def __init__(self, data=None, is_unicode=False): Struct.__init__(self, data) self.is_unicode = is_unicode if data is not None: pos = self.calcsize() self['SecurityBlob'] = data[pos:pos + self['SecurityBlobLength']] pos += self['SecurityBlobLength'] # NativeOS, NativeLANMan and PrimaryDomain are not very important. # Unfortunately parsing this is prone to errors and implementation # might vary between servers so catching exceptions is fine. try: if self.is_unicode == True and (pos % 2) == 1: pos += 1 nativeos, size = extractNullTerminatedString( data, pos, is_unicode) self['NativeOS'] = nativeos.split(u'\0')[0] pos += size lanman, size = extractNullTerminatedString( data, pos, is_unicode) self['NativeLANMan'] = lanman.split(u'\0')[0] pos += size primarydomain, _ = extractNullTerminatedString( data, pos, is_unicode) self['PrimaryDomain'] = primarydomain.split(u'\0')[0] except Exception as e: logging.warning( "Warning, parsing of the answer slightly failed: %s" % str(e))
def __init__(self, data=None, is_unicode=False): Struct.__init__(self, data) self.is_unicode = is_unicode if data is not None: pos = self.calcsize() size = self['SetupCount'] * calcsize('<H') self['Setup'] = data[pos:pos + size] pos += size size = calcsize('<H') self['ByteCount'] = unpack('<H', data[pos:pos + size])[0] pos += size if is_unicode == True and (pos % 2) == 1: pos += 1 name, size = extractNullTerminatedString(data, pos, is_unicode) self['Name'] = name.split(u'\0')[0] pos += size self['Pad'] = data[pos:self['ParameterOffset'] - SMB_HEADER_SIZE] pos = self['ParameterOffset'] - SMB_HEADER_SIZE size = self['ParameterCount'] self['Parameters'] = data[pos:pos + size] pos += size self['Pad1'] = data[pos:self['DataOffset'] - SMB_HEADER_SIZE] pos = self['DataOffset'] - SMB_HEADER_SIZE size = self['DataCount'] self['Data'] = data[pos:pos + size]
def __init__(self, data=None, is_unicode=False): Struct.__init__(self, data) if data is not None: # Unicode has not been negotiated yet if self['Capabilities'] & CAP_UNICODE: is_unicode = True pos = self.calcsize() if self['Capabilities'] & CAP_EXTENDED_SECURITY: self['ServerGuid'] = data[pos:pos + 16] self['SecurityBlob'] += data[pos + 16:] else: self['EncryptionKey'] = data[pos:pos + self['EncryptionKeyLength']] pos += self['EncryptionKeyLength'] # Must be null-terminated domain, length = extractNullTerminatedString( data, pos, is_unicode) self['DomainName'] = domain.split(u'\0')[0] # This is optional if self['ByteCount'] - self['EncryptionKeyLength'] - length > 0: servername = extractNullTerminatedString( data, pos + length, is_unicode)[0] self['ServerName'] = servername.split(u'\0')[0]
def __init__(self, data=None, ShareArray=[]): Struct.__init__(self, data) self.shares = [] if data is not None: pos = self.calcsize() for i in xrange(self['MaxCount']): refptr = unpack('<L', data[pos:pos + 4])[0] pos += 4 stype = unpack('<L', data[pos:pos + 4])[0] pos += 4 self.shares.append({'type': stype}) refptr2 = unpack('<L', data[pos:pos + 4])[0] pos += 4 for i in xrange(self['MaxCount']): s = DCERPCString(data=data[pos:]) self.shares[i]['name'] = s.get_string().decode( 'UTF-16LE').encode('ascii')[:-1] pos += len(s.pack()) s2 = DCERPCString(data=data[pos:]) self.shares[i]['comment'] = s2.get_string().decode( 'UTF-16LE').encode('ascii')[:-1] pos += len(s2.pack()) else: self.shares = ShareArray self['MaxCount'] = len(self.shares)
def __init__(self, data=None, is_unicode=False): if data is not None and len( data) < self.calcsize(): #Interim server response self['WordCount'] = 0 return Struct.__init__(self, data) self.is_unicode = is_unicode if data is not None: pos = self.calcsize() size = self['SetupCount'] * calcsize('<H') self['Setup'] = data[pos:pos + size] pos += size size = calcsize('<H') self['ByteCount'] = unpack('<H', data[pos:pos + size])[0] pos += size self['Pad1'] = data[pos:self['ParameterOffset'] - SMB_HEADER_SIZE] pos = self['ParameterOffset'] - SMB_HEADER_SIZE size = self['ParameterCount'] self['NT_Trans_Parameters'] = data[pos:pos + size] pos += size self['Pad2'] = data[pos:self['DataOffset'] - SMB_HEADER_SIZE] pos = self['DataOffset'] - SMB_HEADER_SIZE size = self['DataCount'] self['NT_Trans_Data'] = data[pos:pos + size]
