2018-08-13 07:48:32 +00:00
|
|
|
package smb
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/binary"
|
|
|
|
"strings"
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
osm "git.loafle.net/overflow/service_matcher-go"
|
2018-08-13 07:48:32 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
const (
|
|
|
|
SMB_COM_NEGOTIATE uint8 = 0x72
|
|
|
|
SMB_SUCCESS uint8 = 0x00
|
|
|
|
)
|
|
|
|
|
|
|
|
type netBIOS struct {
|
|
|
|
MsgType byte
|
|
|
|
MsgLength [3]uint8
|
|
|
|
}
|
|
|
|
|
|
|
|
type smb struct {
|
|
|
|
NetBios netBIOS
|
|
|
|
Component [4]uint8
|
|
|
|
SmbCommand uint8
|
|
|
|
NtStatus [4]uint8
|
|
|
|
Flags uint8
|
|
|
|
Flags2 [2]uint8
|
|
|
|
ProcessId uint16
|
|
|
|
Signature uint64
|
|
|
|
Reserved uint16
|
|
|
|
Tid uint16
|
|
|
|
Pid uint16
|
|
|
|
Uid uint16
|
|
|
|
Mid uint16
|
|
|
|
Wct uint8
|
|
|
|
Bcc uint16
|
|
|
|
Bf1 uint8
|
|
|
|
Name1 [23]uint8
|
|
|
|
Bf2 uint8
|
|
|
|
Name2 [10]uint8
|
|
|
|
Bf3 uint8
|
|
|
|
Name3 [28]uint8
|
|
|
|
Bf4 uint8
|
|
|
|
Name4 [10]uint8
|
|
|
|
Bf5 uint8
|
|
|
|
Name5 [10]uint8
|
|
|
|
Bf6 uint8
|
|
|
|
Name6 [11]uint8
|
|
|
|
}
|
|
|
|
|
|
|
|
type SMBMatcher struct {
|
2018-08-15 07:17:18 +00:00
|
|
|
osm.Matchers
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) Key() string {
|
2018-08-13 07:48:32 +00:00
|
|
|
return "SMB"
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) Name(matchCtx *osm.MatchCtx) string {
|
2018-08-13 07:48:32 +00:00
|
|
|
return "SMB"
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) IsPrePacket(matchCtx *osm.MatchCtx) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) HasResponse(matchCtx *osm.MatchCtx, index int) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return true
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) IsError(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) bool {
|
2018-08-13 07:48:32 +00:00
|
|
|
return false
|
|
|
|
}
|
|
|
|
|
2018-09-03 13:36:57 +00:00
|
|
|
func (m *SMBMatcher) Match(matchCtx *osm.MatchCtx, index int, packet *osm.Packet) error {
|
2018-08-13 07:48:32 +00:00
|
|
|
|
2018-09-03 06:42:56 +00:00
|
|
|
if packet == nil || !packet.Valid() {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NoPacketReceivedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
reader := new(bytes.Buffer)
|
2018-09-03 07:23:25 +00:00
|
|
|
reader.Write(packet.Buffer)
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
s := smb{}
|
|
|
|
if err := binary.Read(reader, binary.BigEndian, &s); err != nil {
|
|
|
|
return err
|
|
|
|
}
|
|
|
|
|
|
|
|
var des [4]byte
|
|
|
|
copy(des[1:], s.NetBios.MsgLength[:])
|
|
|
|
packetLen := binary.BigEndian.Uint32(des[:])
|
|
|
|
|
|
|
|
if packetLen != uint32(packet.Len-4) {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if !strings.Contains(string(s.Component[:]), "SMB") {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
if s.SmbCommand != SMB_COM_NEGOTIATE {
|
2018-08-15 07:17:18 +00:00
|
|
|
return osm.NotMatchedError()
|
2018-08-13 07:48:32 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
|
|
|
|
}
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
func NewMatcher() osm.Matcher {
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
m := &SMBMatcher{}
|
|
|
|
|
|
|
|
query := smb{}
|
|
|
|
query.NetBios.MsgType = 0x00
|
|
|
|
query.NetBios.MsgLength[2] = 0x85
|
|
|
|
|
|
|
|
query.Component[0] = 0xff
|
|
|
|
query.Component[1] = 'S'
|
|
|
|
query.Component[2] = 'M'
|
|
|
|
query.Component[3] = 'B'
|
|
|
|
|
|
|
|
query.SmbCommand = SMB_COM_NEGOTIATE
|
|
|
|
query.NtStatus[3] = SMB_SUCCESS
|
|
|
|
query.Flags = 0x18
|
|
|
|
query.Flags2[0] = 0x53
|
|
|
|
query.Flags2[1] = 0xC8
|
|
|
|
|
|
|
|
query.ProcessId = 0x00
|
|
|
|
query.Signature = 0x00
|
|
|
|
query.Reserved = 0
|
|
|
|
query.Tid = 0
|
|
|
|
query.Pid = 0xfeff
|
|
|
|
query.Uid = 0
|
|
|
|
query.Mid = 0
|
|
|
|
query.Wct = 0
|
|
|
|
query.Bcc = 0x0062
|
|
|
|
|
|
|
|
query.Bf1 = 0x02
|
|
|
|
copy(query.Name1[:], "PC NETWORK PROGRAM 1.0")
|
|
|
|
|
|
|
|
query.Bf2 = 0x02
|
|
|
|
copy(query.Name2[:], "LANMAN1.0")
|
|
|
|
|
|
|
|
query.Bf3 = 0x02
|
|
|
|
copy(query.Name3[:], "Windows for Workgroups 3.1a")
|
|
|
|
|
|
|
|
query.Bf4 = 0x02
|
|
|
|
copy(query.Name4[:], "LM1.2X002")
|
|
|
|
|
|
|
|
query.Bf5 = 0x02
|
|
|
|
copy(query.Name5[:], "LANMAN2.1")
|
|
|
|
|
|
|
|
query.Bf6 = 0x02
|
|
|
|
copy(query.Name6[:], "NT LM 0.12")
|
|
|
|
|
|
|
|
writer := new(bytes.Buffer)
|
|
|
|
binary.Write(writer, binary.LittleEndian, query)
|
|
|
|
|
2018-08-15 07:17:18 +00:00
|
|
|
m.AddPacket(osm.NewPacket(writer.Bytes(), writer.Len()))
|
2018-08-13 07:48:32 +00:00
|
|
|
|
|
|
|
return m
|
|
|
|
}
|