STRLCPY/SharpMapExec

smb feature update
cube0x0 committed 3 years ago

876d7b45

1 parent 089005a7

.vs/SharpMapExec/v16/.suo

Binary file.

■ ■ ■ ■ ■ ■

README.md

		skipped 106 lines
107	107
108	108		Projects that helped or are existing in this tool
109	109
110		-	* [Rubeus](https://github.com/GhostPack/Rubeus) [@Harmj0y](https://twitter.com/harmj0y)
111		-
112		-	* [SharpDPAPI](https://github.com/GhostPack/SharpDPAPI) [@Harmj0y](https://twitter.com/harmj0y)
113		-
114		-	* [SharpKatz](https://github.com/b4rtik/SharpKatz) [@b4rtik](https://twitter.com/b4rtik)
115		-
	110	+	* [Rubeus](https://github.com/GhostPack/Rubeus) [@Harmj0y](https://twitter.com/harmj0y)
	111	+	* [SharpDPAPI](https://github.com/GhostPack/SharpDPAPI) [@Harmj0y](https://twitter.com/harmj0y)
	112	+	* [SharpKatz](https://github.com/b4rtik/SharpKatz) [@b4rtik](https://twitter.com/b4rtik)
116	113		* [Amsi.Fail](https://github.com/Flangvik/AMSI.fail) [@Flangvik](https://twitter.com/Flangvik)
117		-
118	114		* [SharpSecDump](https://github.com/G0ldenGunSec/SharpSecDump) [@G0ldenGunSec](https://twitter.com/G0ldenGunSec)
119		-
120	115		* [CrackMapExec](https://github.com/byt3bl33d3r/CrackMapExec) [@byt3bl33d3r](https://twitter.com/byt3bl33d3r)
121		-
	116	+	* [Pingcastle ](https://github.com/vletoux/pingcastle) [@mysmartlogon](https://twitter.com/mysmartlogon)
122	117

■ ■ ■ ■ ■ ■

SharpMapExec/Lib/NtlmSmb.cs

		skipped 79 lines
80	80		{
81	81		Directory.CreateDirectory(Path.Combine("loot", computername));
82	82		}
	83	+	Smb.CheckSMBVersion(computername);
	84	+	Smb.CheckOsVersion(computername);
83	85		Smb.CheckLocalAdmin(computername, module);
84	86		Console.WriteLine("");
85	87		}
		skipped 7 lines

■ ■ ■ ■ ■ ■ ■

SharpMapExec/Lib/Smb.cs

1	1		using System;
2	2		using System.Collections.Generic;
	3	+	using System.ComponentModel;
	4	+	using System.Diagnostics;
3	5		using System.IO;
4	6		using System.Linq;
	7	+	using System.Net;
	8	+	using System.Net.Sockets;
5	9		using System.Runtime.InteropServices;
	10	+	using System.Security.Cryptography;
	11	+	using System.Security.Permissions;
6	12		using System.Text;
7	13
8	14		namespace SharpMapExec.Lib
9	15		{
	16	+	public class Smb2Protocol
	17	+	{
	18	+	public enum SBM2_Command
	19	+	{
	20	+	SMB2_NEGOTIATE = 0,
	21	+	SMB2_SESSION_SETUP = 1,
	22	+	SMB2_TREE_CONNECT = 3,
	23	+	SMB2_IOCTL = 0x000B,
	24	+	}
	25	+
	26	+	private static byte[] mechTypes = new byte[] { 0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a, };
	27	+
	28	+	public const uint STATUS_MORE_PROCESSING_REQUIRED = 0xc0000016;
	29	+
	30	+	// https://msdn.microsoft.com/en-us/library/cc246529.aspx
	31	+	[StructLayout(LayoutKind.Explicit)]
	32	+	public struct SMB2_Header
	33	+	{
	34	+	[FieldOffset(0)]
	35	+	public UInt32 ProtocolId;
	36	+
	37	+	[FieldOffset(4)]
	38	+	public UInt16 StructureSize;
	39	+
	40	+	[FieldOffset(6)]
	41	+	public UInt16 CreditCharge;
	42	+
	43	+	[FieldOffset(8)]
	44	+	public UInt32 Status; // to do SMB3
	45	+
	46	+	[FieldOffset(12)]
	47	+	public UInt16 Command;
	48	+
	49	+	[FieldOffset(14)]
	50	+	public UInt16 CreditRequest_Response;
	51	+
	52	+	[FieldOffset(16)]
	53	+	public UInt32 Flags;
	54	+
	55	+	[FieldOffset(20)]
	56	+	public UInt32 NextCommand;
	57	+
	58	+	[FieldOffset(24)]
	59	+	public UInt64 MessageId;
	60	+
	61	+	[FieldOffset(32)]
	62	+	public UInt32 Reserved;
	63	+
	64	+	[FieldOffset(36)]
	65	+	public UInt32 TreeId;
	66	+
	67	+	[FieldOffset(40)]
	68	+	public UInt64 SessionId;
	69	+
	70	+	[FieldOffset(48)]
	71	+	public UInt64 Signature1;
	72	+
	73	+	[FieldOffset(56)]
	74	+	public UInt64 Signature2;
	75	+	}
	76	+
	77	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	78	+	public struct SMB2_NegotiateRequest
	79	+	{
	80	+	[FieldOffset(0)]
	81	+	public UInt16 StructureSize;
	82	+
	83	+	[FieldOffset(2)]
	84	+	public UInt16 DialectCount;
	85	+
	86	+	[FieldOffset(4)]
	87	+	public UInt16 SecurityMode;
	88	+
	89	+	[FieldOffset(6)]
	90	+	public UInt16 Reserved;
	91	+
	92	+	[FieldOffset(8)]
	93	+	public UInt32 Capabilities;
	94	+
	95	+	[FieldOffset(12)]
	96	+	public Guid ClientGuid;
	97	+
	98	+	[FieldOffset(28)]
	99	+	public UInt64 ClientStartTime;
	100	+
	101	+	[FieldOffset(36)]
	102	+	public UInt16 DialectToTest;
	103	+	}
	104	+
	105	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	106	+	public struct SMB2_NegotiateResponse
	107	+	{
	108	+	[FieldOffset(0)]
	109	+	public UInt16 StructureSize;
	110	+
	111	+	[FieldOffset(2)]
	112	+	public byte SecurityMode;
	113	+
	114	+	[FieldOffset(3)]
	115	+	public UInt16 Dialect;
	116	+	}
	117	+
	118	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	119	+	public struct SMB2_SessionSetupResponse
	120	+	{
	121	+	[FieldOffset(0)]
	122	+	public UInt16 StructureSize;
	123	+
	124	+	[FieldOffset(2)]
	125	+	public UInt16 SessionFlags;
	126	+
	127	+	[FieldOffset(4)]
	128	+	public UInt16 SecurityBufferOffset;
	129	+
	130	+	[FieldOffset(6)]
	131	+	public UInt16 SecurityBufferLength;
	132	+	}
	133	+
	134	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	135	+	public struct SMB2_SessionSetup
	136	+	{
	137	+	[FieldOffset(0)]
	138	+	public UInt16 StructureSize;
	139	+
	140	+	[FieldOffset(2)]
	141	+	public byte Flags;
	142	+
	143	+	[FieldOffset(3)]
	144	+	public byte SecurityMode;
	145	+
	146	+	[FieldOffset(4)]
	147	+	public UInt32 Capabilities;
	148	+
	149	+	[FieldOffset(8)]
	150	+	public UInt32 Channel;
	151	+
	152	+	[FieldOffset(12)]
	153	+	public UInt16 SecurityBufferOffset;
	154	+
	155	+	[FieldOffset(14)]
	156	+	public UInt16 SecurityBufferLength;
	157	+
	158	+	[FieldOffset(16)]
	159	+	public UInt64 PreviousSessionId;
	160	+	}
	161	+
	162	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	163	+	public struct SMB2_TreeConnect
	164	+	{
	165	+	[FieldOffset(0)]
	166	+	public UInt16 StructureSize;
	167	+
	168	+	[FieldOffset(2)]
	169	+	public UInt16 Flags;
	170	+
	171	+	[FieldOffset(4)]
	172	+	public UInt16 PathOffset;
	173	+
	174	+	[FieldOffset(6)]
	175	+	public UInt16 PathLength;
	176	+	}
	177	+
	178	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	179	+	public struct SMB2_TreeConnectResponse
	180	+	{
	181	+	[FieldOffset(0)]
	182	+	public UInt16 StructureSize;
	183	+
	184	+	[FieldOffset(2)]
	185	+	public byte ShareType;
	186	+
	187	+	[FieldOffset(4)]
	188	+	public UInt32 ShareFlags;
	189	+
	190	+	[FieldOffset(8)]
	191	+	public UInt32 Capabilities;
	192	+
	193	+	[FieldOffset(12)]
	194	+	public UInt32 MaximalAccess;
	195	+	}
	196	+
	197	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	198	+	public struct SMB2_IOCTLRequest
	199	+	{
	200	+	[FieldOffset(0)]
	201	+	public UInt16 StructureSize;
	202	+
	203	+	[FieldOffset(4)]
	204	+	public UInt32 CtlCode;
	205	+
	206	+	[FieldOffset(8)]
	207	+	public Guid FileId;
	208	+
	209	+	[FieldOffset(24)]
	210	+	public UInt32 InputOffset;
	211	+
	212	+	[FieldOffset(28)]
	213	+	public UInt32 InputCount;
	214	+
	215	+	[FieldOffset(32)]
	216	+	public UInt32 MaxInputResponse;
	217	+
	218	+	[FieldOffset(36)]
	219	+	public UInt32 OutputOffset;
	220	+
	221	+	[FieldOffset(40)]
	222	+	public UInt32 OutputCount;
	223	+
	224	+	[FieldOffset(44)]
	225	+	public UInt32 MaxOutputResponse;
	226	+
	227	+	[FieldOffset(48)]
	228	+	public UInt32 Flags;
	229	+
	230	+	[FieldOffset(52)]
	231	+	public UInt32 Reserved2;
	232	+	}
	233	+
	234	+	[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Portability", "CA1900:ValueTypeFieldsShouldBePortable"), StructLayout(LayoutKind.Explicit)]
	235	+	public struct SMB2_IOCTLResponse
	236	+	{
	237	+	[FieldOffset(0)]
	238	+	public UInt16 StructureSize;
	239	+
	240	+	[FieldOffset(4)]
	241	+	public UInt32 CtlCode;
	242	+
	243	+	[FieldOffset(8)]
	244	+	public Guid FileId;
	245	+
	246	+	[FieldOffset(24)]
	247	+	public UInt32 InputOffset;
	248	+
	249	+	[FieldOffset(28)]
	250	+	public UInt32 InputCount;
	251	+
	252	+	[FieldOffset(32)]
	253	+	public UInt32 OutputOffset;
	254	+
	255	+	[FieldOffset(36)]
	256	+	public UInt32 OutputCount;
	257	+
	258	+	[FieldOffset(40)]
	259	+	public UInt32 Flags;
	260	+
	261	+	[FieldOffset(44)]
	262	+	public UInt32 Reserved2;
	263	+	}
	264	+
	265	+	[Flags]
	266	+	public enum SMB2_NETWORK_INTERFACE_INFO_Capability : uint
	267	+	{
	268	+	None = 0,
	269	+	RSS_CAPABLE = 1,
	270	+	RDMA_CAPABLE = 2,
	271	+	}
	272	+
	273	+	public struct SMB2_NETWORK_INTERFACE_INFO
	274	+	{
	275	+	public int Next;
	276	+	public UInt32 IfIndex;
