Documentation
¶
Index ¶
- Constants
- Variables
- type Header
- type HeaderLog
- type HeaderV1
- type LoggedSession
- type NegotiateReq
- type NegotiateReqV1
- type NegotiateRes
- type NegotiateResV1
- type NegotiationLog
- type Options
- type SMBCapabilities
- type SMBLog
- type SMBVersions
- type Session
- func (s *Session) Close()
- func (s *Session) Debug(msg string, err error)
- func (s *Session) NegotiateProtocol() error
- func (s *Session) NewNegotiateReq() NegotiateReq
- func (s *Session) NewNegotiateReqV1() NegotiateReqV1
- func (s *Session) NewSessionSetup1Req() (SessionSetup1Req, error)
- func (s *Session) NewSessionSetup2Req() (SessionSetup2Req, error)
- func (s *Session) NewSessionSetupV1Req() SessionSetupV1Req
- func (s *Session) NewTreeConnectReq(name string) (TreeConnectReq, error)
- func (s *Session) NewTreeDisconnectReq(treeId uint32) (TreeDisconnectReq, error)
- func (s *Session) TreeConnect(name string) error
- func (s *Session) TreeDisconnect(name string) error
- type SessionSetup1Req
- type SessionSetup1Res
- type SessionSetup2Req
- type SessionSetup2Res
- type SessionSetupLog
- type SessionSetupV1Req
- type TreeConnectReq
- type TreeConnectRes
- type TreeDisconnectReq
- type TreeDisconnectRes
Constants ¶
View Source
const ( CommandNegotiate uint16 = iota CommandSessionSetup CommandLogoff CommandTreeConnect CommandTreeDisconnect CommandCreate CommandClose CommandFlush CommandRead CommandWrite CommandLock CommandIOCtl CommandCancel CommandEcho CommandQueryDirectory CommandChangeNotify CommandQueryInfo CommandSetInfo CommandOplockBreak )
View Source
const ( SecurityModeSigningEnabled uint16 SecurityModeSigningRequired )
View Source
const ( )
View Source
const ( )
View Source
const ( )
View Source
const ( SMB2_CAP_DFS = 0x00000001 // Distributed Filesystem SMB2_CAP_LEASING = 0x00000002 // Leasing Support SMB2_CAP_LARGE_MTU = 0x00000004 // Muti-credit support SMB2_CAP_MULTI_CHANNEL = 0x00000008 // Multi-channel support SMB2_CAP_PERSISTENT_HANDLES = 0x00000010 // Persistent handles SMB2_CAP_DIRECTORY_LEASING = 0x00000020 // Directory leasing SMB2_CAP_ENCRYPTION = 0x00000040 // Encryption support )
See [MS-SMB2] Sect. 2.2.4 These are the flags for the Capabilties field, and are use for determining the SMBCapabilties booleans (below).
View Source
const DialectSmb2_ALL = 0x02FF
View Source
const DialectSmb_1_0 = "\x02NT LM 0.12\x00"
View Source
const DialectSmb_2_0_2 = 0x0202
View Source
const DialectSmb_2_1 = 0x0210
View Source
const DialectSmb_3_0 = 0x0300
View Source
const DialectSmb_3_0_2 = 0x0302
View Source
const DialectSmb_3_1_1 = 0x0311
View Source
const ProtocolSmb = "\xFFSMB"
View Source
const ProtocolSmb2 = "\xFESMB"
View Source
const (
SmbHeaderV1Length = 32
)
View Source
const StatusInvalidParameter = 0xc000000d
View Source
const StatusLogonFailure = 0xc000006d
View Source
const StatusMoreProcessingRequired = 0xc0000016
View Source
const StatusOk = 0x00000000
View Source
const StatusUserSessionDeleted = 0xc0000203
Variables ¶
View Source
var StatusMap = map[uint32]string{ StatusOk: "OK", StatusMoreProcessingRequired: "More Processing Required", StatusInvalidParameter: "Invalid Parameter", StatusLogonFailure: "Logon failed", StatusUserSessionDeleted: "User session deleted", }
Functions ¶
This section is empty.
Types ¶
type HeaderLog ¶
type HeaderLog struct {
// ProtocolID identifies the SMB protocol version (e.g. ProtocolSmb ==
// "\xFFSMB")
ProtocolID []byte `json:"protocol_id"`
// Status is the server's status; e.g. NTSTATUS
// (https://msdn.microsoft.com/en-us/library/cc704588.aspx).
Status uint32 `json:"status"`
// Command is the command identifier.
Command uint16 `json:"command"`
// Credits is the number of credits granted to the client.
