diff --git a/scapy/layers/netbios.py b/scapy/layers/netbios.py index 3d20a0ae65b..68e34c54e61 100644 --- a/scapy/layers/netbios.py +++ b/scapy/layers/netbios.py @@ -84,12 +84,33 @@ def post_build(self, p, pay): _NETBIOS_SUFFIXES = { - 0x4141: "workstation", - 0x4141 + 0x03: "messenger service", - 0x4141 + 0x200: "file server service", - 0x4141 + 0x10b: "domain master browser", - 0x4141 + 0x10c: "domain controller", - 0x4141 + 0x10e: "browser election service" + 0x4141 + 0x00: "Workstation Service", + 0x4141 + 0x01: "Messenger Service", + 0x4141 + 0x03: "Messenger service", + 0x4141 + 0x06: "RAS Server Service", + 0x4141 + 0x1B: "Exchange MTA", + 0x4141 + 0x1F: "NetDDE Service", + 0x4141 + 0x20: "File Server Service", + 0x4141 + 0x21: "RAS Client Service", + 0x4141 + 0x22: "Exchange Interchange Service", + 0x4141 + 0x23: "Exchange Store", + 0x4141 + 0x24: "Exchange Directory", + 0x4141 + 0x30: "Modern Sharing Server Service", + 0x4141 + 0x31: "Modern Sharing Client Service", + 0x4141 + 0x43: "SMS Client Remote Control", + 0x4141 + 0x44: "SMS Admin Remote Control Tool", + 0x4141 + 0x45: "SMS Client Remote Chat", + 0x4141 + 0x46: "SMS Client Remote Transfer", + 0x4141 + 0x4C: "DEC Pathworks TCP/IP Service", + 0x4141 + 0x52: "DEC Pathworks TCP/IP Service", + 0x4141 + 0x6A: "Exchange IMC", + 0x4141 + 0x87: "Exchange MTA", + 0x4141 + 0xBE: "Network Monitor Agent", + 0x4141 + 0xBF: "Network Monitor Apps", + 0x4141 + 0x10b: "Domain Master Browser", + 0x4141 + 0x10c: "Domain Controller", + 0x4141 + 0x10e: "Browser Election Service", + 0x4141 + 0x200: "File Server Service", } _NETBIOS_QRTYPES = { diff --git a/scapy/layers/smb.py b/scapy/layers/smb.py index cf2ee2e868a..5b4e5678c4b 100644 --- a/scapy/layers/smb.py +++ b/scapy/layers/smb.py @@ -943,7 +943,7 @@ class NETLOGON_LOGON_QUERY(NETLOGON): LEShortEnumField("OpCode", 0x7, _NETLOGON_opcodes), StrNullField("ComputerName", ""), StrNullField("MailslotName", ""), - StrNullFieldUtf16("UnicodeComputerName", ""), + ReversePadField(StrNullFieldUtf16("UnicodeComputerName", ""), 2), FlagsField("NtVersion", 0xB, -32, _NV_VERSION), XLEShortField("LmNtToken", 0xFFFF), XLEShortField("Lm20Token", 0xFFFF), @@ -1151,7 +1151,38 @@ class BRWS_HostAnnouncement(BRWS): StrFixedLenField("ServerName", b"", length=16), ByteField("OSVersionMajor", 6), ByteField("OSVersionMinor", 1), - LEIntField("ServerType", 4611), + FlagsField("ServerType", 4611, -32, { + 0x00000001: "SV_TYPE_WORKSTATION", + 0x00000002: "SV_TYPE_SERVER", + 0x00000004: "SV_TYPE_SQLSERVER", + 0x00000008: "SV_TYPE_DOMAIN_CTRL", + 0x00000010: "SV_TYPE_DOMAIN_BAKCTRL", + 0x00000020: "SV_TYPE_TIME_SOURCE", + 0x00000040: "SV_TYPE_AFP", + 0x00000080: "SV_TYPE_NOVELL", + 