	277	+	public SMB2_NETWORK_INTERFACE_INFO_Capability Capability;
	278	+	public UInt32 Reserved;
	279	+	public UInt64 LinkSpeed;
	280	+	public UInt16 SockAddr_Storage_Family;
	281	+
	282	+	[MarshalAs(UnmanagedType.ByValArray, SizeConst = 14)]
	283	+	public byte[] SockAddr_Storage_Buffer;
	284	+	}
	285	+
	286	+	public class NetworkInfo
	287	+	{
	288	+	public SMB2_NETWORK_INTERFACE_INFO_Capability Capability { get; set; }
	289	+	public ulong LinkSpeed { get; set; }
	290	+	public IPAddress IP { get; set; }
	291	+
	292	+	public uint Index { get; set; }
	293	+	}
	294	+
	295	+	[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
	296	+	public byte[] GenerateSmb2HeaderFromCommand(SBM2_Command command)
	297	+	{
	298	+	SMB2_Header header = new SMB2_Header();
	299	+	header.ProtocolId = 0x424D53FE;
	300	+	header.Command = (byte)command;
	301	+	header.StructureSize = 64;
	302	+	header.MessageId = _messageId++;
	303	+	header.Reserved = 0xFEFF;
	304	+	header.SessionId = _sessionid;
	305	+	header.TreeId = _TreeId;
	306	+	return getBytes(header);
	307	+	}
	308	+
	309	+	public static byte[] getBytes(object structure)
	310	+	{
	311	+	int size = Marshal.SizeOf(structure);
	312	+	byte[] arr = new byte[size];
	313	+
	314	+	IntPtr ptr = Marshal.AllocHGlobal(size);
	315	+	Marshal.StructureToPtr(structure, ptr, true);
	316	+	Marshal.Copy(ptr, arr, 0, size);
	317	+	Marshal.FreeHGlobal(ptr);
	318	+	return arr;
	319	+	}
	320	+
	321	+	// MS-SMB2 2.2.3 SMB2 NEGOTIATE Request
	322	+	[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
	323	+	public static byte[] GetNegotiateMessageSmbv2(int DialectToTest)
	324	+	{
	325	+	SMB2_NegotiateRequest request = new SMB2_NegotiateRequest();
	326	+	request.StructureSize = 36;
	327	+	request.DialectCount = 1;
	328	+	request.SecurityMode = 1; // signing enabled
	329	+	request.ClientGuid = Guid.NewGuid();
	330	+	request.DialectToTest = (UInt16)DialectToTest;
	331	+	request.Capabilities = 1; //DFS
	332	+	return getBytes(request);
	333	+	}
	334	+
	335	+	// MS-SMB2 2.2.3 SMB2 NEGOTIATE Request
	336	+	[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
	337	+	public static byte[] GetSessionSetupMessageSmbv2(int securityBufferLength)
	338	+	{
	339	+	var request = new SMB2_SessionSetup();
	340	+	request.StructureSize = 25;
	341	+	request.Flags = 0;
	342	+	request.SecurityMode = 1; // signing enabled
	343	+	request.Capabilities = 1; //DFS
	344	+	request.Channel = 0;
	345	+	request.PreviousSessionId = 0;
	346	+	request.SecurityBufferLength = (ushort)securityBufferLength;
	347	+	request.SecurityBufferOffset = (ushort)(Marshal.SizeOf(typeof(SMB2_SessionSetup)) + Marshal.SizeOf(typeof(SMB2_Header)));
	348	+	return getBytes(request);
	349	+	}
	350	+
	351	+	[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
	352	+	public static byte[] GetTreeConnectMessageSmbv2(int targetlen)
	353	+	{
	354	+	var request = new SMB2_TreeConnect();
	355	+	request.StructureSize = 9;
	356	+	request.Flags = 0;
	357	+	request.PathOffset = (ushort)(Marshal.SizeOf(typeof(SMB2_Header)) + Marshal.SizeOf(typeof(SMB2_TreeConnect)));
	358	+	request.PathLength = (ushort)(targetlen * 2);
	359	+	return getBytes(request);
	360	+	}
	361	+
	362	+	[SecurityPermission(SecurityAction.LinkDemand, Flags = SecurityPermissionFlag.UnmanagedCode)]
	363	+	public static byte[] GetIOCTLRequest(uint CTLCode, bool IsFSCTL)
	364	+	{
	365	+	var request = new SMB2_IOCTLRequest();
	366	+	request.StructureSize = 57;
	367	+	request.CtlCode = CTLCode;
	368	+	request.FileId = new Guid("ffffffff-ffff-ffff-ffff-ffffffffffff");
	369	+	request.InputOffset = (uint)(Marshal.SizeOf(typeof(SMB2_Header)) + Marshal.SizeOf(typeof(SMB2_IOCTLRequest)));
	370	+	request.OutputOffset = request.InputOffset;
	371	+	request.MaxOutputResponse = 0x10000;
	372	+	request.MaxInputResponse = 0;
	373	+	request.Flags = (uint)(IsFSCTL ? 1 : 0);
	374	+	return getBytes(request);
	375	+	}
	376	+
	377	+	public static byte[] GetGSSSpNegoToken(int NTLMTokenLen)
	378	+	{
	379	+	// brutal ASN1 encoding - use https://lapo.it/asn1js to verify it
	380	+	return new byte[]
	381	+	{
	382	+	0x60, (byte) (NTLMTokenLen + 32),
	383	+	0x06, 0x06,
	384	+	0x2b, 0x06, 0x01, 0x05, 0x05, 0x02,
	385	+	0xa0, (byte) (NTLMTokenLen + 22),
	386	+	0x30, (byte) (NTLMTokenLen + 20),
	387	+	0xa0, 0x0e,
	388	+	0x30, 0x0c, 0x06, 0x0a, 0x2b, 0x06, 0x01, 0x04, 0x01, 0x82, 0x37, 0x02, 0x02, 0x0a,
	389	+	0xa2, (byte) (NTLMTokenLen + 2),
	390	+	0x04, (byte) NTLMTokenLen
	391	+	};
	392	+	}
	393	+
	394	+	public static byte[] GetGSSSpNegoToken2(int NTLMTokenLen, int MIClen)
	395	+	{
	396	+	// brutal ASN1 encoding - use https://lapo.it/asn1js to verify it
	397	+	return new byte[]
	398	+	{
	399	+	0xa1,0x82,HighByte(NTLMTokenLen+17+MIClen),LowByte(NTLMTokenLen+17+MIClen),
	400	+	0x30,0x82,HighByte(NTLMTokenLen+13+MIClen),LowByte(NTLMTokenLen+13+MIClen),
	401	+	0xa0,0x03,0x0a,0x01,0x01,
	402	+	0xa2,0x82,HighByte(NTLMTokenLen+4),LowByte(NTLMTokenLen+4),
	403	+	0x04,0x82,HighByte(NTLMTokenLen),LowByte(NTLMTokenLen)
	404	+	};
	405	+	}
	406	+
	407	+	private static byte LowByte(int size)
	408	+	{
	409	+	return (byte)(size % 0x100);
	410	+	}
	411	+
	412	+	private static byte HighByte(int size)
	413	+	{
	414	+	return (byte)(size / 0x100);
	415	+	}
	416	+
	417	+	private static byte[] AESEncrypt(byte[] key, byte[] iv, byte[] data)
	418	+	{
	419	+	using (MemoryStream ms = new MemoryStream())
	420	+	{
	421	+	var aes = Rijndael.Create();
	422	+
	423	+	aes.Mode = CipherMode.CBC;
	424	+	aes.Padding = PaddingMode.None;
	425	+
	426	+	using (CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(key, iv), CryptoStreamMode.Write))
	427	+	{
	428	+	cs.Write(data, 0, data.Length);
	429	+	cs.FlushFinalBlock();
	430	+
	431	+	return ms.ToArray();
	432	+	}
	433	+	}
	434	+	}
	435	+
	436	+	private static byte[] Rol(byte[] b)
	437	+	{
	438	+	byte[] r = new byte[b.Length];
	439	+	byte carry = 0;
	440	+
	441	+	for (int i = b.Length - 1; i >= 0; i--)
	442	+	{
	443	+	ushort u = (ushort)(b[i] << 1);
	444	+	r[i] = (byte)((u & 0xff) + carry);
	445	+	carry = (byte)((u & 0xff00) >> 8);
	446	+	}
	447	+
	448	+	return r;
	449	+	}
	450	+
	451	+	private byte[] AESCMAC(byte[] key, byte[] data)
	452	+	{
	453	+	// SubKey generation
	454	+	// step 1, AES-128 with key K is applied to an all-zero input block.
	455	+	byte[] L = AESEncrypt(key, new byte[16], new byte[16]);
	456	+
	457	+	// step 2, K1 is derived through the following operation:
	458	+	byte[] FirstSubkey = Rol(L); //If the most significant bit of L is equal to 0, K1 is the left-shift of L by 1 bit.
	459	+	if ((L[0] & 0x80) == 0x80)
	460	+	FirstSubkey[15] ^= 0x87; // Otherwise, K1 is the exclusive-OR of const_Rb and the left-shift of L by 1 bit.
