Ethereal-dev: [ethereal-dev] Neet SMB capture files with encrypted passwords in them

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Richard Sharpe <sharpe@xxxxxxxxxx>
Date: Sun, 27 Jun 1999 09:02:18 +0900
Hi,

I need an SMB capture file with encrypted passwords in it.

I am working on my code to generate decode routines, and need to sort this
one out.

Here in an example of the input files I use. This one generates some 600
lines of code, and I don't have to do much fix up ... Notice the use of
spaces. My parser is very simple at the moment. 

SMB ssetupandx {
  andx;   # This is an ANDX SMB ...
  request {
    UCHAR Word Count (WCT) = 10;
    UCHAR AndXCommand;
    UCHAR AndXReserved = 0;
    USHORT AndXOffset;
    USHORT MaxBufferSize;
    USHORT MaxMpxCount;
    USHORT VcNumber;
    ULONG SessionKey;
    USHORT PasswordLen;
    ULONG Reserved = 0;
    USHORT Byte Count (BCC);
    UCSTR Password;
    STRING AccountName;
    STRING PrimaryDomain;
    STRING NativeOS;
  }
  request {
    UCHAR Word Count (WCT) = 13;
    UCHAR AndXCommand;
    UCHAR AndXReserved = 0;
    USHORT AndXOffset;
    USHORT MaxBufferSize;
    USHORT MaxMpxCount;
    USHORT VcNumber;
    ULONG SessionKey;
    USHORT ANSI Account Password Length;
    USHORT UNICODE Account Password Length;
    ULONG Reserved = 0;
    BITFIELD 32 Capabilities = {
      0x0001 = { "Raw Mode not supported" , "Raw Mode supported" };
      0x0002 = { "MPX Mode not supported" , "Raw Mode supported" };
      0x0004 = { "Unicode not supported" , "Unicode supported" };
      0x0008 = { "Large Files not supported" , "Large Files supported" };
      0x0010 = { "NT LM 0.12 SMBs not supported" , "NT LM 0.12 SMBs
supported" };
      0x0020 = { "RPC Remote APIs not supported" , "RPC Remote APIs
supported" };
      0x0040 = { "NT Status Codes not supported" , "NT Status Codes
supported" };
      0x0080 = { "Level 2 OpLocks not supported" , "Level 2 OpLocks
supported" };
      0x0100 = { "Lock&Read not supported" , "Lock&Read supported" };
      0x0200 = { "NT Find not supported" , "NT Find supported" };
      0x1000 = { "DFS not supported" , "DFS supported" };
      0x4000 = { "Large READX not supported" , "Large READX supported" };
      0x8000 = { "Large WRITEX not supported" , "Large WRITEX supported" };
      0x80000000 = { "Extended Security Exchanges not supported" ,
"Extended Security Exchanges supported" };
    };
    USHORT Byte Count;
    STRING ANSI Password;
    STRING UNICODE Password;
    STRING Account Name;
    STRING Primary Domain;
    STRING Native OS;
    STRING Native LanMan Type;
  }
  response {
    UCHAR Word Count (WCT) = 3;
    UCHAR AndXCommand;
    UCHAR AndXReserved = 0;
    USHORT AndXOffset;
    USHORT Action; # Hmmm ...
    USHORT Byte Count (BCC);
    STRING NativeOS;
    STRING NativeLanMan;
    STRING PrimaryDomain;
  }
}


Regards
-------
Richard Sharpe, sharpe@xxxxxxxxxx, NS Computer Software and Services P/L,
Samba (Team member www.samba.org), Ethereal (Team member www.zing.org)
Co-author, SAMS Teach Yourself Samba in 24 Hours