WriteAndX Offset
beratozbay opened this issue · 1 comments
beratozbay commented
Hello Kevin,
I was looking your SMBExec code and I realize that you have constant offset(1002) at WriteAndX part. I am cofused about it. I think it is about svcctl pipe but I don't know the reason.
Can you explain the reason?
Kevin-Robertson commented
Hi,
It's been a long time since I messed with the SMB1 code. I likely just pulled that offset from a psexec or metasploit packet capture. I don't remember ever needing to mess with that field for this specific SMB1 task. It appears to be tied to the wordcount field.
https://msdn.microsoft.com/en-us/library/ee441954.aspx
I just tried a few random values including 0 and they all seem to work with SMBExec. Does that seem like it would be incorrect?