Class: PacketGen::Plugin::SMB

Inherits:
Header::Base
  • Object
show all
Defined in:
lib/packetgen/plugin/smb.rb,
lib/packetgen/plugin/smb/filetime.rb,
lib/packetgen/plugin/smb/negotiate.rb,
lib/packetgen/plugin/smb/close/request.rb,
lib/packetgen/plugin/smb/trans/request.rb,
lib/packetgen/plugin/smb/close/response.rb,
lib/packetgen/plugin/smb/trans/response.rb,
lib/packetgen/plugin/smb/nt_create_and_x.rb,
lib/packetgen/plugin/smb/negotiate/dialect.rb,
lib/packetgen/plugin/smb/negotiate/request.rb,
lib/packetgen/plugin/smb/negotiate/response.rb,
lib/packetgen/plugin/smb/ntcreateandx/request.rb,
lib/packetgen/plugin/smb/ntcreateandx/response.rb,
lib/packetgen/plugin/smb/browser/host_announcement.rb,
lib/packetgen/plugin/smb/browser/domain_announcement.rb,
lib/packetgen/plugin/smb/browser/local_master_announcement.rb,
lib/packetgen/plugin/smb/browser.rb,
lib/packetgen/plugin/smb/string.rb,
lib/packetgen/plugin/smb/blocks.rb,
lib/packetgen/plugin/smb/trans.rb,
lib/packetgen/plugin/smb/close.rb

Overview

Server Message Block (SMB) header.

Author:

  • Sylvain Daubert

Defined Under Namespace

Modules: Close, Negotiate, NtCreateAndX, Trans Classes: Blocks, Browser, Filetime, String

Constant Summary collapse

COMMANDS =

Known commands

{
  'delete_dir' => 0x01,
  'close' => 0x04,
  'delete' => 0x06,
  'query_info2' => 0x23,
  'trans' => 0x25,
  'echo' => 0x2b,
  'open_and_x' => 0x2d,
  'read_and_x' => 0x2e,
  'write_and_x' => 0x2f,
  'trans2' => 0x32,
  'tree_disconnect' => 0x71,
  'negotiate' => 0x72,
  'session_setup_and_x' => 0x73,
  'tree_connect_and_x' => 0x75,
  'nt_trans' => 0xa0,
  'nt_create_and_x' => 0xa2
}.freeze
MARKER =

SMB marker, on start of header

"\xffSMB".b.freeze

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#bodyString

Returns:



152
 
# File 'lib/packetgen/plugin/smb.rb', line 152

define_attr :body, BinStruct::String

#commandInteger

8-bit SMB command

Returns:

  • (Integer) 


42
 
# File 'lib/packetgen/plugin/smb.rb', line 42

define_attr :command, BinStruct::Int8Enum, enum: COMMANDS

#flags2_compressed?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_dfs?Boolean

If set, any pathnames should be resolved in the Distributed File System (DFS).

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_eas?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_extended_security?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_is_long_name?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_long_names?Boolean

If unset, file names must adhere to the 8.3 naming convention.

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_ntstatus?Boolean

If set in a client request, server must return errors as NTSTATUS, else as SMBSTATUS.

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_paging_io?Boolean

Client may read a file if it does not have read permission but have execute one.

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_reparse_path?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_reservedInteger

3-bit reserved field

Returns:

  • (Integer) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_rsv?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_security_signature_required?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_signature?Boolean

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags2_unicode?Boolean

If set, each field that contains a string in this message is encoded as UTF-16.

Returns:

  • (Boolean) 


112
113
114
115
116
117
 
# File 'lib/packetgen/plugin/smb.rb', line 112

define_bit_attr :flags2, endian: :little, flags2_unicode: 1, flags2_ntstatus: 1,
flags2_paging_io: 1, flags2_dfs: 1, flags2_extended_security: 1,
flags2_reparse_path: 1, flags2_reserved: 3,
flags2_is_long_name: 1, flags2_rsv: 1,
flags2_security_signature_required: 1, flags2_compresses: 1,
flags2_signature: 1, flags2_eas: 1, flags2_long_names: 1

#flags_canon_paths?Boolean

Obsolescent.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_case_insensitive?Boolean

Obsolete.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_locknreadBoolean

When set in SMB_COM_NEGOTIATE response, the server supports SMB_COM_LOCK_AND_READ and SNB_COM_WRITE_AND_UNLOCK commands.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_opbatch?Boolean

Obsolescent.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_oplock?Boolean

Obsolescent.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_rbuf_avail?Boolean

Obsolete.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_reply?Boolean

When set, the message is a reply from server to client.

