SMBv1 stack doesn't talk unicode on the wire about impacket HOT 8 OPEN

Hola mate!

Sorry for the delay response.. you rock!.. Let me dig your mail and I'll get 
back to you...Big thanks for taking a look at it (SMBv1 code is ugly).. and 
yes.. it does not support Unicode connections. Time to attack this issue :)

cheers!
beto

Hmm.. still trying to repro this issue based on your repro steps.

I've used a Windows 7 as the target.

1. chcp 866
2. mkdir b

then I forced smbclient.py to connect using smbv1 (change smbconnection.py and 
force the SMBConnection.__init__() preferredDialect to SMB_DIALECT

I connected to the target system.. smbclient.py is telling me I'm with smbv1 
and I see the directory as 'b'.

Mate.. did you take the same steps as myself?.. I might be missing something.

Be careful, in the "mkdir" command, it's not a "b" but a "Ь" (the cyrillic 
character). In your case, it still works because "b" is inherently and 
correctly converted to the ascii char code \x62 (cp866 and ascii table are the 
same for the ascii charset).

To reproduce the bug you have to create a directory or a file containing 
non-ascii char. The simpliest way is to create the char with Python and copy / 
paste the char in your Windows shell:

>>> print u"\u042c"
Ь

Tell me if it fixes your problem ;)

dumb me.. 

thanks for the clarification.. just managed to create that directory..

First problem I found is smbclient.py dumps an exception, even when running SMB 
v2.1 against the target.. And that has to do with the smbclient.py itself.  
Doesn't that happen to you? .. I'm running smbclient.py from OSx

Ok.. just saw your precmd addition into smbclient.py to prevent this problem 
happening with SMB >= v2. I'm first committing that change.

For the rest, I want to carefully look at your changes since it might break 
many things .. It's gonna take some time.

thanks again!
beto

It's ok, I probably missed something during my patching madness :) so, I think 
it's a good thing to carefully look at my changes. I don't have an overall view 
of the project and, yeah, it probably breaks something somewhere...

Anyway, if you need some help or if you have any question about my patch, 
please let me know ;)

Thanks to you for taking the time!

Renaud.

Nooo.. thank you for taking the time to provide a patch (and specially mess 
with smb.py..)

FYI, as far as I read, SMB_COM_TREE_CONNECT shouldn't encode unicode, from 
[MS-CIFS], 2.2.4.50.1:

Flags2 (2 bytes): The SMB_FLAGS2_UNICODE flag bit SHOULD be zero. Servers MUST 
ignore the SMB_FLAGS2_UNICODE flag and interpret strings in this request as 
OEM_STRING strings.<74>

Path (variable): A null-terminated string that represents the server and share 
name of the resource to which the client is attempting to connect. This field 
MUST be encoded using Universal Naming Convention (UNC) syntax. The string MUST 
be a null-terminated array of OEM characters, even if the client and server 
have negotiated to use Unicode strings.

This doesn't apply to SMB_COM_TREE_CONNECT_ANDX.

Let me know if you read something different.

thanks again!
beto

Oh yes you're right. All my fault :) when I patched smb.py, I read the 
documentation about SMB_COM_TREE_CONNECT_ANDX only and not 
SMB_COM_TREE_CONNECT... In my head, both could use Unicode... sorry about that 
and thanks for the feedback.

Renaud.