	461	+
	462	+	// step 3, K2 is derived through the following operation:
	463	+	byte[] SecondSubkey = Rol(FirstSubkey); // If the most significant bit of K1 is equal to 0, K2 is the left-shift of K1 by 1 bit.
	464	+	if ((FirstSubkey[0] & 0x80) == 0x80)
	465	+	SecondSubkey[15] ^= 0x87; // Otherwise, K2 is the exclusive-OR of const_Rb and the left-shift of K1 by 1 bit.
	466	+
	467	+	byte[] d = new byte[((int)data.Length / 16) * 16];
	468	+	Array.Copy(data, d, data.Length);
	469	+
	470	+	// MAC computing
	471	+	if (((data.Length != 0) && (data.Length % 16 == 0)) == true)
	472	+	{
	473	+	// If the size of the input message block is equal to a positive multiple of the block size (namely, 128 bits),
	474	+	// the last block shall be exclusive-OR'ed with K1 before processing
	475	+	for (int j = 0; j < FirstSubkey.Length; j++)
	476	+	d[d.Length - 16 + j] ^= FirstSubkey[j];
	477	+	}
	478	+	else
	479	+	{
	480	+	// Otherwise, the last block shall be padded with 10^i
	481	+
	482	+	d[data.Length] = 0x80;
	483	+
	484	+	for (int i = 1; i < 16 - data.Length % 16; i++)
	485	+	{
	486	+	d[data.Length + i] = 0;
	487	+	}
	488	+
	489	+	// and exclusive-OR'ed with K2
	490	+	for (int j = 0; j < SecondSubkey.Length; j++)
	491	+	d[d.Length - 16 + j] ^= SecondSubkey[j];
	492	+	}
	493	+
	494	+	// The result of the previous process will be the input of the last encryption.
	495	+	byte[] encResult = AESEncrypt(key, new byte[16], d);
	496	+
	497	+	byte[] HashValue = new byte[16];
	498	+	Array.Copy(encResult, encResult.Length - HashValue.Length, HashValue, 0, HashValue.Length);
	499	+
	500	+	return HashValue;
	501	+	}
	502	+
	503	+	public byte[] BuildNegotiatePacket(int dialect)
	504	+	{
	505	+	byte[] header = GenerateSmb2HeaderFromCommand(SBM2_Command.SMB2_NEGOTIATE);
	506	+	byte[] negotiatemessage = GetNegotiateMessageSmbv2(dialect);
	507	+	return BuildPacket(header, negotiatemessage);
	508	+	}
	509	+
	510	+	public byte[] BuildSessionSetupPacket(byte[] NTLMSSPMessage, byte[] MIC)
	511	+	{
	512	+	int MIClen = (MIC == null ? 0 : MIC.Length + 4);
	513	+	byte[] header = GenerateSmb2HeaderFromCommand(SBM2_Command.SMB2_SESSION_SETUP);
	514	+	byte[] SpNegoToken = _sessionid == 0 ? GetGSSSpNegoToken(NTLMSSPMessage.Length)
	515	+	: GetGSSSpNegoToken2(NTLMSSPMessage.Length, MIClen);
	516	+	byte[] message = GetSessionSetupMessageSmbv2(SpNegoToken.Length + NTLMSSPMessage.Length + MIClen);
	517	+	byte[] MICPrefix = null;
	518	+	if (MIC != null)
	519	+	{
	520	+	MICPrefix = new byte[] { 0xA3, LowByte(MIC.Length + 2), 0x04, LowByte(MIC.Length) };
	521	+	}
	522	+	return BuildPacket(header, message, SpNegoToken, NTLMSSPMessage, MICPrefix, MIC);
	523	+	}
	524	+
	525	+	public byte[] BuildTreeConnectPacket(string target)
	526	+	{
	527	+	byte[] header = GenerateSmb2HeaderFromCommand(SBM2_Command.SMB2_TREE_CONNECT);
	528	+	byte[] data = Encoding.Unicode.GetBytes(target);
	529	+	byte[] message = GetTreeConnectMessageSmbv2(target.Length);
	530	+	return BuildPacket(header, message, data);
	531	+	}
	532	+
	533	+	public byte[] BuildIOCTLRequestPacket(uint CTLCode, bool IsFSCTL)
	534	+	{
	535	+	byte[] header = GenerateSmb2HeaderFromCommand(SBM2_Command.SMB2_IOCTL);
	536	+	byte[] message = GetIOCTLRequest(CTLCode, IsFSCTL);
	537	+	return BuildPacket(header, message);
	538	+	}
	539	+
	540	+	public byte[] ReadPacket()
	541	+	{
	542	+	byte[] netbios = new byte[4];
	543	+	if (_stream.Read(netbios, 0, netbios.Length) != netbios.Length)
	544	+	throw new Exception("");
	545	+	int size = netbios[0] << 24 \| netbios[1] << 16 \| netbios[2] << 8 \| netbios[3] << 0;
	546	+	byte[] output = new byte[size];
	547	+	_stream.Read(output, 0, size);
	548	+	return output;
	549	+	}
	550	+
	551	+	private SMB2_Header ReadSMB2Header(byte[] packet)
	552	+	{
	553	+	GCHandle handle = GCHandle.Alloc(packet, GCHandleType.Pinned);
	554	+	SMB2_Header header = (SMB2_Header)Marshal.PtrToStructure(handle.AddrOfPinnedObject(), typeof(SMB2_Header));
	555	+	handle.Free();
	556	+	return header;
	557	+	}
	558	+
	559	+	public static T ReadResponse<T>(byte[] packet) where T : struct
	560	+	{
	561	+	GCHandle handle = GCHandle.Alloc(packet, GCHandleType.Pinned);
	562	+	T header = (T)Marshal.PtrToStructure(new IntPtr(handle.AddrOfPinnedObject().ToInt64() + Marshal.SizeOf(typeof(SMB2_Header))), typeof(T));
	563	+	handle.Free();
	564	+	return header;
	565	+	}
	566	+
	567	+	public static byte[] BuildPacket(params byte[][] bytes)
	568	+	{
	569	+	int size = 0;
	570	+	foreach (var array in bytes)
	571	+	{
	572	+	if (array == null)
	573	+	continue;
	574	+	size += array.Length;
	575	+	}
	576	+	byte[] output = new byte[size + 4];
	577	+	var byteSize = BitConverter.GetBytes(size);
	578	+	output[0] = byteSize[3];
	579	+	output[1] = byteSize[2];
	580	+	output[2] = byteSize[1];
	581	+	output[3] = byteSize[0];
	582	+	int offset = 4;
	583	+	foreach (var array in bytes)
	584	+	{
	585	+	if (array == null)
	586	+	continue;
	587	+	Array.Copy(array, 0, output, offset, array.Length);
	588	+	offset += array.Length;
	589	+	}
	590	+	return output;
	591	+	}
	592	+
	593	+	public static byte[] ExtractSSP(byte[] answer, SMB2_SessionSetupResponse sessionSetupResponse)
	594	+	{
	595	+	int offset;
	596	+	for (offset = sessionSetupResponse.SecurityBufferOffset;
	597	+	offset + 4 < sessionSetupResponse.SecurityBufferLength - sessionSetupResponse.SecurityBufferOffset;
	598	+	offset++)
	599	+	{
	600	+	if (answer[offset] == 0x4e
	601	+	&& answer[offset + 1] == 0x54
	602	+	&& answer[offset + 2] == 0x4c
	603	+	&& answer[offset + 3] == 0x4d
	604	+	&& answer[offset + 4] == 0x53
	605	+	&& answer[offset + 5] == 0x53
	606	+	&& answer[offset + 6] == 0x50
	607	+	&& answer[offset + 7] == 0x00)
	608	+	{
	609	+	offset = offset - sessionSetupResponse.SecurityBufferOffset;
	610	+	var NegoPacket2 = new byte[sessionSetupResponse.SecurityBufferLength - offset];
	611	+	Array.Copy(answer, sessionSetupResponse.SecurityBufferOffset + offset, NegoPacket2, 0, sessionSetupResponse.SecurityBufferLength - offset);
	612	+	return NegoPacket2;
	613	+	}
	614	+	}
	615	+	throw new ApplicationException("SSP answer not found");
	616	+	}
	617	+
	618	+	private void SendPacket(byte[] packet)
	619	+	{
	620	+	_stream.Write(packet, 0, packet.Length);
	621	+	_stream.Flush();
	622	+	}
	623	+
	624	+	private Stream _stream;
	625	+	private string _server;
	626	+
	627	+	private ulong _sessionid = 0;
	628	+	private ulong _messageId = 0;
	629	+	private byte[] sessionkey;
	630	+	private uint _TreeId;
	631	+
	632	+	public Smb2Protocol(Stream stream, string server)
	633	+	{
	634	+	_stream = stream;
	635	+	_server = server;
	636	+	}
	637	+
