Add specs for SMB_FIND_FILE_BOTH_DIRECTORY_INFO requests
This commit is contained in:
parent
597f99ade9
commit
8328c5c5e9
|
@ -1360,17 +1360,20 @@ class Constants
|
|||
['Parameters', 'ByteCount', nil, true]
|
||||
)
|
||||
|
||||
# A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_PATH_INFO responses
|
||||
SMB_TRANS2_QUERY_PATH_PARAMETERS = Rex::Struct2::CStructTemplate.new(
|
||||
['uint16v', 'InformationLevel', 0],
|
||||
['uint32v', 'Reserved', 0],
|
||||
['string', 'FileName', nil, '']
|
||||
)
|
||||
|
||||
# A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_FILE_INFO responses
|
||||
SMB_TRANS2_QUERY_FILE_PARAMETERS = Rex::Struct2::CStructTemplate.new(
|
||||
['uint16v', 'FID', 0],
|
||||
['uint16v', 'InformationLevel', 0]
|
||||
)
|
||||
|
||||
# A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 FIND_FIRST2 responses
|
||||
SMB_TRANS2_FIND_FIRST2_PARAMETERS = Rex::Struct2::CStructTemplate.new(
|
||||
['uint16v', 'SearchAttributes', 0],
|
||||
['uint16v', 'SearchCount', 0],
|
||||
|
@ -1380,6 +1383,7 @@ class Constants
|
|||
['string', 'FileName', nil, '']
|
||||
)
|
||||
|
||||
# A template for SMB Tree Connect commands in responses
|
||||
SMB_TREE_CONN_ANDX_RES_PKT = Rex::Struct2::CStructTemplate.new(
|
||||
['uint8', 'WordCount', 0],
|
||||
['uint8', 'AndXCommand', 0],
|
||||
|
|
|
@ -22,9 +22,11 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
|||
""
|
||||
end
|
||||
|
||||
let(:valid_find_file_both_directory_info_request) do
|
||||
""
|
||||
let(:valid_find_file_both_directory_info_params) do
|
||||
"\x16\x00\x56\x05\x07\x00\x04\x01\x00\x00\x00\x00\x5c\x00\x74\x00" +
|
||||
"\x65\x00\x73\x00\x74\x00\x2e\x00\x65\x00\x78\x00\x65\x00\x00\x00"
|
||||
end
|
||||
let(:find_file_both_directory_info_res_length) { 179 }
|
||||
|
||||
let(:valid_find_file_full_directory_info_request) do
|
||||
""
|
||||
|
@ -53,8 +55,27 @@ describe Msf::Exploit::Remote::SMB::Server::Share do
|
|||
|
||||
describe "#smb_cmd_trans2_find_first2" do
|
||||
|
||||
context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO request" do
|
||||
context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO parameters" do
|
||||
it "returns the number of bytes answered" do
|
||||
expect(mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)).to eq(find_file_both_directory_info_res_length)
|
||||
end
|
||||
|
||||
it "send TRANSACTIONS2 response with the file name found in the SMB_Data" do
|
||||
mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)
|
||||
client.seek(0)
|
||||
res = client.read
|
||||
|
||||
trans2_res = Rex::Proto::SMB::Constants::SMB_TRANS_RES_PKT.make_struct
|
||||
trans2_res.from_s(res)
|
||||
param_count = trans2_res['Payload'].v['ParamCount']
|
||||
data_count = trans2_res['Payload'].v['DataCount']
|
||||
|
||||
data = trans2_res['Payload'].v['SetupData'][2 + param_count, data_count]
|
||||
smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR.make_struct
|
||||
smb_data.from_s(data)
|
||||
|
||||
expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.file_name))
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in New Issue