ruby_smb 0.0.8

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 203527ee7c807b85b3af96aea81bdc9f543b5f16
+  data.tar.gz: f80aa766405b6b813a5ac9a65aca3778d24f20a0
+SHA512:
+  metadata.gz: 79add85ae366057d7c77cafa684c6c3d6e842777bbf161d768dd8e206a344f712fc3cf5684a0d625c77162e1a07f8dcb7e43bf92292b9fedd0bfd8169a873375
+  data.tar.gz: 5866aa5f7aed28b0dfa8b3c147434ebefe6a6e4964618ba7d4762349f5090e826c1461950ec79a53fc52074f75eb99abc8b6a488d9901f2701b537c28aec5601

data/.gitignore

@@ -0,0 +1,21 @@
+/.bundle/
+/.yardoc
+/.idea/
+/Gemfile.lock
+/_yardoc/
+/coverage/
+/doc/
+/pkg/
+/spec/reports/
+/tmp/
+*.bundle
+*.so
+*.o
+*.a
+mkmf.log
+*.gem
+/tags
+
+# RVM control
+.ruby-version
+.ruby-gemset

data/.rspec

@@ -0,0 +1,3 @@
+--format documentation
+--color
+--require spec_helper

data/.simplecov

@@ -0,0 +1,42 @@
+# RM_INFO is set when using Rubymine.  In Rubymine, starting SimpleCov is
+# controlled by running with coverage, so don't explicitly start coverage (and
+# therefore generate a report) when in Rubymine.  This _will_ generate a report
+# whenever `rake spec` is run.
+unless ENV['RM_INFO']
+  SimpleCov.start
+end
+
+SimpleCov.configure do
+  # ignore this file
+  add_filter '.simplecov'
+
+  # Rake tasks aren't tested with rspec
+  add_filter 'Rakefile'
+  add_filter 'lib/tasks'
+
+  #
+  # Changed Files in Git Group
+  # @see http://fredwu.me/post/35625566267/simplecov-test-coverage-for-changed-files-only
+  #
+
+  untracked = `git ls-files --exclude-standard --others`
+  unstaged = `git diff --name-only`
+  staged = `git diff --name-only --cached`
+  all = untracked + unstaged + staged
+  changed_filenames = all.split("\n")
+
+  add_group 'Changed' do |source_file|
+    changed_filenames.detect { |changed_filename|
+      source_file.filename.end_with?(changed_filename)
+    }
+  end
+
+  add_group 'Libraries', 'lib'
+
+  #
+  # Specs are reported on to ensure that all examples are being run and all
+  # lets, befores, afters, etc are being used.
+  #
+
+  add_group 'Specs', 'spec'
+end

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+sudo: false
+rvm:
+  - '2.2'
+  - 'jruby-9000'

