|
@@ -526,7 +526,7 @@ public class SMB implements Protocol {
|
|
|
byte[] byteCount = {0x45, 0x00};
|
|
|
byte[] padding = {0x00};
|
|
|
|
|
|
- byte[] dcerpc = getDceRpc(transSub);
|
|
|
+ byte[] dcerpc = getDceRpc(transSub, 0);
|
|
|
|
|
|
response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
|
|
|
paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc);
|
|
@@ -544,10 +544,10 @@ public class SMB implements Protocol {
|
|
|
byte[] dataDisplace = {0x00, 0x00};
|
|
|
byte[] setupCount = {0x00};
|
|
|
byte[] reserved2 = {0x00};
|
|
|
- byte[] byteCount = {0x55, 0x01};
|
|
|
+ byte[] byteCount = new byte[2]/*= {0x55, 0x01}*/;
|
|
|
byte[] padding = {0x00};
|
|
|
|
|
|
- byte[] dcerpc = getDceRpc(transSub);
|
|
|
+ byte[] dcerpc = new byte[24];
|
|
|
|
|
|
byte[] levelPointer = {0x01, 0x00, 0x00, 0x00};
|
|
|
//TODO
|
|
@@ -576,10 +576,17 @@ public class SMB implements Protocol {
|
|
|
byte[] referentID = {0x28, 0x00, 0x02, 0x00};
|
|
|
byte[] resumeHandle = {0x00, 0x00, 0x00, 0x00};
|
|
|
byte[] windowsError = {0x00, 0x00, 0x00, 0x00};
|
|
|
+ int tmp = padding.length + dcerpc.length + levelPointer.length + ctr.length + ctr1.length
|
|
|
+ + array1Pointer.length + array2Pointer.length + array3Pointer.length + array4Pointer.length + array1.length
|
|
|
+ + array2.length + array3.length + array4.length + totalEntries.length + referentID.length + resumeHandle.length
|
|
|
+ + windowsError.length;
|
|
|
+ byte[] tmp2 = ByteBuffer.allocate(4).putInt(tmp).array();
|
|
|
+ byteCount = new byte[] {tmp2[3], tmp2[2]};
|
|
|
+ dcerpc = getDceRpc(transSub, tmp-1);
|
|
|
|
|
|
response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
|
|
|
paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc,
|
|
|
- levelPointer, ctr, ctr1, array1Pointer, array2Pointer, array3Pointer, array4Pointer,
|
|
|
+ levelPointer, ctr, ctr1, array1Pointer, array2Pointer, array3Pointer, array4Pointer,
|
|
|
array1, array2, array3, array4, totalEntries, referentID, resumeHandle, windowsError);
|
|
|
|
|
|
|
|
@@ -592,7 +599,7 @@ public class SMB implements Protocol {
|
|
|
* Builds the DCERPC packet
|
|
|
* @return DCERPC packet
|
|
|
*/
|
|
|
- private byte[] getDceRpc(byte[] transSub) {
|
|
|
+ private byte[] getDceRpc(byte[] transSub, int length) {
|
|
|
byte[] majorVersion = {0x05};
|
|
|
byte[] minorVersion = {0x00};
|
|
|
byte[] packetType = null;
|
|
@@ -609,7 +616,7 @@ public class SMB implements Protocol {
|
|
|
callID = new byte[]{0x01, 0x00, 0x00, 0x00};
|
|
|
byte[] maxXmitFrag = {(byte) 0xb8, 0x10};
|
|
|
byte[] maxRecvFrag = {(byte) 0xb8, 0x10};
|
|
|
- byte[] assocGroup = {0x4a, 0x41, 0x00, 0x00}; //maybe randomize?
|
|
|
+ byte[] assocGroup = {0x4a, 0x41, 0x00, 0x00};
|
|
|
byte[] scndryAddrLen = {0x0d, 0x00};
|
|
|
byte[] scndryAddr = {0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x73, 0x72,
|
|
|
0x76, 0x73, 0x76, 0x63, 0x00, 0x00};
|
|
@@ -622,9 +629,11 @@ public class SMB implements Protocol {
|
|
|
authLength, callID, maxXmitFrag, maxRecvFrag, assocGroup, scndryAddrLen, scndryAddr, numResults, ctxItem);
|
|
|
} else if(transSub[0] == 0x00 && transSub[1] == 0x00) {
|
|
|
packetType = new byte[]{0x02};
|
|
|
- fragLength = new byte[]{0x54, 0x01};
|
|
|
+ byte[] tmp = ByteBuffer.allocate(4).putInt(length).array();
|
|
|
+ fragLength = new byte[]{tmp[3], tmp[2]};
|
|
|
callID = new byte[]{0x02, 0x00, 0x00, 0x00};
|
|
|
- byte[] allocHint = {0x3c, 0x01, 0x00, 0x00}; //maybe randomize?
|
|
|
+ tmp = ByteBuffer.allocate(4).putInt(length-24).array();
|
|
|
+ byte[] allocHint = new byte[]{tmp[3], tmp[2], tmp[1], tmp[0]};
|
|
|
byte[] contextID = {0x00, 0x00};
|
|
|
byte[] cancelCount = {0x00, 0x00};
|
|
|
|