def __init__(self, data=None, is_unicode=False):
Struct.__init__(self, data)
self.is_unicode = is_unicode
if data is not None:
pos = self.calcsize()
self['SecurityBlob'] = data[pos:pos + self['SecurityBlobLength']]
pos += self['SecurityBlobLength']
# NativeOS, NativeLANMan and PrimaryDomain are not very important.
# Unfortunately parsing this is prone to errors and implementation
# might vary between servers so catching exceptions is fine.
try:
if self.is_unicode == True and (pos % 2) == 1:
pos += 1
nativeos, size = extractNullTerminatedString(
data, pos, is_unicode)
self['NativeOS'] = nativeos.split(u'\0')[0]
pos += size
lanman, size = extractNullTerminatedString(
data, pos, is_unicode)
self['NativeLANMan'] = lanman.split(u'\0')[0]
pos += size
primarydomain, _ = extractNullTerminatedString(
data, pos, is_unicode)
self['PrimaryDomain'] = primarydomain.split(u'\0')[0]
except Exception as e:
logging.warning(
"Warning, parsing of the answer slightly failed: %s" %
str(e))
def __init__(self, data=None, is_unicode=False):
Struct.__init__(self, data)
self.is_unicode = is_unicode
if data is not None:
pos = self.calcsize()
size = self['SetupCount'] * calcsize('<H')
self['Setup'] = data[pos:pos + size]
pos += size
size = calcsize('<H')
self['ByteCount'] = unpack('<H', data[pos:pos + size])[0]
pos += size
if is_unicode == True and (pos % 2) == 1:
pos += 1
name, size = extractNullTerminatedString(data, pos, is_unicode)
self['Name'] = name.split(u'\0')[0]
pos += size
self['Pad'] = data[pos:self['ParameterOffset'] - SMB_HEADER_SIZE]
pos = self['ParameterOffset'] - SMB_HEADER_SIZE
size = self['ParameterCount']
self['Parameters'] = data[pos:pos + size]
pos += size
self['Pad1'] = data[pos:self['DataOffset'] - SMB_HEADER_SIZE]
pos = self['DataOffset'] - SMB_HEADER_SIZE
size = self['DataCount']
self['Data'] = data[pos:pos + size]
def __init__(self, data=None, is_unicode=False):
Struct.__init__(self, data)
if data is not None:
# Unicode has not been negotiated yet
if self['Capabilities'] & CAP_UNICODE:
is_unicode = True
pos = self.calcsize()
if self['Capabilities'] & CAP_EXTENDED_SECURITY:
self['ServerGuid'] = data[pos:pos + 16]
self['SecurityBlob'] += data[pos + 16:]
else:
self['EncryptionKey'] = data[pos:pos +
self['EncryptionKeyLength']]
pos += self['EncryptionKeyLength']
# Must be null-terminated
domain, length = extractNullTerminatedString(
data, pos, is_unicode)
self['DomainName'] = domain.split(u'\0')[0]
# This is optional
if self['ByteCount'] - self['EncryptionKeyLength'] - length > 0:
servername = extractNullTerminatedString(
data, pos + length, is_unicode)[0]
self['ServerName'] = servername.split(u'\0')[0]
def __init__(self, data=None, ShareArray=[]):
Struct.__init__(self, data)
self.shares = []
if data is not None:
pos = self.calcsize()
for i in xrange(self['MaxCount']):
refptr = unpack('<L', data[pos:pos + 4])[0]
pos += 4
stype = unpack('<L', data[pos:pos + 4])[0]
pos += 4
self.shares.append({'type': stype})
refptr2 = unpack('<L', data[pos:pos + 4])[0]
pos += 4
for i in xrange(self['MaxCount']):
s = DCERPCString(data=data[pos:])
self.shares[i]['name'] = s.get_string().decode(
'UTF-16LE').encode('ascii')[:-1]
pos += len(s.pack())
s2 = DCERPCString(data=data[pos:])
self.shares[i]['comment'] = s2.get_string().decode(
'UTF-16LE').encode('ascii')[:-1]
pos += len(s2.pack())
else:
self.shares = ShareArray
self['MaxCount'] = len(self.shares)
def __init__(self, data=None, is_unicode=False):
if data is not None and len(
data) < self.calcsize(): #Interim server response
self['WordCount'] = 0
return
Struct.__init__(self, data)
self.is_unicode = is_unicode
if data is not None:
pos = self.calcsize()
size = self['SetupCount'] * calcsize('<H')
self['Setup'] = data[pos:pos + size]
pos += size
size = calcsize('<H')
self['ByteCount'] = unpack('<H', data[pos:pos + size])[0]
pos += size
self['Pad1'] = data[pos:self['ParameterOffset'] - SMB_HEADER_SIZE]
pos = self['ParameterOffset'] - SMB_HEADER_SIZE
size = self['ParameterCount']
self['NT_Trans_Parameters'] = data[pos:pos + size]
pos += size
self['Pad2'] = data[pos:self['DataOffset'] - SMB_HEADER_SIZE]
pos = self['DataOffset'] - SMB_HEADER_SIZE
size = self['DataCount']
self['NT_Trans_Data'] = data[pos:pos + size]
def __init__(self, data=None, Domains=[]):
Struct.__init__(self, data)
if data is not None:
self['Domains'] = []
pos = self.calcsize()
for i in xrange(self['Count']):
domain = LsaTrustInformation(data=data[pos:])
self['Domains'] += [domain]
# If Count != 0 we have an array at DomainPtr
if self['Count']:
pos += self['Count'] * self['Domains'][0].calcsize()
for i in xrange(len(self['Domains'])):
domain = self['Domains'][i]
if domain.has_name():
domain.unpack_name(data[pos:])
pos += len(domain.pack_name())
if domain.has_sid():
domain.unpack_sid(data[pos:])
pos += len(domain.pack_sid())
else:
self['Count'] = len(Domains)
self['MaxCount'] = len(Domains)
self['Domains'] = []
if self['Count']:
self['DomainPtr'] = 0x20004
self['MaxSize'] = 2048 # Useless field
for domain in Domains:
self['Domains'] += [
LsaTrustInformation(Name=domain['Name'], Sid=domain['Sid'])
]
def __init__(self, data=None, Rid=500):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
else:
self['Rid'] = Rid
def __init__(self, data=None, extradata=None):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
pos = self.calcsize()
self['Sid'] = DCERPCSid(data=extradata)
def __init__(self,
data=None,
machine_name='',
database_name='',
desired_access=0,
is_unicode=True):
Struct.__init__(self, data)
if data is not None:
pos = 0
self['MachineNamePtr'] = unpack('<L', data[pos:pos + 4])
pos += 4
self['MachineName'] = DCERPCString(data=data[pos:])
pos += len(self['MachineName'].pack())
self['DatabaseNamePtr'] = unpack('<L', data[pos:pos + 4])
pos += 4
self['DatabaseName'] = DCERPCString(data=data[pos:])
pos += len(self['DatabaseName'].pack())
self['DesiredAccess'] = unpack('<L', data[pos:pos + 4])
else:
if len(machine_name):
self['MachineName'] = DCERPCString(
string=machine_name.encode('UTF-16LE'))
self['MachineNamePtr'] = 0x20004
if len(database_name):
self['DatabaseName'] = DCERPCString(
string=database_name.encode('UTF-16LE'))
self['DatabaseNamePtr'] = 0x20008
self['DesiredAccess'] = desired_access
def __init__(self, data=None, is_unicode=True):
Struct.__init__(self, data)
if data:
self['Services'] = []
