Dre4m Shell
Server IP : 85.214.239.14  /  Your IP : 3.22.41.80
Web Server : Apache/2.4.62 (Debian)
System : Linux h2886529.stratoserver.net 4.9.0 #1 SMP Tue Jan 9 19:45:01 MSK 2024 x86_64
User : www-data ( 33)
PHP Version : 7.4.18
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,
MySQL : OFF  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /proc/2/task/2/root/proc/3/root/proc/self/root/proc/2/cwd/proc/3/root/bin/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ HOME SHELL ]     

Current File : /proc/2/task/2/root/proc/3/root/proc/self/root/proc/2/cwd/proc/3/root/bin/smbinfo
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# smbinfo is a cmdline tool to query SMB-specific file and fs
# information on a Linux SMB mount (cifs.ko).
#
# Copyright (C) 2019 Aurelien Aptel <aaptel@suse.com>
# Copyright (C) 2019 Ronnie Sahlberg <lsahlberg@redhat.com>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA

import os
import re
import argparse
import fcntl
import struct
import stat
import datetime
import calendar

VERBOSE = False

# ioctl ctl codes
CIFS_QUERY_INFO          = 0xc018cf07
CIFS_ENUMERATE_SNAPSHOTS = 0x800ccf06
CIFS_DUMP_KEY            = 0xc03acf08
CIFS_DUMP_FULL_KEY       = 0xc011cf0a

# large enough input buffer length
INPUT_BUFFER_LENGTH = 16384

# length of a @GMT- token in bytes
GMT_TOKEN_LEN_IN_BYTES = 24 * 2

# GMT format string
GMT_FORMAT = "@GMT-%Y.%m.%d-%H.%M.%S"

# cifs query flags
PASSTHRU_QUERY_INFO = 0x00000000
PASSTHRU_FSCTL      = 0x00000001

DIR_ACCESS_FLAGS = [
    (0x00000001, "LIST_DIRECTORY"),
    (0x00000002, "ADD_FILE"),
    (0x00000004, "ADD_SUBDIRECTORY"),
    (0x00000008, "READ_EA"),
    (0x00000010, "WRITE_EA"),
    (0x00000020, "TRAVERSE"),
    (0x00000040, "DELETE_CHILD"),
    (0x00000080, "READ_ATTRIBUTES"),
    (0x00000100, "WRITE_ATTRIBUTES"),
    (0x00010000, "DELETE"),
    (0x00020000, "READ_CONTROL"),
    (0x00040000, "WRITE_DAC"),
    (0x00080000, "WRITE_OWNER"),
    (0x00100000, "SYNCHRONIZER"),
    (0x01000000, "ACCESS_SYSTEM_SECURITY"),
    (0x02000000, "MAXIMUM_ALLOWED"),
    (0x10000000, "GENERIC_ALL"),
    (0x20000000, "GENERIC_EXECUTE"),
    (0x40000000, "GENERIC_WRITE"),
    (0x80000000, "GENERIC_READ"),
]

FILE_ACCESS_FLAGS = [
    (0x00000001, "READ_DATA"),
    (0x00000002, "WRITE_DATA"),
    (0x00000004, "APPEND_DATA"),
    (0x00000008, "READ_EA"),
    (0x00000010, "WRITE_EA"),
    (0x00000020, "EXECUTE"),
    (0x00000040, "DELETE_CHILD"),
    (0x00000080, "READ_ATTRIBUTES"),
    (0x00000100, "WRITE_ATTRIBUTES"),
    (0x00010000, "DELETE"),
    (0x00020000, "READ_CONTROL"),
    (0x00040000, "WRITE_DAC"),
    (0x00080000, "WRITE_OWNER"),
    (0x00100000, "SYNCHRONIZER"),
    (0x01000000, "ACCESS_SYSTEM_SECURITY"),
    (0x02000000, "MAXIMUM_ALLOWED"),
    (0x10000000, "GENERIC_ALL"),
    (0x20000000, "GENERIC_EXECUTE"),
    (0x40000000, "GENERIC_WRITE"),
    (0x80000000, "GENERIC_READ"),
]

