scapy icon indicating copy to clipboard operation
scapy copied to clipboard
verified publisher icon secdev

[MS-RPCE] next

Open gpotter2 opened this issue 3 years ago • 1 comments

Continue the work started by https://github.com/secdev/scapy/pull/3674:

  • Major NDR(64) work: pointer deferal, proper conformant handling in structures... dissection and build should now work in almost all cases. (I added barebone unit tests and will add more in a future PR: those fields aren't used anywhere in this PR)
  • Continue work on DCE/RPC
    • Sessions that resolve RPC interfaces / opnums live. I also added tweaked a bit TCPSession so that it can work on just a pcap capture with multiple flows.
    • Fix build
    • Cleanups
    • Some more default DCE packets (NAK, More security providers...)
  • slight change to PadField: padlen() now has a pkt argument. This was very, very rarely overriden in Scapy
  • A few SMB changes:
    • Splits on SMB server and clients
    • few other tweaks, more commands

I have pretty cool PoCs that uses this (servers, clients..) among some other (for now) unreleased code.

gpotter2 avatar Jul 11 '22 13:07 gpotter2

Codecov Report

Merging #3683 (c6f1720) into master (5a527a9) will decrease coverage by 0.03%. The diff coverage is 54.67%.

@@            Coverage Diff             @@
##           master    #3683      +/-   ##
==========================================
- Coverage   86.11%   86.08%   -0.04%     
==========================================
  Files         296      298       +2     
  Lines       67235    67885     +650     
==========================================
+ Hits        57901    58438     +537     
- Misses       9334     9447     +113
Impacted Files Coverage Δ
scapy/config.py 80.70% <ø> (ø)
scapy/layers/http.py 77.29% <ø> (ø)
scapy/layers/kerberos.py 69.90% <ø> (ø)
scapy/layers/tls/session.py 87.87% <0.00%> (+0.13%) :arrow_up:
scapy/layers/smbserver.py 14.74% <14.74%> (ø)
scapy/layers/smbclient.py 22.94% <22.94%> (ø)
scapy/automaton.py 74.01% <25.00%> (-0.34%) :arrow_down:
scapy/layers/ntlm.py 43.23% <33.96%> (-1.54%) :arrow_down:
scapy/layers/dcerpc.py 76.98% <72.24%> (+7.07%) :arrow_up:
scapy/layers/smb2.py 78.78% <81.04%> (+0.31%) :arrow_up:
... and 25 more

codecov[bot] avatar Jul 11 '22 13:07 codecov[bot]

Self merging this 😛 I re-reviewed it

gpotter2 avatar Aug 17 '22 19:08 gpotter2