A bunch of cleanups and moves

Author: gpotter2

scapy/layers/kerberos.py

@@ -146,7 +146,6 @@
 )
 from scapy.layers.inet import TCP, UDP
 from scapy.layers.smb import _NV_VERSION
-from scapy.layers.smb2 import STATUS_ERREF
 from scapy.layers.tls.cert import (
     Cert,
     CertList,
@@ -161,6 +160,7 @@
     Hash_SHA512,
 )
 from scapy.layers.tls.crypto.groups import _ffdh_groups
+from scapy.layers.windows.erref import STATUS_ERREF
 from scapy.layers.x509 import (
     _CMS_ENCAPSULATED,
     CMS_ContentInfo,

scapy/layers/ldap.py

@@ -99,7 +99,7 @@
     NETLOGON,
     NETLOGON_SAM_LOGON_RESPONSE_EX,
 )
-from scapy.layers.smb2 import STATUS_ERREF
+from scapy.layers.windows.erref import STATUS_ERREF
 
 # Typing imports
 from typing import (

scapy/layers/msrpce/msnrpc.py

@@ -37,8 +37,8 @@
 from scapy.layers.msrpce.rpcclient import (
     DCERPC_Client,
     DCERPC_Transport,
-    STATUS_ERREF,
 )
+from scapy.layers.windows.erref import STATUS_ERREF
 from scapy.layers.msrpce.raw.ms_nrpc import (
     NetrServerAuthenticate3_Request,
     NetrServerAuthenticate3_Response,
@@ -610,7 +610,7 @@ def __init__(
 
     def connect(self, host, **kwargs):
         """
-        This calls DCERPC_Client's connect_and_bind to bind the 'logon' interface.
+        This calls DCERPC_Client's connect to bind the 'logon' interface.
         """
         super(NetlogonClient, self).connect(
             host=host,

scapy/layers/msrpce/rpcclient.py

@@ -50,10 +50,10 @@
     GSS_S_CONTINUE_NEEDED,
     GSS_C_FLAGS,
 )
-from scapy.layers.smb2 import STATUS_ERREF
 from scapy.layers.smbclient import (
     SMB_RPC_SOCKET,
 )
+from scapy.layers.windows.erref import STATUS_ERREF
 
 # RPC
 from scapy.layers.msrpce.ept import (
@@ -331,6 +331,7 @@ def sr1_req(self, pkt, **kwargs):
                 print(
                     conf.color_theme.opening(">> REQUEST: %s" % pkt.__class__.__name__)
                 )
+
         # Add sectrailer if first time talking on this interface
         vt_trailer = b""
         if (
@@ -400,6 +401,7 @@ def sr1_req(self, pkt, **kwargs):
                 ):
                     resp[DceRpc5Fault].payload.show()
             result = resp
+
         if self.verb and getattr(resp, "status", 0) != 0:
             if resp.status in _DCE_RPC_ERROR_CODES:
                 print(conf.color_theme.fail(f"! {_DCE_RPC_ERROR_CODES[resp.status]}"))

scapy/layers/smb.py

@@ -66,11 +66,11 @@
     GSSAPI_BLOB,
 )
 from scapy.layers.smb2 import (
-    STATUS_ERREF,
     SMB2_Compression_Transform_Header,
     SMB2_Header,
     SMB2_Transform_Header,
 )
+from scapy.layers.windows.erref import STATUS_ERREF
 
 
 SMB_COM = {

scapy/layers/smb2.py

@@ -75,6 +75,7 @@
     _NTLM_ENUM,
     _NTLM_post_build,
 )
+from scapy.layers.windows.erref import STATUS_ERREF
 
