[jcifs] Creating DCE/RPC Requests
Michael B Allen
ioplex at gmail.com
Wed Jan 11 23:51:46 MST 2012
On Mon, Jan 9, 2012 at 12:01 PM, christofer.dutz at c-ware.de
<christofer.dutz at c-ware.de> wrote:
> Ok,
>
> after a more detailed comparison it seems there are more major differences as PsExec seems to communicate on port 135 and JCIFS on port 445.
> Currently it's pretty frustrating to not have ANY documentation at all available on JCIFS's usage, JARAPAC and MIDLC.
>
> Think I'll go back to implementing the communication on a raw TCP level as it seems easier to do this than to fix the available tools or to reverse engineer how to use them
> (especially to fix MIDLC and JARAPAC prior to using them ... especially JARAPACs build seems to be totally screwed). Using JCIFS for the file transfer and connecting to
> Windows Named-Pipes seems to work fine, but the DCERPC stuff seems to be a nightmare.
>
> Is there any resources available, giving me a small start on how to connect to svcctl? I sort of wasted the 5th day now trying to figure this out on my own.
Hi Chris.
The DCERPC layer is not a marquee feature of the JCIFS API. Its only
because it's well designed and implemented that people actually use it
at all.
Jarapac has nothing to do with JCIFS so I don't know why you're
looking at that. Jarapac is totally dead and should be deleted from
sourceforge. I don't think Jarapac every actually worked.
All I can recommend is that you compare the PDUs side-by-side and look
for differences. I somewhat doubt that binding or ports have anything
to do with it. If the bind works at all, the binding and port is not
the problem. It has to be something else. Look for parts of the PDU
that WireShark decodes differently or incorrectly.
Writing RPCs is not a trivial exercise. You will probably have to
learn more about RPCs and NDR encoding in general before you will be
successful. The most likely scenario is that your IDL is off slightly
and the resulting NDR encoded structures are just wrong.
If you post a link to Microsoft's website with info about the specific
RPC you're doing and it's IDL I can probably tell you if it's a hard
one and maybe what to watch out for.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
> -----Ursprüngliche Nachricht-----
> Von: jcifs-bounces at lists.samba.org [mailto:jcifs-bounces at lists.samba.org] Im Auftrag von christofer.dutz at c-ware.de
> Gesendet: Montag, 9. Januar 2012 14:45
> An: jcifs at lists.samba.org
> Betreff: Re: [jcifs] Creating DCE/RPC Requests
>
> Hi Mike,
>
> I compared the Wireshark dumps and actually found a difference.
> In the PsExec call to bind to the svcctl pipe two Ctx Items are sent and in the JCIFS version only one is sent.
> PsExec:
> - Item 1:
> - Interface: 367abb81-9844-35f1-ad32-98f038001003
> - Interface Ver: 2
> - Interface Ver minor: 0
> - Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860 Version 2
> - Item 2:
> - Interface: 367abb81-9844-35f1-ad32-98f038001003
> - Interface Ver: 2
> - Interface Ver minor: 0
> - Transfer Syntax: 6cb71c2c-9812-4540-0300-000000000000 Version 1
>
> In the JCIFS version only item one is sent, but that one is identical. So I guess that the remote host is expecting to receive this two-item binding request.
> Unfortunately I can't figure out how to make JCIFS send such a binding request.
>
> Help is greatly appreciated here.
>
> Chris
>
>
>
> [ C h r i s t o f e r D u t z ]
>
> C-Ware IT-Service
> Inhaber
> Dipl. Inf. Christofer Dutz
> Karlstraße. 104, 64285 Darmstadt
>
> fon: 0 61 51 / 27315 - 61
> fax: 0 61 51 / 27315 - 64
> mobil: 0171 / 7 444 2 33
> email: christofer.dutz at c-ware.de
>
> http://www.c-ware.de
>
> UStId-Nr. DE195700962
>
>
>
>
> -----Ursprüngliche Nachricht-----
> Von: Michael B Allen [mailto:ioplex at gmail.com]
> Gesendet: Donnerstag, 5. Januar 2012 09:17
> An: christofer.dutz at c-ware.de
> Cc: jcifs at lists.samba.org
> Betreff: Re: [jcifs] Creating DCE/RPC Requests
>
> On Wed, Jan 4, 2012 at 2:04 AM, christofer.dutz at c-ware.de <christofer.dutz at c-ware.de> wrote:
>> Hi,
>>
>>
>>
>> I am currently digging into using the DCE/RPC parts of JCIFS.
>> Unfortunately I am running into problems.
>>
>> Iused midlc (Version 0.6.1) To generate a JCIFS compatible stub for
>> the svcctl Service and am now trying to call it. Unfortunately I am
>> getting
>> "jcifs.dcerpc.DcerpcException: DCERPC_FAULT_PROTO_ERROR"
>>
>>
>>
>> Here comes my code:
>>
>>
>>
>> rpc.policy_handle scHandle = new rpc.policy_handle();
>>
>> SvcCtl.OpenSCManager openSCManagerRpc = new
>> SvcCtl.OpenSCManager(host, null, 0x0001 | 0x0002, scHandle);
>>
>>
>>
>> // Connection-oriented DCE/RPC over SMB named pipes.
>>
>> DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" +
>> host
>> + "[\\PIPE\\svcctl]",
>>
>>
>> ConcurrentNtlmAuthenticator.getInstance().getNtlmPasswordAuthenticatio
>> n());
>>
>> try {
>>
>> handle.sendrecv(openSCManagerRpc); ßThe
>> Exception is thrown when executing this line.
>>
>> if (openSCManagerRpc.retval != 0) {
>>
>> throw new SmbException(openSCManagerRpc.retval,
>> true);
>>
>> }
>>
>> } catch(Exception e) {
>>
>> e.printStackTrace();
>>
>> } finally {
>>
>> try {
>>
>> handle.close();
>>
>> } catch(IOException ioe) {
>>
>> ioe.printStackTrace();
>>
>> }
>>
>> }
>>
>>
>>
>> So what am I doing wrong? I would be really glad if you could help me
>> get started, as Googling doesn't seem to get me very far (There seems
>> to be almost no information on this available)
>
> Hi Chris,
>
> The IDL is probably wrong. Look at Samba IDL. There is a lot of IDL available in Microsoft documentation now too. Note that midlc only understands a small critical subset of MIDL. In practice you really need to get two captures and compare them side-by-side to verify that the NDR segments are encoded in an identical way. This is true even if you get it to actually work.
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
More information about the jCIFS
mailing list