# case 1: No buffer included, nothing to do.
if not self['ServicesSize']:
return
# case 2: There is a buffer to extract
else:
howmuch = self['ServicesSize']
buff = data[4:]
self['retvalue'] = unpack('<L', data[-4:])[0]
self['Unknown2'] = unpack('<L', data[-8:-4])[0]
self['NbrOfServices'] = unpack('<L', data[-12:-8])[0]
pos = 0
for i in xrange(self['NbrOfServices']):
srv_name_off = unpack('<L', buff[pos:pos+4])[0]
pos+=4
display_name_off = unpack('<L', buff[pos:pos+4])[0]
pos += 4
service_status = SVCCTLServiceStatus(data=buff[pos:])
service_type = service_status.get_type()
service_state = service_status.get_state()
srv_name = extract_unicode_str(data[4+srv_name_off:])
display_name = extract_unicode_str(data[4+display_name_off:])
pos += service_status.calcsize()
self['Services'].append({'ServiceName':srv_name,
'DisplayName':display_name,
'Type':service_type,
'CurrentState': service_state})
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['PathOffset'] - SMB2_HEADER_SIZE
self['Buffer'] = data[pos:pos +
self['PathLength']].decode('UTF-16LE')
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self.calcsize()
self['Chunks'] = data[pos:pos + self['ChunkCount'] *
24] # Size of SrvCopyChunk
def __init__(self, data=None, PolicyHandle='\x00' * 20, is_unicode=True):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
else:
self['PolicyHandle'] = PolicyHandle
def __init__(self, data=None, manager_handle='\x00'*20,
service_name='',
binary_pathname='',
display_name='',
start_type=SVCCTL_SERVICE_DEMAND_START,
is_unicode=True):
Struct.__init__(self, data)
if data is not None:
pos = 0
self['ManagerHandle'] = data[pos:pos+20]
pos += 20
self['ServiceName'] = DCERPCString(data=data[pos:])
pos += len(self['ServiceName'].pack())
self['DisplayNamePtr'] = data[pos:pos+4]
self['DisplayName'] = DCERPCString(data=data[pos:])
pos += len(self['DisplayName'].pack())
self['AccessMask'] = data[pos:pos+4]
pos += 4
self['ServiceType'] = data[pos:pos+4]
pos += 4
self['ServiceStartType'] = data[pos:pos+4]
pos += 4
self['ServiceErrorControl'] = data[pos:pos+4]
pos += 4
self['BinaryPathName'] = DCERPCString(data=data[pos:])
pos += len(self['BinaryPathName'].pack())
self['LoadOrderGroupPtr'] = data[pos:pos+4]
pos += 4
self['TagId'] = data[pos:pos+4]
pos += 4
self['DependenciesPtr'] = data[pos:pos+4]
if self['DependenciesPtr']:
logging.eror('SVCCTL_ERROR: DependenciesPtr != 0')
return
pos += 4
self['DependSize'] = data[pos:pos+4]
pos += 4
self['ServiceStartNamePtr'] = data[pos:pos+4]
if self['ServiceStartNamePtr']:
logging.eror('SVCCTL_ERROR: DependenciesPtr != 0')
return
pos += 4
self['PasswordPtr'] = data[pos:pos+4]
if self['PasswordPtr']:
logging.eror('SVCCTL_ERROR: DependenciesPtr != 0')
return
pos += 4
self['PasswordSize'] = data[pos:pos+4]
else:
self['ManagerHandle'] = manager_handle
self['ServiceName'] = DCERPCString(string=service_name.encode('UTF-16LE'))
self['BinaryPathName'] = DCERPCString(string=binary_pathname.encode('UTF-16LE'))
if len(display_name):
self['DisplayName'] = DCERPCString(string=display_name.encode('UTF-16LE'))
self['DisplayNamePtr'] = 0x20004
else:
self['DisplayNamePtr'] = 0
self['ServiceStartType'] = start_type
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['TargetNameBufferOffset']
self['TargetName'] = data[pos:pos + self['TargetNameLen']]
pos = self['TargetInfoBufferOffset']
self['TargetInfo'] = data[pos:pos + self['TargetInfoLen']]
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['CreateContextsOffset'] - SMB2_HEADER_SIZE
