Add documentation for FIND information levels
This commit is contained in:
parent
0d8632dae9
commit
750022806b
|
@ -4,30 +4,32 @@ module Msf
|
||||||
module Exploit::Remote::SMB::Server
|
module Exploit::Remote::SMB::Server
|
||||||
module Share
|
module Share
|
||||||
module InformationLevel
|
module InformationLevel
|
||||||
# This mixin provides methods to handle TRAN2_FIND_FIRST2 requests
|
|
||||||
# with Find information levels
|
|
||||||
module Find
|
module Find
|
||||||
|
|
||||||
# Responds to FIND_FIRST2 requests with Information Level: Find File Both Directory Info
|
# Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_BOTH_DIRECTORY_INFO
|
||||||
def smb_cmd_find_file_both_directory_info(c, payload)
|
# Information Level.
|
||||||
|
#
|
||||||
|
# @param c [Socket] The client sending the request.
|
||||||
|
# @param path [String] The path which the client is requesting info from.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
|
def smb_cmd_find_file_both_directory_info(c, path)
|
||||||
|
|
||||||
if payload && payload.include?(file_name)
|
if path && path.include?(file_name)
|
||||||
data = Rex::Text.to_unicode(file_name)
|
data = Rex::Text.to_unicode(file_name)
|
||||||
length = exe_contents.length
|
length = exe_contents.length
|
||||||
ea = 0
|
ea = 0
|
||||||
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL
|
||||||
search = 1
|
search = 1
|
||||||
elsif payload && payload == path_name
|
elsif path && path == path_name
|
||||||
data = Rex::Text.to_unicode(path)
|
data = Rex::Text.to_unicode(path_name)
|
||||||
length = 0
|
length = 0
|
||||||
ea = 0x21
|
ea = 0x21
|
||||||
alloc = 0 # 0Mb
|
alloc = 0 # 0Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
search = 0x100
|
search = 0x100
|
||||||
else
|
else
|
||||||
smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
||||||
return
|
|
||||||
end
|
end
|
||||||
|
|
||||||
send_find_file_both_directory_info_res(c, {
|
send_find_file_both_directory_info_res(c, {
|
||||||
|
@ -41,11 +43,16 @@ module Msf
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
# Responds to FIND_FIRST2 requests with information level Find File Names Info
|
# Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_NAMES_INFO
|
||||||
def smb_cmd_find_file_names_info(c, payload)
|
# Information Level.
|
||||||
if payload && payload.include?(file_name)
|
#
|
||||||
|
# @param c [Socket] The client sending the request.
|
||||||
|
# @param path [String] The path which the client is requesting info from.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
|
def smb_cmd_find_file_names_info(c, path)
|
||||||
|
if path && path.include?(file_name)
|
||||||
data = Rex::Text.to_unicode(file_name)
|
data = Rex::Text.to_unicode(file_name)
|
||||||
elsif payload && payload == path_name
|
elsif path && path == path_name
|
||||||
data = Rex::Text.to_unicode(path_name)
|
data = Rex::Text.to_unicode(path_name)
|
||||||
else
|
else
|
||||||
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
||||||
|
@ -54,25 +61,29 @@ module Msf
|
||||||
send_find_file_names_info_res(c, { data: data })
|
send_find_file_names_info_res(c, { data: data })
|
||||||
end
|
end
|
||||||
|
|
||||||
# Responds to FIND_FIRST2 requests with information level Find File Full Directory Info
|
# Handles a TRANS2_FIND_FIRST2 transaction request with SMB_FIND_FILE_FULL_DIRECTORY_INFO
|
||||||
def smb_cmd_find_file_full_directory_info(c, payload)
|
# Information Level.
|
||||||
if payload && payload.include?(file_name)
