/// <summary> /// This method will send ComNegotiate request before sending a Negotiate request to simulate windows client behaviour. /// If ComNegotiate failed, the Negotiate request will still be sent. /// </summary> public uint MultiProtocolNegotiate( Smb2Client client, ushort creditCharge, ushort creditRequest, Packet_Header_Flags_Values flags, ulong messageId, DialectRevision[] dialects, SecurityMode_Values securityMode, Capabilities_Values capabilities, Guid clientGuid, out DialectRevision selectedDialect, out byte[] gssToken, out Packet_Header responseHeader, out NEGOTIATE_Response responsePayload) { uint status = client.MultiProtocolNegotiate( new string[] { "SMB 2.002", "SMB 2.???" }, out selectedDialect, out gssToken, out responseHeader, out responsePayload); if (responseHeader.Status != Smb2Status.STATUS_SUCCESS) { LogFailedStatus("ComNegotiate", responseHeader.Status); } PreauthIntegrityHashID[] preauthHashAlgs = null; EncryptionAlgorithm[] encryptionAlgs = null; // For back compatibility, if dialects contains SMB 3.11, preauthentication integrity context should be present. if (Array.IndexOf(dialects, DialectRevision.Smb311) >= 0) { preauthHashAlgs = new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }; encryptionAlgs = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_AES128_GCM, EncryptionAlgorithm.ENCRYPTION_AES128_CCM }; } status = client.Negotiate( creditCharge, creditRequest, flags, messageId, dialects, securityMode, capabilities, clientGuid, out selectedDialect, out gssToken, out responseHeader, out responsePayload, 0, preauthHashAlgs, encryptionAlgs); return(status); }
private void FetchSmb2CompressionInfo(Smb2Info smb2Info) { if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311) { logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression."); smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0]; return; } var possibleCompressionAlogrithms = new CompressionAlgorithm[] { CompressionAlgorithm.LZ77, CompressionAlgorithm.LZ77Huffman, CompressionAlgorithm.LZNT1 }; // Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response. var result = possibleCompressionAlogrithms.Where(compressionAlgorithm => { using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds))) { client.ConnectOverTCP(SUTIpAddress); DialectRevision selectedDialect; byte[] gssToken; Packet_Header responseHeader; NEGOTIATE_Response responsePayload; uint status = client.Negotiate( 0, 1, Packet_Header_Flags_Values.NONE, 0, new DialectRevision[] { DialectRevision.Smb311 }, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out gssToken, out responseHeader, out responsePayload, preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }, compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm } ); if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm) { logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT."); return(true); } else { logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT."); return(false); } } }); smb2Info.SupportedCompressionAlgorithms = result.ToArray(); }
public void NegotiateRequest(Sequence <DialectRevision> dialects) { Packet_Header responseHeader = new Packet_Header(); DialectRevision selectedDialect = DialectRevision.Smb2Unknown; NEGOTIATE_Response responsePayload = new NEGOTIATE_Response(); byte[] smb2ClientGssToken; ModelSmb2Status status = ModelSmb2Status.STATUS_SUCCESS; try { status = (ModelSmb2Status)smb2Client.Negotiate(0, 1, Packet_Header_Flags_Values.NONE, messageId++, dialects.ToArray(), SecurityMode_Values.NONE, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out smb2ClientGssToken, out responseHeader, out responsePayload); if (status != ModelSmb2Status.STATUS_SUCCESS) { selectedDialect = DialectRevision.Smb2Unknown; } this.NegotiateResponse(status, selectedDialect); } catch { } }
public uint Negotiate(DialectRevision[] dialects, SecurityMode_Values securityMode, Capabilities_Values capabilityValue, Guid clientGuid, out DialectRevision selectedDialect, ushort creditRequest = 1) { Packet_Header header; NEGOTIATE_Response negotiateResponse; uint status = client.Negotiate( 0, creditRequest, Packet_Header_Flags_Values.NONE, messageId++, dialects, securityMode, capabilityValue, clientGuid, out selectedDialect, out serverGssToken, out header, out negotiateResponse); grantedCredit = header.CreditRequestResponse; return(status); }
