⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 smb_internals.inc

📁 漏洞扫描源码,可以扫描linux,windows,交换机路由器
💻 INC
📖 第 1 页 / 共 2 页
字号:
🔍
12 
# -*- Fundamental -*-## # (C) 2006 Tenable Network Security## This script is released under one of the Tenable Script Licenses and may not# be used from within scripts released under another license without the# authorization from Tenable Network Security Inc.## See the following licenses for details :#  http://www.nessus.org/plugins/RegisteredFeed.pdf#  http://www.nessus.org/plugins/TenableCommercial.pdf#  http://www.nessus.org/plugins/DirectFeed.pdf#  http://www.nessus.org/plugins/DirectFeedCommercial.pdf### @NOGPL@## smb_internals.inc # $Revision: 1.9 $## GLOBAL VAR : Session. Can be used as arg later.global_var Session, previous_hash;function kb_smb_name(){ local_var ret; ret = get_kb_item("SMB/name"); if ( ret ) 	return string(ret); else	return get_host_ip();}function kb_smb_domain(){ return string(get_kb_item("SMB/domain"));}function kb_smb_login(){ return string(get_kb_item("SMB/login"));}function kb_smb_password(){ return string(get_kb_item("SMB/password"));}function kb_smb_transport(){ local_var r; r = get_kb_item("SMB/transport"); if ( r ) return int(r); else return 445;}#==================================================================## Section 1. Utilities                                             ##==================================================================##---------------------------------------------------------## Function    : get_string                                ## Description : Extract a null terminated string          ##---------------------------------------------------------#function get_string (blob, pos, _type){ local_var string, i, unicode, len; if (isnull (_type))   unicode = session_is_unicode(); else   unicode = _type; string = NULL; i = pos; len = strlen(blob); while (i < len) {  if (unicode == 1)  {   if ((i+1 >= len) || ((blob[i] == '\0') && (blob[i+1] == '\0')))    return unicode2ascii (string:string);    string += blob[i] + blob[i+1];   i += 2;  }  else  {   if (blob[i] == '\0')     return string;   string += blob[i];   i++;  } }}#---------------------------------------------------------## Function    : get_string2                               ## Description : Extract a non null terminated string      ##---------------------------------------------------------#function get_string2 (blob, pos, len, _type){ local_var string, unicode; if (isnull (_type))   unicode = session_is_unicode(); else   unicode = _type; string = NULL; if (pos+len > strlen(blob))   return NULL; string = substr (blob, pos, pos+len-1); if (unicode == 1)   return unicode2ascii (string:string);  else   return string;}#---------------------------------------------------------## Function    : null_length                               ## Description : return size of null end char              ##---------------------------------------------------------#function null_length (){ if (session_is_unicode() == 1)   return 2; else   return 1;}#---------------------------------------------------------## Function    : dos_status                                ## Description : Return DOS_status code                    ##---------------------------------------------------------#function dos_status (ErrorClass, ErrorCode){ return  raw_byte (b:ErrorClass) +         raw_byte (b:0) +         raw_word (w:ErrorCode);}#---------------------------------------------------------## Function    : nt_status                                 ## Description : Return NT_status code                     ##---------------------------------------------------------#function nt_status (Status){ return raw_dword (d:Status);}#---------------------------------------------------------## Function    : ascii                                     ## Description : Convert string to ASCII string (NULL end) ##---------------------------------------------------------#function ascii (string){ return string + raw_byte (b:0);}#---------------------------------------------------------## Function    : unicode                                   ## Description : Convert ASCII string to unicode           ##---------------------------------------------------------#function unicode (string){ local_var ustring, i, len, end; ustring = NULL; len = strlen(string); end = raw_byte (b:0); for (i=0; i<len; i++) {   ustring += string[i] + end; } return ustring;}#---------------------------------------------------------## Function    : unicode2ascii                             ## Description : Convert unicode string to ascii           ##---------------------------------------------------------#function unicode2ascii (string){ local_var astring, i, len; astring = NULL; len = strlen (string); for (i=0; i<len; i+=2) {   astring += string[i]; } while (astring && (astring[strlen(astring)-1] == '\0'))   astring = substr(astring, 0, strlen(astring)-2); return astring;}#---------------------------------------------------------## Function    : isUnicode                                 ## Description : Return 1 if string is in real unicode     ##---------------------------------------------------------#function isUnicode (string){ # Unicode are not supported yet in nessus return 0;}#---------------------------------------------------------## Function    : cstring                                   ## Description : Convert string to ascii or unicode        ##               If null is set, null end char is not      ##               added                                     ##---------------------------------------------------------#function cstring (string, _null){ local_var astring, ustring, i, sUnicode; sUnicode = session_is_unicode(); # If the string is not in real unicode if (isUnicode (string:string) == 0) {  if ( (!string && (_null == 1)) || ((sUnicode == 0) && (_null == 1)) )    return string;     if (sUnicode == 1)  {   if (_null == 1)     return unicode (string:string);   else     return unicode (string:ascii(string:string));  }  else    return ascii (string:string); } else {  # sUnicode must be set to 1 in this case.  if (_null == 1)    return string;  else    return string + raw_string (0x00,0x00); }}function convert_time_to_sec (time, no_zero){ local_var high, low, add, tmp, tmp2, i, j, val; high = get_dword (blob:time, pos:4); low = get_dword (blob:time, pos:0); if ((low == 0) && (high == 0x80000000))   return -1; if (isnull(no_zero) || (no_zero == FALSE)) {  # 0 - time  if (low != 0)    high = 0 - (high+1);  else    high = 0 - high;  low = 0 - low; } tmp = raw_dword(d:low)+raw_dword(d:high); for (i=0; i<7; i++) {  val = 0;  tmp2 = NULL;  for (j=0; j<8; j++)  {   tmp2 = raw_string((ord(tmp[7-j])+val*256)/2) + tmp2;   val = (ord(tmp[7-j])+val*256)%2;  }  tmp = tmp2; } for (i=0; i<7; i++) {  val = 0;  tmp2 = NULL;  for (j=0; j<8; j++)  {   tmp2 = raw_string((ord(tmp[7-j])+val*256)/5) + tmp2;   val = (ord(tmp[7-j])+val*256)%5;  }  tmp = tmp2; } return get_dword(blob:tmp, pos:0);}function parse_addrlist(addrlist){ local_var list, len, pos, s, code, slen; list = NULL; pos = 0; slen = strlen(addrlist); while (pos+4 < slen) {  code = get_word(blob:addrlist, pos:pos);  if (code == 0)    break;  len = get_word(blob:addrlist, pos:pos+2);  if (pos+4+len > slen)    break;  s = get_string2 (blob:addrlist, pos:pos+4, len:len, _type:1);  list[code] = s;  pos += 4 + len; } return list;}#==================================================================## Section 2. Session functions                                     ##==================================================================## Session structure (array):## DWORD Socket;# DWORD Timeout;# WORD  Uid;# WORD  Tid;# WORD  Pid;# WORD  Mid;# BYTE  Unicode;# DWORD cMaxBufferSize;# DWORD SequenceNumber;# BYTE  MAC_Key[];# BYTE  Flags;# WORD  Flags2;function session_init (socket,timeout,login,domain,password,hostname){ local_var session, host; Session[0] = socket;  if (!isnull (timeout))   Session[1] = timeout; else   Session[1] = 15; if (isnull (hostname))   host = NULL; else {   host = hostname;   while (host[strlen(host)-1] == ' ')     host = substr(host,0,strlen(host)-2); } Session[2] = 0; # Uid Session[3] = 0; # Tid Session[4] = rand(); # Pid Session[5] = 0; # Mid Session[6] = 0; # Unicode Session[7] = 0x4400; # Client Max Buffer Size Session[8] = 0; # SequenceNumber Session[9] = NULL; # MAC_Key Session[10] = SMB_FLAGS_CANONICAL_PATHNAMES | SMB_FLAGS_CASELESS_PATHNAMES; Session[11] = SMB_FLAGS2_KNOWS_LONG_NAMES | SMB_FLAGS2_32BIT_STATUS | SMB_FLAGS2_EAS; Session[12] = host; Session[13] = 0; Session[14] = 0; # GUEST Session[15] = 0; # cid Session[16] = 0; # Server Max buff size Session[17] = NULL; # Os Session[18] = NULL; # Lan Manager Session[19] = NULL; # Domain Session[20] = NULL; # Addr List Session[21] = 0;  # RPC error code}function session_get_socket (){ return Session[0];}function session_set_socket (socket){ Session[0] = socket;}function session_get_timeout (){ return Session[1];}function session_set_timeout (timeout){ Session[1] = timeout;}function session_get_uid (){ return Session[2];}function session_set_uid (uid){ Session[2] = uid;}function session_get_tid (){ return Session[3];}function session_set_tid (tid){ Session[3] = tid;}function session_get_pid (){ return Session[4];}function session_set_pid (pid){ Session[4] = pid;}function session_get_mid (){ local_var mid; mid = Session[5]; Session[5] = mid + 64; return mid;}function session_set_mid (mid){ Session[5] = mid;}function session_is_unicode (){ return Session[6];}function session_set_unicode (unicode){ if (unicode == 1)   session_add_flags2 (flag:SMB_FLAGS2_UNICODE_STRINGS); else {  if (session_is_unicode() == 1)    session_del_flags2 (flag:SMB_FLAGS2_UNICODE_STRINGS); } Session[6] = unicode;}function session_get_buffersize (){ return Session[7];}function session_set_buffersize (size){ Session[7] = size;}function session_get_sequencenumber (){ return Session[8];}function session_increase_sequencenumber (){ Session[8] = Session[8] + 1;}function session_get_mackey (){ return Session[9];}function session_set_mackey (key){ Session[9] = key;}function session_get_flags (){ return Session[10];
12

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -