📄 smb_file.inc
字号:
# -*- Fundamental -*-## # (C) 2006 Tenable Network Security## This script is released under one of the Tenable Script Licenses and may not# be used from within scripts released under another license without the# authorization from Tenable Network Security Inc.## See the following licenses for details :# http://www.nessus.org/plugins/RegisteredFeed.pdf# http://www.nessus.org/plugins/TenableCommercial.pdf# http://www.nessus.org/plugins/DirectFeed.pdf# http://www.nessus.org/plugins/DirectFeedCommercial.pdf### @NOGPL@## smb_file.inc# $Revision: 1.8 $##==================================================================## Section 8. File API ##==================================================================#function get_win32_find_data_filename (struct){ local_var len; if (strlen(struct) < 94) return NULL; len = get_dword (blob:struct, pos:60); if (strlen(struct) < 94 + len) return NULL; return get_string2 (blob:struct, pos:94, len:len);}function get_win32_find_data_fileattributes (struct){ local_var len; if (strlen(struct) < 94) return NULL; return get_dword (blob:struct, pos:56);}#---------------------------------------------------------## Function : FindFirstFile ## Description : Return First file in WIN32_FIND_DATA ## Return : ret[0] = file handle ## ret[1] = file name ## ret[2] = file attributes ## full handle = ret (to use with NextFile) ##---------------------------------------------------------#function FindFirstFile (pattern){ local_var ret, parameters, search_id, search_count, end_of_search, ea_error_offset, last_name_offset; local_var pad, data, index, pos, file_struct, size; parameters = raw_word (w:0x16) + # Default search : include HIDDEN/SYSTEM/DIRECTORY raw_word (w:0xFFFF) + # Max buffer search count raw_word (w:6) + # Close if EOS is reached / RESUME raw_word (w:260) + # Default level of interest raw_dword (d:0) + # Storage type cstring (string:pattern); ret = smb_trans2 (param:parameters, data:NULL, max_pcount:18, command:1); if (!ret || (strlen (ret) < 14)) return NULL; # FIND_FIRST2 Parameters search_id = get_word (blob:ret, pos:0); search_count = get_word (blob:ret, pos:2); end_of_search = get_word (blob:ret, pos:4); ea_error_offset = get_word (blob:ret, pos:6); last_name_offset = get_word (blob:ret, pos:8); # Padding pad = get_word (blob:ret, pos:10); # FIND_FIRST2 Data data = substr (ret, 12, strlen(ret)-1); # If no data we quit if (search_count <= 0) return NULL; index = 1; pos = 0; # FIND_FIRST2 Data size = get_word (blob:data, pos:pos); if (strlen (data) < size) return NULL; if (size == 0) size = strlen(data); file_struct = substr (data, pos, pos+size-1); pos += size; index++; ret = NULL; ret[0] = raw_word (w:search_id) + raw_word (w:search_count) + raw_word (w:end_of_search) + raw_word (w:index) + raw_dword (d:pos) + data; ret[1] = get_win32_find_data_filename (struct:file_struct); ret[2] = get_win32_find_data_fileattributes (struct:file_struct); return ret;}#---------------------------------------------------------## Function : FindNextFile ## Description : Return Next file in WIN32_FIND_DATA ## Return : ret[0] = file handle ## ret[1] = file name ## full handle = ret ##---------------------------------------------------------#function FindNextFile (handle){ local_var ret, parameters, search_id, search_count, end_of_search, ea_error_offset, last_name_offset; local_var pad, data, index, pos, file_struct, size; if (strlen (handle[0]) < 13) return NULL; search_id = get_word (blob:handle[0], pos:0); search_count = get_word (blob:handle[0], pos:2); end_of_search = get_word (blob:handle[0], pos:4); index = get_word (blob:handle[0], pos:6); pos = get_dword (blob:handle[0], pos:8); data = substr (handle[0], 12, strlen (handle[0]) - 1); if (index > search_count) { if (end_of_search == 1) return NULL; parameters = raw_word (w:search_id) + # Search ID raw_word (w:0xFFFF) + # Max search buffer size raw_word (w:260) + # Default level of interest raw_dword (d:0) + # storage type raw_word (w:6) + # Close if EOS is reached / RESUME cstring (string:handle[1]); ret = smb_trans2 (param:parameters, data:NULL, max_pcount:8, command:2); if (!ret || (strlen (ret) < 10)) return NULL; # FIND_FIRST2 Parameters search_count = get_word (blob:ret, pos:0); end_of_search = get_word (blob:ret, pos:2); ea_error_offset = get_word (blob:ret, pos:4); last_name_offset = get_word (blob:ret, pos:6); # FIND_FIRST2 Data data = substr (ret, 8, strlen(ret)-1); # If no data we quit if (search_count <= 0) return NULL; index = 1; pos = 0; } size = get_word (blob:data, pos:pos); if (strlen (data) < size) return NULL; #last elem next offset param is null if (size == 0) size = strlen (data); file_struct = substr (data, pos, pos+size-1); pos += size; index++; ret = NULL; ret[0] = raw_word (w:search_id) + raw_word (w:search_count) + raw_word (w:end_of_search) + raw_word (w:index) + raw_dword (d:pos) + data; ret[1] = get_win32_find_data_filename (struct:file_struct); ret[2] = get_win32_find_data_fileattributes (struct:file_struct); return ret;}#---------------------------------------------------------## Function : CreateFile ## Description : open a file ## return file handle ##---------------------------------------------------------#function CreateFile (file, desired_access, file_attributes, share_mode, create_disposition){ return smb_create_and_x (name:file, desired_access:desired_access, flags_attributes:file_attributes, share_mode:share_mode, create_disposition:create_disposition, create_options:0);}#---------------------------------------------------------## Function : ReadFile ## Description : Read data from file ##---------------------------------------------------------#function ReadFile (handle, offset, length){ local_var fid; fid = handle[0]; return smb_read_and_x (fid:fid, offset:offset, length:length);}#---------------------------------------------------------## Function : WriteFile ## Description : write data into file ##---------------------------------------------------------#function WriteFile (handle, offset, mode, data){ local_var fid; fid = handle[0]; return smb_write_and_x (fid:fid, offset:offset, mode:mode, data:data);}#---------------------------------------------------------## Function : CloseFile ## Description : close a file ##---------------------------------------------------------#function CloseFile (handle){ local_var fid; fid = handle[0]; return smb_close (fid:fid);}#---------------------------------------------------------## Function : GetSecurityInfo ## Description : return security information ## Note : only works with a file ##---------------------------------------------------------#function GetSecurityInfo (handle, level){ local_var parameters, ret, len; parameters = raw_word (w:handle[0]) + # FID raw_word (w:0) + # reserved raw_dword (d:level); ret = smb_nt_trans (param:parameters, data:NULL, command:0x06, max_pcount:4, max_dcount:0); if (strlen(ret) != 4) return NULL; len = get_dword (blob:ret, pos:0); ret = smb_nt_trans (param:parameters, data:NULL, command:0x06, max_pcount:4, max_dcount:len); if (strlen(ret) < 4) return NULL; len = get_dword (blob:ret, pos:0); if (strlen(ret) != 4 + len) return NULL; return parse_security_descriptor (blob:substr(ret, 4, strlen(ret)-1));}#---------------------------------------------------------## Function : GetFileSize ## Description : return file size ##---------------------------------------------------------#function GetFileSize (handle){ local_var size; size = handle[1]; # size = low DWORD + high DWORD # we just don't care about high DWORD for the moment return get_dword (blob:size, pos:0);}function voffset_to_offset (voffset, sections){⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -