internal Boolean RPCBind() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); DCERPCBind bind = new DCERPCBind(); bind.SetFragLength(new Byte[] { 0x48, 0x00 }); bind.SetCallID(1); bind.SetNumCtxItems(new Byte[] { 0x01 }); bind.SetInterface(new Byte[] { 0x81, 0xbb, 0x7a, 0x36, 0x44, 0x98, 0xf1, 0x35, 0xad, 0x32, 0x98, 0xf0, 0x38, 0x00, 0x10, 0x03 }); bind.SetInterfaceVer(new Byte[] { 0x02, 0x00 }); Byte[] bData = bind.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bData.Length); bData = Combine.combine(writeRequest.GetRequest(), bData); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
internal Boolean CreateRequest(Byte[] ShareAccess) { treeId = recieve.Skip(40).Take(4).ToArray(); SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x05, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2CreateRequest createRequest = new SMB2CreateRequest(); createRequest.SetFileName("svcctl"); createRequest.SetShareAccess(ShareAccess); Byte[] bData = createRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); Boolean returnValue = Send(bHeader, bData); guidFileHandle = recieve.Skip(0x0084).Take(16).ToArray(); return(returnValue); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal void NTLMSSPNegotiate() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x01, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x1f, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); Byte[] bHeader = header.GetHeader(); SMB2NTLMSSPNegotiate NTLMSSPNegotiate = new SMB2NTLMSSPNegotiate(version); NTLMSSPNegotiate.SetFlags(flags); Byte[] bNegotiate = NTLMSSPNegotiate.GetSMB2NTLMSSPNegotiate(); SMB2SessionSetupRequest sessionSetup = new SMB2SessionSetupRequest(); sessionSetup.SetSecurityBlob(bNegotiate); Byte[] bData = sessionSetup.GetSMB2SessionSetupRequest(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] send = Combine.combine(bSessionService, bHeader); send = Combine.combine(send, bData); streamSocket.Write(send, 0, send.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// public void NegotiateSMB2() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x00, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x00, 0x00 }); header.SetMessageID(messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); Byte[] bHeader = header.GetHeader(); SMB2NegotiateProtocolRequest protocols = new SMB2NegotiateProtocolRequest(); Byte[] bData = protocols.GetProtocols(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] send = Combine.combine(bSessionService, bHeader); send = Combine.combine(send, bData); streamSocket.Write(send, 0, send.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean TreeConnect(String share) { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x03, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2TreeConnectRequest treeConnect = new SMB2TreeConnectRequest(); treeConnect.SetPath(share); Byte[] bData = treeConnect.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
public uint TreeConnect(string strShareName) { if (!IsBuildSession) { throw new Exception("no build session"); } string strPath = @"\\" + IpAddress + @"\" + strShareName; ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.TREE_CONNECT, SMB2HeaderFlags.None, mid, 0, SessionId); SMB2Body sMB2Body = new TreeConnectRequest(strPath.GetUnicodeBytes()); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status == 0) { return(sm.SMB2Header.TreeId); } else { throw new Exception("TreeConnect Status error:" + sm.SMB2Header.Status); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean LogoffRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x02, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2SessionLogoffRequest logoffRequest = new SMB2SessionLogoffRequest(); Byte[] bData = logoffRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) return true; else return false; }
