Protocols: minor changes

HTTP: added random server version (Apache/..), current time
HTTPS: inherit HTTP
SIP: placerholder
SMB: added random server versions, possibility to change pc name, etc.

minor changes

src/de/tudarmstadt/informatik/hostage/format/TELNETFormatter.java

@@ -18,152 +18,82 @@ public class TELNETFormatter implements ProtocolFormatter {
 
 	/**
 	 * Checks a packet for option commands and returns their names as Strings.
-	 * 
-	 * @param bytes
-	 *            that are checked.
+	 * @param bytes that are checked.
 	 * @return names of the option commands as String.
 	 */
 	private String checkForOptions(byte[] bytes) {
 		StringBuffer options = new StringBuffer();
 		for (int i = 0; i < bytes.length; i++) {
 			if (bytes[i] == (byte) 0xff && i + 2 < bytes.length) {
-				switch (bytes[i + 1]) {
-				case (byte) 0xfb:
-					options.append(" WILL ");
-					break;
-				case (byte) 0xfc:
-					options.append(" WON'T ");
-					break;
-				case (byte) 0xfd:
-					options.append(" DO ");
-					break;
-				case (byte) 0xfe:
-					options.append(" DON'T ");
-					break;
-				default:
-					options.append(" unkown command ");
-					break;
-				}
+				options.append(checkMode(bytes[i + 1]));
 				// option name
-				switch (bytes[i + 2]) {
-				case 0x00:
-					options.append("Binary Transmission\n");
-					break;
-				case 0x01:
-					options.append("Echo\n");
-					break;
-				case 0x02:
-					options.append("Reconnection\n");
-					break;
-				case 0x03:
-					options.append("Suppress Go Ahead\n");
-					break;
-				case 0x04:
-					options.append("Approx Message Size Negotiation\n");
-					break;
-				case 0x05:
-					options.append("Status\n");
-					break;
-				case 0x06:
-					options.append("Timing Mark\n");
-					break;
-				case 0x07:
-					options.append("Remote Controlled Trans and Echo\n");
-					break;
-				case 0x08:
-					options.append("Output Line Width\n");
-					break;
-				case 0x09:
-					options.append("Output Page Size\n");
-					break;
-				case 0x0a:
-					options.append("Output Carriage-Return Disposition\n");
-					break;
-				case 0x0b:
-					options.append("Output Horizontal Tab Stops\n");
-					break;
-				case 0x0c:
-					options.append("Output Horizontal Tab Disposition\n");
-					break;
-				case 0x0d:
-					options.append("Output Formfeed Disposition\n");
-					break;
-				case 0x0e:
-					options.append("Output Vertical Tabstops\n");
-					break;
-				case 0x0f:
-					options.append("Output Vertical Tab Disposition\n");
-					break;
-				case 0x10:
-					options.append("Output Linefeed Disposition\n");
-					break;
-				case 0x11:
-					options.append("Extended ASCII\n");
-					break;
-				case 0x12:
-					options.append("Logout\n");
-					break;
-				case 0x13:
-					options.append("Byte Macro\n");
-					break;
-				case 0x14:
-					options.append("Data Entry Terminal\n");
-					break;
-				case 0x15:
-					options.append("SUPDUP\n");
-					break;
-				case 0x16:
-					options.append("SUPDUP Output\n");
-					break;
-				case 0x17:
-					options.append("Send Location\n");
-					break;
-				case 0x18:
-					options.append("Terminal Type\n");
-					break;
-				case 0x19:
-					options.append("End of Record\n");
-					break;
-				case 0x1a:
-					options.append("TACACS User Identification\n");
-					break;
-				case 0x1b:
-					options.append("Output Marking\n");
-					break;
-				case 0x1c:
-					options.append("Terminal Location Number\n");
-					break;
-				case 0x1d:
-					options.append("Telnet 3270 Regime\n");
-					break;
-				case 0x1e:
-					options.append("X.3 PAD\n");
-					break;
-				case 0x1f:
-					options.append("Negotiate About Window Size\n");
-					break;
-				case 0x20:
-					options.append("Terminal Speed\n");
-					break;
-				case 0x21:
-					options.append("Remote Flow Control\n");
-					break;
-				case 0x22:
-					options.append("Linemode\n");
-					break;
-				case 0x23:
-					options.append("X Display Location\n");
-					break;
-				case (byte) 0xff:
-					options.append("Extended-Options-List\n");
-					break;
-				default:
-					options.append("unknown option\n");
-					break;
-				}
+				options.append(checkCommand(bytes[i + 2]));
 			}
 		}
 		return options.toString();
 	}
+	
+	/**
+	 * Checks a byte for its mode value.
+	 * @param b byte that is checked.
+	 * @return name of the mode.
+	 */
+	private String checkMode(byte b) {
+		switch (b) {
+		case (byte) 0xfb:	return " WILL ";
+		case (byte) 0xfc:	return " WON'T ";
+		case (byte) 0xfd:	return " DO ";
+		case (byte) 0xfe:	return " DON'T ";
+		default:			return " unkown command ";
+		}
+	}
+	
+	/**
+	 * Checks a byte for its command value.
+	 * @param b byte that is checked.
+	 * @return name of the command.
+	 */
+	private String checkCommand(byte b) {
+		switch (b) {
+		case 0x00:	return "Binary Transmission\n";
+		case 0x01:	return "Echo\n";
+		case 0x02:	return "Reconnection\n";
+		case 0x03:	return "Suppress Go Ahead\n";
+		case 0x04:	return "Approx Message Size Negotiation\n";
+		case 0x05:	return "Status\n";
+		case 0x06:	return "Timing Mark\n";
+		case 0x07:	return "Remote Controlled Trans and Echo\n";
+		case 0x08:	return "Output Line Width\n";
+		case 0x09:	return "Output Page Size\n";
+		case 0x0a:	return "Output Carriage-Return Disposition\n";
+		case 0x0b:	return "Output Horizontal Tab Stops\n";
+		case 0x0c:	return "Output Horizontal Tab Disposition\n";
+		case 0x0d:	return "Output Formfeed Disposition\n";
+		case 0x0e:	return "Output Vertical Tabstops\n";
+		case 0x0f:	return "Output Vertical Tab Disposition\n";
+		case 0x10:	return "Output Linefeed Disposition\n";
+		case 0x11:	return "Extended ASCII\n";
+		case 0x12:	return "Logout\n";
+		case 0x13:	return "Byte Macro\n";
+		case 0x14:	return "Data Entry Terminal\n";
+		case 0x15:	return "SUPDUP\n";
+		case 0x16:	return "SUPDUP Output\n";
+		case 0x17:	return "Send Location\n";
+		case 0x18:	return "Terminal Type\n";
+		case 0x19:	return "End of Record\n";
+		case 0x1a:	return "TACACS User Identification\n";
+		case 0x1b:	return "Output Marking\n";
+		case 0x1c:	return "Terminal Location Number\n";
+		case 0x1d:	return "Telnet 3270 Regime\n";
+		case 0x1e:	return "X.3 PAD\n";
+		case 0x1f:	return "Negotiate About Window Size\n";
+		case 0x20:	return "Terminal Speed\n";
+		case 0x21:	return "Remote Flow Control\n";
+		case 0x22:	return "Linemode\n";
+		case 0x23:	return "X Display Location\n";
+		case (byte) 0xff:	return "Extended-Options-List\n";
+		default:	return "unknown option\n";
+		}
+	}
 
 }

src/de/tudarmstadt/informatik/hostage/protocol/ECHO.java

@@ -24,7 +24,6 @@ public class ECHO implements Protocol<ByteArray>{
 	
 	public List<ByteArray> processMessage(ByteArray message) {
 		List<ByteArray> response = new ArrayList<ByteArray>();
-		//respond with the received message
 		response.add(message);
 		return response;
 	}

src/de/tudarmstadt/informatik/hostage/protocol/FTP.java

@@ -7,7 +7,7 @@ import java.util.List;
  * FTP protocol
  * @author Wulf Pfeiffer
  */
-public final class FTP implements Protocol<String> {
+public class FTP implements Protocol<String> {
 	/**
 	 * Represents the states of the protocol
 	 */
@@ -92,7 +92,6 @@ public final class FTP implements Protocol<String> {
 	private String c421 = "421 Service not available, closing control connection.";
 	private String c500 = "500 Syntax error, command unrecognized.";
 	private String c501 = "501 Syntax error in parameters or arguments";
-
 	
 	public boolean isClosed() {
 		return state == STATE.CLOSED;

src/de/tudarmstadt/informatik/hostage/protocol/HTTP.java

@@ -1,13 +1,18 @@
 package de.tudarmstadt.informatik.hostage.protocol;
 
+import java.security.SecureRandom;
+import java.text.SimpleDateFormat;
 import java.util.ArrayList;
+import java.util.Calendar;
 import java.util.List;
+import java.util.Locale;
+import java.util.TimeZone;
 
 /**
  * HTTP protocol
  * @author Wulf Pfeiffer
  */
-public final class HTTP implements Protocol<String> {
+public class HTTP implements Protocol<String> {
 	
 	
 	public int getPort() {
@@ -35,11 +40,11 @@ public final class HTTP implements Protocol<String> {
 		} else if(message.contains(options)){
 			response.add(buildPacket(c400, options));
 		} else if(message.contains(post)){
-			response.add(buildPacket(c400, post));
+			response.add(buildPacket(c200, post));
 		} else if(message.contains(put)){
 			response.add(buildPacket(c400, put));
 		} else if(message.contains(delete)){
-			response.add(buildPacket(c400, delete));
+			response.add(buildPacket(c200, delete));
 		} else if(message.contains(connect)){
 			response.add(buildPacket(c400, connect));
 		} else {
@@ -77,34 +82,58 @@ public final class HTTP implements Protocol<String> {
 	private String buildPacket(String code, String type) {
 		String doc = "";
 		if(type.equals(get)) doc = htmlDoc;
-		else if(type.equals(head)) doc = "";
+		else if(type.equals(head) || type.equals(delete)) doc = "";
 		else if(type.equals(trace)) doc = request;
-		else doc = errorHtmlPrefix + code + errorHtmlSuffix;
-		
-		return version + code + headerPrefix + doc.length() + headerSuffix + doc;
-	}
+		else doc = errorHtmlPrefix + " " + code + errorHtmlSuffix;
 
