SMB2Header C# (CSharp) Code-Beispiele

Beispiel #1

0

Datei anzeigen

        internal Boolean RPCBind()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x09, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            DCERPCBind bind = new DCERPCBind();

            bind.SetFragLength(new Byte[] { 0x48, 0x00 });
            bind.SetCallID(1);
            bind.SetNumCtxItems(new Byte[] { 0x01 });
            bind.SetInterface(new Byte[] { 0x81, 0xbb, 0x7a, 0x36, 0x44, 0x98, 0xf1, 0x35, 0xad, 0x32, 0x98, 0xf0, 0x38, 0x00, 0x10, 0x03 });
            bind.SetInterfaceVer(new Byte[] { 0x02, 0x00 });
            Byte[] bData = bind.GetRequest();

            SMB2WriteRequest writeRequest = new SMB2WriteRequest();

            writeRequest.SetGuidHandleFile(guidFileHandle);
            writeRequest.SetLength(bData.Length);
            bData = Combine.combine(writeRequest.GetRequest(), bData);

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #2

0

Datei anzeigen

        internal Boolean CreateRequest(Byte[] ShareAccess)
        {
            treeId = recieve.Skip(40).Take(4).ToArray();

            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x05, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2CreateRequest createRequest = new SMB2CreateRequest();

            createRequest.SetFileName("svcctl");
            createRequest.SetShareAccess(ShareAccess);
            Byte[] bData = createRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            Boolean returnValue = Send(bHeader, bData);

            guidFileHandle = recieve.Skip(0x0084).Take(16).ToArray();

            return(returnValue);
        }

Beispiel #3

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal void NTLMSSPNegotiate()
        {
            SMB2Header header = new SMB2Header();
            header.SetCommand(new Byte[] { 0x01, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x1f, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);
            Byte[] bHeader = header.GetHeader();

            SMB2NTLMSSPNegotiate NTLMSSPNegotiate = new SMB2NTLMSSPNegotiate(version);
            NTLMSSPNegotiate.SetFlags(flags);
            Byte[] bNegotiate = NTLMSSPNegotiate.GetSMB2NTLMSSPNegotiate();
            
            SMB2SessionSetupRequest sessionSetup = new SMB2SessionSetupRequest();
            sessionSetup.SetSecurityBlob(bNegotiate);
            Byte[] bData = sessionSetup.GetSMB2SessionSetupRequest();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();
            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] send = Combine.combine(bSessionService, bHeader);
            send = Combine.combine(send, bData);
            streamSocket.Write(send, 0, send.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);
        }

Beispiel #4

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        public void NegotiateSMB2()
        {   
            SMB2Header header = new SMB2Header();
            header.SetCommand(new Byte[] { 0x00, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x00, 0x00 });
            header.SetMessageID(messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);
            Byte[] bHeader = header.GetHeader();

            SMB2NegotiateProtocolRequest protocols = new SMB2NegotiateProtocolRequest();
            Byte[] bData = protocols.GetProtocols();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();
            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] send = Combine.combine(bSessionService, bHeader);
            send = Combine.combine(send, bData);
            streamSocket.Write(send, 0, send.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);
        }

Beispiel #5

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean TreeConnect(String share)
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x03, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2TreeConnectRequest treeConnect = new SMB2TreeConnectRequest();

            treeConnect.SetPath(share);
            Byte[] bData = treeConnect.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #6

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public uint TreeConnect(string strShareName)
        {
            if (!IsBuildSession)
            {
                throw new Exception("no build session");
            }
            string      strPath     = @"\\" + IpAddress + @"\" + strShareName;
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.TREE_CONNECT, SMB2HeaderFlags.None, mid, 0, SessionId);
            SMB2Body    sMB2Body    = new TreeConnectRequest(strPath.GetUnicodeBytes());
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status == 0)
            {
                return(sm.SMB2Header.TreeId);
            }
            else
            {
                throw new Exception("TreeConnect Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #7

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean LogoffRequest()
        {
            SMB2Header header = new SMB2Header();
            header.SetCommand(new Byte[] { 0x02, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2SessionLogoffRequest logoffRequest = new SMB2SessionLogoffRequest();
            Byte[] bData = logoffRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();
            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);

            if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
                return true;
            else
                return false;
        }

