network_service_matcher/smb/smb.go

155 lines
2.7 KiB
Go
Raw Normal View History

2017-12-04 07:27:08 +00:00
package smb
import (
"bytes"
"encoding/binary"
"strings"
cnsm "git.loafle.net/commons_go/network_service_matcher"
)
const (
SMB_COM_NEGOTIATE uint8 = 0x72
SMB_SUCCESS uint8 = 0x00
)
type netBIOS struct {
MsgType byte
MsgLength [3]uint8
}
type smb struct {
NetBios netBIOS
Component [4]uint8
SmbCommand uint8
NtStatus [4]uint8
Flags uint8
Flags2 [2]uint8
ProcessId uint16
Signature uint64
Reserved uint16
Tid uint16
Pid uint16
Uid uint16
Mid uint16
Wct uint8
Bcc uint16
Bf1 uint8
Name1 [23]uint8
Bf2 uint8
Name2 [10]uint8
Bf3 uint8
Name3 [28]uint8
Bf4 uint8
Name4 [10]uint8
Bf5 uint8
Name5 [10]uint8
Bf6 uint8
Name6 [11]uint8
}
type SMBMatcher struct {
cnsm.Matchers
}
func (t *SMBMatcher) ServiceName() string {
return "SMB"
}
func (t *SMBMatcher) IsPrePacket() bool {
return false
}
func (t *SMBMatcher) HasResponse(index int) bool {
return true
}
func (t *SMBMatcher) IsError(info cnsm.MatchInfo, index int, packet *cnsm.Packet) bool {
return false
}
func (t *SMBMatcher) Match(info cnsm.MatchInfo, index int, packet *cnsm.Packet) bool {
if packet == nil {
return false
}
reader := new(bytes.Buffer)
reader.Write(packet.Buffer)
s := smb{}
if err := binary.Read(reader, binary.BigEndian, &s); err != nil {
return false
}
var des [4]byte
copy(des[1:], s.NetBios.MsgLength[:])
packetLen := binary.BigEndian.Uint32(des[:])
if packetLen != uint32(packet.Len-4) {
return false
}
if !strings.Contains(string(s.Component[:]), "SMB") {
return false
}
return true
}
func NewMatcher() cnsm.Matcher {
m := &SMBMatcher{}
query := smb{}
query.NetBios.MsgType = 0x00
query.NetBios.MsgLength[2] = 0x85
query.Component[0] = 0xff
query.Component[1] = 'S'
query.Component[2] = 'M'
query.Component[3] = 'B'
query.SmbCommand = SMB_COM_NEGOTIATE
query.NtStatus[3] = SMB_SUCCESS
query.Flags = 0x18
query.Flags2[0] = 0x53
query.Flags2[1] = 0xC8
query.ProcessId = 0x00
query.Signature = 0x00
query.Reserved = 0
query.Tid = 0
query.Pid = 0xfeff
query.Uid = 0
query.Mid = 0
query.Wct = 0
query.Bcc = 0x0062
query.Bf1 = 0x02
copy(query.Name1[:], "PC NETWORK PROGRAM 1.0")
query.Bf2 = 0x02
copy(query.Name2[:], "LANMAN1.0")
query.Bf3 = 0x02
copy(query.Name3[:], "Windows for Workgroups 3.1a")
query.Bf4 = 0x02
copy(query.Name4[:], "LM1.2X002")
query.Bf5 = 0x02
copy(query.Name5[:], "LANMAN2.1")
query.Bf6 = 0x02
copy(query.Name6[:], "NT LM 0.12")
writer := new(bytes.Buffer)
binary.Write(writer, binary.LittleEndian, query)
m.AddPacket(cnsm.NewPacket(writer.Bytes(), writer.Len()))
return m
}