FILE_ATTR_FLAGS = [
    (0x00000001, "READ_ONLY"),
    (0x00000002, "HIDDEN"),
    (0x00000004, "SYSTEM"),
    (0x00000010, "DIRECTORY"),
    (0x00000020, "ARCHIVE"),
    (0x00000080, "NORMAL"),
    (0x00000100, "TEMPORARY"),
    (0x00000200, "SPARSE_FILE"),
    (0x00000400, "REPARSE_POINT"),
    (0x00000800, "COMPRESSED"),
    (0x00001000, "OFFLINE"),
    (0x00002000, "NOT_CONTENT_INDEXED"),
    (0x00004000, "ENCRYPTED"),
    (0x00008000, "INTEGRITY_STREAM"),
    (0x00020000, "NO_SCRUB_DATA"),
]

FILE_MODE_FLAGS = [
    (0x00000002, "WRITE_THROUGH"),
    (0x00000004, "SEQUENTIAL_ONLY"),
    (0x00000008, "NO_INTERMEDIATE_BUFFERING"),
    (0x00000010, "SYNCHRONOUS_IO_ALERT"),
    (0x00000020, "SYNCHRONOUS_IO_NONALERT"),
    (0x00001000, "DELETE_ON_CLOSE"),
]

ALIGN_TYPES = [
    (0, "BYTE_ALIGNMENT"),
    (1, "WORD_ALIGNMENT"),
    (3, "LONG_ALIGNMENT"),
    (7, "QUAD_ALIGNMENT"),
    (15, "OCTA_ALIGNMENT"),
    (31, "32_bit_ALIGNMENT"),
    (63, "64_bit_ALIGNMENT"),
    (127, "128_bit_ALIGNMENT"),
    (255, "254_bit_ALIGNMENT"),
    (511, "512_bit_ALIGNMENT"),
]

COMPRESSION_TYPES = [
    (0x0000, "NONE"),
    (0x0002, "LZNT1"),
]

CONTROL_FLAGS = [
    (0x8000, "SR"),
    (0x4000, "RM"),
    (0x2000, "PS"),
    (0x1000, "PD"),
    (0x0800, "SI"),
    (0x0400, "DI"),
    (0x0200, "SC"),
    (0x0100, "DC"),
    (0x0080, "DT"),
    (0x0040, "SS"),
    (0x0020, "SD"),
    (0x0010, "SP"),
    (0x0008, "DD"),
    (0x0004, "DP"),
    (0x0002, "GD"),
    (0x0001, "OD"),
]

ACE_TYPES = [
    (0x00, "ALLOWED"),
    (0x01, "DENIED"),
    (0x02, "AUDIT"),
    (0x03, "ALARM"),
    (0x04, "ALLOWED_COMPOUND"),
    (0x05, "ALLOWED_OBJECT"),
    (0x06, "DENIED_OBJECT"),
    (0x07, "AUDIT_OBJECT"),
    (0x08, "ALARM_OBJECT"),
    (0x09, "ALLOWED_CALLBACK"),
    (0x0a, "DENIED_CALLBACK"),
    (0x0b, "ALLOWED_CALLBACK_OBJECT"),
    (0x0c, "DENIED_CALLBACK_OBJECT"),
    (0x0d, "AUDIT_CALLBACK"),
    (0x0e, "ALARM_CALLBACK"),
    (0x0f, "AUDIT_CALLBACK_OBJECT"),
    (0x10, "ALARM_CALLBACK_OBJECT"),
    (0x11, "MANDATORY_LABEL"),
    (0x12, "RESOURCE_ATTRIBUTE"),
    (0x13, "SCOPED_POLICY_ID"),
]

ACE_FLAGS = [
    (0x80, "FAILED_ACCESS"),
    (0x40, "SUCCESSFUL_ACCESS"),
    (0x10, "INHERITED"),
    (0x08, "INHERIT_ONLY"),
    (0x04, "NO_PROPAGATE_INHERIT"),
    (0x02, "CONTAINER_INHERIT"),
    (0x01, "OBJECT_INHERIT"),
]

CIPHER_TYPES = [
    (0x00, "AES-128-CCM"),
    (0x01, "AES-128-CCM"),
    (0x02, "AES-128-GCM"),
    (0x03, "AES-256-CCM"),
    (0x04, "AES-256-GCM"),
]

def main():
    #
    # Global options and arguments
    #

    ap = argparse.ArgumentParser(description="Display SMB-specific file information using cifs IOCTL")
    ap.add_argument("-V", "--verbose", action="store_true", help="verbose output")
    subp = ap.add_subparsers(help="sub-commands help")
    subp.required = True
    subp.dest = 'subcommand'