Beispiel #8

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public Guid CreateFile(uint treeId,
                               FilePipePrinterAccessMaskFlags maskFlags,
                               ShareAccessFlags shareAccess,
                               ECreateDisposition createDisposition,
                               uint createOptions,
                               string strFileName, out ulong length)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.CREATE, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    sMB2Body    = new CreateRequest(maskFlags, shareAccess, createDisposition, createOptions, strFileName.GetUnicodeBytes());
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status == 0)
            {
                var cr = sm.SMB2Body as CreateResponse;

                length = cr.EndofFile;
                return(cr.FileId);
            }
            else
            {
                throw new Exception("CreateFile Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #9

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal void IoctlRequest(String share)
        {
            treeId = new Byte[] { 0x01, 0x00, 0x00, 0x00 };

            SMB2Header header = new SMB2Header();
            header.SetCommand(new Byte[] { 0x0b, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2IoctlRequest ioctlRequest = new SMB2IoctlRequest();
            ioctlRequest.SetFileName(share);
            Byte[] bData = ioctlRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();
            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);
            treeId = new Byte[] { 0x00, 0x00, 0x00, 0x00 };
        }

Beispiel #10

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean Logoff()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x02, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2SessionLogoffRequest logoffRequest = new SMB2SessionLogoffRequest();

            Byte[] bData = logoffRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }

            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #11

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean CloseRequest()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x06, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2CloseRequest closeRequest = new SMB2CloseRequest();

            closeRequest.SetFileID(guidFileHandle);
            Byte[] bData = closeRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            else
            {
                header.SetFlags(new Byte[] { 0x00, 0x00, 0x00, 0x00 });
            }
            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #12

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public byte[] Read(uint treeId, uint fileLength, Guid fileId)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.READ, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    sMB2Body    = new ReadRequest(fileLength, fileId);
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status == 0)
            {
                var s = sm.SMB2Body as ReadResponse;
                return(s.Buffer);
            }
            else if (sm.SMB2Header.Status == NTStateType.PIPE_DISCONNECTED)
            {
                throw new PipeDisConnectException();
            }
            else
            {
                throw new Exception("Read Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #13

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        private Int32 _ReadRequest2(Int64 offset, Int32 length)
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x08, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);
            header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 });

            SMB2ReadRequest readRequest = new SMB2ReadRequest();

            readRequest.SetGuidHandleFile(guidFileHandle);
            readRequest.SetLength(BitConverter.GetBytes(length));
            readRequest.SetOffset(BitConverter.GetBytes(offset));
            Byte[] bData = readRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();

            Combine combine      = new Combine();
            Int32   streamLength = 0;

            Byte[] dataRecieved = new Byte[0];
            do
            {
                Byte[] part       = new Byte[65619];
                Int32  partLength = streamSocket.Read(part, 0, part.Length);
                streamLength += partLength;
                combine.Extend(part.Take(partLength).ToArray());
            }while (streamLength < length);
            Int32 padding = length < 65535 ? 0 : 54;

            recieve = combine.Retrieve().Skip(84).Take(streamLength - 84 - padding).ToArray();

            binaryWriter.Write(recieve);
            binaryWriter.Flush();

            return(recieve.Length);
        }

Beispiel #14

0

Datei anzeigen

Datei: SMBClientPut.cs Projekt: zforks/WheresMyImplant

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean SetInfoRequest(String sourceFilePath, String destination)
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x11, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2SetInfo setInfo = new SMB2SetInfo();

            setInfo.SetClass(new Byte[] { 0x01 });
            setInfo.SetInfoLevel(new Byte[] { 0x14 });
            setInfo.SetGUIDHandleFile(guidFileHandle);

            //This may need to be coverted to int32
            using (FileStream fileStream = new FileStream(Path.GetFullPath(sourceFilePath), FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
            {
                using (BinaryReader binaryReader = new BinaryReader(fileStream))
                {
                    setInfo.SetBuffer(BitConverter.GetBytes(binaryReader.BaseStream.Length));
                }
            }

            setInfo.SetGUIDHandleFile(guidFileHandle);
            Byte[] bData = setInfo.GetRequest();

            header.SetChainOffset(bData.Length);
            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData));
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);

            if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
            {
                treeId = recieve.Skip(40).Take(4).ToArray();
                return(true);
            }
            return(false);
        }

Beispiel #15

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal override Boolean ReadRequest()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x08, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);
            header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 });

            SMB2ReadRequest readRequest = new SMB2ReadRequest();

            readRequest.SetGuidHandleFile(guidFileHandle);
            readRequest.SetLength(BitConverter.GetBytes(4096));
            readRequest.SetOffset(BitConverter.GetBytes((Int64)0));
            Byte[] bData = readRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();

            Int16 i = 0;

            while (smbClient.Available < 8192 && i < 10)
            {
                System.Threading.Thread.Sleep(100);
                i++;
            }

            Int32 streamLength = streamSocket.Read(recieve, 0, recieve.Length);

            Byte[] data = recieve.Skip(84).Take((Int32)streamLength).ToArray();

            GetStatus(recieve.Skip(12).Take(4).ToArray());

            return(true);
        }

Beispiel #16

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal override Boolean CreateRequest(String folder)
        {
            treeId = recieve.Skip(40).Take(4).ToArray();

            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x05, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2CreateRequest createRequest = new SMB2CreateRequest();

            if (!String.IsNullOrEmpty(folder))
            {
                createRequest.SetFileName(folder);
            }
            createRequest.SetExtraInfo(1, 0);
            createRequest.SetCreateOptions(new Byte[] { 0x00, 0x00, 0x20, 0x00 });
            createRequest.SetAccessMask(new Byte[] { 0x89, 0x00, 0x12, 0x00 });
            createRequest.SetShareAccess(new Byte[] { 0x05, 0x00, 0x00, 0x00 });
            Byte[] bData = createRequest.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);

            if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
            {
                guidFileHandle = recieve.Skip(0x0084).Take(16).ToArray();
                return(true);
            }
            return(false);
        }

Beispiel #17

0

Datei anzeigen

        internal Boolean StartServiceW()
        {
            Console.WriteLine("[+] Starting Service");
            serviceHandle = recieve.Skip(112).Take(20).ToArray();

            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x09, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SVCCTLSCMStartServiceW startServiceW = new SVCCTLSCMStartServiceW();

            startServiceW.SetContextHandle(serviceHandle);
            Byte[] bStartService = startServiceW.GetRequest();

            DCERPCRequest rpcRequest = new DCERPCRequest();

            rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
            rpcRequest.SetFragLength(bStartService.Length, 0, 0);
            rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
            rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
            rpcRequest.SetOpnum(new Byte[] { 0x13, 0x00 });
            Byte[] bRPCRequest = rpcRequest.GetRequest();

            SMB2WriteRequest writeRequest = new SMB2WriteRequest();

            writeRequest.SetGuidHandleFile(guidFileHandle);
            writeRequest.SetLength(bRPCRequest.Length + bStartService.Length);
            Byte[] bWriteRequest = writeRequest.GetRequest();

            Combine combine = new Combine();

            combine.Extend(bWriteRequest);
            combine.Extend(bRPCRequest);
            combine.Extend(bStartService);
            Byte[] bData = combine.Retrieve();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #18

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public void TreeDisconnect(uint treeId)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  smb2Header  = new SMB2Header(ESMB2Command.TREE_DISCONNECT, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    smb2Body    = new LogoffAndTreeDisconnect();
            SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body);

            SMBTransport.SendDatas(smb2Message.DumpBinary());
            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status != NTStateType.Success)
            {
                throw new Exception("TreeDisconnect Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #19

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        SMB2Message SendSessionSetupRequest(ulong mid, ulong sessionId, byte[] secData)
        {
            SMB2Header  smb2Header  = new SMB2Header(ESMB2Command.SESSION_SETUP, SMB2HeaderFlags.None, mid, 0, sessionId);
            SMB2Body    smb2Body    = new SessionSetupRequest(secData);
            SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body);

            SMBTransport.SendDatas(smb2Message.DumpBinary());
            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status != NTStateType.Success && sm.SMB2Header.Status != NTStateType.MoreProcessingRequired)
            {
                throw new Exception("SessionSetup Status error:" + sm.SMB2Header.Status);
            }
            return(sm);
        }

Beispiel #20

0

Datei anzeigen

Datei: SMBServer.cs Projekt: fisboger/ElCazador

        private async Task NegotiateSMB1ToSMB2Response(SMBPacket packet)
        {
            try
            {
                var header = new SMB2Header(new byte[] { 0x00, 0x00 });

                var data = new SMB2NegotiateResponse(header.Build()).Build();

                await Send(packet.Socket, data);
            }
            catch (Exception e)
            {
                await Controller.Log(Name, e.ToString());
            }
        }

Beispiel #21

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public void CloseFile(uint treeId, Guid fileId)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.CLOSE, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    sMB2Body    = new CloseRequest(fileId);
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status != 0)
            {
                throw new Exception("CloseFile Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #22

0

Datei anzeigen

        internal Boolean CloseServiceHandle()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x09, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SVCCTLSCMCloseServiceHandle closeServiceW = new SVCCTLSCMCloseServiceHandle();

            closeServiceW.SetContextHandle(serviceContectHandle);
            Byte[] bCloseServiceW = closeServiceW.GetRequest();

            DCERPCRequest rpcRequest = new DCERPCRequest();

            rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
            rpcRequest.SetFragLength(bCloseServiceW.Length, 0, 0);
            rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
            rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
            rpcRequest.SetOpnum(new Byte[] { 0x00, 0x00 });
            Byte[] bRPCRequest = rpcRequest.GetRequest();

            SMB2WriteRequest writeRequest = new SMB2WriteRequest();

            writeRequest.SetGuidHandleFile(guidFileHandle);
            writeRequest.SetLength(bRPCRequest.Length + bCloseServiceW.Length);
            Byte[] bWriteRequest = writeRequest.GetRequest();

            Combine combine = new Combine();

            combine.Extend(bWriteRequest);
            combine.Extend(bRPCRequest);
            combine.Extend(bCloseServiceW);
            Byte[] bData = combine.Retrieve();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            return(Send(bHeader, bData));
        }

Beispiel #23

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

 public void SessionLogoff()
 {
     if (IsBuildSession)
     {
         ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
         SMB2Header  smb2Header  = new SMB2Header(ESMB2Command.LOGOFF, SMB2HeaderFlags.None, mid, 0, SessionId);
         SMB2Body    smb2Body    = new LogoffAndTreeDisconnect();
         SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body);
         SMBTransport.SendDatas(smb2Message.DumpBinary());
         var sm = GetMessage(mid);
         if (sm.SMB2Header.Status != NTStateType.Success)
         {
             throw new Exception("SessionLogoff Status error:" + sm.SMB2Header.Status);
         }
         IsBuildSession = false;
     }
 }

Beispiel #24

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal Boolean SetInfoRequest()
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x11, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2SetInfo setInfo = new SMB2SetInfo();

            setInfo.SetClass(new Byte[] { 0x01 });
            setInfo.SetInfoLevel(new Byte[] { 0x0d });
            setInfo.SetGUIDHandleFile(guidFileHandle);
            setInfo.SetBuffer(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
            Byte[] bData = setInfo.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData));
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);

            if (GetStatusSilent(recieve.Skip(12).Take(4).ToArray()))
            {
                Console.WriteLine("[+] File Deleted");
                return(true);
            }
            return(false);
        }

Beispiel #25

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public byte[] IOCTL(uint treeId, CTLCodeType ctlCodeType, Guid fileId, CTLType ctlType, byte[] buffer)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.IOCTL, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    sMB2Body    = new IOCTLRequest(ctlCodeType, fileId, ctlType, buffer);
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status == 0)
            {
                var s = sm.SMB2Body as IOCTLResponse;
                return(s.Buffer);
            }
            else
            {
                throw new Exception("IOCTL Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #26

0

Datei anzeigen

Datei: SMB2Worker.cs Projekt: tlsnns/NTLMClient

        public uint Write(uint treeId, ulong offset, Guid fileId, byte[] datas)
        {
            ulong       mid         = (ulong)Interlocked.Increment(ref MessageId);
            SMB2Header  sMB2Header  = new SMB2Header(ESMB2Command.WRITE, SMB2HeaderFlags.None, mid, treeId, SessionId);
            SMB2Body    sMB2Body    = new WriteRequest(offset, fileId, datas);
            SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body);