 
 # EnumField
@@ -87,62 +88,6 @@
     0x0311: "SMB 3.1.1",
 }
 
-# SMB2 sect 3.3.5.15 + [MS-ERREF]
-STATUS_ERREF = {
-    0x00000000: "STATUS_SUCCESS",
-    0x00000002: "ERROR_FILE_NOT_FOUND",
-    0x00000005: "ERROR_ACCESS_DENIED",
-    0x00000103: "STATUS_PENDING",
-    0x0000010B: "STATUS_NOTIFY_CLEANUP",
-    0x0000010C: "STATUS_NOTIFY_ENUM_DIR",
-    0x00000532: "ERROR_PASSWORD_EXPIRED",
-    0x00000533: "ERROR_ACCOUNT_DISABLED",
-    0x000006FE: "ERROR_TRUST_FAILURE",
-    0x80000005: "STATUS_BUFFER_OVERFLOW",
-    0x80000006: "STATUS_NO_MORE_FILES",
-    0x8000002D: "STATUS_STOPPED_ON_SYMLINK",
-    0x80070005: "E_ACCESSDENIED",
-    0x8007000E: "E_OUTOFMEMORY",
-    0x80090308: "SEC_E_INVALID_TOKEN",
-    0x8009030C: "SEC_E_LOGON_DENIED",
-    0x8009030F: "SEC_E_MESSAGE_ALTERED",
-    0x80090310: "SEC_E_OUT_OF_SEQUENCE",
-    0x80090346: "SEC_E_BAD_BINDINGS",
-    0x80090351: "SEC_E_SMARTCARD_CERT_REVOKED",
-    0xC0000003: "STATUS_INVALID_INFO_CLASS",
-    0xC0000004: "STATUS_INFO_LENGTH_MISMATCH",
-    0xC000000D: "STATUS_INVALID_PARAMETER",
-    0xC000000F: "STATUS_NO_SUCH_FILE",
-    0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED",
-    0xC0000022: "STATUS_ACCESS_DENIED",
-    0xC0000033: "STATUS_OBJECT_NAME_INVALID",
-    0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND",
-    0xC0000043: "STATUS_SHARING_VIOLATION",
-    0xC0000061: "STATUS_PRIVILEGE_NOT_HELD",
-    0xC0000064: "STATUS_NO_SUCH_USER",
-    0xC000006D: "STATUS_LOGON_FAILURE",
-    0xC000006E: "STATUS_ACCOUNT_RESTRICTION",
-    0xC0000070: "STATUS_INVALID_WORKSTATION",
-    0xC0000071: "STATUS_PASSWORD_EXPIRED",
-    0xC0000072: "STATUS_ACCOUNT_DISABLED",
-    0xC000009A: "STATUS_INSUFFICIENT_RESOURCES",
-    0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY",
-    0xC00000BB: "STATUS_NOT_SUPPORTED",
-    0xC00000C9: "STATUS_NETWORK_NAME_DELETED",
-    0xC00000CC: "STATUS_BAD_NETWORK_NAME",
-    0xC0000120: "STATUS_CANCELLED",
-    0xC0000122: "STATUS_INVALID_COMPUTER_NAME",
-    0xC0000128: "STATUS_FILE_CLOSED",  # backup error for older Win versions
-    0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED",
-    0xC000018B: "STATUS_NO_TRUST_SAM_ACCOUNT",
-    0xC000019C: "STATUS_FS_DRIVER_REQUIRED",
-    0xC0000203: "STATUS_USER_SESSION_DELETED",
-    0xC000020C: "STATUS_CONNECTION_DISCONNECTED",
-    0xC0000225: "STATUS_NOT_FOUND",
-    0xC0000257: "STATUS_PATH_NOT_COVERED",
-    0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED",
-}
-
 # SMB2 sect 2.1.2.1
 REPARSE_TAGS = {
     0x00000000: "IO_REPARSE_TAG_RESERVED_ZERO",

scapy/layers/smbclient.py

@@ -1876,16 +1876,7 @@ def getsd_output(self, results):
         Print the output of 'getsd'
         """
         sd = SECURITY_DESCRIPTOR(results)
-        print("Owner:", sd.OwnerSid.summary())
-        print("Group:", sd.GroupSid.summary())
-        if getattr(sd, "DACL", None):
-            print("DACL:")
-            for ace in sd.DACL.Aces:
-                print(" - ", ace.toSDDL())
-        if getattr(sd, "SACL", None):
-            print("SACL:")
-            for ace in sd.SACL.Aces:
-                print(" - ", ace.toSDDL())
+        sd.show_print()
 
 
 if __name__ == "__main__":

scapy/layers/spnego.py

@@ -851,6 +851,7 @@ def from_cli_arguments(
                 )
             else:
                 # We have a ST, use it with the key.
+                print(repr(ST), repr(KEY))
                 ssps.append(
                     KerberosSSP(
                         UPN=UPN,

scapy/layers/windows/erref.py

@@ -0,0 +1,76 @@
+# SPDX-License-Identifier: GPL-2.0-only
+# This file is part of Scapy
+# See https://scapy.net/ for more information
+# Copyright (C) Gabriel Potter
+
+"""
+[MS-ERREF] error codes
+"""
+
+# SMB2 sect 3.3.5.15 + [MS-ERREF]
+STATUS_ERREF = {
+    0x00000000: "STATUS_SUCCESS",
+    0x00000002: "ERROR_FILE_NOT_FOUND",
+    0x00000003: "ERROR_PATH_NOT_FOUND",
+    0x00000005: "ERROR_ACCESS_DENIED",
+    0x00000006: "ERROR_INVALID_HANDLE",
+    0x00000011: "ERROR_NOT_SAME_DEVICE",
+    0x00000013: "ERROR_WRITE_PROTECT",
+    0x00000057: "ERROR_INVALID_PARAMETER",
+    0x0000007A: "ERROR_INSUFFICIENT_BUFFER",
+    0x0000007B: "ERROR_INVALID_NAME",
+    0x000000A1: "ERROR_BAD_PATHNAME",
+    0x000000B7: "ERROR_ALREADY_EXISTS",
+    0x000000EA: "ERROR_MORE_DATA",
+    0x00000103: "STATUS_PENDING",
+    0x0000010B: "STATUS_NOTIFY_CLEANUP",
+    0x0000010C: "STATUS_NOTIFY_ENUM_DIR",
+    0x000003E6: "ERROR_NOACCESS",
+    0x00000532: "ERROR_PASSWORD_EXPIRED",
+    0x00000533: "ERROR_ACCOUNT_DISABLED",
+    0x000006F7: "ERROR_SUBKEY_NOT_FOUND",
+    0x000006FE: "ERROR_TRUST_FAILURE",
+    0x80000005: "STATUS_BUFFER_OVERFLOW",
+    0x80000006: "STATUS_NO_MORE_FILES",
+    0x8000002D: "STATUS_STOPPED_ON_SYMLINK",
+    0x80070005: "E_ACCESSDENIED",
+    0x8007000E: "E_OUTOFMEMORY",
+    0x80090308: "SEC_E_INVALID_TOKEN",
+    0x8009030C: "SEC_E_LOGON_DENIED",
+    0x8009030F: "SEC_E_MESSAGE_ALTERED",
+    0x80090310: "SEC_E_OUT_OF_SEQUENCE",
+    0x80090346: "SEC_E_BAD_BINDINGS",
+    0x80090351: "SEC_E_SMARTCARD_CERT_REVOKED",
+    0xC0000003: "STATUS_INVALID_INFO_CLASS",
+    0xC0000004: "STATUS_INFO_LENGTH_MISMATCH",
+    0xC000000D: "STATUS_INVALID_PARAMETER",
+    0xC000000F: "STATUS_NO_SUCH_FILE",
+    0xC0000016: "STATUS_MORE_PROCESSING_REQUIRED",
+    0xC0000022: "STATUS_ACCESS_DENIED",
+    0xC0000033: "STATUS_OBJECT_NAME_INVALID",
+    0xC0000034: "STATUS_OBJECT_NAME_NOT_FOUND",
+    0xC0000043: "STATUS_SHARING_VIOLATION",
+    0xC0000061: "STATUS_PRIVILEGE_NOT_HELD",
+    0xC0000064: "STATUS_NO_SUCH_USER",
+    0xC000006D: "STATUS_LOGON_FAILURE",
+    0xC000006E: "STATUS_ACCOUNT_RESTRICTION",
+    0xC0000070: "STATUS_INVALID_WORKSTATION",
+    0xC0000071: "STATUS_PASSWORD_EXPIRED",
+    0xC0000072: "STATUS_ACCOUNT_DISABLED",
+    0xC000009A: "STATUS_INSUFFICIENT_RESOURCES",
+    0xC00000BA: "STATUS_FILE_IS_A_DIRECTORY",
+    0xC00000BB: "STATUS_NOT_SUPPORTED",
+    0xC00000C9: "STATUS_NETWORK_NAME_DELETED",
+    0xC00000CC: "STATUS_BAD_NETWORK_NAME",
+    0xC0000120: "STATUS_CANCELLED",
+    0xC0000122: "STATUS_INVALID_COMPUTER_NAME",
+    0xC0000128: "STATUS_FILE_CLOSED",  # backup error for older Win versions
+    0xC000015B: "STATUS_LOGON_TYPE_NOT_GRANTED",
+    0xC000018B: "STATUS_NO_TRUST_SAM_ACCOUNT",
+    0xC000019C: "STATUS_FS_DRIVER_REQUIRED",
+    0xC0000203: "STATUS_USER_SESSION_DELETED",
+    0xC000020C: "STATUS_CONNECTION_DISCONNECTED",
+    0xC0000225: "STATUS_NOT_FOUND",
+    0xC0000257: "STATUS_PATH_NOT_COVERED",
+    0xC000035C: "STATUS_NETWORK_SESSION_EXPIRED",
+}