internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(ContextHandle);
combine.Extend(ServiceName_MaxCount);
combine.Extend(ServiceName_Offset);
combine.Extend(ServiceName_ActualCount);
combine.Extend(ServiceName);
combine.Extend(DisplayName_ReferentID);
combine.Extend(DisplayName_MaxCount);
combine.Extend(DisplayName_Offset);
combine.Extend(DisplayName_ActualCount);
combine.Extend(DisplayName);
combine.Extend(AccessMask);
combine.Extend(ServiceType);
combine.Extend(ServiceStartType);
combine.Extend(ServiceErrorControl);
combine.Extend(BinaryPathName_MaxCount);
combine.Extend(BinaryPathName_Offset);
combine.Extend(BinaryPathName_ActualCount);
combine.Extend(BinaryPathName);
combine.Extend(LoadOrderGroup);
combine.Extend(TagID);
combine.Extend(Dependencies);
combine.Extend(DependSize);
combine.Extend(ServiceStartName);
combine.Extend(Password);
combine.Extend(PasswordSize);
return(combine.Retrieve());
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(Version);
combine.Extend(VersionMinor);
combine.Extend(PacketType);
combine.Extend(PacketFlags);
combine.Extend(DataRepresentation);
combine.Extend(FragLength);
combine.Extend(AuthLength);
combine.Extend(CallID);
combine.Extend(MaxXmitFrag);
combine.Extend(MaxRecvFrag);
combine.Extend(AssocGroup);
combine.Extend(NumCtxItems);
combine.Extend(Unknown);
combine.Extend(ContextID);
combine.Extend(NumTransItems);
combine.Extend(Unknown2);
combine.Extend(Interface);
combine.Extend(InterfaceVer);
combine.Extend(InterfaceVerMinor);
combine.Extend(TransferSyntax);
combine.Extend(TransferSyntaxVer);
combine.Extend(ExtraData);
return(combine.Retrieve());
}
internal void SetCallID(Int32 dwCallID, Byte[] AuthLevel, Byte[] NegotiateFlags)
{
CallID = BitConverter.GetBytes(dwCallID);
if (3 == dwCallID)
{
Byte[] AuthType = { 0x0a };
//Byte[] AuthLevel = { };
Byte[] AuthPadLength = { 0x00 };
Byte[] AuthReserved = { 0x00 };
Byte[] ContextID3 = { 0x00, 0x00, 0x00, 0x00 };
Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 };
Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 };
//Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 };
Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f };
Combine combine = new Combine();
combine.Extend(AuthType);
combine.Extend(AuthLevel);
combine.Extend(AuthPadLength);
combine.Extend(AuthReserved);
combine.Extend(ContextID3);
combine.Extend(Identifier);
combine.Extend(MessageType);
combine.Extend(NegotiateFlags);
combine.Extend(CallingWorkstationDomain);
combine.Extend(CallingWorkstationName);
combine.Extend(OSVersion);
ExtraData = Combine.combine(ExtraData, combine.Retrieve());
}
}
////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
private Int32 _ReadRequest2(Int64 offset, Int32 length)
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x08, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 });
SMB2ReadRequest readRequest = new SMB2ReadRequest();
readRequest.SetGuidHandleFile(guidFileHandle);
readRequest.SetLength(BitConverter.GetBytes(length));
readRequest.SetOffset(BitConverter.GetBytes(offset));
Byte[] bData = readRequest.GetRequest();
if (signing)
{
header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
NetBIOSSessionService sessionService = new NetBIOSSessionService();
sessionService.SetHeaderLength(bHeader.Length);
sessionService.SetDataLength(bData.Length);
Byte[] bSessionService = sessionService.GetNetBIOSSessionService();
Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
streamSocket.Write(bSend, 0, bSend.Length);
streamSocket.Flush();
Combine combine = new Combine();
Int32 streamLength = 0;
Byte[] dataRecieved = new Byte[0];
do
{
Byte[] part = new Byte[65619];
Int32 partLength = streamSocket.Read(part, 0, part.Length);
streamLength += partLength;
combine.Extend(part.Take(partLength).ToArray());
}while (streamLength < length);
Int32 padding = length < 65535 ? 0 : 54;
recieve = combine.Retrieve().Skip(84).Take(streamLength - 84 - padding).ToArray();
binaryWriter.Write(recieve);
binaryWriter.Flush();
return(recieve.Length);
}
internal Boolean StartServiceW()
{
Console.WriteLine("[+] Starting Service");
serviceHandle = recieve.Skip(112).Take(20).ToArray();
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMStartServiceW startServiceW = new SVCCTLSCMStartServiceW();
startServiceW.SetContextHandle(serviceHandle);
Byte[] bStartService = startServiceW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bStartService.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x13, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bStartService.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bStartService);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
return(Send(bHeader, bData));
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(StructureSize);
combine.Extend(Class);
combine.Extend(InfoLevel);
combine.Extend(BufferLength);
combine.Extend(BufferOffset);
combine.Extend(Reserved);
combine.Extend(AdditionalInformation);
combine.Extend(GUIDHandleFile);
combine.Extend(Buffer);
return(combine.Retrieve());
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(AuthPadding);
combine.Extend(AuthType);
combine.Extend(AuthLevel);
combine.Extend(AuthPadLen);
combine.Extend(AuthReserved);
combine.Extend(AuthContextID);
combine.Extend(NTLMSSPVerifierVersionNumber);
combine.Extend(NTLMSSPVerifierChecksum);
combine.Extend(NTLMSSPVerifierSequenceNumber);
return(combine.Retrieve());
}
internal Boolean CloseServiceHandle()
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMCloseServiceHandle closeServiceW = new SVCCTLSCMCloseServiceHandle();
closeServiceW.SetContextHandle(serviceContectHandle);
Byte[] bCloseServiceW = closeServiceW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bCloseServiceW.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x00, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bCloseServiceW.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bCloseServiceW);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
return(Send(bHeader, bData));
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(StructureSize);
combine.Extend(DataOffset);
combine.Extend(BufferLength);
combine.Extend(Offset);
combine.Extend(FileID);
combine.Extend(Channel);
combine.Extend(RemainingBytes);
combine.Extend(WriteChannelInfoOffset);
combine.Extend(WriteChannelInfoLength);
combine.Extend(Flags);
combine.Extend(Buffer);
return(combine.Retrieve());
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(VersionMajor);
combine.Extend(VersionMinor);
combine.Extend(Flags);
combine.Extend(Reserved);
combine.Extend(CausalityID);
combine.Extend(Reserved2);
combine.Extend(IPID);
combine.Extend(Refs);
combine.Extend(IIDs);
combine.Extend(Unknown);
combine.Extend(IID);
return(combine.Retrieve());
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(Version);
combine.Extend(VersionMinor);
combine.Extend(PacketType);
combine.Extend(PacketFlags);
combine.Extend(DataRepresentation);
combine.Extend(FragLength);
combine.Extend(AuthLength);
combine.Extend(CallID);
combine.Extend(AllocHint);
combine.Extend(ContextID);
combine.Extend(Opnum);
combine.Extend(Data);
return(combine.Retrieve());
}
internal Byte[] GetHeader()
{
Combine combine = new Combine();
combine.Extend(ServerComponent);
combine.Extend(HeaderLength);
combine.Extend(CreditCharge);
combine.Extend(ChannelSequence);
combine.Extend(Reserved);
combine.Extend(Command);
combine.Extend(CreditsRequested);
combine.Extend(Flags);
combine.Extend(ChainOffset);
combine.Extend(MessageID);
combine.Extend(ProcessId);
combine.Extend(TreeId);
combine.Extend(SessionId);
combine.Extend(Signature);
return(combine.Retrieve());
}
internal void SetServerInfoName(String SetServerInfoName)
{
Byte[] targetUnicode = Encoding.Unicode.GetBytes(SetServerInfoName);
IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameString = Combine.combine(targetUnicode, new Byte[] { 0x00, 0x00, 0x00, 0x00 });
IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameActualCount = BitConverter.GetBytes(SetServerInfoName.Length + 1);
IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameMaxCount = BitConverter.GetBytes(SetServerInfoName.Length + 1);
Combine combine = new Combine();
for (Int32 i = 0; i < (Math.Truncate((Decimal)(targetUnicode.Length / 8 + 1) * 8) - targetUnicode.Length); i++)
{
combine.Extend(new Byte[] { 0x00 });
}
targetUnicode = Combine.combine(targetUnicode, combine.Retrieve());
Unknown4 = IActPropertiesCntData = BitConverter.GetBytes(targetUnicode.Length + 720);
IActPropertiesCUSTOMOBJREFSize = BitConverter.GetBytes(targetUnicode.Length + 680);
IActPropertiesCUSTOMOBJREFIActPropertiesTotalSize = IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderTotalSize = BitConverter.GetBytes(targetUnicode.Length + 664);
IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoPrivateHeader = Combine.combine(BitConverter.GetBytes(targetUnicode.Length + 40), new Byte[] { 0x00, 0x00, 0x00, 0x00 });
IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize4 = BitConverter.GetBytes(targetUnicode.Length + 56);
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(Version);
combine.Extend(VersionMinor);
combine.Extend(PacketType);
combine.Extend(PacketFlags);
combine.Extend(DataRepresentation);
combine.Extend(FragLength);
combine.Extend(AuthLength);
combine.Extend(CallID);
combine.Extend(MaxXmitFrag);
combine.Extend(MaxRecvFrag);
combine.Extend(AuthType);
combine.Extend(AuthLevel);
combine.Extend(AuthPadLength);
combine.Extend(AuthReserved);
combine.Extend(ContextID);
combine.Extend(NTLMSSP);
return(combine.Retrieve());
}
internal Boolean OpenSCManagerW()
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x09, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SVCCTLSCMOpenSCManagerW openSCManagerW = new SVCCTLSCMOpenSCManagerW();
Byte[] bSCManager = openSCManagerW.GetRequest();
DCERPCRequest rpcRequest = new DCERPCRequest();
rpcRequest.SetPacketFlags(new Byte[] { 0x03 });
rpcRequest.SetFragLength(bSCManager.Length, 0, 0);
rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 });
rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 });
rpcRequest.SetOpnum(new Byte[] { 0x0f, 0x00 });
Byte[] bRPCRequest = rpcRequest.GetRequest();
SMB2WriteRequest writeRequest = new SMB2WriteRequest();
writeRequest.SetGuidHandleFile(guidFileHandle);
writeRequest.SetLength(bRPCRequest.Length + bSCManager.Length);
Byte[] bWriteRequest = writeRequest.GetRequest();
Combine combine = new Combine();
combine.Extend(bWriteRequest);
combine.Extend(bRPCRequest);
combine.Extend(bSCManager);
Byte[] bData = combine.Retrieve();
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
NetBIOSSessionService sessionService = new NetBIOSSessionService();
sessionService.SetHeaderLength(bHeader.Length);
sessionService.SetDataLength(bData.Length);
Byte[] bSessionService = sessionService.GetNetBIOSSessionService();
Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData);
streamSocket.Write(bSend, 0, bSend.Length);
streamSocket.Flush();
streamSocket.Read(recieve, 0, recieve.Length);
if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
{
return(true);
}
else
{
return(false);
}
}
internal void SetNumCtxItems(Byte[] NumCtxItems, Byte[] NegotiateFlags)
{
if (this.NumCtxItems.Length == NumCtxItems.Length)
{
this.NumCtxItems = NumCtxItems;
}
if (2 == NumCtxItems[0])
{
Byte[] ContextID2 = { 0x01, 0x00 };
Byte[] NumTransItems2 = { 0x01 };
Byte[] Unknown3 = { 0x00 };
Byte[] Interface2 = { 0xc4, 0xfe, 0xfc, 0x99, 0x60, 0x52, 0x1b, 0x10, 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a };
Byte[] InterfaceVer2 = { 0x00, 0x00 };
Byte[] InterfaceVerMinor2 = { 0x00, 0x00 };
Byte[] TransferSyntax2 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 };
Combine combine = new Combine();
combine.Extend(ContextID2);
combine.Extend(NumTransItems2);
combine.Extend(Unknown3);
combine.Extend(Interface2);
combine.Extend(InterfaceVer2);
combine.Extend(InterfaceVerMinor2);
combine.Extend(TransferSyntax2);
combine.Extend(TransferSyntaxVer2);
ExtraData = Combine.combine(ExtraData, combine.Retrieve());
}
else if (3 == NumCtxItems[0])
{
Byte[] ContextID2 = { 0x01, 0x00 };
Byte[] NumTransItems2 = { 0x01 };
Byte[] Unknown3 = { 0x00 };
Byte[] Interface2 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 };
Byte[] InterfaceVer2 = { 0x00, 0x00 };
Byte[] InterfaceVerMinor2 = { 0x00, 0x00 };
Byte[] TransferSyntax2 = { 0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49, 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 };
Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 };
Byte[] ContextID3 = { 0x02, 0x00 };
Byte[] NumTransItems3 = { 0x01 };
Byte[] Unknown4 = { 0x00 };
Byte[] Interface3 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 };
Byte[] InterfaceVer3 = { 0x00, 0x00 };
Byte[] InterfaceVerMinor3 = { 0x00, 0x00 };
Byte[] TransferSyntax3 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] TransferSyntaxVer3 = { 0x01, 0x00, 0x00, 0x00 };
Byte[] AuthType = { 0x0a };
Byte[] AuthLevel = { 0x04 };
Byte[] AuthPadLength = { 0x00 };
Byte[] AuthReserved = { 0x00 };
Byte[] ContextID4 = { 0x00, 0x00, 0x00, 0x00 };
Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 };
Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 };
//Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 };
Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f };
Combine combine = new Combine();
combine.Extend(ContextID2);
combine.Extend(NumTransItems2);
combine.Extend(Unknown3);
combine.Extend(Interface2);
combine.Extend(InterfaceVer2);
combine.Extend(InterfaceVerMinor2);
combine.Extend(TransferSyntax2);
combine.Extend(TransferSyntaxVer2);
combine.Extend(ContextID3);
combine.Extend(NumTransItems3);
combine.Extend(Unknown4);
combine.Extend(Interface3);
combine.Extend(InterfaceVer3);
combine.Extend(InterfaceVerMinor3);
combine.Extend(TransferSyntax3);
combine.Extend(TransferSyntaxVer3);
combine.Extend(AuthType);
combine.Extend(AuthLevel);
combine.Extend(AuthPadLength);
combine.Extend(AuthReserved);
combine.Extend(ContextID4);
combine.Extend(Identifier);
combine.Extend(MessageType);
combine.Extend(NegotiateFlags);
combine.Extend(CallingWorkstationDomain);
combine.Extend(CallingWorkstationName);
combine.Extend(OSVersion);
ExtraData = Combine.combine(ExtraData, combine.Retrieve());
}
}
internal Byte[] GetRequest()
{
Combine combine = new Combine();
combine.Extend(DCOMVersionMajor);
combine.Extend(DCOMVersionMinor);
combine.Extend(DCOMFlags);
combine.Extend(DCOMReserved);
combine.Extend(DCOMCausalityID);
combine.Extend(Unknown);
combine.Extend(Unknown2);
combine.Extend(Unknown3);
combine.Extend(Unknown4);
combine.Extend(IActPropertiesCntData);
combine.Extend(IActPropertiesOBJREFSignature);
combine.Extend(IActPropertiesOBJREFFlags);
combine.Extend(IActPropertiesOBJREFIID);
combine.Extend(IActPropertiesCUSTOMOBJREFCLSID);
combine.Extend(IActPropertiesCUSTOMOBJREFCBExtension);
