pySMB Windows File Share Buffer Overflow

0

Hi I have been stuck on an error in python using the pySMB module.

While making a script for myself I ran in to some trouble with trying to connect to a Network share. Here is the Python Code

 from smb.SMBConnection import SMBConnection

 server_name = 'Server'
 client_name = 'My Computer'
 s = SMBConnection('guest', '', client_name, server_name, use_ntlm_v2 = True)
 s.connect('192.168.1.35', 139)

 print s.listShares()

So what happens is if this script is ran from a Windows Computer it works fine with either Linux Servers or Windows Servers. The Error I get is when i run the script in linux trying to Connect to a Share to a Windows Server. Wireshark Capture

Here is the Error in Python

File "/media/HP v125w/programing/server_index.py", line 10, in list_shares
    return [shares.name for shares in connection.listShares() if not shares.isSpecial and not shares.name == 'print$']
  File "/usr/local/lib/python2.7/dist-packages/smb/SMBConnection.py", line 134, in listShares
    self._pollForNetBIOSPacket(timeout)
  File "/usr/local/lib/python2.7/dist-packages/smb/SMBConnection.py", line 477, in _pollForNetBIOSPacket
    self.feedData(data)
  File "/usr/local/lib/python2.7/dist-packages/nmb/base.py", line 48, in feedData
    self._processNMBSessionPacket(self.data_nmb)
  File "/usr/local/lib/python2.7/dist-packages/nmb/base.py", line 78, in _processNMBSessionPacket
    self.onNMBSessionMessage(packet.flags, packet.data)
  File "/usr/local/lib/python2.7/dist-packages/smb/base.py", line 136, in onNMBSessionMessage
    if self._updateState(self.smb_message):
  File "/usr/local/lib/python2.7/dist-packages/smb/base.py", line 265, in _updateState_SMB2
    req.callback(message, **req.kwargs)
  File "/usr/local/lib/python2.7/dist-packages/smb/base.py", line 475, in closeCB
    errback(OperationFailure(kwargs['error'], messages_history))
  File "/usr/local/lib/python2.7/dist-packages/smb/SMBConnection.py", line 128, in eb
    raise failure
smb.smb_structs.OperationFailure: Failed to list shares: Unable to retrieve shared device list
==================== SMB Message 0 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 3 
TID: 0 
Data: 40 bytes 
09000000480020005c005c004800590050004e004f0054004f00410044005c004900500043002400 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000003000000000000000000000003000000000000003f110000000000007d00004c050400000000000000000000000000000000000009000000480020005c005c004800590050004e004f0054004f00410044005c004900500043002400
==================== SMB Message 1 ====================
SMB Header:
-----------
Command: 0x03 (SMB2_COM_TREE_CONNECT) 
Status: 0x00000000 
Flags: 0x01 
PID: 4415 
MID: 3 
TID: 1 
Data: 16 bytes 
100002003000000000000000ff011f00 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000003000100010000000000000003000000000000003f110000010000007d00004c0504000000000000000000000000000000000000100002003000000000000000ff011f00
==================== SMB Message 2 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 4 
TID: 1 
Data: 68 bytes 
3900000002000000000000000000000000000000000000009f0112000000000007000000010000004000400078000c000000000000000000730072007600730076006300 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000005000000000000000000000004000000000000003f110000010000007d00004c05040000000000000000000000000000000000003900000002000000000000000000000000000000000000009f0112000000000007000000010000004000400078000c000000000000000000730072007600730076006300
==================== SMB Message 3 ====================
SMB Header:
-----------
Command: 0x05 (SMB2_COM_CREATE) 
Status: 0x00000000 
Flags: 0x01 
PID: 4415 
MID: 4 
TID: 1 
Data: 88 bytes 
5900000001000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000800000007600730001ac03001002000001000000ffffffff0000000000000000 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000005000100010000000000000004000000000000003f110000010000007d00004c05040000000000000000000000000000000000005900000001000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000800000007600730001ac03001002000001000000ffffffff0000000000000000
==================== SMB Message 4 ====================
SMB Header:
-----------
Command: 0x09 (SMB2_COM_WRITE) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 5 
TID: 1 
Data: 164 bytes 
3100700074000000000000000000000001ac03001002000001000000ffffffff0000000000000000000000000000000005000b03100000007400000002000000b810b810000000000200000000000100c84f324b7016d30112785a47bf6ee18803000000045d888aeb1cc9119fe808002b1048600200000001000100c84f324b7016d30112785a47bf6ee188030000002c1cb76c12984045030000000000000001000000 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000009000000000000000000000005000000000000003f110000010000007d00004c05040000000000000000000000000000000000003100700074000000000000000000000001ac03001002000001000000ffffffff0000000000000000000000000000000005000b03100000007400000002000000b810b810000000000200000000000100c84f324b7016d30112785a47bf6ee18803000000045d888aeb1cc9119fe808002b1048600200000001000100c84f324b7016d30112785a47bf6ee188030000002c1cb76c12984045030000000000000001000000
==================== SMB Message 5 ====================
SMB Header:
-----------
Command: 0x09 (SMB2_COM_WRITE) 
Status: 0x00000000 
Flags: 0x01 
PID: 4415 
MID: 5 
TID: 1 
Data: 16 bytes 
11000000740000000000000000000000 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000009000100010000000000000005000000000000003f110000010000007d00004c050400000000000000000000000000000000000011000000740000000000000000000000
==================== SMB Message 6 ====================
SMB Header:
-----------
Command: 0x08 (SMB2_COM_READ) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 6 
TID: 1 
Data: 49 bytes 
3100000000040000000000000000000001ac03001002000001000000ffffffff0000000000000000000000000000000000 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000008000000000000000000000006000000000000003f110000010000007d00004c05040000000000000000000000000000000000003100000000040000000000000000000001ac03001002000001000000ffffffff0000000000000000000000000000000000
==================== SMB Message 7 ====================
SMB Header:
-----------
Command: 0x08 (SMB2_COM_READ) 
Status: 0x00000000 
Flags: 0x01 
PID: 4415 
MID: 6 
TID: 1 
Data: 108 bytes 
110050005c000000000000000000000005000c03100000005c00000002000000b810b810580a01000d005c504950455c73727673766300f60200000000000000045d888aeb1cc9119fe808002b10486002000000030003000000000000000000000000000000000000000000 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000008000100010000000000000006000000000000003f110000010000007d00004c0504000000000000000000000000000000000000110050005c000000000000000000000005000c03100000005c00000002000000b810b810580a01000d005c504950455c73727673766300f60200000000000000045d888aeb1cc9119fe808002b10486002000000030003000000000000000000000000000000000000000000
==================== SMB Message 8 ====================
SMB Header:
-----------
Command: 0x0B (SMB2_COM_IOCTL) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 7 
TID: 1 
Data: 152 bytes 
3900000017c0110001ac03001002000001000000ffffffff7800000060000000000000000000000000000000000400000100000000000000050000031000000060000000030000004c00000000000f00000002000c000000000000000c0000005c005c004800590050004e004f0054004f004100440000000100000001000000040002000000000000000000ffffffff0800020000000000 
SMB Data Packet (hex):
----------------------
fe534d4240000000000000000b000000000000000000000007000000000000003f110000010000007d00004c05040000000000000000000000000000000000003900000017c0110001ac03001002000001000000ffffffff7800000060000000000000000000000000000000000400000100000000000000050000031000000060000000030000004c00000000000f00000002000c000000000000000c0000005c005c004800590050004e004f0054004f004100440000000100000001000000040002000000000000000000ffffffff0800020000000000
==================== SMB Message 9 ====================
SMB Header:
-----------
Command: 0x0B (SMB2_COM_IOCTL) 
Status: 0x80000005 
Flags: 0x01 
PID: 4415 
MID: 7 
TID: 1 
Data: 1072 bytes 
3100000017c0110001ac03001002000001000000ffffffff70000000000000007000000000040000000000000000000005000203100000000405000003000000ec0400000000000001000000010000000000020013000000040002001300000008000200000000800c00020010000200000000001400020018000200000000001c00020020000200000000802400020028000200000000002c00020030000200000000803400020038000200000000003c00020040000200000000004400020048000200000000004c00020050000200030000805400020058000200000000005c00020060000200000000006400020068000200000000006c00020070000200000000007400020078000200000000007c00020080000200000000008400020088000200000000008c00020090000200000000009400020098000200000000009c000200070000000000000007000000410044004d0049004e002400000000000d000000000000000d000000520065006d006f00740065002000410064006d0069006e000000000006000000000000000600000041006e0069006d00650000000100000000000000010000000000000018000000000000001800000042006f006f006b0073002000280041007500640069006f002000260020005700720069007400740065006e00290000000100000000000000010000000000000003000000000000000300000043002400000000000e000000000000000e000000440065006600610075006c007400200073006800610072006500000012000000000000001200000043006900760069006c00200045006e00670069006e0065006500720069006e00670000000100000000000000010000000000000003000000000000000300000044002400000000000e000000000000000e000000440065006600610075006c0074002000730068006100720065000000060000000000000006000000470061006d00650073000000010000000000000001000000000000000a000000000000000a0000004800440020004d006f0076006900650073000000010000000000000001000000000000000b000000000000000b00000048004400540056002000530068006f007700730000000000010000000000000001000000000000000500000000000000050000004900500043002400000000000b000000000000000b000000520065006d006f00740065002000490050004300000000000700000000000000070000004d006f00760069006500730000000000010000000000000001000000000000000600000000000000060000004d0075007300690063000000010000000000000001000000000000000700000000000000070000005000750062006c006900630000000000010000000000000001000000000000000f000000000000000f0000005000750062006c00690063002000550070006c006f00610064007300000000000100000000000000 
SMB Data Packet (hex):
----------------------
fe534d4240000000050000800b000100010000000000000007000000000000003f110000010000007d00004c05040000000000000000000000000000000000003100000017c0110001ac03001002000001000000ffffffff70000000000000007000000000040000000000000000000005000203100000000405000003000000ec0400000000000001000000010000000000020013000000040002001300000008000200000000800c00020010000200000000001400020018000200000000001c00020020000200000000802400020028000200000000002c00020030000200000000803400020038000200000000003c00020040000200000000004400020048000200000000004c00020050000200030000805400020058000200000000005c00020060000200000000006400020068000200000000006c00020070000200000000007400020078000200000000007c00020080000200000000008400020088000200000000008c00020090000200000000009400020098000200000000009c000200070000000000000007000000410044004d0049004e002400000000000d000000000000000d000000520065006d006f00740065002000410064006d0069006e000000000006000000000000000600000041006e0069006d00650000000100000000000000010000000000000018000000000000001800000042006f006f006b0073002000280041007500640069006f002000260020005700720069007400740065006e00290000000100000000000000010000000000000003000000000000000300000043002400000000000e000000000000000e000000440065006600610075006c007400200073006800610072006500000012000000000000001200000043006900760069006c00200045006e00670069006e0065006500720069006e00670000000100000000000000010000000000000003000000000000000300000044002400000000000e000000000000000e000000440065006600610075006c0074002000730068006100720065000000060000000000000006000000470061006d00650073000000010000000000000001000000000000000a000000000000000a0000004800440020004d006f0076006900650073000000010000000000000001000000000000000b000000000000000b00000048004400540056002000530068006f007700730000000000010000000000000001000000000000000500000000000000050000004900500043002400000000000b000000000000000b000000520065006d006f00740065002000490050004300000000000700000000000000070000004d006f00760069006500730000000000010000000000000001000000000000000600000000000000060000004d0075007300690063000000010000000000000001000000000000000700000000000000070000005000750062006c006900630000000000010000000000000001000000000000000f000000000000000f0000005000750062006c00690063002000550070006c006f00610064007300000000000100000000000000
==================== SMB Message 10 ====================
SMB Header:
-----------
Command: 0x06 (SMB2_COM_CLOSE) 
Status: 0x00000000 
Flags: 0x00 
PID: 4415 
MID: 8 
TID: 1 
Data: 24 bytes 
180000000000000001ac03001002000001000000ffffffff 
SMB Data Packet (hex):
----------------------
fe534d42400000000000000006000000000000000000000008000000000000003f110000010000007d00004c0504000000000000000000000000000000000000180000000000000001ac03001002000001000000ffffffff

[Finished in 0.2s with exit code 1]

What is going wrong and how can I fix it?

python
smb
asked on Stack Overflow Nov 6, 2012 by GeneralZero • edited Nov 6, 2012 by GeneralZero

2 Answers

3

I am not quite sure about the value of server_name is matched with 192.168.1.35. But it's an important parameter for SMBConnection, so I feed the variable in another way instead of feeding it a plain text, here is mine:

from nmb.NetBIOS import NetBIOS

def getBIOSName(remote_smb_ip, timeout=30):
    try:
        bios = NetBIOS()
        srv_name = bios.queryIPForName(remote_smb_ip, timeout=timeout)
    except:
        print >> sys.stderr, "Looking up timeout, check remote_smb_ip again!!"
    finally:
        bios.close()
        return srv_name
answered on Stack Overflow Jul 11, 2013 by askingyj • edited Jul 12, 2013 by askingyj
0

The following code works on python3 for reading a file from a windows share folder. I use pysmb_sample and content of file to create this code. I test it on Ubuntu 15.10, python 3.4 while receiving a file from a share folder from a windows server and it works fine.

import  urllib.request 
from smb.SMBHandler import SMBHandler

director = urllib.request.build_opener(SMBHandler)
fh = director.open('smb://username:password@IP_address/shareFolder/shareSubfolder/fileName')
print(fh.read())
fh.close()
answered on Stack Overflow Mar 13, 2016 by Ahmad Yoosofan • edited May 23, 2017 by Community

User contributions licensed under CC BY-SA 3.0