0x00000100: "SV_TYPE_DOMAIN_MEMBER", + 0x00000200: "SV_TYPE_PRINTQ_SERVER", + 0x00000400: "SV_TYPE_DIALIN_SERVER", + 0x00000800: "SV_TYPE_SERVER_UNIX,", + 0x00001000: "SV_TYPE_NT", + 0x00002000: "SV_TYPE_WFW", + 0x00004000: "SV_TYPE_SERVER_MFPN", + 0x00008000: "SV_TYPE_SERVER_NT", + 0x00010000: "SV_TYPE_POTENTIAL_BROWSER", + 0x00020000: "SV_TYPE_BACKUP_BROWSER", + 0x00040000: "SV_TYPE_MASTER_BROWSER", + 0x00080000: "SV_TYPE_DOMAIN_MASTER", + 0x00400000: "SV_TYPE_WINDOWS", + 0x00800000: "SV_TYPE_DFS", + 0x01000000: "SV_TYPE_CLUSTER_NT", + 0x02000000: "SV_TYPE_TERMINALSERVER", + 0x04000000: "SV_TYPE_CLUSTER_VS_NT", + 0x10000000: "SV_TYPE_DCE", + 0x20000000: "SV_TYPE_ALTERNATE_XPORT", + 0x40000000: "SV_TYPE_LOCAL_LIST_ONLY", + 0x80000000: "SV_TYPE_DOMAIN_ENUM", + 0xFFFFFFFF: "SV_TYPE_ALL", + }), ByteField("BrowserConfigVersionMajor", 21), ByteField("BrowserConfigVersionMinor", 1), XLEShortField("Signature", 0xAA55), diff --git a/test/scapy/layers/ldap.uts b/test/scapy/layers/ldap.uts index a4d1892e909..7657daea674 100644 --- a/test/scapy/layers/ldap.uts +++ b/test/scapy/layers/ldap.uts @@ -215,3 +215,23 @@ pkt = NETLOGON(b'\x13\x00\\\x00\\\x00D\x00C\x001\x00\x00\x00\x00\x00D\x00O\x00M\ assert pkt.NtVersion == 1 assert pkt.UnicodeLogonServer == r"\\DC1" assert pkt.UnicodeDomainName == "DOMAIN" + += Dissect NETLOGON_LOGON_QUERY - V1+V5+V5EX_WITH_IP + +pkt = NETLOGON(b'\x07\x00PC\x00\\MAILSLOT\\NET\\GETDC598\x00P\x00C\x00\x00\x00\x0b\x00\x00 \xff\xff\xff\xff') + +print(pkt.show()) +assert pkt.ComputerName == b"PC" +assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC598" +assert pkt.NtVersion == 0x2000000b +assert pkt.UnicodeComputerName == "PC" + += Dissect NETLOGON_LOGON_QUERY - V1+V5+V5EX_WITH_IP - with Padding + +pkt = NETLOGON(b'\x07\x00USER-PC\x00\\MAILSLOT\\NET\\GETDC725\x00\x00U\x00S\x00E\x00R\x00-\x00P\x00C\x00\x00\x00\x0b\x00\x00 \xff\xff\xff\xff') + +print(pkt.show()) +assert pkt.ComputerName == b"USER-PC" +assert pkt.MailslotName == b"\\MAILSLOT\\NET\\GETDC725" +assert pkt.NtVersion == 0x2000000b +assert pkt.UnicodeComputerName == "USER-PC" diff --git a/test/scapy/layers/netbios.uts b/test/scapy/layers/netbios.uts index eaff95decfe..9145b328284 100644 --- a/test/scapy/layers/netbios.uts +++ b/test/scapy/layers/netbios.uts @@ -8,7 +8,7 @@ = NBNSQueryRequest - build & dissect -z = NBNSHeader()/NBNSQueryRequest(SUFFIX="file server service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') +z = NBNSHeader()/NBNSQueryRequest(SUFFIX="File Server Service", QUESTION_NAME='TEST1', QUESTION_TYPE='NB') assert raw(z) == b'\x00\x00\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00 FEEFFDFEDBCACACACACACACACACACACA\x00\x00 \x00\x01'