data/.yardopts

@@ -0,0 +1 @@
+-m markdown

data/CONTRIBUTING.md

@@ -0,0 +1,119 @@
+# Contributing
+
+## Forking
+
+[Fork this repository](https://github.com/rapid7/smb2/fork)
+
+## Branching
+
+Branch names follow the format `TYPE/ISSUE/SUMMARY`.  You can create it with `git checkout -b TYPE/ISSUE/SUMMARY`.
+
+### `TYPE`
+
+`TYPE` can be `bug`, `chore`, or `feature`.
+
+### `ISSUE`
+
+`ISSUE` is either a [Github issue](https://github.com/rapid7/smb2/issues) or an issue from some other
+issue tracking software.
+
+### `SUMMARY`
+
+`SUMMARY` is is short summary of the purpose of the branch composed of lower case words separated by '-' so that it is a valid `PRERELEASE` for the Gem version.
+
+## Changes
+
+### `PRERELEASE`
+
+1. Update `PRERELEASE` to match the `SUMMARY` in the branch name.  If you branched from `master`, and [version.rb](lib/ruby_smb/version.rb) does not have `PRERELEASE` defined, then adding the following lines after `PATCH`:
+```
+# The prerelease version, scoped to the {MAJOR}, {MINOR}, and {PATCH} version number.
+PRERELEASE = '<SUMMARY>'
+```
+2. `rake spec`
+3.  Verify the specs pass, which indicates that `PRERELEASE` was updated correctly.
+4. Commit the change `git commit -a`
+
+### Your changes
+
+Make your changes or however many commits you like, committing each with `git commit`.
+
+### Pre-Pull Request Testing
+
+1. Run specs one last time before opening the Pull Request: `rake spec`
+2. Verify there was no failures.
+
+### Push
+
+Push your branch to your fork on gitub: `git push TYPE/ISSUE/SUMMARY`
+
+### Pull Request
+
+* [Create new Pull Request](https://github.com/rapid7/smb2/compare/)
+* Add a Verification Steps to the description comment
+
+```
+# Verification Steps
+
+- [ ] `bundle install`
+
+## `rake spec`
+- [ ] `rake spec`
+- [ ] VERIFY no failures
+```
+
+You should also include at least one scenario to manually check the changes outside of specs.
+
+* Add a Post-merge Steps comment
+
+The 'Post-merge Steps' are a reminder to the reviewer of the Pull Request of how to update the [`PRERELEASE`](lib/windows_error/version.rb) so that [version_spec.rb](spec/lib/windows_error/version.rb_spec.rb) passes on the target branch after the merge.
+
+DESTINATION is the name of the destination branch into which the merge is being made.  SOURCE_SUMMARY is the SUMMARY from TYPE/ISSUE/SUMMARY branch name for the SOURCE branch that is being made.
+
+When merging to `master`:
+
+```
+# Post-merge Steps
+
+Perform these steps prior to pushing to master or the build will be broke on master.
+
+## Version
+- [ ] Edit `lib/ruby_smb/version.rb`
+- [ ] Remove `PRERELEASE` and its comment as `PRERELEASE` is not defined on master.
+
+## Gem build
+- [ ] gem build *.gemspec
+- [ ] VERIFY the gem has no '.pre' version suffix.
+
+## RSpec
+- [ ] `rake spec`
+- [ ] VERIFY version examples pass without failures
+
+## Commit & Push
+- [ ] `git commit -a`
+- [ ] `git push origin master`
+```
+
+When merging to DESTINATION other than `master`:
+
+```
+# Post-merge Steps
+
+Perform these steps prior to pushing to DESTINATION or the build will be broke on DESTINATION.
+
+## Version
+- [ ] Edit `lib/windows_error/version.rb`
+- [ ] Change `PRERELEASE` from `SOURCE_SUMMARY` to `DESTINATION_SUMMARY` to match the branch (DESTINATION) summary (DESTINATION_SUMMARY)
+
+## Gem build
+- [ ] gem build windows_error.gemspec
+- [ ] VERIFY the prerelease suffix has change on the gem.
+
+## RSpec
+- [ ] `rake spec`
+- [ ] VERIFY version examples pass without failures
+
+## Commit & Push
+- [ ] `git commit -a`
+- [ ] `git push origin DESTINATION`
+```

data/Gemfile

@@ -0,0 +1,13 @@
+source 'https://rubygems.org'
+gemspec
+
+gem 'pry'
+
+group :test do
+  # simplecov test formatter and uploader for Coveralls.io
+  gem 'coveralls', require: false
+  # Testing
+  gem 'rspec'
+  # Coverage reports
+  gem 'simplecov', require: false
+end

data/LICENSE.txt

@@ -0,0 +1,18 @@
+Copyright 2014, Rapid7, Inc.
+
+License: BSD-3-clause
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+  * Redistributions of source code must retain the above copyright notice,
+  this list of conditions and the following disclaimer.
+
+  * Redistributions in binary form must reproduce the above copyright
+  notice, this list of conditions and the following disclaimer in the
+  documentation and/or other materials provided with the distribution.
+
+  * Neither the name of the copyright holder nor the names of its contributors
+  may be used to endorse or promote products derived from this software
+  without specific prior written permission.
+