            SMBTransport.SendDatas(sMB2Message.DumpBinary());

            var sm = GetMessage(mid);

            if (sm.SMB2Header.Status == 0)
            {
                var s = sm.SMB2Body as WriteResponse;
                return(s.Count);
            }
            else
            {
                throw new Exception("Write Status error:" + sm.SMB2Header.Status);
            }
        }

Beispiel #27

0

Datei anzeigen

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        internal virtual Boolean InfoRequest()
        {
            SMB2Header header = new SMB2Header();
            header.SetCommand(new Byte[] { 0x10, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2GetInfo getInfo = new SMB2GetInfo();
            getInfo.SetClass(new Byte[] { 0x02 });
            getInfo.SetInfoLevel(new Byte[] { 0x05 });
            getInfo.SetMaxResponseSize(new Byte[] { 0x50, 0x00, 0x00, 0x00 });
            getInfo.SetGUIDHandleFile(recieve.Skip(132).Take(16).ToArray());
            Byte[] bData = getInfo.GetRequest();

            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();
            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);

            if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
                return true;
            else
                return false;
        }

Beispiel #28

0

Datei anzeigen

Datei: SMBClientPut.cs Projekt: zforks/WheresMyImplant

        ////////////////////////////////////////////////////////////////////////////////
        //
        ////////////////////////////////////////////////////////////////////////////////
        private void _WriteRequest(Byte[] buffer, Int64 offset)
        {
            SMB2Header header = new SMB2Header();

            header.SetCommand(new Byte[] { 0x09, 0x00 });
            header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
            header.SetMessageID(++messageId);
            header.SetProcessID(processId);
            header.SetTreeId(treeId);
            header.SetSessionID(sessionId);

            SMB2WriteRequest writeRequest = new SMB2WriteRequest();

            writeRequest.SetGuidHandleFile(guidFileHandle);
            writeRequest.SetBuffer(buffer);
            writeRequest.SetOffset(offset);

            Byte[] bData = writeRequest.GetRequest();

            header.SetChainOffset(bData.Length);
            if (signing)
            {
                header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
                header.SetSignature(sessionKey, ref bData);
            }
            Byte[] bHeader = header.GetHeader();

            NetBIOSSessionService sessionService = new NetBIOSSessionService();

            sessionService.SetHeaderLength(bHeader.Length);
            sessionService.SetDataLength(bData.Length);
            Byte[] bSessionService = sessionService.GetNetBIOSSessionService();

            Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData));
            streamSocket.Write(bSend, 0, bSend.Length);
            streamSocket.Flush();
            streamSocket.Read(recieve, 0, recieve.Length);
        }

Beispiel #29

0

Datei anzeigen

Datei: SMBServer.cs Projekt: fisboger/ElCazador

        private async Task NegotiateResponse(SMBPacket packet)
        {
            try
            {
                var header = new SMB2Header(
                    new byte[] { 0x00, 0x00 },
                    packet.MessageID,
                    packet.CreditCharge,
                    packet.Credits,
                    packet.ProcessID
                    );

                var data = new SMB2NegotiateResponse(
                    header.Build(),
                    new byte[] { 0x10, 0x02 }).Build();

                await Send(packet.Socket, data);
            }
            catch (Exception e)
            {
                await Controller.Log(Name, e.ToString());
            }
        }

Beispiel #30

0

Datei anzeigen

Datei: SMBServer.cs Projekt: fisboger/ElCazador

        private async Task SendAccessDenied(SMBPacket packet)
        {
            try
            {
                var header = new SMB2Header(
                    new byte[] { 0x01, 0x00 },
                    packet.MessageID,
                    packet.CreditCharge,
                    packet.Credits,
                    new byte[] { 0xff, 0xfe, 0x00, 0x00 },
                    packet.SessionID,
                    new byte[] { 0x22, 0x00, 0x00, 0xc0 }
                    );

                var data = new SMB2AccessDenied(header.Build()).Build();

                await Send(packet.Socket, data);
            }
            catch (Exception e)
            {
                await Controller.Log(Name, e.ToString());
            }
        }

C# (CSharp) SMB2Header Beispiele