ruby_smb 0.0.18 → 0.0.19

data/lib/ruby_smb/client/tree_connect.rb

@@ -1,10 +1,8 @@
 module RubySMB
   class Client
-
     # This module contains all of the methods for a client to connect to a
     # remote share or named pipe.
     module TreeConnect
-
       #
       # SMB 1 Methods
       #
@@ -16,7 +14,7 @@ module RubySMB
       # @return [RubySMB::SMB1::Tree] the connected Tree
       def smb1_tree_connect(share)
         request = RubySMB::SMB1::Packet::TreeConnectRequest.new
-        request.smb_header.tid = 65535
+        request.smb_header.tid = 65_535
         request.data_block.path = share
         raw_response = send_recv(request)
         begin
@@ -32,9 +30,9 @@ module RubySMB
       # @param share [String] the share path to connect to
       # @param response [RubySMB::SMB1::Packet::TreeConnectResponse] the response packet to parse into our Tree
       # @return [RubySMB::SMB1::Tree]
-      def smb1_tree_from_response(share,response)
+      def smb1_tree_from_response(share, response)
         unless response.smb_header.command == RubySMB::SMB1::Commands::SMB_COM_TREE_CONNECT
-          raise RubySMB::Error::InvalidPacket, "Not a TreeConnectResponse"
+          raise RubySMB::Error::InvalidPacket, 'Not a TreeConnectResponse'
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
           raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
@@ -43,7 +41,7 @@ module RubySMB
       end
 
       #
-      # SMB2 Methods
+      # SMB 2 Methods
       #
 
       # Sends a request to connect to a remote Tree and returns the
@@ -53,7 +51,7 @@ module RubySMB
       # @return [RubySMB::SMB2::Tree] the connected Tree
       def smb2_tree_connect(share)
         request = RubySMB::SMB2::Packet::TreeConnectRequest.new
-        request.smb2_header.tree_id = 65535
+        request.smb2_header.tree_id = 65_535
         request.encode_path(share)
         raw_response = send_recv(request)
         begin
@@ -69,18 +67,15 @@ module RubySMB
       # @param share [String] the share path to connect to
       # @param response [RubySMB::SMB2::Packet::TreeConnectResponse] the response packet to parse into our Tree
       # @return [RubySMB::SMB2::Tree]
-      def smb2_tree_from_response(share,response)
+      def smb2_tree_from_response(share, response)
         unless response.smb2_header.command == RubySMB::SMB2::Commands::TREE_CONNECT
-          raise RubySMB::Error::InvalidPacket, "Not a TreeConnectResponse"
+          raise RubySMB::Error::InvalidPacket, 'Not a TreeConnectResponse'
         end
         unless response.status_code == WindowsError::NTStatus::STATUS_SUCCESS
           raise RubySMB::Error::UnexpectedStatusCode, response.status_code.name
         end
         RubySMB::SMB2::Tree.new(client: self, share: share, response: response)
       end
-
     end
-
-
   end
-end
+end

