Browse Source

Minor changes

Wulf Pfeiffer 10 years ago
parent
commit
71839420a9

+ 13 - 0
src/de/tudarmstadt/informatik/hostage/commons/HelperUtils.java

@@ -311,4 +311,17 @@ public final class HelperUtils {
 		}
 		return newBytes;
 	}
+	
+	/**
+	 * Turns around the values of an byte[], e.g. {0x00, 0x01, 0x02} turns into {0x02, 0x01, 0x00}.
+	 * @param bytes array that is turned.
+	 * @return turned array.
+	 */
+	public static byte[] turnByteArray(byte[] bytes) {
+		byte[] tmp = new byte[bytes.length];
+		for(int i = 0; i < bytes.length; i++) {
+			tmp[i] = bytes[bytes.length-1-i];
+		}
+		return tmp;
+	}
 }

+ 8 - 0
src/de/tudarmstadt/informatik/hostage/protocol/ProtocolSettings.java

@@ -53,6 +53,14 @@ public class ProtocolSettings {
 	
 	//~~~ Initialize methods ~~~//
 	
+	public static void initForLinux() {
+		smbVersion = possibleSmbVersions[1];
+	}
+	
+	public static void initForWindows() {
+		smbVersion = possibleSmbVersions[4];
+	}
+	
 	private static String initHttpVersion() {
 		int majorVersion = rndm.nextInt(possibleHttpVersions.length);
 		return possibleHttpVersions[majorVersion][0][0] + possibleHttpVersions[majorVersion][1][rndm.nextInt(possibleHttpVersions[majorVersion][1].length)];

+ 17 - 8
src/de/tudarmstadt/informatik/hostage/protocol/SMB.java

@@ -526,7 +526,7 @@ public class SMB implements Protocol {
 				byte[] byteCount		= {0x45, 0x00};
 				byte[] padding			= {0x00};
 				
-				byte[] dcerpc			= getDceRpc(transSub); 
+				byte[] dcerpc			= getDceRpc(transSub, 0); 
 				
 				response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
 													paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc);
@@ -544,10 +544,10 @@ public class SMB implements Protocol {
 				byte[] dataDisplace		= {0x00, 0x00};
 				byte[] setupCount		= {0x00};
 				byte[] reserved2		= {0x00};
-				byte[] byteCount		= {0x55, 0x01};
+				byte[] byteCount		= new byte[2]/*= {0x55, 0x01}*/;
 				byte[] padding			= {0x00};
 				
-				byte[] dcerpc			= getDceRpc(transSub);
+				byte[] dcerpc			= new byte[24];
 				
 				byte[] levelPointer		= {0x01, 0x00, 0x00, 0x00};
 				//TODO
@@ -576,10 +576,17 @@ public class SMB implements Protocol {
 				byte[] referentID		= {0x28, 0x00, 0x02, 0x00};
 				byte[] resumeHandle		= {0x00, 0x00, 0x00, 0x00};
 				byte[] windowsError		= {0x00, 0x00, 0x00, 0x00};
+				int tmp					= padding.length + dcerpc.length + levelPointer.length + ctr.length + ctr1.length
+											+ array1Pointer.length + array2Pointer.length + array3Pointer.length + array4Pointer.length + array1.length
+											+ array2.length + array3.length + array4.length + totalEntries.length + referentID.length + resumeHandle.length
+											+ windowsError.length;
+				byte[] tmp2				= ByteBuffer.allocate(4).putInt(tmp).array();
+				byteCount				= new byte[] {tmp2[3], tmp2[2]};
+				dcerpc					= getDceRpc(transSub, tmp-1);
 
 				response = HelperUtils.concat(wordCount, totalParamCount, totalDataCount, reserved, paramCount, paramOffset,
 												paramDisplace, dataCount, dataOffset, dataDisplace, setupCount, reserved2, byteCount, padding, dcerpc,
-												levelPointer, ctr, ctr1, array1Pointer, array2Pointer, array3Pointer, array4Pointer,
+												levelPointer, ctr, ctr1, array1Pointer, array2Pointer, array3Pointer, array4Pointer, 
 												array1, array2, array3, array4, totalEntries, referentID, resumeHandle, windowsError);
 				
 				
@@ -592,7 +599,7 @@ public class SMB implements Protocol {
 		 * Builds the DCERPC packet
 		 * @return DCERPC packet
 		 */
-		private byte[] getDceRpc(byte[] transSub) {
+		private byte[] getDceRpc(byte[] transSub, int length) {
 			byte[] majorVersion	= {0x05};
 			byte[] minorVersion	= {0x00};
 			byte[] packetType	= null;
@@ -609,7 +616,7 @@ public class SMB implements Protocol {
 				callID		= new byte[]{0x01, 0x00, 0x00, 0x00};
 				byte[] maxXmitFrag		= {(byte) 0xb8, 0x10};
 				byte[] maxRecvFrag		= {(byte) 0xb8, 0x10};
-				byte[] assocGroup		= {0x4a, 0x41, 0x00, 0x00}; //maybe randomize?
+				byte[] assocGroup		= {0x4a, 0x41, 0x00, 0x00};
 				byte[] scndryAddrLen	= {0x0d, 0x00};
 				byte[] scndryAddr		= {0x5c, 0x50, 0x49, 0x50, 0x45, 0x5c, 0x73, 0x72, 
 													0x76, 0x73, 0x76, 0x63, 0x00, 0x00};
@@ -622,9 +629,11 @@ public class SMB implements Protocol {
 						authLength, callID, maxXmitFrag, maxRecvFrag, assocGroup, scndryAddrLen, scndryAddr, numResults, ctxItem);
 			} else if(transSub[0] == 0x00 && transSub[1] == 0x00) {
 				packetType	= new byte[]{0x02};
-				fragLength	= new byte[]{0x54, 0x01};
+				byte[] tmp	= ByteBuffer.allocate(4).putInt(length).array();
+				fragLength	= new byte[]{tmp[3], tmp[2]};
 				callID		= new byte[]{0x02, 0x00, 0x00, 0x00};
-				byte[] allocHint	= {0x3c, 0x01, 0x00, 0x00}; //maybe randomize?
+				tmp			= ByteBuffer.allocate(4).putInt(length-24).array();
+				byte[] allocHint	= new byte[]{tmp[3], tmp[2], tmp[1], tmp[0]};
 				byte[] contextID	= {0x00, 0x00};
 				byte[] cancelCount	= {0x00, 0x00};