Add specs for SMB_FIND_FILE_BOTH_DIRECTORY_INFO requests

Author: jvazquez-r7

lib/rex/proto/smb/constants.rb

@@ -1360,17 +1360,20 @@ def self.make_nbs (template)
     ['Parameters', 'ByteCount',  nil, true]
   )
 
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_PATH_INFO responses
   SMB_TRANS2_QUERY_PATH_PARAMETERS = Rex::Struct2::CStructTemplate.new(
     ['uint16v', 'InformationLevel', 0],
     ['uint32v', 'Reserved',         0],
     ['string',  'FileName', nil,   '']
   )
 
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 QUERY_FILE_INFO responses
   SMB_TRANS2_QUERY_FILE_PARAMETERS = Rex::Struct2::CStructTemplate.new(
     ['uint16v', 'FID',              0],
     ['uint16v', 'InformationLevel', 0]
   )
 
+  # A template for SMB_Parameters blocks of the SMB_COM_TRANSACTION2 FIND_FIRST2 responses
   SMB_TRANS2_FIND_FIRST2_PARAMETERS = Rex::Struct2::CStructTemplate.new(
     ['uint16v', 'SearchAttributes',  0],
     ['uint16v', 'SearchCount',       0],
@@ -1380,6 +1383,7 @@ def self.make_nbs (template)
     ['string',  'FileName', nil,   '']
   )
 
+  # A template for SMB Tree Connect commands in responses
   SMB_TREE_CONN_ANDX_RES_PKT = Rex::Struct2::CStructTemplate.new(
     ['uint8',   'WordCount',         0],
     ['uint8',   'AndXCommand',       0],

spec/lib/msf/core/exploit/smb/server/share/command/trans2/find_first2_spec.rb

@@ -22,9 +22,11 @@
     ""
   end
 
-  let(:valid_find_file_both_directory_info_request) do
-    ""
+  let(:valid_find_file_both_directory_info_params) do
+    "\x16\x00\x56\x05\x07\x00\x04\x01\x00\x00\x00\x00\x5c\x00\x74\x00" +
+    "\x65\x00\x73\x00\x74\x00\x2e\x00\x65\x00\x78\x00\x65\x00\x00\x00"
   end
+  let(:find_file_both_directory_info_res_length) { 179 }
 
   let(:valid_find_file_full_directory_info_request) do
     ""
@@ -53,8 +55,27 @@
 
   describe "#smb_cmd_trans2_find_first2" do
 
-    context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO request" do
+    context "when valid SMB_FIND_FILE_BOTH_DIRECTORY_INFO parameters" do
+      it "returns the number of bytes answered" do
+        expect(mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)).to eq(find_file_both_directory_info_res_length)
+      end
+
+      it "send TRANSACTIONS2 response with the file name found in the SMB_Data" do
+        mod.smb_cmd_trans2_find_first2(client, valid_find_file_both_directory_info_params)
+        client.seek(0)
+        res = client.read
+
+        trans2_res = Rex::Proto::SMB::Constants::SMB_TRANS_RES_PKT.make_struct
+        trans2_res.from_s(res)
+        param_count = trans2_res['Payload'].v['ParamCount']
+        data_count = trans2_res['Payload'].v['DataCount']
+
+        data  = trans2_res['Payload'].v['SetupData'][2 + param_count, data_count]
+        smb_data = Rex::Proto::SMB::Constants::SMB_FIND_FILE_BOTH_DIRECTORY_INFO_HDR.make_struct
+        smb_data.from_s(data)
 
+        expect(smb_data.v['FileName']).to eq(Rex::Text.to_unicode(mod.file_name))
+      end
     end
   end