data/lib/ruby_smb/client/utils.rb

@@ -0,0 +1,79 @@
+module RubySMB
+  class Client    # This module holds all of the methods backing the {RubySMB::Client#open_file} method
+    module Utils
+
+      attr_accessor :tree_connects
+      attr_accessor :open_files
+      
+      attr_accessor :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm, :spnopt
+      attr_accessor :evasion_opts
+      
+      attr_accessor :native_os, :native_lm, :verify_signature, :auth_user
+      
+      attr_accessor :last_file_id
+
+      def last_tree
+        @tree_connects.last
+      end
+
+      def last_file
+        @open_files[@last_file_id]
+      end
+
+      def last_tree_id
+        last_tree.id
+      end
+
+      def open(path, disposition=RubySMB::Dispositions::FILE_OPEN, access, write: false, read: true)
+         file = last_tree.open_file(filename: path, write: write, read: read, disposition: disposition)
+         @last_file_id = if file.respond_to?(:guid)
+           file.guid.to_binary_s
+         elsif file.respond_to?(:fid)
+           file.fid.to_binary_s
+         end
+         @open_files[@last_file_id] = file
+      end
+
+      def create_pipe(path, disposition=RubySMB::Dispositions::FILE_OPEN_IF, impersonation)
+        open(path.gsub(/\\/, ''), disposition, nil, write: true, read: true)
+      end
+      
+      #Writes data to an open file handle
+      def write(file_id, offset = 0, data = '', do_recv = true)
+        @open_files[file_id].send_recv_write(data: data, offset: offset)
+      end
+
+      def read(file_id, offset = 0, length = last_file.size_on_disk)
+        offset = 0
+        length = last_file.size_on_disk
+        data = @open_files[file_id].send_recv_read(read_length: length, offset: offset)
+        data.bytes
+      end
+
+      def close(file_id, tree_id)
+       @open_files[file_id.to_binary_s].close
+      end
+
+      def tree_disconnect(share)
+       @tree_connects.detect{|tree| tree.id == share }.disconnect!
+      end
+      
+      def native_os
+        @peer_native
+      end
+    
+      def native_lm
+        @native_lm
+      end
+    
+      def verify_signature
+        @signing_required
+      end
+    
+      def auth_user
+        @username
+      end
+      
+    end
+  end
+end

data/lib/ruby_smb/dcerpc.rb

@@ -0,0 +1,30 @@
+module RubySMB
+  # DCERPC PDU's
+  # http://pubs.opengroup.org/onlinepubs/9629399/
+  module Dcerpc
+
+    class PduHeader < BinData::Record
+      endian :little
+
+      #common fields
+      uint8 :rpc_vers # 00:01 RPC version
+      uint8 :rpc_vers_minor # 01:01 minor version
+      uint8 :ptype # 02:01 request PDU
+      uint8 :pfc_flags # 03:01 flags
+
+      uint32 :packed_drep # 04:04 NDR data rep format label
+
+      uint16 :frag_length # 08:02 total length of fragment
+      uint16 :auth_length # 10:02 length of auth_value
+      uint32 :call_id # 12:04 call identifier
+    end
+
+    require 'ruby_smb/dcerpc/uuid'
+    require 'ruby_smb/dcerpc/ndr'
+    require 'ruby_smb/dcerpc/request'
+    require 'ruby_smb/dcerpc/response'
+    require 'ruby_smb/dcerpc/handle'
+    require 'ruby_smb/dcerpc/srvsvc'
+    require 'ruby_smb/dcerpc/bind'
+  end
+end

data/lib/ruby_smb/dcerpc/bind.rb

@@ -0,0 +1,60 @@
+module RubySMB
+  module Dcerpc
+    # The FileDirectoryInformation Class as defined in
+    # http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
+
+    class PContElemT < BinData::Record
+      endian :little
+
+      uint16 :p_cont_id
+      uint8 :n_transfer_syn, initial_value: 1
+      uint8 :reserved
+      choice :abstract_syntax, selection: -> {endpoint} do
+        srv_svc_syntax Srvsvc
+      end
+      array :transfer_syntaxes, type: :ndr_syntax, initial_length: -> { n_transfer_syn }
+    end
+
+    class PContListT < BinData::Record
+      endian :little
+
+      uint8 :n_context_elem, initial_value: -> { 1 }
+      uint8 :reserved
+      uint16 :reserved2
+      array :p_cont_elem, type: :p_cont_elem_t, initial_length: -> {n_context_elem},
+                                                      endpoint: -> {endpoint}
+    end
+
+    class Bind < BinData::Record
+      endian :little
+
+      uint8 :rpc_vers, label: 'RPC version', initial_value: 5
+      uint8 :rpc_vers_minor, label: 'minor version'
+      uint8 :ptype, label: 'bind PDU', initial_value: 11
+      #uint8 :pfc_flags, label: 'flags', initial_value: 0x03
+      struct :pfc_flags do
+        bit1  :object
+        bit1  :maybe
+        bit1  :did_not_execute
+        bit1  :multiplex
+        bit1  :reserved
+        bit1  :cancel
+        bit1  :last_frag,  initial_value: 1
+        bit1  :first_frag, initial_value: 1
+      end
+
+      uint32 :packed_drep, label: 'NDR data rep format label', initial_value: 16
+
+      uint16 :frag_length, label: 'total length of fragment', initial_value: 72
+      uint16 :auth_length, label: 'length of auth_value'
+      uint32 :call_id, label: 'call identifier', initial_value: 1
+
+      uint16 :max_xmit_frag, label: 'max transmit frag size', initial_value: 65535
+      uint16 :max_recv_frag, label: 'max receive  frag size', initial_value: 65535
+      uint32 :assoc_group_id, label: 'ncarnation of client-server assoc group'
+
+      p_cont_list_t :p_context_elem, endpoint: -> { endpoint }
+      string :auth_verifier_co_t
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/handle.rb