    #
    # To add a new sub-command xxx, add a subparser xxx complete with
    # help, options and/or arguments and implement cmd_xxx()
    #

    sap = subp.add_parser("fileaccessinfo", help="Prints FileAccessInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_fileaccessinfo)

    sap = subp.add_parser("filealigninfo", help="Prints FileAlignInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filealigninfo)

    sap = subp.add_parser("fileallinfo", help="Prints FileAllInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_fileallinfo)

    sap = subp.add_parser("filebasicinfo", help="Prints FileBasicInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filebasicinfo)

    sap = subp.add_parser("fileeainfo", help="Prints FileEAInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_fileeainfo)

    sap = subp.add_parser("filefsfullsizeinfo", help="Prints FileFsFullSizeInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filefsfullsizeinfo)

    sap = subp.add_parser("fileinternalinfo", help="Prints FileInternalInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_fileinternalinfo)

    sap = subp.add_parser("filemodeinfo", help="Prints FileModeInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filemodeinfo)

    sap = subp.add_parser("filepositioninfo", help="Prints FilePositionInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filepositioninfo)

    sap = subp.add_parser("filestandardinfo", help="Prints FileStandardInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filestandardinfo)

    sap = subp.add_parser("filestreaminfo", help="Prints FileStreamInfo for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_filestreaminfo)

    sap = subp.add_parser("fsctl-getobjid", help="Prints the objectid of the file and GUID of the underlying volume.")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_fsctl_getobjid)

    sap = subp.add_parser("getcompression", help="Prints the compression setting for the file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_getcompression)

    sap = subp.add_parser("setcompression", help="Sets the compression level for the file")
    sap.add_argument("type", choices=['no','default','lznt1'])
    sap.add_argument("file")
    sap.set_defaults(func=cmd_setcompression)

    sap = subp.add_parser("list-snapshots", help="List the previous versions of the volume that backs this file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_list_snapshots)

    sap = subp.add_parser("quota", help="Prints the quota for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_quota)

    sap = subp.add_parser("secdesc", help="Prints the security descriptor for a cifs file")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_secdesc)

    sap = subp.add_parser("keys", help="Prints the decryption information needed to view encrypted network traces")
    sap.add_argument("file")
    sap.set_defaults(func=cmd_keys)

    # parse arguments
    args = ap.parse_args()

    # act on any global options
    if args.verbose:
        global VERBOSE
        VERBOSE = True

    # call subcommand function
    args.func(args)

class QueryInfoStruct:
    def __init__(self,
                 info_type=0, file_info_class=0, additional_information=0,
                 flags=0, input_buffer_length=0, output_buffer_length=0):
        self.info_type = info_type
        self.file_info_class = file_info_class
        self.additional_information = additional_information
        self.flags = flags
        self.input_buffer_length = input_buffer_length
        self.output_buffer_length = output_buffer_length
        buf_size = max(self.input_buffer_length, self.output_buffer_length)
        self.input_buffer = bytearray(buf_size)

    def pack_input(self, fmt, offset, *vals):
        struct.pack_into(fmt, self.input_buffer, offset, *vals)

    def ioctl(self, fd, out_fmt=None):
        buf = bytearray()
        buf.extend(struct.pack("IIIIII",
                               self.info_type,
                               self.file_info_class,
                               self.additional_information,
                               self.flags,
                               self.input_buffer_length,
                               self.output_buffer_length))
        in_len = len(buf)
        buf.extend(self.input_buffer)
        fcntl.ioctl(fd, CIFS_QUERY_INFO, buf, True)
        if out_fmt:
            return struct.unpack_from(out_fmt, buf, in_len)
        else:
            return buf[in_len:]

def flags_to_str(flags, bitlist, verbose=None):
    if verbose is None:
        verbose = VERBOSE

    if not verbose:
        return "0x%08x"%flags

    out = []
    for bit, name in bitlist:
        if flags & bit:
            out.append(name)

    return "0x%08x (%s)"%(flags, ",".join(out))

def type_to_str(typ, typelist, verbose=None):
    if verbose is None:
        verbose = VERBOSE

    if not verbose:
        return "0x%08x"%typ

    s = "Unknown"
    for val, name in typelist:
        if typ == val:
            s = name

    return "0x%08x (%s)"%(typ, s)

def cmd_fileaccessinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=8, input_buffer_length=4)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        info = os.fstat(fd)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_fileaccessinfo(buf, info)

def print_fileaccessinfo(buf, info):
    flags = struct.unpack_from('<I', buf, 0)[0]
    if stat.S_ISDIR(info.st_mode):
        print("Directory access flags:", flags_to_str(flags, DIR_ACCESS_FLAGS))
    else:
        print("File/Printer access flags:", flags_to_str(flags, FILE_ACCESS_FLAGS))

def cmd_filealigninfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=17, input_buffer_length=4)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filealigninfo(buf)

def print_filealigninfo(buf):
    mask = struct.unpack_from('<I', buf, 0)[0]
    print("File alignment: %s"%type_to_str(mask, ALIGN_TYPES))

def cmd_fileallinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=18, input_buffer_length=INPUT_BUFFER_LENGTH)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        info = os.fstat(fd)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filebasicinfo(buf)
    print_filestandardinfo(buf[40:])
    print_fileinternalinfo(buf[64:])
    print_fileeainfo(buf[72:])
    print_fileaccessinfo(buf[76:], info)
    print_filepositioninfo(buf[80:])
    print_filemodeinfo(buf[88:])
    print_filealigninfo(buf[92:])

def win_to_datetime(smb2_time):
    usec = (smb2_time / 10) % 1000000
    sec  = (smb2_time - 116444736000000000) // 10000000
    return datetime.datetime.fromtimestamp(sec + usec/10000000)

def cmd_filebasicinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=4, input_buffer_length=40)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filebasicinfo(buf)

def print_filebasicinfo(buf):
    ctime, atime, wtime, mtime, attrs = struct.unpack_from('<QQQQI', buf, 0)
    print("Creation Time: %s"%win_to_datetime(ctime))
    print("Last Access Time: %s"%win_to_datetime(atime))
    print("Last Write Time: %s"%win_to_datetime(wtime))
    print("Last Change Time: %s"%win_to_datetime(mtime))
    print("File Attributes: %s"%flags_to_str(attrs, FILE_ATTR_FLAGS))

def cmd_fileeainfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=7, input_buffer_length=4)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_fileeainfo(buf)

def print_fileeainfo(buf):
    size = struct.unpack_from('<I', buf, 0)[0]
    print("EA Size: %d"%size)

def cmd_filefsfullsizeinfo(args):
    qi = QueryInfoStruct(info_type=0x2, file_info_class=7, input_buffer_length=32)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        total, caller_avail, actual_avail, sec_per_unit, byte_per_sec = qi.ioctl(fd, '<QQQII')
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print("Total Allocation Units: %d"%total)
    print("Caller Available Allocation Units: %d"%caller_avail)
    print("Actual Available Allocation Units: %d"%actual_avail)
    print("Sectors Per Allocation Unit: %d"%sec_per_unit)
    print("Bytes Per Sector: %d"%byte_per_sec)

def cmd_fileinternalinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=6, input_buffer_length=8)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_fileinternalinfo(buf)

def print_fileinternalinfo(buf):
    index = struct.unpack_from('<Q', buf, 0)[0]
    print("Index Number: %d"%index)


def cmd_filemodeinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=16, input_buffer_length=4)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filemodeinfo(buf)

def print_filemodeinfo(buf):
        mode = struct.unpack_from('<I', buf, 0)[0]
        print("Mode: %s"%flags_to_str(mode, FILE_MODE_FLAGS))

def cmd_filepositioninfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=14, input_buffer_length=8)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filepositioninfo(buf)

def print_filepositioninfo(buf):
    offset = struct.unpack_from('<Q', buf, 0)[0]
    print("Current Byte Offset: %d"%offset)

def cmd_filestandardinfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=5, input_buffer_length=24)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filestandardinfo(buf)

def print_filestandardinfo(buf):
    nalloc, eof, nlink, del_pending, del_dir = struct.unpack_from('<QQIBB', buf, 0)
    print("Allocation Size: %d"%nalloc)
    print("End Of File: %d"%eof)
    print("Number of Links: %d"%nlink)
    print("Delete Pending: %d"%del_pending)
    print("Delete Directory: %d"%del_dir)

def guid_to_str(buf):
    return "%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x"%struct.unpack_from('<IHHBBBBBBBB', buf, 0)

