SMB2.py 2.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. from scapy.packet import *
  2. from scapy.fields import *
  3. from scapy.layers.netbios import NBTSession
  4. class SMB2_SYNC_Header(Packet):
  5. namez = "SMB2Negociate Protocol Response Header"
  6. fields_desc = [StrFixedLenField("Start","\xfeSMB", 4),
  7. LEShortField("StructureSize", 64),
  8. LEShortField("CreditCharge", 0),
  9. LEIntField("Status", 0),
  10. LEShortField("Command", 0),
  11. LEShortField("CreditResponse", 0),
  12. LEIntField("Flags", 0),
  13. LEIntField("NextCommand", 0),
  14. LELongField("MessageID", 0),
  15. LEIntField("Reserved", 0),
  16. LEIntField("TreeID", 0x0),
  17. LELongField("SessionID", 0),
  18. LELongField("Signature1", 0),
  19. LELongField("Signature2", 0)]
  20. #No Support of Security Buffer , Padding or Dialect Revision 0x0311
  21. class SMB2_Negotiate_Protocol_Response(Packet):
  22. namez = "SMB2Negociate Protocol Response"
  23. fields_desc = [LEShortField("StructureSize", 65),
  24. LEShortField("SecurityMode", 0),
  25. LEShortField("DialectRevision", 0x0),
  26. LEShortField("NegotiateContentCount/Reserved", 0),
  27. StrFixedLenField("ServerGuid", "", 16),
  28. LEIntField("Capabilities", 0),
  29. LEIntField("MaxTransactSize", 0),
  30. LEIntField("MaxReadSize", 0),
  31. LEIntField("MaxWriteSize", 0),
  32. LELongField("SystemTime", 0),
  33. LELongField("ServerStartTime", 0),
  34. LEShortField("SecurityBufferOffset", 0),
  35. LEShortField("SecurityBufferLength", 0),
  36. StrLenField("SecurityBlob", "", length_from=lambda x: x.ByteCount + 16),
  37. LEIntField("NegotiateContextOffset/Reserved2", 0)]
  38. bind_layers(NBTSession, SMB2_SYNC_Header,)
  39. bind_layers(SMB2_SYNC_Header, SMB2_Negotiate_Protocol_Response,)