From e86936877241656e5276d57a7502b582f726379e Mon Sep 17 00:00:00 2001
From: Robert David Graham <robert_david_graham@yahoo.com>
Date: Mon, 11 Jun 2018 03:03:06 -0400
Subject: [PATCH] netbios
---
src/proto-banner1.c | 2 ++
src/proto-smb.c | 41 +++++++++++++++++++++++++----------------
src/proto-x509.c | 1 -
3 files changed, 27 insertions(+), 17 deletions(-)
diff --git a/src/proto-banner1.c b/src/proto-banner1.c
index 1bc30d3..dc2508d 100644
--- a/src/proto-banner1.c
+++ b/src/proto-banner1.c
@@ -28,6 +28,8 @@ struct Patterns patterns[] = {
{"\x00\x00" "**" "\xff" "SMB", 8, PROTO_SMB, SMACK_ANCHOR_BEGIN | SMACK_WILDCARDS},
{"\x00\x00" "**" "\xfe" "SMB", 8, PROTO_SMB, SMACK_ANCHOR_BEGIN | SMACK_WILDCARDS},
+ {"\x82\x00\x00\x00", 4, PROTO_SMB, SMACK_ANCHOR_BEGIN}, /* Positive Session Response */
+
{"\x83\x00\x00\x01\x80", 5, PROTO_SMB, SMACK_ANCHOR_BEGIN}, /* Not listening on called name */
{"\x83\x00\x00\x01\x81", 5, PROTO_SMB, SMACK_ANCHOR_BEGIN}, /* Not listening for calling name */
{"\x83\x00\x00\x01\x82", 5, PROTO_SMB, SMACK_ANCHOR_BEGIN}, /* Called name not present */
diff --git a/src/proto-smb.c b/src/proto-smb.c
index 7e91200..2e8b686 100644
--- a/src/proto-smb.c
+++ b/src/proto-smb.c
@@ -92,6 +92,20 @@ struct SmbParams params[] = {
#define memberat(t, s, offset) (t*)((char*)(s)+(offset))
+static const char
+smb1_hello_template[] = {
+ 0x00, 0x00, 0x00, 0x45, 0xff, 0x53, 0x4d, 0x42,
+ 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc8,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x01, 0x00,
+ 0xff, 0xff, 0x00, 0x00, 0x00, 0x22, 0x00, 0x02,
+ 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e,
+ 0x31, 0x32, 0x00, 0x02, 0x53, 0x4d, 0x42, 0x20,
+ 0x32, 0x2e, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53,
+ 0x4d, 0x42, 0x20, 0x32, 0x2e, 0x3f, 0x3f, 0x3f,
+ 0x00
+
+};
static char smb1_null_session_setup[] = {
0x00, 0x00, 0x00, 0x7e, 0xff, 0x53, 0x4d, 0x42,
@@ -1648,6 +1662,9 @@ smb_parse_record(
state = NBT_UNKNOWN;
break;
case 0x82:
+ tcp_transmit(more, smb1_hello_template, sizeof(smb1_hello_template), 0);
+ state = NBT_DRAIN;
+ break;
case 0x85:
state = NBT_DRAIN;
break;
@@ -1705,6 +1722,12 @@ smb_parse_record(
break;
case NBT_DRAIN:
+ if (smb->nbt_length == 0) {
+ state = 0;
+ i--;
+ } else
+ smb->nbt_length--;
+ break;
case NBT_UNKNOWN:
default:
break;
@@ -1770,7 +1793,7 @@ smb0_hello_template[] = {
0x41, 0x43, 0x41, 0x43, 0x41, 0x43, 0x41, 0x43,
0x41, 0x43, 0x41, 0x43, 0x41, 0x41, 0x41, 0x00,
- 0x00, 0x00, 0x00, 0x45, 0xff, 0x53, 0x4d, 0x42,
+ /*0x00, 0x00, 0x00, 0x45, 0xff, 0x53, 0x4d, 0x42,
0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc8,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x01, 0x00,
@@ -1779,7 +1802,7 @@ smb0_hello_template[] = {
0x31, 0x32, 0x00, 0x02, 0x53, 0x4d, 0x42, 0x20,
0x32, 0x2e, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53,
0x4d, 0x42, 0x20, 0x32, 0x2e, 0x3f, 0x3f, 0x3f,
- 0x00
+ 0x00*/
};
static const char
smb1x_hello_template[] = {
@@ -1806,20 +1829,6 @@ xsmb1_hello_template[] = {
0x00
};
-static const char
-smb1_hello_template[] = {
- 0x00, 0x00, 0x00, 0x45, 0xff, 0x53, 0x4d, 0x42,
- 0x72, 0x00, 0x00, 0x00, 0x00, 0x08, 0x01, 0xc8,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0x01, 0x00,
- 0xff, 0xff, 0x00, 0x00, 0x00, 0x22, 0x00, 0x02,
- 0x4e, 0x54, 0x20, 0x4c, 0x4d, 0x20, 0x30, 0x2e,
- 0x31, 0x32, 0x00, 0x02, 0x53, 0x4d, 0x42, 0x20,
- 0x32, 0x2e, 0x30, 0x30, 0x32, 0x00, 0x02, 0x53,
- 0x4d, 0x42, 0x20, 0x32, 0x2e, 0x3f, 0x3f, 0x3f,
- 0x00
-
-};
static const unsigned char
smb2_negot_response[] = {
diff --git a/src/proto-x509.c b/src/proto-x509.c
index 795f075..6d991db 100644
--- a/src/proto-x509.c
+++ b/src/proto-x509.c
@@ -1357,7 +1357,6 @@ spnego_decode(struct SpnegoDecode *spnego,
* ready to parse the 'value'. Push the current state on the
* stack, then decend into the child field.
*/
- printf("\n%u\n", x->u.tag.remaining);
ASN1_push(x, x->brother_state, x->u.tag.remaining);
state = x->child_state;
memset(&x->u, 0, sizeof(x->u));
--
GitLab