def __init__(self, data=None, Domains=[]): Struct.__init__(self, data) if data is not None: self['Domains'] = [] pos = self.calcsize() for i in xrange(self['Count']): domain = LsaTrustInformation(data=data[pos:]) self['Domains'] += [domain] # If Count != 0 we have an array at DomainPtr if self['Count']: pos += self['Count'] * self['Domains'][0].calcsize() for i in xrange(len(self['Domains'])): domain = self['Domains'][i] if domain.has_name(): domain.unpack_name(data[pos:]) pos += len(domain.pack_name()) if domain.has_sid(): domain.unpack_sid(data[pos:]) pos += len(domain.pack_sid()) else: self['Count'] = len(Domains) self['MaxCount'] = len(Domains) self['Domains'] = [] if self['Count']: self['DomainPtr'] = 0x20004 self['MaxSize'] = 2048 # Useless field for domain in Domains: self['Domains'] += [ LsaTrustInformation(Name=domain['Name'], Sid=domain['Sid']) ]
def __init__(self, data=None, Rid=500): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) else: self['Rid'] = Rid
def __init__(self, data=None, extradata=None): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) pos = self.calcsize() self['Sid'] = DCERPCSid(data=extradata)
def __init__(self, data=None, machine_name='', database_name='', desired_access=0, is_unicode=True): Struct.__init__(self, data) if data is not None: pos = 0 self['MachineNamePtr'] = unpack('<L', data[pos:pos + 4]) pos += 4 self['MachineName'] = DCERPCString(data=data[pos:]) pos += len(self['MachineName'].pack()) self['DatabaseNamePtr'] = unpack('<L', data[pos:pos + 4]) pos += 4 self['DatabaseName'] = DCERPCString(data=data[pos:]) pos += len(self['DatabaseName'].pack()) self['DesiredAccess'] = unpack('<L', data[pos:pos + 4]) else: if len(machine_name): self['MachineName'] = DCERPCString( string=machine_name.encode('UTF-16LE')) self['MachineNamePtr'] = 0x20004 if len(database_name): self['DatabaseName'] = DCERPCString( string=database_name.encode('UTF-16LE')) self['DatabaseNamePtr'] = 0x20008 self['DesiredAccess'] = desired_access
def __init__(self, data=None, is_unicode=True): Struct.__init__(self, data) if data: self['Services'] = [] # case 1: No buffer included, nothing to do. if not self['ServicesSize']: return # case 2: There is a buffer to extract else: howmuch = self['ServicesSize'] buff = data[4:] self['retvalue'] = unpack('<L', data[-4:])[0] self['Unknown2'] = unpack('<L', data[-8:-4])[0] self['NbrOfServices'] = unpack('<L', data[-12:-8])[0] pos = 0 for i in xrange(self['NbrOfServices']): srv_name_off = unpack('<L', buff[pos:pos+4])[0] pos+=4 display_name_off = unpack('<L', buff[pos:pos+4])[0] pos += 4 service_status = SVCCTLServiceStatus(data=buff[pos:]) service_type = service_status.get_type() service_state = service_status.get_state() srv_name = extract_unicode_str(data[4+srv_name_off:]) display_name = extract_unicode_str(data[4+display_name_off:]) pos += service_status.calcsize() self['Services'].append({'ServiceName':srv_name, 'DisplayName':display_name, 'Type':service_type, 'CurrentState': service_state})
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['PathOffset'] - SMB2_HEADER_SIZE self['Buffer'] = data[pos:pos + self['PathLength']].decode('UTF-16LE')
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self.calcsize() self['Chunks'] = data[pos:pos + self['ChunkCount'] * 24] # Size of SrvCopyChunk
def __init__(self, data=None, PolicyHandle='\x00' * 20, is_unicode=True): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) else: self['PolicyHandle'] = PolicyHandle
def __init__(self, data=None, manager_handle='\x00'*20, service_name='', binary_pathname='', display_name='', start_type=SVCCTL_SERVICE_DEMAND_START, is_unicode=True): Struct.__init__(self, data) if data is not None: pos = 0 self['ManagerHandle'] = data[pos:pos+20] pos += 20 self['ServiceName'] = DCERPCString(data=data[pos:]) pos += len(self['ServiceName'].pack()) self['DisplayNamePtr'] = data[pos:pos+4] self['DisplayName'] = DCERPCString(data=data[pos:]) pos += len(self['DisplayName'].pack()) self['AccessMask'] = data[pos:pos+4] pos += 4 self['ServiceType'] = data[pos:pos+4] pos += 4 self['ServiceStartType'] = data[pos:pos+4] pos += 4 self['ServiceErrorControl'] = data[pos:pos+4] pos += 4 self['BinaryPathName'] = DCERPCString(data=data[pos:]) pos += len(self['BinaryPathName'].pack()) self['LoadOrderGroupPtr'] = data[pos:pos+4] pos += 4 self['TagId'] = data[pos:pos+4] pos += 4 self['DependenciesPtr'] = data[pos:pos+4] if self['DependenciesPtr']: logging.eror('SVCCTL_ERROR: DependenciesPtr != 0') return pos += 4 self['DependSize'] = data[pos:pos+4] pos += 4 self['ServiceStartNamePtr'] = data[pos:pos+4] if self['ServiceStartNamePtr']: logging.eror('SVCCTL_ERROR: DependenciesPtr != 0') return pos += 4 self['PasswordPtr'] = data[pos:pos+4] if self['PasswordPtr']: logging.eror('SVCCTL_ERROR: DependenciesPtr != 0') return pos += 4 self['PasswordSize'] = data[pos:pos+4] else: self['ManagerHandle'] = manager_handle self['ServiceName'] = DCERPCString(string=service_name.encode('UTF-16LE')) self['BinaryPathName'] = DCERPCString(string=binary_pathname.encode('UTF-16LE')) if len(display_name): self['DisplayName'] = DCERPCString(string=display_name.encode('UTF-16LE')) self['DisplayNamePtr'] = 0x20004 else: self['DisplayNamePtr'] = 0 self['ServiceStartType'] = start_type