-	/** Whole request that was sent by the client */
-	private String request	= "";
-	private String version	= "HTTP/1.1";
-	//request codes
-	private String options 	= "OPTIONS";
-	private String get 		= "GET";
-	private String head 	= "HEAD";
-	private String post		= "POST";
-	private String put		= "PUT";
-	private String delete	= "DELETE";
-	private String trace	= "TRACE";
-	private String connect	= "CONNECT";
-	//response codes
-	private String c200 	= " 200 OK\r\n";
-	private String c400 	= " 400 Bad Request\r\n";
-	private String c505 	= " 505 HTTP Version not supported\r\n";
+		return version + " " + code + headerPrefix + doc.length() + headerSuffix + doc;
+	}
 	
+	/**
+	 * Get the current time in html header format.
+	 * @return the formatted server time.
+	 */
+	private String getServerTime() {
+	    Calendar calendar = Calendar.getInstance();
+	    SimpleDateFormat dateFormat = new SimpleDateFormat(
+	        "EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
+	    dateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
+	    return dateFormat.format(calendar.getTime());
+	}
+	
+	private String getQuote() {
+//		String[] sources = new String[]{"djxmmx.net", "ota.iambic.com", "alpha.mike-r.com", "electricbiscuit.org"};
+//		SecureRandom rndm = new SecureRandom();
+//		StringBuffer sb = new StringBuffer();
+//		try {
+//			Socket client = new Socket(sources[rndm.nextInt(4)], 17);
+//			BufferedReader in = new BufferedReader(new InputStreamReader(client.getInputStream()));		
+//			while(!in.ready());
+//			while(in.ready()) {
+//				sb.append(in.readLine());
+//			}
+//			in.close();
+//			client.close();
+//		} catch (Exception e) {
+//			e.printStackTrace();
+//		}
+//		return sb.toString();
+		return "";
+	}
+	
+	private String[][][] possibleVersions = {
+			{{"Apache/2.0."},{"28","32","35","36","39","40","42","43","44","45","46","47","48","49","50","51","52","53","54","55","58","59","61","63","64","65"}},
+			{{"Apache/2.2."},{"0","2","3","4","6","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23","24","25"}},
+			{{"Apache/2.3."},{"4","5","6","8","10","11","12","14","15","16"}},
+			{{"Apache/2.4."},{"1","2","3","4","6"}}
+	};
+	private SecureRandom rndm = new SecureRandom();
+	private int majorVersion = rndm.nextInt(3);
+	private final String serverVersion = possibleVersions[majorVersion][0][0] + possibleVersions[majorVersion][1][rndm.nextInt(possibleVersions[majorVersion][1].length)];
 	//html header pre and suffix
-	private String headerPrefix =				
-			"Date: Mon, 01 Jul 2013 18:27:55 GMT\r\n" +
-			"Server: Apache/2.2.22 (Debian)\r\n" +
+	private final String headerPrefix =				
+			"Date: " + getServerTime() + "\r\n" +
+			"Server: " + serverVersion + " \r\n" +
 			"Vary: Accept-Encoding\r\n" +
 			"Content-Length: ";
 	private String headerSuffix =
@@ -119,12 +148,8 @@ public final class HTTP implements Protocol<String> {
 			"<html lang=\"en\">\n" +
 			"<head>\n" +
 			"<meta charset=\"UTF-8\">\n" +
-			"<title>Test successful</title>\n" +
+			"<title>" + getQuote() + "</title>\n" +
 			"</head>\n" +
-			"<body>\n" +
-			"<h1>Test successful</h1>\n" +
-			"<p>Congratulations.</p>\n" +
-			"</body>\n" +
 			"</html>";
 	//html error pre and suffix
 	private String errorHtmlPrefix =
@@ -136,7 +161,21 @@ public final class HTTP implements Protocol<String> {
 	private String errorHtmlSuffix =
 			"</title>\n" +
 			"</head>\n" +
-			"<body>\n" +
-			"</body>\n" +
 			"</html>";
+	
+	/** Whole request that was sent by the client */
+	private String request	= "";
+	private String version	= "HTTP/1.1";
+	//request codes
+	private String options 	= "OPTIONS";
+	private String get 		= "GET";
+	private String head 	= "HEAD";
+	private String post		= "POST";
+	private String put		= "PUT";
+	private String delete	= "DELETE";
+	private String trace	= "TRACE";
+	private String connect	= "CONNECT";
+	private String c200 	= "200 OK\r\n";
+	private String c400 	= "400 Bad Request\r\n";
+	private String c505 	= "505 HTTP Version not supported\r\n";
 }

src/de/tudarmstadt/informatik/hostage/protocol/HTTPS.java

@@ -1,9 +1,6 @@
 package de.tudarmstadt.informatik.hostage.protocol;
 
 import java.security.KeyStore;
-import java.util.ArrayList;
-import java.util.List;
-
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
 
