Beispiel #1
0
 def __init__(self, fld):
     # Quote from https://www.radiotap.org/:
     # ""Radiotap requires that all fields in the radiotap header are aligned to natural boundaries.  # noqa: E501
     # For radiotap, that means all 8-, 16-, 32-, and 64-bit fields must begin on 8-, 16-, 32-, and 64-bit boundaries, respectively.""  # noqa: E501
     if isinstance(fld, BitField):
         _align = int(math.ceil(fld.i2len(None, None)))
     else:
         _align = struct.calcsize(fld.fmt)
     ReversePadField.__init__(self, fld, _align, padwith=b"\x00")
Beispiel #2
0
class LocatorPacket(Packet):
    name = "RTPS Locator"
    fields_desc = [
        XIntField("locatorKind", 0),
        LEIntField("port", 0),
        ReversePadField(IPField("address", "0.0.0.0"), 20),
    ]

    def extract_padding(self, p):
        return b"", p
Beispiel #3
0
class SMB2_Negotiate_Protocol_Response(Packet):
    name = "SMB2 Negotiate Protocol Response"
    fields_desc = [
        XLEShortField("StructureSize", 0),
        FlagsField("SecurityMode", 0, -16, {
            0x1: "Signing Required",
            0x2: "Signing Enabled",
        }),
        LEShortEnumField("DialectRevision", 0x0, SMB_DIALECTS),
        FieldLenField("NegotiateCount",
                      None,
                      fmt="<H",
                      count_of="NegotiateContexts"),
        UUIDField("ServerGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE),
        # Capabilities
        FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES),
        LEIntField("MaxTransactionSize", 0),
        LEIntField("MaxReadSize", 0),
        LEIntField("MaxWriteSize", 0),
        UTCTimeField("SystemTime",
                     None,
                     fmt="<Q",
                     epoch=[1601, 1, 1, 0, 0, 0],
                     custom_scaling=1e7),
        UTCTimeField("ServerStartTime",
                     None,
                     fmt="<Q",
                     epoch=[1601, 1, 1, 0, 0, 0],
                     custom_scaling=1e7),
        XLEShortField("SecurityBlobOffset", 0),
        FieldLenField("SecurityBlobLength",
                      None,
                      fmt="<H",
                      length_of="SecurityBlob"),
        XLEIntField("NegotiateContextOffset", 0),
        PacketLenField("SecurityBlob",
                       None,
                       GSSAPI_BLOB,
                       length_from=lambda x: x.SecurityBlobLength),
        # Field only exists if Dialect is 0x0311
        # Each negotiate context must be 8-byte aligned
        ConditionalField(
            FieldListField("NegotiateContexts", [],
                           ReversePadField(
                               PacketField("Context", None,
                                           SMB2_Negotiate_Context), 8),
                           count_from=lambda pkt: pkt.NegotiateCount),
            lambda x: x.DialectRevision == 0x0311),
    ]
Beispiel #4
0
class LocatorPacket(EPacket):
    name = "RTPS Locator"
    fields_desc = [
        EField(XIntField("locatorKind", 0),
               endianness=FORMAT_LE,
               endianness_from=None),
        EField(IntField("port", 0), endianness=FORMAT_LE,
               endianness_from=None),
        ConditionalField(ReversePadField(IPField("address", "0.0.0.0"), 20),
                         lambda p: p.locatorKind == 0x1),
        ConditionalField(XStrFixedLenField("hostId", 0x0, 16),
                         lambda p: p.locatorKind == 0x01000000)
    ]

    def extract_padding(self, p):
        return b"", p
Beispiel #5
0
class SMBSession_Setup_AndX_Response_Extended_Security(Packet):
    name = "Session Setup AndX Extended Security Response (SMB)"
    WordCount = 7
    fields_desc = SMBSession_Setup_AndX_Response.fields_desc[:5] + [
        LEFieldLenField("SecurityBlobLength", None, length_of="SecurityBlob"),
        LEShortField("ByteCount", 25),
        PacketLenField("SecurityBlob",
                       None,
                       GSSAPI_BLOB,
                       length_from=lambda x: x.SecurityBlobLength),
        ReversePadField(
            _SMBStrNullField("NativeOS", "Windows 4.0"),
            2,
            b"\0",
        ),
        _SMBStrNullField("NativeLanMan", "Windows 4.0")
    ]
Beispiel #6
0
class SMBSession_Setup_AndX_Request(Packet):
    name = "Session Setup AndX Request (CIFS)"
    fields_desc = [
        ByteField("WordCount", 13),
        ByteEnumField("AndXCommand", 0x75, SMB_COM),
        ByteField("AndXReserved", 0),
        LEShortField("AndXOffset", 96),
        LEShortField("MaxBufferSize", 2920),
        LEShortField("MaxMPXCount", 50),
        LEShortField("VCNumber", 0),
        LEIntField("SessionKey", 0),
        LEFieldLenField("OEMPasswordLength", None, length_of="OEMPassword"),
        LEFieldLenField("UnicodePasswordLength",
                        None,
                        length_of="UnicodePassword"),
        LEIntField("Reserved", 0),
        FlagsField("ServerCapabilities", 0x05, -32, _SMB_ServerCapabilities),
        LEShortField("ByteCount", 35),
        XStrLenField("OEMPassword",
                     "Pass",
                     length_from=lambda x: x.OEMPasswordLength),
        XStrLenField("UnicodePassword",
                     "Pass",
                     length_from=lambda x: x.UnicodePasswordLength),
        ReversePadField(StrNullField("AccountName", "GUEST"), 2, b"\0"),
        _SMBStrNullField("PrimaryDomain", ""),
        _SMBStrNullField("NativeOS", "Windows 4.0"),
        _SMBStrNullField("NativeLanMan", "Windows 4.0"),
        # Off spec?
        ByteField("WordCount2", 4),
        ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}),
        ByteField("Reserved6", 0),
        LEShortField("AndXOffset2", 0),
        LEShortField("Flags3", 0x2),
        LEShortField("PasswordLength", 0x1),
        LEShortField("ByteCount2", 18),
        ByteField("Password", 0),
        StrNullField("Path", "\\\\WIN2K\\IPC$"),
        StrNullField("Service", "IPC")
    ]
Beispiel #7
0
class SMB2_Negociate_Protocol_Request_Header(Packet):
    name = "SMB2 Negociate Protocol Request Header"
    fields_desc = [
        XLEShortField("StructureSize", 0),
        FieldLenField(
            "DialectCount", None,
            fmt="<H",
            count_of="Dialects"
        ),
        # SecurityMode
        FlagsField("SecurityMode", 0, 16, {
            0x7: "Signing Required",
            0x8: "Signing Enabled",
        }),
        LEShortField("Reserved", 0),
        # Capabilities
        FlagsField("Capabilities", 0, 32, SMB2_CAPABILITIES),
        UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE),
        XLEIntField("NegociateContextOffset", 0x0),
        FieldLenField(
            "NegociateCount", 0x0,
            fmt="<H",
            count_of="NegociateContexts"
        ),
        ShortField("Reserved2", 0),
        FieldListField(
            "Dialects", [0x0202],
            LEShortEnumField("", 0x0, SMB_DIALECTS),
            count_from=lambda pkt: pkt.DialectCount
        ),
        # The first negotiate context must be 8-byte aligned
        ReversePadField(PacketListField(
            "NegociateContexts", [],
            SMB2_Negociate_Context,
            count_from=lambda pkt: pkt.NegociateCount
        ), 8),
    ]
Beispiel #8
0
class SMB2_Negotiate_Protocol_Request(Packet):
    name = "SMB2 Negotiate Protocol Request"
    fields_desc = [
        XLEShortField("StructureSize", 0),
        FieldLenField("DialectCount", None, fmt="<H", count_of="Dialects"),
        # SecurityMode
        FlagsField(
            "SecurityMode", 0, -16, {
                0x01: "SMB2_NEGOTIATE_SIGNING_ENABLED",
                0x02: "SMB2_NEGOTIATE_SIGNING_REQUIRED",
            }),
        LEShortField("Reserved", 0),
        # Capabilities
        FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES),
        UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE),
        # XXX TODO If we ever want to properly dissect the offsets, we have
        # a _NTLMPayloadField in scapy/layers/ntlm.py that does precisely that
        XLEIntField("NegotiateContextOffset", 0x0),
        FieldLenField("NegotiateCount",
                      None,
                      fmt="<H",
                      count_of="NegotiateContexts"),
        ShortField("Reserved2", 0),
        FieldListField("Dialects", [0x0202],
                       LEShortEnumField("", 0x0, SMB_DIALECTS),
                       count_from=lambda pkt: pkt.DialectCount),
        # Field only exists if Dialects contains 0x0311
        # Each negotiate context must be 8-byte aligned
        ConditionalField(
            FieldListField("NegotiateContexts", [],
                           ReversePadField(
                               PacketField("Context", None,
                                           SMB2_Negotiate_Context), 8),
                           count_from=lambda pkt: pkt.NegotiateCount),
            lambda x: 0x0311 in x.Dialects),
    ]