un33k / impacket

Automatically exported from code.google.com/p/impacket
Other
8 stars 3 forks source link

MSRPCHeaders fail to be created with no data #15

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Was getting an exception in MSRPCHeader creation:

error: ('unpack requires a string argument of length 1', "When unpacking field 
'ver_major | B | ''[:1]'")

Looks like the structure was being initialized before the test for no data was 
performed. Flipping it around seemed to make it happy. (Not 100% sure this is 
the right solution as I'm just starting to get familiar w/ the codebase)

Index: impacket/dcerpc/dcerpc.py
===================================================================
--- impacket/dcerpc/dcerpc.py   (revision 714)
+++ impacket/dcerpc/dcerpc.py   (working copy)
@@ -270,8 +270,9 @@
     )

     def __init__(self, data = None, alignment = 0):
-        Structure.__init__(self,data, alignment)
-        if data is None:
+        if data:
+            Structure.__init__(self,data, alignment)
+        else:
             self['ver_major'] = 5
             self['ver_minor'] = 0
             self['flags'] = MSRPC_FIRSTFRAG | MSRPC_LASTFRAG 

Original issue reported on code.google.com by bryanbu...@gmail.com on 10 Sep 2012 at 6:15

GoogleCodeExporter commented 9 years ago
uhmm.. what was the context where you used it?...

Seems to be working for me:

>>> from impacket.dcerpc import dcerpc
>>> hh = dcerpc.MSRPCHeader()
>>> hh
<impacket.dcerpc.dcerpc.MSRPCHeader instance at 0x7fc0a8371440>
>>> hh.dump()

MSRPCHeader
ver_major: {5}
ver_minor: {0}
pduData: {''}
auth_data: {''}
flags: {3}
type: {0}
auth_len: {0}
>>> str(hh)
'\x05\x00\x00\x03\x10\x00\x00\x00\x10\x00\x00\x00\x01\x00\x00\x00'

Remember that 'no data' should be data = None.. not data = ''

bto

Original comment by bet...@gmail.com on 10 Sep 2012 at 6:25

GoogleCodeExporter commented 9 years ago
This happened when connecting with my windows 7 host. Data was indeed '' not 
None. Not sure how that happened exactly..

Original comment by bryanbu...@gmail.com on 10 Sep 2012 at 6:58

GoogleCodeExporter commented 9 years ago
So the scenario is your Windows 7 connecting to the smbserver and asking for 
shares right?

If you have the traceback for the exception that'd be great.., plus wireshark 
dump (if possible)..

It's kind of weird.. that never happened to me.. and I usually connect against 
the smbserver from Windows 7 machines..

Traceback might give some clues...

In the meantime try this patch (just to test):
  Structure.__init__(self,data, alignment)
  if data is None or data is '':

But we should track the origin of why there's a cast to that structure with '' 
data.

thanks bryan..

Original comment by bet...@gmail.com on 10 Sep 2012 at 7:17

GoogleCodeExporter commented 9 years ago
The comments in simple_server suggest that you need to run srvsvc for windows 7 
to connect, but I have found the opposite, that my windows 7 box works better 
without srvsvc bound.

I'll try to get to the bottom of that data=='' issue.

Original comment by bryanbu...@gmail.com on 10 Sep 2012 at 8:18

GoogleCodeExporter commented 9 years ago
Bryan:

I'm closing this one..as we saw.. you need to pass Data = None to the 
dcerpc.MSRPCHeader() constructor to work as expected.. otherwise it will think 
there's data and will try to parse it.

Original comment by bet...@gmail.com on 10 Sep 2012 at 11:07