@@ -13,68 +10,23 @@ import de.tudarmstadt.informatik.hostage.ui.MainActivity;
  * HTTPS protocol
  * @author Wulf Pfeiffer
  */
-public class HTTPS implements SSLProtocol<String> {
+public class HTTPS extends HTTP implements SSLProtocol<String> {
 
-	
+	@Override
 	public int getPort() {
 		return 443;
 	}
-
-	
-	public TALK_FIRST whoTalksFirst() {
-		return TALK_FIRST.CLIENT;
-	}
-	
-	
-	public List<String> processMessage(String message) {
-		List<String> response = new ArrayList<String>();
-		request = message + request;
-
-		if(!message.contains(version)){
-			response.add(buildPacket(c505, ""));
-		} else if(message.contains(get)) {
-			response.add(buildPacket(c200, get));
-		} else if(message.contains(head)) {
-			response.add(buildPacket(c200, head));
-		} else if(message.contains(trace)){
-			response.add(buildPacket(c200, trace));
-		} else if(message.contains(options)){
-			response.add(buildPacket(c400, options));
-		} else if(message.contains(post)){
-			response.add(buildPacket(c400, post));
-		} else if(message.contains(put)){
-			response.add(buildPacket(c400, put));
-		} else if(message.contains(delete)){
-			response.add(buildPacket(c400, delete));
-		} else if(message.contains(connect)){
-			response.add(buildPacket(c400, connect));
-		} else {
-			response.add(buildPacket(c400, ""));
-		}
-		return response;
-	}
-
-	
-	public boolean isClosed() {
-		return true;
-	}
-
 	
+	@Override
 	public boolean isSecure() {
 		return true;
 	}
-
-	
-	public Class<String> getType() {
-		return String.class;
-	}
-
 	
+	@Override
 	public String toString() {
 		return "HTTPS";
 	}
 	
-	
 	public SSLContext getSSLContext() {
 		String ksName = "https_cert.bks";
 		char ksPass[] = "password".toCharArray();
@@ -89,7 +41,6 @@ public class HTTPS implements SSLProtocol<String> {
 		} catch (Exception e) {
 			e.printStackTrace();
 		}
-
 		SSLContext sslcontext = null;
 		try {
 			sslcontext = SSLContext.getInstance("SSLv3");
@@ -99,76 +50,5 @@ public class HTTPS implements SSLProtocol<String> {
 		}
 		return sslcontext;
 	}
-
-	/**
-	 * Builds a html response that can be sent
-	 * @param code response code that was determined
-	 * @param type request type that was sent by the client
-	 * @return the html response
-	 */
-	private String buildPacket(String code, String type) {
-		String doc = "";
-		if(type.equals(get)) doc = htmlDoc;
-		else if(type.equals(head)) doc = "";
-		else if(type.equals(trace)) doc = request;
-		else doc = errorHtmlPrefix + code + errorHtmlSuffix;
-		
-		return version + code + headerPrefix + doc.length() + headerSuffix + doc;
-	}
-
-	/** Whole request that was sent by the client */
-	private String request	= "";
-	private String version	= "HTTP/1.1";
-	//request codes
-	private String options 	= "OPTIONS";
-	private String get 		= "GET";
-	private String head 	= "HEAD";
-	private String post		= "POST";
-	private String put		= "PUT";
-	private String delete	= "DELETE";
-	private String trace	= "TRACE";
-	private String connect	= "CONNECT";
-	//response codes
-	private String c200 	= " 200 OK\r\n";
-	private String c400 	= " 400 Bad Request\r\n";
-	private String c505 	= " 505 HTTP Version not supported\r\n";
 	
-	//html header pre and suffix
-	private String headerPrefix =				
-			"Date: Mon, 01 Jul 2013 18:27:55 GMT\r\n" +
-			"Server: Apache/2.2.22 (Debian)\r\n" +
-			"Vary: Accept-Encoding\r\n" +
-			"Content-Length: ";
-	private String headerSuffix =
-			"\r\n" +	
-			"Keep-Alive: timeout=5, max=100\r\n" +
-			"Connection: Keep-Alive\r\n" +
-			"Content-Type: text/html\r\n" +
-			"\r\n";
-	//html website
-	private String htmlDoc = 
-			"<!doctype html>\n" +
-			"<html lang=\"en\">\n" +
-			"<head>\n" +
-			"<meta charset=\"UTF-8\">\n" +
-			"<title>Test successful</title>\n" +
-			"</head>\n" +
-			"<body>\n" +
-			"<h1>Test successful</h1>\n" +
-			"<p>Congratulations.</p>\n" +
-			"</body>\n" +
-			"</html>";
-	//html error pre and suffix
-	private String errorHtmlPrefix =
-			"<!doctype html>\n" +
-			"<html lang=\"en\">\n" +
-			"<head>\n" +
-			"<meta charset=\"UTF-8\">\n" +
-			"<title>";
-	private String errorHtmlSuffix =
-			"</title>\n" +
-			"</head>\n" +
-			"<body>\n" +
-			"</body>\n" +
-			"</html>";
 }

src/de/tudarmstadt/informatik/hostage/protocol/MySQL.java

@@ -1,9 +1,9 @@
 package de.tudarmstadt.informatik.hostage.protocol;
 
 import java.nio.ByteBuffer;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
 import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
 
