def __init__(self, fld): # Quote from https://www.radiotap.org/: # ""Radiotap requires that all fields in the radiotap header are aligned to natural boundaries. # noqa: E501 # For radiotap, that means all 8-, 16-, 32-, and 64-bit fields must begin on 8-, 16-, 32-, and 64-bit boundaries, respectively."" # noqa: E501 if isinstance(fld, BitField): _align = int(math.ceil(fld.i2len(None, None))) else: _align = struct.calcsize(fld.fmt) ReversePadField.__init__(self, fld, _align, padwith=b"\x00")
class LocatorPacket(Packet): name = "RTPS Locator" fields_desc = [ XIntField("locatorKind", 0), LEIntField("port", 0), ReversePadField(IPField("address", "0.0.0.0"), 20), ] def extract_padding(self, p): return b"", p
class SMB2_Negotiate_Protocol_Response(Packet): name = "SMB2 Negotiate Protocol Response" fields_desc = [ XLEShortField("StructureSize", 0), FlagsField("SecurityMode", 0, -16, { 0x1: "Signing Required", 0x2: "Signing Enabled", }), LEShortEnumField("DialectRevision", 0x0, SMB_DIALECTS), FieldLenField("NegotiateCount", None, fmt="<H", count_of="NegotiateContexts"), UUIDField("ServerGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), # Capabilities FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES), LEIntField("MaxTransactionSize", 0), LEIntField("MaxReadSize", 0), LEIntField("MaxWriteSize", 0), UTCTimeField("SystemTime", None, fmt="<Q", epoch=[1601, 1, 1, 0, 0, 0], custom_scaling=1e7), UTCTimeField("ServerStartTime", None, fmt="<Q", epoch=[1601, 1, 1, 0, 0, 0], custom_scaling=1e7), XLEShortField("SecurityBlobOffset", 0), FieldLenField("SecurityBlobLength", None, fmt="<H", length_of="SecurityBlob"), XLEIntField("NegotiateContextOffset", 0), PacketLenField("SecurityBlob", None, GSSAPI_BLOB, length_from=lambda x: x.SecurityBlobLength), # Field only exists if Dialect is 0x0311 # Each negotiate context must be 8-byte aligned ConditionalField( FieldListField("NegotiateContexts", [], ReversePadField( PacketField("Context", None, SMB2_Negotiate_Context), 8), count_from=lambda pkt: pkt.NegotiateCount), lambda x: x.DialectRevision == 0x0311), ]
class LocatorPacket(EPacket): name = "RTPS Locator" fields_desc = [ EField(XIntField("locatorKind", 0), endianness=FORMAT_LE, endianness_from=None), EField(IntField("port", 0), endianness=FORMAT_LE, endianness_from=None), ConditionalField(ReversePadField(IPField("address", "0.0.0.0"), 20), lambda p: p.locatorKind == 0x1), ConditionalField(XStrFixedLenField("hostId", 0x0, 16), lambda p: p.locatorKind == 0x01000000) ] def extract_padding(self, p): return b"", p
class SMBSession_Setup_AndX_Response_Extended_Security(Packet): name = "Session Setup AndX Extended Security Response (SMB)" WordCount = 7 fields_desc = SMBSession_Setup_AndX_Response.fields_desc[:5] + [ LEFieldLenField("SecurityBlobLength", None, length_of="SecurityBlob"), LEShortField("ByteCount", 25), PacketLenField("SecurityBlob", None, GSSAPI_BLOB, length_from=lambda x: x.SecurityBlobLength), ReversePadField( _SMBStrNullField("NativeOS", "Windows 4.0"), 2, b"\0", ), _SMBStrNullField("NativeLanMan", "Windows 4.0") ]