data/README.md

@@ -0,0 +1,64 @@
+# RubySMB
+
+[![Build Status](https://travis-ci.org/rapid7/ruby_smb.svg?branch=master)](https://travis-ci.org/rapid7/ruby_smb)
+[![Code Climate](https://codeclimate.com/github/rapid7/ruby_smb.png)](https://codeclimate.com/github/rapid7/ruby_smb)
+[![Coverage Status](https://coveralls.io/repos/github/rapid7/ruby_smb/badge.svg?branch=master)](https://coveralls.io/github/rapid7/ruby_smb?branch=master)
+
+A packet parsing and manipulation library for the SMB family of protocols.
+
+See Microsoft's [[MS-SMB2]](http://msdn.microsoft.com/en-us/library/cc246482.aspx)
+
+It supports authentication via NTLM using the [ruby ntlm gem](https://rubygems.org/gems/rubyntlm)
+
+## Installation
+
+This gem has not yet been released, but when it is, do this:
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'ruby_smb'
+```
+
+And then execute:
+
+    $ bundle
+
+Or install it yourself as:
+
+    $ gem install ruby_smb
+
+## Usage
+
+Updated Usage Docs coming soon
+
+## Developer tips
+You'll want to have Wireshark and perhaps a tool like Impacket (which provides a small SMB client in one of its examples) installed to help with your work:
+
+### Wireshark
+- `sudo apt-get install wireshark`
+- `sudo dpkg-reconfigure wireshark-common`
+- `sudo addgroup wireshark`
+- `sudo usermod -a -G wireshark <USERNAME>`
+
+### Impacket
+- `sudo apt-get install python-setuptools`
+- `sudo easy_install pyasn1 pycrypto`
+- Download from GitHub (https://github.com/coresecurity/impacket)
+- `sudo python setup.py install`
+- `cd examples && python smbclient.py <USER>:<PASS>@<WINDOWS HOST IP>`
+
+
+
+## License
+
+`ruby_smb` is released under a 3-clause BSD license. See [LICENSE.txt](LICENSE.txt) for full text.
+
+
+## Contributing
+
+1. Fork it ( https://github.com/rapid7/smb2/fork )
+2. Create your feature branch (`git checkout -b my-new-feature`)
+3. Commit your changes (`git commit -am 'Add some feature'`)
+4. Push to the branch (`git push origin my-new-feature`)
+5. Create a new Pull Request

data/Rakefile

@@ -0,0 +1,22 @@
+require 'bundler/gem_tasks'
+
+require 'rspec/core/rake_task'
+
+require 'yard'
+require 'yard/rake/yardoc_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+YARD::Rake::YardocTask.new do |t|
+  t.options = [
+    '-m', 'markdown'
+  ]
+  t.options += Dir.glob('yard_extensions/*.rb').flat_map { |e| ['-e', e] }
+  t.files = [
+    'lib/**/*.rb',
+    '-',
+    'README.md', 'LICENSE.txt'
+  ]
+end
+
+task default: :spec

data/examples/authenticate.rb

@@ -0,0 +1,30 @@
+#!/usr/bin/ruby
+
+# This script tests a full Authentication/Session Setup cycle
+# including protocol negotiation and authentication.
+
+require 'bundler/setup'
+require 'ruby_smb'
+
+
+def run_authentication(address, smb1, smb2, username, password)
+  # Create our socket and add it to the dispatcher
+  sock = TCPSocket.new address, 445
+  dispatcher = RubySMB::Dispatcher::Socket.new(sock)
+
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: username, password: password)
+  protocol = client.negotiate
+  status  = client.authenticate
+  puts "#{protocol} : #{status}"
+end
+
+address  = ARGV[0]
+username = ARGV[1]
+password = ARGV[2]
+
+# Negotiate with both SMB1 and SMB2 enabled on the client
+run_authentication(address, true, true, username, password)
+# Negotiate with only SMB1 enabled
+run_authentication(address, true, false, username, password)
+# Negotiate with only SMB2 enabled
+run_authentication(address, false, true, username, password)

