ruby_smb 1.0.3 → 2.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +3 -2
- data/Gemfile +6 -2
- data/README.md +35 -47
- data/examples/enum_registry_key.rb +28 -0
- data/examples/enum_registry_values.rb +30 -0
- data/examples/negotiate.rb +51 -8
- data/examples/pipes.rb +2 -1
- data/examples/read_file_encryption.rb +56 -0
- data/examples/read_registry_key_value.rb +32 -0
- data/lib/ruby_smb.rb +4 -1
- data/lib/ruby_smb/client.rb +233 -22
- data/lib/ruby_smb/client/authentication.rb +70 -33
- data/lib/ruby_smb/client/echo.rb +20 -2
- data/lib/ruby_smb/client/encryption.rb +62 -0
- data/lib/ruby_smb/client/negotiation.rb +172 -24
- data/lib/ruby_smb/client/signing.rb +19 -0
- data/lib/ruby_smb/client/tree_connect.rb +24 -18
- data/lib/ruby_smb/client/utils.rb +8 -7
- data/lib/ruby_smb/client/winreg.rb +46 -0
- data/lib/ruby_smb/crypto.rb +30 -0
- data/lib/ruby_smb/dcerpc.rb +38 -0
- data/lib/ruby_smb/dcerpc/bind.rb +2 -2
- data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
- data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
- data/lib/ruby_smb/dcerpc/request.rb +28 -9
- data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
- data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
- data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
- data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
- data/lib/ruby_smb/dispatcher/socket.rb +4 -3
- data/lib/ruby_smb/error.rb +68 -2
- data/lib/ruby_smb/generic_packet.rb +33 -4
- data/lib/ruby_smb/smb1/commands.rb +1 -1
- data/lib/ruby_smb/smb1/file.rb +66 -15
- data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
- data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
- data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
- data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
- data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
- data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
- data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
- data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
- data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
- data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/pipe.rb +87 -6
- data/lib/ruby_smb/smb1/tree.rb +50 -3
- data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
- data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
- data/lib/ruby_smb/smb2/file.rb +103 -25
- data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
- data/lib/ruby_smb/smb2/packet.rb +2 -0
- data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
- data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
- data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
- data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
- data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
- data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
- data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
- data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
- data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
- data/lib/ruby_smb/smb2/pipe.rb +86 -12
- data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +65 -21
- data/lib/ruby_smb/version.rb +1 -1
- data/ruby_smb.gemspec +5 -3
- data/spec/lib/ruby_smb/client_spec.rb +1612 -108
- data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
- data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
- data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
- data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
- data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
- data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
- data/spec/lib/ruby_smb/error_spec.rb +59 -0
- data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
- data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
- data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
- data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
- data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
- data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
- data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
- data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
- data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
- data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
- data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
- data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
- data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
- data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
- data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
- data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
- data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
- data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
- data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
- metadata +191 -83
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
- data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
- data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumKey Response Packet as defined in
|
|
6
|
+
# [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
|
|
7
|
+
class EnumKeyResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_name
|
|
13
|
+
string :pad1, length: -> { pad_length1 }
|
|
14
|
+
prrp_unicode_string :lp_class, initial_value: 0
|
|
15
|
+
string :pad2, length: -> { pad_length2 }
|
|
16
|
+
ndr_lp_file_time :lpft_last_write_time
|
|
17
|
+
uint32 :error_status
|
|
18
|
+
|
|
19
|
+
def initialize_instance
|
|
20
|
+
super
|
|
21
|
+
@opnum = REG_ENUM_KEY
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Determines the correct length for the padding in front of
|
|
25
|
+
# #lp_class. It should always force a 4-byte alignment.
|
|
26
|
+
def pad_length1
|
|
27
|
+
offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
|
|
28
|
+
(4 - offset) % 4
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Determines the correct length for the padding in front of
