From 2a7d196cb750d5cc88703720b749bbc760ecf312 Mon Sep 17 00:00:00 2001
From: VakarisZ <vakarisz@yahoo.com>
Date: Fri, 25 Oct 2019 13:18:48 +0300
Subject: [PATCH] Smb fingerprinter fix

---
 monkey/infection_monkey/network/smbfinger.py | 105 ++++++++++---------
 1 file changed, 53 insertions(+), 52 deletions(-)

diff --git a/monkey/infection_monkey/network/smbfinger.py b/monkey/infection_monkey/network/smbfinger.py
index 1e765114c..8a267e9d1 100644
--- a/monkey/infection_monkey/network/smbfinger.py
+++ b/monkey/infection_monkey/network/smbfinger.py
@@ -12,7 +12,7 @@ SMB_SERVICE = 'tcp-445'
 LOG = logging.getLogger(__name__)
 
 
-class Packet(object):
+class Packet:
     fields = odict([
         ("data", ""),
     ])
@@ -25,78 +25,79 @@ class Packet(object):
             else:
                 self.fields[k] = v
 
-    def __str__(self):
-        return "".join(map(str, list(self.fields.values())))
+    def to_byte_string(self):
+        content_list = [(x.to_byte_string() if hasattr(x, "to_byte_string") else x) for x in self.fields.values()]
+        return b"".join(content_list)
 
 
 ##### SMB Packets #####
 class SMBHeader(Packet):
     fields = odict([
-        ("proto", "\xff\x53\x4d\x42"),
-        ("cmd", "\x72"),
-        ("errorcode", "\x00\x00\x00\x00"),
-        ("flag1", "\x00"),
-        ("flag2", "\x00\x00"),
-        ("pidhigh", "\x00\x00"),
-        ("signature", "\x00\x00\x00\x00\x00\x00\x00\x00"),
-        ("reserved", "\x00\x00"),
-        ("tid", "\x00\x00"),
-        ("pid", "\x00\x00"),
-        ("uid", "\x00\x00"),
-        ("mid", "\x00\x00"),
+        ("proto", b"\xff\x53\x4d\x42"),
+        ("cmd", b"\x72"),
+        ("errorcode", b"\x00\x00\x00\x00"),
+        ("flag1", b"\x00"),
+        ("flag2", b"\x00\x00"),
+        ("pidhigh", b"\x00\x00"),
+        ("signature", b"\x00\x00\x00\x00\x00\x00\x00\x00"),
+        ("reserved", b"\x00\x00"),
+        ("tid", b"\x00\x00"),
+        ("pid", b"\x00\x00"),
+        ("uid", b"\x00\x00"),
+        ("mid", b"\x00\x00"),
     ])
 
 
 class SMBNego(Packet):
     fields = odict([
-        ("wordcount", "\x00"),
-        ("bcc", "\x62\x00"),
+        ("wordcount", b"\x00"),
+        ("bcc", b"\x62\x00"),
         ("data", "")
     ])
 
     def calculate(self):
-        self.fields["bcc"] = struct.pack("<h", len(str(self.fields["data"])))
+        self.fields["bcc"] = struct.pack("<h", len(self.fields["data"].to_byte_string()))
 
 
 class SMBNegoFingerData(Packet):
     fields = odict([
-        ("separator1", "\x02"),
-        ("dialect1", "\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"),
-        ("separator2", "\x02"),
-        ("dialect2", "\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"),
-        ("separator3", "\x02"),
+        ("separator1", b"\x02"),
+        ("dialect1", b"\x50\x43\x20\x4e\x45\x54\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31\x2e\x30\x00"),
+        ("separator2", b"\x02"),
+        ("dialect2", b"\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00"),
+        ("separator3", b"\x02"),
         ("dialect3",
-         "\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
-        ("separator4", "\x02"),
-        ("dialect4", "\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00"),
-        ("separator5", "\x02"),
-        ("dialect5", "\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00"),
-        ("separator6", "\x02"),
-        ("dialect6", "\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"),
+         b"\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61\x00"),
+        ("separator4", b"\x02"),
+        ("dialect4", b"\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00"),
+        ("separator5", b"\x02"),
+        ("dialect5", b"\x4c\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00"),
+        ("separator6", b"\x02"),
+        ("dialect6", b"\x4e\x54\x20\x4c\x4d\x20\x30\x2e\x31\x32\x00"),
     ])
 
 
 class SMBSessionFingerData(Packet):
     fields = odict([
-        ("wordcount", "\x0c"),
-        ("AndXCommand", "\xff"),
-        ("reserved", "\x00"),
-        ("andxoffset", "\x00\x00"),
-        ("maxbuff", "\x04\x11"),
-        ("maxmpx", "\x32\x00"),
-        ("vcnum", "\x00\x00"),
-        ("sessionkey", "\x00\x00\x00\x00"),
-        ("securitybloblength", "\x4a\x00"),
-        ("reserved2", "\x00\x00\x00\x00"),
-        ("capabilities", "\xd4\x00\x00\xa0"),
+        ("wordcount", b"\x0c"),
+        ("AndXCommand", b"\xff"),
+        ("reserved", b"\x00"),
+        ("andxoffset", b"\x00\x00"),
+        ("maxbuff", b"\x04\x11"),
+        ("maxmpx", b"\x32\x00"),
+        ("vcnum", b"\x00\x00"),
+        ("sessionkey", b"\x00\x00\x00\x00"),
+        ("securitybloblength", b"\x4a\x00"),
+        ("reserved2", b"\x00\x00\x00\x00"),
+        ("capabilities", b"\xd4\x00\x00\xa0"),
         ("bcc1", ""),
         ("Data",
-         "\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
+         b"\x60\x48\x06\x06\x2b\x06\x01\x05\x05\x02\xa0\x3e\x30\x3c\xa0\x0e\x30\x0c\x06\x0a\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a\xa2\x2a\x04\x28\x4e\x54\x4c\x4d\x53\x53\x50\x00\x01\x00\x00\x00\x07\x82\x08\xa2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x05\x01\x28\x0a\x00\x00\x00\x0f\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x53\x00\x65\x00\x72\x00\x76\x00\x69\x00\x63\x00\x65\x00\x20\x00\x50\x00\x61\x00\x63\x00\x6b\x00\x20\x00\x33\x00\x20\x00\x32\x00\x36\x00\x30\x00\x30\x00\x00\x00\x57\x00\x69\x00\x6e\x00\x64\x00\x6f\x00\x77\x00\x73\x00\x20\x00\x32\x00\x30\x00\x30\x00\x32\x00\x20\x00\x35\x00\x2e\x00\x31\x00\x00\x00\x00\x00"),
 
     ])
 
     def calculate(self):
-        self.fields["bcc1"] = struct.pack("<i", len(str(self.fields["Data"])))[:2]
+        self.fields["bcc1"] = struct.pack("<i", len(self.fields["Data"]))[:2]
 
 
 class SMBFinger(HostFinger):
@@ -116,30 +117,30 @@ class SMBFinger(HostFinger):
 
             self.init_service(host.services, SMB_SERVICE, SMB_PORT)
 
-            h = SMBHeader(cmd="\x72", flag1="\x18", flag2="\x53\xc8")
+            h = SMBHeader(cmd=b"\x72", flag1=b"\x18", flag2=b"\x53\xc8")
             n = SMBNego(data=SMBNegoFingerData())
             n.calculate()
 
-            packet_ = str(h) + str(n)
-            buffer = struct.pack(">i", len(packet_)) + packet_.encode()
+            packet_ = h.to_byte_string() + n.to_byte_string()
+            buffer = struct.pack(">i", len(packet_)) + packet_
             s.send(buffer)
             data = s.recv(2048)
 
-            if data[8:10] == "\x72\x00":
-                header = SMBHeader(cmd="\x73", flag1="\x18", flag2="\x17\xc8", uid="\x00\x00")
+            if data[8:10] == b"\x72\x00":
+                header = SMBHeader(cmd=b"\x73", flag1=b"\x18", flag2=b"\x17\xc8", uid=b"\x00\x00")
                 body = SMBSessionFingerData()
                 body.calculate()
 
-                packet_ = str(header) + str(body)
-                buffer = struct.pack(">i", len(packet_)) + packet_.encode()
+                packet_ = header.to_byte_string() + body.to_byte_string()
+                buffer = struct.pack(">i", len(packet_)) + packet_
 
                 s.send(buffer)
                 data = s.recv(2048)
 
-            if data[8:10] == "\x73\x16":
+            if data[8:10] == b"\x73\x16":
                 length = struct.unpack('<H', data[43:45])[0]
                 os_version, service_client = tuple(
-                    [e.replace(b'\x00', b'') for e in data[47 + length:].split(b'\x00\x00\x00')[:2]])
+                    [e.replace(b'\x00', b'').decode() for e in data[47 + length:].split(b'\x00\x00\x00')[:2]])
 
                 if os_version.lower() != 'unix':
                     host.os['type'] = 'windows'