-SMB: more dynamic packages

-ProtocolSettings: possibility for making own settings to protocols
(this will be extended for make profiles)
-Some minor changes to protocols regarding their dynamic

src/de/tudarmstadt/informatik/hostage/HoneyService.java

@@ -28,6 +28,7 @@ import android.support.v4.content.LocalBroadcastManager;
 import android.util.Log;
 import android.widget.Toast;
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
+import de.tudarmstadt.informatik.hostage.commons.ProtocolSettings;
 import de.tudarmstadt.informatik.hostage.logging.DatabaseHandler;
 import de.tudarmstadt.informatik.hostage.logging.Logger;
 import de.tudarmstadt.informatik.hostage.logging.MyLocationManager;
@@ -85,7 +86,7 @@ public class HoneyService extends Service {
 		}
 		registerNetReceiver();
 		getLocationData(); //FIXME hier stimmt was nicht, crashed (evtl. wegen location deaktiviert im handy?
-		generateQotd();
+		setProtocolSettings();
 	}
 	
     @Override
@@ -358,11 +359,10 @@ public class HoneyService extends Service {
 	}
 
 	/**
-	 * Generate the qotd
+	 * Sets the protocol settings like server names etc.
 	 */
-	public void generateQotd() {
-		QotdTask task = new QotdTask();
-		task.execute(new String[]{});
+	private void setProtocolSettings() {
+		new QotdTask().execute(new String[]{});
 	}
 	
 	/**
@@ -394,9 +394,9 @@ public class HoneyService extends Service {
 		 @Override
 		 protected void onPostExecute(String result){
 			 if (result != null)
-				 HelperUtils.setQotd(result);
+				 ProtocolSettings.setQotd(result);
 			 else
-				 HelperUtils.setQotd(null);	
+				 ProtocolSettings.setQotd(null);	
 		 }
 	};
 }

src/de/tudarmstadt/informatik/hostage/commons/HelperUtils.java

@@ -1,18 +1,12 @@
 package de.tudarmstadt.informatik.hostage.commons;
 
-import java.io.BufferedReader;
-import java.io.InputStreamReader;
 import java.net.InetAddress;
-import java.net.Socket;
 import java.net.UnknownHostException;
 import java.security.KeyStore;
 import java.security.SecureRandom;
 
-import org.apache.http.HttpEntity;
-import org.apache.http.HttpResponse;
 import org.apache.http.HttpVersion;
 import org.apache.http.client.HttpClient;
-import org.apache.http.client.methods.HttpGet;
 import org.apache.http.client.methods.HttpPost;
 import org.apache.http.conn.ClientConnectionManager;
 import org.apache.http.conn.scheme.PlainSocketFactory;
@@ -26,23 +20,17 @@ import org.apache.http.params.BasicHttpParams;
 import org.apache.http.params.HttpParams;
 import org.apache.http.params.HttpProtocolParams;
 import org.apache.http.protocol.HTTP;
-import org.apache.http.util.EntityUtils;
-import org.json.JSONObject;
 
-import de.tudarmstadt.informatik.hostage.R;
-import de.tudarmstadt.informatik.hostage.logging.Record;
-import de.tudarmstadt.informatik.hostage.net.MySSLSocketFactory;
-import de.tudarmstadt.informatik.hostage.ui.MainActivity;
 import android.content.Context;
 import android.net.ConnectivityManager;
 import android.net.NetworkInfo;
 import android.net.wifi.WifiInfo;
 import android.net.wifi.WifiManager;
-import android.os.AsyncTask;
 import android.os.Environment;
 import android.preference.PreferenceManager;
 import android.text.TextUtils;
-import android.widget.TextView;
+import de.tudarmstadt.informatik.hostage.logging.Record;
+import de.tudarmstadt.informatik.hostage.net.MySSLSocketFactory;
 
 /**
  * Helper class with some static methods for general usage.
@@ -282,31 +270,18 @@ public final class HelperUtils {
 	    return bytes;
 	}
 	
-	private static String qotd;
-	
-	/**
-	 * qotd getter.
-	 * @return qotd
-	 */
-	public static String getQotd() {
-		return qotd;
-	}
-	
 	/**
-	 * qotd setter.
-	 * If qotd is null (this means something went wrong with getting a qotd from server),
-	 * a random string is generated instead.
-	 * @param newQotd
+	 * Produces a random String.
+	 * The String can be of random length with a maximum length, or it can be forced to have the length that was given.
+	 * @param length maximal / forced length of String.
+	 * @return random String.
 	 */
-	public static void setQotd(String newQotd) {
-		qotd = newQotd;
-		if(newQotd == null) {
-			SecureRandom rndm = new SecureRandom();
-			char[] c = new char[rndm.nextInt(100)];
-			for(int i = 0; i < c.length; i++) {
-				c[i] = (char) (rndm.nextInt(95)+32);
-			}
-			qotd = new String(c);
+	public static String getRandomString(int length, boolean forceLength) {
+		SecureRandom rndm = new SecureRandom();
+		char[] c = new char[forceLength ? length : rndm.nextInt(length)];
+		for(int i = 0; i < c.length; i++) {
+			c[i] = (char) (rndm.nextInt(95)+32);
 		}
+		return new String(c);
 	}
 }

src/de/tudarmstadt/informatik/hostage/protocol/HTTP.java

@@ -8,7 +8,7 @@ import java.util.List;
 import java.util.Locale;
 import java.util.TimeZone;
 
-import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
+import de.tudarmstadt.informatik.hostage.commons.ProtocolSettings;
 
 /**
  * HTTP protocol
@@ -95,7 +95,7 @@ public class HTTP implements Protocol<String> {
 	 * Get the current time in html header format.
 	 * @return the formatted server time.
 	 */
-	private String getServerTime() {
+	private static String getServerTime() {
 	    Calendar calendar = Calendar.getInstance();
 	    SimpleDateFormat dateFormat = new SimpleDateFormat(
 	        "EEE, dd MMM yyyy HH:mm:ss z", Locale.US);
@@ -103,18 +103,18 @@ public class HTTP implements Protocol<String> {
 	    return dateFormat.format(calendar.getTime());
 	}
 	
-	private String[][][] possibleVersions = {
+	private static String[][][] possibleVersions = {
 			{{"Apache/2.0."},{"28","32","35","36","39","40","42","43","44","45","46","47","48","49","50","51","52","53","54","55","58","59","61","63","64","65"}},
 			{{"Apache/2.2."},{"0","2","3","4","6","8","9","10","11","12","13","14","15","16","17","18","19","20","21","22","23","24","25"}},
 			{{"Apache/2.3."},{"4","5","6","8","10","11","12","14","15","16"}},
 			{{"Apache/2.4."},{"1","2","3","4","6"}}
 	};
-	private SecureRandom rndm = new SecureRandom();
-	private int majorVersion = rndm.nextInt(3);
-	private final String serverVersion = possibleVersions[majorVersion][0][0] + possibleVersions[majorVersion][1][rndm.nextInt(possibleVersions[majorVersion][1].length)];
-	private final String qotd = HelperUtils.getQotd();
+	private static SecureRandom rndm = new SecureRandom();
+	private static int majorVersion = rndm.nextInt(3);
+	private static final String serverVersion = possibleVersions[majorVersion][0][0] + possibleVersions[majorVersion][1][rndm.nextInt(possibleVersions[majorVersion][1].length)];
+	private static final String qotd = ProtocolSettings.getQotd();
 	//html header pre and suffix
-	private final String headerPrefix =				
+	private static final String headerPrefix =				
 			"Date: " + getServerTime() + "\r\n" +
 			"Server: " + serverVersion + " \r\n" +
 			"Vary: Accept-Encoding\r\n" +

src/de/tudarmstadt/informatik/hostage/protocol/MySQL.java

@@ -76,6 +76,14 @@ public class MySQL implements Protocol<ByteArray>{
 	public boolean isClosed() {
 		return state == STATE.CLOSED;
 	}
+	
+	public boolean isSecure() {
+		return false;
+	}
+
+	public Class<ByteArray> getType() {
+		return ByteArray.class;
+	}
 
 	/**
 	 * Wraps the response packet with the packet length and number
@@ -98,9 +106,8 @@ public class MySQL implements Protocol<ByteArray>{
 	 * @return greeting packet
 	 */
 	private byte[] greeting() {
-		SecureRandom rndm = new SecureRandom();
 		byte[] protocol = {0x0a};
-		String version = "5." + (rndm.nextInt(1)+5) + "." + (rndm.nextInt(13)+1);	//Randomize Version: 5.(5-6).(2-14) //TODO
+		byte[] version = serverVersion.getBytes();
 		byte[] versionFin = {0x00};
 		byte[] thread = {0x2a, 0x00, 0x00, 0x00};
 		byte[] salt = {0x44, 0x64, 0x49, 0x7e, 0x60, 0x48, 0x25, 0x7e, 0x00};
@@ -112,7 +119,7 @@ public class MySQL implements Protocol<ByteArray>{
 		String payload = "mysql_native_password";
 		byte[] fin = {0x00};
 		
-		byte[] response = HelperUtils.concat(protocol, version.getBytes(),versionFin, thread, salt, capabilities, language, status, unused, salt2, payload.getBytes(), fin);
+		byte[] response = HelperUtils.concat(protocol, version,versionFin, thread, salt, capabilities, language, status, unused, salt2, payload.getBytes(), fin);
 		return wrapPacket(response);
 	}
 	
@@ -143,14 +150,13 @@ public class MySQL implements Protocol<ByteArray>{
 		byte[] response = HelperUtils.concat(fill1, code, fill2, state.getBytes(), msg.getBytes());		
 		return wrapPacket(response);
 	}
-
 	
-	public boolean isSecure() {
-		return false;
-	}
-
-	
-	public Class<ByteArray> getType() {
-		return ByteArray.class;
-	}
+	private static String[][][] possibleVersions = {
+		{{"5.7."},{"1","2"}},
+		{{"5.6."},{"2","3","4","5","6","7","8","9","10","11","12","13","14"}},
+		{{"5.5."},{"27","28","29","30","31","32","33","34"}}
+	};
+	private static SecureRandom rndm = new SecureRandom();
+	private static int majorVersion = rndm.nextInt(2);
+	private static final String serverVersion = possibleVersions[majorVersion][0][0] + possibleVersions[majorVersion][1][rndm.nextInt(possibleVersions[majorVersion][1].length)];
 }

src/de/tudarmstadt/informatik/hostage/protocol/SMB.java

@@ -4,10 +4,12 @@ import java.nio.ByteBuffer;
 import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Calendar;
+import java.util.GregorianCalendar;
 import java.util.List;
 import java.util.TimeZone;
 
 import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
+import de.tudarmstadt.informatik.hostage.commons.ProtocolSettings;
 import de.tudarmstadt.informatik.hostage.wrapper.ByteArray;
 
 /**
@@ -139,7 +141,7 @@ public class SMB implements Protocol<ByteArray> {
 	 * Converts the current system time into a byte[] with windows specific time
 	 * @return current system time in windows format as byte[]
 	 */
-	private byte[] getTimeInBytes() {
+	private static byte[] getTimeInBytes() {
 		long time = System.currentTimeMillis();
 		Calendar calend = Calendar.getInstance();
 		calend.setTimeZone(TimeZone.getTimeZone("UTC"));
@@ -157,12 +159,41 @@ public class SMB implements Protocol<ByteArray> {
 		return b;
 	}
 	
+	/**
+	 * Converts the current timezone into a byte[] with windows specific format
+	 * @return current timezone in windows format as byte[]
+	 */
+	private static byte[] getTimeZoneInBytes() {
+		Integer offset = new GregorianCalendar().getTimeZone().getRawOffset() / 1000 / 60; // get current timezone offset in minutes
+		char[] offsetChars = Integer.toBinaryString(offset).toCharArray();
+		boolean invert = false;
+		for(int i = offsetChars.length-1; i > -1; i--) {
+			if(!invert && offsetChars[i] == '1') {
+				invert = true;
+			} else if(invert) {
+				offsetChars[i] = (offsetChars[i] == '0')? '1' : '0';
+			}
+		}
+		char[] extendedChars = new char[31];
+		for(int i = 0; i < extendedChars.length-offsetChars.length; i++) {
+			extendedChars[i] = '1';
+		}
+		for(int i = 0; i < offsetChars.length; i++) {
+			extendedChars[i+extendedChars.length-offsetChars.length] = offsetChars[i];
+		}
+		int timezone = (int) Integer.parseInt(new String(extendedChars), 2);
+		byte[] timezoneBytes = new byte[2];
+		timezoneBytes[1] = (byte) (timezone >> 8);
+		timezoneBytes[0] = (byte) (timezone);
+		return timezoneBytes;
+	}
+	
 	/**
 	 * Generates a random byte[] of a specified size
 	 * @param size of the byte[]
 	 * @return random byte[]
 	 */
-	private byte[] randomBytes(int size) {
+	private static byte[] randomBytes(int size) {
 		byte[] bytes = new byte[size];
 		SecureRandom rdm = new SecureRandom();
 		rdm.nextBytes(bytes);
@@ -172,20 +203,19 @@ public class SMB implements Protocol<ByteArray> {
 	/**
 	 * Denotes a SMB packet
 	 */
-	private class SMBPacket {
-		private SecureRandom rndm 					= new SecureRandom();
-		private String[][] possibleVersions 	= { {"Windows Server 2008 R2 Enterprise 7600","Windows Server 2008 R2 Enterprise 6.1"},
-													{"Windows 7 Professional 7600","Windows 7 Professional 6.1"},
-													{"Windows 8 Enterprise 9200", "Windows 8 Enterprise 9200"},
-													{"Windows Server 2012 Standard 6.2", "Windows Server 2012 Standard 6.2"},
-//													{"Unix", "Samba"}
-													//TODO
+	private static class SMBPacket {
+		private static SecureRandom rndm 					= new SecureRandom();
+		private static String[][] possibleVersions 	= { {"Windows Server 2008 R2 Enterprise 7600","Windows Server 2008 R2 Enterprise 6.1"},
+														{"Windows 7 Professional 7600","Windows 7 Professional 6.1"},
+														{"Windows 8 Enterprise 9200", "Windows 8 Enterprise 9200"},
+														{"Windows Server 2012 Standard 6.2", "Windows Server 2012 Standard 6.2"},
+														{"Unix", "Samba"}
 		};
-		private byte[] serverName 				= fillWithZero("lalalalalala".getBytes()); //TODO
-		private final String[] serverVersion	= possibleVersions[rndm.nextInt(possibleVersions.length)];
-		private byte[] message					= null; 
-		private final byte[] serverGUID			= randomBytes(16);
-		private boolean authenticateNext		= false;
+		private static byte[] serverName 		= fillWithZero(HelperUtils.getRandomString(16, true).getBytes());
+		private static String[] serverVersion	= possibleVersions[rndm.nextInt(possibleVersions.length)];
+		private byte[] message						= null; 
+		private static final byte[] serverGUID		= randomBytes(16);
+		private boolean authenticateNext			= false;
 		//components of a SMB packet
 		private byte[] serverComp 		= new byte[4];
 		private byte[] smbCommand		= new byte[1];
@@ -201,13 +231,22 @@ public class SMB implements Protocol<ByteArray> {
 		private byte[] multiplexID		= new byte[2];
 				
 		/** Constructor */
-		public SMBPacket() {}
+		private SMBPacket() {
+			String customServerName			= ProtocolSettings.getSmbServerName();
+			String[] customServerVersion	= ProtocolSettings.getSmbServerVersion();
+			if(customServerName != null) {
+				serverName = fillWithZero(customServerName.getBytes());
+			}
+			if(customServerVersion != null) {
+				serverVersion = customServerVersion;
+			}
+		}
 		
 		/**
 		 * Breaks a message from the client down into its components
 		 * @param message that is analyzed
 		 */
-		public void newMsg(byte[] message) {
+		private void newMsg(byte[] message) {
 			this.message 	= message;
 			serverComp 		= new byte[]{message[4], message[5], message[6], message[7]};
 			smbCommand		= new byte[]{message[8]};
@@ -250,7 +289,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the negotiate packet
 		 * @return negotiate packet
 		 */
-		public byte[] getNego() {
+		private byte[] getNego() {
 			byte[] wordCount	= {0x11};
 			byte[] dialect		= evaluateDialect();		
 			byte[] secMode		= {0x03};
@@ -261,7 +300,7 @@ public class SMB implements Protocol<ByteArray> {
 			byte[] sessionKey	= {0x00, 0x00, 0x00, 0x00};
 			byte[] capabilities	= {(byte) 0xfc, (byte) 0xe3, 0x01, (byte) 0x80};
 			byte[] sysTime		= getTimeInBytes();
-			byte[] timeZone		= {(byte) 0x88, (byte) 0xff};		//FIXME correct time zone
+			byte[] timeZone		= getTimeZoneInBytes();
 			byte[] keyLength	= {0x00};
 			byte[] byteCount	= {0x3a, 0x00};			
 			byte[] guid			= serverGUID;
@@ -304,7 +343,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the session setup packet
 		 * @return session setup packet
 		 */
-		public byte[] getSessSetup() {
+		private byte[] getSessSetup() {
 			if(authenticateNext) return getSetupAuth();
 			else {
 				authenticateNext = true;
@@ -336,7 +375,10 @@ public class SMB implements Protocol<ByteArray> {
 			byte[] targetNameLength		= new byte[]{buffer[3], buffer[2]};
 			byte[] targetNameMaxLength	= new byte[]{buffer[3], buffer[2]}; 
 			byte[] targetNameOffset		= {0x38, 0x00, 0x00, 0x00};
-			byte[] flags				= {0x15, (byte) 0x82, (byte) 0x8a, 0x62};
+			byte[] flags				= {0x15, (byte) 0x82, (byte) 0x8a, 0x60};
+			if(!serverVersion[0].contains("Unix")) {
+				flags[3] = (byte) (flags[3] | 0x02);
+			}
 			byte[] challenge			= randomBytes(8);
 			byte[] reserved2			= {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
 			byte[] targetInfoLength		= {0x60, 0x00};
@@ -358,7 +400,7 @@ public class SMB implements Protocol<ByteArray> {
 			byte[] attributeDNScomputer	= {0x03, 0x00, 0x10, 0x00};
 			// serverName
 			byte[] attributeTimeStamp   = {0x07, 0x00, 0x08, 0x00};
-			byte[] timeStamp = getTimeInBytes();;
+			byte[] timeStamp = getTimeInBytes();
 			byte[] attributeEnd			= {0x00, 0x00, 0x00, 0x00};
 			secBlob						= HelperUtils.concat(secBlob, negToken, negResult, negToken2, supportedMech, negToken3,
 												ntlmsspId, nlmMsgType, targetNameLength, targetNameMaxLength, targetNameOffset,
@@ -412,7 +454,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the tree connect packet
 		 * @return tree connect packet
 		 */
-		public byte[] getTreeCon() {
+		private byte[] getTreeCon() {
 			String str 			= toString();
 			byte[] wordCount	= {0x00};
 			byte[] andXCommand	= {0x00, 0x00};
@@ -449,7 +491,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the nt create packet
 		 * @return nt create packet
 		 */
-		public byte[] getNTCreate() {
+		private byte[] getNTCreate() {
 			byte[] wordCount		= {0x22};
 			byte[] andXCommand		= {(byte) 0xff};
 			byte[] reserved			= {0x00};
@@ -479,10 +521,10 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the trans packet
 		 * @return trans packet
 		 */
-		public byte[] getTrans() {
+		private byte[] getTrans() {
 			byte[] transSub	= getTransSub();
 			byte[] response = null;
-			if(transSub[0] == 0x00 && transSub[1] == 0x0b) {
+			if(transSub[0] == 0x00 && transSub[1] == 0x0b) { //bind_ack
 				byte[] wordCount		= {0x0a};
 				byte[] totalParamCount	= {0x00,0x00};
 				byte[] totalDataCount	= {0x44,0x00};
@@ -498,17 +540,12 @@ public class SMB implements Protocol<ByteArray> {
 				byte[] byteCount		= {0x45, 0x00};
 				byte[] padding			= {0x00};
 				
-				byte[] dcerpc			= {0x05, 0x00, 
-											0x0c, 0x03, 0x10, 0x00, 0x00, 0x00, 0x44, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, (byte) 0xb8, 0x10, 
-											(byte) 0xb8, 0x10, 0x4a, 0x41, 0x00, 0x00, 0x0d, 0x00, 0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x73, 0x72, 
-											0x76, 0x73, 0x76, 0x63, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, 
-											(byte) 0x88, (byte) 0x8a, (byte) 0xeb, 0x1c, (byte) 0xc9, 0x11, (byte) 0x9f, (byte) 0xe8, 0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00, 
-											0x00, 0x00}; 
+				byte[] dcerpc			= getDceRpc(transSub); 
 				
 				response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
 													paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc);
 				
-			} else if(transSub[0] == 0x00 && transSub[1] == 0x00) {
+			} else if(transSub[0] == 0x00 && transSub[1] == 0x00) { //netShareEnumAll
 				byte[] wordCount		= {0x0a};
 				byte[] totalParamCount	= {0x00, 0x00};
 				byte[] totalDataCount	= {0x54, 0x01};
@@ -524,25 +561,28 @@ public class SMB implements Protocol<ByteArray> {
 				byte[] byteCount		= {0x55, 0x01};
 				byte[] padding			= {0x00};
 				
-				byte[] dcerpc			= {0x05, 0x00, 
-											0x02, 0x03, 0x10, 0x00, 0x00, 0x00, 0x54, 0x01, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3c, 0x01, 
-											0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
-				byte[] serverService	= {0x01, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 
-											0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00, 0x08, 0x00, 
-											0x02, 0x00, 0x00, 0x00, 0x00, (byte) 0x80, 0x0c, 0x00, 0x02, 0x00, 0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 
-											0x00, (byte) 0x80, 0x14, 0x00, 0x02, 0x00, 0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 
-											0x02, 0x00, 0x20, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, (byte) 0x80, 0x24, 0x00, 0x02, 0x00, 0x07, 0x00, 
-											0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x41, 0x00, 0x44, 0x00, 0x4d, 0x00, 
+				byte[] dcerpc			= getDceRpc(transSub);
+				
+				byte[] levelPointer		= {0x01, 0x00, 0x00, 0x00};
+				//TODO
+				byte[] ctr				= {0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00};
+				byte[] ctr1				= {0x04, 0x00, 0x00, 0x00, 0x04, 0x00, 0x02, 0x00, 0x04, 0x00, 0x00, 0x00};
+				byte[] array1Pointer	= {0x08, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, (byte) 0x80, 0x0c, 0x00, 0x02, 0x00};
+				byte[] array2Pointer	= {0x10, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, (byte) 0x80, 0x14, 0x00, 0x02, 0x00};
+				byte[] array3Pointer	= {0x18, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x1c, 0x00, 0x02, 0x00};
+				byte[] array4Pointer	= {0x20, 0x00, 0x02, 0x00, 0x03, 0x00, 0x00, (byte) 0x80, 0x24, 0x00, 0x02, 0x00};
+				byte[] array1			= {0x07, 0x00,0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x41, 0x00, 0x44, 0x00, 0x4d, 0x00, 
 											0x49, 0x00, 0x4e, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x00, 0x00, 
 											0x00, 0x00, 0x0d, 0x00, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00, 0x6d, 0x00, 0x6f, 0x00, 0x74, 0x00, 
-											0x65, 0x00, 0x20, 0x00, 0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x00, 0x00, 
-											0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x43, 0x00, 
+											0x65, 0x00, 0x20, 0x00, 0x41, 0x00, 0x64, 0x00, 0x6d, 0x00, 0x69, 0x00, 0x6e, 0x00, 0x00, 0x00};
+				byte[] array2			= {0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x00, 0x43, 0x00, 
 											0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0e, 0x00, 
 											0x00, 0x00, 0x44, 0x00, 0x65, 0x00, 0x66, 0x00, 0x61, 0x00, 0x75, 0x00, 0x6c, 0x00, 0x74, 0x00, 
-											0x20, 0x00, 0x73, 0x00, 0x68, 0x00, 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x00, 0x00, 0x05, 0x00, 
-											0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x63, 0x00, 
+											0x20, 0x00, 0x73, 0x00, 0x68, 0x00, 0x61, 0x00, 0x72, 0x00, 0x65, 0x00, 0x00, 0x00};
+				byte[] array3			= {0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x64, 0x00, 0x6f, 0x00, 0x63, 0x00, 
 											0x73, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 
-											0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 
+											0x00, 0x00, 0x00, 0x00};
+				byte[] array4			= {0x00, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x05, 0x00, 
 											0x00, 0x00, 0x49, 0x00, 0x50, 0x00, 0x43, 0x00, 0x24, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 
 											0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0b, 0x00, 0x00, 0x00, 0x52, 0x00, 0x65, 0x00, 0x6d, 0x00, 
 											0x6f, 0x00, 0x74, 0x00, 0x65, 0x00, 0x20, 0x00, 0x49, 0x00, 0x50, 0x00, 0x43, 0x00, 0x00, 0x00};
@@ -552,8 +592,9 @@ public class SMB implements Protocol<ByteArray> {
 				byte[] windowsError		= {0x00, 0x00, 0x00, 0x00};
 
 				response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
-													paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc,
-													serverService, totalEntries, referentID, resumeHandle, windowsError);
+												paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc,
+												levelPointer, ctr, ctr1, array1Pointer, array2Pointer, array3Pointer, array4Pointer,
+												array1, array2, array3, array4, totalEntries, referentID, resumeHandle, windowsError);
 				
 				
 			}
@@ -561,11 +602,57 @@ public class SMB implements Protocol<ByteArray> {
 			return wrapNetbios(wrapHeader(response));		
 		}
 		
+		/**
+		 * Builds the DCERPC packet
+		 * @return DCERPC packet
+		 */
+		private byte[] getDceRpc(byte[] transSub) {
+			byte[] majorVersion	= {0x05};
+			byte[] minorVersion	= {0x00};
+			byte[] packetType	= null;
+			byte[] packetFlags	= {0x03};
+			byte[] dataRepres	= {0x10, 0x00, 0x00, 0x00};
+			byte[] fragLength	= null;
+			byte[] authLength	= {0x00, 0x00};
+			byte[] callID		= null;
+			byte[] response		= null;
+			
+			if(transSub[0] == 0x00 && transSub[1] == 0x0b) {
+				packetType	= new byte[]{0x0c};
+				fragLength	= new byte[]{0x44, 0x00};
+				callID		= new byte[]{0x01, 0x00, 0x00, 0x00};
+				byte[] maxXmitFrag		= {(byte) 0xb8, 0x10};
+				byte[] maxRecvFrag		= {(byte) 0xb8, 0x10};
+				byte[] assocGroup		= {0x4a, 0x41, 0x00, 0x00}; //maybe randomize?
+				byte[] scndryAddrLen	= {0x0d, 0x00};
+				byte[] scndryAddr		= {0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x73, 0x72, 
+													0x76, 0x73, 0x76, 0x63, 0x00, 0x00};
+				byte[] numResults		= {0x01, 0x00, 0x00, 0x00};
+				byte[] ctxItem			= {0x00, 0x00, 0x00, 0x00, 0x04, 0x5d, (byte) 0x88, (byte) 0x8a,
+													(byte) 0xeb, 0x1c, (byte) 0xc9, 0x11, (byte) 0x9f, (byte) 0xe8,
+													0x08, 0x00, 0x2b, 0x10, 0x48, 0x60, 0x02, 0x00,	0x00, 0x00};
+				
+				response = HelperUtils.concat(majorVersion, minorVersion, packetType, packetFlags, dataRepres,fragLength,
+						authLength, callID, maxXmitFrag, maxRecvFrag, assocGroup, scndryAddrLen, scndryAddr, numResults, ctxItem);
+			} else if(transSub[0] == 0x00 && transSub[1] == 0x00) {
+				packetType	= new byte[]{0x02};
+				fragLength	= new byte[]{0x54, 0x01};
+				callID		= new byte[]{0x02, 0x00, 0x00, 0x00};
+				byte[] allocHint	= {0x3c, 0x01, 0x00, 0x00}; //maybe randomize?
+				byte[] contextID	= {0x00, 0x00};
+				byte[] cancelCount	= {0x00, 0x00};
+				
+				response = HelperUtils.concat(majorVersion, minorVersion, packetType, packetFlags, dataRepres,fragLength,
+						authLength, callID, allocHint, contextID, cancelCount);
+			}			
+			return response;
+		}
+		
 		/**
 		 * Builds the close packet
 		 * @return close packet
 		 */
-		public byte[] getClose() {
+		private byte[] getClose() {
 			byte[] wordCount	= {0x00};
 			byte[] byteCount	= {0x00, 0x00};
 			
