RubyGems - packetgen-plugin-smb - Versions diffs - 0.3.0 → 0.6.2 - Mend

packetgen-plugin-smb 0.3.0 → 0.6.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (57) hide show

checksums.yaml +4 -4
data/.github/workflows/specs.yml +28 -0
data/.rubocop.yml +8 -1
data/Gemfile +15 -3
data/README.md +59 -3
data/Rakefile +10 -4
data/examples/llmnr-responder +110 -0
data/examples/smb-responder +233 -0
data/lib/packetgen-plugin-smb.rb +5 -2
data/lib/packetgen/plugin/gssapi.rb +11 -6
data/lib/packetgen/plugin/llmnr.rb +58 -0
data/lib/packetgen/plugin/netbios.rb +19 -0
data/lib/packetgen/plugin/netbios/datagram.rb +108 -0
data/lib/packetgen/plugin/netbios/name.rb +64 -0
data/lib/packetgen/plugin/netbios/session.rb +72 -0
data/lib/packetgen/plugin/ntlm.rb +211 -0
data/lib/packetgen/plugin/ntlm/authenticate.rb +197 -0
data/lib/packetgen/plugin/ntlm/av_pair.rb +115 -0
data/lib/packetgen/plugin/ntlm/challenge.rb +140 -0
data/lib/packetgen/plugin/ntlm/negotiate.rb +127 -0
data/lib/packetgen/plugin/ntlm/ntlmv2_response.rb +59 -0
data/lib/packetgen/plugin/smb.rb +27 -15
data/lib/packetgen/plugin/smb/blocks.rb +2 -4
data/lib/packetgen/plugin/smb/browser.rb +8 -8
data/lib/packetgen/plugin/smb/browser/domain_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/browser/host_announcement.rb +10 -7
data/lib/packetgen/plugin/smb/browser/local_master_announcement.rb +2 -7
data/lib/packetgen/plugin/smb/close.rb +2 -2
data/lib/packetgen/plugin/smb/close/request.rb +3 -3
data/lib/packetgen/plugin/smb/close/response.rb +3 -3
data/lib/packetgen/plugin/smb/filetime.rb +30 -3
data/lib/packetgen/plugin/smb/negotiate.rb +20 -0
data/lib/packetgen/plugin/smb/negotiate/dialect.rb +39 -0
data/lib/packetgen/plugin/smb/negotiate/request.rb +35 -0
data/lib/packetgen/plugin/smb/negotiate/response.rb +29 -0
data/lib/packetgen/plugin/smb/nt_create_and_x.rb +2 -2
data/lib/packetgen/plugin/smb/ntcreateandx/request.rb +5 -5
data/lib/packetgen/plugin/smb/ntcreateandx/response.rb +3 -3
data/lib/packetgen/plugin/smb/string.rb +60 -23
data/lib/packetgen/plugin/smb/trans.rb +2 -2
data/lib/packetgen/plugin/smb/trans/request.rb +4 -4
data/lib/packetgen/plugin/smb/trans/response.rb +3 -3
data/lib/packetgen/plugin/smb2.rb +20 -9
data/lib/packetgen/plugin/smb2/base.rb +5 -7
data/lib/packetgen/plugin/smb2/error.rb +3 -4
data/lib/packetgen/plugin/smb2/guid.rb +6 -4
data/lib/packetgen/plugin/smb2/negotiate.rb +2 -2
data/lib/packetgen/plugin/smb2/negotiate/context.rb +28 -27
data/lib/packetgen/plugin/smb2/negotiate/request.rb +16 -12
data/lib/packetgen/plugin/smb2/negotiate/response.rb +25 -14
data/lib/packetgen/plugin/smb2/session_setup.rb +2 -2
data/lib/packetgen/plugin/smb2/session_setup/request.rb +12 -7
data/lib/packetgen/plugin/smb2/session_setup/response.rb +13 -8
data/lib/packetgen/plugin/smb_version.rb +3 -1
data/packetgen-plugin-smb.gemspec +10 -15
metadata +28 -81
data/.travis.yml +0 -12

