packetgen-plugin-smb 0.3.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/specs.yml +28 -0
  3. data/.rubocop.yml +8 -1
  4. data/Gemfile +15 -3
  5. data/README.md +59 -3
  6. data/Rakefile +10 -4
  7. data/examples/llmnr-responder +110 -0
  8. data/examples/smb-responder +233 -0
  9. data/lib/packetgen-plugin-smb.rb +5 -2
  10. data/lib/packetgen/plugin/gssapi.rb +11 -6
  11. data/lib/packetgen/plugin/llmnr.rb +58 -0
  12. data/lib/packetgen/plugin/netbios.rb +19 -0
  13. data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
  14. data/lib/packetgen/plugin/netbios/name.rb +64 -0
  15. data/lib/packetgen/plugin/netbios/session.rb +72 -0
  16. data/lib/packetgen/plugin/ntlm.rb +211 -0
  17. data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
  18. data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
  19. data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
  20. data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
  21. data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
  22. data/lib/packetgen/plugin/smb.rb +27 -15
  23. data/lib/packetgen/plugin/smb/blocks.rb +2 -4
  24. data/lib/packetgen/plugin/smb/browser.rb +8 -8
  25. data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
  26. data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
  27. data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
  28. data/lib/packetgen/plugin/smb/close.rb +2 -2
  29. data/lib/packetgen/plugin/smb/close/request.rb +3 -3
  30. data/lib/packetgen/plugin/smb/close/response.rb +3 -3
  31. data/lib/packetgen/plugin/smb/filetime.rb +30 -3
  32. data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
  33. data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
  34. data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
  35. data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
  36. data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
  37. data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
  38. data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
  39. data/lib/packetgen/plugin/smb/string.rb +60 -23
  40. data/lib/packetgen/plugin/smb/trans.rb +2 -2
  41. data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
  42. data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
  43. data/lib/packetgen/plugin/smb2.rb +20 -9
  44. data/lib/packetgen/plugin/smb2/base.rb +5 -7
  45. data/lib/packetgen/plugin/smb2/error.rb +3 -4
  46. data/lib/packetgen/plugin/smb2/guid.rb +6 -4
  47. data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
  48. data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
  49. data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
  50. data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
  51. data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
  52. data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
  53. data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
  54. data/lib/packetgen/plugin/smb_version.rb +3 -1
  55. data/packetgen-plugin-smb.gemspec +10 -15
  56. metadata +28 -81
  57. data/.travis.yml +0 -12
data/lib/packetgen/plugin/ntlm/negotiate.rb ADDED
@@ -0,0 +1,127 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is part of packetgen-plugin-smb.
4
+ # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
5
+ # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
6
+ # This program is published under MIT license.
7
+
8
+ module PacketGen::Plugin
9
+ class NTLM
10
+ # NTLM Negotiate message
11
+ # @author Sylvain Daubert
12
+ class Negotiate < NTLM
13
+ # @return [String]
14
+ attr_accessor :domain_name
15
+ # @return [String]
16
+ attr_accessor :workstation
17
+
18
+ update_field :type, default: NTLM::TYPES['negotiate']
19
+ # @!attribute flags
20
+ # Negotiate flags
21
+ # @return [Integer]
22
+
23
+ # @!group Negotiate flags
24
+ # @!attribute nego56?
25
+ # Also known as +flags_w?+.
26
+ # @return [Boolean]
27
+ # @!attribute key_exch?
28
+ # Also known as +flags_v?+
29
+ # @return [Boolean]
30
+ # @!attribute nego128?
31
+ # Also known as +flags_u?+
32
+ # @return [Boolean]
33
+ # @!attribute version?
34
+ # Also known as +flags_t+
35
+ # @return [Integer]
36
+ # @!attribute target_info?
37
+ # Also known as +flags_s?+
38
+ # @return [Boolean]
39
+ # @!attribute non_nt_session_key?
40
+ # Also known as +flags_r?+
41
+ # @return [Boolean]
42
+ # @!attribute identify?
43
+ # Also known as +flags_q+
44
+ # @return [Boolean]
45
+ # @!attribute ext_session_security?
46
+ # Also known as +flags_p?+
47
+ # @return [Boolean]
48
+ # @!attribute target_type_server?
