smb_header.inc

漏洞扫描源码,可以扫描linux,windows,交换机路由器

# -*- Fundamental -*-
#
# 
# (C) 2006 Tenable Network Security
#
# This script is released under one of the Tenable Script Licenses and may not
# be used from within scripts released under another license without the
# authorization from Tenable Network Security Inc.
#
# See the following licenses for details :
#  http://www.nessus.org/plugins/RegisteredFeed.pdf
#  http://www.nessus.org/plugins/TenableCommercial.pdf
#  http://www.nessus.org/plugins/DirectFeed.pdf
#  http://www.nessus.org/plugins/DirectFeedCommercial.pdf
#
#
#
# @NOGPL@
#
# smb_header.inc 
# $Revision: 1.17 $
#


# Supported Protocol
supported_protocol = 6;

protocol[0] = "PC NETWORK PROGRAM 1.0";
protocol[1] = "LANMAN1.0";
protocol[2] = "Windows for Workgroups 3.1a";
protocol[3] = "LM1.2X002";
protocol[4] = "LANMAN2.1";
protocol[5] = "NT LM 0.12";

nes_native_os = "Windows 2002 Service Pack 2 2600";
nes_native_lanman = "Windows 2002 5.1";

#---------------------------------------------------------#
# SMB HEADER                                              #
#---------------------------------------------------------#

# SMB Header size : 32 bytes
SMB_HDR_SIZE = 32;

# FLAGS field bitmasks.
SMB_FLAGS_SERVER_TO_REDIR       = 0x80;
SMB_FLAGS_REQUEST_BATCH_OPLOCK  = 0x40;
SMB_FLAGS_REQUEST_OPLOCK        = 0x20;
SMB_FLAGS_CANONICAL_PATHNAMES   = 0x10;
SMB_FLAGS_CASELESS_PATHNAMES    = 0x08;
SMB_FLAGS_RESERVED              = 0x04;
SMB_FLAGS_CLIENT_BUF_AVAIL      = 0x02;
SMB_FLAGS_SUPPORT_LOCKREAD      = 0x01;
SMB_FLAGS_MASK                  = 0xFB;

# FLAGS2 field bitmasks.
SMB_FLAGS2_UNICODE_STRINGS      = 0x8000;
SMB_FLAGS2_32BIT_STATUS         = 0x4000;
SMB_FLAGS2_READ_IF_EXECUTE      = 0x2000;
SMB_FLAGS2_DFS_PATHNAME         = 0x1000;
SMB_FLAGS2_EXTENDED_SECURITY    = 0x0800;
SMB_FLAGS2_RESERVED_01          = 0x0400;
SMB_FLAGS2_RESERVED_02          = 0x0200;
SMB_FLAGS2_RESERVED_03          = 0x0100;
SMB_FLAGS2_RESERVED_04          = 0x0080;
SMB_FLAGS2_IS_LONG_NAME         = 0x0040;
SMB_FLAGS2_RESERVED_05          = 0x0020;
SMB_FLAGS2_RESERVED_06          = 0x0010;
SMB_FLAGS2_RESERVED_07          = 0x0008;
SMB_FLAGS2_SECURITY_SIGNATURE   = 0x0004;
SMB_FLAGS2_EAS                  = 0x0002;
SMB_FLAGS2_KNOWS_LONG_NAMES     = 0x0001;
SMB_FLAGS2_MASK                 = 0xF847;


# Capabilities bitmasks.
CAP_UNICODE           = 0x00000004;
CAP_STATUS32          = 0x00000040;
CAP_LEVEL_II_OPLOCKS  = 0x00000080;
CAP_NT_FIND           = 0x00000200;
CAP_NT_SMBS           = 0x00000010;
CAP_LARGE_FILES       = 0x00000008;
CAP_EXTENDED_SECURITY = 0x80000000;

# Security Mode
NEGOTIATE_SECURITY_SIGNATURES_REQUIRED = 0x08;
NEGOTIATE_SECURITY_SIGNATURES_ENABLED = 0x04;
NEGOTIATE_SECURITY_CHALLENGE_RESPONSE = 0x02;