public Guid CreateFile(uint treeId, FilePipePrinterAccessMaskFlags maskFlags, ShareAccessFlags shareAccess, ECreateDisposition createDisposition, uint createOptions, string strFileName, out ulong length) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.CREATE, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body sMB2Body = new CreateRequest(maskFlags, shareAccess, createDisposition, createOptions, strFileName.GetUnicodeBytes()); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status == 0) { var cr = sm.SMB2Body as CreateResponse; length = cr.EndofFile; return(cr.FileId); } else { throw new Exception("CreateFile Status error:" + sm.SMB2Header.Status); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal void IoctlRequest(String share) { treeId = new Byte[] { 0x01, 0x00, 0x00, 0x00 }; SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x0b, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2IoctlRequest ioctlRequest = new SMB2IoctlRequest(); ioctlRequest.SetFileName(share); Byte[] bData = ioctlRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); treeId = new Byte[] { 0x00, 0x00, 0x00, 0x00 }; }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean Logoff() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x02, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2SessionLogoffRequest logoffRequest = new SMB2SessionLogoffRequest(); Byte[] bData = logoffRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean CloseRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x06, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2CloseRequest closeRequest = new SMB2CloseRequest(); closeRequest.SetFileID(guidFileHandle); Byte[] bData = closeRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } else { header.SetFlags(new Byte[] { 0x00, 0x00, 0x00, 0x00 }); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
public byte[] Read(uint treeId, uint fileLength, Guid fileId) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.READ, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body sMB2Body = new ReadRequest(fileLength, fileId); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status == 0) { var s = sm.SMB2Body as ReadResponse; return(s.Buffer); } else if (sm.SMB2Header.Status == NTStateType.PIPE_DISCONNECTED) { throw new PipeDisConnectException(); } else { throw new Exception("Read Status error:" + sm.SMB2Header.Status); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private Int32 _ReadRequest2(Int64 offset, Int32 length) { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x08, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 }); SMB2ReadRequest readRequest = new SMB2ReadRequest(); readRequest.SetGuidHandleFile(guidFileHandle); readRequest.SetLength(BitConverter.GetBytes(length)); readRequest.SetOffset(BitConverter.GetBytes(offset)); Byte[] bData = readRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); Combine combine = new Combine(); Int32 streamLength = 0; Byte[] dataRecieved = new Byte[0]; do { Byte[] part = new Byte[65619]; Int32 partLength = streamSocket.Read(part, 0, part.Length); streamLength += partLength; combine.Extend(part.Take(partLength).ToArray()); }while (streamLength < length); Int32 padding = length < 65535 ? 0 : 54; recieve = combine.Retrieve().Skip(84).Take(streamLength - 84 - padding).ToArray(); binaryWriter.Write(recieve); binaryWriter.Flush(); return(recieve.Length); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean SetInfoRequest(String sourceFilePath, String destination) { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x11, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2SetInfo setInfo = new SMB2SetInfo(); setInfo.SetClass(new Byte[] { 0x01 }); setInfo.SetInfoLevel(new Byte[] { 0x14 }); setInfo.SetGUIDHandleFile(guidFileHandle); //This may need to be coverted to int32 using (FileStream fileStream = new FileStream(Path.GetFullPath(sourceFilePath), FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { using (BinaryReader binaryReader = new BinaryReader(fileStream)) { setInfo.SetBuffer(BitConverter.GetBytes(binaryReader.BaseStream.Length)); } } setInfo.SetGUIDHandleFile(guidFileHandle); Byte[] bData = setInfo.GetRequest(); header.SetChainOffset(bData.Length); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData)); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) { treeId = recieve.Skip(40).Take(4).ToArray(); return(true); } return(false); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal override Boolean ReadRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x08, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 }); SMB2ReadRequest readRequest = new SMB2ReadRequest(); readRequest.SetGuidHandleFile(guidFileHandle); readRequest.SetLength(BitConverter.GetBytes(4096)); readRequest.SetOffset(BitConverter.GetBytes((Int64)0)); Byte[] bData = readRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); Int16 i = 0; while (smbClient.Available < 8192 && i < 10) { System.Threading.Thread.Sleep(100); i++; } Int32 streamLength = streamSocket.Read(recieve, 0, recieve.Length); Byte[] data = recieve.Skip(84).Take((Int32)streamLength).ToArray(); GetStatus(recieve.Skip(12).Take(4).ToArray()); return(true); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal override Boolean CreateRequest(String folder) { treeId = recieve.Skip(40).Take(4).ToArray(); SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x05, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2CreateRequest createRequest = new SMB2CreateRequest(); if (!String.IsNullOrEmpty(folder)) { createRequest.SetFileName(folder); } createRequest.SetExtraInfo(1, 0); createRequest.SetCreateOptions(new Byte[] { 0x00, 0x00, 0x20, 0x00 }); createRequest.SetAccessMask(new Byte[] { 0x89, 0x00, 0x12, 0x00 }); createRequest.SetShareAccess(new Byte[] { 0x05, 0x00, 0x00, 0x00 }); Byte[] bData = createRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) { guidFileHandle = recieve.Skip(0x0084).Take(16).ToArray(); return(true); } return(false); }
internal Boolean StartServiceW() { Console.WriteLine("[+] Starting Service"); serviceHandle = recieve.Skip(112).Take(20).ToArray(); SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SVCCTLSCMStartServiceW startServiceW = new SVCCTLSCMStartServiceW(); startServiceW.SetContextHandle(serviceHandle); Byte[] bStartService = startServiceW.GetRequest(); DCERPCRequest rpcRequest = new DCERPCRequest(); rpcRequest.SetPacketFlags(new Byte[] { 0x03 }); rpcRequest.SetFragLength(bStartService.Length, 0, 0); rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 }); rpcRequest.SetOpnum(new Byte[] { 0x13, 0x00 }); Byte[] bRPCRequest = rpcRequest.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bRPCRequest.Length + bStartService.Length); Byte[] bWriteRequest = writeRequest.GetRequest(); Combine combine = new Combine(); combine.Extend(bWriteRequest); combine.Extend(bRPCRequest); combine.Extend(bStartService); Byte[] bData = combine.Retrieve(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
public void TreeDisconnect(uint treeId) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header smb2Header = new SMB2Header(ESMB2Command.TREE_DISCONNECT, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body smb2Body = new LogoffAndTreeDisconnect(); SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body); SMBTransport.SendDatas(smb2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status != NTStateType.Success) { throw new Exception("TreeDisconnect Status error:" + sm.SMB2Header.Status); } }
SMB2Message SendSessionSetupRequest(ulong mid, ulong sessionId, byte[] secData) { SMB2Header smb2Header = new SMB2Header(ESMB2Command.SESSION_SETUP, SMB2HeaderFlags.None, mid, 0, sessionId); SMB2Body smb2Body = new SessionSetupRequest(secData); SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body); SMBTransport.SendDatas(smb2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status != NTStateType.Success && sm.SMB2Header.Status != NTStateType.MoreProcessingRequired) { throw new Exception("SessionSetup Status error:" + sm.SMB2Header.Status); } return(sm); }
private async Task NegotiateSMB1ToSMB2Response(SMBPacket packet) { try { var header = new SMB2Header(new byte[] { 0x00, 0x00 }); var data = new SMB2NegotiateResponse(header.Build()).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }
public void CloseFile(uint treeId, Guid fileId) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.CLOSE, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body sMB2Body = new CloseRequest(fileId); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status != 0) { throw new Exception("CloseFile Status error:" + sm.SMB2Header.Status); } }
internal Boolean CloseServiceHandle() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SVCCTLSCMCloseServiceHandle closeServiceW = new SVCCTLSCMCloseServiceHandle(); closeServiceW.SetContextHandle(serviceContectHandle); Byte[] bCloseServiceW = closeServiceW.GetRequest(); DCERPCRequest rpcRequest = new DCERPCRequest(); rpcRequest.SetPacketFlags(new Byte[] { 0x03 }); rpcRequest.SetFragLength(bCloseServiceW.Length, 0, 0); rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 }); rpcRequest.SetOpnum(new Byte[] { 0x00, 0x00 }); Byte[] bRPCRequest = rpcRequest.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bRPCRequest.Length + bCloseServiceW.Length); Byte[] bWriteRequest = writeRequest.GetRequest(); Combine combine = new Combine(); combine.Extend(bWriteRequest); combine.Extend(bRPCRequest); combine.Extend(bCloseServiceW); Byte[] bData = combine.Retrieve(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