data/lib/packetgen/plugin/smb2.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   # Server Message Block version 2 and 3 (SMB2) header.
   # @author Sylvain Daubert
@@ -38,6 +38,9 @@ module PacketGen::Plugin
     # SMB2 header size
     HEADER_SIZE = 64
+    # SMB2 pad field at its maximum length
+    MAX_PADDING = [0].pack('q').freeze
     # @!attribute protocol
     #  This field must contain {MARKER SMB2 marker}
     #  @return [String]
@@ -81,7 +84,7 @@ module PacketGen::Plugin
     #  64-bit unique ID that is created by the server to handle operations
     #  asynchronously. Only present for asynchronous messages.
     #  @return [Integer]
-    define_field :async_id, PacketGen::Types::Int64le, optional: ->(h) { h.flags & 2  == 2}
+    define_field :async_id, PacketGen::Types::Int64le, optional: ->(h) { h.flags & 2 == 2 }
     # @!attribute reserved
     #  32-bit reserved field.
     #  Only present for synchronous messages.
@@ -145,7 +148,19 @@ module PacketGen::Plugin
       PacketGen::Header.add_class krequest
       self.bind krequest, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1).zero? }
       PacketGen::Header.add_class kresponse
-      self.bind kresponse, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 0 : (v & 1 == 1) }
+      self.bind kresponse, command: SMB2::COMMANDS[command], flags: ->(v) { v.nil? ? 1 : (v & 1 == 1) }
+    end
+    # Invert {#flags_response?}
+    # @return [self]
+    def reply!
+      self.flags_response = !flags_response?
+    end
+    # Check if this is really a SMB2 header. Check {#protocol} has value {MARKER}.
+    # @return [Boolean]
+    def parse?
+      protocol == MARKER
     end
     # @return [String]
@@ -166,13 +181,9 @@ module PacketGen::Plugin
       end
     end
   end
-  # TODO: move this in netbios file when packetgen3 will be out
-  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, dport: 445
-  PacketGen::Header::TCP.bind PacketGen::Header::NetBIOS::Session, sport: 445
   PacketGen::Header.add_class SMB2
-  PacketGen::Header::NetBIOS::Session.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
-  PacketGen::Header::NetBIOS::Datagram.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
+  NetBIOS::Session.bind SMB2, body: ->(val) { val.nil? ? SMB2::MARKER : val[0..3] == SMB2::MARKER }
 end
 require_relative 'smb2/base'

data/lib/packetgen/plugin/smb2/base.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin
@@ -19,13 +19,11 @@ module PacketGen::Plugin
       def self.define_smb2_pad_field(name)
         prev_field = self.fields.last
         lf = lambda do |hdr|
-          len = 8 - (hdr.offset_of(prev_field) + hdr[prev_field].sz) % 8
-          len = 0 if len == 8
-          len
+          (8 - (hdr.offset_of(prev_field) + hdr[prev_field].sz) % 8) % 8
         end
-        define_field name, PacketGen::Types::String, default: [0].pack('q').freeze,
+        define_field name, PacketGen::Types::String, default: SMB2::MAX_PADDING,
                      builder: ->(h, t) { t.new(length_from: -> { lf[h] }) }
       end
     end
   end
-end
+end

data/lib/packetgen/plugin/smb2/error.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     # SMB2 Error response structure
@@ -45,6 +45,5 @@ module PacketGen::Plugin
     end
   end
   PacketGen::Header.add_class SMB2::ErrorResponse
-  SMB2.bind SMB2::ErrorResponse, status: ->(v) { v > 0 }
+  SMB2.bind SMB2::ErrorResponse, status: ->(v) { v.positive? }
 end

data/lib/packetgen/plugin/smb2/guid.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     # GUID, also known as UUID, is a 16-byte structure, intended to serve
@@ -22,6 +22,8 @@ module PacketGen::Plugin
     #   +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
     # @author Sylvain Daubert
     class GUID < PacketGen::Types::Fields
+      include PacketGen::Types::Fieldable
       # @!attribute data1
       #  32-bit little-endian data1
       #  @return [Integer]
@@ -52,7 +54,8 @@ module PacketGen::Plugin
       # @param [String] guid
       # @return [self]
       def from_human(guid)
-        return self
+        return self if guid.nil? || guid.empty?
         values = guid.split('-')
         return self if values.size != 5
@@ -65,4 +68,3 @@ module PacketGen::Plugin
     end
   end
 end

data/lib/packetgen/plugin/smb2/negotiate.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin

data/lib/packetgen/plugin/smb2/negotiate/context.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -47,31 +47,11 @@ module PacketGen::Plugin
         # @!attribute pad
         #  Padding to align next context on a 8-byte offset
         #  @return [String]
-        define_field :pad, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:data) + h.data_length) % 8; v == 8 ? 0 : v }) }
+        define_field :pad, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: -> { 8 - (h.offset_of(:data) + h.data_length) % 8 }) }
         # @private
         alias old_read read
-        # Populate object from a binary string
-        # @param [String] str
-        # @return [Context]
-        def read(str)
-          return self if str.nil?
-          if self.instance_of? Context
-            self[:type].read str[0, 2]
-            name = TYPES.key(type)
-            return old_read(str) if name.nil?
-            klassname = name.downcase.capitalize.gsub(/_(\w)/) { $1.upcase }
-            return old_read(str) unless Negotiate.const_defined? klassname
-            klass = Negotiate.const_get(klassname)
-            klass.new.read str
-          else
-            old_read str
-          end
-        end
         # Get human-readable type
         # @return [String]
         def human_type
@@ -83,8 +63,16 @@ module PacketGen::Plugin
         def to_human
           human_type
         end
+        # Set {#data_length} field
+        # @return [Integer]
+        def calc_length
+          self[:pad].read SMB2::MAX_PADDING
+          self.data_length = sz - self[:pad].sz - 8
+        end
       end
+      # Specialized {Context} for PREAUTH_INTEGRITY_CAP type.
       class PreauthIntegrityCap < Context
         remove_field :data
         # @!attribute hash_alg_count
@@ -104,9 +92,10 @@ module PacketGen::Plugin
         #  Salt value for hash
         #  @return [String]
         define_field_before :pad, :salt, PacketGen::Types::String, builder: ->(h, t) { t.new(length_from: h[:salt_length]) }
-        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:salt) + h.salt_length) % 8; v == 8 ? 0 : v }) }
+        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { (8 - (h.offset_of(:salt) + h.salt_length) % 8) % 8 }) }
       end
+      # Specialized {Context} for ENCRYPTION_CAP type.
       class EncryptionCap < Context
         remove_field :data
         # @!attribute cipher_count
@@ -117,15 +106,27 @@ module PacketGen::Plugin
         #  Array of 16-bit integer IDs specifying the supported encryption
         #  algorithms
         #  @return [PacketGen::Types::ArrayOfInt16le]
-        define_field_before :pad, :ciphers, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:hash_alg_count]) }
-        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { v = 8 - (h.offset_of(:cipher_count) + h[:cipher_count].sz) % 8; v == 8 ? 0 : v }) }
+        define_field_before :pad, :ciphers, PacketGen::Types::ArrayOfInt16le, builder: ->(h, t) { t.new(counter: h[:cipher_count]) }
+        update_field :pad, builder: ->(h, t) { t.new(length_from: -> { (8 - (h.offset_of(:cipher_count) + h[:cipher_count].sz) % 8) % 8 }) }
       end
       # Array of {Context}
       # @author Sylvain Daubert
       class ArrayOfContext < PacketGen::Types::Array
         set_of Context
+        private
+        def real_type(ctx)
+          name = Context::TYPES.key(ctx.type).to_s
+          klassname = name.downcase.capitalize.gsub(/_(\w)/) { $1.upcase }
+          if !klassname.empty? && Negotiate.const_defined?(klassname)
+            Negotiate.const_get(klassname)
+          else
+            ctx.class
+          end
+        end
       end
     end
   end
-end
+end

data/lib/packetgen/plugin/smb2/negotiate/request.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -48,7 +48,7 @@ module PacketGen::Plugin
         SECURITY_MODES = {
           'signing_enabled' => 1,
           'signing required' => 2
-        }
+        }.freeze
         # @!attribute structure_size
         #  16-bit negotiate request structure size. Should be 36.
@@ -124,6 +124,12 @@ module PacketGen::Plugin
         #  @return [ArrayOfContext]
         define_field :context_list, ArrayOfContext, builder: ->(h, t) { t.new(counter: h[:context_count]) }
+        # Protocol name
+        # @return [String]
+        def self.protocol_name
+          'SMB2::Negotiate::Request'
+        end
         # @return [String]
         def inspect
           super do |attr|
@@ -140,7 +146,7 @@ module PacketGen::Plugin
               str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
                                                      attr, value]
             when :dialects
-              list = self.dialects.map { |v| "%#04x" % v.to_i }.join(',')
+              list = self.dialects.map { |v| '%#x' % v.to_i }.join(',')
               str = PacketGen::Inspect.shift_level
               str << PacketGen::Inspect::FMT_ATTR % [self[attr].class.to_s.sub(/.*::/, ''),
                                                      attr, list]
@@ -148,17 +154,15 @@ module PacketGen::Plugin
           end
         end
-        # Calculate and set {#context_offset} field. Also calculate
-        # lengths in {Context contexts}.
+        # Calculate and set {#context_offset} and {#pad} fields.
+        # Also calculate lengths in {Context contexts}.
         # @return [Integer]
         def calc_length
-          self.context_offset = SMB2.new.sz + offset_of(:context_list)
-        end
+          self[:pad].read SMB2::MAX_PADDING
-        # Protocol name
-        # @return [String]
-        def protocol_name
-          'SMB2::Negotiate::Request'
+          self.context_offset = 0
+          self.context_offset = SMB2::HEADER_SIZE + offset_of(:context_list) unless context_list.empty?
+          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
         end
       end
     end

data/lib/packetgen/plugin/smb2/negotiate/response.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module Negotiate
@@ -140,10 +140,11 @@ module PacketGen::Plugin
         define_field :context_offset, PacketGen::Types::Int32le
         # @!attribute buffer
         #  @return [GSSAPI]
-        define_field :buffer, GSSAPI, token: :init
+        define_field :buffer, GSSAPI, token: :init, optional: ->(h) { h.buffer_offset.positive? }
         # @!attribute pad
         #  Optional padding between the end of the {#buffer} field and the first negotiate
-        #  context in {#context_list} so that the first negotiate context is 8-byte aligned.
+        #  context in {#context_list} so that the first negotiate context is 8-byte aligned
+        # with start of SMB2 header.
         #  @return [String]
         define_smb2_pad_field :pad
         # @!attribute context_list
@@ -152,10 +153,17 @@ module PacketGen::Plugin
         #  @return [ArrayOfContext]
         define_field :context_list, ArrayOfContext, builder: ->(h, t) { t.new(counter: h[:context_count]) }
+        # Protocol name
+        # @return [String]
+        def self.protocol_name
+          'SMB2::Negotiate::Response'
+        end
         # @return [String]
         def inspect
           super do |attr|
             next unless attr == :capabilities
             value = bits_on(attr).reject { |_, v| v > 1 }
                                  .keys
                                  .select { |b| send("#{b}?") }
@@ -169,20 +177,23 @@ module PacketGen::Plugin
           end
         end
-        # Calculate and set {#context_offset}, {#buffer_offset} and {#buffer_length} fields.
+        # Calculate and set {#context_offset}, {#buffer_offset}, {#buffer_length} and
+        # {#pad} fields.
         # Also calculate lengths in {Context contexts}.
         # @return [void]
         def calc_length
-          self.context_offset = SMB2.new.sz + offset_of(:context_list)
-          self.buffer_offset = SMB2.new.sz + offset_of(:buffer)
-          self.buffer_length = buffer.sz
-          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
-        end
+          self[:pad].read SMB2::MAX_PADDING
-        # Protocol name
-        # @return [String]
-        def protocol_name
-          'SMB2::Negotiate::Response'
+          self.buffer_length = self[:buffer].sz
+          self.buffer_offset = if self.buffer_length.zero?
+                                 0
+                               else
+                                 SMB2::HEADER_SIZE + offset_of(:buffer)
+                               end
+          self.context_offset = 0
+          self.context_offset = SMB2::HEADER_SIZE + offset_of(:context_list) unless context_list.empty?
+          context_list.each { |ctx| ctx.calc_length if ctx.respond_to? :calc_length }
         end
       end
     end

data/lib/packetgen/plugin/smb2/session_setup.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 require_relative 'guid'
 module PacketGen::Plugin

data/lib/packetgen/plugin/smb2/session_setup/request.rb CHANGED

@@ -1,10 +1,10 @@
+# frozen_string_literal: true
 # This file is part of packetgen-plugin-smb.
 # See https://github.com/sdaubert/packetgen-plugin-smb for more informations
 # Copyright (C) 2018 Sylvain Daubert <sylvain.daubert@laposte.net>
 # This program is published under MIT license.
-# frozen_string_literal: true
 module PacketGen::Plugin
   class SMB2
     module SessionSetup
@@ -79,20 +79,25 @@ module PacketGen::Plugin
         define_field :prev_session_id, PacketGen::Types::Int64le
         # @!attribute buffer
         #  @return [GSSAPI]
-        define_field :buffer, GSSAPI, token: :response
+        define_field :buffer, GSSAPI, token: :response, optional: ->(h) { h.buffer_offset.positive? }
-        # Calculate and set {#buffer_length} field.
+        # Calculate and set {#buffer_length} and {#buffer_offset} fields.
         # @return [void]
         def calc_length
-          self.buffer_length = buffer.sz
+          self.buffer_length = self[:buffer].sz
+          self.buffer_offset = if self.buffer_length.zero?
+                                 0
+                               else
+                                 SMB2.new.sz + offset_of(:buffer)
+                               end
         end
         # Protocol name
         # @return [String]
-        def protocol_name
+        def self.protocol_name
           'SMB2::SessionSetup::Request'
         end
       end
     end
   end
-end
+end