49
+ # Also known as +flags_o?+
50
+ # @return [Boolean]
51
+ # @!attribute target_type_domain?
52
+ # Also known as +flags_n?+
53
+ # @return [Boolean]
54
+ # @!attribute always_sign?
55
+ # Also known as +flags_m?+
56
+ # @return [Boolean]
57
+ # @!attribute oem_workstation_supplied?
58
+ # Also known as +flags_l?+
59
+ # @return [Boolean]
60
+ # @!attribute oem_domain_supplied?
61
+ # Also known as +flags_k?+
62
+ # @return [Boolean]
63
+ # @!attribute anonymous?
64
+ # Also known as +flags_j?+
65
+ # @return [Boolean]
66
+ # @!attribute ntlm?
67
+ # Also known as +flags_h?+
68
+ # @return [Boolean]
69
+ # @!attribute lm_key?
70
+ # Also known as +flags_g?+
71
+ # @return [Boolean]
72
+ # @!attribute datagram?
73
+ # Also known as +flags_f?+
74
+ # @return [Boolean]
75
+ # @!attribute seal?
76
+ # Also known as +flags_e?+
77
+ # @return [Boolean]
78
+ # @!attribute sign?
79
+ # Also known as +flags_d?+
80
+ # @return [Boolean]
81
+ # @!attribute request_target?
82
+ # Also known as +flags_c?+
83
+ # @return [Boolean]
84
+ # @!attribute oem?
85
+ # Also known as +flags_b?+
86
+ # @return [Boolean]
87
+ # @!attribute unicode?
88
+ # Also known as +flags_a?+
89
+ # @return [Boolean]
90
+ define_negotiate_flags
91
+ # @!endgroup Negotiate flags
92
+
93
+ # @!attribute domain_name
94
+ # Name of the client authentication domain. Must be OEM encoded.
95
+ # @return [PacketGen::Types::String]
96
+ # @!attribute domain_name_len
97
+ # 2-byte domain name length
98
+ # @return [Integer]
99
+ # @!attribute domain_name_maxlen
100
+ # 2-byte domain name max length
101
+ # @return [Integer]
102
+ # @!attribute domain_name_offset
103
+ # 4-byte domain name offset
104
+ # @return [Integer]
105
+ define_in_payload :domain_name, PacketGen::Types::String
106
+
107
+ # @!attribute workstation
108
+ # Name of the client machine. Must be OEM encoded.
109
+ # @return [PacketGen::Types::String]
110
+ # @!attribute workstation_len
111
+ # 2-byte workstation length
112
+ # @return [Integer]
113
+ # @!attribute workstation_maxlen
114
+ # 2-byte workstation max length
115
+ # @return [Integer]
116
+ # @!attribute workstation_offset
117
+ # 4-byte workstation offset
118
+ # @return [Integer]
119
+ define_in_payload :workstation, PacketGen::Types::String
120
+
121
+ # @!attribute version
122
+ # 8-byte version information
123
+ # @return [String]
124
+ define_field_before :payload, :version, PacketGen::Types::String, static_length: 8, default: VOID_VERSION
125
+ end
126
+ end
127
+ end
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb ADDED
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is part of packetgen-plugin-smb.
4
+ # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
5
+ # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
6
+ # This program is published under MIT license.
7
+
8
+ module PacketGen::Plugin
9
+ class NTLM
10
+ class Ntlmv2Response < PacketGen::Types::Fields
11
+ # @!attribute response
12
+ # 16-byte array of unsigned char containing the client's NT challenge
13
+ # response.
14
+ # @return [String]
15
+ define_field :response, PacketGen::Types::String, static_length: 16
16
+ alias ntproof_str response
17
+ alias ntproof_str= response=
18
+
19
+ # @!attribute type
20
+ # 8-bit current version of the challenge. Should be 1.
21
+ # @return [Integer]
22
+ define_field :type, PacketGen::Types::Int8, default: 1
23
+ # @!attribute hi_type
24
+ # 8-bit maximum supported version of the challenge. Should be 1.
25
+ # @return [Integer]
26
+ define_field :hi_type, PacketGen::Types::Int8, default: 1
27
+ # @!attribute reserved1
28
+ # 16-bit reserved word.
29
+ # @return [Integer]
30
+ define_field :reserved1, PacketGen::Types::Int16le
31
+ # @!attribute reserved2
32
+ # 32-bit reserved word.
33
+ # @return [Integer]
34
+ define_field :reserved2, PacketGen::Types::Int32le
35
+ # @!attribute timestamp
36
+ # 64-bit current system time.
37
+ # @return [SMB::Filetime]
38
+ define_field :timestamp, SMB::Filetime
39
+ # @!attribute client_challenge
40
+ # 8-byte challenge from client
41
+ # @return [String]
42
+ define_field :client_challenge, PacketGen::Types::String, static_length: 8
43
+ # @!attribute reserved3
44
+ # 32-bit reserved word.
45
+ # @return [Integer]
46
+ define_field :reserved3, PacketGen::Types::Int32le
47
+ # @!attribute avpairs
48
+ # @return [ArrayOfAvPair]
49
+ define_field :avpairs, ArrayOfAvPair
50
+
51
+ # @return [false]
52
+ def empty?
53
+ false
54
+ end
55
+
56
+ alias size sz
57
+ end
58
+ end
59
+ end
data/lib/packetgen/plugin/smb.rb CHANGED
@@ -1,26 +1,26 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  # Server Message Block (SMB) header.
10
10
  # @author Sylvain Daubert
11
11
  class SMB < PacketGen::Header::Base
12
12
  # Known commands
13
13
  COMMANDS = {
14
- 'delete_dir' => 0x01,
15
- 'close' => 0x04,
16
- 'delete' => 0x06,
17
- 'query_info2' => 0x23,
18
- 'trans' => 0x25,
19
- 'echo' => 0x2b,
20
- 'open_and_x' => 0x2d,
21
- 'read_and_x' => 0x2e,
22
- 'write_and_x' => 0x2f,
23
- 'trans2' => 0x32,
14
+ 'delete_dir' => 0x01,
15
+ 'close' => 0x04,
16
+ 'delete' => 0x06,
17
+ 'query_info2' => 0x23,
18
+ 'trans' => 0x25,
19
+ 'echo' => 0x2b,
20
+ 'open_and_x' => 0x2d,
21
+ 'read_and_x' => 0x2e,
22
+ 'write_and_x' => 0x2f,
23
+ 'trans2' => 0x32,
24
24
  'tree_disconnect' => 0x71,
25
25
  'negotiate' => 0x72,
26
26
  'session_setup_and_x' => 0x73,
@@ -171,6 +171,13 @@ module PacketGen::Plugin
171
171
  self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) }
172
172
  end
173
173
 
174
+ # Check if this is really a SMB2 header. Check {#protocol} has value {MARKER}.
175
+ # @return [Boolean]
176
+ def parse?
177
+ protocol == MARKER
178
+ end
179
+
180
+ # @return [String]
174
181
  def inspect
175
182
  super do |attr|
176
183
  case attr
@@ -190,14 +197,19 @@ module PacketGen::Plugin
190
197
  end
191
198
  end
192
199
  PacketGen::Header.add_class SMB
193
- PacketGen::Header::NetBIOS::Session.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
194
- PacketGen::Header::NetBIOS::Datagram.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
200
+ NetBIOS::Session.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
201
+ NetBIOS::Datagram.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
195
202
  end
196
203
 
197
204
  require_relative 'smb/string'
198
205
  require_relative 'smb/filetime'
206
+ require_relative 'smb/blocks'
199
207
  require_relative 'smb/close'
200
208
  require_relative 'smb/trans'
201
209
  require_relative 'smb/nt_create_and_x'
210
+ require_relative 'smb/negotiate'
202
211
  require_relative 'smb/browser'
203
- require_relative 'smb/blocks'
212
+
213
+ # If unknown command, bind SMB blocks
214
+ PacketGen::Header.add_class PacketGen::Plugin::SMB::Blocks
215
+ PacketGen::Plugin::SMB.bind PacketGen::Plugin::SMB::Blocks
data/lib/packetgen/plugin/smb/blocks.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Common blocks used for unsupported SMB messages.