	638	+	public SMB2_NegotiateResponse SendNegotiateRequest(int dialect)
	639	+	{
	640	+	byte[] packet = BuildNegotiatePacket(dialect);
	641	+	_stream.Write(packet, 0, packet.Length);
	642	+	_stream.Flush();
	643	+	Trace.WriteLine("Negotiate Packet sent");
	644	+
	645	+	byte[] answer = ReadPacket();
	646	+	Trace.WriteLine("Negotiate Packet received");
	647	+	var header = ReadSMB2Header(answer);
	648	+
	649	+	if (header.Status != 0)
	650	+	{
	651	+	Trace.WriteLine("Checking " + _server + " for SMBV2 dialect 0x" + dialect.ToString("X2") + " = Not supported via error code");
	652	+	throw new Win32Exception((int)header.Status);
	653	+	}
	654	+
	655	+	return ReadResponse<SMB2_NegotiateResponse>(answer);
	656	+	}
	657	+
	658	+	//public SMB2_SessionSetupResponse SendSessionSetupRequests(NetworkCredential optionalCredential = null)
	659	+	//{
	660	+	// SSPIHelper MyHelper = new SSPIHelper(_server);
	661	+	// if (optionalCredential != null)
	662	+	// {
	663	+	// MyHelper.LoginClient(optionalCredential);
	664	+	// }
	665	+	// byte[] ServerSSPIPacket = null;
	666	+	// byte[] ClientSSPIPacket;
	667	+	// byte[] MIC = null;
	668	+	// bool bContinueProcessing = true;
	669	+	// while (bContinueProcessing)
	670	+	// {
	671	+	// MyHelper.InitializeClient(out ClientSSPIPacket, ServerSSPIPacket, out bContinueProcessing);
	672	+	// if (!bContinueProcessing)
	673	+	// {
	674	+	// byte[] temp;
	675	+	// MyHelper.SignMessage(mechTypes, out temp);
	676	+	// MIC = new byte[temp.Length - mechTypes.Length];
	677	+	// Array.Copy(temp, mechTypes.Length, MIC, 0, temp.Length - mechTypes.Length);
	678	+	// sessionkey = MyHelper.GetSessionKey();
	679	+	// }
	680	+	// var packet = BuildSessionSetupPacket(ClientSSPIPacket, MIC);
	681	+	// SendPacket(packet);
	682	+	//
	683	+	// Trace.WriteLine("SessionSetup Packet sent");
	684	+	// var answer = ReadPacket();
	685	+	// var header = ReadSMB2Header(answer);
	686	+	// Trace.WriteLine("SessionSetup Packet received");
	687	+	// if (header.Status == 0)
	688	+	// {
	689	+	// return ReadResponse<SMB2_SessionSetupResponse>(answer);
	690	+	// }
	691	+	// if (header.Status != STATUS_MORE_PROCESSING_REQUIRED)
	692	+	// {
	693	+	// Trace.WriteLine("Checking " + _server + "Error " + header.Status);
	694	+	// throw new Win32Exception((int)header.Status);
	695	+	// }
	696	+	// if (!bContinueProcessing)
	697	+	// {
	698	+	// Trace.WriteLine("Checking " + _server + "Error " + header.Status + " when no processing needed");
	699	+	// throw new Win32Exception((int)header.Status, "Unexpected SessionSetup error");
	700	+	// }
	701	+	//
	702	+	// var sessionSetupResponse = ReadResponse<SMB2_SessionSetupResponse>(answer);
	703	+	//
	704	+	// _sessionid = header.SessionId;
	705	+	// // extract SSP answer from GSSPAPI answer
	706	+	// ServerSSPIPacket = ExtractSSP(answer, sessionSetupResponse);
	707	+	// }
	708	+	// throw new NotImplementedException("Not supposed to be here");
	709	+	//}
	710	+
	711	+	public SMB2_TreeConnectResponse SendTreeConnect(string target)
	712	+	{
	713	+	var packet = BuildTreeConnectPacket(target);
	714	+	SendPacket(packet);
	715	+
	716	+	Trace.WriteLine("TreeConnect Packet sent");
	717	+	var answer = ReadPacket();
	718	+	var header = ReadSMB2Header(answer);
	719	+	Trace.WriteLine("TreeConnect Packet received");
	720	+	if (header.Status != 0)
	721	+	{
	722	+	Trace.WriteLine("Checking " + _server + "Error " + header.Status);
	723	+	throw new Win32Exception((int)header.Status);
	724	+	}
	725	+	var r = ReadResponse<SMB2_TreeConnectResponse>(answer);
	726	+	_TreeId = header.TreeId;
	727	+	return r;
	728	+	}
	729	+
	730	+	public byte[] SendIOCTLRequest(uint CTLCode, bool IsFSCTL)
	731	+	{
	732	+	var packet = BuildIOCTLRequestPacket(CTLCode, IsFSCTL);
	733	+	SendPacket(packet);
	734	+
	735	+	Trace.WriteLine("IOCTLRequest Packet sent");
	736	+	var answer = ReadPacket();
	737	+	var header = ReadSMB2Header(answer);
	738	+	Trace.WriteLine("IOCTLRequest Packet received");
	739	+	if (header.Status != 0)
	740	+	{
	741	+	Trace.WriteLine("Checking " + _server + "Error " + header.Status);
	742	+	throw new Win32Exception((int)header.Status);
	743	+	}
	744	+	var response = ReadResponse<SMB2_IOCTLResponse>(answer);
	745	+	if (response.OutputCount == 0)
	746	+	return null;
	747	+	var output = new byte[response.OutputCount];
	748	+	Array.Copy(answer, response.OutputOffset, output, 0, response.OutputCount);
	749	+	return output;
	750	+	}
	751	+
	752	+	public List<NetworkInfo> GetNetworkInterfaceInfo()
	753	+	{
	754	+	var output = new List<NetworkInfo>();
	755	+	var o = SendIOCTLRequest(0x001401FC, true);
	756	+
	757	+	int size = Marshal.SizeOf(typeof(SMB2_NETWORK_INTERFACE_INFO));
	758	+	int offset = 0;
	759	+	do
	760	+	{
	761	+	IntPtr pt = Marshal.AllocHGlobal(size);
	762	+	Marshal.Copy(o, offset, pt, size);
	763	+	var n = (SMB2_NETWORK_INTERFACE_INFO)Marshal.PtrToStructure(pt, typeof(SMB2_NETWORK_INTERFACE_INFO));
	764	+
	765	+	var ni = new NetworkInfo();
	766	+	ni.Index = n.IfIndex;
	767	+	ni.Capability = n.Capability;
	768	+	ni.LinkSpeed = n.LinkSpeed;
	769	+	if (n.SockAddr_Storage_Family == 0x2)
	770	+	{
	771	+	var t = new byte[4];
	772	+	Array.Copy(o, offset + Marshal.OffsetOf(typeof(SMB2_NETWORK_INTERFACE_INFO), "SockAddr_Storage_Buffer").ToInt32() + 2, t, 0, t.Length);
	773	+	ni.IP = new IPAddress(t);
	774	+	}
	775	+	else if (n.SockAddr_Storage_Family == 0x17)
	776	+	{
	777	+	var t = new byte[16];
	778	+	Array.Copy(o, offset + Marshal.OffsetOf(typeof(SMB2_NETWORK_INTERFACE_INFO), "SockAddr_Storage_Buffer").ToInt32() + 6, t, 0, t.Length);
	779	+	ni.IP = new IPAddress(t);
	780	+	}
	781	+	else throw new NotImplementedException("SockAddr_Storage_Family unknown: " + n.SockAddr_Storage_Family);
	782	+
	783	+	output.Add(ni);
	784	+	Marshal.FreeHGlobal(pt);
	785	+
	786	+	if (n.Next == 0)
	787	+	break;
	788	+
	789	+	offset += n.Next;
	790	+	} while (offset != 0);
	791	+	return output;
	792	+	}
	793	+	}
	794	+
10	795		public class Smb
11	796		{
12	797		[DllImport("Netapi32.dll", SetLastError = true)]
		skipped 51 lines
64	849		STYPE_SPECIAL = 0x80000000,
65	850		}
66	851
	852	+	[StructLayout(LayoutKind.Explicit)]
	853	+	private struct SMB_Header
	854	+	{
	855	+	[FieldOffset(0)]
	856	+	public UInt32 Protocol;
	857	+
	858	+	[FieldOffset(4)]
	859	+	public byte Command;
	860	+
	861	+	[FieldOffset(5)]
	862	+	public int Status;
	863	+
	864	+	[FieldOffset(9)]
	865	+	public byte Flags;
	866	+
	867	+	[FieldOffset(10)]
	868	+	public UInt16 Flags2;
	869	+
	870	+	[FieldOffset(12)]
	871	+	public UInt16 PIDHigh;
	872	+
	873	+	[FieldOffset(14)]
	874	+	public UInt64 SecurityFeatures;
	875	+
	876	+	[FieldOffset(22)]
	877	+	public UInt16 Reserved;
	878	+