@@ -0,0 +1,60 @@
+module RubySMB
+  module Dcerpc
+    class Handle
+
+      attr_accessor :pipe
+      attr_accessor :last_msg
+      attr_accessor :response
+
+      PTYPES = [
+          RubySMB::Dcerpc::Request,
+          nil,
+          RubySMB::Dcerpc::Response
+      ]
+
+      # @param [RubySMB::SMB2::File] named_pipe
+      # @return [RubySMB::Dcerpc::Handle]
+      def initialize(named_pipe)
+        @pipe = named_pipe
+      end
+
+      # @param [Class] endpoint
+      def bind(options={})
+        ioctl_request(RubySMB::Dcerpc::Bind.new(options))
+      end
+
+      # @param [Hash] options
+      def request(opnum:, stub:, options:{})
+        ioctl_request(
+            RubySMB::Dcerpc::Request.new(
+                opnum: opnum,
+                stub: stub.new(options).to_binary_s
+            )
+        )
+      end
+
+      # @param [BinData::Record] action
+      # @param [Hash] options
+      def ioctl_request(action, options={})
+        request = @pipe.set_header_fields(RubySMB::SMB2::Packet::IoctlRequest.new(options))
+        request.ctl_code = 0x0011C017
+        request.flags.is_fsctl = 0x00000001
+        request.buffer = action.to_binary_s
+        @last_msg = @pipe.tree.client.send_recv(request)
+        handle_msg(RubySMB::SMB2::Packet::IoctlResponse.read(@last_msg))
+      end
+
+      # @param [BinData::Record] msg
+      def handle_msg(msg)
+        data = msg.buffer.to_binary_s
+        headz = RubySMB::Dcerpc::PduHeader.read(data)
+        pdu = PTYPES[headz.ptype]
+        if pdu
+          dcerpc_response_stub = pdu.read(msg.output_data).stub
+          @response = dcerpc_response_stub.to_binary_s
+        end
+        data
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/ndr.rb

@@ -0,0 +1,41 @@
+module RubySMB
+  module Dcerpc
+
+    class NdrSyntax < BinData::Record
+      endian :little
+      uuid   :if_uuid, initial_value: '8a885d04-1ceb-11c9-9fe8-08002b104860'
+      uint16 :if_ver, initial_value: 2
+      uint16 :if_ver_minor, initial_value: 0
+    end
+
+    class NdrString < BinData::Record
+      endian :little
+
+      uint32    :max_count, initial_value: -> { str.length }
+      uint32    :offset, initial_value: 0
+      uint32    :actual_count, initial_value: -> { str.length }
+      stringz16 :str, read_length: -> { actual_count }
+
+      def assign(v)
+        self.max_count = v.size
+        self.actual_count = v.size
+        self.str = v
+      end
+    end
+
+    class NdrLpStr < BinData::Record
+      endian :little
+
+      uint32     :referent_identifier
+      ndr_string :ndr_str
+
+      def assign(v)
+        self.ndr_str = v
+      end
+
+      def to_s
+        self.ndr_str.str
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/request.rb

@@ -0,0 +1,43 @@
+module RubySMB
+  module Dcerpc
+    #http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
+    class Request < BinData::Record
+      endian :little
+
+      #common fields
+      uint8 :rpc_vers, initial_value: 5 # 00:01 RPC version
+      uint8 :rpc_vers_minor # 01:01 minor version
+      uint8 :ptype # 02:01 request PDU
+      struct :pfc_flags do
+        bit1  :object
+        bit1  :maybe
+        bit1  :did_not_execute
+        bit1  :multiplex
+        bit1  :reserved
+        bit1  :cancel
+        bit1  :last_frag,  initial_value: 1
+        bit1  :first_frag, initial_value: 1
+      end
+
+      uint32 :packed_drep, initial_value: 0x00000010 # 04:04 NDR data rep format label
+
+      uint16 :frag_length, initial_value: -> { self.do_num_bytes } # 08:02 total length of fragment
+      uint16 :auth_length # 10:02 length of auth_value
+      uint32 :call_id # 12:04 call identifier
+
+      #needed on request, response, fault
+
+      uint32 :alloc_hint, initial_value: -> {stub.do_num_bytes} # 16:04 allocation hint
+      uint16 :p_cont_id # 20:02 pres context, i.e. data rep
+      uint16 :opnum # 22:02 operation #within the interface
+
+      # optional field for request, only present if the PFC_OBJECT_UUID field is non-zero
+
+      string :stub, read_length: -> {alloc_hint} # stub data, 8-octet aligned
+      string :auth_verifier_co_t # optional authentication verifier
+      # following fields present iff auth_length != 0 */
+
+      #auth_verifier_co_t   auth_verifier # xx:yy
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/response.rb

@@ -0,0 +1,46 @@
+module RubySMB
+  module Dcerpc
+    #http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
+    class Response < BinData::Record
+      endian :little
+
+      #common fields
+      uint8 :rpc_vers # 00:01 RPC version
+      uint8 :rpc_vers_minor # 01:01 minor version
+      uint8 :ptype # 02:01 request PDU
+      struct :pfc_flags do
+        bit1  :object
+        bit1  :maybe
+        bit1  :did_not_execute
+        bit1  :multiplex
+        bit1  :reserved
+        bit1  :cancel
+        bit1  :last_frag,  initial_value: 1
+        bit1  :first_frag, initial_value: 1
+      end
+
+      uint32 :packed_drep # 04:04 NDR data rep format label
+
+      uint16 :frag_length # 08:02 total length of fragment
+      uint16 :auth_length # 10:02 length of auth_value
+      uint32 :call_id # 12:04 call identifier
+
+      #needed on request, response, fault
+
+      uint32 :alloc_hint # 16:04 allocation hint
+      uint16 :p_cont_id # 20:02 pres context, i.e. data rep
+      uint16 :cancel_count # 22:02 operation #within the interface
+
+      # optional field for request, only present if the PFC_OBJECT_UUID field is non-zero
+
+      string :stub, length: -> {alloc_hint}
+
+      # stub data, 8-octet aligned
+
+      # optional authentication verifier
+      # following fields present iff auth_length != 0 */
+
+      #auth_verifier_co_t   auth_verifier # xx:yy
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/srvsvc.rb

@@ -0,0 +1,17 @@
+module RubySMB
+  module Dcerpc
+    module Srvsvc
+
+      class SrvSvcHandle < Dcerpc::NdrLpStr; end
+
+      class SrvSvcSyntax < BinData::Record
+        endian :little
+        uuid   :if_uuid, initial_value: '4b324fc8-1670-01d3-1278-5a47bf6ee188'
+        uint16 :if_ver, initial_value: 3
+        uint16 :if_ver_minor, initial_value: 0
+      end
+
+      require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
+    end
+  end
+end