internal Boolean StartServiceW() { Console.WriteLine("[+] Starting Service"); serviceHandle = recieve.Skip(112).Take(20).ToArray(); SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SVCCTLSCMStartServiceW startServiceW = new SVCCTLSCMStartServiceW(); startServiceW.SetContextHandle(serviceHandle); Byte[] bStartService = startServiceW.GetRequest(); DCERPCRequest rpcRequest = new DCERPCRequest(); rpcRequest.SetPacketFlags(new Byte[] { 0x03 }); rpcRequest.SetFragLength(bStartService.Length, 0, 0); rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 }); rpcRequest.SetOpnum(new Byte[] { 0x13, 0x00 }); Byte[] bRPCRequest = rpcRequest.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bRPCRequest.Length + bStartService.Length); Byte[] bWriteRequest = writeRequest.GetRequest(); Combine combine = new Combine(); combine.Extend(bWriteRequest); combine.Extend(bRPCRequest); combine.Extend(bStartService); Byte[] bData = combine.Retrieve(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
internal Boolean CloseServiceHandle() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SVCCTLSCMCloseServiceHandle closeServiceW = new SVCCTLSCMCloseServiceHandle(); closeServiceW.SetContextHandle(serviceContectHandle); Byte[] bCloseServiceW = closeServiceW.GetRequest(); DCERPCRequest rpcRequest = new DCERPCRequest(); rpcRequest.SetPacketFlags(new Byte[] { 0x03 }); rpcRequest.SetFragLength(bCloseServiceW.Length, 0, 0); rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 }); rpcRequest.SetOpnum(new Byte[] { 0x00, 0x00 }); Byte[] bRPCRequest = rpcRequest.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bRPCRequest.Length + bCloseServiceW.Length); Byte[] bWriteRequest = writeRequest.GetRequest(); Combine combine = new Combine(); combine.Extend(bWriteRequest); combine.Extend(bRPCRequest); combine.Extend(bCloseServiceW); Byte[] bData = combine.Retrieve(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); return(Send(bHeader, bData)); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// private Int32 _ReadRequest2(Int64 offset, Int32 length) { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x08, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); header.SetChainOffset(new Byte[] { 0x00, 0x00, 0x00, 0x00 }); SMB2ReadRequest readRequest = new SMB2ReadRequest(); readRequest.SetGuidHandleFile(guidFileHandle); readRequest.SetLength(BitConverter.GetBytes(length)); readRequest.SetOffset(BitConverter.GetBytes(offset)); Byte[] bData = readRequest.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); Combine combine = new Combine(); Int32 streamLength = 0; Byte[] dataRecieved = new Byte[0]; do { Byte[] part = new Byte[65619]; Int32 partLength = streamSocket.Read(part, 0, part.Length); streamLength += partLength; combine.Extend(part.Take(partLength).ToArray()); }while (streamLength < length); Int32 padding = length < 65535 ? 0 : 54; recieve = combine.Retrieve().Skip(84).Take(streamLength - 84 - padding).ToArray(); binaryWriter.Write(recieve); binaryWriter.Flush(); return(recieve.Length); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(StructureSize); combine.Extend(Class); combine.Extend(InfoLevel); combine.Extend(BufferLength); combine.Extend(BufferOffset); combine.Extend(Reserved); combine.Extend(AdditionalInformation); combine.Extend(GUIDHandleFile); combine.Extend(Buffer); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(AuthPadding); combine.Extend(AuthType); combine.Extend(AuthLevel); combine.Extend(AuthPadLen); combine.Extend(AuthReserved); combine.Extend(AuthContextID); combine.Extend(NTLMSSPVerifierVersionNumber); combine.Extend(NTLMSSPVerifierChecksum); combine.Extend(NTLMSSPVerifierSequenceNumber); return(combine.Retrieve()); }
