Class: Rex::Proto::SMB::Constants

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/proto/smb/constants.rb

Constant Summary collapse

SMB_COM_CREATE_DIRECTORY =

SMB Commands

0x00
SMB_COM_DELETE_DIRECTORY =
0x01
SMB_COM_OPEN =
0x02
SMB_COM_CREATE =
0x03
SMB_COM_CLOSE =
0x04
SMB_COM_FLUSH =
0x05
SMB_COM_DELETE =
0x06
SMB_COM_RENAME =
0x07
SMB_COM_QUERY_INFORMATION =
0x08
SMB_COM_SET_INFORMATION =
0x09
SMB_COM_READ =
0x0a
SMB_COM_WRITE =
0x0b
SMB_COM_LOCK_BYTE_RANGE =
0x0c
SMB_COM_UNLOCK_BYTE_RANGE =
0x0d
SMB_COM_CREATE_TEMPORARY =
0x0e
SMB_COM_CREATE_NEW =
0x0f
SMB_COM_CHECK_DIRECTORY =
0x10
SMB_COM_PROCESS_EXIT =
0x11
SMB_COM_SEEK =
0x12
SMB_COM_LOCK_AND_READ =
0x13
SMB_COM_WRITE_AND_UNLOCK =
0x14
SMB_COM_READ_RAW =
0x1a
SMB_COM_READ_MPX =
0x1b
SMB_COM_READ_MPX_SECONDARY =
0x1c
SMB_COM_WRITE_RAW =
0x1d
SMB_COM_WRITE_MPX =
0x1e
SMB_COM_WRITE_MPX_SECONDARY =
0x1f
SMB_COM_WRITE_COMPLETE =
0x20
SMB_COM_QUERY_SERVER =
0x21
SMB_COM_SET_INFORMATION2 =
0x22
SMB_COM_QUERY_INFORMATION2 =
0x23
SMB_COM_LOCKING_ANDX =
0x24
SMB_COM_TRANSACTION =
0x25
SMB_COM_TRANSACTION_SECONDARY =
0x26
SMB_COM_IOCTL =
0x27
SMB_COM_IOCTL_SECONDARY =
0x28
SMB_COM_COPY =
0x29
SMB_COM_MOVE =
0x2a
SMB_COM_ECHO =
0x2b
SMB_COM_WRITE_AND_CLOSE =
0x2c
SMB_COM_OPEN_ANDX =
0x2d
SMB_COM_READ_ANDX =
0x2e
SMB_COM_WRITE_ANDX =
0x2f
SMB_COM_NEW_FILE_SIZE =
0x30
SMB_COM_CLOSE_AND_TREE_DISC =
0x31
SMB_COM_TRANSACTION2 =
0x32
SMB_COM_TRANSACTION2_SECONDARY =
0x33
SMB_COM_FIND_CLOSE2 =
0x34
SMB_COM_FIND_NOTIFY_CLOSE =
0x35
SMB_COM_TREE_CONNECT =
0x70
SMB_COM_TREE_DISCONNECT =
0x71
SMB_COM_NEGOTIATE =
0x72
SMB_COM_SESSION_SETUP_ANDX =
0x73
SMB_COM_LOGOFF_ANDX =
0x74
SMB_COM_TREE_CONNECT_ANDX =
0x75
SMB_COM_QUERY_INFORMATION_DISK =
0x80
SMB_COM_SEARCH =
0x81
SMB_COM_FIND =
0x82
SMB_COM_FIND_UNIQUE =
0x83
SMB_COM_FIND_CLOSE =
0x84
SMB_COM_NT_TRANSACT =
0xa0
SMB_COM_NT_TRANSACT_SECONDARY =
0xa1
SMB_COM_NT_CREATE_ANDX =
0xa2
SMB_COM_NT_CANCEL =
0xa4
SMB_COM_NT_RENAME =
0xa5
SMB_COM_OPEN_PRINT_FILE =
0xc0
SMB_COM_WRITE_PRINT_FILE =
0xc1
SMB_COM_CLOSE_PRINT_FILE =
0xc2
SMB_COM_GET_PRINT_QUEUE =
0xc3
SMB_COM_READ_BULK =
0xd8
SMB_COM_WRITE_BULK =
0xd9
SMB_COM_NO_ANDX_COMMAND =
0xff
SMB2_OP_NEGPROT =

SMB Version 2 Commands

0x00
SMB2_OP_SESSSETUP =
0x01
SMB2_OP_LOGOFF =
0x02
SMB2_OP_TCON =
0x03
SMB2_OP_TDIS =
0x04
SMB2_OP_CREATE =
0x05
SMB2_OP_CLOSE =
0x06
SMB2_OP_FLUSH =
0x07
SMB2_OP_READ =
0x08
SMB2_OP_WRITE =
0x09
SMB2_OP_LOCK =
0x0a
SMB2_OP_IOCTL =
0x0b
SMB2_OP_CANCEL =
0x0c
SMB2_OP_KEEPALIVE =
0x0d
SMB2_OP_FIND =
0x0e
SMB2_OP_NOTIFY =
0x0f
SMB2_OP_GETINFO =
0x10
SMB2_OP_SETINFO =
0x11
SMB2_OP_BREAK =
0x12
NT_TRANSACT_CREATE =

SMB_COM_NT_TRANSACT Subcommands

1
NT_TRANSACT_IOCTL =

File open/create

2
NT_TRANSACT_SET_SECURITY_DESC =

Device IOCTL

3
NT_TRANSACT_NOTIFY_CHANGE =

Set security descriptor

4
NT_TRANSACT_RENAME =

Start directory watch

5
NT_TRANSACT_QUERY_SECURITY_DESC =

Reserved (Handle-based)

6
NT_TRANSACT_GET_USER_QUOTA =

Retrieve security

7
NT_TRANSACT_SET_USER_QUOTA =

Get quota

8
OPEN_MODE_CREAT =

Open Modes

0x10
OPEN_MODE_EXCL =

Create the file if file does not exists. Otherwise, operation fails.

0x00
OPEN_MODE_OPEN =

When used with SMB_O_CREAT, operation fails if file exists. Cannot be used with SMB_O_OPEN.

0x01
OPEN_MODE_TRUNC =

Open the file if the file exists

0x02
OPEN_SHARE_COMPAT =

Shared Access

0x00
OPEN_SHARE_DENY_EXCL =
0x10
OPEN_SHARE_DENY_WRITE =
0x20
OPEN_SHARE_DENY_READEXEC =
0x30
OPEN_SHARE_DENY_NONE =
0x40
OPEN_ACCESS_READ =

File Access

0x00
OPEN_ACCESS_WRITE =
0x01
OPEN_ACCESS_READWRITE =
0x02
OPEN_ACCESS_EXEC =
0x03
CREATE_ACCESS_SUPERSEDE =

Create Disposition

0x00
CREATE_ACCESS_EXIST =

Replace any previously existing file

0x01
CREATE_ACCESS_CREATE =

Open existing file and fail if it does not exist

0x02
CREATE_ACCESS_OPENCREATE =

Create the file, fail if it already exists

0x03
CREATE_ACCESS_OVEREXIST =

Open existing file or create it if it does not exist

0x04
CREATE_ACCESS_OVERCREATE =

Overwrite existing file and fail if it does not exist

0x05
NETBIOS_REDIR =

Wildcard NetBIOS name

'CACACACACACACACACACACACACACACAAA'
TRANS2_OPEN2 =

SMB_COM_TRANSACTION2 Commands

0
TRANS2_FIND_FIRST2 =
1
TRANS2_FIND_NEXT2 =
2
TRANS2_QUERY_FS_INFO =
3
TRANS2_SET_PATH_INFO =
6
TRANS2_CREATE_DIRECTORY =
13
SMB_INFO_ALLOCATION =

SMB_COM_TRANSACTION2 QUERY_FS_INFO information levels

1
SMB_INFO_VOLUME =
2
SMB_QUERY_FS_VOLUME_INFO =
0x102
SMB_QUERY_FS_SIZE_INFO =
0x103
SMB_QUERY_FS_DEVICE_INFO =
0x104
SMB_QUERY_FS_ATTRIBUTE_INFO =
0x105
SMB_INFO_STANDARD =

SMB_COM_TRANSACTION2 QUERY_PATH_INFO information levels

1
SMB_INFO_QUERY_EA_SIZE =
2
SMB_INFO_QUERY_EAS_FROM_LIST =
3
SMB_INFO_QUERY_ALL_EAS =
4
SMB_INFO_IS_NAME_VALID =
6
SMB_QUERY_FILE_BASIC_INFO =
0x101
SMB_QUERY_FILE_STANDARD_INFO =
0x102
SMB_QUERY_FILE_EA_INFO =
0x103
SMB_QUERY_FILE_NAME_INFO =
0x104
SMB_QUERY_FILE_ALL_INFO =
0x107
SMB_QUERY_FILE_ALT_NAME_INFO =
0x108
SMB_QUERY_FILE_STREAM_INFO =
0x109
SMB_QUERY_FILE_COMPRESSION_INFO =
0x10B
SMB_QUERY_FILE_UNIX_BASIC =
0x200
0x201
SMB_INFO_PASSTHROUGH =
0x1000
FILE_DEVICE_BEEP =

Device Types

0x00000001
FILE_DEVICE_CD_ROM =
0x00000002
FILE_DEVICE_CD_ROM_FILE_SYSTEM =
0x00000003
FILE_DEVICE_CONTROLLER =
0x00000004
0x00000005
FILE_DEVICE_DFS =
0x00000006
FILE_DEVICE_DISK =
0x00000007
FILE_DEVICE_DISK_FILE_SYSTEM =
0x00000008
FILE_DEVICE_FILE_SYSTEM =
0x00000009
FILE_DEVICE_INPORT_PORT =
0x0000000A
FILE_DEVICE_KEYBOARD =
0x0000000B
FILE_DEVICE_MAILSLOT =
0x0000000C
FILE_DEVICE_MIDI_IN =
0x0000000D
FILE_DEVICE_MIDI_OUT =
0x0000000E
FILE_DEVICE_MOUSE =
0x0000000F
FILE_DEVICE_MULTI_UNC_PROVIDER =
0x00000010
FILE_DEVICE_NAMED_PIPE =
0x00000011
FILE_DEVICE_NETWORK =
0x00000012
FILE_DEVICE_NETWORK_BROWSER =
0x00000013
FILE_DEVICE_NETWORK_FILE_SYSTEM =
0x00000014
FILE_DEVICE_NULL =
0x00000015
FILE_DEVICE_PARALLEL_PORT =
0x00000016
FILE_DEVICE_PHYSICAL_NETCARD =
0x00000017
FILE_DEVICE_PRINTER =
0x00000018
FILE_DEVICE_SCANNER =
0x00000019
FILE_DEVICE_SERIAL_MOUSE_PORT =
0x0000001A
FILE_DEVICE_SERIAL_PORT =
0x0000001B
FILE_DEVICE_SCREEN =
0x0000001C
FILE_DEVICE_SOUND =
0x0000001D
FILE_DEVICE_STREAMS =
0x0000001E
FILE_DEVICE_TAPE =
0x0000001F
FILE_DEVICE_TAPE_FILE_SYSTEM =
0x00000020
FILE_DEVICE_TRANSPORT =
0x00000021
FILE_DEVICE_UNKNOWN =
0x00000022
FILE_DEVICE_VIDEO =
0x00000023
FILE_DEVICE_VIRTUAL_DISK =
0x00000024
FILE_DEVICE_WAVE_IN =
0x00000025
FILE_DEVICE_WAVE_OUT =
0x00000026
FILE_DEVICE_8042_PORT =
0x00000027
FILE_DEVICE_NETWORK_REDIRECTOR =
0x00000028
FILE_DEVICE_BATTERY =
0x00000029
FILE_DEVICE_BUS_EXTENDER =
0x0000002A
FILE_DEVICE_MODEM =
0x0000002B
FILE_DEVICE_VDM =
0x0000002C
FILE_REMOVABLE_MEDIA =

File and Device Attributes

0x00000001
FILE_READ_ONLY_DEVICE =
0x00000002
FILE_FLOPPY_DISKETTE =
0x00000004
FILE_WRITE_ONE_MEDIA =
0x00000008
FILE_REMOTE_DEVICE =
0x00000010
FILE_DEVICE_IS_MOUNTED =
0x00000020
FILE_VIRTUAL_VOLUME =
0x00000040
FILE_CASE_SENSITIVE_SEARCH =
0x00000001
FILE_CASE_PRESERVED_NAMES =
0x00000002
FILE_PERSISTENT_ACLS =
0x00000004
FILE_FILE_COMPRESSION =
0x00000008
FILE_VOLUME_QUOTAS =
0x00000010
FILE_VOLUME_IS_COMPRESSED =
0x00008000
SMB_EXT_FILE_ATTR_READONLY =
0x00000001
SMB_EXT_FILE_ATTR_HIDDEN =
0x00000002
SMB_EXT_FILE_ATTR_SYSTEM =
0x00000004
SMB_EXT_FILE_ATTR_DIRECTORY =
0x00000010
SMB_EXT_FILE_ATTR_ARCHIVE =
0x00000020
SMB_EXT_FILE_ATTR_NORMAL =
0x00000080
SMB_EXT_FILE_ATTR_TEMPORARY =
0x00000100
SMB_EXT_FILE_ATTR_COMPRESSED =
0x00000800
SMB_EXT_FILE_POSIX_SEMANTICS =
0x01000000
SMB_EXT_FILE_BACKUP_SEMANTICS =
0x02000000
SMB_EXT_FILE_DELETE_ON_CLOSE =
0x04000000
SMB_EXT_FILE_SEQUENTIAL_SCAN =
0x08000000
SMB_EXT_FILE_RANDOM_ACCESS =
0x10000000
SMB_EXT_FILE_NO_BUFFERING =
0x20000000
SMB_EXT_FILE_WRITE_THROUGH =
0x80000000
SMB_STATUS_SUCCESS =

SMB Error Codes

0x00000000
SMB_ERROR_BUFFER_OVERFLOW =
0x80000005
SMB_STATUS_MORE_PROCESSING_REQUIRED =
0xC0000016
SMB_STATUS_ACCESS_DENIED =
0xC0000022
SMB_STATUS_LOGON_FAILURE =
0xC000006D
DIALECT =

SMB Dialect Compatibility

{}
NBRAW_HDR_PKT =

A raw NetBIOS session template

Rex::Struct2::CStructTemplate.new(
  [ 'string', 'Payload', nil, '']
)
NBRAW_PKT =
self.make_nbs(NBRAW_HDR_PKT)
SMB_HDR =

The SMB header template

Rex::Struct2::CStructTemplate.new(
  [ 'uint32n', 'Magic',             0xff534d42 ],
  [ 'uint8',   'Command',           0 ],
  [ 'uint32v', 'ErrorClass',        0 ],
  [ 'uint8',   'Flags1',            0 ],
  [ 'uint16v', 'Flags2',            0 ],
  [ 'uint16v', 'ProcessIDHigh',     0 ],
  [ 'uint32v', 'Signature1',        0 ],
  [ 'uint32v', 'Signature2',        0 ],
  [ 'uint16v', 'Reserved1',         0 ],
  [ 'uint16v', 'TreeID',            0 ],
  [ 'uint16v', 'ProcessID',         0 ],
  [ 'uint16v', 'UserID',            0 ],
  [ 'uint16v', 'MultiplexID',       0 ],
  [ 'uint8',   'WordCount',         0 ]
)
SMB2_HDR =

The SMB2 header template

Rex::Struct2::CStructTemplate.new(
  [ 'uint32n', 'Magic',             0xfe534d42 ],
  [ 'uint16v', 'HeaderLen',         64 ],
  [ 'uint16v', 'Reserved0',         0 ],
  [ 'uint32v', 'NTStatus',          0 ],

  [ 'uint16v', 'Opcode',            0 ],
  [ 'uint16v', 'Reserved1',         0 ],

  [ 'uint16v', 'Flags1',            0 ],
  [ 'uint16v', 'Flags2',            0 ],

  [ 'uint32v', 'ChainOffset',       0 ],

  [ 'uint32v', 'SequenceHigh',      0 ],
  [ 'uint32v', 'SequenceLow',       0 ],

  [ 'uint32v', 'ProcessID',         0 ],
  [ 'uint32v', 'TreeID',            0 ],
  [ 'uint32v', 'UserIDHigh',        0 ],
  [ 'uint32v', 'UserIDLow',         0 ],

  [ 'uint32v', 'SignatureA',        0 ],
  [ 'uint32v', 'SignatureB',        0 ],
  [ 'uint32v', 'SignatureC',        0 ],
  [ 'uint32v', 'SignatureD',        0 ],
  [ 'string',  'Payload', nil,      '']
)
SMB_BASE_HDR_PKT =

A basic SMB template to read all responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_BASE_PKT =
self.make_nbs(SMB_BASE_HDR_PKT)
SMB_NEG_HDR_PKT =

A SMB template for SMB Dialect negotiation

Rex::Struct2::CStructTemplate.new(

  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_NEG_PKT =
self.make_nbs(SMB_NEG_HDR_PKT)
SMB_NEG_RES_LM_HDR_PKT =

A SMB template for SMB Dialect negotiation responses (LANMAN)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'Dialect',              0 ],
  [ 'uint16v', 'SecurityMode',         0 ],
  [ 'uint16v', 'MaxBuff',              0 ],
  [ 'uint16v', 'MaxMPX',               0 ],
  [ 'uint16v', 'MaxVCS',               0 ],
  [ 'uint16v', 'RawMode',              0 ],
  [ 'uint32v', 'SessionKey',           0 ],
  [ 'uint16v', 'DosTime',              0 ],
  [ 'uint16v', 'DosDate',              0 ],
  [ 'uint16v', 'Timezone',             0 ],
  [ 'uint16v', 'KeyLength',            0 ],
  [ 'uint16v', 'Reserved1',            0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'EncryptionKey', nil,  '' ]
).create_restraints(
  [ 'EncryptionKey', 'ByteCount',  nil, true ]
)
SMB_NEG_RES_LM_PKT =
self.make_nbs(SMB_NEG_RES_LM_HDR_PKT)
SMB_NEG_RES_NT_HDR_PKT =

A SMB template for SMB Dialect negotiation responses (NTLM)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'Dialect',              0 ],
  [ 'uint8',   'SecurityMode',         0 ],
  [ 'uint16v', 'MaxMPX',               0 ],
  [ 'uint16v', 'MaxVCS',               0 ],
  [ 'uint32v', 'MaxBuff',              0 ],
  [ 'uint32v', 'MaxRaw',               0 ],
  [ 'uint32v', 'SessionKey',           0 ],
  [ 'uint32v', 'Capabilities',         0 ],
  [ 'uint32v', 'SystemTimeLow',        0 ],
  [ 'uint32v', 'SystemTimeHigh',       0 ],
  [ 'uint16v', 'ServerTimeZone',       0 ],
  [ 'uint8',   'KeyLength',            0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_NEG_RES_NT_PKT =
self.make_nbs(SMB_NEG_RES_NT_HDR_PKT)
SMB_NEG_RES_ERR_HDR_PKT =

A SMB template for SMB Dialect negotiation responses (ERROR)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'Dialect',              0 ],
  [ 'uint16v', 'ByteCount',            0 ]
)
SMB_NEG_RES_ERR_PKT =
self.make_nbs(SMB_NEG_RES_ERR_HDR_PKT)
SMB_SETUP_RES_HDR_PKT =

A SMB template for SMB Session Setup responses (LANMAN/NTLMV1)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'Action',               0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_SETUP_RES_PKT =
self.make_nbs(SMB_SETUP_RES_HDR_PKT)
SMB_SETUP_LANMAN_HDR_PKT =

A SMB template for SMB Session Setup requests (LANMAN)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'MaxBuff',              0 ],
  [ 'uint16v', 'MaxMPX',               0 ],
  [ 'uint16v', 'VCNum',                0 ],
  [ 'uint32v', 'SessionKey',           0 ],
  [ 'uint16v', 'PasswordLen',          0 ],
  [ 'uint32v', 'Reserved2',            0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_SETUP_LANMAN_PKT =
self.make_nbs(SMB_SETUP_LANMAN_HDR_PKT)
SMB_SETUP_NTLMV1_HDR_PKT =

A SMB template for SMB Session Setup requests (NTLMV1)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'MaxBuff',              0 ],
  [ 'uint16v', 'MaxMPX',               0 ],
  [ 'uint16v', 'VCNum',                0 ],
  [ 'uint32v', 'SessionKey',           0 ],
  [ 'uint16v', 'PasswordLenLM',        0 ],
  [ 'uint16v', 'PasswordLenNT',        0 ],
  [ 'uint32v', 'Reserved2',            0 ],
  [ 'uint32v', 'Capabilities',         0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_SETUP_NTLMV1_PKT =
self.make_nbs(SMB_SETUP_NTLMV1_HDR_PKT)
SMB_SETUP_NTLMV2_HDR_PKT =

A SMB template for SMB Session Setup requests (When extended security is being used)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'MaxBuff',              0 ],
  [ 'uint16v', 'MaxMPX',               0 ],
  [ 'uint16v', 'VCNum',                0 ],
  [ 'uint32v', 'SessionKey',           0 ],
  [ 'uint16v', 'SecurityBlobLen',      0 ],
  [ 'uint32v', 'Reserved2',            0 ],
  [ 'uint32v', 'Capabilities',         0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_SETUP_NTLMV2_PKT =
self.make_nbs(SMB_SETUP_NTLMV2_HDR_PKT)
SMB_SETUP_NTLMV2_RES_HDR_PKT =

A SMB template for SMB Session Setup responses (When extended security is being used)

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'Action',               0 ],
  [ 'uint16v', 'SecurityBlobLen',      0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_SETUP_NTLMV2_RES_PKT =
self.make_nbs(SMB_SETUP_NTLMV2_RES_HDR_PKT)
SMB_TREE_CONN_HDR_PKT =

A SMB template for SMB Tree Connect requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'Flags',                0 ],
  [ 'uint16v', 'PasswordLen',          0 ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_TREE_CONN_PKT =
self.make_nbs(SMB_TREE_CONN_HDR_PKT)
SMB_TREE_CONN_RES_HDR_PKT =

A SMB template for SMB Tree Connect requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',   'AndX',                 0 ],
  [ 'uint8',   'Reserved1',            0 ],
  [ 'uint16v', 'AndXOffset',           0 ],
  [ 'uint16v', 'OptionalSupport',      0 ],
  [ 'string',  'SupportWords', nil,   '' ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_TREE_CONN_RES_PKT =
self.make_nbs(SMB_TREE_CONN_RES_HDR_PKT)
SMB_TREE_DISCONN_HDR_PKT =

A SMB template for SMB Tree Disconnect requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_TREE_DISCONN_PKT =
self.make_nbs(SMB_TREE_DISCONN_HDR_PKT)
SMB_TREE_DISCONN_RES_HDR_PKT =

A SMB template for SMB Tree Disconnect requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v', 'ByteCount',            0 ],
  [ 'string',  'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_TREE_DISCONN_RES_PKT =
self.make_nbs(SMB_TREE_DISCONN_RES_HDR_PKT)
SMB_TRANS_HDR_PKT =

A SMB template for SMB Transaction requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'ParamCountTotal',     0 ],
  [ 'uint16v',  'DataCountTotal',      0 ],
  [ 'uint16v',  'ParamCountMax',       0 ],
  [ 'uint16v',  'DataCountMax',        0 ],
  [ 'uint8',    'SetupCountMax',       0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'Flags',               0 ],
  [ 'uint32v',  'Timeout',             0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint16v',  'ParamCount',          0 ],
  [ 'uint16v',  'ParamOffset',         0 ],
  [ 'uint16v',  'DataCount',           0 ],
  [ 'uint16v',  'DataOffset',          0 ],
  [ 'uint8',    'SetupCount',          0 ],
  [ 'uint8',    'Reserved3',           0 ],
  [ 'string',   'SetupData', nil,     '' ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_TRANS_PKT =
self.make_nbs(SMB_TRANS_HDR_PKT)
SMB_TRANS_RES_HDR_PKT =

A SMB template for SMB Transaction responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'ParamCountTotal',     0 ],
  [ 'uint16v',  'DataCountTotal',      0 ],
  [ 'uint16v',  'Reserved1',           0 ],
  [ 'uint16v',  'ParamCount',          0 ],
  [ 'uint16v',  'ParamOffset',         0 ],
  [ 'uint16v',  'ParamDisplace',       0 ],
  [ 'uint16v',  'DataCount',           0 ],
  [ 'uint16v',  'DataOffset',          0 ],
  [ 'uint16v',  'DataDisplace',        0 ],
  [ 'uint8',    'SetupCount',          0 ],
  [ 'uint8',    'Reserved2',           0 ],
  [ 'string',   'SetupData', nil,     '' ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_TRANS_RES_PKT =
self.make_nbs(SMB_TRANS_RES_HDR_PKT)
SMB_TRANS2_HDR_PKT =

A SMB template for SMB Transaction2 requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'ParamCountTotal',     0 ],
  [ 'uint16v',  'DataCountTotal',      0 ],
  [ 'uint16v',  'ParamCountMax',       0 ],
  [ 'uint16v',  'DataCountMax',        0 ],
  [ 'uint8',    'SetupCountMax',       0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'Flags',               0 ],
  [ 'uint32v',  'Timeout',             0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint16v',  'ParamCount',          0 ],
  [ 'uint16v',  'ParamOffset',         0 ],
  [ 'uint16v',  'DataCount',           0 ],
  [ 'uint16v',  'DataOffset',          0 ],
  [ 'uint8',    'SetupCount',          0 ],
  [ 'uint8',    'Reserved3',           0 ],
  [ 'string',   'SetupData', nil,     '' ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_TRANS2_PKT =
self.make_nbs(SMB_TRANS2_HDR_PKT)
SMB_NTTRANS_HDR_PKT =

A SMB template for SMB NTTransaction requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'SetupCountMax',       0 ],
  [ 'uint16v',  'Reserved1',           0 ],
  [ 'uint32v',  'ParamCountTotal',     0 ],
  [ 'uint32v',  'DataCountTotal',      0 ],
  [ 'uint32v',  'ParamCountMax',       0 ],
  [ 'uint32v',  'DataCountMax',        0 ],
  [ 'uint32v',  'ParamCount',          0 ],
  [ 'uint32v',  'ParamOffset',         0 ],
  [ 'uint32v',  'DataCount',           0 ],
  [ 'uint32v',  'DataOffset',          0 ],
  [ 'uint8',    'SetupCount',          0 ],
  [ 'uint16v',  'Subcommand',          0 ],
  [ 'string',   'SetupData', nil,     '' ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_NTTRANS_PKT =
self.make_nbs(SMB_NTTRANS_HDR_PKT)
SMB_NTTRANS_RES_HDR_PKT =

A SMB template for SMB NTTransaction responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint32v',  'ParamCountTotal',     0 ],
  [ 'uint32v',  'DataCountTotal',      0 ],
  [ 'uint32v',  'ParamCount',          0 ],
  [ 'uint32v',  'ParamOffset',         0 ],
  [ 'uint32v',  'ParamDisplace',       0 ],
  [ 'uint32v',  'DataCount',           0 ],
  [ 'uint32v',  'DataOffset',          0 ],
  [ 'uint32v',  'DataDisplace',        0 ],
  [ 'uint8',    'Reserved3',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_NTTRANS_RES_PKT =
self.make_nbs(SMB_NTTRANS_RES_HDR_PKT)
SMB_NTTRANS_SECONDARY_HDR_PKT =

A SMB template for SMB NTTransaction_Secondary requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint32v',  'ParamCountTotal',     0 ],
  [ 'uint32v',  'DataCountTotal',      0 ],
  [ 'uint32v',  'ParamCount',          0 ],
  [ 'uint32v',  'ParamOffset',         0 ],
  [ 'uint32v',  'ParamDisplace',       0 ],
  [ 'uint32v',  'DataCount',           0 ],
  [ 'uint32v',  'DataOffset',          0 ],
  [ 'uint32v',  'DataDisplace',        0 ],
  [ 'uint8',    'SetupCount',          0 ],
  [ 'string',   'SetupData', nil,     '' ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_NTTRANS_SECONDARY_PKT =
self.make_nbs(SMB_NTTRANS_SECONDARY_HDR_PKT)
SMB_CREATE_HDR_PKT =

A SMB template for SMB Create requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint8',    'Reserved2',           0 ],
  [ 'uint16v',  'FileNameLen',         0 ],
  [ 'uint32v',  'CreateFlags',         0 ],
  [ 'uint32v',  'RootFileID',          0 ],
  [ 'uint32v',  'AccessMask',          0 ],
  [ 'uint32v',  'AllocLow',            0 ],
  [ 'uint32v',  'AllocHigh',           0 ],
  [ 'uint32v',  'Attributes',          0 ],
  [ 'uint32v',  'ShareAccess',         0 ],
  [ 'uint32v',  'Disposition',         0 ],
  [ 'uint32v',  'CreateOptions',       0 ],
  [ 'uint32v',  'Impersonation',       0 ],
  [ 'uint8',    'SecurityFlags',       0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,        '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_CREATE_PKT =
self.make_nbs(SMB_CREATE_HDR_PKT)
SMB_CREATE_RES_HDR_PKT =

A SMB template for SMB Create responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint8',    'OpLock',              0 ],
  [ 'uint16v',  'FileID',              0 ],
  [ 'uint32v',  'Action',              0 ],
  [ 'uint32v',  'CreateTimeLow',       0 ],
  [ 'uint32v',  'CreateTimeHigh',      0 ],
  [ 'uint32v',  'AccessTimeLow',       0 ],
  [ 'uint32v',  'AccessTimeHigh',      0 ],
  [ 'uint32v',  'WriteTimeLow',        0 ],
  [ 'uint32v',  'WriteTimeHigh',       0 ],
  [ 'uint32v',  'ChangeTimeLow',       0 ],
  [ 'uint32v',  'ChangeTimeHigh',      0 ],
  [ 'uint32v',  'Attributes',          0 ],
  [ 'uint32v',  'AllocLow',            0 ],
  [ 'uint32v',  'AllocHigh',           0 ],
  [ 'uint32v',  'EOFLow',              0 ],
  [ 'uint32v',  'EOFHigh',             0 ],
  [ 'uint16v',  'FileType',            0 ],
  [ 'uint16v',  'IPCState',            0 ],
  [ 'uint8',    'IsDirectory',         0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload', 'ByteCount',  nil, true ]
)
SMB_CREATE_RES_PKT =
self.make_nbs(SMB_CREATE_RES_HDR_PKT)
SMB_WRITE_HDR_PKT =

A SMB template for SMB Write requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'FileID',              0 ],
  [ 'uint32v',  'Offset',              0 ],
  [ 'uint32v',  'Reserved2',           0 ],
  [ 'uint16v',  'WriteMode',           0 ],
  [ 'uint16v',  'Remaining',           0 ],
  [ 'uint16v',  'DataLenHigh',         0 ],
  [ 'uint16v',  'DataLenLow',          0 ],
  [ 'uint16v',  'DataOffset',          0 ],
  [ 'uint32v',  'DataOffsetHigh',      0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_WRITE_PKT =
self.make_nbs(SMB_WRITE_HDR_PKT)
SMB_WRITE_RES_HDR_PKT =

A SMB template for SMB Write responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'CountLow',            0 ],
  [ 'uint16v',  'Remaining',           0 ],
  [ 'uint16v',  'CountHigh',           0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_WRITE_RES_PKT =
self.make_nbs(SMB_WRITE_RES_HDR_PKT)
SMB_OPEN_HDR_PKT =

A SMB template for SMB OPEN requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'Flags',               0 ],
  [ 'uint16v',  'Access',              0 ],
  [ 'uint16v',  'SearchAttributes',    0 ],
  [ 'uint16v',  'FileAttributes',      0 ],
  [ 'uint32v',  'CreateTime',          0 ],
  [ 'uint16v',  'OpenFunction',        0 ],
  [ 'uint32v',  'AllocSize',           0 ],
  [ 'uint32v',  'Reserved2',           0 ],
  [ 'uint32v',  'Reserved3',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_OPEN_PKT =
self.make_nbs(SMB_OPEN_HDR_PKT)
SMB_OPEN_RES_HDR_PKT =

A SMB template for SMB OPEN responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'FileID',              0 ],
  [ 'uint16v',  'FileAttributes',      0 ],
  [ 'uint32v',  'WriteTime',           0 ],
  [ 'uint32v',  'FileSize',            0 ],
  [ 'uint16v',  'FileAccess',          0 ],
  [ 'uint16v',  'FileType',            0 ],
  [ 'uint16v',  'IPCState',            0 ],
  [ 'uint16v',  'Action',              0 ],
  [ 'uint32v',  'ServerFileID',        0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_OPEN_RES_PKT =
self.make_nbs(SMB_OPEN_RES_HDR_PKT)
SMB_CLOSE_HDR_PKT =

A SMB template for SMB Close requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'FileID',              0 ],
  [ 'uint32v',  'LastWrite',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_CLOSE_PKT =
self.make_nbs(SMB_CLOSE_HDR_PKT)
SMB_CLOSE_RES_HDR_PKT =

A SMB template for SMB Close responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_CLOSE_RES_PKT =
self.make_nbs(SMB_CLOSE_RES_HDR_PKT)
SMB_DELETE_HDR_PKT =

A SMB template for SMB Delete requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'SearchAttribute',     0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'uint8',    'BufferFormat',        0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_DELETE_PKT =
self.make_nbs(SMB_DELETE_HDR_PKT)
SMB_DELETE_RES_HDR_PKT =

A SMB template for SMB Delete responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_DELETE_RES_PKT =
self.make_nbs(SMB_DELETE_RES_HDR_PKT)
SMB_READ_HDR_PKT =

A SMB template for SMB Read requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'FileID',              0 ],
  [ 'uint32v',  'Offset',              0 ],
  [ 'uint16v',  'MaxCountLow',         0 ],
  [ 'uint16v',  'MinCount',            0 ],
  [ 'uint32v',  'Reserved2',           0 ],
  [ 'uint16v',  'Remaining',           0 ],
  [ 'uint32v',  'MaxCountHigh',        0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_READ_PKT =
self.make_nbs(SMB_READ_HDR_PKT)
SMB_READ_RES_HDR_PKT =

A SMB template for SMB Read responses

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint8',    'AndX',                0 ],
  [ 'uint8',    'Reserved1',           0 ],
  [ 'uint16v',  'AndXOffset',          0 ],
  [ 'uint16v',  'Remaining',           0 ],
  [ 'uint16v',  'DataCompaction',      0 ],
  [ 'uint16v',  'Reserved2',           0 ],
  [ 'uint16v',  'DataLenLow',          0 ],
  [ 'uint16v',  'DataOffset',          0 ],
  [ 'uint32v',  'DataLenHigh',         0 ],
  [ 'uint32v',  'Reserved3',           0 ],
  [ 'uint16v',  'Reserved4',           0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_READ_RES_PKT =
self.make_nbs(SMB_READ_RES_HDR_PKT)
SMB_SEARCH_HDR_PKT =

A SMB template for SMB Search requests

Rex::Struct2::CStructTemplate.new(
  [ 'template', 'SMB',                 SMB_HDR ],
  [ 'uint16v',  'MaxCount',            0 ],
  [ 'uint16v',  'Attributes',          0 ],
  [ 'uint16v',  'ByteCount',           0 ],
  [ 'string',   'Payload', nil,       '' ]
).create_restraints(
  [ 'Payload',   'ByteCount',  nil, true ]
)
SMB_SEARCH_PKT =
self.make_nbs(SMB_SEARCH_HDR_PKT)

Class Method Summary collapse

Class Method Details

.make_nbs(template) ⇒ Object

Create a NetBIOS session packet template



369
370
371
372
373
374
375
376
377
378
# File 'lib/rex/proto/smb/constants.rb', line 369

def self.make_nbs (template)
  Rex::Struct2::CStructTemplate.new(
    [ 'uint8',    'Type',             0 ],
    [ 'uint8',    'Flags',            0 ],
    [ 'uint16n',  'PayloadLen',       0 ],
    [ 'template', 'Payload',          template ]
  ).create_restraints(
    [ 'Payload', 'PayloadLen',  nil, true ]
  )
end