@@ -42,6 +42,4 @@ module PacketGen::Plugin
42
42
  end
43
43
  end
44
44
  end
45
- PacketGen::Header.add_class SMB::Blocks
46
- SMB.bind SMB::Blocks
47
45
  end
data/lib/packetgen/plugin/smb/browser.rb CHANGED
@@ -1,16 +1,22 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Browser Trans sub-protocol.
11
11
  # See subclasses.
12
12
  # @author Sylvain Daubert
13
13
  class Browser < PacketGen::Header::Base
14
+ # Give protocol name for this class
15
+ # @return [String]
16
+ def self.protocol_name
17
+ 'SMB::Browser'
18
+ end
19
+
14
20
  OPCODES = {
15
21
  'HostAnnouncement' => 1,
16
22
  'HostAnnouncementReq' => 2,
@@ -57,12 +63,6 @@ module PacketGen::Plugin
57
63
  end
58
64
  end
59
65
 
60
- # Give protocol name for this class
61
- # @return [String]
62
- def protocol_name
63
- 'SMB::Browser'
64
- end
65
-
66
66
  # Callback called when a Browser header is added to a packet.
67
67
  # Here, add +#smb_browser+ method as a shortcut to existing
68
68
  # +#smb_browser_*+ method.
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -20,11 +20,6 @@ module PacketGen::Plugin
20
20
  alias browser_conf_ver_min os_ver_min
21
21
  alias machine_group server_name
22
22
  alias local_master_name comment
23
-
24
- # @return [String]
25
- def protocol_name
26
- 'SMB::Browser::DomainAnnouncement'
27
- end
28
23
  end
29
24
  PacketGen::Header.add_class DomainAnnouncement
30
25
  SMB::Trans::Request.bind DomainAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['DomainAnnouncement'] }
data/lib/packetgen/plugin/smb/browser/host_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -14,6 +14,14 @@ module PacketGen::Plugin
14
14
  # specify the types of resources and services it supports.
15
15
  # @author Sylvain Daubert
16
16
  class HostAnnouncement < Browser
17
+ # @return [String]
18
+ def self.protocol_name
19
+ return @protocol_name if @protocol_name
20
+
21
+ basename = to_s.sub(/^.*::/, '')
22
+ @protocol_name = "SMB::Browser::#{basename}"
23
+ end
24
+
17
25
  remove_field :body
18
26
  update_field :opcode, default: 1
19
27
  # @!attribute update_count
@@ -58,11 +66,6 @@ module PacketGen::Plugin
58
66
  # Null-terminated ASCII string.
59
67
  # @return [String]
60
68
  define_field :comment, PacketGen::Types::CString
61
-
62
- # @return [String]
63
- def protocol_name
64
- 'SMB::Browser::HostAnnouncement'
65
- end
66
69
  end
67
70
  PacketGen::Header.add_class HostAnnouncement
68
71
  SMB::Trans::Request.bind HostAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['HostAnnouncement'] }
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -15,11 +15,6 @@ module PacketGen::Plugin
15
15
  # @author Sylvain Daubert
16
16
  class LocalMasterAnnouncement < HostAnnouncement
17
17
  update_field :opcode, default: 15
18
-
19
- # @return [String]
20
- def protocol_name
21
- 'SMB::Browser::LocalMasterAnnouncement'
22
- end
23
18
  end
24
19
  PacketGen::Header.add_class LocalMasterAnnouncement
25
20
  SMB::Trans::Request.bind LocalMasterAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['LocalMasterAnnouncement'] }
data/lib/packetgen/plugin/smb/close.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Namespace for CLOSE related classes
data/lib/packetgen/plugin/smb/close/request.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  module Close
@@ -36,7 +36,7 @@ module PacketGen::Plugin
36
36
 
37
37
  # Give protocol name for this class
38
38
  # @return [String]
39
- def protocol_name
39
+ def self.protocol_name
40
40
  'SMB::Close::Request'
41
41
  end
42
42
  end
data/lib/packetgen/plugin/smb/close/response.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  module Close
@@ -27,7 +27,7 @@ module PacketGen::Plugin
27
27
 
28
28
  # Give protocol name for this class
29
29
  # @return [String]
30
- def protocol_name
30
+ def self.protocol_name
31
31
  'SMB::Close::Response'
32
32
  end
33
33
  end