Credits uint16 `json:"credits"`
// Flags is the flags for the request (see
// https://msdn.microsoft.com/en-us/library/cc246529.aspx)
Flags uint32 `json:"flags"`
}
HeaderLog contains the relevant parts of the header that is included with each packet.
type LoggedSession ¶
LoggedSession wraps the Session struct, and holds a Log struct alongside it to track its progress.
func (*LoggedSession) LoggedNegotiateProtocol ¶
func (ls *LoggedSession) LoggedNegotiateProtocol(setup bool) error
LoggedNegotiateProtocol performs the same operations as Session.NegotiateProtocol() up to the point where user credentials would be required, and logs the server's responses. If setup is false, stop after reading the response to Negotiate. If setup is true, send a SessionSetup1 request.
Note: This supports SMB2 only.
func (*LoggedSession) LoggedNegotiateProtocolv1 ¶
func (ls *LoggedSession) LoggedNegotiateProtocolv1(setup bool) error
Temporary placeholder to detect SMB v1 by sending a simple v1 header with an invalid command; the response with be an error code, but with a v1 ProtocolID TODO: Parse the unmarshaled results.
func (*LoggedSession) LoggedSessionSetupV1 ¶
func (ls *LoggedSession) LoggedSessionSetupV1() (err error)
type NegotiateReq ¶
type NegotiateReqV1 ¶
type NegotiateRes ¶
type NegotiateRes struct {
Header
StructureSize uint16
SecurityMode uint16
DialectRevision uint16
Reserved uint16
ServerGuid []byte `smb:"fixed:16"`
Capabilities uint32
MaxTransactSize uint32
MaxReadSize uint32
MaxWriteSize uint32
SystemTime uint64
ServerStartTime uint64
SecurityBufferOffset uint16 `smb:"offset:SecurityBlob"`
SecurityBufferLength uint16 `smb:"len:SecurityBlob"`
Reserved2 uint32
SecurityBlob *gss.NegTokenInit
}
func NewNegotiateRes ¶
func NewNegotiateRes() NegotiateRes
type NegotiateResV1 ¶
type NegotiateResV1 struct {
HeaderV1
WordCount uint8
DialectIndex uint16
SecurityMode uint8
MaxMpxCount uint16
MaxNumberVcs uint16
MaxBufferSize uint32
MaxRawSize uint32
SessionKey uint32
Capabilities uint32
SystemTime uint64
ServerTimezon uint16
ChallengeLength uint8
ByteCount uint16 `smb:"len:VarData"`
VarData []byte
}
type NegotiationLog ¶
type NegotiationLog struct {
HeaderLog
// SecurityMode is the server's security mode (e.g. signing
// enabled/required).
SecurityMode uint16 `json:"security_mode"`
// DialectRevision is the SMB2 dialect number; 0x2FF is the wildcard.
DialectRevision uint16 `json:"dialect_revision"`
// ServerGuid is the server's globally unique identifier.
ServerGuid []byte `json:"server_guid"`
// Capabilities specifies protocol capabilities for the server.
Capabilities uint32 `json:"capabilities"`
// SystemTime is the time (in seconds since Unix epoch) the server received
// the negotiation request.
SystemTime uint32 `json:"system_time"`
// ServerStartTime is the time (in seconds since the Unix epoch) the server started.
ServerStartTime uint32 `json:"server_start_time"`
// AuthenticationTypes is a list of OBJECT IDENTIFIERs (in dotted-decimal
// format) identifying authentication modes that the server supports.
AuthenticationTypes []string `json:"authentication_types,omitempty"`
}
NegotiationLog contains the relevant parts of the negotiation response packet. See https://msdn.microsoft.com/en-us/library/cc246561.aspx.
type SMBCapabilities ¶
type SMBCapabilities struct {
DFSSupport bool `json:"smb_dfs_support"`
Leasing bool `json:"smb_leasing_support,omitempty"` // Valid for >2.0.2
LargeMTU bool `json:"smb_multicredit_support,omitempty"` // Valid for >2.0.2
MultiChan bool `json:"smb_multichan_support,omitempty"` // Valid for >2.1
Persist bool `json:"smb_persistent_handle_support,omitempty"` // Valid for >2.1
DirLeasing bool `json:"smb_directory_leasing_support,omitempty"` // Valid for >2.1
Encryption bool `json:"smb_encryption_support,omitempty"` // Only for 3.0, 3.0.2
}
type SMBLog ¶
type SMBLog struct {
// SupportV1 is true if the server's protocol ID indicates support for
// version 1.
SupportV1 bool `json:"smbv1_support"`
Version *SMBVersions `json:"smb_version,omitempty"`
// If present, represent the NativeOS, NTLM, and GroupName fields of SMBv1 Session Setup Negotiation
// An empty string for these values indicate the data was not available
NativeOs string `json:"native_os"`
NTLM string `json:"ntlm"`
GroupName string `json:"group_name"`
// While the NegotiationLogs and SessionSetupLog each have their own
// Capabilties field, we are ignoring the SessionsSetupLog capability
// when decoding, and only representing the server capabilties based
// on what is present in the NegotiationLog capability bitmask field,
// which is why this capability decode is presented at this level
// in the results.
