Add specs for SMB_FIND_FILE_BOTH_DIRECTORY_INFO requests

2015-03-03 12:43:41 -06:00 · 2015-03-03 12:43:41 -06:00 · 8328c5c5e9
parent 597f99ade9
commit 8328c5c5e9
2 changed files with 28 additions and 3 deletions
--- a/lib/rex/proto/smb/constants.rb
+++ b/lib/rex/proto/smb/constants.rb
@ -1360,17 +1360,20 @@ class Constants
    ['Parameters', 'ByteCount',  nil, true]
  )

+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_PATH_INFO responses
  SMB_TRANS2_QUERY_PATH_PARAMETERS = Rex::Struct2::CStructTemplate.new(
    ['uint16v', 'InformationLevel', 0],
    ['uint32v', 'Reserved',         0],
    ['string',  'FileName', nil,   '']
  )

+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_FILE_INFO responses
  SMB_TRANS2_QUERY_FILE_PARAMETERS = Rex::Struct2::CStructTemplate.new(
    ['uint16v', 'FID',              0],
    ['uint16v', 'InformationLevel', 0]
  )

+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 FIND_FIRST2 responses
  SMB_TRANS2_FIND_FIRST2_PARAMETERS = Rex::Struct2::CStructTemplate.new(
    ['uint16v', 'SearchAttributes',  0],
    ['uint16v', 'SearchCount',       0],
@ -1380,6 +1383,7 @@ class Constants
    ['string',  'FileName', nil,   '']
  )

+  # A template for SMB Tree Connect commands in responses
  SMB_TREE_CONN_ANDX_RES_PKT = Rex::Struct2::CStructTemplate.new(
    ['uint8',   'WordCount',         0],
    ['uint8',   'AndXCommand',       0],
--- a/spec/lib/msf/core/exploit/smb/server/share/command/trans2/find_first2_spec.rb
+++ b/spec/lib/msf/core/exploit/smb/server/share/command/trans2/find_first2_spec.rb
@ -22,9 +22,11 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
    ""
  end

-  let(:valid_find_file_both_directory_info_request) do
-    ""
+  let(:valid_find_file_both_directory_info_params) do
+    "\x16\x00\x56\x05\x07\x00\x04\x01\x00\x00\x00\x00\x5c\x00\x74\x00" +
+    "\x65\x00\x73\x00\x74\x00\x2e\x00\x65\x00\x78\x00\x65\x00\x00\x00"
  end
+  let(:find_file_both_directory_info_res_length) { 179 }

  let(:valid_find_file_full_directory_info_request) do
    ""
@ -53,8 +55,27 @@ describe Msf::Exploit::Remote::SMB::Server::Share do

  describe "#smb_cmd_trans2_find_first2" do

-    context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO request" do
+    context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO parameters" do
+      it "returns the number of bytes answered" do
+        expect(mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)).to eq(find_file_both_directory_info_res_length)
+      end

+      it "send TRANSACTIONS2 response with the file name found in the SMB_Data" do
+        mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)
+        client.seek(0)
+        res = client.read
+
+        trans2_res = Rex::Proto::SMB::Constants::SMB_TRANS_RES_PKT.make_struct
+        trans2_res.from_s(res)
+        param_count = trans2_res['Payload'].v['ParamCount']
+        data_count = trans2_res['Payload'].v['DataCount']
+
+        data  = trans2_res['Payload'].v['SetupData'][2 + param_count, data_count]
+        smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR.make_struct
+        smb_data.from_s(data)
+
+        expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.file_name))
+      end
    end
  end