class SMBSession_Setup_AndX_Request(Packet): name = "Session Setup AndX Request (CIFS)" fields_desc = [ ByteField("WordCount", 13), ByteEnumField("AndXCommand", 0x75, SMB_COM), ByteField("AndXReserved", 0), LEShortField("AndXOffset", 96), LEShortField("MaxBufferSize", 2920), LEShortField("MaxMPXCount", 50), LEShortField("VCNumber", 0), LEIntField("SessionKey", 0), LEFieldLenField("OEMPasswordLength", None, length_of="OEMPassword"), LEFieldLenField("UnicodePasswordLength", None, length_of="UnicodePassword"), LEIntField("Reserved", 0), FlagsField("ServerCapabilities", 0x05, -32, _SMB_ServerCapabilities), LEShortField("ByteCount", 35), XStrLenField("OEMPassword", "Pass", length_from=lambda x: x.OEMPasswordLength), XStrLenField("UnicodePassword", "Pass", length_from=lambda x: x.UnicodePasswordLength), ReversePadField(StrNullField("AccountName", "GUEST"), 2, b"\0"), _SMBStrNullField("PrimaryDomain", ""), _SMBStrNullField("NativeOS", "Windows 4.0"), _SMBStrNullField("NativeLanMan", "Windows 4.0"), # Off spec? ByteField("WordCount2", 4), ByteEnumField("AndXCommand2", 0xFF, {0xFF: "SMB_COM_NONE"}), ByteField("Reserved6", 0), LEShortField("AndXOffset2", 0), LEShortField("Flags3", 0x2), LEShortField("PasswordLength", 0x1), LEShortField("ByteCount2", 18), ByteField("Password", 0), StrNullField("Path", "\\\\WIN2K\\IPC$"), StrNullField("Service", "IPC") ]
class SMB2_Negociate_Protocol_Request_Header(Packet): name = "SMB2 Negociate Protocol Request Header" fields_desc = [ XLEShortField("StructureSize", 0), FieldLenField( "DialectCount", None, fmt="<H", count_of="Dialects" ), # SecurityMode FlagsField("SecurityMode", 0, 16, { 0x7: "Signing Required", 0x8: "Signing Enabled", }), LEShortField("Reserved", 0), # Capabilities FlagsField("Capabilities", 0, 32, SMB2_CAPABILITIES), UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), XLEIntField("NegociateContextOffset", 0x0), FieldLenField( "NegociateCount", 0x0, fmt="<H", count_of="NegociateContexts" ), ShortField("Reserved2", 0), FieldListField( "Dialects", [0x0202], LEShortEnumField("", 0x0, SMB_DIALECTS), count_from=lambda pkt: pkt.DialectCount ), # The first negotiate context must be 8-byte aligned ReversePadField(PacketListField( "NegociateContexts", [], SMB2_Negociate_Context, count_from=lambda pkt: pkt.NegociateCount ), 8), ]
class SMB2_Negotiate_Protocol_Request(Packet): name = "SMB2 Negotiate Protocol Request" fields_desc = [ XLEShortField("StructureSize", 0), FieldLenField("DialectCount", None, fmt="<H", count_of="Dialects"), # SecurityMode FlagsField( "SecurityMode", 0, -16, { 0x01: "SMB2_NEGOTIATE_SIGNING_ENABLED", 0x02: "SMB2_NEGOTIATE_SIGNING_REQUIRED", }), LEShortField("Reserved", 0), # Capabilities FlagsField("Capabilities", 0, -32, SMB2_CAPABILITIES), UUIDField("ClientGUID", 0x0, uuid_fmt=UUIDField.FORMAT_LE), # XXX TODO If we ever want to properly dissect the offsets, we have # a _NTLMPayloadField in scapy/layers/ntlm.py that does precisely that XLEIntField("NegotiateContextOffset", 0x0), FieldLenField("NegotiateCount", None, fmt="<H", count_of="NegotiateContexts"), ShortField("Reserved2", 0), FieldListField("Dialects", [0x0202], LEShortEnumField("", 0x0, SMB_DIALECTS), count_from=lambda pkt: pkt.DialectCount), # Field only exists if Dialects contains 0x0311 # Each negotiate context must be 8-byte aligned ConditionalField( FieldListField("NegotiateContexts", [], ReversePadField( PacketField("Context", None, SMB2_Negotiate_Context), 8), count_from=lambda pkt: pkt.NegotiateCount), lambda x: 0x0311 in x.Dialects), ]