@@ -98,8 +98,9 @@ public class MySQL implements Protocol<ByteArray>{
 	 * @return greeting packet
 	 */
 	private byte[] greeting() {
+		SecureRandom rndm = new SecureRandom();
 		byte[] protocol = {0x0a};
-		String version = "5.5.31-0+wheezy1";
+		String version = "5." + (rndm.nextInt(1)+5) + "." + (rndm.nextInt(13)+1);	//Randomize Version: 5.(5-6).(2-14)
 		byte[] versionFin = {0x00};
 		byte[] thread = {0x2a, 0x00, 0x00, 0x00};
 		byte[] salt = {0x44, 0x64, 0x49, 0x7e, 0x60, 0x48, 0x25, 0x7e, 0x00};

src/de/tudarmstadt/informatik/hostage/protocol/SIP.java

@@ -0,0 +1,35 @@
+package de.tudarmstadt.informatik.hostage.protocol;
+
+import java.util.List;
+
+import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
+
+public class SIP implements Protocol<ByteArray> {
+
+	public int getPort() {
+		return 5060;
+	}
+
+	public TALK_FIRST whoTalksFirst() {
+		return TALK_FIRST.CLIENT;
+	}
+
+	public List<ByteArray> processMessage(ByteArray message) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	public boolean isClosed() {
+		// TODO Auto-generated method stub
+		return true;
+	}
+
+	public boolean isSecure() {
+		return false;
+	}
+
+	public Class<ByteArray> getType() {
+		return ByteArray.class;
+	}
+
+}

src/de/tudarmstadt/informatik/hostage/protocol/SMB.java

@@ -1,10 +1,10 @@
 package de.tudarmstadt.informatik.hostage.protocol;
 
 import java.nio.ByteBuffer;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Calendar;
 import java.util.List;
-import java.util.Random;
 import java.util.TimeZone;
 