self['CreateContexts'] = data[pos:pos +
self['CreateContextsLength']]
self['Buffer'] = self['CreateContexts']
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['NameOffset']
self['Name'] = data[pos:pos + self['NameLength']]
pos = self['DataOffset']
self['Data'] = data[pos:pos + self['DataLength']]
self['Buffer'] = self['Name'] + self['Data']
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['DomainNameBufferOffset']
self['DomainName'] = data[pos:pos + self['DomainNameLen']]
pos = self['WorkstationBufferOffset']
self['WorkstationName'] = data[pos:pos + self['WorkstationLen']]
def __init__(self, data=None, ServerName='', NetName=''):
Struct.__init__(self, data)
if data is not None:
## TODO
pass
else:
self['ServerName'] = ServerName.encode('UTF-16LE')
self['NetName'] = NetName.encode('UTF-16LE')
def __init__(self, data=None, service_handle='\x00'*20, retvalue=0, is_unicode=True):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
else:
self['ServiceHandle'] = service_handle
self['retvalue'] = retvalue
def __init__(self, data=None, manager_handle='\x00'*20, retvalue=0, is_unicode=True):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
else:
self['ManagerHandle'] = manager_handle
self['retvalue'] = retvalue
def __init__(self, data=None, Level=WKSTA_USER_INFO_0, EntriesRead=0):
Struct.__init__(self, data)
if data is not None:
Struct.__init__(self, data)
self['UserInfo'] = WkstaUserInfoLevel0Array(data=data[4:])
else:
self['Level'] = Level
self['UserInfo'] = WkstaUserInfoLevel0Array(EntriesRead=EntriesRead)
def __init__(self, data=None):
Struct.__init__(self, data)
if data is not None:
pos = self['InputOffset'] - SMB2_HEADER_SIZE
self['Input'] = data[pos:pos + self['InputCount']]
pos = self['OutputOffset'] - SMB2_HEADER_SIZE
self['Output'] = data[pos:pos + self['OutputCount']]
self['Buffer'] = self['Input'] + self['Output']
def __init__(self, data = None, apreq=''):
Struct.__init__(self, data)
if data is not None:
raise RuntimeError, "Not implemented."
else:
oid = encoder.encode(univ.ObjectIdentifier(GSS_KRB5))
self['Krb5Oid'] = asn1_encode(0x60, oid)
self['ApReq'] = apreq
def __init__(self, data=None,
type=SVCCTL_SERVICE_WIN32,
state=SVCCTL_SERVICE_PAUSED,
is_unicode=True):
Struct.__init__(self, data)
if not data:
self['ServiceType'] = type
self['CurrentState'] = state
def __init__(self, data=None, extradata=None):
Struct.__init__(self, data)
if data is not None:
pos = self.calcsize()
if self['Length'] == 0:
self['Name'] = DCERPCString(string='')
else:
self['Name'] = DCERPCString(data=extradata)
def __init__(self, data=None, manager_handle='',
type=SVCCTL_SERVICE_WIN32,
size=0,
is_unicode=True):
Struct.__init__(self, data)
if not data:
self['ManagerHandle'] = manager_handle
self['ServicesSize'] = size
self['ServiceType'] = type
def __init__(self, data=None, service_status=None, retvalue=0, is_unicode=True):
Struct.__init__(self, data)
if not data:
self['ServiceStatus'] = service_status
self['retvalue'] = retvalue
else:
self['ServiceStatus'] = SVCCTLServiceStatus(data=data)
pos=self['ServiceStatus'].calcsize()
self['retvalue'] = unpack('<L', data[pos:pos+4])[0]
def __init__(self,
data=None,
manager_handle='\x00' * 20,
size=0,
is_unicode=True):
Struct.__init__(self, data)
if not data:
self['ManagerHandle'] = manager_handle
self['ServicesSize'] = size
def __init__(self,
data=None,
service_handle='',
control=SVCCTL_SERVICE_CONTROL_STOP,
is_unicode=True):
Struct.__init__(self, data)
if not data:
self['ServiceHandle'] = service_handle
self['Control'] = control