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['TargetNameBufferOffset'] self['TargetName'] = data[pos:pos + self['TargetNameLen']] pos = self['TargetInfoBufferOffset'] self['TargetInfo'] = data[pos:pos + self['TargetInfoLen']]
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['CreateContextsOffset'] - SMB2_HEADER_SIZE self['CreateContexts'] = data[pos:pos + self['CreateContextsLength']] self['Buffer'] = self['CreateContexts']
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['NameOffset'] self['Name'] = data[pos:pos + self['NameLength']] pos = self['DataOffset'] self['Data'] = data[pos:pos + self['DataLength']] self['Buffer'] = self['Name'] + self['Data']
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['DomainNameBufferOffset'] self['DomainName'] = data[pos:pos + self['DomainNameLen']] pos = self['WorkstationBufferOffset'] self['WorkstationName'] = data[pos:pos + self['WorkstationLen']]
def __init__(self, data=None, ServerName='', NetName=''): Struct.__init__(self, data) if data is not None: ## TODO pass else: self['ServerName'] = ServerName.encode('UTF-16LE') self['NetName'] = NetName.encode('UTF-16LE')
def __init__(self, data=None, service_handle='\x00'*20, retvalue=0, is_unicode=True): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) else: self['ServiceHandle'] = service_handle self['retvalue'] = retvalue
def __init__(self, data=None, manager_handle='\x00'*20, retvalue=0, is_unicode=True): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) else: self['ManagerHandle'] = manager_handle self['retvalue'] = retvalue
def __init__(self, data=None, Level=WKSTA_USER_INFO_0, EntriesRead=0): Struct.__init__(self, data) if data is not None: Struct.__init__(self, data) self['UserInfo'] = WkstaUserInfoLevel0Array(data=data[4:]) else: self['Level'] = Level self['UserInfo'] = WkstaUserInfoLevel0Array(EntriesRead=EntriesRead)
def __init__(self, data=None): Struct.__init__(self, data) if data is not None: pos = self['InputOffset'] - SMB2_HEADER_SIZE self['Input'] = data[pos:pos + self['InputCount']] pos = self['OutputOffset'] - SMB2_HEADER_SIZE self['Output'] = data[pos:pos + self['OutputCount']] self['Buffer'] = self['Input'] + self['Output']
def __init__(self, data = None, apreq=''): Struct.__init__(self, data) if data is not None: raise RuntimeError, "Not implemented." else: oid = encoder.encode(univ.ObjectIdentifier(GSS_KRB5)) self['Krb5Oid'] = asn1_encode(0x60, oid) self['ApReq'] = apreq
def __init__(self, data=None, type=SVCCTL_SERVICE_WIN32, state=SVCCTL_SERVICE_PAUSED, is_unicode=True): Struct.__init__(self, data) if not data: self['ServiceType'] = type self['CurrentState'] = state
def __init__(self, data=None, extradata=None): Struct.__init__(self, data) if data is not None: pos = self.calcsize() if self['Length'] == 0: self['Name'] = DCERPCString(string='') else: self['Name'] = DCERPCString(data=extradata)
def __init__(self, data=None, manager_handle='', type=SVCCTL_SERVICE_WIN32, size=0, is_unicode=True): Struct.__init__(self, data) if not data: self['ManagerHandle'] = manager_handle self['ServicesSize'] = size self['ServiceType'] = type
def __init__(self, data=None, service_status=None, retvalue=0, is_unicode=True): Struct.__init__(self, data) if not data: self['ServiceStatus'] = service_status self['retvalue'] = retvalue else: self['ServiceStatus'] = SVCCTLServiceStatus(data=data) pos=self['ServiceStatus'].calcsize() self['retvalue'] = unpack('<L', data[pos:pos+4])[0]
def __init__(self, data=None, manager_handle='\x00' * 20, size=0, is_unicode=True): Struct.__init__(self, data) if not data: self['ManagerHandle'] = manager_handle self['ServicesSize'] = size
def __init__(self, data=None, service_handle='', control=SVCCTL_SERVICE_CONTROL_STOP, is_unicode=True): Struct.__init__(self, data) if not data: self['ServiceHandle'] = service_handle self['Control'] = control