Class: PacketGen::Plugin::SMB

Inherits:
Header::Base
  • Object
show all
Defined in:
lib/packetgen/plugin/smb.rb,
lib/packetgen/plugin/smb/filetime.rb,
lib/packetgen/plugin/smb/negotiate.rb,
lib/packetgen/plugin/smb/close/request.rb,
lib/packetgen/plugin/smb/trans/request.rb,
lib/packetgen/plugin/smb/close/response.rb,
lib/packetgen/plugin/smb/trans/response.rb,
lib/packetgen/plugin/smb/nt_create_and_x.rb,
lib/packetgen/plugin/smb/negotiate/dialect.rb,
lib/packetgen/plugin/smb/negotiate/request.rb,
lib/packetgen/plugin/smb/negotiate/response.rb,
lib/packetgen/plugin/smb/ntcreateandx/request.rb,
lib/packetgen/plugin/smb/ntcreateandx/response.rb,
lib/packetgen/plugin/smb/browser/host_announcement.rb,
lib/packetgen/plugin/smb/browser/domain_announcement.rb,
lib/packetgen/plugin/smb/browser/local_master_announcement.rb,
lib/packetgen/plugin/smb/browser.rb,
lib/packetgen/plugin/smb/string.rb,
lib/packetgen/plugin/smb/blocks.rb,
lib/packetgen/plugin/smb/trans.rb,
lib/packetgen/plugin/smb/close.rb

Overview

Server Message Block (SMB) header.

Author:

  • Sylvain Daubert

Defined Under Namespace

Modules: Close, Negotiate, NtCreateAndX, Trans Classes: Blocks, Browser, Filetime, String

Constant Summary collapse

COMMANDS =

Known commands

{
  'delete_dir' => 0x01,
  'close' => 0x04,
  'delete' => 0x06,
  'query_info2' => 0x23,
  'trans' => 0x25,
  'echo' => 0x2b,
  'open_and_x' => 0x2d,
  'read_and_x' => 0x2e,
  'write_and_x' => 0x2f,
  'trans2' => 0x32,
  'tree_disconnect' => 0x71,
  'negotiate' => 0x72,
  'session_setup_and_x' => 0x73,
  'tree_connect_and_x' => 0x75,
  'nt_trans' => 0xa0,
  'nt_create_and_x' => 0xa2
}.freeze
MARKER =

SMB marker, on start of header

PacketGen.force_binary("\xffSMB")

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#bodyString

Returns:



88
 
# File 'lib/packetgen/plugin/smb.rb', line 88

define_field :body, PacketGen::Types::String

#commandInteger

8-bit SMB command

Returns:

  • (Integer) 


41
 
# File 'lib/packetgen/plugin/smb.rb', line 41

define_field :command, PacketGen::Types::Int8Enum, enum: COMMANDS

#flagsInteger

8-bit flags field

Returns:

  • (Integer) 


49
 
# File 'lib/packetgen/plugin/smb.rb', line 49

define_field :flags, PacketGen::Types::Int8

#flags2Integer

16-bit flags field

Returns:

  • (Integer) 


53
 
# File 'lib/packetgen/plugin/smb.rb', line 53

define_field :flags2, PacketGen::Types::Int16le

#flags2_compressed?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_dfs?Boolean

If set, any pathnames should be resolved in the Distributed File System (DFS).

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_eas?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_extended_security?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_is_long_name?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_long_names?Boolean

If unset, file names must adhere to the 8.3 naming convention.

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_ntstatus?Boolean

If set in a client request, server must return errors as NTSTATUS, else as SMBSTATUS.

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_paging_io?Boolean

Client may read a file if it does not have read permission but have execute one.

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_reparse_path?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_reservedInteger

3-bit reserved field

Returns:

  • (Integer) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_rsv?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_security_signature_required?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_signature?Boolean

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags2_unicode?Boolean

If set, each field that contains a string in this message is encoded as UTF-16.

Returns:

  • (Boolean) 


154
155
156
157
158
159
 
# File 'lib/packetgen/plugin/smb.rb', line 154

define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus,
:flags2_paging_io, :flags2_dfs, :flags2_extended_security,
:flags2_reparse_path, :flags2_reserved, 3,
:flags2_is_long_name, :flags2_rsv,
:flags2_security_signature_required, :flags2_compresses,
:flags2_signature, :flags2_eas, :flags2_long_names

#flags_canon_paths?Boolean

Obsolescent.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_case_insensitive?Boolean

Obsolete.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_locknreadBoolean

When set in SMB_COM_NEGOTIATE response, the server supports SMB_COM_LOCK_AND_READ and SNB_COM_WRITE_AND_UNLOCK commands.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_opbatch?Boolean

Obsolescent.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_oplock?Boolean

Obsolescent.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_rbuf_avail?Boolean

Obsolete.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_reply?Boolean

When set, the message is a reply from server to client.

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#flags_reserved?Boolean

Returns:

  • (Boolean) 


113
114
115
 
# File 'lib/packetgen/plugin/smb.rb', line 113

define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock,
:flags_canon_paths, :flags_case_insensitive,
:flags_reserved, :flags_buf_avail, :flags_locknread

#midObject

16-bit multiplex identifier (MID)



85
 
# File 'lib/packetgen/plugin/smb.rb', line 85

define_field :mid, PacketGen::Types::Int16le

#pidInteger

16 low order bits of a process identifier (PID)

Returns:

  • (Integer) 


79
 
# File 'lib/packetgen/plugin/smb.rb', line 79

define_field :pid, PacketGen::Types::Int16le

#pid_highInteger

16 high order bits of a process identifier (PID)

Returns:

  • (Integer) 


57
 
# File 'lib/packetgen/plugin/smb.rb', line 57

define_field :pid_high, PacketGen::Types::Int16le

#protocolString

This field must contain SMB marker

Returns:



37
 
# File 'lib/packetgen/plugin/smb.rb', line 37

define_field :protocol, PacketGen::Types::String, static_length: 4, default: MARKER

#reservedInteger

16-bit reserved field

Returns:

  • (Integer) 


72
 
# File 'lib/packetgen/plugin/smb.rb', line 72

define_field :reserved, PacketGen::Types::Int16le

#sec_featuresInteger

64-bit field. May be:

  • a 64-bit cryptographic message signature if signature was negotiated,

  • a SecurityFeatures structure, only over connectionless transport, composed of:

    • a 16-bit sequence number,

    • a 16-bit connection identifier (CID),

    • a 32-bit key to validate message,

  • a reserved field in all others cases.

Returns:

  • (Integer) 


68
 
# File 'lib/packetgen/plugin/smb.rb', line 68

define_field :sec_features, PacketGen::Types::Int64le

#statusInteger

32-bit status field. Used to communicate errors from server to client.

Returns:

  • (Integer) 


45
 
# File 'lib/packetgen/plugin/smb.rb', line 45

define_field :status, PacketGen::Types::Int32le

#tidObject

16-bit tree identifier (TID)



75
 
# File 'lib/packetgen/plugin/smb.rb', line 75

define_field :tid, PacketGen::Types::Int16le

#uidObject

16-bit user identifier (UID)



82
 
# File 'lib/packetgen/plugin/smb.rb', line 82

define_field :uid, PacketGen::Types::Int16le

Class Method Details

.bind_command(command) ⇒ void

This method returns an undefined value.

Helper to bind a SMB command to PacketGen::Plugin::SMB header.

Parameters:



164
165
166
167
168
169
170
171
172
 
# File 'lib/packetgen/plugin/smb.rb', line 164

def self.bind_command(command)
  contantized = command.capitalize.gsub(/_(\w)/) { $1.upcase }
  krequest = self.const_get("#{contantized}::Request")
  kresponse = self.const_get("#{contantized}::Response")
  PacketGen::Header.add_class krequest
  self.bind krequest, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80).zero? }
  PacketGen::Header.add_class kresponse
  self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) }
end

Instance Method Details

#inspectString

Returns:



181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
 
# File 'lib/packetgen/plugin/smb.rb', line 181

def inspect
  super do |attr|
    case attr
    when :flags, :flags2
      value = bits_on(attr).reject { |_, v| v > 1 }
                           .keys
                           .select { |b| send("#{b}?") }
                           .map(&:to_s)
                           .join(',')
                           .gsub!(/#{attr}_/, '')
      value = '%-16s (0x%02x)' % [value, self[attr].to_i]
      str = PacketGen::Inspect.shift_level
      str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
                                             attr, value]
    end
  end
end

#parse?Boolean

Check if this is really a SMB2 header. Check #protocol has value MARKER.

Returns:

  • (Boolean) 


176
177
178
 
# File 'lib/packetgen/plugin/smb.rb', line 176

def parse?
  protocol == MARKER
end