public void SessionLogoff() { if (IsBuildSession) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header smb2Header = new SMB2Header(ESMB2Command.LOGOFF, SMB2HeaderFlags.None, mid, 0, SessionId); SMB2Body smb2Body = new LogoffAndTreeDisconnect(); SMB2Message smb2Message = new SMB2Message(smb2Header, smb2Body); SMBTransport.SendDatas(smb2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status != NTStateType.Success) { throw new Exception("SessionLogoff Status error:" + sm.SMB2Header.Status); } IsBuildSession = false; } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean SetInfoRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x11, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2SetInfo setInfo = new SMB2SetInfo(); setInfo.SetClass(new Byte[] { 0x01 }); setInfo.SetInfoLevel(new Byte[] { 0x0d }); setInfo.SetGUIDHandleFile(guidFileHandle); setInfo.SetBuffer(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); Byte[] bData = setInfo.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData)); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatusSilent(recieve.Skip(12).Take(4).ToArray())) { Console.WriteLine("[+] File Deleted"); return(true); } return(false); }
public byte[] IOCTL(uint treeId, CTLCodeType ctlCodeType, Guid fileId, CTLType ctlType, byte[] buffer) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.IOCTL, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body sMB2Body = new IOCTLRequest(ctlCodeType, fileId, ctlType, buffer); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status == 0) { var s = sm.SMB2Body as IOCTLResponse; return(s.Buffer); } else { throw new Exception("IOCTL Status error:" + sm.SMB2Header.Status); } }
public uint Write(uint treeId, ulong offset, Guid fileId, byte[] datas) { ulong mid = (ulong)Interlocked.Increment(ref MessageId); SMB2Header sMB2Header = new SMB2Header(ESMB2Command.WRITE, SMB2HeaderFlags.None, mid, treeId, SessionId); SMB2Body sMB2Body = new WriteRequest(offset, fileId, datas); SMB2Message sMB2Message = new SMB2Message(sMB2Header, sMB2Body); SMBTransport.SendDatas(sMB2Message.DumpBinary()); var sm = GetMessage(mid); if (sm.SMB2Header.Status == 0) { var s = sm.SMB2Body as WriteResponse; return(s.Count); } else { throw new Exception("Write Status error:" + sm.SMB2Header.Status); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal virtual Boolean InfoRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x10, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2GetInfo getInfo = new SMB2GetInfo(); getInfo.SetClass(new Byte[] { 0x02 }); getInfo.SetInfoLevel(new Byte[] { 0x05 }); getInfo.SetMaxResponseSize(new Byte[] { 0x50, 0x00, 0x00, 0x00 }); getInfo.SetGUIDHandleFile(recieve.Skip(132).Take(16).ToArray()); Byte[] bData = getInfo.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) return true; else return false; }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private void _WriteRequest(Byte[] buffer, Int64 offset) { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetBuffer(buffer); writeRequest.SetOffset(offset); Byte[] bData = writeRequest.GetRequest(); header.SetChainOffset(bData.Length); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(bSessionService, Combine.combine(bHeader, bData)); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); }
private async Task NegotiateResponse(SMBPacket packet) { try { var header = new SMB2Header( new byte[] { 0x00, 0x00 }, packet.MessageID, packet.CreditCharge, packet.Credits, packet.ProcessID ); var data = new SMB2NegotiateResponse( header.Build(), new byte[] { 0x10, 0x02 }).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }
private async Task SendAccessDenied(SMBPacket packet) { try { var header = new SMB2Header( new byte[] { 0x01, 0x00 }, packet.MessageID, packet.CreditCharge, packet.Credits, new byte[] { 0xff, 0xfe, 0x00, 0x00 }, packet.SessionID, new byte[] { 0x22, 0x00, 0x00, 0xc0 } ); var data = new SMB2AccessDenied(header.Build()).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }