packetgen-plugin-smb 0.3.0 → 0.6.2

Sign up to get free protection for your applications and to get access to all the features.
Files changed (57) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/specs.yml +28 -0
  3. data/.rubocop.yml +8 -1
  4. data/Gemfile +15 -3
  5. data/README.md +59 -3
  6. data/Rakefile +10 -4
  7. data/examples/llmnr-responder +110 -0
  8. data/examples/smb-responder +233 -0
  9. data/lib/packetgen-plugin-smb.rb +5 -2
  10. data/lib/packetgen/plugin/gssapi.rb +11 -6
  11. data/lib/packetgen/plugin/llmnr.rb +58 -0
  12. data/lib/packetgen/plugin/netbios.rb +19 -0
  13. data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
  14. data/lib/packetgen/plugin/netbios/name.rb +64 -0
  15. data/lib/packetgen/plugin/netbios/session.rb +72 -0
  16. data/lib/packetgen/plugin/ntlm.rb +211 -0
  17. data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
  18. data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
  19. data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
  20. data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
  21. data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
  22. data/lib/packetgen/plugin/smb.rb +27 -15
  23. data/lib/packetgen/plugin/smb/blocks.rb +2 -4
  24. data/lib/packetgen/plugin/smb/browser.rb +8 -8
  25. data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
  26. data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
  27. data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
  28. data/lib/packetgen/plugin/smb/close.rb +2 -2
  29. data/lib/packetgen/plugin/smb/close/request.rb +3 -3
  30. data/lib/packetgen/plugin/smb/close/response.rb +3 -3
  31. data/lib/packetgen/plugin/smb/filetime.rb +30 -3
  32. data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
  33. data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
  34. data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
  35. data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
  36. data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
  37. data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
  38. data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
  39. data/lib/packetgen/plugin/smb/string.rb +60 -23
  40. data/lib/packetgen/plugin/smb/trans.rb +2 -2
  41. data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
  42. data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
  43. data/lib/packetgen/plugin/smb2.rb +20 -9
  44. data/lib/packetgen/plugin/smb2/base.rb +5 -7
  45. data/lib/packetgen/plugin/smb2/error.rb +3 -4
  46. data/lib/packetgen/plugin/smb2/guid.rb +6 -4
  47. data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
  48. data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
  49. data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
  50. data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
  51. data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
  52. data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
  53. data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
  54. data/lib/packetgen/plugin/smb_version.rb +3 -1
  55. data/packetgen-plugin-smb.gemspec +10 -15
  56. metadata +28 -81
  57. data/.travis.yml +0 -12
data/lib/packetgen/plugin/ntlm/negotiate.rb ADDED
@@ -0,0 +1,127 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is part of packetgen-plugin-smb.
4
+ # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
5
+ # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
6
+ # This program is published under MIT license.
7
+
8
+ module PacketGen::Plugin
9
+ class NTLM
10
+ # NTLM Negotiate message
11
+ # @author Sylvain Daubert
12
+ class Negotiate < NTLM
13
+ # @return [String]
14
+ attr_accessor :domain_name
15
+ # @return [String]
16
+ attr_accessor :workstation
17
+
18
+ update_field :type, default: NTLM::TYPES['negotiate']
19
+ # @!attribute flags
20
+ # Negotiate flags
21
+ # @return [Integer]
22
+
23
+ # @!group Negotiate flags
24
+ # @!attribute nego56?
25
+ # Also known as +flags_w?+.
26
+ # @return [Boolean]
27
+ # @!attribute key_exch?
28
+ # Also known as +flags_v?+
29
+ # @return [Boolean]
30
+ # @!attribute nego128?
31
+ # Also known as +flags_u?+
32
+ # @return [Boolean]
33
+ # @!attribute version?
34
+ # Also known as +flags_t+
35
+ # @return [Integer]
36
+ # @!attribute target_info?
37
+ # Also known as +flags_s?+
38
+ # @return [Boolean]
39
+ # @!attribute non_nt_session_key?
40
+ # Also known as +flags_r?+
41
+ # @return [Boolean]
42
+ # @!attribute identify?
43
+ # Also known as +flags_q+
44
+ # @return [Boolean]
45
+ # @!attribute ext_session_security?
46
+ # Also known as +flags_p?+
47
+ # @return [Boolean]
48
+ # @!attribute target_type_server?
49
+ # Also known as +flags_o?+
50
+ # @return [Boolean]
51
+ # @!attribute target_type_domain?
52
+ # Also known as +flags_n?+
53
+ # @return [Boolean]
54
+ # @!attribute always_sign?
55
+ # Also known as +flags_m?+
56
+ # @return [Boolean]
57
+ # @!attribute oem_workstation_supplied?
58
+ # Also known as +flags_l?+
59
+ # @return [Boolean]
60
+ # @!attribute oem_domain_supplied?
61
+ # Also known as +flags_k?+
62
+ # @return [Boolean]
63
+ # @!attribute anonymous?
64
+ # Also known as +flags_j?+
65
+ # @return [Boolean]
66
+ # @!attribute ntlm?
67
+ # Also known as +flags_h?+
68
+ # @return [Boolean]
69
+ # @!attribute lm_key?
70
+ # Also known as +flags_g?+
71
+ # @return [Boolean]
72
+ # @!attribute datagram?
73
+ # Also known as +flags_f?+
74
+ # @return [Boolean]
75
+ # @!attribute seal?
76
+ # Also known as +flags_e?+
77
+ # @return [Boolean]
78
+ # @!attribute sign?
79
+ # Also known as +flags_d?+
80
+ # @return [Boolean]
81
+ # @!attribute request_target?
82
+ # Also known as +flags_c?+
83
+ # @return [Boolean]
84
+ # @!attribute oem?
85
+ # Also known as +flags_b?+
86
+ # @return [Boolean]
87
+ # @!attribute unicode?
88
+ # Also known as +flags_a?+
89
+ # @return [Boolean]
90
+ define_negotiate_flags
91
+ # @!endgroup Negotiate flags
92
+
93
+ # @!attribute domain_name
94
+ # Name of the client authentication domain. Must be OEM encoded.
95
+ # @return [PacketGen::Types::String]
96
+ # @!attribute domain_name_len
97
+ # 2-byte domain name length
98
+ # @return [Integer]
99
+ # @!attribute domain_name_maxlen
100
+ # 2-byte domain name max length
101
+ # @return [Integer]
102
+ # @!attribute domain_name_offset
103
+ # 4-byte domain name offset
104
+ # @return [Integer]
105
+ define_in_payload :domain_name, PacketGen::Types::String
106
+
107
+ # @!attribute workstation
108
+ # Name of the client machine. Must be OEM encoded.
109
+ # @return [PacketGen::Types::String]
110
+ # @!attribute workstation_len
111
+ # 2-byte workstation length
112
+ # @return [Integer]
113
+ # @!attribute workstation_maxlen
114
+ # 2-byte workstation max length
115
+ # @return [Integer]
116
+ # @!attribute workstation_offset
117
+ # 4-byte workstation offset
118
+ # @return [Integer]
119
+ define_in_payload :workstation, PacketGen::Types::String
120
+
121
+ # @!attribute version
122
+ # 8-byte version information
123
+ # @return [String]
124
+ define_field_before :payload, :version, PacketGen::Types::String, static_length: 8, default: VOID_VERSION
125
+ end
126
+ end
127
+ end
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb ADDED
@@ -0,0 +1,59 @@
1
+ # frozen_string_literal: true
2
+
3
+ # This file is part of packetgen-plugin-smb.
4
+ # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
5
+ # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
6
+ # This program is published under MIT license.
7
+
8
+ module PacketGen::Plugin
9
+ class NTLM
10
+ class Ntlmv2Response < PacketGen::Types::Fields
11
+ # @!attribute response
12
+ # 16-byte array of unsigned char containing the client's NT challenge
13
+ # response.
14
+ # @return [String]
15
+ define_field :response, PacketGen::Types::String, static_length: 16
16
+ alias ntproof_str response
17
+ alias ntproof_str= response=
18
+
19
+ # @!attribute type
20
+ # 8-bit current version of the challenge. Should be 1.
21
+ # @return [Integer]
22
+ define_field :type, PacketGen::Types::Int8, default: 1
23
+ # @!attribute hi_type
24
+ # 8-bit maximum supported version of the challenge. Should be 1.
25
+ # @return [Integer]
26
+ define_field :hi_type, PacketGen::Types::Int8, default: 1
27
+ # @!attribute reserved1
28
+ # 16-bit reserved word.
29
+ # @return [Integer]
30
+ define_field :reserved1, PacketGen::Types::Int16le
31
+ # @!attribute reserved2
32
+ # 32-bit reserved word.
33
+ # @return [Integer]
34
+ define_field :reserved2, PacketGen::Types::Int32le
35
+ # @!attribute timestamp
36
+ # 64-bit current system time.
37
+ # @return [SMB::Filetime]
38
+ define_field :timestamp, SMB::Filetime
39
+ # @!attribute client_challenge
40
+ # 8-byte challenge from client
41
+ # @return [String]
42
+ define_field :client_challenge, PacketGen::Types::String, static_length: 8
43
+ # @!attribute reserved3
44
+ # 32-bit reserved word.
45
+ # @return [Integer]
46
+ define_field :reserved3, PacketGen::Types::Int32le
47
+ # @!attribute avpairs
48
+ # @return [ArrayOfAvPair]
49
+ define_field :avpairs, ArrayOfAvPair
50
+
51
+ # @return [false]
52
+ def empty?
53
+ false
54
+ end
55
+
56
+ alias size sz
57
+ end
58
+ end
59
+ end
data/lib/packetgen/plugin/smb.rb CHANGED
@@ -1,26 +1,26 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  # Server Message Block (SMB) header.
10
10
  # @author Sylvain Daubert
11
11
  class SMB < PacketGen::Header::Base
12
12
  # Known commands
13
13
  COMMANDS = {
14
- 'delete_dir' => 0x01,
15
- 'close' => 0x04,
16
- 'delete' => 0x06,
17
- 'query_info2' => 0x23,
18
- 'trans' => 0x25,
19
- 'echo' => 0x2b,
20
- 'open_and_x' => 0x2d,
21
- 'read_and_x' => 0x2e,
22
- 'write_and_x' => 0x2f,
23
- 'trans2' => 0x32,
14
+ 'delete_dir' => 0x01,
15
+ 'close' => 0x04,
16
+ 'delete' => 0x06,
17
+ 'query_info2' => 0x23,
18
+ 'trans' => 0x25,
19
+ 'echo' => 0x2b,
20
+ 'open_and_x' => 0x2d,
21
+ 'read_and_x' => 0x2e,
22
+ 'write_and_x' => 0x2f,
23
+ 'trans2' => 0x32,
24
24
  'tree_disconnect' => 0x71,
25
25
  'negotiate' => 0x72,
26
26
  'session_setup_and_x' => 0x73,
@@ -171,6 +171,13 @@ module PacketGen::Plugin
171
171
  self.bind kresponse, command: SMB::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 0x80 == 0x80) }
172
172
  end
173
173
 
174
+ # Check if this is really a SMB2 header. Check {#protocol} has value {MARKER}.
175
+ # @return [Boolean]
176
+ def parse?
177
+ protocol == MARKER
178
+ end
179
+
180
+ # @return [String]
174
181
  def inspect
175
182
  super do |attr|
176
183
  case attr
@@ -190,14 +197,19 @@ module PacketGen::Plugin
190
197
  end
191
198
  end
192
199
  PacketGen::Header.add_class SMB
193
- PacketGen::Header::NetBIOS::Session.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
194
- PacketGen::Header::NetBIOS::Datagram.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
200
+ NetBIOS::Session.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
201
+ NetBIOS::Datagram.bind SMB, body: ->(val) { val.nil? ? SMB::MARKER : val[0..3] == SMB::MARKER }
195
202
  end
196
203
 
197
204
  require_relative 'smb/string'
198
205
  require_relative 'smb/filetime'
206
+ require_relative 'smb/blocks'
199
207
  require_relative 'smb/close'
200
208
  require_relative 'smb/trans'
201
209
  require_relative 'smb/nt_create_and_x'
210
+ require_relative 'smb/negotiate'
202
211
  require_relative 'smb/browser'
203
- require_relative 'smb/blocks'
212
+
213
+ # If unknown command, bind SMB blocks
214
+ PacketGen::Header.add_class PacketGen::Plugin::SMB::Blocks
215
+ PacketGen::Plugin::SMB.bind PacketGen::Plugin::SMB::Blocks
data/lib/packetgen/plugin/smb/blocks.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Common blocks used for unsupported SMB messages.
@@ -42,6 +42,4 @@ module PacketGen::Plugin
42
42
  end
43
43
  end
44
44
  end
45
- PacketGen::Header.add_class SMB::Blocks
46
- SMB.bind SMB::Blocks
47
45
  end
data/lib/packetgen/plugin/smb/browser.rb CHANGED
@@ -1,16 +1,22 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Browser Trans sub-protocol.
11
11
  # See subclasses.
12
12
  # @author Sylvain Daubert
13
13
  class Browser < PacketGen::Header::Base
14
+ # Give protocol name for this class
15
+ # @return [String]
16
+ def self.protocol_name
17
+ 'SMB::Browser'
18
+ end
19
+
14
20
  OPCODES = {
15
21
  'HostAnnouncement' => 1,
16
22
  'HostAnnouncementReq' => 2,
@@ -57,12 +63,6 @@ module PacketGen::Plugin
57
63
  end
58
64
  end
59
65
 
60
- # Give protocol name for this class
61
- # @return [String]
62
- def protocol_name
63
- 'SMB::Browser'
64
- end
65
-
66
66
  # Callback called when a Browser header is added to a packet.
67
67
  # Here, add +#smb_browser+ method as a shortcut to existing
68
68
  # +#smb_browser_*+ method.
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -20,11 +20,6 @@ module PacketGen::Plugin
20
20
  alias browser_conf_ver_min os_ver_min
21
21
  alias machine_group server_name
22
22
  alias local_master_name comment
23
-
24
- # @return [String]
25
- def protocol_name
26
- 'SMB::Browser::DomainAnnouncement'
27
- end
28
23
  end
29
24
  PacketGen::Header.add_class DomainAnnouncement
30
25
  SMB::Trans::Request.bind DomainAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['DomainAnnouncement'] }
data/lib/packetgen/plugin/smb/browser/host_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -14,6 +14,14 @@ module PacketGen::Plugin
14
14
  # specify the types of resources and services it supports.
15
15
  # @author Sylvain Daubert
16
16
  class HostAnnouncement < Browser
17
+ # @return [String]
18
+ def self.protocol_name
19
+ return @protocol_name if @protocol_name
20
+
21
+ basename = to_s.sub(/^.*::/, '')
22
+ @protocol_name = "SMB::Browser::#{basename}"
23
+ end
24
+
17
25
  remove_field :body
18
26
  update_field :opcode, default: 1
19
27
  # @!attribute update_count
@@ -58,11 +66,6 @@ module PacketGen::Plugin
58
66
  # Null-terminated ASCII string.
59
67
  # @return [String]
60
68
  define_field :comment, PacketGen::Types::CString
61
-
62
- # @return [String]
63
- def protocol_name
64
- 'SMB::Browser::HostAnnouncement'
65
- end
66
69
  end
67
70
  PacketGen::Header.add_class HostAnnouncement
68
71
  SMB::Trans::Request.bind HostAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['HostAnnouncement'] }
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  class Browser
@@ -15,11 +15,6 @@ module PacketGen::Plugin
15
15
  # @author Sylvain Daubert
16
16
  class LocalMasterAnnouncement < HostAnnouncement
17
17
  update_field :opcode, default: 15
18
-
19
- # @return [String]
20
- def protocol_name
21
- 'SMB::Browser::LocalMasterAnnouncement'
22
- end
23
18
  end
24
19
  PacketGen::Header.add_class LocalMasterAnnouncement
25
20
  SMB::Trans::Request.bind LocalMasterAnnouncement, name: '\\MAILSLOT\\BROWSE', body: ->(v) { v[0] == OPCODES['LocalMasterAnnouncement'] }
data/lib/packetgen/plugin/smb/close.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  # Namespace for CLOSE related classes
data/lib/packetgen/plugin/smb/close/request.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  module Close
@@ -36,7 +36,7 @@ module PacketGen::Plugin
36
36
 
37
37
  # Give protocol name for this class
38
38
  # @return [String]
39
- def protocol_name
39
+ def self.protocol_name
40
40
  'SMB::Close::Request'
41
41
  end
42
42
  end
data/lib/packetgen/plugin/smb/close/response.rb CHANGED
@@ -1,10 +1,10 @@
1
+ # frozen_string_literal: true
2
+
1
3
  # This file is part of packetgen-plugin-smb.
2
4
  # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
3
5
  # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
4
6
  # This program is published under MIT license.
5
7
 
6
- # frozen_string_literal: true
7
-
8
8
  module PacketGen::Plugin
9
9
  class SMB
10
10
  module Close
@@ -27,7 +27,7 @@ module PacketGen::Plugin
27
27
 
28
28
  # Give protocol name for this class
29
29
  # @return [String]
30
- def protocol_name
30
+ def self.protocol_name
31
31
  'SMB::Close::Response'
32
32
  end
33
33
  end