|
#
|
||||||
|
# @param c [Socket] The client sending the request.
|
||||||
|
# @param path [String] The path which the client is requesting info from.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
|
def smb_cmd_find_file_full_directory_info(c, path)
|
||||||
|
if path && path.include?(file_name)
|
||||||
data = Rex::Text.to_unicode(file_name)
|
data = Rex::Text.to_unicode(file_name)
|
||||||
length = exe_contents.length
|
length = exe_contents.length
|
||||||
ea = 0
|
ea = 0
|
||||||
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
alloc = 1048576 # Allocation Size = 1048576 || 1Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File
|
attrib = CONST::SMB_EXT_FILE_ATTR_NORMAL # File
|
||||||
search = 0x100
|
search = 0x100
|
||||||
elsif payload && payload == path_name
|
elsif path && path == path_name
|
||||||
data = path
|
data = path_name
|
||||||
length = 0
|
length = 0
|
||||||
ea = 0x21
|
ea = 0x21
|
||||||
alloc = 0 # 0Mb
|
alloc = 0 # 0Mb
|
||||||
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
attrib = CONST::SMB_EXT_FILE_ATTR_DIRECTORY
|
||||||
search = 1
|
search = 1
|
||||||
else
|
else
|
||||||
smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
return smb_error(CONST::SMB_COM_TRANSACTION2, c, CONST::SMB_STATUS_NO_SUCH_FILE, true)
|
||||||
return
|
|
||||||
end
|
end
|
||||||
|
|
||||||
send_find_full_directory_info_res(c, {
|
send_find_full_directory_info_res(c, {
|
||||||
|
@ -86,6 +97,19 @@ module Msf
|
||||||
})
|
})
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_BOTH_DIRECTORY_INFO
|
||||||
|
# information level.
|
||||||
|
#
|
||||||
|
# @param c [Socket] The client to answer.
|
||||||
|
# @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
|
||||||
|
# @option opts [Fixnum] :search_count The number of entries returned by the search.
|
||||||
|
# @option opts [Fixnum] :end_of_search 0 if search continues or nonzero otherwise.
|
||||||
|
# @option opts [Fixnum] :ea_error_offset should be 0 for SMB_FIND_FILE_BOTH_DIRECTORY_INFO.
|
||||||
|
# @option opts [Fixnum] :end_of_file The byte offset to the end of the file.
|
||||||
|
# @option opts [Fixnum] :allocation_size The file allocation size in bytes.
|
||||||
|
# @option opts [Fixnum] :file_attributes The extended file attributes of the file.
|
||||||
|
# @option opts [String] :data The long name of the file.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
def send_find_file_both_directory_info_res(c, opts = {})
|
def send_find_file_both_directory_info_res(c, opts = {})
|
||||||
data = opts[:data] || ''
|
data = opts[:data] || ''
|
||||||
search_count = opts[:search_count] || 0
|
search_count = opts[:search_count] || 0
|
||||||
|
@ -124,6 +148,12 @@ module Msf
|
||||||
send_trans2_res(c, trans2_params, find_file)
|
send_trans2_res(c, trans2_params, find_file)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_NAMES_INFO
|
||||||
|
# information level.
|
||||||
|
# @param c [Socket] The client to answer.
|
||||||
|
# @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
|
||||||
|
# @option opts [String] :data The long name of the file.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
def send_find_file_names_info_res(c, opts = {})
|
def send_find_file_names_info_res(c, opts = {})
|
||||||
data = opts[:data] || ''
|
data = opts[:data] || ''
|
||||||
|
|
||||||
|
@ -145,6 +175,19 @@ module Msf
|
||||||
send_trans2_res(c, trans2_params, find_file)
|
send_trans2_res(c, trans2_params, find_file)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Builds and sends an TRANS2_FIND_FIRST2 response with SMB_FIND_FILE_FULL_DIRECTORY_INFO
|
||||||
|
# information level.
|
||||||
|
#
|
||||||
|
# @param c [Socket] The client to answer.
|
||||||
|
# @param opts [Hash{Symbol => <Fixnum, String>}] Response custom values.
|
||||||
|
# @option opts [Fixnum] :search_count The number of entries returned by the search.
|
||||||
|
# @option opts [Fixnum] :end_of_search 0 if search continues or nonzero otherwise.
|
||||||
|
# @option opts [Fixnum] :ea_error_offset should be 0 for SMB_FIND_FILE_FULL_DIRECTORY_INFO.
|
||||||
|
# @option opts [Fixnum] :end_of_file The byte offset to the end of the file.
|
||||||
|
# @option opts [Fixnum] :allocation_size The file allocation size in bytes.
|
||||||
|
# @option opts [Fixnum] :file_attributes The extended file attributes of the file.
|
||||||
|
# @option opts [String] :data The long name of the file.
|
||||||
|
# @return [Fixnum] The number of bytes returned to the client as response.
|
||||||
def send_find_full_directory_info_res(c, opts = {})
|
def send_find_full_directory_info_res(c, opts = {})
|
||||||
data = opts[:data] || ''
|
data = opts[:data] || ''
|
||||||
search_count = opts[:search_count] || 0
|
search_count = opts[:search_count] || 0
|
||||||
|
|
Loading…
Reference in New Issue