public void NegotiateRequest(List <DialectRevision> dialects) { Smb2NegotiateRequestPacket negotiateRequest; Smb2NegotiateResponsePacket negotiateResponse; DialectRevision selectedDialect = DialectRevision.Smb2Unknown; byte[] smb2ClientGssToken; ModelSmb2Status status = ModelSmb2Status.STATUS_SUCCESS; try { status = (ModelSmb2Status)smb2Client.Negotiate(0, 1, Packet_Header_Flags_Values.NONE, messageId++, dialects.ToArray(), SecurityMode_Values.NONE, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out smb2ClientGssToken, out negotiateRequest, out negotiateResponse); if (status != ModelSmb2Status.STATUS_SUCCESS) { selectedDialect = DialectRevision.Smb2Unknown; } this.NegotiateResponse(status, selectedDialect); testConfig.CheckNegotiateContext(negotiateRequest, negotiateResponse); } catch { } }
/// <summary> /// This method will send ComNegotiate request before sending a Negotiate request to simulate windows client behaviour. /// If ComNegotiate failed, the Negotiate request will still be sent. /// </summary> public uint MultiProtocolNegotiate( Smb2Client client, ushort creditCharge, ushort creditRequest, Packet_Header_Flags_Values flags, ulong messageId, DialectRevision[] dialects, SecurityMode_Values securityMode, Capabilities_Values capabilities, Guid clientGuid, out DialectRevision selectedDialect, out byte[] gssToken, out Packet_Header responseHeader, out NEGOTIATE_Response responsePayload) { uint status = client.MultiProtocolNegotiate( new string[] { "SMB 2.002", "SMB 2.???" }, out selectedDialect, out gssToken, out responseHeader, out responsePayload); if (responseHeader.Status != Smb2Status.STATUS_SUCCESS) { LogFailedStatus("ComNegotiate", responseHeader.Status); } // If server only supports Smb2002, no further SMB2 negotiate needed if (selectedDialect == DialectRevision.Smb2002) { return status; } PreauthIntegrityHashID[] preauthHashAlgs = null; EncryptionAlgorithm[] encryptionAlgs = null; // For back compatibility, if dialects contains SMB 3.11, preauthentication integrity context should be present. if (Array.IndexOf(dialects, DialectRevision.Smb311) >= 0) { preauthHashAlgs = new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }; encryptionAlgs = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_AES128_GCM, EncryptionAlgorithm.ENCRYPTION_AES128_CCM }; } status = client.Negotiate( creditCharge, creditRequest, flags, messageId, dialects, securityMode, capabilities, clientGuid, out selectedDialect, out gssToken, out responseHeader, out responsePayload, 0, preauthHashAlgs, encryptionAlgs); return status; }
private void FetchSmb2CompressionInfo(Smb2Info smb2Info) { if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311) { logWriter.AddLog(LogLevel.Information, "SMB dialect less than 3.1.1 does not support compression."); smb2Info.SupportedCompressionAlgorithms = new CompressionAlgorithm[0]; smb2Info.IsChainedCompressionSupported = false; return; } var allCompressionAlogrithms = Enum.GetValues(typeof(CompressionAlgorithm)).Cast <CompressionAlgorithm>().ToArray(); var possibleCompressionAlogrithms = Smb2Utility.GetSupportedPatternScanningAlgorithms(allCompressionAlogrithms).Concat(Smb2Utility.GetSupportedCompressionAlgorithms(allCompressionAlogrithms)); // Iterate all possible compression algorithm for Windows will only return only one supported compression algorithm in response. var result = possibleCompressionAlogrithms.Where(compressionAlgorithm => { using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds))) { client.ConnectOverTCP(SUTIpAddress); DialectRevision selectedDialect; byte[] gssToken; Packet_Header responseHeader; NEGOTIATE_Response responsePayload; uint status = client.Negotiate( 0, 1, Packet_Header_Flags_Values.NONE, 0, new DialectRevision[] { DialectRevision.Smb311 }, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out gssToken, out responseHeader, out responsePayload, preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }, compressionAlgorithms: new CompressionAlgorithm[] { compressionAlgorithm } ); if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.CompressionIds.Length == 1 && client.CompressionInfo.CompressionIds[0] == compressionAlgorithm) { logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is supported by SUT."); return(true); } else { logWriter.AddLog(LogLevel.Information, $"Compression algorithm: {compressionAlgorithm} is not supported by SUT."); return(false); } } }); smb2Info.SupportedCompressionAlgorithms = result.ToArray(); // Check for chained compression support using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds))) { client.ConnectOverTCP(SUTIpAddress); DialectRevision selectedDialect; byte[] gssToken; Packet_Header responseHeader; NEGOTIATE_Response responsePayload; uint