Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
@tryjsky/v9u-smb2
Advanced tools
v9u-smb2 with Node v17 patch.
This library is a simple implementation of SMB2 for Node.js. It allows you to access a SMB2 share as if you were using the native fs library.
The development is still at an experimental stage and should not be yet considered for production environment.
npm install -S v9u-smb2
All async methods can be used with Node-style callbacks or return promises if none is passed:
// Node-style callback
smb2Client.readFile('foo.txt', function(err, content) {
if (err) throw err;
console.log(content);
});
// With promise, ideal with ES2017 async functions
const content = await smb2Client.readFile('foo.txt');
console.log(content);
var smb2Client = new SMB2 ( options )
The SMB2 class is the constructor of your SMB2 client.
the parameter options
accepts this list of attributes:
share
: the share you want to accessdomain
: the domain of which the user is registeredusername
: the username of the user that access the sharepassword
: the passwordport
(optional): default 445
, the port of the SMB serverpacketConcurrency
(optional): default 20
, the number of simultaneous packet when writing / reading data from the shareautoCloseTimeout
(optional): default 10000
, the timeout in milliseconds before to close the SMB2 session and the socket, if set to 0
the connection will never be closed unless you do itExample:
// load the library
var SMB2 = require('@marsaud/smb2');
// create an SMB2 instance
var smb2Client = new SMB2({
share: '\\\\000.000.000.000\\c$',
domain: 'DOMAIN',
username: 'username',
password: 'password!',
});
The connection to the SMB server will be automatically open when necessary.
Unless you have set autoCloseTimeout
to 0
during client construction, the connection will be closed automatically.
If you have set autoCloseTimeout
to 0
, the connection MUST be closed manually:
smb2Client.disconnect();
smb2Client.exists ( path, callback )
Test whether or not the given path exists by checking with the file system.
Example:
smb2Client.exists('path\\to\\my\\file.txt', function(err, exists) {
if (err) throw err;
console.log(exists ? "it's there" : "it's not there!");
});
smb2Client.mkdir ( path, [mode], callback )
Asynchronous mkdir(2)
: create a directory.
mode
defaults to 0o777
.
Example:
smb2Client.mkdir('path\\to\\the\\directory', function(err) {
if (err) throw err;
console.log('Directory created!');
});
smb2Client.readdir ( path, [options], callback )
path
Stringoptions
Object
encoding
String | Null default = nullcallback
FunctionAsynchronous readdir(3)
: reads the contents of a directory.
The result is an array of the names of the files in the directory excluding '.'
and '..'
.
If you want the response to include stats, you need to pass the stats: true
. Response will be an Array of this form:
[
{
name: String,
birthtime: Date,
mtime: Date,
atime: Date,
ctime: Date,
isDirectory(): boolean
},
...
]
Example:
smb2Client.readdir('Windows\\System32', function(err, files) {
if (err) throw err;
console.log(files);
});
smb2Client.stat ( path, callback )
path
Stringcallback
FunctionAsynchronous stat
: query stats of a directory or file.
Response will be an object with the following structure :
{
birthtime: Date,
mtime: Date,
atime: Date,
ctime: Date,
isDirectory(): boolean
}
smb2Client.readFile ( path, [options], callback )
path
Stringoptions
Object
encoding
String | Null default = nullcallback
FunctionAsynchronously reads the entire content of a file.
Example:
smb2Client.readFile('path\\to\\my\\file.txt', function(err, content) {
if (err) throw err;
console.log(content);
});
If no encoding is specified, then the raw buffer is returned.
smb2Client.rename ( oldPath, newPath, [ options, ] callback )
Asynchronous rename(2)
: rename a file.
smb2Client.rename(
'path\\to\\my\\file.txt',
'new\\path\\to\\my\\new-file-name.txt',
function(err) {
if (err) throw err;
console.log('file has been renamed');
}
);
Existing files are not replaced by default, you need to pass the replace: true
option for this use case:
smb2Client.rename(
'path\\to\\my\\file.txt',
'path\\to\\existing\\file.txt',
{
replace: true
}
function(err) {
if (err) throw err;
console.log('file has been renamed');
}
);
smb2Client.rmdir ( path, callback )
Asynchronous rmdir(2)
: delete an empty directory.
Example:
smb2Client.rmdir('path\\to\\the\\directory', function(err) {
if (err) throw err;
console.log('Directory deleted!');
});
smb2Client.unlink ( path, callback )
Asynchronous unlink(2)
: delete a file.
smb2Client.unlink('path\\to\\my\\file.txt', function(err) {
if (err) throw err;
console.log('file has been deleted');
});
smb2Client.writeFile ( filename, data, [options], callback )
filename
Stringdata
String | Bufferoptions
Object
encoding
String | Null default = 'utf8'
callback
FunctionAsynchronously writes data to a file, replacing the file if it already exists. data can be a string or a buffer.
The encoding option is ignored if data is a buffer.
Example:
smb2Client.writeFile('path\\to\\my\\file.txt', 'Hello Node', function(err) {
if (err) throw err;
console.log("It's saved!");
});
smb2Client.truncate ( filename, length, callback )
filename
Stringlength
Numbercallback
FunctionAsynchronously truncate a file to a size of precisely length bytes.
Example:
smb2Client.truncate('path\\to\\my\\file.txt', 10, function(err) {
if (err) throw err;
console.log("It's truncated!");
});
smb2Client.createReadStream ( fileName, [options], callback )
Returns a read stream on the file.
Unlike
fs.createReadStream
, this function is asynchronous, as we need use asynchronous smb requests to get the stream.
Example:
smb2Client.createReadStream('path\\to\\the\\file', function(err, readStream) {
if (err) throw err;
var writeStream = fs.createWriteStream('localFile');
readStream.pipe(writeStream);
});
Supported options:
autoClose
: whether the fd
should be closed at the end or on error, default true
end
: offset in the file after which to stop reading, default Infinity
fd
: if specified, the path will be ignored and this opened file will be used insteadflags
: see Node documentation, default 'r'
start
: offset in the file from which to start reading, default 0
smb2Client.createWriteStream ( fileName, [options], callback )
Returns a write stream on the file.
Unlike
fs.createWriteStream
, this function is asynchronous, as we need use asynchronous smb requests to get the stream.
Example:
smb2Client.createWriteStream('path\\to\\the\\file', function(err, writeStream) {
if (err) throw err;
var readStream = fs.createReadStream('localFile');
readStream.pipe(writeStream);
});
Supported options:
autoClose
: whether the fd
should be closed at the end or on error, default true
fd
: if specified, the path will be ignored and this opened file will be used insteadflags
: see Node documentation, default 'wx'
start
: offset in the file from which to start writing, default 0
smb2Client.open('path\\to\\the\\file', 'r', function(err, fd) {
if (err) throw err;
smb2Client.read(
fd, // file descriptor
Buffer.alloc(10), // buffer where to store the data
0, // offset in the buffer
10, // number of bytes to read
0, // offset in the file
function(err, bytesRead, buffer) {
smb2Client.close(fd, function() {});
if (err) throw cb(err);
console.log(bytesRead, buffer);
}
);
});
smb2Client.open('path\\to\\the\\file', 'w', function(err, fd) {
if (err) throw err;
smb2Client.write(
fd, // file descriptor
Buffer.from('foo bar\n'), // data to write to the file
0, // offset in the buffer
10, // number of bytes to write
0, // offset in the file
function(err, bytesWritten, buffer) {
smb2Client.close(fd, function() {});
if (err) throw cb(err);
console.log(bytesWritten);
}
);
});
This API is modeled after Node's
fs
module.
Note: be careful of
autoCloseTimeout
with this process as it is not intended to cover multiple method calls, you should set it to0
and manuallydisconnect()
.
The[MS-SMB2]: Server Message Block (SMB) Protocol Versions 2 and 3
Copyright (C) 2014 Microsoft
http://msdn.microsoft.com/en-us/library/cc246482.aspx
(The MIT License)
Copyright (c) 2013-2014 Benjamin Chelli <benjamin@chelli.net>
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the 'Software'), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
FAQs
v9u-smb2 with Node v17 patch
We found that @tryjsky/v9u-smb2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.