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
@@ -14,7 +14,7 @@ import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
  * SMB protocol
  * @author Wulf Pfeiffer
  */
-public final class SMB implements Protocol<ByteArray> {
+public class SMB implements Protocol<ByteArray> {
 	/**
 	 * Represents the states of the protocol
 	 */
@@ -164,7 +164,7 @@ public final class SMB implements Protocol<ByteArray> {
 	 */
 	private byte[] randomBytes(int size) {
 		byte[] bytes = new byte[size];
-		Random rdm = new Random();
+		SecureRandom rdm = new SecureRandom();
 		rdm.nextBytes(bytes);
 		return bytes;
 	}
@@ -173,9 +173,18 @@ public final class SMB implements Protocol<ByteArray> {
 	 * Denotes a SMB packet
 	 */
 	private class SMBPacket {
-		private byte[] message				= null; 
-		private final byte[] serverGUID		= randomBytes(16);
-		private boolean authenticateNext	= false;
+		private SecureRandom rndm 					= new SecureRandom();
+		private String[][] possibleVersions 	= { {"Windows Server 2008 R2 Enterprise 7600","Windows Server 2008 R2 Enterprise 6.1"},
+													{"Windows 7 Professional 7600","Windows 7 Professional 6.1"},
+													{"Windows 8 Enterprise 9200", "Windows 8 Enterprise 9200"},
+													{"Windows Server 2012 Standard 6.2", "Windows Server 2012 Standard 6.2"},
+//													{"Unix", "Samba"}
+		};
+		private byte[] serverName 				= fillWithZero("lalalalalala".getBytes());
+		private final String[] serverVersion	= possibleVersions[rndm.nextInt(possibleVersions.length)];
+		private byte[] message					= null; 
+		private final byte[] serverGUID			= randomBytes(16);
+		private boolean authenticateNext		= false;
 		//components of a SMB packet
 		private byte[] serverComp 		= new byte[4];
 		private byte[] smbCommand		= new byte[1];
@@ -307,47 +316,68 @@ public final class SMB implements Protocol<ByteArray> {
 		 * @return session setup challange packet
 		 */
 		private byte[] getSetupChal() {
-			byte[] wordCount		= {0x04};
-			byte[] andXCommand		= {(byte) 0xff};
-			byte[] reserved			= {0x00};
-			byte[] andXOffset		= {0x60, 0x01};
-			byte[] action			= {0x00, 0x00};
-			byte[] secBlobLength	= {(byte) 0xc7, 0x00};
-			byte[] byteCount		= {0x35, 0x01};
-			byte[] secBlob			= {(byte) 0xa1, (byte) 0x81, (byte) 0xc4};
-			byte[] negToken			= {0x30, (byte) 0x81, (byte) 0xc1, (byte) 0xa0, 0x03, 0x0a, 0x01};
-			byte[] negResult		= {0x01};
-			byte[] negToken2		= {(byte) 0xa1, 0x0c, 0x06, 0x0a};
-			byte[] supportedMech	= {0x2b, 0x06, 0x01, 0x04, 0x01, (byte) 0x82, 0x37, 0x02, 0x02, 0x0a};
-			byte[] negToken3		= {(byte) 0xa2, (byte) 0x81, (byte) 0xab, 0x04, (byte) 0x81, (byte) 0xa8};
-			byte[] respToken		= {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00, 0x02, 0x00, 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 
-										0x38, 0x00, 0x00, 0x00, 0x15, (byte) 0x82, (byte) 0x8a, 0x62};
-			byte[] challenge		= randomBytes(8);
-			byte[] respToken2		= {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x60, 0x00, 0x60, 0x00, 0x48, 0x00, 0x00, 0x00, 
-										0x06, 0x01, (byte) 0xb0, 0x1d, 0x00, 0x00, 0x00, 0x0f, 0x42, 0x00, 0x55, 0x00, 0x53, 0x00, 0x49, 0x00, 
-										0x4e, 0x00, 0x45, 0x00, 0x53, 0x00, 0x53, 0x00, 0x02, 0x00, 0x10, 0x00, 0x42, 0x00, 0x55, 0x00, 
-										0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x45, 0x00, 0x53, 0x00, 0x53, 0x00, 0x01, 0x00, 0x10, 0x00, 
-										0x42, 0x00, 0x55, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x45, 0x00, 0x53, 0x00, 0x53, 0x00, 
-										0x04, 0x00, 0x10, 0x00, 0x42, 0x00, 0x55, 0x00, 0x53, 0x00, 0x49, 0x00, 0x4e, 0x00, 0x45, 0x00, 
-										0x53, 0x00, 0x53, 0x00, 0x03, 0x00, 0x10, 0x00, 0x42, 0x00, 0x55, 0x00, 0x53, 0x00, 0x49, 0x00, 
-										0x4e, 0x00, 0x45, 0x00, 0x53, 0x00, 0x53, 0x00, 0x07, 0x00, 0x08, 0x00};
-			byte[] timeStamp		= getTimeInBytes();
-			byte[] respToken3		= {0x00, 0x00, 0x00, 0x00};
-			byte[] nativOS			= {0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00, 
-										0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x37, 0x00, 0x20, 0x00, 0x50, 0x00, 0x72, 0x00, 
-										0x6f, 0x00, 0x66, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 
-										0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x37, 0x00, 0x36, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00};			//Windows 7 Professional 7600
-			byte[] nativLanMngr		= {0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 			
-										0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x37, 0x00, 0x20, 0x00, 0x50, 0x00, 
-										0x72, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 
-										0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x00, 0x00};			//Windows 7 Professional 6.1
+			byte[] wordCount			= {0x04};
+			byte[] andXCommand			= {(byte) 0xff};
+			byte[] reserved				= {0x00};
+			byte[] andXOffset			= {0x60, 0x01};
+			byte[] action				= {0x00, 0x00};
+			byte[] secBlobLength;
+			byte[] byteCount;
+			byte[] secBlob				= {(byte) 0xa1, (byte) 0x81, (byte) 0xc4};
+			byte[] negToken				= {0x30, (byte) 0x81, (byte) 0xc1, (byte) 0xa0, 0x03, 0x0a, 0x01};
+			byte[] negResult			= {0x01};
+			byte[] negToken2			= {(byte) 0xa1, 0x0c, 0x06, 0x0a};
+			byte[] supportedMech		= {0x2b, 0x06, 0x01, 0x04, 0x01, (byte) 0x82, 0x37, 0x02, 0x02, 0x0a};
+			byte[] negToken3			= {(byte) 0xa2, (byte) 0x81, (byte) 0xab, 0x04, (byte) 0x81, (byte) 0xa8};
+			byte[] ntlmsspId			= {0x4e, 0x54, 0x4c, 0x4d, 0x53, 0x53, 0x50, 0x00};
+			byte[] nlmMsgType			= {0x02, 0x00, 0x00, 0x00};
+			byte[] buffer				= ByteBuffer.allocate(4).putInt(serverName.length).array();
+			byte[] targetNameLength		= new byte[]{buffer[3], buffer[2]};
+			byte[] targetNameMaxLength	= new byte[]{buffer[3], buffer[2]}; 
+			byte[] targetNameOffset		= {0x38, 0x00, 0x00, 0x00};
+			byte[] flags				= {0x15, (byte) 0x82, (byte) 0x8a, 0x62};
+			byte[] challenge			= randomBytes(8);
+			byte[] reserved2			= {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
+			byte[] targetInfoLength		= {0x60, 0x00};
+			byte[] targetInfoMaxLength	= {0x60, 0x00};
+			byte[] targetInfoOffset		= {0x48, 0x00, 0x00, 0x00};
+			byte[] version = null;
+			if(serverVersion[0].contains("Windows 7") || serverVersion[0].contains("Windows Server 2008")) {
+				version = new byte[]{0x06, 0x01, (byte) 0xb0, 0x1d, 0x00, 0x00, 0x00, 0x0f};
+			} else if(serverVersion[0].contains("Windows 8") || serverVersion[0].contains("Windows Server 2012")) {
+				version = new byte[]{0x06, 0x02, (byte) 0xf0, 0x23, 0x00, 0x00, 0x00, 0x0f};
+			}
+			// serverName
+			byte[] attributeNBDomain	= {0x02, 0x00, 0x10, 0x00};
+			// serverName	
+			byte[] attributeNBcomputer	= {0x01, 0x00, 0x10, 0x00};
+			// serverName	
+			byte[] attributeDNSDomain	= {0x04, 0x00, 0x10, 0x00};
+			// serverName
+			byte[] attributeDNScomputer	= {0x03, 0x00, 0x10, 0x00};
+			// serverName
+			byte[] attributeTimeStamp   = {0x07, 0x00, 0x08, 0x00};
+			byte[] timeStamp = getTimeInBytes();;
+			byte[] attributeEnd			= {0x00, 0x00, 0x00, 0x00};
+			secBlob						= HelperUtils.concat(secBlob, negToken, negResult, negToken2, supportedMech, negToken3,
+												ntlmsspId, nlmMsgType, targetNameLength, targetNameMaxLength, targetNameOffset,
+												flags, challenge, reserved2, targetInfoLength, targetInfoMaxLength, targetInfoOffset,
+												version, serverName, attributeNBDomain, serverName, attributeNBcomputer, serverName,
+												attributeDNSDomain, serverName, attributeDNScomputer, serverName, attributeTimeStamp,
+												timeStamp, attributeEnd);
+			byte[] nativOS				= fillWithZeroExtended(serverVersion[0].getBytes());
+			byte[] nativLanMngr			= fillWithZeroExtended(serverVersion[1].getBytes());
+
+			buffer				= ByteBuffer.allocate(4).putInt(secBlob.length).array();
+			secBlobLength				= new byte[]{buffer[3], buffer[2]};
+			buffer						= ByteBuffer.allocate(4).putInt(secBlob.length + nativOS.length + nativLanMngr.length).array();
+			byteCount					= new byte[]{buffer[3], buffer[2]};
 			