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#flags_reserved?Boolean

Returns:

  • (Boolean) 


71
72
73
 
# File 'lib/packetgen/plugin/smb.rb', line 71

define_bit_attr :flags, flags_reply: 1, flags_opbatch: 1, flags_oplock: 1,
flags_canon_paths: 1, flags_case_insensitive: 1,
flags_reserved: 1, flags_buf_avail: 1, flags_locknread: 1

#midObject

16-bit multiplex identifier (MID)



149
 
# File 'lib/packetgen/plugin/smb.rb', line 149

define_attr :mid, BinStruct::Int16le

#pidInteger

16 low order bits of a process identifier (PID)

Returns:

  • (Integer) 


143
 
# File 'lib/packetgen/plugin/smb.rb', line 143

define_attr :pid, BinStruct::Int16le

#pid_highInteger

16 high order bits of a process identifier (PID)

Returns:

  • (Integer) 


121
 
# File 'lib/packetgen/plugin/smb.rb', line 121

define_attr :pid_high, BinStruct::Int16le

#protocolString

This field must contain SMB marker

Returns:



38
 
# File 'lib/packetgen/plugin/smb.rb', line 38

define_attr :protocol, BinStruct::String, static_length: 4, default: MARKER

#reservedInteger

16-bit reserved field

Returns:

  • (Integer) 


136
 
# File 'lib/packetgen/plugin/smb.rb', line 136

define_attr :reserved, BinStruct::Int16le

#sec_featuresInteger

64-bit field. May be:

  • a 64-bit cryptographic message signature if signature was negotiated,

  • a SecurityFeatures structure, only over connectionless transport, composed of:

    • a 16-bit sequence number,

    • a 16-bit connection identifier (CID),

    • a 32-bit key to validate message,

  • a reserved field in all others cases.

Returns:

  • (Integer) 


132
 
# File 'lib/packetgen/plugin/smb.rb', line 132

define_attr :sec_features, BinStruct::Int64le

#statusInteger

32-bit status field. Used to communicate errors from server to client.

Returns:

  • (Integer) 


46
 
# File 'lib/packetgen/plugin/smb.rb', line 46

define_attr :status, BinStruct::Int32le

#tidObject

16-bit tree identifier (TID)



139
 
# File 'lib/packetgen/plugin/smb.rb', line 139

define_attr :tid, BinStruct::Int16le

#uidObject

16-bit user identifier (UID)



146
 
# File 'lib/packetgen/plugin/smb.rb', line 146

define_attr :uid, BinStruct::Int16le

Class Method Details

.bind_command(command) ⇒ void

This method returns an undefined value.

Helper to bind a SMB command to PacketGen::Plugin::SMB header.

Parameters:



157
158
159
160
161
162
163
164
165
 
# File 'lib/packetgen/plugin/smb.rb', line 157

def self.bind_command(command)
  contantized = command.capitalize.gsub(/_(\w)/) { $1.upcase }
  krequest = self.const_get("#{contantized}::Request")
  kresponse = self.const_get("#{contantized}::Response")
  PacketGen::Header.add_class krequest
  self.bind krequest, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : v.nobits?(0x80) }
  PacketGen::Header.add_class kresponse
  self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) }
end

Instance Method Details

#inspectString

Returns:



174
175
176
177
178
179
180
181
182
183
184
185
186
187
 
# File 'lib/packetgen/plugin/smb.rb', line 174

def inspect
  super do |attr|
    case attr
    when :flags, :flags2
      value = bits_on(attr).select { |b| respond_to?("#{b}?") && send("#{b}?") }
                           .map(&:to_s)
                           .join(',')
                           .gsub!(/#{attr}_/, '')
      value = '%-16s (0x%02x)' % [value, self[attr].to_i]
      str = PacketGen::Inspect.shift_level
      str << (PacketGen::Inspect::FMT_ATTR % [self[attr].type_name, attr, value])
    end
  end
end

#parse?Boolean

Check if this is really a SMB2 header. Check #protocol has value MARKER.

Returns:

  • (Boolean) 


169
170
171
 
# File 'lib/packetgen/plugin/smb.rb', line 169

def parse?
  protocol == MARKER
end