//
// This is based on Sect. 2.2.4 from the [MS-SMB2] document, which states:
// "The Capabilities field specifies protocol capabilities for the server."
Capabilities *SMBCapabilities `json:"smb_capabilities,omitempty"`
// HasNTLM is true if the server supports the NTLM authentication method.
HasNTLM bool `json:"has_ntlm"`
// NegotiationLog, if present, contains the server's response to the
// negotiation request.
NegotiationLog *NegotiationLog `json:"negotiation_log,omitempty"`
// SessionSetupLog, if present, contains the server's response to the
// session setup request.
SessionSetupLog *SessionSetupLog `json:"session_setup_log,omitempty"`
}
SMBLog logs the relevant information about the session.
type SMBVersions ¶
type SMBVersions struct {
Major uint8 `json:"major"`
Minor uint8 `json:"minor"`
Revision uint8 `json:"revision"`
VerString string `json:"version_string"`
}
Parse the SMB version and dialect; version string will be of the form: Major.Minor.Revision.
'Revisions' are set to 0 if not specified (e.g. 2.1 is 2.1.0) The following versions/dialects are known: SMB 1.0.0 SMB 2.0.2 SMB 2.1.0 SMB 3.0.0 SMB 3.0.2 SMB 3.1.1
type Session ¶
type Session struct {
IsSigningRequired bool
IsAuthenticated bool
// contains filtered or unexported fields
}
func (*Session) NegotiateProtocol ¶
func (*Session) NewNegotiateReq ¶
func (s *Session) NewNegotiateReq() NegotiateReq
func (*Session) NewNegotiateReqV1 ¶
func (s *Session) NewNegotiateReqV1() NegotiateReqV1
func (*Session) NewSessionSetup1Req ¶
func (s *Session) NewSessionSetup1Req() (SessionSetup1Req, error)
func (*Session) NewSessionSetup2Req ¶
func (s *Session) NewSessionSetup2Req() (SessionSetup2Req, error)
func (*Session) NewSessionSetupV1Req ¶
func (s *Session) NewSessionSetupV1Req() SessionSetupV1Req
func (*Session) NewTreeConnectReq ¶
func (s *Session) NewTreeConnectReq(name string) (TreeConnectReq, error)
NewTreeConnectReq creates a new TreeConnect message and accepts the share name as input.
func (*Session) NewTreeDisconnectReq ¶
func (s *Session) NewTreeDisconnectReq(treeId uint32) (TreeDisconnectReq, error)
func (*Session) TreeConnect ¶
func (*Session) TreeDisconnect ¶
type SessionSetup1Req ¶
type SessionSetup1Res ¶
type SessionSetup1Res struct {
Header
StructureSize uint16
Flags uint16
SecurityBufferOffset uint16 `smb:"offset:SecurityBlob"`
SecurityBufferLength uint16 `smb:"len:SecurityBlob"`
SecurityBlob *gss.NegTokenResp
}
func NewSessionSetup1Res ¶
func NewSessionSetup1Res() (SessionSetup1Res, error)
type SessionSetup2Req ¶
type SessionSetup2Res ¶
type SessionSetup2Res struct {
Header
StructureSize uint16
Flags uint16
SecurityBufferOffset uint16 `smb:"offset:SecurityBlob"`
SecurityBufferLength uint16 `smb:"len:SecurityBlob"`
SecurityBlob *gss.NegTokenResp
}
func NewSessionSetup2Res ¶
func NewSessionSetup2Res() (SessionSetup2Res, error)
type SessionSetupLog ¶
type SessionSetupLog struct {
HeaderLog
// SetupFlags is the gives additional information on the session.
SetupFlags uint16 `json:"setup_flags"`
// TargetName is the target name from the challenge packet
TargetName string `json:"target_name"`
// NegotiateFlags are the flags from the challenge packet
NegotiateFlags uint32 `json:"negotiate_flags"`
}
SessionSetupLog contains the relevant parts of the first session setup response packet. See https://msdn.microsoft.com/en-us/library/cc246564.aspx
type SessionSetupV1Req ¶
type SessionSetupV1Req struct {
HeaderV1
WordCount uint8
AndCommand uint8
Reserved1 uint8
AndOffset uint16
MaxBuffer uint16
MaxMPXCount uint16
VCNumber uint16
SessionKey uint32
OEMPasswordLength uint16
UnicodePasswordLength uint16
Reserved2 uint32
Capabilities uint32
ByteCount uint16
VarData []byte
}
type TreeConnectReq ¶
type TreeConnectRes ¶
type TreeConnectRes struct {
Header
StructureSize uint16
Reserved byte
Capabilities uint32
MaximalAccess uint32
}
func NewTreeConnectRes ¶
func NewTreeConnectRes() (TreeConnectRes, error)
type TreeDisconnectReq ¶
type TreeDisconnectRes ¶
func NewTreeDisconnectRes ¶
func NewTreeDisconnectRes() (TreeDisconnectRes, error)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.