|
|
32
|
+
# #lpft_last_write_time. It should always force a 4-byte alignment.
|
|
33
|
+
def pad_length2
|
|
34
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
35
|
+
(4 - offset) % 4
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegEnumValue Request Packet as defined in
|
|
8
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
9
|
+
class EnumValueRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
uint32 :dw_index
|
|
16
|
+
rrp_unicode_string :lp_value_name
|
|
17
|
+
string :pad, length: -> { pad_length }
|
|
18
|
+
ndr_lp_dword :lp_type
|
|
19
|
+
ndr_lp_byte :lp_data
|
|
20
|
+
ndr_lp_dword :lpcb_data
|
|
21
|
+
ndr_lp_dword :lpcb_len
|
|
22
|
+
|
|
23
|
+
def initialize_instance
|
|
24
|
+
super
|
|
25
|
+
@opnum = REG_ENUM_VALUE
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Determines the correct length for the padding in front of
|
|
29
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
30
|
+
def pad_length
|
|
31
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
32
|
+
(4 - offset) % 4
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumValue Response Packet as defined in
|
|
6
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
7
|
+
class EnumValueResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_value_name
|
|
13
|
+
string :pad, length: -> { pad_length }
|
|
14
|
+
ndr_lp_dword :lp_type
|
|
15
|
+
ndr_lp_byte :lp_data
|
|
16
|
+
ndr_lp_dword :lpcb_data
|
|
17
|
+
ndr_lp_dword :lpcb_len
|
|
18
|
+
uint32 :error_status
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_ENUM_VALUE
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_sub_key
|
|
16
|
+
string :pad, length: -> { pad_length }
|
|
17
|
+
uint32 :dw_options
|
|
18
|
+
regsam :sam_desired
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_OPEN_KEY
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #dw_options. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_sub_key.abs_offset + lp_sub_key.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Response Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyResponse < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
prpc_hkey :phk_result
|
|
14
|
+
uint32 :error_status
|
|
15
|
+
|
|
16
|
+
def initialize_instance
|
|
17
|
+
super
|
|
18
|
+
@opnum = REG_OPEN_KEY
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a PREGISTRY_SERVER_NAME structure as defined in
|
|
6
|
+
# [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
|
|
7
|
+
class PRegistryServerName < Ndr::NdrTopLevelFullPointer
|
|
8
|
+
endian :little
|
|
9
|
+
|
|
10
|
+
string16 :referent, read_length: -> { 4 }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# This class is a generic class that represents OpenXXX Request packet,
|
|
14
|
+
# used to open one of the root keys, as defined in:
|
|
15
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
16
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
17
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
18
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
19
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
20
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
21
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
22
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
23
|
+
# The structure is define by the value of the #opnum parameter
|
|
24
|
+
# e.g. (OpenLocalMachine):
|
|
25
|
+
# OpenRootKeyRequest.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
26
|
+
class OpenRootKeyRequest < BinData::Record
|
|
27
|
+
attr_reader :opnum
|
|
28
|
+
|
|
29
|
+
endian :little
|
|
30
|
+
p_registry_server_name :p_registry_server_name
|
|
31
|
+
regsam :sam_desired
|
|
32
|
+
|
|
33
|
+
def initialize_instance
|
|
34
|
+
super
|
|
35
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
36
|
+
p_registry_server_name.referent = "\0\0"
|
|
37
|
+
sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class is a generic class that represents OpenXXX Response packet,
|
|
8
|
+
# used to open one of the root keys, as defined in:
|
|
9
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
10
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
11
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
12
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
13
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
14
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
15
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
16
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
17
|
+
# The structure is define by the value of the #opnum parameter
|
|
18
|
+
# e.g. (OpenLocalMachine):
|
|
19
|
+
# OpenRootKeyResponse.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
20
|
+
class OpenRootKeyResponse < BinData::Record
|
|
21
|
+
attr_reader :opnum
|
|
22
|
+
|
|
23
|
+
endian :little
|
|
24
|
+
prpc_hkey :ph_key
|
|
25
|
+
uint32 :error_status
|
|
26
|
+
|
|
27
|
+
def initialize_instance
|
|
28
|
+
super
|
|
29
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegQueryInfoKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
|
|
9
|
+
class QueryInfoKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_class, initial_value: 0
|
|
16
|
+
|
|
17
|
+
def initialize_instance
|
|
18
|
+
super
|
|
19
|
+
@opnum = REG_QUERY_INFO_KEY
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
# This class represents a BaseRegQueryInfoKey Response Packet as defined in
|
|
5
|
+
# [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
|
|
6
|
+
class QueryInfoKeyResponse < BinData::Record
|
|
7
|
+
attr_reader :opnum
|
|
8
|
+
|
|
9
|
+
endian :little
|
|
10
|
+
|
|
11
|
+
rrp_unicode_string :lp_class, initial_value: 0
|
|
12
|
+
string :pad, length: -> { pad_length }
|
|
13
|
+
uint32 :lpc_sub_keys
|
|
14
|
+
uint32 :lpc_max_sub_key_len
|
|
15
|
+
uint32 :lpc_max_class_len
|
|
16
|
+
uint32 :lpc_values
|
|
17
|
+
uint32 :lpcb_max_value_name_len
|
|
18
|
+
uint32 :lpcb_max_value_len
|
|
19
|
+
uint32 :lpcb_security_descriptor
|
|
20
|
+
file_time :lpft_last_write_time
|
|
21
|
+
uint32 :error_status
|
|
22
|
+
|
|
23
|
+
def initialize_instance
|
|
24
|
+
super
|
|
25
|
+
@opnum = REG_QUERY_INFO_KEY
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Determines the correct length for the padding in front of
|
|
29
|
+
# #lpc_sub_keys. It should always force a 4-byte alignment.
|
|
30
|
+
def pad_length
|
|
31
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
32
|
+
(4 - offset) % 4
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegQueryValue Request Packet as defined in
|
|
8
|
+
# [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
|
|
9
|
+
class QueryValueRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_value_name
|
|
16
|
+
string :pad, length: -> { pad_length }
|
|
17
|
+
ndr_lp_dword :lp_type
|
|
18
|
+
ndr_lp_byte :lp_data
|
|
19
|
+
ndr_lp_dword :lpcb_data
|
|
20
|
+
ndr_lp_dword :lpcb_len
|
|
21
|
+
|
|
22
|
+
def initialize_instance
|
|
23
|
+
super
|
|
24
|
+
@opnum = REG_QUERY_VALUE
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Determines the correct length for the padding in front of
|
|
28
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
29
|
+
def pad_length
|
|
30
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
31
|
+
(4 - offset) % 4
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegQueryValue Response Packet as defined in
|
|
6
|
+
# [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
|
|
7
|
+
class QueryValueResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
ndr_lp_dword :lp_type
|
|
13
|
+
ndr_lp_byte :lp_data
|
|
14
|
+
string :pad, length: -> { pad_length }
|
|
15
|
+
ndr_lp_dword :lpcb_data
|
|
16
|
+
ndr_lp_dword :lpcb_len
|
|
17
|
+
uint32 :error_status
|
|
18
|
+
|
|
19
|
+
def initialize_instance
|
|
20
|
+
super
|
|
21
|
+
@opnum = REG_QUERY_VALUE
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Determines the correct length for the padding in front of
|
|
25
|
+
# #lpcb_data. It should always force a 4-byte alignment.
|
|
26
|
+
def pad_length
|
|
27
|
+
offset = (lp_data.abs_offset + lp_data.to_binary_s.length) % 4
|
|
28
|
+
(4 - offset) % 4
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Returns the data portion of the registry value formatted according to its type:
|
|
32
|
+
# [3.1.1.5 Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3d64dbea-f016-4373-8cac-e43bf343837d)
|
|
33
|
+
def data
|
|
34
|
+
bytes = lp_data.bytes.to_a.pack('C*')
|
|
35
|
+
case lp_type
|
|
36
|
+
when 1,2
|
|
37
|
+
bytes.force_encoding('utf-16le').strip
|
|
38
|
+
when 3
|
|
39
|
+
bytes
|
|
40
|
+
when 4
|
|
41
|
+
bytes.unpack('V').first
|
|
42
|
+
when 5
|
|
43
|
+
bytes.unpack('N').first
|
|
44
|
+
when 7
|
|
45
|
+
str = bytes.force_encoding('utf-16le')
|
|
46
|
+
str.split("\0".encode('utf-16le'))
|
|
47
|
+
when 11
|
|
48
|
+
bytes.unpack('Q<').first
|
|
49
|
+
else
|
|
50
|
+
""
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a REGSAM structure as defined in
|
|
6
|
+
# [2.2.3 REGSAM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/fefbc801-b141-4bb1-9dcb-bf366da3ae7e)
|
|
7
|
+
# [2.4.3 ACCESS_MASK](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
|
|
8
|
+
class Regsam < BinData::Record
|
|
9
|
+
endian :little
|
|
10
|
+
bit2 :reserved, label: 'Reserved Space'
|
|
11
|
+
bit1 :key_create_link, label: 'Key Create Link'
|
|
12
|
+
bit1 :key_notify, label: 'Key Notify'
|
|
13
|
+
bit1 :key_enumerate_sub_keys, label: 'Key Enumerate Sub Keys'
|
|
14
|
+
bit1 :key_create_sub_key, label: 'Key Create Sub Key'
|
|
15
|
+
bit1 :key_set_value, label: 'Key Set Value'
|
|
16
|
+
bit1 :key_query_value, label: 'Key Query Value'
|
|
17
|
+
# byte boundary
|
|
18
|
+
bit6 :reserved2, label: 'Reserved Space'
|
|
19
|
+
bit1 :key_wow64_32key, label: 'Key Wow64 32key'
|
|
20
|
+
bit1 :key_wow64_64key, label: 'Key Wow64 64key'
|
|
21
|
+
# byte boundary
|
|
22
|
+
bit3 :reserved3, label: 'Reserved Space'
|
|
23
|
+
bit1 :synchronize, label: 'Synchronize'
|
|
24
|
+
bit1 :write_owner, label: 'Write Owner'
|
|
25
|
+
bit1 :write_dac, label: 'Write DAC'
|
|
26
|
+
bit1 :read_control, label: 'Read Control'
|
|
27
|
+
bit1 :delete_access, label: 'Delete'
|
|
28
|
+
# byte boundary
|
|
29
|
+
bit1 :generic_read, label: 'Generic Read'
|
|
30
|
+
bit1 :generic_write, label: 'Generic Write'
|
|
31
|
+
bit1 :generic_execute, label: 'Generic Execute'
|
|
32
|
+
bit1 :generic_all, label: 'Generic All'
|
|
33
|
+
bit2 :reserved4, label: 'Reserved Space'
|
|
34
|
+
bit1 :maximum, label: 'Maximum Allowed'
|
|
35
|
+
bit1 :system_security, label: 'System Security'
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|