📄 secpod_smb_func.inc
字号:
return FALSE; } list = registry_enum_key(soc:soc, uid:uid, tid:tid, pipe:pipe, reply:r); return(list);}#################################################################################Open the given file#param:# share: IPC Share, ex: $C# file: File path################################################################################function open_file(share, file){ if(!port){ port = 445; } soc = open_sock_tcp(port); if(!soc){ return FALSE; } r = smb_session_request(soc:soc, remote:name); if(!r) { close(soc); return FALSE; } prot = smb_neg_prot(soc:soc); if(!prot) { close(soc); return FALSE; } r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot); if(!r) { close(soc); return FALSE; } uid = session_extract_uid(reply:r); if(!uid) { close(soc); return FALSE; } r = smb_tconx(soc:soc, name:name, uid:uid, share:share); if(!r) { close(soc); return FALSE; } tid = tconx_extract_tid(reply:r); if(!tid) { close(soc); return FALSE; } r = OpenAndX(socket:soc, uid:uid, tid:tid, file:file); return r;} ########################################################################### Get the file size for a given file# Param# share: Windows IPC Share# file: Path to a given file########################################################################## function get_file_size(share, file){ if(!port){ port = 445; } soc = open_sock_tcp(port); if(!soc){ return FALSE; } r = smb_session_request(soc:soc, remote:name); if(!r){ close(soc); return FALSE; } prot = smb_neg_prot(soc:soc); if(!prot){ close(soc); return FALSE; } r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot); if(!r){ close(soc); return FALSE; } uid = session_extract_uid(reply:r); if(!uid) { close(soc); return FALSE; } r = smb_tconx(soc:soc, name:name, uid:uid, share:share); if(!r) { close(soc); return FALSE; } tid = tconx_extract_tid(reply:r); if(!tid){ close(soc); return FALSE; } fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file); if(!fid){ close(soc); return FALSE; } fileSize = smb_get_file_size(socket:soc, uid:uid, tid:tid, fid:fid); if(fileSize){ return fileSize; }}########################################################################### Function that reads the content of given file# Param# share: Windows IPC Share# file: File path to read the content# offset: Position from which to start the file read# count: Number of bytes to readh from offset########################################################################## function read_file(share, file, offset, count){ if(!port){ port = 445; } soc = open_sock_tcp(port); if(!soc){ return FALSE; } r = smb_session_request(soc:soc, remote:name); if(!r) { close(soc); return FALSE; } prot = smb_neg_prot(soc:soc); if(!prot) { close(soc); return FALSE; } r = smb_session_setup(soc:soc, login:login, password:pass, domain:domain, prot:prot); if(!r) { close(soc); return FALSE; } uid = session_extract_uid(reply:r); if(!uid) { close(soc); return FALSE; } r = smb_tconx(soc:soc, name:name, uid:uid, share:share); if(!r) { close(soc); return FALSE; } tid = tconx_extract_tid(reply:r); if(!tid) { close(soc); return FALSE; } fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file); if(!fid) { close(soc); return FALSE; } content = ReadAndX(socket:soc, uid:uid, tid:tid, fid:fid, count:count, off:offset); return content;}function GetVer(file, share, prodvers){ local_var r, pe_offset, sections_cnt, sections_offset, sections_data, i, rsrc_start, rsrc_virtstart; local_var dir_data, dir_offset, dir_entries, sub_dir, dir_tmp, vs_data, vs_length, r, recurs, max_recurs, vs_offset; if(isnull(prodvers)){ prodvers = 0; } pe_offset = bin_word(data: read_file(share:share, file:file, offset:60, count:2)); if(read_file(share:share, file:file, offset:pe_offset, count:2) != "PE"){ return NULL; } sections_cnt = bin_word(data: read_file(share:share, file:file, offset:pe_offset+6, count:2)); section_offset = pe_offset + bin_word(data: read_file(share:share, file:file, offset:pe_offset+20, count:2)) + 24; rsrc_start = NULL; max_recurs = 20; for( i=0; i<sections_cnt; i++ ) { sections_data = read_file(share:share, file:file, offset:section_offset + i * 40, count:40); if(substr(sections_data, 0, 4) == ".rsrc") { rsrc_start = bin_dword(data:substr(sections_data, 20)); rsrc_virtstart = bin_dword(data:substr(sections_data, 12)); break; } if(i > max_recurs){ break; } } if(isnull(rsrc_start)){ return NULL; } dir_data = read_file(share:share, file:file, offset:rsrc_start, count:16); dir_entries = bin_word(data:substr(dir_data,12)) + bin_word(data:substr(dir_data,14)); dir_offset = NULL; sub_dir = 0; max_recurs = 100; recurs = 0; for(i = 0; i < dir_entries; i++) { dir_data = read_file(file:file, offset:rsrc_start+16+i*8, count:8); if(bin_dword(data:substr(dir_data,0)) == 0x10) { repeat { dir_tmp = bin_dword(data:substr(dir_data,4)); if((dir_tmp & 0x80000000) == 0x80000000) { dir_offset = dir_tmp - 0x80000000; sub_dir = 1; } else { dir_offset = dir_tmp; sub_dir = 0; } dir_data = read_file(share:share, file:file, offset:rsrc_start+dir_offset+16, count:8); if(strlen(dir_data) != 8){ return NULL; } if(++recurs > max_recurs){ return NULL; } } until sub_dir == 0; break; } if(i > max_recurs){ break; } } if(isnull(dir_offset)){ return NULL; } dir_data = read_file(share:share, file:file, offset:rsrc_start+dir_offset, count:4); dir_offset = bin_dword(data:substr(dir_data,0)); rsrc_start = rsrc_start + (dir_offset - rsrc_virtstart); vs_data = read_file(share:share, file:file, offset:rsrc_start, count:2); vs_length = bin_word(data:substr(vs_data,0)); vs_data = read_file(share:share, file:file, offset:rsrc_start, count:vs_length); if(bin_dword(data:substr(vs_data,40)) != 0xfeef04bd){ return NULL; } if(prodvers == 0){ vs_offset = 48; } else{ vs_offset = 56; } r = NULL; r = string((bin_dword(data:substr(vs_data, vs_offset)) >>> 16) + "."); r = r + string((bin_dword(data:substr(vs_data, vs_offset)) & 0xffff) + "."); r = r + string((bin_dword(data:substr(vs_data, vs_offset+4)) >>> 16) + "."); r = r + string((bin_dword(data:substr(vs_data, vs_offset+4)) & 0xffff)); return r;}function bin_word(data){ return( ord(data[0]) + (ord(data[1]) << 8) );}function bin_dword(data){ return(ord(data[0]) + (ord(data[1]) << 8) + (ord(data[2]) << 16) + (ord(data[3]) << 24));}⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -