Refactor negotiate handling

jvazquez-r7 · jvazquez-r7 · commit 5418cdad11d0 · 2015-02-26T23:49:07.000-06:00
diff --git a/lib/msf/core/exploit/smb/server/share/command/negotiate.rb b/lib/msf/core/exploit/smb/server/share/command/negotiate.rb
@@ -15,6 +15,32 @@ def smb_cmd_negotiate(c, buff)
             dialects = pkt['Payload'].v['Payload'].gsub(/\x00/, '').split(/\x02/).grep(/^\w+/)
             dialect = dialects.index("NT LM 0.12") || dialects.length-1
 
+            send_negotitate_res(c, {
+              dialect: dialect,
+              security_mode: CONST::NEG_SECURITY_PASSWORD,
+              max_mpx: 50,
+              max_vcs: 1,
+              max_buff: 4356,
+              max_raw: 65536,
+              server_time_zone: 0,
+              capabilities: CAPABILITIES,
+              key_length: 8,
+              key: Rex::Text.rand_text_hex(8)
+            })
+          end
+
+          def send_negotitate_res(c, opts = {})
+            dialect = opts[:dialect] || 0
+            security_mode = opts[:security_mode] || 0
+            max_mpx = opts[:max_mpx] || 0
+            max_vcs = opts[:max_vcs] || 0
+            max_buff = opts[:max_buff] || 0
+            max_raw = opts[:max_raw] || 0
+            server_time_zone = opts[:server_time_zone] || 0
+            capabilities = opts[:capabilities] || 0
+            key_length = opts[:key_length] || 0
+            key = opts[:key] || ''
+
             pkt = CONST::SMB_NEG_RES_NT_PKT.make_struct
             smb_set_defaults(c, pkt)
 
@@ -23,18 +49,18 @@ def smb_cmd_negotiate(c, buff)
             pkt['Payload']['SMB'].v['Flags2'] = FLAGS2
             pkt['Payload']['SMB'].v['WordCount'] = 17
             pkt['Payload'].v['Dialect'] = dialect
-            pkt['Payload'].v['SecurityMode'] = CONST::NEG_SECURITY_PASSWORD
-            pkt['Payload'].v['MaxMPX'] = 50
-            pkt['Payload'].v['MaxVCS'] = 1
-            pkt['Payload'].v['MaxBuff'] = 4356
-            pkt['Payload'].v['MaxRaw'] = 65536
+            pkt['Payload'].v['SecurityMode'] = security_mode
+            pkt['Payload'].v['MaxMPX'] = max_mpx
+            pkt['Payload'].v['MaxVCS'] = max_vcs
+            pkt['Payload'].v['MaxBuff'] = max_buff
+            pkt['Payload'].v['MaxRaw'] = max_raw
             pkt['Payload'].v['SystemTimeLow'] = lo
             pkt['Payload'].v['SystemTimeHigh'] = hi
-            pkt['Payload'].v['ServerTimeZone'] = 0x0
+            pkt['Payload'].v['ServerTimeZone'] = server_time_zone
             pkt['Payload'].v['SessionKey'] = 0
-            pkt['Payload'].v['Capabilities'] = CAPABILITIES
-            pkt['Payload'].v['KeyLength'] = 8
-            pkt['Payload'].v['Payload'] = Rex::Text.rand_text_hex(8)
+            pkt['Payload'].v['Capabilities'] = capabilities
+            pkt['Payload'].v['KeyLength'] = key_length
+            pkt['Payload'].v['Payload'] = key
 
             c.put(pkt.to_s)
           end
