internal Boolean StartServiceW()
{
Console.WriteLine("[+] Starting Service");
serviceHandle = recieve.Skip(112).Take(20).ToArray();
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMStartServiceW startServiceW = new SVCCTLSCMStartServiceW();
startServiceW.SetContextHandle(serviceHandle);
Byte[] bStartService = startServiceW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bStartService.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x13, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bStartService.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bStartService);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
return(Send(bHeader, bData));
}
internal Boolean CloseServiceHandle()
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMCloseServiceHandle closeServiceW = new SVCCTLSCMCloseServiceHandle();
closeServiceW.SetContextHandle(serviceContectHandle);
Byte[] bCloseServiceW = closeServiceW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bCloseServiceW.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x00, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bCloseServiceW.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bCloseServiceW);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
return(Send(bHeader, bData));
}
internal Boolean OpenSCManagerW()
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMOpenSCManagerW openSCManagerW = new SVCCTLSCMOpenSCManagerW();
Byte[] bSCManager = openSCManagerW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bSCManager.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x0f, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bSCManager.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bSCManager);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
NetBIOSSessionService sessionService = new NetBIOSSessionService();
sessionService.SetHeaderLength(bHeader.Length);
sessionService.SetDataLength(bData.Length);
Byte[] bSessionService = sessionService.GetNetBIOSSessionService();
Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
streamSocket.Write(bSend, 0, bSend.Length);
streamSocket.Flush();
streamSocket.Read(recieve, 0, recieve.Length);
if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
{
return(true);
}
else
{
return(false);
}
}