internal void SetServerInfoName(String SetServerInfoName) { Byte[] targetUnicode = Encoding.Unicode.GetBytes(SetServerInfoName); IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameString = Combine.combine(targetUnicode, new Byte[] { 0x00, 0x00, 0x00, 0x00 }); IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameActualCount = BitConverter.GetBytes(SetServerInfoName.Length + 1); IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameMaxCount = BitConverter.GetBytes(SetServerInfoName.Length + 1); Combine combine = new Combine(); for (Int32 i = 0; i < (Math.Truncate((Decimal)(targetUnicode.Length / 8 + 1) * 8) - targetUnicode.Length); i++) { combine.Extend(new Byte[] { 0x00 }); } targetUnicode = Combine.combine(targetUnicode, combine.Retrieve()); Unknown4 = IActPropertiesCntData = BitConverter.GetBytes(targetUnicode.Length + 720); IActPropertiesCUSTOMOBJREFSize = BitConverter.GetBytes(targetUnicode.Length + 680); IActPropertiesCUSTOMOBJREFIActPropertiesTotalSize = IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderTotalSize = BitConverter.GetBytes(targetUnicode.Length + 664); IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoPrivateHeader = Combine.combine(BitConverter.GetBytes(targetUnicode.Length + 40), new Byte[] { 0x00, 0x00, 0x00, 0x00 }); IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize4 = BitConverter.GetBytes(targetUnicode.Length + 56); }
internal void SetCallID(Int32 dwCallID, Byte[] AuthLevel, Byte[] NegotiateFlags) { CallID = BitConverter.GetBytes(dwCallID); if (3 == dwCallID) { Byte[] AuthType = { 0x0a }; //Byte[] AuthLevel = { }; Byte[] AuthPadLength = { 0x00 }; Byte[] AuthReserved = { 0x00 }; Byte[] ContextID3 = { 0x00, 0x00, 0x00, 0x00 }; Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 }; Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 }; //Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 }; Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f }; Combine combine = new Combine(); combine.Extend(AuthType); combine.Extend(AuthLevel); combine.Extend(AuthPadLength); combine.Extend(AuthReserved); combine.Extend(ContextID3); combine.Extend(Identifier); combine.Extend(MessageType); combine.Extend(NegotiateFlags); combine.Extend(CallingWorkstationDomain); combine.Extend(CallingWorkstationName); combine.Extend(OSVersion); ExtraData = Combine.combine(ExtraData, combine.Retrieve()); } }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(Version); combine.Extend(VersionMinor); combine.Extend(PacketType); combine.Extend(PacketFlags); combine.Extend(DataRepresentation); combine.Extend(FragLength); combine.Extend(AuthLength); combine.Extend(CallID); combine.Extend(MaxXmitFrag); combine.Extend(MaxRecvFrag); combine.Extend(AssocGroup); combine.Extend(NumCtxItems); combine.Extend(Unknown); combine.Extend(ContextID); combine.Extend(NumTransItems); combine.Extend(Unknown2); combine.Extend(Interface); combine.Extend(InterfaceVer); combine.Extend(InterfaceVerMinor); combine.Extend(TransferSyntax); combine.Extend(TransferSyntaxVer); combine.Extend(ExtraData); return(combine.Retrieve()); }
internal void SetNumCtxItems(Byte[] NumCtxItems, Byte[] NegotiateFlags) { if (this.NumCtxItems.Length == NumCtxItems.Length) { this.NumCtxItems = NumCtxItems; } if (2 == NumCtxItems[0]) { Byte[] ContextID2 = { 0x01, 0x00 }; Byte[] NumTransItems2 = { 0x01 }; Byte[] Unknown3 = { 0x00 }; Byte[] Interface2 = { 0xc4, 0xfe, 0xfc, 0x99, 0x60, 0x52, 0x1b, 0x10, 0xbb, 0xcb, 0x00, 0xaa, 0x00, 0x21, 0x34, 0x7a }; Byte[] InterfaceVer2 = { 0x00, 0x00 }; Byte[] InterfaceVerMinor2 = { 0x00, 0x00 }; Byte[] TransferSyntax2 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 }; Combine combine = new Combine(); combine.Extend(ContextID2); combine.Extend(NumTransItems2); combine.Extend(Unknown3); combine.Extend(Interface2); combine.Extend(InterfaceVer2); combine.Extend(InterfaceVerMinor2); combine.Extend(TransferSyntax2); combine.Extend(TransferSyntaxVer2); ExtraData = Combine.combine(ExtraData, combine.Retrieve()); } else if (3 == NumCtxItems[0]) { Byte[] ContextID2 = { 0x01, 0x00 }; Byte[] NumTransItems2 = { 0x01 }; Byte[] Unknown3 = { 0x00 }; Byte[] Interface2 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; Byte[] InterfaceVer2 = { 0x00, 0x00 }; Byte[] InterfaceVerMinor2 = { 0x00, 0x00 }; Byte[] TransferSyntax2 = { 0x33, 0x05, 0x71, 0x71, 0xba, 0xbe, 0x37, 0x49, 0x83, 0x19, 0xb5, 0xdb, 0xef, 0x9c, 0xcc, 0x36 }; Byte[] TransferSyntaxVer2 = { 0x01, 0x00, 0x00, 0x00 }; Byte[] ContextID3 = { 0x02, 0x00 }; Byte[] NumTransItems3 = { 0x01 }; Byte[] Unknown4 = { 0x00 }; Byte[] Interface3 = { 0x43, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x46 }; Byte[] InterfaceVer3 = { 0x00, 0x00 }; Byte[] InterfaceVerMinor3 = { 0x00, 0x00 }; Byte[] TransferSyntax3 = { 0x2c, 0x1c, 0xb7, 0x6c, 0x12, 0x98, 0x40, 0x45, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] TransferSyntaxVer3 = { 0x01, 0x00, 0x00, 0x00 }; Byte[] AuthType = { 0x0a }; Byte[] AuthLevel = { 0x04 }; Byte[] AuthPadLength = { 0x00 }; Byte[] AuthReserved = { 0x00 }; Byte[] ContextID4 = { 0x00, 0x00, 0x00, 0x00 }; Byte[] Identifier = { 0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00 }; Byte[] MessageType = { 0x01, 0x00, 0x00, 0x00 }; //Byte[] NegotiateFlags = { 0x97, 0x82, 0x08, 0xe2 }; Byte[] CallingWorkstationDomain = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] CallingWorkstationName = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; Byte[] OSVersion = { 0x06, 0x01, 0xb1, 0x1d, 0x00, 0x00, 0x00, 0x0f }; Combine combine = new Combine(); combine.Extend(ContextID2); combine.Extend(NumTransItems2); combine.Extend(Unknown3); combine.Extend(Interface2); combine.Extend(InterfaceVer2); combine.Extend(InterfaceVerMinor2); combine.Extend(TransferSyntax2); combine.Extend(TransferSyntaxVer2); combine.Extend(ContextID3); combine.Extend(NumTransItems3); combine.Extend(Unknown4); combine.Extend(Interface3); combine.Extend(InterfaceVer3); combine.Extend(InterfaceVerMinor3); combine.Extend(TransferSyntax3); combine.Extend(TransferSyntaxVer3); combine.Extend(AuthType); combine.Extend(AuthLevel); combine.Extend(AuthPadLength); combine.Extend(AuthReserved); combine.Extend(ContextID4); combine.Extend(Identifier); combine.Extend(MessageType); combine.Extend(NegotiateFlags); combine.Extend(CallingWorkstationDomain); combine.Extend(CallingWorkstationName); combine.Extend(OSVersion); ExtraData = Combine.combine(ExtraData, combine.Retrieve()); } }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(StructureSize); combine.Extend(DataOffset); combine.Extend(BufferLength); combine.Extend(Offset); combine.Extend(FileID); combine.Extend(Channel); combine.Extend(RemainingBytes); combine.Extend(WriteChannelInfoOffset); combine.Extend(WriteChannelInfoLength); combine.Extend(Flags); combine.Extend(Buffer); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(VersionMajor); combine.Extend(VersionMinor); combine.Extend(Flags); combine.Extend(Reserved); combine.Extend(CausalityID); combine.Extend(Reserved2); combine.Extend(IPID); combine.Extend(Refs); combine.Extend(IIDs); combine.Extend(Unknown); combine.Extend(IID); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(DCOMVersionMajor); combine.Extend(DCOMVersionMinor); combine.Extend(DCOMFlags); combine.Extend(DCOMReserved); combine.Extend(DCOMCausalityID); combine.Extend(Unknown); combine.Extend(Unknown2); combine.Extend(Unknown3); combine.Extend(Unknown4); combine.Extend(IActPropertiesCntData); combine.Extend(IActPropertiesOBJREFSignature); combine.Extend(IActPropertiesOBJREFFlags); combine.Extend(IActPropertiesOBJREFIID); combine.Extend(IActPropertiesCUSTOMOBJREFCLSID); combine.Extend(IActPropertiesCUSTOMOBJREFCBExtension); combine.Extend(IActPropertiesCUSTOMOBJREFSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesTotalSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesReserved); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderTotalSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderCustomHeaderSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesCustomHeaderReserved); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesDestinationContext); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesNumActivationPropertyStructs); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsInfoClsid); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesNULLPointer); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrMaxCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid2); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid3); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid4); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid5); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsIdPtrPropertyStructGuid6); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrMaxCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize2); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize3); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize4); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize5); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesClsSizesPtrPropertyDataSize6); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesSessionID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesRemoteThisSessionID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesClientImpersonating); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPartitionIDPresent); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesDefaultAuthnLevel); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesPartitionGuid); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesProcessRequestFlags); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesOriginalClassContext); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesFlags); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesReserved); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSpecialSystemPropertiesUnusedBuffer); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInstantiatedObjectClsId); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoClassContext); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoActivationFlags); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoFlagsSurrogate); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInterfaceIdCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInfoInstantiationFlag); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationEntirePropertySize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationVersionMajor); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationVersionMinor); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsPtrMaxCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIds); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesInstantiationInterfaceIdsUnusedBuffer); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientOk); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved2); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoReserved3); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoNULLPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextUnknown); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextCntData); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFSignature); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFFlags); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFIID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFCLSID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFCBExtension); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoClientPtrClientContextOBJREFCUSTOMOBJREFSize); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesActivationContextInfoUnusedBuffer); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoAuthenticationFlags); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoNULLPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoReserved); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNULLPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoReserved2); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameMaxCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameOffset); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameActualCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesSecurityInfoServerInfoServerInfoNameString); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoNULLPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoProcessID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoApartmentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesLocationInfoContextID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoCommonHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoPrivateHeader); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoNULLPtr); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestClientImpersonationLevel); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestNumProtocolSequences); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestUnknown); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrReferentID); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrMaxCount); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoRemoteRequestPtrRemoteRequestProtocolSeqsArrayPtrProtocolSeq); combine.Extend(IActPropertiesCUSTOMOBJREFIActPropertiesPropertiesScmRequestInfoUnusedBuffer); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(ContextHandle); combine.Extend(ServiceName_MaxCount); combine.Extend(ServiceName_Offset); combine.Extend(ServiceName_ActualCount); combine.Extend(ServiceName); combine.Extend(DisplayName_ReferentID); combine.Extend(DisplayName_MaxCount); combine.Extend(DisplayName_Offset); combine.Extend(DisplayName_ActualCount); combine.Extend(DisplayName); combine.Extend(AccessMask); combine.Extend(ServiceType); combine.Extend(ServiceStartType); combine.Extend(ServiceErrorControl); combine.Extend(BinaryPathName_MaxCount); combine.Extend(BinaryPathName_Offset); combine.Extend(BinaryPathName_ActualCount); combine.Extend(BinaryPathName); combine.Extend(LoadOrderGroup); combine.Extend(TagID); combine.Extend(Dependencies); combine.Extend(DependSize); combine.Extend(ServiceStartName); combine.Extend(Password); combine.Extend(PasswordSize); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(Version); combine.Extend(VersionMinor); combine.Extend(PacketType); combine.Extend(PacketFlags); combine.Extend(DataRepresentation); combine.Extend(FragLength); combine.Extend(AuthLength); combine.Extend(CallID); combine.Extend(AllocHint); combine.Extend(ContextID); combine.Extend(Opnum); combine.Extend(Data); return(combine.Retrieve()); }
internal Byte[] GetHeader() { Combine combine = new Combine(); combine.Extend(ServerComponent); combine.Extend(HeaderLength); combine.Extend(CreditCharge); combine.Extend(ChannelSequence); combine.Extend(Reserved); combine.Extend(Command); combine.Extend(CreditsRequested); combine.Extend(Flags); combine.Extend(ChainOffset); combine.Extend(MessageID); combine.Extend(ProcessId); combine.Extend(TreeId); combine.Extend(SessionId); combine.Extend(Signature); return(combine.Retrieve()); }
internal Byte[] GetRequest() { Combine combine = new Combine(); combine.Extend(Version); combine.Extend(VersionMinor); combine.Extend(PacketType); combine.Extend(PacketFlags); combine.Extend(DataRepresentation); combine.Extend(FragLength); combine.Extend(AuthLength); combine.Extend(CallID); combine.Extend(MaxXmitFrag); combine.Extend(MaxRecvFrag); combine.Extend(AuthType); combine.Extend(AuthLevel); combine.Extend(AuthPadLength); combine.Extend(AuthReserved); combine.Extend(ContextID); combine.Extend(NTLMSSP); return(combine.Retrieve()); }
internal Boolean OpenSCManagerW() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x09, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SVCCTLSCMOpenSCManagerW openSCManagerW = new SVCCTLSCMOpenSCManagerW(); Byte[] bSCManager = openSCManagerW.GetRequest(); DCERPCRequest rpcRequest = new DCERPCRequest(); rpcRequest.SetPacketFlags(new Byte[] { 0x03 }); rpcRequest.SetFragLength(bSCManager.Length, 0, 0); rpcRequest.SetCallID(new Byte[] { 0x01, 0x00, 0x00, 0x00 }); rpcRequest.SetContextID(new Byte[] { 0x00, 0x00 }); rpcRequest.SetOpnum(new Byte[] { 0x0f, 0x00 }); Byte[] bRPCRequest = rpcRequest.GetRequest(); SMB2WriteRequest writeRequest = new SMB2WriteRequest(); writeRequest.SetGuidHandleFile(guidFileHandle); writeRequest.SetLength(bRPCRequest.Length + bSCManager.Length); Byte[] bWriteRequest = writeRequest.GetRequest(); Combine combine = new Combine(); combine.Extend(bWriteRequest); combine.Extend(bRPCRequest); combine.Extend(bSCManager); Byte[] bData = combine.Retrieve(); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length); sessionService.SetDataLength(bData.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Byte[] bSend = Combine.combine(Combine.combine(bSessionService, bHeader), bData); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) { return(true); } else { return(false); } }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean GetInfoRequest() { SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x10, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); SMB2GetInfo getInfo = new SMB2GetInfo(); getInfo.SetClass(new Byte[] { 0x02 }); getInfo.SetInfoLevel(new Byte[] { 0x01 }); getInfo.SetMaxResponseSize(new Byte[] { 0x58, 0x00, 0x00, 0x00 }); getInfo.SetGetInfoInputOffset(new Byte[] { 0x00, 0x00 }); getInfo.SetGUIDHandleFile(guidFileHandle); Byte[] bData = getInfo.GetRequest(); header.SetChainOffset(bData.Length); if (signing) { header.