Add documentation for FIND information levels

2015-03-02 11:46:20 -06:00 · 2015-03-02 11:46:20 -06:00 · 750022806b
parent 0d8632dae9
commit 750022806b
1 changed files with 63 additions and 20 deletions
--- a/lib/msf/core/exploit/smb/server/share/information_level/find.rb
+++ b/lib/msf/core/exploit/smb/server/share/information_level/find.rb
@ -4,30 +4,32 @@ module Msf
  module Exploit::Remote::SMB::Server
    module Share
      module InformationLevel
-        # This mixin provides methods to handle TRAN2_FIND_FIRST2 requests
-        # with Find information levels
        module Find

-          # Responds to FIND_FIRST2 requests with Information Level: Find File Both Directory Info
-          def smb_cmd_find_file_both_directory_info(c, payload)
+          # Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_BOTH_DIRECTORY_INFO
+          # Information Level.
+          #
+          # @param c [Socket] The client sending the request.
+          # @param path [String] The path which the client is requesting info from.
+          # @return [Fixnum] The number of bytes returned to the client as response.
+          def smb_cmd_find_file_both_directory_info(c, path)

-            if payload && payload.include?(file_name)
+            if path && path.include?(file_name)
              data = Rex::Text.to_unicode(file_name)
              length = exe_contents.length
              ea = 0
              alloc = 1048576 # Allocation Size = 1048576 || 1Mb
              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
              search = 1
-            elsif payload && payload == path_name
-              data = Rex::Text.to_unicode(path)
+            elsif path && path == path_name
+              data = Rex::Text.to_unicode(path_name)
              length = 0
              ea = 0x21
              alloc = 0 # 0Mb
              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
              search = 0x100
            else
-              smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
-              return
+              return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
            end

            send_find_file_both_directory_info_res(c, {
@ -41,11 +43,16 @@ module Msf
            })
          end

-          # Responds to FIND_FIRST2 requests with information level Find File Names Info
-          def smb_cmd_find_file_names_info(c, payload)
-            if payload && payload.include?(file_name)
+          # Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_NAMES_INFO
+          # Information Level.
+          #
+          # @param c [Socket] The client sending the request.
+          # @param path [String] The path which the client is requesting info from.
+          # @return [Fixnum] The number of bytes returned to the client as response.
+          def smb_cmd_find_file_names_info(c, path)
+            if path && path.include?(file_name)
              data = Rex::Text.to_unicode(file_name)
-            elsif payload && payload == path_name
+            elsif path && path == path_name
              data = Rex::Text.to_unicode(path_name)
            else
              return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
@ -54,25 +61,29 @@ module Msf
            send_find_file_names_info_res(c, { data: data })
          end

-          # Responds to FIND_FIRST2 requests with information level Find File Full Directory Info
-          def smb_cmd_find_file_full_directory_info(c, payload)
-            if payload && payload.include?(file_name)
+          # Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_FULL_DIRECTORY_INFO
+          # Information Level.
+          #
+          # @param c [Socket] The client sending the request.
+          # @param path [String] The path which the client is requesting info from.
+          # @return [Fixnum] The number of bytes returned to the client as response.
+          def smb_cmd_find_file_full_directory_info(c, path)
+            if path && path.include?(file_name)
              data = Rex::Text.to_unicode(file_name)
              length = exe_contents.length
              ea = 0
              alloc = 1048576 # Allocation Size = 1048576 || 1Mb
              attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File
              search = 0x100
-            elsif payload && payload == path_name
-              data = path
+            elsif path && path == path_name
+              data = path_name
              length = 0
              ea = 0x21
              alloc = 0 # 0Mb
              attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
              search = 1
            else
-              smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
-              return
+              return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
            end

            send_find_full_directory_info_res(c, {
@ -86,6 +97,19 @@ module Msf
            })
          end

+          # Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_BOTH_DIRECTORY_INFO
+          # information level.
+          #
+          # @param c [Socket] The client to answer.
+          # @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
+          # @option opts [Fixnum] :search_count The number of entries returned by the search.
+          # @option opts [Fixnum] :end_of_search 0 if search continues or nonzero otherwise.
+          # @option opts [Fixnum] :ea_error_offset should be 0 for SMB_FIND_FILE_BOTH_DIRECTORY_INFO.
+          # @option opts [Fixnum] :end_of_file The byte offset to the end of the file.
+          # @option opts [Fixnum] :allocation_size The file allocation size in bytes.
+          # @option opts [Fixnum] :file_attributes The extended file attributes of the file.
+          # @option opts [String] :data The long name of the file.
+          # @return [Fixnum] The number of bytes returned to the client as response.
          def send_find_file_both_directory_info_res(c, opts = {})
            data = opts[:data] || ''
            search_count = opts[:search_count] || 0
@ -124,6 +148,12 @@ module Msf
            send_trans2_res(c, trans2_params, find_file)
          end

+          # Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_NAMES_INFO
+          # information level.
+          # @param c [Socket] The client to answer.
+          # @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
+          # @option opts [String] :data The long name of the file.
+          # @return [Fixnum] The number of bytes returned to the client as response.
          def send_find_file_names_info_res(c, opts = {})
            data = opts[:data] || ''

@ -145,6 +175,19 @@ module Msf
            send_trans2_res(c, trans2_params, find_file)
          end

+          # Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_FULL_DIRECTORY_INFO
+          # information level.
+          #
+          # @param c [Socket] The client to answer.
+          # @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
+          # @option opts [Fixnum] :search_count The number of entries returned by the search.
+          # @option opts [Fixnum] :end_of_search 0 if search continues or nonzero otherwise.
+          # @option opts [Fixnum] :ea_error_offset should be 0 for SMB_FIND_FILE_FULL_DIRECTORY_INFO.
+          # @option opts [Fixnum] :end_of_file The byte offset to the end of the file.
+          # @option opts [Fixnum] :allocation_size The file allocation size in bytes.
+          # @option opts [Fixnum] :file_attributes The extended file attributes of the file.
+          # @option opts [String] :data The long name of the file.
+          # @return [Fixnum] The number of bytes returned to the client as response.
          def send_find_full_directory_info_res(c, opts = {})
            data = opts[:data] || ''
            search_count = opts[:search_count] || 0