Class: Rex::Proto::DCERPC::Response

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/proto/dcerpc/response.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(data) ⇒ Response

Create a new DCERPC::Response object This can be initialized in two ways: 1) Call .new() with the first 10 bytes of packet, then call parse on the rest 2) Call .new() with the full packet contents


22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# File 'lib/rex/proto/dcerpc/response.rb', line 22

def initialize(data)

  self.ack_result = []
  self.ack_reason = []
  self.ack_xfer_syntax_uuid = []
  self.ack_xfer_syntax_vers = []

  if (! data or data.length < 10)
    raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
  end

  if (data.length == 10)
    self.frag_len = data[8,2].unpack('v')[0]
    self.raw = data
  end

  if (data.length > 10)
    self.raw = data
    self.parse
  end
end

Instance Attribute Details

#ack_reasonObject

Returns the value of attribute ack_reason


14
15
16
# File 'lib/rex/proto/dcerpc/response.rb', line 14

def ack_reason
  @ack_reason
end

#ack_resultObject

Returns the value of attribute ack_result


14
15
16
# File 'lib/rex/proto/dcerpc/response.rb', line 14

def ack_result
  @ack_result
end

#ack_xfer_syntax_uuidObject

Returns the value of attribute ack_xfer_syntax_uuid


14
15
16
# File 'lib/rex/proto/dcerpc/response.rb', line 14

def ack_xfer_syntax_uuid
  @ack_xfer_syntax_uuid
end

#ack_xfer_syntax_versObject

Returns the value of attribute ack_xfer_syntax_vers


14
15
16
# File 'lib/rex/proto/dcerpc/response.rb', line 14

def ack_xfer_syntax_vers
  @ack_xfer_syntax_vers
end

#alloc_hintObject

Returns the value of attribute alloc_hint


15
16
17
# File 'lib/rex/proto/dcerpc/response.rb', line 15

def alloc_hint
  @alloc_hint
end

#assoc_groupObject

Returns the value of attribute assoc_group


12
13
14
# File 'lib/rex/proto/dcerpc/response.rb', line 12

def assoc_group
  @assoc_group
end

#auth_lenObject

Returns the value of attribute auth_len


10
11
12
# File 'lib/rex/proto/dcerpc/response.rb', line 10

def auth_len
  @auth_len
end

#call_idObject

Returns the value of attribute call_id


11
12
13
# File 'lib/rex/proto/dcerpc/response.rb', line 11

def call_id
  @call_id
end

#cancel_cntObject

Returns the value of attribute cancel_cnt


15
16
17
# File 'lib/rex/proto/dcerpc/response.rb', line 15

def cancel_cnt
  @cancel_cnt
end

#context_idObject

Returns the value of attribute context_id


15
16
17
# File 'lib/rex/proto/dcerpc/response.rb', line 15

def context_id
  @context_id
end

#data_repObject

Returns the value of attribute data_rep


11
12
13
# File 'lib/rex/proto/dcerpc/response.rb', line 11

def data_rep
  @data_rep
end

#flagsObject

Returns the value of attribute flags


11
12
13
# File 'lib/rex/proto/dcerpc/response.rb', line 11

def flags
  @flags
end

#frag_lenObject

Returns the value of attribute frag_len


10
11
12
# File 'lib/rex/proto/dcerpc/response.rb', line 10

def frag_len
  @frag_len
end

#max_frag_recvObject

Returns the value of attribute max_frag_recv


11
12
13
# File 'lib/rex/proto/dcerpc/response.rb', line 11

def max_frag_recv
  @max_frag_recv
end

#max_frag_xmitObject

Returns the value of attribute max_frag_xmit


11
12
13
# File 'lib/rex/proto/dcerpc/response.rb', line 11

def max_frag_xmit
  @max_frag_xmit
end

#nack_reasonObject

Returns the value of attribute nack_reason


13
14
15
# File 'lib/rex/proto/dcerpc/response.rb', line 13

def nack_reason
  @nack_reason
end

#num_resultsObject

Returns the value of attribute num_results


12
13
14
# File 'lib/rex/proto/dcerpc/response.rb', line 12

def num_results
  @num_results
end

#rawObject

Returns the value of attribute raw


16
17
18
# File 'lib/rex/proto/dcerpc/response.rb', line 16

def raw
  @raw
end

#sec_addrObject

Returns the value of attribute sec_addr


12
13
14
# File 'lib/rex/proto/dcerpc/response.rb', line 12

def sec_addr
  @sec_addr
end

#sec_addr_lenObject

Returns the value of attribute sec_addr_len


12
13
14
# File 'lib/rex/proto/dcerpc/response.rb', line 12

def sec_addr_len
  @sec_addr_len
end

#statusObject

Returns the value of attribute status


15
16
17
# File 'lib/rex/proto/dcerpc/response.rb', line 15

def status
  @status
end

#stub_dataObject

Returns the value of attribute stub_data


15
16
17
# File 'lib/rex/proto/dcerpc/response.rb', line 15

def stub_data
  @stub_data
end

#typeObject

Returns the value of attribute type


10
11
12
# File 'lib/rex/proto/dcerpc/response.rb', line 10

def type
  @type
end

#vers_majorObject

Returns the value of attribute vers_major


10
11
12
# File 'lib/rex/proto/dcerpc/response.rb', line 10

def vers_major
  @vers_major
end

#vers_minorObject

Returns the value of attribute vers_minor


10
11
12
# File 'lib/rex/proto/dcerpc/response.rb', line 10

def vers_minor
  @vers_minor
end

#xfer_syntax_uuidObject

Returns the value of attribute xfer_syntax_uuid


13
14
15
# File 'lib/rex/proto/dcerpc/response.rb', line 13

def xfer_syntax_uuid
  @xfer_syntax_uuid
end

#xfer_syntax_versObject

Returns the value of attribute xfer_syntax_vers


13
14
15
# File 'lib/rex/proto/dcerpc/response.rb', line 13

def xfer_syntax_vers
  @xfer_syntax_vers
end

Instance Method Details

#parse(body = '') ⇒ Object

Parse the contents of a DCERPC response packet and fill out all the fields


45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# File 'lib/rex/proto/dcerpc/response.rb', line 45

def parse(body = '')
  self.raw = self.raw + body
  self.type = self.raw[2,1].unpack('C')[0]

  uuid = Rex::Proto::DCERPC::UUID
  data = self.raw


  if(not data)
    raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
  end

  # BIND_ACK == 12, ALTER_CONTEXT_RESP == 15
  if (self.type == 12 or self.type == 15)

    # Decode most of the DCERPC header
    self.vers_major,
    self.vers_minor,
    trash,
    self.flags,
    self.data_rep,
    self.frag_len,
    self.auth_len,
    self.call_id,
    self.max_frag_xmit,
    self.max_frag_recv,
    self.assoc_group,
    self.sec_addr_len = data.unpack('CCCCNvvVvvVv')


    if(not self.frag_len or data.length < self.frag_len)
      raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
    end

    # Keep an offset into the packet handy
    x = 0

    # XXX This is still somewhat broken (4 digit ports)
    self.sec_addr = data[26, self.sec_addr_len]

    # Move the pointer into the packet forward
    x += 26 + self.sec_addr_len

    # Align the pointer on a dword boundary
    while (x % 4 != 0)
      x += 1
    end

    # Figure out how many results we have (multiple-context binds)
    self.num_results = data[ x, 4 ].unpack('V')[0]

    # Move the pointer to the ack_result[0] offset
    x += 4

    # Initialize the ack_result index
    ack = 0

    # Scan through all results and add them to the result arrays
    while ack < self.num_results
      self.ack_result[ack] = data[ x + 0, 2 ].unpack('v')[0]
      self.ack_reason[ack] = data[ x + 2, 2 ].unpack('v')[0]
      self.ack_xfer_syntax_uuid[ack] = uuid.uuid_unpack(data[ x + 4, 16 ])
      self.ack_xfer_syntax_vers[ack] = data[ x + 20, 4 ].unpack('V')[0]
      x += 24
      ack += 1
    end

    # End of BIND_ACK || ALTER_CONTEXT_RESP
  end

  # BIND_NACK == 13
  if (self.type == 13)

    # Decode most of the DCERPC header
    self.vers_major,
    self.vers_minor,
    trash,
    self.flags,
    self.data_rep,
    self.frag_len,
    self.auth_len,
    self.call_id,
    self.nack_reason = data.unpack('CCCCNvvVv')
  end

  # RESPONSE == 2
  if (self.type == 2)

    # Decode the DCERPC response header
    self.vers_major,
    self.vers_minor,
    trash,
    self.flags,
    self.data_rep,
    self.frag_len,
    self.auth_len,
    self.call_id,
    self.alloc_hint,
    self.context_id,
    self.cancel_cnt = data.unpack('CCCCNvvVVvC')

    # Error out if the whole header was not read
    if !(self.alloc_hint and self.context_id and self.cancel_cnt)
      raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
    end

    # Put the application data into self.stub_data
    self.stub_data = data[data.length - self.alloc_hint, 0xffff]
    # End of RESPONSE
  end

  # FAULT == 3
  if (self.type == 3)

    # Decode the DCERPC response header
    self.vers_major,
    self.vers_minor,
    trash,
    self.flags,
    self.data_rep,
    self.frag_len,
    self.auth_len,
    self.call_id,
    self.alloc_hint,
    self.context_id,
    self.cancel_cnt,
    trash,
    self.status = data.unpack('CCCCNvvVVvCCV')

    # Put the application data into self.stub_data
    self.stub_data = data[data.length - self.alloc_hint, 0xffff]
    # End of FAULT
  end

end