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); SMB2Header header2 = new SMB2Header(); header2.SetCommand(new Byte[] { 0x10, 0x00 }); header2.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header2.SetMessageID(++messageId); header2.SetProcessID(processId); header2.SetTreeId(treeId); header2.SetSessionID(sessionId); header2.SetFlags(new Byte[] { 0x00, 0x00, 0x00, 0x04 }); SMB2GetInfo getInfo2 = new SMB2GetInfo(); getInfo2.SetClass(new Byte[] { 0x02 }); getInfo2.SetInfoLevel(new Byte[] { 0x05 }); getInfo2.SetMaxResponseSize(new Byte[] { 0x50, 0x00, 0x00, 0x00 }); getInfo2.SetGetInfoInputOffset(new Byte[] { 0x00, 0x00 }); getInfo2.SetGUIDHandleFile(guidFileHandle); Byte[] bData2 = getInfo2.GetRequest(); if (signing) { header2.SetFlags(new Byte[] { 0x08, 0x00, 0x00, 0x00 }); header2.SetSignature(sessionKey, ref bData2); } Byte[] bHeader2 = header2.GetHeader(); NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length + bHeader2.Length); sessionService.SetDataLength(bData.Length + bData2.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Combine combine = new Combine(); combine.Extend(bHeader); combine.Extend(bData); combine.Extend(bHeader2); combine.Extend(bData2); Byte[] bSend = Combine.combine(bSessionService, combine.Retrieve()); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); if (GetStatus(recieve.Skip(12).Take(4).ToArray())) { return(true); } return(false); }
//////////////////////////////////////////////////////////////////////////////// // //////////////////////////////////////////////////////////////////////////////// internal Boolean FindRequest() { treeId = recieve.Skip(40).Take(4).ToArray(); //////////////////////////////////////////////////////////////////////////////// SMB2Header header = new SMB2Header(); header.SetCommand(new Byte[] { 0x0e, 0x00 }); header.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header.SetMessageID(++messageId); header.SetProcessID(processId); header.SetTreeId(treeId); header.SetSessionID(sessionId); header.SetChainOffset(new Byte[] { 0x68, 0x00, 0x00, 0x00 }); SMB2FindFileRequestFile findFileRequestFile = new SMB2FindFileRequestFile(); findFileRequestFile.SetInfoLevel(new Byte[] { 0x25 }); findFileRequestFile.SetFileID(guidFileHandle); findFileRequestFile.SetPadding(new Byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }); Byte[] bData = findFileRequestFile.GetRequest(); if (signing) { header.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 }); header.SetSignature(sessionKey, ref bData); } Byte[] bHeader = header.GetHeader(); //////////////////////////////////////////////////////////////////////////////// SMB2Header header2 = new SMB2Header(); header2.SetCommand(new Byte[] { 0x0e, 0x00 }); header2.SetCreditsRequested(new Byte[] { 0x01, 0x00 }); header2.SetMessageID(++messageId); header2.SetProcessID(processId); header2.SetTreeId(treeId); header2.SetSessionID(sessionId); header.SetFlags(new Byte[] { 0x04, 0x00, 0x00, 0x00 }); SMB2FindFileRequestFile findFileRequestFile2 = new SMB2FindFileRequestFile(); findFileRequestFile2.SetInfoLevel(new Byte[] { 0x25 }); findFileRequestFile2.SetFileID(guidFileHandle); findFileRequestFile2.SetPadding(new Byte[] { 0x80, 0x00, 0x00, 0x00 }); Byte[] bData2 = findFileRequestFile2.GetRequest(); if (signing) { header2.SetFlags(new Byte[] { 0x0c, 0x00, 0x00, 0x00 }); header2.SetSignature(sessionKey, ref bData); } Byte[] bHeader2 = header2.GetHeader(); //////////////////////////////////////////////////////////////////////////////// NetBIOSSessionService sessionService = new NetBIOSSessionService(); sessionService.SetHeaderLength(bHeader.Length + bHeader2.Length); sessionService.SetDataLength(bData.Length + bData2.Length); Byte[] bSessionService = sessionService.GetNetBIOSSessionService(); Combine combine = new Combine(); combine.Extend(bHeader); combine.Extend(bData); combine.Extend(bHeader2); combine.Extend(bData2); Byte[] bSend = Combine.combine(bSessionService, combine.Retrieve()); streamSocket.Write(bSend, 0, bSend.Length); streamSocket.Flush(); streamSocket.Read(recieve, 0, recieve.Length); return(GetStatus(recieve.Skip(12).Take(4).ToArray())); }