Adds test about smb ntlmssp arbitrary order

author Philippe Antoine <contact@catenacyber.fr>

Tue, 6 Dec 2022 13:28:48 +0000 (14:28 +0100)

committer Victor Julien <victor@inliniac.net>

Wed, 25 Jan 2023 19:27:58 +0000 (20:27 +0100)
author Philippe Antoine <contact@catenacyber.fr>
Tue, 6 Dec 2022 13:28:48 +0000 (14:28 +0100)
committer Victor Julien <victor@inliniac.net>
Wed, 25 Jan 2023 19:27:58 +0000 (20:27 +0100)
diff --git a/tests/smb2-ntlmssp-order/README.md b/tests/smb2-ntlmssp-order/README.md

new file mode 100644 (file)

index 0000000..fc625cc
--- /dev/null
+++ b/tests/smb2-ntlmssp-order/README.md
@@ -0,0 +1,4 @@
+PCAP
+====
+
+Pcap from smb2-03-rule edited to switch host and user offsets in NTLMSSP
diff --git a/tests/smb2-ntlmssp-order/smb2.pcap b/tests/smb2-ntlmssp-order/smb2.pcap

new file mode 100644 (file)

index 0000000..a384afc

Binary files /dev/null and b/tests/smb2-ntlmssp-order/smb2.pcap differ
diff --git a/tests/smb2-ntlmssp-order/test.yaml b/tests/smb2-ntlmssp-order/test.yaml

new file mode 100644 (file)

index 0000000..f708cb3
--- /dev/null
+++ b/tests/smb2-ntlmssp-order/test.yaml
@@ -0,0 +1,18 @@
+requires:
+  min-version: 6
+
+args:
+- --set stream.reassembly.depth=0
+
+checks:
+  - filter:
+      count: 1
+      match:
+        event_type: smb
+        smb.id: 3
+        smb.dialect: "2.02"
+        smb.command: SMB2_COMMAND_SESSION_SETUP
+        smb.status: STATUS_SUCCESS
+        smb.ntlmssp.domain: "CONTOSO"
+        smb.ntlmssp.user: "SERVER01"
+        smb.ntlmssp.host: "Administrator"
author	Philippe Antoine <contact@catenacyber.fr>
	Tue, 6 Dec 2022 13:28:48 +0000 (14:28 +0100)
committer	Victor Julien <victor@inliniac.net>
	Wed, 25 Jan 2023 19:27:58 +0000 (20:27 +0100)
tests/smb2-ntlmssp-order/README.md	[new file with mode: 0644]	patch \| blob
tests/smb2-ntlmssp-order/smb2.pcap	[new file with mode: 0644]	patch \| blob
tests/smb2-ntlmssp-order/test.yaml	[new file with mode: 0644]	patch \| blob