Beispiel #1
0
 def __init__(self,
              name,
              default,
              epoch=None,
              strf="%a, %d %b %Y %H:%M:%S +0000"):  # noqa: E501
     LEIntField.__init__(self, name, default)
     UTCTimeField.__init__(self, name, default, epoch=epoch, strf=strf)
Beispiel #2
0
 def __init__(self,
              name,
              default,
              epoch=None,
              strf="%a, %d %b %Y %H:%M:%S %z"):
     LEIntField.__init__(self, name, default)
     UTCTimeField.__init__(self, name, default, epoch=epoch, strf=strf)
Beispiel #3
0
class NetflowHeaderV1(Packet):
    name = "Netflow Header v1"
    fields_desc = [
        ShortField("count", 0),
        IntField("sysUptime", 0),
        UTCTimeField("unixSecs", 0),
        UTCTimeField("unixNanoSeconds", 0, use_nano=True)
    ]
Beispiel #4
0
class NetflowHeaderV5(Packet):
    name = "Netflow Header v5"
    fields_desc = [ShortField("count", 0),
                   IntField("sysUptime", 0),
                   UTCTimeField("unixSecs", 0),
                   UTCTimeField("unixNanoSeconds", 0, use_nano=True),
                   IntField("flowSequence", 0),
                   ByteField("engineType", 0),
                   ByteField("engineID", 0),
                   ShortField("samplingInterval", 0)]
Beispiel #5
0
class SMB2_Negotiate_Protocol_Response(Packet):
    name = "SMB2 Negotiate Protocol Response"
    fields_desc = [
        XLEShortField("StructureSize", 0),
        FlagsField("SecurityMode", 0, -16, {
            0x1: "Signing Required",
            0x2: "Signing Enabled",
        }),
        LEShortEnumField("DialectRevision", 0x0, SMB_DIALECTS),
        FieldLenField("NegotiateCount",
                      None,
                      fmt="<H",
                      count_of="NegotiateContexts"),
        UUIDField("ServerGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE),
        # Capabilities
        FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES),
        LEIntField("MaxTransactionSize", 0),
        LEIntField("MaxReadSize", 0),
        LEIntField("MaxWriteSize", 0),
        UTCTimeField("SystemTime",
                     None,
                     fmt="<Q",
                     epoch=[1601, 1, 1, 0, 0, 0],
                     custom_scaling=1e7),
        UTCTimeField("ServerStartTime",
                     None,
                     fmt="<Q",
                     epoch=[1601, 1, 1, 0, 0, 0],
                     custom_scaling=1e7),
        XLEShortField("SecurityBlobOffset", 0),
        FieldLenField("SecurityBlobLength",
                      None,
                      fmt="<H",
                      length_of="SecurityBlob"),
        XLEIntField("NegotiateContextOffset", 0),
        PacketLenField("SecurityBlob",
                       None,
                       GSSAPI_BLOB,
                       length_from=lambda x: x.SecurityBlobLength),
        # Field only exists if Dialect is 0x0311
        # Each negotiate context must be 8-byte aligned
        ConditionalField(
            FieldListField("NegotiateContexts", [],
                           ReversePadField(
                               PacketField("Context", None,
                                           SMB2_Negotiate_Context), 8),
                           count_from=lambda pkt: pkt.NegotiateCount),
            lambda x: x.DialectRevision == 0x0311),
    ]
Beispiel #6
0
class SMBNegotiate_Response_NoSecurity(_SMBNegotiate_Response):
    name = "SMB Negotiate No-Security Response (CIFS)"
    fields_desc = [
        ByteField("WordCount", 0x1),
        LEShortField("DialectIndex", 7),
        FlagsField("SecurityMode", 0x03, 8, [
            "USER_SECURITY", "ENCRYPT_PASSWORDS",
            "SECURITY_SIGNATURES_ENABLED", "SECURITY_SIGNATURES_REQUIRED"
        ]),
        LEShortField("MaxMpxCount", 50),
        LEShortField("MaxNumberVC", 1),
        LEIntField("MaxBufferSize", 16144),
        LEIntField("MaxRawSize", 65536),
        LEIntField("SessionKey", 0x0000),
        FlagsField("ServerCapabilities", 0xf3f9, -32, _SMB_ServerCapabilities),
        UTCTimeField("ServerTime",
                     None,
                     fmt="<Q",
                     epoch=[1601, 1, 1, 0, 0, 0],
                     custom_scaling=1e7),
        LEShortField("ServerTimeZone", 0x3c),
        ByteField("ChallengeLength", 0),  # aka EncryptionKeyLength
        LEFieldLenField("ByteCount",
                        None,
                        length_of="DomainName",
                        adjust=lambda pkt, x: x + len(pkt.Challenge)),
        StrLenField(
            "Challenge",
            b"",  # aka EncryptionKey
            length_from=lambda pkt: pkt.ChallengeLength),
        StrNullField("DomainName", "WORKGROUP")
    ]
Beispiel #7
0
class DNSRRRSIG(_DNSRRdummy):
    name = "DNS RRSIG Resource Record"
    fields_desc = [DNSStrField("rrname", ""),
                   ShortEnumField("type", 46, dnstypes),
                   ShortEnumField("rclass", 1, dnsclasses),
                   IntField("ttl", 0),
                   ShortField("rdlen", None),
                   ShortEnumField("typecovered", 1, dnstypes),
                   ByteEnumField("algorithm", 5, dnssecalgotypes),
                   ByteField("labels", 0),
                   IntField("originalttl", 0),
                   UTCTimeField("expiration", 0),
                   UTCTimeField("inception", 0),
                   ShortField("keytag", 0),
                   DNSStrField("signersname", ""),
                   StrField("signature", "")
                   ]
Beispiel #8
0
class ICMPv6NDOptTmstp(_ICMPv6NDGuessPayload, Packet):
    name = "ICMPv6NDOptTmstp"
    fields_desc = [
        ByteField("type", 13),
        ByteField("len", 2),
        BitField("reserved", 0, 48),
        UTCTimeField("timestamp", None)
    ]
Beispiel #9
0
class NetflowHeaderV9(Packet):
    name = "Netflow Header V9"
    fields_desc = [
        ShortField("count", 0),
        IntField("sysUptime", 0),
        UTCTimeField("unixSecs", 0),
        IntField("packageSequence", 0),
        IntField("SourceID", 0)
    ]
Beispiel #10
0
class NTLMv2_CLIENT_CHALLENGE(Packet):
    fields_desc = [
        ByteField("RespType", 0),
        ByteField("HiRespType", 0),
        LEShortField("Reserved1", 0),
        LEIntField("Reserved2", 0),
        UTCTimeField("TimeStamp", None, fmt="<Q", epoch=[
                     1601, 1, 1, 0, 0, 0], custom_scaling=1e7),
        StrFixedLenField("ChallengeFromClient", b"", length=8),
        LEIntField("Reserved3", 0),
        PacketListField("AvPairs", [AV_PAIR()], AV_PAIR)
    ]
Beispiel #11
0
class NetflowHeaderV9(Packet):
    name = "Netflow Header V9"
    fields_desc = [
        ShortField("count", None),
        IntField("sysUptime", 0),
        UTCTimeField("unixSecs", None),
        IntField("packageSequence", 0),
        IntField("SourceID", 0)
    ]

    def post_build(self, pkt, pay):
        if self.count is None:
            count = sum(1 for x in self.layers() if x in [
                NetflowFlowsetV9, NetflowDataflowsetV9, NetflowOptionsFlowsetV9
            ])
            pkt = struct.pack("!H", count) + pkt[2:]
        return pkt + pay
Beispiel #12
0
class AV_PAIR(Packet):
    name = "NTLM AV Pair"
    fields_desc = [
        LEShortEnumField(
            'AvId', 0, {
                0x0000: "MsvAvEOL",
                0x0001: "MsvAvNbComputerName",
                0x0002: "MsvAvNbDomainName",
                0x0003: "MsvAvDnsComputerName",
                0x0004: "MsvAvDnsDomainName",
                0x0005: "MsvAvDnsTreeName",
                0x0006: "MsvAvFlags",
                0x0007: "MsvAvTimestamp",
                0x0008: "MsvAvSingleHost",
                0x0009: "MsvAvTargetName",
                0x000A: "MsvAvChannelBindings",
            }),
        FieldLenField('AvLen', None, length_of="Value", fmt="<H"),
        MultipleTypeField([
            (LEIntEnumField(
                'Value', 1, {
                    0x0001: "constrained",
                    0x0002: "MIC integrity",
                    0x0004: "SPN from untrusted source"
                }), lambda pkt: pkt.AvId == 0x0006),
            (UTCTimeField("Value",
                          None,
                          epoch=[1601, 1, 1, 0, 0, 0],
                          custom_scaling=1e7,
                          fmt="<Q"), lambda pkt: pkt.AvId == 0x0007),
            (PacketField('Value', Single_Host_Data(),
                         Single_Host_Data), lambda pkt: pkt.AvId == 0x0008),
            (XStrLenField('Value', b"", length_from=lambda pkt: pkt.AvLen),
             lambda pkt: pkt.AvId == 0x000A),
        ], StrLenFieldUtf16('Value', b"", length_from=lambda pkt: pkt.AvLen))
    ]

    def default_payload_class(self, payload):
        return conf.padding_layer
Beispiel #13
0
 def __init__(self, name, default, epoch=None, strf="%a, %d %b %Y %H:%M:%S +0000"):  # noqa: E501
     LEIntField.__init__(self, name, default)
     UTCTimeField.__init__(self, name, default, epoch=epoch, strf=strf)