	879	+	[FieldOffset(24)]
	880	+	public UInt16 TID;
	881	+
	882	+	[FieldOffset(26)]
	883	+	public UInt16 PIDLow;
	884	+
	885	+	[FieldOffset(28)]
	886	+	public UInt16 UID;
	887	+
	888	+	[FieldOffset(30)]
	889	+	public UInt16 MID;
	890	+	};
	891	+
	892	+	// https://msdn.microsoft.com/en-us/library/cc246529.aspx
	893	+	[StructLayout(LayoutKind.Explicit)]
	894	+	private struct SMB2_Header
	895	+	{
	896	+	[FieldOffset(0)]
	897	+	public UInt32 ProtocolId;
	898	+
	899	+	[FieldOffset(4)]
	900	+	public UInt16 StructureSize;
	901	+
	902	+	[FieldOffset(6)]
	903	+	public UInt16 CreditCharge;
	904	+
	905	+	[FieldOffset(8)]
	906	+	public UInt32 Status; // to do SMB3
	907	+
	908	+	[FieldOffset(12)]
	909	+	public UInt16 Command;
	910	+
	911	+	[FieldOffset(14)]
	912	+	public UInt16 CreditRequest_Response;
	913	+
	914	+	[FieldOffset(16)]
	915	+	public UInt32 Flags;
	916	+
	917	+	[FieldOffset(20)]
	918	+	public UInt32 NextCommand;
	919	+
	920	+	[FieldOffset(24)]
	921	+	public UInt64 MessageId;
	922	+
	923	+	[FieldOffset(32)]
	924	+	public UInt32 Reserved;
	925	+
	926	+	[FieldOffset(36)]
	927	+	public UInt32 TreeId;
	928	+
	929	+	[FieldOffset(40)]
	930	+	public UInt64 SessionId;
	931	+
	932	+	[FieldOffset(48)]
	933	+	public UInt64 Signature1;
	934	+
	935	+	[FieldOffset(56)]
	936	+	public UInt64 Signature2;
	937	+	}
	938	+
	939	+	[StructLayout(LayoutKind.Explicit)]
	940	+	private struct SMB2_NegotiateRequest
	941	+	{
	942	+	[FieldOffset(0)]
	943	+	public UInt16 StructureSize;
	944	+
	945	+	[FieldOffset(2)]
	946	+	public UInt16 DialectCount;
	947	+
	948	+	[FieldOffset(4)]
	949	+	public UInt16 SecurityMode;
	950	+
	951	+	[FieldOffset(6)]
	952	+	public UInt16 Reserved;
	953	+
	954	+	[FieldOffset(8)]
	955	+	public UInt32 Capabilities;
	956	+
	957	+	[FieldOffset(12)]
	958	+	public Guid ClientGuid;
	959	+
	960	+	[FieldOffset(28)]
	961	+	public UInt64 ClientStartTime;
	962	+
	963	+	[FieldOffset(36)]
	964	+	public UInt16 DialectToTest;
	965	+	}
	966	+
	967	+	private const int SMB_COM_NEGOTIATE = 0x72;
	968	+	private const int SMB2_NEGOTIATE = 0;
	969	+	private const int SMB_FLAGS_CASE_INSENSITIVE = 0x08;
	970	+	private const int SMB_FLAGS_CANONICALIZED_PATHS = 0x10;
	971	+	private const int SMB_FLAGS2_LONG_NAMES = 0x0001;
	972	+	private const int SMB_FLAGS2_EAS = 0x0002;
	973	+	private const int SMB_FLAGS2_SECURITY_SIGNATURE_REQUIRED = 0x0010;
	974	+	private const int SMB_FLAGS2_IS_LONG_NAME = 0x0040;
	975	+	private const int SMB_FLAGS2_ESS = 0x0800;
	976	+	private const int SMB_FLAGS2_NT_STATUS = 0x4000;
	977	+	private const int SMB_FLAGS2_UNICODE = 0x8000;
	978	+	private const int SMB_DB_FORMAT_DIALECT = 0x02;
	979	+
	980	+	private static byte[] GenerateSmbHeaderFromCommand(byte command)
	981	+	{
	982	+	SMB_Header header = new SMB_Header();
	983	+	header.Protocol = 0x424D53FF;
	984	+	header.Command = command;
	985	+	header.Status = 0;
	986	+	header.Flags = SMB_FLAGS_CASE_INSENSITIVE \| SMB_FLAGS_CANONICALIZED_PATHS;
	987	+	header.Flags2 = SMB_FLAGS2_LONG_NAMES \| SMB_FLAGS2_EAS \| SMB_FLAGS2_SECURITY_SIGNATURE_REQUIRED \| SMB_FLAGS2_IS_LONG_NAME \| SMB_FLAGS2_ESS \| SMB_FLAGS2_NT_STATUS \| SMB_FLAGS2_UNICODE;
	988	+	header.PIDHigh = 0;
	989	+	header.SecurityFeatures = 0;
	990	+	header.Reserved = 0;
	991	+	header.TID = 0xffff;
	992	+	header.PIDLow = 0xFEFF;
	993	+	header.UID = 0;
	994	+	header.MID = 0;
	995	+	return getBytes(header);
	996	+	}
	997	+
	998	+	private static byte[] getBytes(object structure)
	999	+	{
	1000	+	int size = Marshal.SizeOf(structure);
	1001	+	byte[] arr = new byte[size];
	1002	+	IntPtr ptr = Marshal.AllocHGlobal(size);
	1003	+	Marshal.StructureToPtr(structure, ptr, true);
	1004	+	Marshal.Copy(ptr, arr, 0, size);
	1005	+	Marshal.FreeHGlobal(ptr);
	1006	+	return arr;
	1007	+	}
	1008	+
	1009	+	private static byte[] getDialect(string dialect)
	1010	+	{
	1011	+	byte[] dialectBytes = Encoding.ASCII.GetBytes(dialect);
	1012	+	byte[] output = new byte[dialectBytes.Length + 2];
	1013	+	output[0] = 2;
	1014	+	output[output.Length - 1] = 0;
	1015	+	Array.Copy(dialectBytes, 0, output, 1, dialectBytes.Length);
	1016	+	return output;
	1017	+	}
	1018	+
	1019	+	private static byte[] GetNegotiateMessage(byte[] dialect)
	1020	+	{
	1021	+	byte[] output = new byte[dialect.Length + 3];
	1022	+	output[0] = 0;
	1023	+	output[1] = (byte)dialect.Length;
	1024	+	output[2] = 0;
	1025	+	Array.Copy(dialect, 0, output, 3, dialect.Length);
	1026	+	return output;
	1027	+	}
	1028	+
	1029	+
	1030	+	private static byte[] GetNegotiatePacket(byte[] header, byte[] smbPacket)
	1031	+	{
	1032	+	byte[] output = new byte[smbPacket.Length + header.Length + 4];
	1033	+	output[0] = 0;
	1034	+	output[1] = 0;
	1035	+	output[2] = 0;
	1036	+	output[3] = (byte)(smbPacket.Length + header.Length);
	1037	+	Array.Copy(header, 0, output, 4, header.Length);
	1038	+	Array.Copy(smbPacket, 0, output, 4 + header.Length, smbPacket.Length);
	1039	+	return output;
	1040	+	}
	1041	+
	1042	+	public static bool DoesServerSupportDialect(string server, string dialect)
	1043	+	{
	1044	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect);
	1045	+	TcpClient client = new TcpClient();
	1046	+	try
	1047	+	{
	1048	+	client.Connect(server, 445);
	1049	+	}
	1050	+	catch (Exception)
	1051	+	{
	1052	+	throw new Exception("port 445 is closed on " + server);
	1053	+	}
	1054	+	try
	1055	+	{
	1056	+	NetworkStream stream = client.GetStream();
	1057	+	byte[] header = GenerateSmbHeaderFromCommand(SMB_COM_NEGOTIATE);
	1058	+	byte[] dialectEncoding = getDialect(dialect);
	1059	+	byte[] negotiatemessage = GetNegotiateMessage(dialectEncoding);
	1060	+	byte[] packet = GetNegotiatePacket(header, negotiatemessage);
	1061	+	stream.Write(packet, 0, packet.Length);
	1062	+	stream.Flush();
	1063	+	byte[] netbios = new byte[4];
	1064	+	if (stream.Read(netbios, 0, netbios.Length) != netbios.Length)
	1065	+	return false;
	1066	+	byte[] smbHeader = new byte[Marshal.SizeOf(typeof(SMB_Header))];
	1067	+	if (stream.Read(smbHeader, 0, smbHeader.Length) != smbHeader.Length)
	1068	+	return false;
	1069	+	byte[] negotiateresponse = new byte[3];
	1070	+	if (stream.Read(negotiateresponse, 0, negotiateresponse.Length) != negotiateresponse.Length)
	1071	+	return false;
	1072	+	if (negotiateresponse[1] == 0 && negotiateresponse[2] == 0)
	1073	+	{
	1074	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect + " = Supported");
	1075	+	return true;
	1076	+	}
	1077	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect + " = Not supported");
	1078	+	return false;
	1079	+	}
	1080	+	catch (Exception)
	1081	+	{
	1082	+	throw new ApplicationException("Smb1 is not supported on " + server);
	1083	+	}
	1084	+	}
	1085	+
	1086	+	public static bool DoesServerSupportDialect(string server, string dialect, out SMBSecurityModeEnum securityMode)
	1087	+	{
	1088	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect);
	1089	+	securityMode = SMBSecurityModeEnum.NotTested;
	1090	+	TcpClient client = new TcpClient();
	1091	+	client.ReceiveTimeout = 500;
	1092	+	client.SendTimeout = 500;
	1093	+	try
	1094	+	{
	1095	+	client.Connect(server, 445);
	1096	+	}
	1097	+	catch (Exception)
	1098	+	{
	1099	+	//throw new SmbPortClosedException(server);
	1100	+	}
	1101	+	try
	1102	+	{
	1103	+	NetworkStream stream = client.GetStream();
	1104	+	byte[] header = GenerateSmbHeaderFromCommand(SMB_COM_NEGOTIATE);
	1105	+	byte[] dialectEncoding = getDialect(dialect);
	1106	+	byte[] negotiatemessage = GetNegotiateMessage(dialectEncoding);
	1107	+	byte[] packet = GetNegotiatePacket(header, negotiatemessage);
	1108	+	stream.Write(packet, 0, packet.Length);
	1109	+	stream.Flush();
	1110	+	byte[] netbios = new byte[4];
	1111	+	if (stream.Read(netbios, 0, netbios.Length) != netbios.Length)
	1112	+	return false;
	1113	+	byte[] smbHeader = new byte[Marshal.SizeOf(typeof(SMB_Header))];
	1114	+	if (stream.Read(smbHeader, 0, smbHeader.Length) != smbHeader.Length)
	1115	+	return false;
	1116	+	byte[] negotiateresponse = new byte[4];
	1117	+	if (stream.Read(negotiateresponse, 0, negotiateresponse.Length) != negotiateresponse.Length)
	1118	+	return false;
	1119	+	if (negotiateresponse[1] == 0 && negotiateresponse[2] == 0)
	1120	+	{
	1121	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect + " = Supported");
	1122	+	byte SmbSecurityMode = negotiateresponse[3];
	1123	+	if (SmbSecurityMode == 4)
	1124	+	{
	1125	+	securityMode = SMBSecurityModeEnum.SmbSigningEnabled;
	1126	+	}
	1127	+	else if (SmbSecurityMode == 8)
	1128	+	{
	1129	+	securityMode = SMBSecurityModeEnum.SmbSigningEnabled \| SMBSecurityModeEnum.SmbSigningRequired;
	1130	+	}
	1131	+	else
	1132	+	{
	1133	+	securityMode = SMBSecurityModeEnum.None;
	1134	+	}
	1135	+	return true;
	1136	+	}
	1137	+	Trace.WriteLine("Checking " + server + " for SMBV1 dialect " + dialect + " = Not supported");
	1138	+	return false;
	1139	+	}
	1140	+	catch (Exception)
	1141	+	{
	1142	+	//throw new Smb1NotSupportedException(server);
	1143	+	return false;
	1144	+	}
	1145	+	}
	1146	+
	1147	+	public static bool DoesServerSupportDialectWithSmbV2(string server, int dialect, out SMBSecurityModeEnum securityMode)
	1148	+	{
	1149	+	Trace.WriteLine("Checking " + server + " for SMBV2 dialect 0x" + dialect.ToString("X2"));
	1150	+	securityMode = SMBSecurityModeEnum.NotTested;
	1151	+	TcpClient client = new TcpClient();
	1152	+	client.ReceiveTimeout = 500;
	1153	+	client.SendTimeout = 500;
	1154	+	try
	1155	+	{
	1156	+	client.Connect(server, 445);
	1157	+	}
	1158	+	catch (Exception)
	1159	+	{
	1160	+	//throw new SmbPortClosedException(server);
	1161	+	}
	1162	+	try
	1163	+	{
	1164	+	NetworkStream stream = client.GetStream();
	1165	+
	1166	+	var smb2 = new Smb2Protocol(stream, server);
	1167	+
	1168	+	var negotiateresponse = smb2.SendNegotiateRequest(dialect);
	1169	+	if ((negotiateresponse.SecurityMode & 1) != 0)
	1170	+	{
	1171	+	securityMode = SMBSecurityModeEnum.SmbSigningEnabled;
	1172	+
	1173	+	if ((negotiateresponse.SecurityMode & 2) != 0)
	1174	+	{
	1175	+	securityMode \|= SMBSecurityModeEnum.SmbSigningRequired;
	1176	+	}
	1177	+	}
	1178	+	else
	1179	+	{
	1180	+	securityMode = SMBSecurityModeEnum.None;
	1181	+	}
	1182	+
	1183	+	Trace.WriteLine("Checking " + server + " for SMBV2 dialect 0x" + dialect.ToString("X2") + " = Supported");
	1184	+	return true;
	1185	+	}
	1186	+	catch (Exception)
	1187	+	{
	1188	+	//throw new Smb2NotSupportedException(server);
	1189	+	return false;
	1190	+	}
	1191	+	}
	1192	+
	1193	+	[Flags]
	1194	+	public enum SMBSecurityModeEnum
	1195	+	{
	1196	+	NotTested = 0,
	1197	+	None = 1,
	1198	+	SmbSigningEnabled = 2,
	1199	+	SmbSigningRequired = 4,
	1200	+	}
	1201	+
	1202	+	private static SMBSecurityModeEnum CombineSecurityMode(SMBSecurityModeEnum smbv2secmode, SMBSecurityModeEnum smbv2temp)
	1203	+	{
	1204	+	if (smbv2temp == SMBSecurityModeEnum.NotTested)
	1205	+	return smbv2secmode;
	1206	+	if (smbv2secmode == SMBSecurityModeEnum.NotTested)
	1207	+	return smbv2temp;
	1208	+	if (smbv2temp == SMBSecurityModeEnum.None \|\| smbv2secmode == SMBSecurityModeEnum.None)
	1209	+	return SMBSecurityModeEnum.None;
	1210	+	if ((smbv2temp & SMBSecurityModeEnum.SmbSigningEnabled) != 0 && (smbv2secmode & SMBSecurityModeEnum.SmbSigningEnabled) != 0)
	1211	+	{
	1212	+	if ((smbv2temp & SMBSecurityModeEnum.SmbSigningRequired) != 0 && (smbv2secmode & SMBSecurityModeEnum.SmbSigningRequired) != 0)
	1213	+	{
	1214	+	return SMBSecurityModeEnum.SmbSigningEnabled \| SMBSecurityModeEnum.SmbSigningRequired;
	1215	+	}
	1216	+	return SMBSecurityModeEnum.SmbSigningEnabled;
	1217	+	}
	1218	+	// defensive programming
	1219	+	return SMBSecurityModeEnum.NotTested;
	1220	+	}
	1221	+
	1222	+	public static void CheckSMBVersion(string computer)
	1223	+	{
	1224	+	bool isPortOpened = true;
	1225	+	bool SMBv1 = false;
	1226	+	bool SMBv2_0x0202 = false;
	1227	+	bool SMBv2_0x0210 = false;
	1228	+	bool SMBv2_0x0300 = false;
	1229	+	bool SMBv2_0x0302 = false;
	1230	+	bool SMBv2_0x0311 = false;
	1231	+	SMBSecurityModeEnum smbv1secmode = SMBSecurityModeEnum.NotTested;
	1232	+	SMBSecurityModeEnum smbv2secmode = SMBSecurityModeEnum.NotTested;
	1233	+	SMBSecurityModeEnum smbv2temp;
	1234	+	try
	1235	+	{
	1236	+	try
	1237	+	{
	1238	+	SMBv1 = DoesServerSupportDialect(computer, "NT LM 0.12", out smbv1secmode);
	1239	+	}
	1240	+	catch (ApplicationException)
	1241	+	{
	1242	+	}
	1243	+	try
	1244	+	{
	1245	+	SMBv2_0x0202 = DoesServerSupportDialectWithSmbV2(computer, 0x0202, out smbv2secmode);
	1246	+	SMBv2_0x0210 = DoesServerSupportDialectWithSmbV2(computer, 0x0210, out smbv2temp);
	1247	+	smbv2secmode = CombineSecurityMode(smbv2secmode, smbv2temp);
	1248	+	SMBv2_0x0300 = DoesServerSupportDialectWithSmbV2(computer, 0x0300, out smbv2temp);
	1249	+	smbv2secmode = CombineSecurityMode(smbv2secmode, smbv2temp);
	1250	+	SMBv2_0x0302 = DoesServerSupportDialectWithSmbV2(computer, 0x0302, out smbv2temp);
	1251	+	smbv2secmode = CombineSecurityMode(smbv2secmode, smbv2temp);
	1252	+	SMBv2_0x0311 = DoesServerSupportDialectWithSmbV2(computer, 0x0311, out smbv2temp);
	1253	+	smbv2secmode = CombineSecurityMode(smbv2secmode, smbv2temp);
	1254	+	}
	1255	+	catch (ApplicationException)
	1256	+	{
	1257	+	}
	1258	+	}
	1259	+	catch (Exception)
	1260	+	{
	1261	+	isPortOpened = false;
	1262	+	}
	1263	+	Console.WriteLine("[*] SMB Versions: " + (SMBv1 ? "[+]SMBv1" : "[-]SMBv1")
	1264	+	+ "\t" + (SMBv2_0x0202 ? "[+]SMBv2(0x0202)" : "[-]SMBv2(0x0202)")
	1265	+	+ "\t" + (SMBv2_0x0210 ? "[+]SMBv2(0x0210)" : "[-]SMBv2(0x0210)")
	1266	+	+ "\t" + (SMBv2_0x0300 ? "[+]SMBv3(0x0300)" : "[-]SMBv3(0x0300)")
	1267	+	+ "\t" + (SMBv2_0x0302 ? "[+]SMBv3(0x0302)" : "[-]SMBv3(0x0302)")
	1268	+	+ "\t" + (SMBv2_0x0311 ? "[+]SMBv3(0x0311)" : "[-]SMBv3(0x0311)"));
	1269	+	Console.WriteLine("[*] SMBv1 Signing: " + ((smbv1secmode & SMBSecurityModeEnum.SmbSigningRequired) != 0 ? "[+]Signing Required" : "[-]Signing Not Required"));
	1270	+	Console.WriteLine("[*] SMBv2+ Signing: " + ((smbv2secmode & SMBSecurityModeEnum.SmbSigningRequired) != 0 ? "[+]Signing Required" : "[-]Signing Not Required"));
	1271	+	}
	1272	+
67	1273		public static SHARE_INFO_1[] EnumNetShares(string Server)
68	1274		{
69	1275		List<SHARE_INFO_1> ShareInfos = new List<SHARE_INFO_1>();
		skipped 23 lines
93	1299		}
94	1300		}
95	1301
	1302	+	// https://github.com/w1u0u1/smb2os/blob/main/smb2os/Program.cs
	1303	+	public static void CheckOsVersion(string computername)
	1304	+	{
	1305	+	byte[] request1 = new byte[]
	1306	+	{
	1307	+	0x00,0x00,0x00,0x45,0xff,0x53,0x4d,0x42,0x72,0x00,0x00,0x00,0x00,0x18,0x53,0xc8,
	1308	+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0xff,0xff,0xff,0xfe,
	1309	+	0x00,0x00,0x00,0x00,0x00,0x22,0x00,0x02,0x4e,0x54,0x20,0x4c,0x4d,0x20,0x30,0x2e,
	1310	+	0x31,0x32,0x00,0x02,0x53,0x4d,0x42,0x20,0x32,0x2e,0x30,0x30,0x32,0x00,0x02,0x53,
	1311	+	0x4d,0x42,0x20,0x32,0x2e,0x3f,0x3f,0x3f,0x00
	1312	+	};
	1313	+
	1314	+	byte[] request2 = new byte[]
	1315	+	{
	1316	+	0x00,0x00,0x00,0xe8,0xfe,0x53,0x4d,0x42,0x40,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1317	+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,
	1318	+	0x00,0x00,0x00,0x00,0xff,0xfe,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1319	+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1320	+	0x00,0x00,0x00,0x00,0x24,0x00,0x05,0x00,0x01,0x00,0x00,0x00,0x7f,0x00,0x00,0x00,
	1321	+	0xa7,0x22,0x57,0x31,0xd9,0x03,0xec,0x11,0x92,0x65,0x3c,0x58,0xc2,0x75,0xac,0xfa,
	1322	+	0x70,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x02,0x02,0x10,0x02,0x00,0x03,0x02,0x03,
	1323	+	0x11,0x03,0x00,0x00,0x01,0x00,0x26,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x20,0x00,
	1324	+	0x01,0x00,0x06,0x41,0x15,0xa2,0x9b,0x6f,0x7a,0x8f,0xda,0xa7,0xe9,0xf3,0xed,0xa8,
	1325	+	0x10,0x31,0x88,0x74,0x9e,0x53,0xaf,0xf7,0x92,0x36,0x38,0x8d,0x99,0xe6,0x0a,0x27,
	1326	+	0x4b,0x84,0x00,0x00,0x02,0x00,0x06,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x02,0x00,
	1327	+	0x01,0x00,0x00,0x00,0x03,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x04,0x00,0x00,0x00,
	1328	+	0x01,0x00,0x00,0x00,0x04,0x00,0x02,0x00,0x03,0x00,0x01,0x00,0x05,0x00,0x18,0x00,
	1329	+	0x00,0x00,0x00,0x00,0x31,0x00,0x39,0x00,0x32,0x00,0x2e,0x00,0x31,0x00,0x36,0x00,
	1330	+	0x38,0x00,0x2e,0x00,0x36,0x00,0x2e,0x00,0x36,0x00,0x30,0x00
	1331	+	};
	1332	+
	1333	+	byte[] request3 = new byte[]
	1334	+	{
	1335	+	0x00,0x00,0x00,0xa2,0xfe,0x53,0x4d,0x42,0x40,0x00,0x01,0x00,0x00,0x00,0x00,0x00,
	1336	+	0x01,0x00,0x21,0x00,0x10,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0x00,0x00,0x00,
	1337	+	0x00,0x00,0x00,0x00,0xff,0xfe,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1338	+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1339	+	0x00,0x00,0x00,0x00,0x19,0x00,0x00,0x01,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
	1340	+	0x58,0x00,0x4a,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x60,0x48,0x06,0x06,
	1341	+	0x2b,0x06,0x01,0x05,0x05,0x02,0xa0,0x3e,0x30,0x3c,0xa0,0x0e,0x30,0x0c,0x06,0x0a,
	1342	+	0x2b,0x06,0x01,0x04,0x01,0x82,0x37,0x02,0x02,0x0a,0xa2,0x2a,0x04,0x28,0x4e,0x54,
	1343	+	0x4c,0x4d,0x53,0x53,0x50,0x00,0x01,0x00,0x00,0x00,0x97,0x82,0x08,0xe2,0x00,0x00,
	1344	+	0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x0a,0x00,
	1345	+	0x61,0x4a,0x00,0x00,0x00,0x0f
	1346	+	};
	1347	+	try
	1348	+	{
	1349	+	using (TcpClient tcpClient = new TcpClient())
	1350	+	{
	1351	+	var result = tcpClient.BeginConnect(computername, 445, null, null);
	1352	+	var success = result.AsyncWaitHandle.WaitOne(TimeSpan.FromMilliseconds(1000));
	1353	+	if (!success)
	1354	+	{
	1355	+	Console.WriteLine(string.Format("{0}\t{1}", computername, "Failed to connect timeout."));
	1356	+	return;
	1357	+	}
	1358	+
	1359	+	tcpClient.EndConnect(result);
	1360	+
	1361	+	using (NetworkStream ns = tcpClient.GetStream())
	1362	+	{
	1363	+	byte[] temp = new byte[1024];
	1364	+
	1365	+	ns.Write(request1, 0, request1.Length);
	1366	+	int read = ns.Read(temp, 0, temp.Length);
	1367	+
	1368	+	ns.Write(request2, 0, request2.Length);
	1369	+	read = ns.Read(temp, 0, temp.Length);
	1370	+
	1371	+	ns.Write(request3, 0, request3.Length);
	1372	+	read = ns.Read(temp, 0, temp.Length);
	1373	+
	1374	+	int blob_offset = BitConverter.ToInt16(temp, 72);
	1375	+	blob_offset += 4;
	1376	+
	1377	+	int ntlm_provider_offset = blob_offset + 31;
	1378	+
	1379	+	int target_name_length = BitConverter.ToInt16(temp, ntlm_provider_offset + 12);
	1380	+	if (target_name_length == 0)
	1381	+	{
	1382	+	ntlm_provider_offset = blob_offset + 33;
	1383	+	target_name_length = BitConverter.ToInt16(temp, ntlm_provider_offset + 12);
	1384	+	}
	1385	+
	1386	+	int target_name_offset = BitConverter.ToInt32(temp, ntlm_provider_offset + 16);
	1387	+	string name = Encoding.Unicode.GetString(temp, ntlm_provider_offset + target_name_offset, target_name_length);
	1388	+
	1389	+	int version_offset = ntlm_provider_offset + 48;
	1390	+	int major = temp[version_offset++];
	1391	+	int minor = temp[version_offset++];
	1392	+	int build = BitConverter.ToInt16(temp, version_offset);
	1393	+
	1394	+	Console.WriteLine(string.Format("[*] OS Version: {0} - {1}.{2}.{3}", name, major, minor, build));
	1395	+	}
	1396	+	}
	1397	+	}
	1398	+	catch (Exception ex)
	1399	+	{
	1400	+	Console.WriteLine(ex.Message);
	1401	+	}
	1402	+	}
	1403	+
96	1404		public static void CheckLocalAdmin(string computer, string module)
97	1405		{
98	1406		string[] errors = { "ERROR=53", "ERROR=5" };
		skipped 89 lines
188	1496		}
189	1497		}
190	1498		}
191		-

■ ■ ■ ■ ■ ■

SharpMapExec/obj/Release/.NETFramework,Version=v4.5.AssemblyAttributes.cs

1	+	// <autogenerated />
2	+	using System;
3	+	using System.Reflection;
4	+	[assembly: global::System.Runtime.Versioning.TargetFrameworkAttribute(".NETFramework,Version=v4.5", FrameworkDisplayName = ".NET Framework 4.5")]
5	+

SharpMapExec/obj/Release/DesignTimeResolveAssemblyReferencesInput.cache

Binary file.
■ ■ ■ ■ ■ ■

SharpMapExec/obj/Release/SharpMapExec.csproj.FileListAbsolute.txt

1 +

All occurrences

smb feature update