status = client.Negotiate( 0, 1, Packet_Header_Flags_Values.NONE, 0, new DialectRevision[] { DialectRevision.Smb311 }, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out gssToken, out responseHeader, out responsePayload, preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }, compressionAlgorithms: possibleCompressionAlogrithms.ToArray(), compressionFlags: SMB2_COMPRESSION_CAPABILITIES_Flags.SMB2_COMPRESSION_CAPABILITIES_FLAG_CHAINED ); if (status == Smb2Status.STATUS_SUCCESS && client.CompressionInfo.SupportChainedCompression) { logWriter.AddLog(LogLevel.Information, "Chained compression is supported by SUT."); smb2Info.IsChainedCompressionSupported = true; } else { logWriter.AddLog(LogLevel.Information, "Chained compression is not supported by SUT."); smb2Info.IsChainedCompressionSupported = false; } } }
private bool DetectAP(DomainInfo domain, Server ap, KerberosDetector detector) { logWriter.AddLog(string.Format("===== Detect Application Server in Domain {0} =====", domain.Name), LogLevel.Normal); string hostname = ap.FQDN; IPAddress ip = IPAddress.Loopback; try { var hostentry = Dns.GetHostEntry(hostname); ip = hostentry.AddressList[0]; ap.IPv4 = ip.ToString(); string computerName = hostentry.HostName; string machineName = computerName.Split('.')[0]; ap.FQDN = ServerHelper.GetAccountAttribute(machineName, "Computers", "dNSHostName", domain.Name, domain.Admin, domain.AdminPassword); ap.IsWindows = detector.FetchPlatformInfo(computerName); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } if (ap.FQDN == null) { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } string[] tempArray = ap.FQDN.Split('.'); ap.ComputerName = tempArray[0]; try { ap.NetBIOS = ServerHelper.GetAccountAttribute(ap.ComputerName, "Computers", "sAMAccountName", domain.Name, domain.Admin, domain.AdminPassword);//DC01$: NetBIOS name ap.DefaultServiceName = "host/" + ap.FQDN.ToLower(); ap.ServiceSalt = domain.Name.ToUpper() + "host" + ap.FQDN.ToLower(); ap.smb2Service.SMB2ServiceName = "cifs/" + ap.FQDN.ToLower(); } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } try { if (detectionInfo.HasSmbServer) { //get smb dialect Smb2Client clientForInitialOpen = new Smb2Client(new TimeSpan(0, 0, 15)); byte[] gssToken; Packet_Header header; try { clientForInitialOpen.ConnectOverTCP(ip); NEGOTIATE_Response negotiateResp; DialectRevision connection_Dialect = DialectRevision.Smb2Unknown; DialectRevision[] requestDialect = new DialectRevision[] { DialectRevision.Smb2002, DialectRevision.Smb21, DialectRevision.Smb30, DialectRevision.Smb302 }; ulong messageId = 0; uint status = clientForInitialOpen.Negotiate( 1, 1, Packet_Header_Flags_Values.NONE, messageId++, requestDialect, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU, Guid.NewGuid(), out connection_Dialect, out gssToken, out header, out negotiateResp); if (header.Status != Smb2Status.STATUS_SUCCESS) { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } else { ap.smb2Service.SMB2Dialect = connection_Dialect.ToString(); } } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } //detect smb share string[] shareList = ServerHelper.EnumShares(ap.IPv4, domain.Admin, domain.Name, domain.AdminPassword); if (shareList.Length > 0) { //only get the first one as default value //can ptftool support add more choices? for (int i = 0; i < shareList.Length; i++) { if (shareList[i].Substring(shareList[i].Length - 1, 1) != "$") { ap.smb2Service.DACShare = shareList[i]; ap.smb2Service.CBACShare = shareList[i]; break; } } } else { ap.smb2Service.DACShare = string.Empty; ap.smb2Service.CBACShare = string.Empty; } } if (detectionInfo.HasHttpServer) { //detect http server ap.httpService.HttpServiceName = "http/" + ap.FQDN.ToLower(); try { HttpWebRequest request = (HttpWebRequest)WebRequest.Create("http://" + ap.FQDN); request.Credentials = new NetworkCredential(domain.Admin + "@" + domain.Name, domain.AdminPassword); WebResponse response = request.GetResponse(); ap.httpService.Uri = response.ResponseUri.OriginalString; } catch { ap.httpService.Uri = string.Empty; } } } catch { logWriter.AddLog("Failed", LogLevel.Normal, false, LogStyle.StepFailed); logWriter.AddLineToLog(LogLevel.Advanced); return false; } logWriter.AddLog("Success", LogLevel.Normal, false, LogStyle.StepPassed); logWriter.AddLineToLog(LogLevel.Advanced); return true; }