@@ -580,7 +667,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the tree disconnect packet
 		 * @return tree disconnect packet
 		 */
-		public byte[] getTreeDisc() {
+		private byte[] getTreeDisc() {
 			byte[] wordCount	= {0x00};
 			byte[] byteCount	= {0x00, 0x00};
 			
@@ -595,7 +682,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the echo packet
 		 * @return echo packet
 		 */
-		public byte[] getEcho() {
+		private byte[] getEcho() {
 			byte[] wordCount	= {0x01};
 			byte[] echoSeq		= {0x01, 0x00};
 			byte[] byteCount	= {0x10, 0x00};
@@ -610,7 +697,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Builds the trans2 packet
 		 * @return trans2 packet
 		 */
-		public byte[] getTrans2() {
+		private byte[] getTrans2() {
 			byte[] response = null;		
 			byte[] wordCount	= {0x00};
 			byte[] andXCommand	= {0x00, 0x00};
@@ -639,7 +726,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * Returns the command number from the current message
 		 * @return command number
 		 */
-		public byte getSmbCommand() {
+		private byte getSmbCommand() {
 			return smbCommand[0];
 		}
 		
@@ -648,7 +735,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * @param bytes that need to be filled with 0x00.
 		 * @return filled byte array.
 		 */
-		private byte[] fillWithZeroExtended(byte[] bytes) {
+		private static byte[] fillWithZeroExtended(byte[] bytes) {
 			byte[] zeroBytes = fillWithZero(bytes);
 			byte[] newBytes = new byte[zeroBytes.length+2];
 			newBytes = HelperUtils.concat(zeroBytes, new byte[]{0x00, 0x00});
@@ -660,7 +747,7 @@ public class SMB implements Protocol<ByteArray> {
 		 * @param bytes that need to be filled with 0x00.
 		 * @return filled byte array.
 		 */
-		private byte[] fillWithZero(byte[] bytes) {
+		private static byte[] fillWithZero(byte[] bytes) {
 			byte[] newBytes = new byte[(bytes.length * 2)];
 			for(int i = 0, j = 0; i < bytes.length && j < newBytes.length; i++, j=j+2) {
 				newBytes[j] = bytes[i];

src/de/tudarmstadt/informatik/hostage/protocol/SSH.java

@@ -41,6 +41,7 @@ public class SSH implements Protocol<ByteArray> {
 	 */
 	private STATE connectionState = STATE.NONE;
 	
+	//TODO
 	private String serverVersion = "SSH-2.0-";
 	private String serverType = "OpenSSH_6.0p1";
 		

src/de/tudarmstadt/informatik/hostage/protocol/TELNET.java

@@ -206,14 +206,14 @@ public class TELNET implements Protocol<ByteArray> {
 	}
 
 	/** options requested by the server */
-	private final byte[] optionRequest = {(byte) 0xff, (byte) 0xfb, 0x03,	//will suppress go ahead
+	private static final byte[] optionRequest = {(byte) 0xff, (byte) 0xfb, 0x03,	//will suppress go ahead
 										(byte) 0xff, (byte) 0xfb, 0x01};	//will echo
 	//session token prefix, mid and suffix //TODO
-	private final byte[] sessionPrefix = {0x1b, 0x5d, 0x30, 0x3b};
-	private final byte[] sessionMiddle = {0x40, 0x72, 0x61, 0x73, 
+	private static final byte[] sessionPrefix = {0x1b, 0x5d, 0x30, 0x3b};
+	private static final byte[] sessionMiddle = {0x40, 0x72, 0x61, 0x73, 
 			0x70, 0x62, 0x65, 0x72, 0x72, 0x79, 0x70, 0x69, 0x3a, 0x20, 0x7e, 0x07, 0x1b, 0x5b, 0x30, 0x31, 
 			0x3b, 0x33, 0x32, 0x6d};	
-	private final byte[] sessionSuffix = {0x1b, 0x5b, 0x30, 0x30, 0x6d, 0x20, 0x1b, 0x5b, 0x30, 0x31, 
+	private static final byte[] sessionSuffix = {0x1b, 0x5b, 0x30, 0x30, 0x6d, 0x20, 0x1b, 0x5b, 0x30, 0x31, 
 			0x3b, 0x33, 0x34, 0x6d, 0x7e, 0x20, 0x24, 0x1b, 0x5b, 0x30, 0x30, 0x6d, 0x20};
 
 }