CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutSign UpSign In
rapid7

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place.

GitHub Repository: rapid7/metasploit-framework
 Path: blob/master/lib/rex/proto/dcerpc/wdscp/packet.rb
Views: 11766
1
# -*- coding: binary -*-

2
module Rex

3
module Proto

4
module DCERPC

5
module WDSCP

6
class Packet

7


8
  WDS_CONST 	= Rex::Proto::DCERPC::WDSCP::Constants

9


10
  def initialize(packet_type, opcode)

11
    if opcode.nil? || packet_type.nil?

12
      raise(ArgumentError, "Packet arguments cannot be nil")

13
    end

14


15
    @variables = []

16
    @packet_type = WDS_CONST::PACKET_TYPE[packet_type]

17
    @opcode = WDS_CONST::OPCODE[opcode]

18
  end

19


20
  def add_var(name, type_mod=0, value_length=nil, array_size=0, value)

21
    padding = 0

22
    vt = WDS_CONST::VAR_TYPE_LOOKUP[name]

23
    value_type = WDS_CONST::BASE_TYPE[vt]

24
    name = Rex::Text.to_unicode(name).unpack('H*')[0]

25


26
    # Terminate strings with null char

27
    if vt == :STRING

28
      value << "\x00"

29
    elsif vt == :WSTRING

30
      value = Rex::Text.to_unicode(value)

31
      value << "\x00\x00"

32
    end

33


34
    value_length ||= value.length

35
    # Variable block total size should be evenly divisible by 16.

36
    len = 16 * (1 + (value_length/16))

37
    @variables <<

38
      [	name,

39
        padding,

40
        value_type,

41
        type_mod,

42
        value_length,

43
        array_size,

44
        value

45
      ].pack('H132vvvVVa%i' % len)

46
  end

47


48
  def create

49
    packet = []

50
    var_count = @variables.count

51


52
    packet_size = 0

53
    @variables.each do |var|

54
      packet_size += var.length

55
    end

56


57
    # variables + operation

58
    packet_size += 16

59


60
    # These bytes are not part of the spec but are not part of DCERPC according to Wireshark

61
    # Perhaps something from MSRPC specific? Basically length of the WDSCP packet twice...

62
    packet << [(packet_size+40)].pack('V') * 2

63
    packet << create_endpoint_header(packet_size)

64
    packet << create_operation_header(packet_size, var_count, @packet_type, @opcode)

65
    packet.concat(@variables)

66


67
    return packet.join

68
  end

69


70
  def create_operation_header(packet_size, var_count, packet_type=:REQUEST, opcode)

71
    return 	[

72
        packet_size, # PacketSize

73
        256,         # Version

74
        packet_type, # Packet_Type

75
        0,           # Padding

76
        opcode,      # Opcode

77
        var_count,   # Variable Count

78
      ].pack('VvCCVV')

79
  end

80


81
  def create_endpoint_header(packet_size)

82
    return [

83
        40,                            # Header_Size

84
        256,                           # Version

85
        packet_size,                   # Packet_Size - This doesn't differ from operation header despite the spec...

86
        WDS_CONST::OS_DEPLOYMENT_GUID, # GUID

87
        "\x00"*16,                     # Reserved

88
      ].pack('vvVa16a16')

89
  end

90
end

91
end

92
end

93
end

94
end

95


96