private void FetchSmb2EncryptionInfo(Smb2Info smb2Info) { EncryptionAlgorithm[] excludedEncryptionAlogrithms; if (smb2Info.MaxSupportedDialectRevision < DialectRevision.Smb311) { excludedEncryptionAlogrithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_NONE, EncryptionAlgorithm.ENCRYPTION_INVALID, EncryptionAlgorithm.ENCRYPTION_AES256_CCM, EncryptionAlgorithm.ENCRYPTION_AES256_GCM }; } else { excludedEncryptionAlogrithms = new EncryptionAlgorithm[] { EncryptionAlgorithm.ENCRYPTION_NONE, EncryptionAlgorithm.ENCRYPTION_INVALID }; } var possibleEncryptionAlogrithms = Enum.GetValues(typeof(EncryptionAlgorithm)).Cast <EncryptionAlgorithm>().Except(excludedEncryptionAlogrithms); logWriter.AddLog(DetectLogLevel.Information, $"Available EncryptionAlgorithms ==> {String.Join(";", possibleEncryptionAlogrithms.Select(encryptionAlgorithm => encryptionAlgorithm.ToString()))}"); // Iterate all the possible encryption algorithms since we get back only one encryption algorithm in response. var result = possibleEncryptionAlogrithms.Where(encryptionAlgorithm => { using (var client = new Smb2Client(new TimeSpan(0, 0, defaultTimeoutInSeconds))) { client.ConnectOverTCP(SUTIpAddress); DialectRevision selectedDialect; byte[] gssToken; Packet_Header responseHeader; NEGOTIATE_Response responsePayload; uint status = client.Negotiate( 0, 1, Packet_Header_Flags_Values.NONE, 0, new DialectRevision[] { DialectRevision.Smb311 }, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.NONE, Guid.NewGuid(), out selectedDialect, out gssToken, out responseHeader, out responsePayload, preauthHashAlgs: new PreauthIntegrityHashID[] { PreauthIntegrityHashID.SHA_512 }, encryptionAlgs: new EncryptionAlgorithm[] { encryptionAlgorithm } ); if (status == Smb2Status.STATUS_SUCCESS && client.SelectedCipherID == encryptionAlgorithm) { logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is supported by SUT."); return(true); } else { logWriter.AddLog(DetectLogLevel.Information, $"Encryption algorithm: {encryptionAlgorithm} is not supported by SUT."); return(false); } } }); smb2Info.SutSupportedEncryptionAlgorithms = result.ToArray(); }
private bool UserLogon(DetectionInfo info, Smb2Client client, out ulong messageId, out ulong sessionId, out Guid clientGuid, out NEGOTIATE_Response negotiateResp) { messageId = 0; sessionId = 0; client.ConnectOverTCP(Dns.GetHostAddresses(info.ContentServerName)[0]); #region Negotiate DialectRevision selectedDialect; byte[] gssToken; Packet_Header header; clientGuid = Guid.NewGuid(); client.Negotiate( 1, 1, Packet_Header_Flags_Values.NONE, messageId++, new DialectRevision[] { DialectRevision.Smb30 }, SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, Capabilities_Values.GLOBAL_CAP_DFS | Capabilities_Values.GLOBAL_CAP_DIRECTORY_LEASING | Capabilities_Values.GLOBAL_CAP_LARGE_MTU | Capabilities_Values.GLOBAL_CAP_LEASING | Capabilities_Values.GLOBAL_CAP_MULTI_CHANNEL | Capabilities_Values.GLOBAL_CAP_PERSISTENT_HANDLES, clientGuid, out selectedDialect, out gssToken, out header, out negotiateResp); if (header.Status != Smb2Status.STATUS_SUCCESS) { LogFailedStatus("NEGOTIATE", header.Status); throw new Exception(string.Format("NEGOTIATE failed with {0}", Smb2Status.GetStatusCode(header.Status))); } #endregion #region Session Setup SESSION_SETUP_Response sessionSetupResp; SspiClientSecurityContext sspiClientGss = new SspiClientSecurityContext( SecurityPackageType, Credential, Smb2Utility.GetCifsServicePrincipalName(ContentServerName), ClientSecurityContextAttribute.None, SecurityTargetDataRepresentation.SecurityNativeDrep); // Server GSS token is used only for Negotiate authentication when enabled if (SecurityPackageType == SecurityPackageType.Negotiate) { sspiClientGss.Initialize(gssToken); } else { sspiClientGss.Initialize(null); } do { client.SessionSetup( 1, 64, Packet_Header_Flags_Values.NONE, messageId++, sessionId, SESSION_SETUP_Request_Flags.NONE, SESSION_SETUP_Request_SecurityMode_Values.NEGOTIATE_SIGNING_ENABLED, SESSION_SETUP_Request_Capabilities_Values.GLOBAL_CAP_DFS, 0, sspiClientGss.Token, out sessionId, out gssToken, out header, out sessionSetupResp); if ((header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED || header.Status == Smb2Status.STATUS_SUCCESS) && gssToken != null && gssToken.Length > 0) { sspiClientGss.Initialize(gssToken); } } while (header.Status == Smb2Status.STATUS_MORE_PROCESSING_REQUIRED); if (header.Status != Smb2Status.STATUS_SUCCESS) { LogFailedStatus("SESSIONSETUP", header.Status); throw new Exception(string.Format("SESSIONSETUP failed with {0}", Smb2Status.GetStatusCode(header.Status))); } byte[] sessionKey; sessionKey = sspiClientGss.SessionKey; client.GenerateCryptoKeys(sessionId, sessionKey, true, false, null, false); #endregion return(true); }