RubyGems - packetgen-plugin-smb - Versions diffs - 0.3.0 → 0.6.2 - Mend

packetgen-plugin-smb 0.3.0 → 0.6.2

Files changed (57) hide show

checksums.yaml +4 -4
data/.github/workflows/specs.yml +28 -0
data/.rubocop.yml +8 -1
data/Gemfile +15 -3
data/README.md +59 -3
data/Rakefile +10 -4
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +5 -2
data/lib/packetgen/plugin/gssapi.rb +11 -6
data/lib/packetgen/plugin/llmnr.rb +58 -0
data/lib/packetgen/plugin/netbios.rb +19 -0
data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
data/lib/packetgen/plugin/netbios/name.rb +64 -0
data/lib/packetgen/plugin/netbios/session.rb +72 -0
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb.rb +27 -15
data/lib/packetgen/plugin/smb/blocks.rb +2 -4
data/lib/packetgen/plugin/smb/browser.rb +8 -8
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/close.rb +2 -2
data/lib/packetgen/plugin/smb/close/request.rb +3 -3
data/lib/packetgen/plugin/smb/close/response.rb +3 -3
data/lib/packetgen/plugin/smb/filetime.rb +30 -3
data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
data/lib/packetgen/plugin/smb/string.rb +60 -23
data/lib/packetgen/plugin/smb/trans.rb +2 -2
data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
data/lib/packetgen/plugin/smb2.rb +20 -9
data/lib/packetgen/plugin/smb2/base.rb +5 -7
data/lib/packetgen/plugin/smb2/error.rb +3 -4
data/lib/packetgen/plugin/smb2/guid.rb +6 -4
data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
data/lib/packetgen/plugin/smb_version.rb +3 -1
data/packetgen-plugin-smb.gemspec +10 -15
metadata +28 -81
data/.travis.yml +0 -12

data/lib/packetgen/plugin/smb2.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   # Server Message Block version 2 and 3 (SMB2) header.
   # @author Sylvain Daubert
@@ -38,6 +38,9 @@ module PacketGen::Plugin
     # SMB2 header size
     HEADER_SIZE = 64
+    # SMB2 pad field at its maximum length
+    MAX_PADDING = [0].pack('q').freeze
     # @!attribute protocol
     #  This field must contain {MARKER SMB2 marker}
     #  @return [String]
@@ -81,7 +84,7 @@ module PacketGen::Plugin
     #  64-bit unique ID that is created by the server to handle operations
     #  asynchronously. Only present for asynchronous messages.
     #  @return [Integer]
-    define_field :async_id, PacketGen::Types::Int64le, optional: ->(h) { h.flags & 2  == 2}
+    define_field :async_id, PacketGen::Types::Int64le, optional: ->(h) { h.flags & 2 == 2 }
     # @!attribute reserved
     #  32-bit reserved field.
     #  Only present for synchronous messages.
@@ -145,7 +148,19 @@ module PacketGen::Plugin
       PacketGen::Header.add_class krequest
       self.bind krequest, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1).zero? }
       PacketGen::Header.add_class kresponse
-      self.bind kresponse, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1 == 1) }
+      self.bind kresponse, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 1 : (v & 1 == 1) }
+    end
+    # Invert {#flags_response?}
+    # @return [self]
+    def reply!
+      self.flags_response = !flags_response?
+    end
+    # Check if this is really a SMB2 header. Check {#protocol} has value {MARKER}.
+    # @return [Boolean]
+    def parse?
+      protocol == MARKER
     end
     # @return [String]
@@ -166,13 +181,9 @@ module PacketGen::Plugin
       end
     end
   end
-  # TODO: move this in netbios file when packetgen3 will be out
-  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, dport: 445
-  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, sport: 445
   PacketGen::Header.add_class SMB2
-  PacketGen::Header::NetBIOS::Session.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
-  PacketGen::Header::NetBIOS::Datagram.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
+  NetBIOS::Session.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
 end
 require_relative 'smb2/base'

data/lib/packetgen/plugin/smb2/base.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin
@@ -19,13 +19,11 @@ module PacketGen::Plugin
       def self.define_smb2_pad_field(name)
         prev_field = self.fields.last
         lf = lambda do |hdr|
-          len = 8 - (hdr.offset_of(prev_field) + hdr[prev_field].sz) % 8
-          len = 0 if len == 8
-          len
+          (8 - (hdr.offset_of(prev_field) + hdr[prev_field].sz) % 8) % 8
         end
-        define_field name, PacketGen::Types::String, default: [0].pack('q').freeze,
+        define_field name, PacketGen::Types::String, default: SMB2::MAX_PADDING,
                      builder: ->(h, t) { t.new(length_from: -> { lf[h] }) }
       end
     end
   end
-end
+end

data/lib/packetgen/plugin/smb2/error.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     # SMB2 Error response structure
@@ -45,6 +45,5 @@ module PacketGen::Plugin
     end
   end
   PacketGen::Header.add_class SMB2::ErrorResponse
-  SMB2.bind SMB2::ErrorResponse, status: ->(v) { v > 0 }
+  SMB2.bind SMB2::ErrorResponse, status: ->(v) { v.positive? }
 end

data/lib/packetgen/plugin/smb2/guid.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     # GUID, also known as UUID, is a 16-byte structure, intended to serve
@@ -22,6 +22,8 @@ module PacketGen::Plugin
     #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     # @author Sylvain Daubert
     class GUID < PacketGen::Types::Fields
+      include PacketGen::Types::Fieldable
       # @!attribute data1
       #  32-bit little-endian data1
       #  @return [Integer]
@@ -52,7 +54,8 @@ module PacketGen::Plugin
       # @param [String] guid
       # @return [self]
       def from_human(guid)
-        return self
+        return self if guid.nil? || guid.empty?
         values = guid.split('-')
         return self if values.size != 5
@@ -65,4 +68,3 @@ module PacketGen::Plugin
     end
   end
 end

data/lib/packetgen/plugin/smb2/negotiate.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin

data/lib/packetgen/plugin/smb2/negotiate/context.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -47,31 +47,11 @@ module PacketGen::Plugin
         # @!attribute pad
         #  Padding to align next context on a 8-byte offset
         #  @return [String]
-        define_field :pad, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:data) + h.data_length) % 8; v == 8 ? 0 : v }) }
+        define_field :pad, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { 8 - (h.offset_of(:data) + h.data_length) % 8 }) }
         # @private
         alias old_read read
-        # Populate object from a binary string
-        # @param [String] str
-        # @return [Context]
-        def read(str)
-          return self if str.nil?
-          if self.instance_of? Context
-            self[:type].read str[0, 2]
-            name = TYPES.key(type)
-            return old_read(str) if name.nil?
-            klassname = name.downcase.capitalize.gsub(/_(\w)/) { $1.upcase }
-            return old_read(str) unless Negotiate.const_defined? klassname
-            klass = Negotiate.const_get(klassname)
-            klass.new.read str
-          else
-            old_read str
-          end
-        end
         # Get human-readable type
         # @return [String]
         def human_type
@@ -83,8 +63,16 @@ module PacketGen::Plugin
         def to_human
           human_type
         end
+        # Set {#data_length} field
+        # @return [Integer]
+        def calc_length
+          self[:pad].read SMB2::MAX_PADDING
+          self.data_length = sz - self[:pad].sz - 8
+        end
       end
+      # Specialized {Context} for PREAUTH_INTEGRITY_CAP type.
       class PreauthIntegrityCap < Context
         remove_field :data
         # @!attribute hash_alg_count
@@ -104,9 +92,10 @@ module PacketGen::Plugin
         #  Salt value for hash
         #  @return [String]
         define_field_before :pad, :salt, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: h[:salt_length]) }
-        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:salt) + h.salt_length) % 8; v == 8 ? 0 : v }) }
+        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { (8 - (h.offset_of(:salt) + h.salt_length) % 8) % 8 }) }
       end
+      # Specialized {Context} for ENCRYPTION_CAP type.
       class EncryptionCap < Context
         remove_field :data
         # @!attribute cipher_count
@@ -117,15 +106,27 @@ module PacketGen::Plugin
         #  Array of 16-bit integer IDs specifying the supported encryption
         #  algorithms
         #  @return [PacketGen::Types::ArrayOfInt16le]
-        define_field_before :pad, :ciphers, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:hash_alg_count]) }
-        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:cipher_count) + h[:cipher_count].sz) % 8; v == 8 ? 0 : v }) }
+        define_field_before :pad, :ciphers, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:cipher_count]) }
+        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { (8 - (h.offset_of(:cipher_count) + h[:cipher_count].sz) % 8) % 8 }) }
       end
       # Array of {Context}
       # @author Sylvain Daubert
       class ArrayOfContext < PacketGen::Types::Array
         set_of Context
+        private
+        def real_type(ctx)
+          name = Context::TYPES.key(ctx.type).to_s
+          klassname = name.downcase.capitalize.gsub(/_(\w)/) { $1.upcase }
+          if !klassname.empty? && Negotiate.const_defined?(klassname)
+            Negotiate.const_get(klassname)
+          else
+            ctx.class
+          end
+        end
       end
     end
   end
-end
+end

data/lib/packetgen/plugin/smb2/negotiate/request.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -48,7 +48,7 @@ module PacketGen::Plugin
         SECURITY_MODES = {
           'signing_enabled' => 1,
           'signing required' => 2
-        }
+        }.freeze
         # @!attribute structure_size
         #  16-bit negotiate request structure size. Should be 36.
@@ -124,6 +124,12 @@ module PacketGen::Plugin
         #  @return [ArrayOfContext]
         define_field :context_list, ArrayOfContext, builder: ->(h, t) { t.new(counter: h[:context_count]) }
+        # Protocol name
+        # @return [String]
+        def self.protocol_name
+          'SMB2::Negotiate::Request'
+        end
         # @return [String]
         def inspect
           super do |attr|
@@ -140,7 +146,7 @@ module PacketGen::Plugin
               str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
                                                      attr, value]
             when :dialects
-              list = self.dialects.map { |v| "%#04x" % v.to_i }.join(',')
+              list = self.dialects.map { |v| '%#x' % v.to_i }.join(',')
               str = PacketGen::Inspect.shift_level
               str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
                                                      attr, list]
@@ -148,17 +154,15 @@ module PacketGen::Plugin
           end
         end
-        # Calculate and set {#context_offset} field. Also calculate
-        # lengths in {Context contexts}.
+        # Calculate and set {#context_offset} and {#pad} fields.
+        # Also calculate lengths in {Context contexts}.
         # @return [Integer]
         def calc_length
-          self.context_offset = SMB2.new.sz + offset_of(:context_list)
-        end
+          self[:pad].read SMB2::MAX_PADDING
-        # Protocol name
-        # @return [String]
-        def protocol_name
-          'SMB2::Negotiate::Request'
+          self.context_offset = 0
+          self.context_offset = SMB2::HEADER_SIZE + offset_of(:context_list) unless context_list.empty?
+          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
         end
       end
     end

data/lib/packetgen/plugin/smb2/negotiate/response.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -140,10 +140,11 @@ module PacketGen::Plugin
         define_field :context_offset, PacketGen::Types::Int32le
         # @!attribute buffer
         #  @return [GSSAPI]
-        define_field :buffer, GSSAPI, token: :init
+        define_field :buffer, GSSAPI, token: :init, optional: ->(h) { h.buffer_offset.positive? }
         # @!attribute pad
         #  Optional padding between the end of the {#buffer} field and the first negotiate
-        #  context in {#context_list} so that the first negotiate context is 8-byte aligned.
+        #  context in {#context_list} so that the first negotiate context is 8-byte aligned
+        # with start of SMB2 header.
         #  @return [String]
         define_smb2_pad_field :pad
         # @!attribute context_list
@@ -152,10 +153,17 @@ module PacketGen::Plugin
         #  @return [ArrayOfContext]
         define_field :context_list, ArrayOfContext, builder: ->(h, t) { t.new(counter: h[:context_count]) }
+        # Protocol name
+        # @return [String]
+        def self.protocol_name
+          'SMB2::Negotiate::Response'
+        end
         # @return [String]
         def inspect
           super do |attr|
             next unless attr == :capabilities
             value = bits_on(attr).reject { |_, v| v > 1 }
                                  .keys
                                  .select { |b| send("#{b}?") }
@@ -169,20 +177,23 @@ module PacketGen::Plugin
           end
         end
-        # Calculate and set {#context_offset}, {#buffer_offset} and {#buffer_length} fields.
+        # Calculate and set {#context_offset}, {#buffer_offset}, {#buffer_length} and
+        # {#pad} fields.
         # Also calculate lengths in {Context contexts}.
         # @return [void]
         def calc_length
-          self.context_offset = SMB2.new.sz + offset_of(:context_list)
-          self.buffer_offset = SMB2.new.sz + offset_of(:buffer)
-          self.buffer_length = buffer.sz
-          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
-        end
+          self[:pad].read SMB2::MAX_PADDING
-        # Protocol name
-        # @return [String]
-        def protocol_name
-          'SMB2::Negotiate::Response'
+          self.buffer_length = self[:buffer].sz
+          self.buffer_offset = if self.buffer_length.zero?
+                                 0
+                               else
+                                 SMB2::HEADER_SIZE + offset_of(:buffer)
+                               end
+          self.context_offset = 0
+          self.context_offset = SMB2::HEADER_SIZE + offset_of(:context_list) unless context_list.empty?
+          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
         end
       end
     end

data/lib/packetgen/plugin/smb2/session_setup.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin

data/lib/packetgen/plugin/smb2/session_setup/request.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module SessionSetup
@@ -79,20 +79,25 @@ module PacketGen::Plugin
         define_field :prev_session_id, PacketGen::Types::Int64le
         # @!attribute buffer
         #  @return [GSSAPI]
-        define_field :buffer, GSSAPI, token: :response
+        define_field :buffer, GSSAPI, token: :response, optional: ->(h) { h.buffer_offset.positive? }
-        # Calculate and set {#buffer_length} field.
+        # Calculate and set {#buffer_length} and {#buffer_offset} fields.
         # @return [void]
         def calc_length
-          self.buffer_length = buffer.sz
+          self.buffer_length = self[:buffer].sz
+          self.buffer_offset = if self.buffer_length.zero?
+                                 0
+                               else
+                                 SMB2.new.sz + offset_of(:buffer)
+                               end
         end
         # Protocol name
         # @return [String]
-        def protocol_name
+        def self.protocol_name
           'SMB2::SessionSetup::Request'
         end
       end
     end
   end
-end
+end