def cmd_fsctl_getobjid(args):
    qi = QueryInfoStruct(info_type=0x9009c, file_info_class=5, flags=PASSTHRU_FSCTL, input_buffer_length=64)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print("Object-ID: %s"%guid_to_str(buf))
    print("Birth-Volume-ID: %s"%guid_to_str(buf[16:]))
    print("Birth-Object-ID: %s"%guid_to_str(buf[32:]))
    print("Domain-ID: %s"%guid_to_str(buf[48:]))

def cmd_getcompression(args):
    qi = QueryInfoStruct(info_type=0x9003c, flags=PASSTHRU_FSCTL, input_buffer_length=2)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        ctype = qi.ioctl(fd, '<H')[0]
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    ctype_name = "UNKNOWN"
    for val, name in COMPRESSION_TYPES:
        if ctype == val:
            ctype_name = name
            break
    print("Compression: %d (%s)"%(ctype, ctype_name))

def cmd_setcompression(args):
    qi = QueryInfoStruct(info_type=0x9c040, flags=PASSTHRU_FSCTL, output_buffer_length=2)
    type_map = {'no': 0, 'default': 1, 'lznt1': 2}
    qi.pack_input('<H', 0, type_map[args.type])
    try:
        fd = os.open(args.file, os.O_RDONLY)
        qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

class SnapshotArrayStruct:
    def __init__(self,
                 nb_snapshots=0,
                 nb_snapshots_returned=0,
                 snapshot_array_size=12):
        self.nb_snapshots = nb_snapshots
        self.nb_snapshots_returned = nb_snapshots_returned
        self.snapshot_array_size = snapshot_array_size
        self.snapshot_array = []

    def ioctl(self, fd, op):
        buf = bytearray()
        buf.extend(struct.pack("III",
                               self.nb_snapshots,
                               self.nb_snapshots_returned,
                               self.snapshot_array_size))

        buf.extend(bytearray(16 + self.snapshot_array_size))
        fcntl.ioctl(fd, op, buf, True)

        out = SnapshotArrayStruct()
        out.nb_snapshots, out.nb_snapshots_returned, out.snapshot_array_size = struct.unpack_from('III', buf, 0)
        data = buf[12:]

        # '@\x00G\x00M\x00T\x00-\x002\x000\x001\x009\x00.\x000\x004\x00.\x000\x005\x00-\x002\x003\x00.\x001\x000\x00.\x005\x000\x00\x00\x00'
        index_start = 0
        while index_start < len(data):
            gmt_start = data.find(b'@', index_start)
            if gmt_start == -1 or len(data) - gmt_start < GMT_TOKEN_LEN_IN_BYTES:
                break
            gmt = data[gmt_start:gmt_start + GMT_TOKEN_LEN_IN_BYTES]
            index_start = gmt_start + GMT_TOKEN_LEN_IN_BYTES
            out.snapshot_array.append(datetime.datetime.strptime(gmt.decode('utf-16'), GMT_FORMAT))

        return out

def datetime_to_smb(dt):
    ntfs_time_offset = (369*365 + 89) * 24 * 3600 * 10000000
    return calendar.timegm(dt.timetuple()) * 10000000 + ntfs_time_offset

def cmd_list_snapshots(args):
    sa1req = SnapshotArrayStruct()
    sa1res = None
    sa2req = None
    sa2res = None

    try:
        fd = os.open(args.file, os.O_RDONLY)
        sa1res = sa1req.ioctl(fd, CIFS_ENUMERATE_SNAPSHOTS)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    if sa1res.nb_snapshots == 0:
        return

    sa2req = SnapshotArrayStruct(nb_snapshots=sa1res.nb_snapshots, snapshot_array_size=sa1res.snapshot_array_size)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        sa2res = sa2req.ioctl(fd, CIFS_ENUMERATE_SNAPSHOTS)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False


    print("Number of snapshots: %d Number of snapshots returned: %d"%(sa2res.nb_snapshots, sa2res.nb_snapshots_returned))
    print("Snapshot list in GMT (Coordinated UTC Time) and SMB format (100 nanosecond units needed for snapshot mounts):")
    for i, d in enumerate(sa2res.snapshot_array):
        print("%d) GMT:%s\n   SMB3:%d"%(i + 1, d.strftime(GMT_FORMAT), datetime_to_smb(d)))

class SID:
    def __init__(self, buf, off=0):
        rev, sublen = struct.unpack_from('BB', buf, off+0)
        off += 2
        auth = 0
        subauth = []
        for i in range(6):
            auth = (auth << 8)|buf[off]
            off += 1
        for i in range(sublen):
            subauth.append(struct.unpack_from('<I', buf, off))
            off += 4

        self.rev = rev
        self.auth = auth
        self.subauth = subauth

    def __str__(self):
        auth = ("0x%x" if self.auth >= 2**32 else "%d")%self.auth
        return  "S-%d-%s-%s"%(self.rev, auth, '-'.join(["%d"%x for x in self.subauth]))

class ACE:
    def __init__(self, buf, off=0, is_dir=False):
        self.typ, self.flags, self.size = struct.unpack_from('<BBH', buf, off)
        self.is_dir = is_dir
        if self.typ not in [0,1,2]:
            self.buf = buf[4:]
        else:
            self.mask = struct.unpack_from('<I', buf, off+4)[0]
            self.sid = SID(buf, off+8)

    def __str__(self):
        s = []
        s.append("Type: %s" % type_to_str(self.typ, ACE_TYPES))
        s.append("Flags: %s" % flags_to_str(self.flags, ACE_FLAGS))
        if self.typ not in [0,1,2]:
            s.append("<%s>"%(" ".join(["%02x"%x for x in self.buf])))
        else:
            s.append("Mask: %s"%flags_to_str(self.mask, (DIR_ACCESS_FLAGS if self.is_dir else FILE_ACCESS_FLAGS)))
            s.append("SID: %s"%self.sid)
        return ", ".join(s)

def cmd_quota(args):
    qi = QueryInfoStruct(info_type=0x04, input_buffer_length=INPUT_BUFFER_LENGTH)
    qi.pack_input('BBI', 0,
                  0, # return single
                  1, # restart scan
                  0, # sid list length
                  )
    qi.output_buffer_length = 16
    buf = None

    try:
        fd = os.open(args.file, os.O_RDONLY)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    off = 0
    while off < len(buf):
        next_off = struct.unpack_from('<I', buf, off+ 0)[0]
        sid_len  = struct.unpack_from('<I', buf, off+ 4)[0]
        atime    = struct.unpack_from('<Q', buf, off+ 8)[0]
        qused    = struct.unpack_from('<Q', buf, off+16)[0]
        qthresh  = struct.unpack_from('<Q', buf, off+24)[0]
        qlimit   = struct.unpack_from('<Q', buf, off+32)[0]
        sid = SID(buf, off+40)

        print("SID Length: %d"%sid_len)
        print("Change Time: %s"%win_to_datetime(atime))
        print("Quota Used: %d"%qused)
        print("Quota Threshold:", ("NO THRESHOLD" if qthresh == 0xffffffffffffffff else "%d"%qthresh))
        print("Quota Limit:", ("NO LIMIT" if qlimit == 0xffffffffffffffff else "%d"%qlimit))
        print("SID: %s"%sid)

        if next_off == 0:
            break
        off += next_off

def cmd_secdesc(args):
    qi = QueryInfoStruct(info_type=0x03,
                         additional_information=0x7, # owner, group, dacl
                         input_buffer_length=INPUT_BUFFER_LENGTH)
    buf = None
    info = None

    try:
        fd = os.open(args.file, os.O_RDONLY)
        info = os.fstat(fd)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    is_dir = stat.S_ISDIR(info.st_mode)
    rev, ctrl, off_owner, off_group, off_dacl = struct.unpack_from('<BxHIIxxxxI', buf, 0)

    print("Revision: %d"%rev)
    print("Control: %s"%flags_to_str(ctrl, CONTROL_FLAGS))
    if off_owner:
        print("Owner: %s"%SID(buf, off_owner))
    if off_group:
        print("Group: %s"%SID(buf, off_group))
    if off_dacl:
        print("DACL:")
        rev, count = struct.unpack_from('<BxxxH', buf, off_dacl)
        off_dacl += 8
        for i in range(count):
              ace = ACE(buf, off_dacl, is_dir=is_dir)
              print(ace)
              off_dacl += ace.size

def cmd_filestreaminfo(args):
    qi = QueryInfoStruct(info_type=0x1, file_info_class=22, input_buffer_length=INPUT_BUFFER_LENGTH)
    try:
        fd = os.open(args.file, os.O_RDONLY)
        info = os.fstat(fd)
        buf = qi.ioctl(fd)
    except Exception as e:
        print("syscall failed: %s"%e)
        return False

    print_filestreaminfo(buf)

def print_filestreaminfo(buf):
    offset = 0

    while offset < len(buf):

        next_offset = struct.unpack_from('<I', buf, offset + 0)[0]
        name_length = struct.unpack_from('<I', buf, offset + 4)[0]
        if (name_length > 0):
            stream_size = struct.unpack_from('<q', buf, offset + 8)[0]
            stream_alloc_size = struct.unpack_from('<q', buf, offset + 16)[0]
            stream_utf16le_name = struct.unpack_from('< %ss'% name_length, buf, offset + 24)[0]
            stream_name = stream_utf16le_name.decode("utf-16le")
            if (offset > 0):
                print()
            if (stream_name=="::$DATA"):
                print("Name: %s"% stream_name)
            else:
                print("Name: %s"% stream_name[stream_name.find(":") + 1 : stream_name.rfind(':$DATA')])
            print("Size: %d bytes"% stream_size)
            print("Allocation size: %d bytes "% stream_alloc_size)

        if (next_offset == 0):
            break

        offset+=next_offset

class KeyDebugInfoStruct:
    def __init__(self):
        self.suid = bytearray()
        self.cipher = 0
        self.session_key = bytearray()
        self.enc_key = bytearray()
        self.dec_key = bytearray()

    def ioctl(self, fd):
        buf = bytearray()
        buf.extend(struct.pack("= 8s H 16s 16s 16s", self.suid, self.cipher,
                               self.session_key, self.enc_key, self.dec_key))
        fcntl.ioctl(fd, CIFS_DUMP_KEY, buf, True)
        (self.suid, self.cipher, self.session_key,
         self.enc_key, self.dec_key) = struct.unpack_from('= 8s H 16s 16s 16s', buf, 0)

class FullKeyDebugInfoStruct:
    def __init__(self):
        # lets pick something large to be future proof
        # 17 + 3*32 would be strict minimum as of linux 5.13
        self.in_size = 1024
        self.suid = bytearray()
        self.cipher = 0
        self.session_key_len = 0
        self.server_in_key_len = 0
        self.server_out_key_len = 0

    def ioctl(self, fd):
        fmt = "= I 8s H B B B"
        size = struct.calcsize(fmt)
        buf = bytearray()
        buf.extend(struct.pack(fmt, self.in_size, self.suid, self.cipher,
                               self.session_key_len, self.server_in_key_len, self.server_out_key_len))
        buf.extend(bytearray(self.in_size-size))
        fcntl.ioctl(fd, CIFS_DUMP_FULL_KEY, buf, True)
        (self.in_size, self.suid, self.cipher,
         self.session_key_len, self.server_in_key_len,
         self.server_out_key_len) = struct.unpack_from(fmt, buf, 0)

        end = size
        self.session_key = buf[end:end+self.session_key_len]
        end += self.session_key_len
        self.server_in_key = buf[end:end+self.server_in_key_len]
        end += self.server_in_key_len
        self.server_out_key = buf[end:end+self.server_out_key_len]

def bytes_to_hex(buf):
    return " ".join(["%02x"%x for x in buf])

def cmd_keys(args):
    fd = os.open(args.file, os.O_RDONLY)
    kd = FullKeyDebugInfoStruct()

    try:
        # try new call first
        kd.ioctl(fd)
    except Exception as e:
        # new failed, try old call
        kd = KeyDebugInfoStruct()
        try:
            kd.ioctl(fd)
        except Exception as e:
            # both new and old call failed
            print("syscall failed: %s"%e)
            return False
        print("Session Id: %s"%bytes_to_hex(kd.suid))
        print("Cipher: %s"%type_to_str(kd.cipher, CIPHER_TYPES, verbose=True))
        print("Session Key: %s"%bytes_to_hex(kd.session_key))
        print("Encryption key: %s"%bytes_to_hex(kd.enc_key))
        print("Decryption key: %s"%bytes_to_hex(kd.dec_key))
    else:
        # no exception, new call succeeded
        print("Session Id: %s"%bytes_to_hex(kd.suid))
        print("Cipher: %s"%type_to_str(kd.cipher, CIPHER_TYPES, verbose=True))
        print("Session Key: %s"%bytes_to_hex(kd.session_key))
        print("ServerIn  Key: %s"%bytes_to_hex(kd.server_in_key))
        print("ServerOut key: %s"%bytes_to_hex(kd.server_out_key))

if __name__ == '__main__':
    main()

Anon7 - 2022
AnonSec Team