 			ntStat 					= new byte[]{0x16, 0x00, 0x00, (byte) 0xc0};
 			userID					= new byte[]{0x00, 0x08};
 			
 			byte[] response = HelperUtils.concat(wordCount, andXCommand, reserved, andXOffset, action, secBlobLength,
-												byteCount, secBlob, negToken, negResult, negToken2, supportedMech, negToken3, 
-												respToken, challenge, respToken2, timeStamp, respToken3, nativOS, nativLanMngr);
+												byteCount, secBlob, nativOS, nativLanMngr);
 			return wrapNetbios(wrapHeader(response));
 		}
 		
@@ -361,18 +391,16 @@ public final class SMB implements Protocol<ByteArray> {
 			byte[] reserved			= {0x00};
 			byte[] andXOffset		= {(byte) 0xa2, 0x00};
 			byte[] action			= {0x01, 0x00};
-			byte[] secBlobLength	= {0x09, 0x00};
-			byte[] byteCount		= {(byte) 0x77, 0x00};
+			byte[] secBlobLength;
+			byte[] byteCount;
 			byte[] secBlob			= {(byte) 0xa1, 0x07, 0x30, 0x05, (byte) 0xa0, 0x03, 0x0a, 0x01, 0x00};
-			byte[] nativOS			= {0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x64, 0x00, 
-										0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x37, 0x00, 0x20, 0x00, 0x50, 0x00, 0x72, 0x00, 
-										0x6f, 0x00, 0x66, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 0x6e, 0x00, 
-										0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x37, 0x00, 0x36, 0x00, 0x30, 0x00, 0x30, 0x00, 0x00, 0x00};			//Windows 7 Professional 7600
-			byte[] nativLanMngr		= {0x57, 0x00, 0x69, 0x00, 0x6e, 0x00, 			
-										0x64, 0x00, 0x6f, 0x00, 0x77, 0x00, 0x73, 0x00, 0x20, 0x00, 0x37, 0x00, 0x20, 0x00, 0x50, 0x00, 
-										0x72, 0x00, 0x6f, 0x00, 0x66, 0x00, 0x65, 0x00, 0x73, 0x00, 0x73, 0x00, 0x69, 0x00, 0x6f, 0x00, 
-										0x6e, 0x00, 0x61, 0x00, 0x6c, 0x00, 0x20, 0x00, 0x36, 0x00, 0x2e, 0x00, 0x31, 0x00, 0x00, 0x00};			//Windows 7 Professional 6.1
-
+			byte[] nativOS			= fillWithZeroExtended(serverVersion[0].getBytes());
+			byte[] nativLanMngr		= fillWithZeroExtended(serverVersion[1].getBytes());
+			
+			byte[] buffer				= ByteBuffer.allocate(4).putInt(secBlob.length).array();
+			secBlobLength				= new byte[]{buffer[3], buffer[2]};
+			buffer						= ByteBuffer.allocate(4).putInt(secBlob.length + nativOS.length + nativLanMngr.length).array();
+			byteCount					= new byte[]{buffer[3], buffer[2]};
 			
 			byte[] response = HelperUtils.concat(wordCount, andXCommand, reserved, andXOffset, action, secBlobLength,
 					byteCount, secBlob, nativOS, nativLanMngr);
@@ -602,7 +630,6 @@ public final class SMB implements Protocol<ByteArray> {
 			return transSub;
 		}
 
-		
 		public String toString() {
 			return HelperUtils.byteToStr(message);
 		}
@@ -614,5 +641,31 @@ public final class SMB implements Protocol<ByteArray> {
 		public byte getSmbCommand() {
 			return smbCommand[0];
 		}
+		
+		/**
+		 * Puts a 0x00 byte between each byte and another 2 0x00 bytes at the end of a byte array.
+		 * @param bytes that need to be filled with 0x00.
+		 * @return filled byte array.
+		 */
+		private byte[] fillWithZeroExtended(byte[] bytes) {
+			byte[] zeroBytes = fillWithZero(bytes);
+			byte[] newBytes = new byte[zeroBytes.length+2];
+			newBytes = HelperUtils.concat(zeroBytes, new byte[]{0x00, 0x00});
+			return newBytes;
+		}
+		
+		/**
+		 * Puts a 0x00 byte between each byte in a byte array.
+		 * @param bytes that need to be filled with 0x00.
+		 * @return filled byte array.
+		 */
+		private byte[] fillWithZero(byte[] bytes) {
+			byte[] newBytes = new byte[(bytes.length * 2)];
+			for(int i = 0, j = 0; i < bytes.length && j < newBytes.length; i++, j=j+2) {
+				newBytes[j] = bytes[i];
+				newBytes[j+1] = 0x00;
+			}
+			return newBytes;
+		}
 	}
 }

src/de/tudarmstadt/informatik/hostage/protocol/SSH.java

@@ -11,7 +11,7 @@ import java.security.Signature;
 import java.security.interfaces.DSAPublicKey;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
+import java.security.SecureRandom;
 
 import javax.crypto.KeyAgreement;
 import javax.crypto.interfaces.DHPublicKey;
@@ -24,7 +24,7 @@ import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
  * SSH protocol.
  * @author Wulf Pfeiffer
  */
-public final class SSH implements Protocol<ByteArray> {
+public class SSH implements Protocol<ByteArray> {
 	/**
 	 * Represents the states of the protocol.
 	 */
@@ -42,7 +42,7 @@ public final class SSH implements Protocol<ByteArray> {
 	private STATE connectionState = STATE.NONE;
 	
 	private String serverVersion = "SSH-2.0-";
-	private String serverType = "OpenSSH_6.0p1 Debian-4";
+	private String serverType = "OpenSSH_6.0p1";
 		
 	//Diffie-Hellman-Group-1 p and g
 	private final byte[] p = {
@@ -180,7 +180,8 @@ public final class SSH implements Protocol<ByteArray> {
 		byte[] paddingLen = {(byte) paddingLength};
 		byte[] paddingString = new byte[paddingLength];
 		for(int i = 0; i < paddingLength; i++) {
-			paddingString[i] = 0x00;
+			SecureRandom rndm = new SecureRandom();
+			paddingString[i] = (byte) rndm.nextInt(255);
 		}
 		return HelperUtils.concat(packetLen, paddingLen, packet, paddingString);
 	}
@@ -400,7 +401,7 @@ public final class SSH implements Protocol<ByteArray> {
 	 */
 	private byte[] randomBytes(int size) {
 		byte[] bytes = new byte[size];
-		Random rdm = new Random();
+		SecureRandom rdm = new SecureRandom();
 		rdm.nextBytes(bytes);
 		return bytes;		
 	}

src/de/tudarmstadt/informatik/hostage/protocol/TELNET.java

@@ -10,7 +10,7 @@ import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
  * TELNET protocol
  * @author Wulf Pfeiffer
  */
-public final class TELNET implements Protocol<ByteArray> {
+public class TELNET implements Protocol<ByteArray> {
 	/**
 	 * Represents the states of the protocol
 	 */

src/de/tudarmstadt/informatik/hostage/ui/MainActivity.java

@@ -270,7 +270,6 @@ public class MainActivity extends Activity {
 		 * After the service is bound, check which has been clicked and start it.
 		 * @see android.content.ServiceConnection#onServiceConnected(android.content.ComponentName)
 		 */
-		@Override
 		public void onServiceConnected(ComponentName name, IBinder service) {
 			mService = ((LocalBinder) service).getService();
 			if(protocolClicked != null && protocolClicked.equals("PANIC")){
@@ -285,7 +284,6 @@ public class MainActivity extends Activity {
 		 * After the service is unbound, delete reference.
 		 * @see android.content.ServiceConnection#onServiceDisconnected(android.content.ComponentName)
 		 */
-		@Override
 		public void onServiceDisconnected(ComponentName name) {
 			mService = null;			
 		}
@@ -325,7 +323,6 @@ public class MainActivity extends Activity {
 		listView.setAdapter(adapter);
 		listView.setOnTouchListener(new OnTouchListener() {
 
-			@Override
 			public boolean onTouch(View v, MotionEvent event) {
 				return gestureDetector.onTouchEvent(event);
 			}
@@ -333,7 +330,6 @@ public class MainActivity extends Activity {
 		});
 		listView.setOnItemClickListener(new OnItemClickListener() {
 
-			@Override
 			public void onItemClick(AdapterView<?> parent, View view,
 					int position, long id) {
 				String protocolName = (String) ((HashMap<?, ?>) adapter