data/examples/negotiate.rb

@@ -0,0 +1,25 @@
+#!/usr/bin/ruby
+
+#
+# This script is for testing the Protocol Negotiation in the library
+# without any other parts.
+
+require 'bundler/setup'
+require 'ruby_smb'
+
+
+def run_negotiation(address, smb1, smb2)
+  # Create our socket and add it to the dispatcher
+  sock = TCPSocket.new address, 445
+  dispatcher = RubySMB::Dispatcher::Socket.new(sock)
+
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: 'msfadmin', password: 'msfadmin')
+  client.negotiate
+end
+
+# Negotiate with both SMB1 and SMB2 enabled on the client
+run_negotiation(ARGV[0], true, true)
+# Negotiate with only SMB1 enabled
+run_negotiation(ARGV[0], true, false)
+# Negotiate with only SMB2 enabled
+run_negotiation(ARGV[0], false, true)

data/lib/ruby_smb/client/authentication.rb

@@ -0,0 +1,236 @@
+module RubySMB
+  class Client
+    # This module holds all the backend client methods for authentication.
+    module Authentication
+
+      # Responsible for handling Authentication and Session Setup for
+      # the SMB Client. It returns the final Status code from the authentication
+      # exchange.
+      #
+      # @return [WindowsError::NTStatus] the NTStatus object from the SessionSetup exchange.
+      def authenticate
+        if self.smb1
+          smb1_authenticate
+        else
+          smb2_authenticate
+        end
+      end
+
+      #
+      # SMB1 Methods
+      #
+
+      # Handles the SMB1 NTLMSSP 4-way handshake for Authentication
+      def smb1_authenticate
+        response = smb1_ntlmssp_negotiate
+        challenge_packet = smb1_ntlmssp_challenge_packet(response)
+        user_id = challenge_packet.smb_header.uid
+        challenge_message = smb1_type2_message(challenge_packet)
+        raw = smb1_ntlmssp_authenticate(challenge_message, user_id)
+        response = smb1_ntlmssp_final_packet(raw)
+        response_code = response.status_code
+        self.user_id = user_id if response_code.name == "STATUS_SUCCESS"
+        response_code
+      end
+
+      # Sends the {RubySMB::SMB1::Packet::SessionSetupRequest} packet and
+      # receives the response.
+      #
+      # @return [String] the binary string response from the server
+      def smb1_ntlmssp_negotiate
+        packet = smb1_ntlmssp_negotiate_packet
+        send_recv(packet)
+      end
+
+      # Takes the Base64 encoded NTLM Type 2 (Challenge) message
+      # and calls the routines to build the Auth packet, sends the packet
+      # and receives the raw response
+      #
+      # @param type2_string [String] the Base64 Encoded NTLM Type 2 message
+      # @param user_id [Integer] the temporary user ID from the Type 2 response
+      # @return [String] the raw binary response from the server
+      def smb1_ntlmssp_authenticate(type2_string,user_id)
+        packet = smb1_ntlmssp_auth_packet(type2_string,user_id)
+        send_recv(packet)
+      end
+
+      # Generates the {RubySMB::SMB1::Packet::SessionSetupRequest} packet
+      # with the NTLM Type 3 (Auth) message in the security_blob field.
+      #
+      # @param type2_string [String] the Base64 encoded Type2 challenge to respond to
+      # @param user_id [Integer] the temporary user ID from the Type 2 response
+      # @return [RubySMB::SMB1::Packet::SessionSetupRequest] the second authentication packet to send
+      def smb1_ntlmssp_auth_packet(type2_string,user_id)
+        type3_message = ntlm_client.init_context(type2_string)
+        self.session_key = ntlm_client.session_key
+        packet = RubySMB::SMB1::Packet::SessionSetupRequest.new
+        packet.smb_header.uid = user_id
+        packet.set_type3_blob(type3_message.serialize)
+        packet.parameter_block.max_buffer_size = 4356
+        packet.parameter_block.max_mpx_count = 50
+        packet.smb_header.flags2.extended_security = 1
+        packet
+      end
+
+      # Creates the {RubySMB::SMB1::Packet::SessionSetupRequest} packet
+      # for the first part of the NTLMSSP 4-way hnadshake. This packet
+      # initializes negotiations for the NTLMSSP authentication
+      #
+      # @return [RubySMB::SMB1::Packet::SessionSetupRequest] the first authentication packet to send
+      def smb1_ntlmssp_negotiate_packet
+        type1_message = ntlm_client.init_context
+        packet = RubySMB::SMB1::Packet::SessionSetupRequest.new
+        packet.set_type1_blob(type1_message.serialize)
+        packet.parameter_block.max_buffer_size = 4356
+        packet.parameter_block.max_mpx_count = 50
+        packet.smb_header.flags2.extended_security = 1
+        packet
+      end
+
+      # Takes the raw binary string and returns a {RubySMB::SMB1::Packet::SessionSetupResponse}
+      def smb1_ntlmssp_final_packet(raw_response)
+        begin
+          packet = RubySMB::SMB1::Packet::SessionSetupResponse.read(raw_response)
+        rescue
+          packet = RubySMB::SMB1::Packet::ErrorPacket.read(raw_response)
+        end
+
+        unless packet.smb_header.command == RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+          raise RubySMB::Error::InvalidPacket, "Command was #{packet.smb_header.command} and not #{RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP}"
+        end
+        packet
+      end
+
+      # Takes the raw binary string and returns a {RubySMB::SMB1::Packet::SessionSetupResponse}
+      def smb1_ntlmssp_challenge_packet(raw_response)
+        packet = RubySMB::SMB1::Packet::SessionSetupResponse.read(raw_response)
+        status_code = packet.status_code
+
+        unless status_code.name == "STATUS_MORE_PROCESSING_REQUIRED"
+          raise RubySMB::Error::UnexpectedStatusCode, status_code.to_s
+        end
+
+        unless packet.smb_header.command == RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP
+          raise RubySMB::Error::InvalidPacket, "Command was #{packet.smb_header.command} and not #{RubySMB::SMB1::Commands::SMB_COM_SESSION_SETUP}"
+        end
+        packet
+      end
+
+      # Parses out the NTLM Type 2 Message from a {RubySMB::SMB1::Packet::SessionSetupResponse}
+      #
+      # @param response_packet [RubySMB::SMB1::Packet::SessionSetupResponse] the response packet to get the NTLM challenge from
+      # @return [String] the base64 encoded  NTLM Challenge (Type2 Message) from the response
+      def smb1_type2_message(response_packet)
+        sec_blob = response_packet.data_block.security_blob
+        ntlmssp_offset = sec_blob.index("NTLMSSP")
+        type2_blob = sec_blob.slice(ntlmssp_offset..-1)
+        [type2_blob].pack("m")
+      end
+
+      #
+      # SMB 2 Methods
+      #
+
+      # Handles the SMB1 NTLMSSP 4-way handshake for Authentication
+      def smb2_authenticate
+        response = smb2_ntlmssp_negotiate
+        challenge_packet = smb2_ntlmssp_challenge_packet(response)
+        session_id = challenge_packet.smb2_header.session_id
+        challenge_message = smb2_type2_message(challenge_packet)
+        raw = smb2_ntlmssp_authenticate(challenge_message, session_id)
+        response = smb2_ntlmssp_final_packet(raw)
+        response_code = response.status_code
+        self.session_id = response.smb2_header.session_id if response_code.name == "STATUS_SUCCESS"
+        response_code
+      end
+
+      # Takes the raw binary string and returns a {RubySMB::SMB2::Packet::SessionSetupResponse}
+      def smb2_ntlmssp_final_packet(raw_response)
+        packet = RubySMB::SMB2::Packet::SessionSetupResponse.read(raw_response)
+        unless packet.smb2_header.command == RubySMB::SMB2::Commands::SESSION_SETUP
+          raise RubySMB::Error::InvalidPacket, "Command was #{packet.smb2_header.command} and not #{RubySMB::SMB2::Commands::SESSION_SETUP}"
+        end
+        packet
+      end
+
+      # Takes the raw binary string and returns a {RubySMB::SMB2::Packet::SessionSetupResponse}
+      def smb2_ntlmssp_challenge_packet(raw_response)
+        packet = RubySMB::SMB2::Packet::SessionSetupResponse.read(raw_response)
+        status_code = packet.status_code
+        unless status_code.name == "STATUS_MORE_PROCESSING_REQUIRED"
+          raise RubySMB::Error::UnexpectedStatusCode, status_code.to_s
+        end
+
+        unless packet.smb2_header.command == RubySMB::SMB2::Commands::SESSION_SETUP
+          raise RubySMB::Error::InvalidPacket, "Command was #{packet.smb2_header.command} and not #{RubySMB::SMB2::Commands::SESSION_SETUP}"
+        end
+        packet
+      end
+
+      # Sends the {RubySMB::SMB2::Packet::SessionSetupRequest} packet and
+      # receives the response.
+      #
+      # @return [String] the binary string response from the server
+      def smb2_ntlmssp_negotiate
+        packet = smb2_ntlmssp_negotiate_packet
+        send_recv(packet)
+      end
+
+      # Creates the {RubySMB::SMB2::Packet::SessionSetupRequest} packet
+      # for the first part of the NTLMSSP 4-way handshake. This packet
+      # initializes negotiations for the NTLMSSP authentication
+      #
+      # @return [RubySMB::SMB2::Packet::SessionSetupRequest] the first authentication packet to send
+      def smb2_ntlmssp_negotiate_packet
+        type1_message = ntlm_client.init_context
+        packet = RubySMB::SMB2::Packet::SessionSetupRequest.new
+        packet.set_type1_blob(type1_message.serialize)
+        packet.smb2_header.message_id = 1 #self.smb2_message_id
+        self.smb2_message_id = 2
+        packet
+      end
+
+      # Parses out the NTLM Type 2 Message from a {RubySMB::SMB2::Packet::SessionSetupResponse}
+      #
+      # @param response_packet [RubySMB::SMB2::Packet::SessionSetupResponse] the response packet to get the NTLM challenge from
+      # @return [String] the base64 encoded  NTLM Challenge (Type2 Message) from the response
+      def smb2_type2_message(response_packet)
+        sec_blob = response_packet.buffer
+        ntlmssp_offset = sec_blob.index("NTLMSSP")
+        type2_blob = sec_blob.slice(ntlmssp_offset..-1)
+        [type2_blob].pack("m")
+      end
+
+      # Takes the Base64 encoded NTLM Type 2 (Challenge) message
+      # and calls the routines to build the Auth packet, sends the packet
+      # and receives the raw response
+      #
+      # @param type2_string [String] the Base64 Encoded NTLM Type 2 message
+      # @param user_id [Integer] the temporary user ID from the Type 2 response
+      # @return [String] the raw binary response from the server
+      def smb2_ntlmssp_authenticate(type2_string,user_id)
+        packet = smb2_ntlmssp_auth_packet(type2_string,user_id)
+        send_recv(packet)
+      end
+
+      # Generates the {RubySMB::SMB2::Packet::SessionSetupRequest} packet
+      # with the NTLM Type 3 (Auth) message in the security_blob field.
+      #
+      # @param type2_string [String] the Base64 encoded Type2 challenge to respond to
+      # @param session_id [Integer] the temporary session id from the Type 2 response
+      # @return [RubySMB::SMB2::Packet::SessionSetupRequest] the second authentication packet to send
+      def smb2_ntlmssp_auth_packet(type2_string, session_id)
+        type3_message = ntlm_client.init_context(type2_string)
+        self.session_key = ntlm_client.session_key
+        packet = RubySMB::SMB2::Packet::SessionSetupRequest.new
+        packet.smb2_header.session_id = session_id
+        packet.set_type3_blob(type3_message.serialize)
+        packet.smb2_header.message_id = self.smb2_message_id
+        self.smb2_message_id += 1
+        packet
+      end
+
+
+    end
+  end
+end