[jcifs] Creating DCE/RPC Requests
Michael B Allen
ioplex at gmail.com
Thu Jan 12 08:22:10 MST 2012
On Thu, Jan 12, 2012 at 4:29 AM, christofer.dutz at c-ware.de
<christofer.dutz at c-ware.de> wrote:
> Hi Mike,
>
> I was just mentioning those three Projects as all of them claim to address the topic of RPCs.
> The IDL for the service I want to access is propably this one: http://msdn.microsoft.com/en-us/library/cc245860(v=prot.10).aspx
> The midlc package also comes with part of this inside the svcctl.idl ... This was what I wanted to start with, but it didn't succeed.
> Having a look at PsExecs communication and the one of jcifs there are really major differences. Both solutions seem to address different ports (See my latest post to this topic)
I don't see anything about "PsExecs" in the svcctl IDL. Obviously
you're not going to get very far unless you at least identify which
command you're trying to implement.
> I guess just having a look at the bytes doesn't help here as the entire communication seems to be entirely different. As there is no documentation available I have no idea of how to make both communicate equally.
>
> I ordered 2 Books:
> - Implementing CIFS: The Common Internet File System
> - DCE/RPC over SMB: Samba and Windows NT Domain Internals
The best documentation would be the "Windows Server Protocols"
documentation from Microsoft that was a result of the EU settlement.
You can find it digging around on Microsofts website. You'll find
documents about DCERPC, NDR, the IDL for all the various services,
etc.
Mike
--
Michael B Allen
Java Active Directory Integration
http://www.ioplex.com/
> -----Ursprüngliche Nachricht-----
> Von: Michael B Allen [mailto:ioplex at gmail.com]
> Gesendet: Donnerstag, 12. Januar 2012 07:52
> An: christofer.dutz at c-ware.de
> Cc: jcifs at lists.samba.org
> Betreff: Re: [jcifs] Creating DCE/RPC Requests
>
> On Mon, Jan 9, 2012 at 12:01 PM, christofer.dutz at c-ware.de <christofer.dutz at c-ware.de> wrote:
>> Ok,
>>
>> after a more detailed comparison it seems there are more major differences as PsExec seems to communicate on port 135 and JCIFS on port 445.
>> Currently it's pretty frustrating to not have ANY documentation at all available on JCIFS's usage, JARAPAC and MIDLC.
>>
>> Think I'll go back to implementing the communication on a raw TCP
>> level as it seems easier to do this than to fix the available tools or
>> to reverse engineer how to use them (especially to fix MIDLC and JARAPAC prior to using them ... especially JARAPACs build seems to be totally screwed). Using JCIFS for the file transfer and connecting to Windows Named-Pipes seems to work fine, but the DCERPC stuff seems to be a nightmare.
>>
>> Is there any resources available, giving me a small start on how to connect to svcctl? I sort of wasted the 5th day now trying to figure this out on my own.
>
> Hi Chris.
>
> The DCERPC layer is not a marquee feature of the JCIFS API. Its only because it's well designed and implemented that people actually use it at all.
>
> Jarapac has nothing to do with JCIFS so I don't know why you're looking at that. Jarapac is totally dead and should be deleted from sourceforge. I don't think Jarapac every actually worked.
>
> All I can recommend is that you compare the PDUs side-by-side and look for differences. I somewhat doubt that binding or ports have anything to do with it. If the bind works at all, the binding and port is not the problem. It has to be something else. Look for parts of the PDU that WireShark decodes differently or incorrectly.
>
> Writing RPCs is not a trivial exercise. You will probably have to learn more about RPCs and NDR encoding in general before you will be successful. The most likely scenario is that your IDL is off slightly and the resulting NDR encoded structures are just wrong.
>
> If you post a link to Microsoft's website with info about the specific RPC you're doing and it's IDL I can probably tell you if it's a hard one and maybe what to watch out for.
>
> Mike
>
> --
> Michael B Allen
> Java Active Directory Integration
> http://www.ioplex.com/
>
>
>
>> -----Ursprüngliche Nachricht-----
>> Von: jcifs-bounces at lists.samba.org [mailto:jcifs-bounces at lists.samba.org] Im Auftrag von christofer.dutz at c-ware.de
>> Gesendet: Montag, 9. Januar 2012 14:45
>> An: jcifs at lists.samba.org
>> Betreff: Re: [jcifs] Creating DCE/RPC Requests
>>
>> Hi Mike,
>>
>> I compared the Wireshark dumps and actually found a difference.
>> In the PsExec call to bind to the svcctl pipe two Ctx Items are sent and in the JCIFS version only one is sent.
>> PsExec:
>> - Item 1:
>> - Interface: 367abb81-9844-35f1-ad32-98f038001003
>> - Interface Ver: 2
>> - Interface Ver minor: 0
>> - Transfer Syntax: 8a885d04-1ceb-11c9-9fe8-08002b104860 Version 2
>> - Item 2:
>> - Interface: 367abb81-9844-35f1-ad32-98f038001003
>> - Interface Ver: 2
>> - Interface Ver minor: 0
>> - Transfer Syntax: 6cb71c2c-9812-4540-0300-000000000000 Version 1
>>
>> In the JCIFS version only item one is sent, but that one is identical. So I guess that the remote host is expecting to receive this two-item binding request.
>> Unfortunately I can't figure out how to make JCIFS send such a binding request.
>>
>> Help is greatly appreciated here.
>>
>> Chris
>>
>>
>>
>> [ C h r i s t o f e r D u t z ]
>>
>> C-Ware IT-Service
>> Inhaber
>> Dipl. Inf. Christofer Dutz
>> Karlstraße. 104, 64285 Darmstadt
>>
>> fon: 0 61 51 / 27315 - 61
>> fax: 0 61 51 / 27315 - 64
>> mobil: 0171 / 7 444 2 33
>> email: christofer.dutz at c-ware.de
>>
>> http://www.c-ware.de
>>
>> UStId-Nr. DE195700962
>>
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: Michael B Allen [mailto:ioplex at gmail.com]
>> Gesendet: Donnerstag, 5. Januar 2012 09:17
>> An: christofer.dutz at c-ware.de
>> Cc: jcifs at lists.samba.org
>> Betreff: Re: [jcifs] Creating DCE/RPC Requests
>>
>> On Wed, Jan 4, 2012 at 2:04 AM, christofer.dutz at c-ware.de <christofer.dutz at c-ware.de> wrote:
>>> Hi,
>>>
>>>
>>>
>>> I am currently digging into using the DCE/RPC parts of JCIFS.
>>> Unfortunately I am running into problems.
>>>
>>> Iused midlc (Version 0.6.1) To generate a JCIFS compatible stub for
>>> the svcctl Service and am now trying to call it. Unfortunately I am
>>> getting
>>> "jcifs.dcerpc.DcerpcException: DCERPC_FAULT_PROTO_ERROR"
>>>
>>>
>>>
>>> Here comes my code:
>>>
>>>
>>>
>>> rpc.policy_handle scHandle = new rpc.policy_handle();
>>>
>>> SvcCtl.OpenSCManager openSCManagerRpc = new
>>> SvcCtl.OpenSCManager(host, null, 0x0001 | 0x0002, scHandle);
>>>
>>>
>>>
>>> // Connection-oriented DCE/RPC over SMB named pipes.
>>>
>>> DcerpcHandle handle = DcerpcHandle.getHandle("ncacn_np:" +
>>> host
>>> + "[\\PIPE\\svcctl]",
>>>
>>>
>>> ConcurrentNtlmAuthenticator.getInstance().getNtlmPasswordAuthenticatio
>>> n());
>>>
>>> try {
>>>
>>> handle.sendrecv(openSCManagerRpc); ßThe
>>> Exception is thrown when executing this line.
>>>
>>> if (openSCManagerRpc.retval != 0) {
>>>
>>> throw new SmbException(openSCManagerRpc.retval,
>>> true);
>>>
>>> }
>>>
>>> } catch(Exception e) {
>>>
>>> e.printStackTrace();
>>>
>>> } finally {
>>>
>>> try {
>>>
>>> handle.close();
>>>
>>> } catch(IOException ioe) {
>>>
>>> ioe.printStackTrace();
>>>
>>> }
>>>
>>> }
>>>
>>>
>>>
>>> So what am I doing wrong? I would be really glad if you could help me
>>> get started, as Googling doesn't seem to get me very far (There seems
>>> to be almost no information on this available)
>>
>> Hi Chris,
>>
>> The IDL is probably wrong. Look at Samba IDL. There is a lot of IDL available in Microsoft documentation now too. Note that midlc only understands a small critical subset of MIDL. In practice you really need to get two captures and compare them side-by-side to verify that the NDR segments are encoded in an identical way. This is true even if you get it to actually work.
>>
>> Mike
>>
>> --
>> Michael B Allen
>> Java Active Directory Integration
>> http://www.ioplex.com/
More information about the jCIFS
mailing list