private void FetchSmb2CompressionInfo(Smb2Info smb2Info)
{
if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
{
logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression.");
smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0];
return;
}
var possibleCompressionAlogrithms = new CompressionAlgorithm[] { CompressionAlgorithm.LZ77, CompressionAlgorithm.LZ77Huffman, CompressionAlgorithm.LZNT1 };
// Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response.
var result = possibleCompressionAlogrithms.Where(compressionAlgorithm =>
{
using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
uint status = client.Negotiate(
0,
1,
Packet_Header_Flags_Values.NONE,
0,
new DialectRevision[] { DialectRevision.Smb311 },
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.NONE,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload,
preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm }
);
if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm)
{
logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT.");
return(true);
}
else
{
logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT.");
return(false);
}
}
});
smb2Info.SupportedCompressionAlgorithms = result.ToArray();
}
public Smb2Info FetchSmb2Info(DetectionInfo info)
{
Smb2Info smb2Info = new Smb2Info();
using (Smb2Client smb2Client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
logWriter.AddLog(DetectLogLevel.Information, "Client connects to server");
smb2Client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
ulong messageId = 1;
logWriter.AddLog(DetectLogLevel.Information, "Client sends multi-protocol Negotiate to server");
MultiProtocolNegotiate(
smb2Client,
0,
1,
Packet_Header_Flags_Values.NONE,
ref messageId,
info.requestDialect,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_ENCRYPTION | Capabilities_Values.GLOBAL_CAP_LARGE_MTU | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload);
if (responseHeader.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", responseHeader.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(responseHeader.Status)));
}
smb2Info.MaxSupportedDialectRevision = responsePayload.DialectRevision;
smb2Info.SupportedCapabilities = (Capabilities_Values)responsePayload.Capabilities;
smb2Info.SelectedCipherID = smb2Client.SelectedCipherID;
smb2Info.IsRequireMessageSigning = responsePayload.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED);
}
FetchSmb2CompressionInfo(smb2Info);
FetchSmb2EncryptionInfo(smb2Info);
return(smb2Info);
}
public Smb2Info FetchSmb2Info(DetectionInfo info)
{
Smb2Info smb2Info = new Smb2Info();
using (Smb2Client smb2Client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
logWriter.AddLog(LogLevel.Information, "Client connects to server");
smb2Client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
logWriter.AddLog(LogLevel.Information, "Client sends multi-protocol Negotiate to server");
MultiProtocolNegotiate(
smb2Client,
0,
1,
Packet_Header_Flags_Values.NONE,
1,
info.requestDialect,
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_ENCRYPTION | Capabilities_Values.GLOBAL_CAP_LARGE_MTU | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload);
if (responseHeader.Status != Smb2Status.STATUS_SUCCESS)
{
LogFailedStatus("NEGOTIATE", responseHeader.Status);
throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(responseHeader.Status)));
}
smb2Info.MaxSupportedDialectRevision = responsePayload.DialectRevision;
smb2Info.SupportedCapabilities = (Capabilities_Values)responsePayload.Capabilities;
smb2Info.SelectedCipherID = smb2Client.SelectedCipherID;
smb2Info.IsRequireMessageSigning = responsePayload.SecurityMode.HasFlag(NEGOTIATE_Response_SecurityMode_Values.NEGOTIATE_SIGNING_REQUIRED);
return smb2Info;
}
}
private void FetchSmb2CompressionInfo(Smb2Info smb2Info)
{
if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
{
logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression.");
smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0];
smb2Info.IsChainedCompressionSupported = false;
return;
}
var allCompressionAlogrithms = Enum.GetValues(typeof(CompressionAlgorithm)).Cast <CompressionAlgorithm>().ToArray();
var possibleCompressionAlogrithms = Smb2Utility.GetSupportedPatternScanningAlgorithms(allCompressionAlogrithms).Concat(Smb2Utility.GetSupportedCompressionAlgorithms(allCompressionAlogrithms));
// Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response.
var result = possibleCompressionAlogrithms.Where(compressionAlgorithm =>
{
using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
uint status = client.Negotiate(
0,
1,
Packet_Header_Flags_Values.NONE,
0,
new DialectRevision[] { DialectRevision.Smb311 },
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.NONE,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload,
preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm }
);
if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm)
{
logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT.");
return(true);
}
else
{
logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT.");
return(false);
}
}
});
smb2Info.SupportedCompressionAlgorithms = result.ToArray();
// Check for chained compression support
using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
uint status = client.Negotiate(
0,
1,
Packet_Header_Flags_Values.NONE,
0,
new DialectRevision[] { DialectRevision.Smb311 },
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.NONE,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload,
preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
compressionAlgorithms: possibleCompressionAlogrithms.ToArray(),
compressionFlags: SMB2_COMPRESSION_CAPABILITIES_Flags.SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED
);
if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.SupportChainedCompression)
{
logWriter.AddLog(LogLevel.Information, "Chained compression is supported by SUT.");
smb2Info.IsChainedCompressionSupported = true;
}
else
{
logWriter.AddLog(LogLevel.Information, "Chained compression is not supported by SUT.");
smb2Info.IsChainedCompressionSupported = false;
}
}
}
private void FetchSmb2EncryptionInfo(Smb2Info smb2Info)
{
EncryptionAlgorithm[] excludedEncryptionAlogrithms;
if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311)
{
excludedEncryptionAlogrithms = new EncryptionAlgorithm[]
{
EncryptionAlgorithm.ENCRYPTION_NONE,
EncryptionAlgorithm.ENCRYPTION_INVALID,
EncryptionAlgorithm.ENCRYPTION_AES256_CCM,
EncryptionAlgorithm.ENCRYPTION_AES256_GCM
};
}
else
{
excludedEncryptionAlogrithms = new EncryptionAlgorithm[]
{
EncryptionAlgorithm.ENCRYPTION_NONE,
EncryptionAlgorithm.ENCRYPTION_INVALID
};
}
var possibleEncryptionAlogrithms = Enum.GetValues(typeof(EncryptionAlgorithm)).Cast <EncryptionAlgorithm>().Except(excludedEncryptionAlogrithms);
logWriter.AddLog(DetectLogLevel.Information, $"Available EncryptionAlgorithms ==> {String.Join(";", possibleEncryptionAlogrithms.Select(encryptionAlgorithm => encryptionAlgorithm.ToString()))}");
// Iterate all the possible encryption algorithms since we get back only one encryption algorithm in response.
var result = possibleEncryptionAlogrithms.Where(encryptionAlgorithm =>
{
using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds)))
{
client.ConnectOverTCP(SUTIpAddress);
DialectRevision selectedDialect;
byte[] gssToken;
Packet_Header responseHeader;
NEGOTIATE_Response responsePayload;
uint status = client.Negotiate(
0,
1,
Packet_Header_Flags_Values.NONE,
0,
new DialectRevision[] { DialectRevision.Smb311 },
SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED,
Capabilities_Values.NONE,
Guid.NewGuid(),
out selectedDialect,
out gssToken,
out responseHeader,
out responsePayload,
preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 },
encryptionAlgs: new EncryptionAlgorithm[] { encryptionAlgorithm }
);
if (status == Smb2Status.STATUS_SUCCESS && client.SelectedCipherID == encryptionAlgorithm)
{
logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is supported by SUT.");
return(true);
}
else
{
logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is not supported by SUT.");
return(false);
}
}
});
smb2Info.SutSupportedEncryptionAlgorithms = result.ToArray();
}
