This is during my study to InitializeSecurityContext and trying to gain a deeper understanding for various Microsoft Security

The code logic for SMB is contained under pingcastle\\Scanners\\Smb2Protocol.cs, function GetFCTL_QUERY_NETWORK_INFOat line 793.

SendNegotiateRequest

1. Initializing a TCP client. new TCPClient(). // Initializes a new instance of the System.Net.Sockets.TcpClient class.

2. Establish connection to port 445.

3. GetStream() Returns the System.Net.Sockets.NetworkStream used to send and receive data.

4. Initiate Smb2portocol class with previous TCP stream and a Server String.

5. NegotiateRequest(0x0302).

   1. Smb2protoco.BuildNegotiatePacket(0x0302)

      1. Generate Smb2HeaderFrom Command

         public byte[] GenerateSmb2HeaderFromCommand(SBM2_Command command)
                 {
         //// <https://msdn.microsoft.com/en-us/library/cc246529.aspx> for SMB2_Header Struct
                     SMB2_Header header = new SMB2_Header();
                     header.ProtocolId = 0x424D53FE;
                     header.Command = (byte)command;
                     header.StructureSize = 64;
                     header.MessageId = _messageId++;
                     header.Reserved = 0xFEFF;
                     header.SessionId = _sessionid;
                     header.TreeId = _TreeId;
                     return getBytes(header);
                 }
         

      2. GetNegotiateMessageSmbv2()

         public static byte[] GetNegotiateMessageSmbv2(int DialectToTest)
                 {
                     SMB2_NegotiateRequest request = new SMB2_NegotiateRequest();
                     request.StructureSize = 36;
                     request.DialectCount = 1;
                     request.SecurityMode = 1; // signing enabled
                     request.ClientGuid = Guid.NewGuid();
                     request.DialectToTest = (UInt16)DialectToTest;
                     request.Capabilities = 1; //DFS
                     return getBytes(request);
                 }
         

      3. Build the SMB protocol with Header + MEssage with BuildPacket()

      public static byte[] BuildPacket(params byte[][] bytes)
              {
                  int size = 0;
                  foreach (var array in bytes)
                  {
                      if (array == null)
                          continue;
                      size += array.Length;
                  }
                  byte[] output = new byte[size + 4];
                  var byteSize = BitConverter.GetBytes(size);
                  output[0] = byteSize[3];
                  output[1] = byteSize[2];
                  output[2] = byteSize[1];
                  output[3] = byteSize[0];
                  int offset = 4;
                  foreach (var array in bytes)
                  {
                      if (array == null)
                          continue;
                      Array.Copy(array, 0, output, offset, array.Length);
                      offset += array.Length;
                  }
                  return output;
              }