combine.Extend(IActPropertiesCUSTOMOBJREFSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesTotalSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesReserved);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderTotalSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderCustomHeaderSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderReserved);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesDestinationContext);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesNumActivationPropertyStructs);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsInfoClsid);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesNULLPointer);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrMaxCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid2);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid3);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid4);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid5);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid6);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrMaxCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize2);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize3);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize4);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize5);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize6);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesSessionID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesRemoteThisSessionID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesClientImpersonating);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPartitionIDPresent);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesDefaultAuthnLevel);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPartitionGuid);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesProcessRequestFlags);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesOriginalClassContext);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesFlags);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesReserved);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesUnusedBuffer);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInstantiatedObjectClsId);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoClassContext);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoActivationFlags);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoFlagsSurrogate);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInterfaceIdCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInstantiationFlag);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationEntirePropertySize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationVersionMajor);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationVersionMinor);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsPtrMaxCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIds);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsUnusedBuffer);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientOk);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved2);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved3);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoNULLPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextUnknown);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextCntData);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFSignature);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFFlags);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFIID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFCLSID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFCBExtension);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFSize);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoUnusedBuffer);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoAuthenticationFlags);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoNULLPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoReserved);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNULLPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoReserved2);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameMaxCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameOffset);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameActualCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameString);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoNULLPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoProcessID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoApartmentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoContextID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoCommonHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoPrivateHeader);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoNULLPtr);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestClientImpersonationLevel);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestNumProtocolSequences);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestUnknown);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrReferentID);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrMaxCount);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrProtocolSeq);
combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoUnusedBuffer);
return(combine.Retrieve());
}
////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
internal Boolean GetInfoRequest()
{
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x10, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
SMB2GetInfo getInfo = new SMB2GetInfo();
getInfo.SetClass(new Byte[] { 0x02 });
getInfo.SetInfoLevel(new Byte[] { 0x01 });
getInfo.SetMaxResponseSize(new Byte[] { 0x58, 0x00, 0x00, 0x00 });
getInfo.SetGetInfoInputOffset(new Byte[] { 0x00, 0x00 });
getInfo.SetGUIDHandleFile(guidFileHandle);
Byte[] bData = getInfo.GetRequest();
header.SetChainOffset(bData.Length);
if (signing)
{
header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
SMB2Header header2 = new SMB2Header();
header2.SetCommand(new Byte[] { 0x10, 0x00 });
header2.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header2.SetMessageID(++messageId);
header2.SetProcessID(processId);
header2.SetTreeId(treeId);
header2.SetSessionID(sessionId);
header2.SetFlags(new Byte[] { 0x00, 0x00, 0x00, 0x04 });
SMB2GetInfo getInfo2 = new SMB2GetInfo();
getInfo2.SetClass(new Byte[] { 0x02 });
getInfo2.SetInfoLevel(new Byte[] { 0x05 });
getInfo2.SetMaxResponseSize(new Byte[] { 0x50, 0x00, 0x00, 0x00 });
getInfo2.SetGetInfoInputOffset(new Byte[] { 0x00, 0x00 });
getInfo2.SetGUIDHandleFile(guidFileHandle);
Byte[] bData2 = getInfo2.GetRequest();
if (signing)
{
header2.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 });
header2.SetSignature(sessionKey, ref bData2);
}
Byte[] bHeader2 = header2.GetHeader();
NetBIOSSessionService sessionService = new NetBIOSSessionService();
sessionService.SetHeaderLength(bHeader.Length + bHeader2.Length);
sessionService.SetDataLength(bData.Length + bData2.Length);
Byte[] bSessionService = sessionService.GetNetBIOSSessionService();
Combine combine = new Combine();
combine.Extend(bHeader);
combine.Extend(bData);
combine.Extend(bHeader2);
combine.Extend(bData2);
Byte[] bSend = Combine.combine(bSessionService, combine.Retrieve());
streamSocket.Write(bSend, 0, bSend.Length);
streamSocket.Flush();
streamSocket.Read(recieve, 0, recieve.Length);
if (GetStatus(recieve.Skip(12).Take(4).ToArray()))
{
return(true);
}
return(false);
}
////////////////////////////////////////////////////////////////////////////////
//
////////////////////////////////////////////////////////////////////////////////
internal Boolean FindRequest()
{
treeId = recieve.Skip(40).Take(4).ToArray();
////////////////////////////////////////////////////////////////////////////////
SMB2Header header = new SMB2Header();
header.SetCommand(new Byte[] { 0x0e, 0x00 });
header.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header.SetMessageID(++messageId);
header.SetProcessID(processId);
header.SetTreeId(treeId);
header.SetSessionID(sessionId);
header.SetChainOffset(new Byte[] { 0x68, 0x00, 0x00, 0x00 });
SMB2FindFileRequestFile findFileRequestFile = new SMB2FindFileRequestFile();
findFileRequestFile.SetInfoLevel(new Byte[] { 0x25 });
findFileRequestFile.SetFileID(guidFileHandle);
findFileRequestFile.SetPadding(new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 });
Byte[] bData = findFileRequestFile.GetRequest();
if (signing)
{
header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 });
header.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader = header.GetHeader();
////////////////////////////////////////////////////////////////////////////////
SMB2Header header2 = new SMB2Header();
header2.SetCommand(new Byte[] { 0x0e, 0x00 });
header2.SetCreditsRequested(new Byte[] { 0x01, 0x00 });
header2.SetMessageID(++messageId);
header2.SetProcessID(processId);
header2.SetTreeId(treeId);
header2.SetSessionID(sessionId);
header.SetFlags(new Byte[] { 0x04, 0x00, 0x00, 0x00 });
SMB2FindFileRequestFile findFileRequestFile2 = new SMB2FindFileRequestFile();
findFileRequestFile2.SetInfoLevel(new Byte[] { 0x25 });
findFileRequestFile2.SetFileID(guidFileHandle);
findFileRequestFile2.SetPadding(new Byte[] { 0x80, 0x00, 0x00, 0x00 });
Byte[] bData2 = findFileRequestFile2.GetRequest();
if (signing)
{
header2.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 });
header2.SetSignature(sessionKey, ref bData);
}
Byte[] bHeader2 = header2.GetHeader();
////////////////////////////////////////////////////////////////////////////////
NetBIOSSessionService sessionService = new NetBIOSSessionService();
sessionService.SetHeaderLength(bHeader.Length + bHeader2.Length);
sessionService.SetDataLength(bData.Length + bData2.Length);
Byte[] bSessionService = sessionService.GetNetBIOSSessionService();
Combine combine = new Combine();
combine.Extend(bHeader);
combine.Extend(bData);
combine.Extend(bHeader2);
combine.Extend(bData2);
Byte[] bSend = Combine.combine(bSessionService, combine.Retrieve());
streamSocket.Write(bSend, 0, bSend.Length);
streamSocket.Flush();
streamSocket.Read(recieve, 0, recieve.Length);
return(GetStatus(recieve.Skip(12).Take(4).ToArray()));
}
