i in self._shares: - shareInfo = SHARE_INFO_1() - shareInfo['shi1_netname'] = i+'\x00' - shareInfo['shi1_type'] = self._shares[i]['share type'] - shareInfo['shi1_remark'] = self._shares[i]['comment']+'\x00' - shareEnum['InfoStruct']['ShareInfo']['Level1']['Buffer'].append(shareInfo) - - return shareEnum - -class SimpleSMBServer: - """ - SimpleSMBServer class - Implements a simple, customizable SMB Server - - :param string listenAddress: the address you want the server to listen on - :param integer listenPort: the port number you want the server to listen on - :param string configFile: a file with all the servers' configuration. If no file specified, this class will create the basic parameters needed to run. You will need to add your shares manually tho. See addShare() method - """ - def __init__(self, listenAddress = '0.0.0.0', listenPort=445, configFile=''): - if configFile != '': - self.__server = SMBSERVER((listenAddress,listenPort)) - self.__server.processConfigFile(configFile) - self.__smbConfig = None - else: - # Here we write a mini config for the server - self.__smbConfig = ConfigParser.ConfigParser() - self.__smbConfig.add_section('global') - self.__smbConfig.set('global','server_name',''.join([random.choice(string.letters) for _ in range(8)])) - self.__smbConfig.set('global','server_os',''.join([random.choice(string.letters) for _ in range(8)]) -) - self.__smbConfig.set('global','server_domain',''.join([random.choice(string.letters) for _ in range(8)]) -) - self.__smbConfig.set('global','log_file','None') - self.__smbConfig.set('global','rpc_apis','yes') - self.__smbConfig.set('global','credentials_file','') - self.__smbConfig.set('global', 'challenge', "A"*8) - - # IPC always needed - self.__smbConfig.add_section('IPC$') - self.__smbConfig.set('IPC$','comment','') - self.__smbConfig.set('IPC$','read only','yes') - self.__smbConfig.set('IPC$','share type','3') - self.__smbConfig.set('IPC$','path','') - self.__server = SMBSERVER((listenAddress,listenPort), config_parser = self.__smbConfig) - self.__server.processConfigFile() - - # Now we have to register the MS-SRVS server. This specially important for - # Windows 7+ and Mavericks clients since they WONT (specially OSX) - # ask for shares using MS-RAP. - - self.__srvsServer = SRVSServer() - self.__srvsServer.daemon = True - self.__wkstServer = WKSTServer() - self.__wkstServer.daemon = True - self.__server.registerNamedPipe('srvsvc',('127.0.0.1',self.__srvsServer.getListenPort())) - self.__server.registerNamedPipe('wkssvc',('127.0.0.1',self.__wkstServer.getListenPort())) - - def start(self): - self.__srvsServer.start() - self.__wkstServer.start() - self.__server.serve_forever() - - def registerNamedPipe(self, pipeName, address): - return self.__server.registerNamedPipe(pipeName, address) - - def unregisterNamedPipe(self, pipeName): - return self.__server.unregisterNamedPipe(pipeName) - - def getRegisteredNamedPipes(self): - return self.__server.getRegisteredNamedPipes() - - def addShare(self, shareName, sharePath, shareComment='', shareType = 0, readOnly = 'no'): - self.__smbConfig.add_section(shareName) - self.__smbConfig.set(shareName, 'comment', shareComment) - self.__smbConfig.set(shareName, 'read only', readOnly) - self.__smbConfig.set(shareName, 'share type', shareType) - self.__smbConfig.set(shareName, 'path', sharePath) - self.__server.setServerConfig(self.__smbConfig) - self.__srvsServer.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - self.__srvsServer.processConfigFile() - - def removeShare(self, shareName): - self.__smbConfig.remove_section(shareName) - self.__server.setServerConfig(self.__smbConfig) - self.__srvsServer.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - self.__srvsServer.processConfigFile() - - def setSMBChallenge(self, challenge): - if challenge != '': - self.__smbConfig.set('global', 'challenge', unhexlify(challenge)) - self.__server.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - - def setLogFile(self, logFile): - self.__smbConfig.set('global','log_file',logFile) - self.__server.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - - def setCredentialsFile(self, logFile): - self.__smbConfig.set('global','credentials_file',logFile) - self.__server.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - - def setSMB2Support(self, value): - if value is True: - self.__smbConfig.set("global", "SMB2Support", "True") - else: - self.__smbConfig.set("global", "SMB2Support", "False") - self.__server.setServerConfig(self.__smbConfig) - self.__server.processConfigFile() - -- cgit v1.2.3