Skip to content

Commit 8a77bf7

Browse files
author
zerosum0x0
authored
removed wrong comments
1 parent 9fab64c commit 8a77bf7

File tree

1 file changed

+2
-3
lines changed

1 file changed

+2
-3
lines changed

modules/auxiliary/scanner/smb/smb_ms17_010.rb

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -150,7 +150,7 @@ def make_smb_trans2_doublepulsar(tree_id)
150150

151151
# opcode 0x0e = SESSION_SETUP
152152
setup = "\x0e\x00\x00\x00"
153-
setup_count = 1 # 2 words
153+
setup_count = 1 # 1 word
154154
trans = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
155155

156156
# calculate offsets to the SetupData payload
@@ -162,7 +162,7 @@ def make_smb_trans2_doublepulsar(tree_id)
162162
pkt['Payload']['SMB'].v['Command'] = Rex::Proto::SMB::Constants::SMB_COM_TRANSACTION2
163163
pkt['Payload']['SMB'].v['Flags1'] = 0x18
164164
pkt['Payload']['SMB'].v['MultiplexID'] = 65
165-
pkt['Payload']['SMB'].v['Flags2'] = 0xc007 # 0xc803 would unicode
165+
pkt['Payload']['SMB'].v['Flags2'] = 0xc007
166166
pkt['Payload']['SMB'].v['TreeID'] = tree_id
167167
pkt['Payload']['SMB'].v['WordCount'] = 14 + setup_count
168168
pkt['Payload'].v['Timeout'] = 0x00a4d9a6
@@ -173,7 +173,6 @@ def make_smb_trans2_doublepulsar(tree_id)
173173
pkt['Payload'].v['ParamOffset'] = 66
174174
pkt['Payload'].v['DataOffset'] = 78
175175

176-
# actual magic: PeekNamedPipe FID=0, \PIPE\
177176
pkt['Payload'].v['SetupCount'] = setup_count
178177
pkt['Payload'].v['SetupData'] = setup
179178
pkt['Payload'].v['Payload'] = trans

0 commit comments

Comments
 (0)