# SMB commands
SMB_COM_CREATE_DIRECTORY        = 0x00;
SMB_COM_DELETE_DIRECTORY        = 0x01;
SMB_COM_OPEN                    = 0x02;
SMB_COM_CREATE                  = 0x03;
SMB_COM_CLOSE                   = 0x04;
SMB_COM_FLUSH                   = 0x05;
SMB_COM_DELETE                  = 0x06;
SMB_COM_RENAME                  = 0x07;
SMB_COM_QUERY_INFORMATION       = 0x08;
SMB_COM_SET_INFORMATION         = 0x09;
SMB_COM_READ                    = 0x0A;
SMB_COM_WRITE                   = 0x0B;
SMB_COM_LOCK_BYTE_RANGE         = 0x0C;
SMB_COM_UNLOCK_BYTE_RANGE       = 0x0D;
SMB_COM_CREATE_TEMPORARY        = 0x0E;
SMB_COM_CREATE_NEW              = 0x0F;
SMB_COM_CHECK_DIRECTORY         = 0x10;
SMB_COM_PROCESS_EXIT            = 0x11;
SMB_COM_SEEK                    = 0x12;
SMB_COM_LOCK_AND_READ           = 0x13;
SMB_COM_WRITE_AND_UNLOCK        = 0x14;
SMB_COM_READ_RAW                = 0x1A;
SMB_COM_READ_MPX                = 0x1B;
SMB_COM_READ_MPX_SECONDARY      = 0x1C;
SMB_COM_WRITE_RAW               = 0x1D;
SMB_COM_WRITE_MPX               = 0x1E;
SMB_COM_WRITE_COMPLETE          = 0x20;
SMB_COM_SET_INFORMATION2        = 0x22;
SMB_COM_QUERY_INFORMATION2      = 0x23;
SMB_COM_LOCKING_ANDX            = 0x24;
SMB_COM_TRANSACTION             = 0x25;
SMB_COM_TRANSACTION_SECONDARY   = 0x26;
SMB_COM_IOCTL                   = 0x27;
SMB_COM_IOCTL_SECONDARY         = 0x28;
SMB_COM_COPY                    = 0x29;
SMB_COM_MOVE                    = 0x2A;
SMB_COM_ECHO                    = 0x2B;
SMB_COM_WRITE_AND_CLOSE         = 0x2C;
SMB_COM_OPEN_ANDX               = 0x2D;
SMB_COM_READ_ANDX               = 0x2E;
SMB_COM_WRITE_ANDX              = 0x2F;
SMB_COM_CLOSE_AND_TREE_DISC     = 0x31;
SMB_COM_TRANSACTION2            = 0x32;
SMB_COM_TRANSACTION2_SECONDARY  = 0x33;
SMB_COM_FIND_CLOSE2             = 0x34;
SMB_COM_FIND_NOTIFY_CLOSE       = 0x35;
SMB_COM_TREE_CONNECT            = 0x70;
SMB_COM_TREE_DISCONNECT         = 0x71;
SMB_COM_NEGOTIATE               = 0x72;
SMB_COM_SESSION_SETUP_ANDX      = 0x73;
SMB_COM_LOGOFF_ANDX             = 0x74;
SMB_COM_TREE_CONNECT_ANDX       = 0x75;
SMB_COM_QUERY_INFORMATION_DISK  = 0x80;
SMB_COM_SEARCH                  = 0x81;
SMB_COM_FIND                    = 0x82;
SMB_COM_FIND_UNIQUE             = 0x83;
SMB_COM_NT_TRANSACT             = 0xA0;
SMB_COM_NT_TRANSACT_SECONDARY   = 0xA1;
SMB_COM_NT_CREATE_ANDX          = 0xA2;
SMB_COM_NT_CANCEL               = 0xA4;
SMB_COM_OPEN_PRINT_FILE         = 0xC0;
SMB_COM_WRITE_PRINT_FILE        = 0xC1;
SMB_COM_CLOSE_PRINT_FILE        = 0xC2;
SMB_COM_GET_PRINT_QUEUE         = 0xC3;
SMB_COM_READ_BULK               = 0xD8;
SMB_COM_WRITE_BULK              = 0xD9;
SMB_COM_WRITE_BULK_DATA         = 0xDA;


# ERROR code
NO_ERROR                                     = 0;
ERROR_SUCCESS                                = 0;
ERROR_INVALID_FUNCTION                       = 1;
ERROR_FILE_NOT_FOUND                         = 2;
ERROR_PATH_NOT_FOUND                         = 3;
ERROR_TOO_MANY_OPEN_FILES                    = 4;
ERROR_ACCESS_DENIED                          = 5;
ERROR_INVALID_HANDLE                         = 6;
ERROR_ARENA_TRASHED                          = 7;
ERROR_NOT_ENOUGH_MEMORY                      = 8;
ERROR_INVALID_BLOCK                          = 9;
ERROR_BAD_ENVIRONMENT                        = 10;
ERROR_BAD_FORMAT                             = 11;
ERROR_INVALID_ACCESS                         = 12;
ERROR_INVALID_DATA                           = 13;
ERROR_OUTOFMEMORY                            = 14;
ERROR_INVALID_DRIVE                          = 15;
ERROR_CURRENT_DIRECTORY                      = 16;
ERROR_NOT_SAME_DEVICE                        = 17;
ERROR_NO_MORE_FILES                          = 18;
ERROR_WRITE_PROTECT                          = 19;
ERROR_BAD_UNIT                               = 20;
ERROR_NOT_READY                              = 21;
ERROR_BAD_COMMAND                            = 22;
ERROR_CRC                                    = 23;
ERROR_BAD_LENGTH                             = 24;
ERROR_SEEK                                   = 25;
ERROR_NOT_DOS_DISK                           = 26;
ERROR_SECTOR_NOT_FOUND                       = 27;
ERROR_OUT_OF_PAPER                           = 28;
ERROR_WRITE_FAULT                            = 29;
ERROR_READ_FAULT                             = 30;
ERROR_GEN_FAILURE                            = 31;
ERROR_SHARING_VIOLATION                      = 32;
ERROR_LOCK_VIOLATION                         = 33;
ERROR_WRONG_DISK                             = 34;
ERROR_SHARING_BUFFER_EXCEEDED                = 36;
ERROR_HANDLE_EOF                             = 38;
ERROR_HANDLE_DISK_FULL                       = 39;
ERROR_NOT_SUPPORTED                          = 50;
ERROR_REM_NOT_LIST                           = 51;
ERROR_DUP_NAME                               = 52;
ERROR_BAD_NETPATH                            = 53;
ERROR_NETWORK_BUSY                           = 54;
ERROR_DEV_NOT_EXIST                          = 55;
ERROR_TOO_MANY_CMDS                          = 56;
ERROR_ADAP_HDW_ERR                           = 57;
ERROR_BAD_NET_RESP                           = 58;
ERROR_UNEXP_NET_ERR                          = 59;
ERROR_BAD_REM_ADAP                           = 60;
ERROR_PRINTQ_FULL                            = 61;
ERROR_NO_SPOOL_SPACE                         = 62;
ERROR_PRINT_CANCELLED                        = 63;
ERROR_NETNAME_DELETED                        = 64;
ERROR_NETWORK_ACCESS_DENIED                  = 65;
ERROR_BAD_DEV_TYPE                           = 66;
ERROR_BAD_NET_NAME                           = 67;
ERROR_TOO_MANY_NAMES                         = 68;
ERROR_TOO_MANY_SESS                          = 69;
ERROR_SHARING_PAUSED                         = 70;
ERROR_REQ_NOT_ACCEP                          = 71;
ERROR_REDIR_PAUSED                           = 72;
ERROR_FILE_EXISTS                            = 80;
ERROR_CANNOT_MAKE                            = 82;
ERROR_FAIL_I24                               = 83;
ERROR_OUT_OF_STRUCTURES                      = 84;
ERROR_ALREADY_ASSIGNED                       = 85;
ERROR_INVALID_PASSWORD                       = 86;
ERROR_INVALID_PARAMETER                      = 87;
ERROR_NET_WRITE_FAULT                        = 88;
ERROR_NO_PROC_SLOTS                          = 89;
ERROR_TOO_MANY_SEMAPHORES                    = 100;
ERROR_EXCL_SEM_ALREADY_OWNED                 = 101;
ERROR_SEM_IS_SET                             = 102;
ERROR_TOO_MANY_SEM_REQUESTS                  = 103;
ERROR_INVALID_AT_INTERRUPT_TIME              = 104;
ERROR_SEM_OWNER_DIED                         = 105;
ERROR_SEM_USER_LIMIT                         = 106;
ERROR_DISK_CHANGE                            = 107;
ERROR_DRIVE_LOCKED                           = 108;
ERROR_BROKEN_PIPE                            = 109;
ERROR_OPEN_FAILED                            = 110;
ERROR_BUFFER_OVERFLOW                        = 111;
ERROR_DISK_FULL                              = 112;
ERROR_NO_MORE_SEARCH_HANDLES                 = 113;
ERROR_INVALID_TARGET_HANDLE                  = 114;
ERROR_INVALID_CATEGORY                       = 117;
ERROR_INVALID_VERIFY_SWITCH                  = 118;
ERROR_BAD_DRIVER_LEVEL                       = 119;
ERROR_CALL_NOT_IMPLEMENTED                   = 120;
ERROR_SEM_TIMEOUT                            = 121;
ERROR_INSUFFICIENT_BUFFER                    = 122;
ERROR_INVALID_NAME                           = 123;
ERROR_INVALID_LEVEL                          = 124;
ERROR_NO_VOLUME_LABEL                        = 125;
ERROR_MOD_NOT_FOUND                          = 126;
ERROR_PROC_NOT_FOUND                         = 127;
ERROR_WAIT_NO_CHILDREN                       = 128;
ERROR_CHILD_NOT_COMPLETE                     = 129;
ERROR_DIRECT_ACCESS_HANDLE                   = 130;
ERROR_NEGATIVE_SEEK                          = 131;
ERROR_SEEK_ON_DEVICE                         = 132;
ERROR_IS_JOIN_TARGET                         = 133;
ERROR_IS_JOINED                              = 134;
ERROR_IS_SUBSTED                             = 135;
ERROR_NOT_JOINED                             = 136;
ERROR_NOT_SUBSTED                            = 137;
ERROR_JOIN_TO_JOIN                           = 138;
ERROR_SUBST_TO_SUBST                         = 139;
ERROR_JOIN_TO_SUBST                          = 140;
ERROR_SUBST_TO_JOIN                          = 141;
ERROR_BUSY_DRIVE                             = 142;
ERROR_SAME_DRIVE                             = 143;
ERROR_DIR_NOT_ROOT                           = 144;
ERROR_DIR_NOT_EMPTY                          = 145;
ERROR_IS_SUBST_PATH                          = 146;
ERROR_IS_JOIN_PATH                           = 147;
ERROR_PATH_BUSY                              = 148;
ERROR_IS_SUBST_TARGET                        = 149;
ERROR_SYSTEM_TRACE                           = 150;
ERROR_INVALID_EVENT_COUNT                    = 151;
ERROR_TOO_MANY_MUXWAITERS                    = 152;
ERROR_INVALID_LIST_FORMAT                    = 153;
ERROR_LABEL_TOO_LONG                         = 154;
ERROR_TOO_MANY_TCBS                          = 155;
ERROR_SIGNAL_REFUSED                         = 156;
ERROR_DISCARDED                              = 157;
ERROR_NOT_LOCKED                             = 158;
ERROR_BAD_THREADID_ADDR                      = 159;
ERROR_BAD_ARGUMENTS                          = 160;
ERROR_BAD_PATHNAME                           = 161;
ERROR_SIGNAL_PENDING                         = 162;
ERROR_MAX_THRDS_REACHED                      = 164;
ERROR_LOCK_FAILED                            = 167;
ERROR_BUSY                                   = 170;
ERROR_CANCEL_VIOLATION                       = 173;
ERROR_ATOMIC_LOCKS_NOT_SUPPORTED             = 174;
ERROR_INVALID_SEGMENT_NUMBER                 = 180;
ERROR_INVALID_ORDINAL                        = 182;
ERROR_ALREADY_EXISTS                         = 183;
ERROR_INVALID_FLAG_NUMBER                    = 186;
ERROR_SEM_NOT_FOUND                          = 187;
ERROR_INVALID_STARTING_CODESEG               = 188;
ERROR_INVALID_STACKSEG                       = 189;
ERROR_INVALID_MODULETYPE                     = 190;
ERROR_INVALID_EXE_SIGNATURE                  = 191;
ERROR_EXE_MARKED_INVALID                     = 192;
ERROR_BAD_EXE_FORMAT                         = 193;
ERROR_ITERATED_DATA_EXCEEDS_64k              = 194;
ERROR_INVALID_MINALLOCSIZE                   = 195;
ERROR_DYNLINK_FROM_INVALID_RING              = 196;
ERROR_IOPL_NOT_ENABLED                       = 197;
ERROR_INVALID_SEGDPL                         = 198;
ERROR_AUTODATASEG_EXCEEDS_64k                = 199;
ERROR_RING2SEG_MUST_BE_MOVABLE               = 200;