Class: PacketGen::Plugin::SMB
- Inherits:
-
Header::Base
- Object
- Header::Base
- PacketGen::Plugin::SMB
- Defined in:
- lib/packetgen/plugin/smb.rb,
lib/packetgen/plugin/smb/filetime.rb,
lib/packetgen/plugin/smb/negotiate.rb,
lib/packetgen/plugin/smb/close/request.rb,
lib/packetgen/plugin/smb/trans/request.rb,
lib/packetgen/plugin/smb/close/response.rb,
lib/packetgen/plugin/smb/trans/response.rb,
lib/packetgen/plugin/smb/nt_create_and_x.rb,
lib/packetgen/plugin/smb/negotiate/dialect.rb,
lib/packetgen/plugin/smb/negotiate/request.rb,
lib/packetgen/plugin/smb/negotiate/response.rb,
lib/packetgen/plugin/smb/ntcreateandx/request.rb,
lib/packetgen/plugin/smb/ntcreateandx/response.rb,
lib/packetgen/plugin/smb/browser/host_announcement.rb,
lib/packetgen/plugin/smb/browser/domain_announcement.rb,
lib/packetgen/plugin/smb/browser/local_master_announcement.rb,
lib/packetgen/plugin/smb/browser.rb,
lib/packetgen/plugin/smb/string.rb,
lib/packetgen/plugin/smb/blocks.rb,
lib/packetgen/plugin/smb/trans.rb,
lib/packetgen/plugin/smb/close.rb
Overview
Server Message Block (SMB) header.
Defined Under Namespace
Modules: Close, Negotiate, NtCreateAndX, Trans Classes: Blocks, Browser, Filetime, String
Constant Summary collapse
- COMMANDS =
Known commands
{ 'delete_dir' => 0x01, 'close' => 0x04, 'delete' => 0x06, 'query_info2' => 0x23, 'trans' => 0x25, 'echo' => 0x2b, 'open_and_x' => 0x2d, 'read_and_x' => 0x2e, 'write_and_x' => 0x2f, 'trans2' => 0x32, 'tree_disconnect' => 0x71, 'negotiate' => 0x72, 'session_setup_and_x' => 0x73, 'tree_connect_and_x' => 0x75, 'nt_trans' => 0xa0, 'nt_create_and_x' => 0xa2 }.freeze
- MARKER =
SMB marker, on start of header
PacketGen.force_binary("\xffSMB")
Instance Attribute Summary collapse
- #body ⇒ String
-
#command ⇒ Integer
8-bit SMB command.
-
#flags ⇒ Integer
8-bit flags field.
-
#flags2 ⇒ Integer
16-bit flags field.
- #flags2_compressed? ⇒ Boolean
-
#flags2_dfs? ⇒ Boolean
If set, any pathnames should be resolved in the Distributed File System (DFS).
- #flags2_eas? ⇒ Boolean
- #flags2_extended_security? ⇒ Boolean
- #flags2_is_long_name? ⇒ Boolean
-
#flags2_long_names? ⇒ Boolean
If unset, file names must adhere to the 8.3 naming convention.
-
#flags2_ntstatus? ⇒ Boolean
If set in a client request, server must return errors as NTSTATUS, else as SMBSTATUS.
-
#flags2_paging_io? ⇒ Boolean
Client may read a file if it does not have read permission but have execute one.
- #flags2_reparse_path? ⇒ Boolean
-
#flags2_reserved ⇒ Integer
3-bit reserved field.
- #flags2_rsv? ⇒ Boolean
- #flags2_security_signature_required? ⇒ Boolean
- #flags2_signature? ⇒ Boolean
-
#flags2_unicode? ⇒ Boolean
If set, each field that contains a string in this message is encoded as UTF-16.
-
#flags_canon_paths? ⇒ Boolean
Obsolescent.
-
#flags_case_insensitive? ⇒ Boolean
Obsolete.
-
#flags_locknread ⇒ Boolean
When set in SMB_COM_NEGOTIATE response, the server supports SMB_COM_LOCK_AND_READ and SNB_COM_WRITE_AND_UNLOCK commands.
-
#flags_opbatch? ⇒ Boolean
Obsolescent.
-
#flags_oplock? ⇒ Boolean
Obsolescent.
-
#flags_rbuf_avail? ⇒ Boolean
Obsolete.
-
#flags_reply? ⇒ Boolean
When set, the message is a reply from server to client.
- #flags_reserved? ⇒ Boolean
-
#mid ⇒ Object
16-bit multiplex identifier (MID).
-
#pid ⇒ Integer
16 low order bits of a process identifier (PID).
-
#pid_high ⇒ Integer
16 high order bits of a process identifier (PID).
-
#protocol ⇒ String
This field must contain SMB marker.
-
#reserved ⇒ Integer
16-bit reserved field.
-
#sec_features ⇒ Integer
64-bit field.
-
#status ⇒ Integer
32-bit status field.
-
#tid ⇒ Object
16-bit tree identifier (TID).
-
#uid ⇒ Object
16-bit user identifier (UID).
Class Method Summary collapse
-
.bind_command(command) ⇒ void
Helper to bind a SMB command to SMB header.
Instance Method Summary collapse
- #inspect ⇒ String
-
#parse? ⇒ Boolean
Check if this is really a SMB2 header.
Instance Attribute Details
#body ⇒ String
88 |
# File 'lib/packetgen/plugin/smb.rb', line 88 define_field :body, PacketGen::Types::String |
#command ⇒ Integer
8-bit SMB command
41 |
# File 'lib/packetgen/plugin/smb.rb', line 41 define_field :command, PacketGen::Types::Int8Enum, enum: COMMANDS |
#flags ⇒ Integer
8-bit flags field
49 |
# File 'lib/packetgen/plugin/smb.rb', line 49 define_field :flags, PacketGen::Types::Int8 |
#flags2 ⇒ Integer
16-bit flags field
53 |
# File 'lib/packetgen/plugin/smb.rb', line 53 define_field :flags2, PacketGen::Types::Int16le |
#flags2_compressed? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_dfs? ⇒ Boolean
If set, any pathnames should be resolved in the Distributed File System (DFS).
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_eas? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_extended_security? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_is_long_name? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_long_names? ⇒ Boolean
If unset, file names must adhere to the 8.3 naming convention.
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_ntstatus? ⇒ Boolean
If set in a client request, server must return errors as NTSTATUS, else as SMBSTATUS.
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_paging_io? ⇒ Boolean
Client may read a file if it does not have read permission but have execute one.
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_reparse_path? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_reserved ⇒ Integer
3-bit reserved field
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_rsv? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_security_signature_required? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_signature? ⇒ Boolean
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags2_unicode? ⇒ Boolean
If set, each field that contains a string in this message is encoded as UTF-16.
154 155 156 157 158 159 |
# File 'lib/packetgen/plugin/smb.rb', line 154 define_bit_fields_on :flags2, :flags2_unicode, :flags2_ntstatus, :flags2_paging_io, :flags2_dfs, :flags2_extended_security, :flags2_reparse_path, :flags2_reserved, 3, :flags2_is_long_name, :flags2_rsv, :flags2_security_signature_required, :flags2_compresses, :flags2_signature, :flags2_eas, :flags2_long_names |
#flags_canon_paths? ⇒ Boolean
Obsolescent.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_case_insensitive? ⇒ Boolean
Obsolete.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_locknread ⇒ Boolean
When set in SMB_COM_NEGOTIATE response, the server supports SMB_COM_LOCK_AND_READ and SNB_COM_WRITE_AND_UNLOCK commands.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_opbatch? ⇒ Boolean
Obsolescent.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_oplock? ⇒ Boolean
Obsolescent.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_rbuf_avail? ⇒ Boolean
Obsolete.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_reply? ⇒ Boolean
When set, the message is a reply from server to client.
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#flags_reserved? ⇒ Boolean
113 114 115 |
# File 'lib/packetgen/plugin/smb.rb', line 113 define_bit_fields_on :flags, :flags_reply, :flags_opbatch, :flags_oplock, :flags_canon_paths, :flags_case_insensitive, :flags_reserved, :flags_buf_avail, :flags_locknread |
#mid ⇒ Object
16-bit multiplex identifier (MID)
85 |
# File 'lib/packetgen/plugin/smb.rb', line 85 define_field :mid, PacketGen::Types::Int16le |
#pid ⇒ Integer
16 low order bits of a process identifier (PID)
79 |
# File 'lib/packetgen/plugin/smb.rb', line 79 define_field :pid, PacketGen::Types::Int16le |
#pid_high ⇒ Integer
16 high order bits of a process identifier (PID)
57 |
# File 'lib/packetgen/plugin/smb.rb', line 57 define_field :pid_high, PacketGen::Types::Int16le |
#protocol ⇒ String
This field must contain SMB marker
37 |
# File 'lib/packetgen/plugin/smb.rb', line 37 define_field :protocol, PacketGen::Types::String, static_length: 4, default: MARKER |
#reserved ⇒ Integer
16-bit reserved field
72 |
# File 'lib/packetgen/plugin/smb.rb', line 72 define_field :reserved, PacketGen::Types::Int16le |
#sec_features ⇒ Integer
64-bit field. May be:
-
a 64-bit cryptographic message signature if signature was negotiated,
-
a SecurityFeatures structure, only over connectionless transport, composed of:
-
a 16-bit sequence number,
-
a 16-bit connection identifier (CID),
-
a 32-bit key to validate message,
-
-
a reserved field in all others cases.
68 |
# File 'lib/packetgen/plugin/smb.rb', line 68 define_field :sec_features, PacketGen::Types::Int64le |
#status ⇒ Integer
32-bit status field. Used to communicate errors from server to client.
45 |
# File 'lib/packetgen/plugin/smb.rb', line 45 define_field :status, PacketGen::Types::Int32le |
#tid ⇒ Object
16-bit tree identifier (TID)
75 |
# File 'lib/packetgen/plugin/smb.rb', line 75 define_field :tid, PacketGen::Types::Int16le |
#uid ⇒ Object
16-bit user identifier (UID)
82 |
# File 'lib/packetgen/plugin/smb.rb', line 82 define_field :uid, PacketGen::Types::Int16le |
Class Method Details
.bind_command(command) ⇒ void
This method returns an undefined value.
Helper to bind a SMB command to PacketGen::Plugin::SMB header.
164 165 166 167 168 169 170 171 172 |
# File 'lib/packetgen/plugin/smb.rb', line 164 def self.bind_command(command) contantized = command.capitalize.gsub(/_(\w)/) { $1.upcase } krequest = self.const_get("#{contantized}::Request") kresponse = self.const_get("#{contantized}::Response") PacketGen::Header.add_class krequest self.bind krequest, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80).zero? } PacketGen::Header.add_class kresponse self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) } end |
Instance Method Details
#inspect ⇒ String
181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 |
# File 'lib/packetgen/plugin/smb.rb', line 181 def inspect super do |attr| case attr when :flags, :flags2 value = bits_on(attr).reject { |_, v| v > 1 } .keys .select { |b| send("#{b}?") } .map(&:to_s) .join(',') .gsub!(/#{attr}_/, '') value = '%-16s (0x%02x)' % [value, self[attr].to_i] str = PacketGen::Inspect.shift_level str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''), attr, value] end end end |