ruby_smb 1.0.3 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +3 -2
- data/Gemfile +6 -2
- data/README.md +35 -47
- data/examples/enum_registry_key.rb +28 -0
- data/examples/enum_registry_values.rb +30 -0
- data/examples/negotiate.rb +51 -8
- data/examples/pipes.rb +2 -1
- data/examples/read_file_encryption.rb +56 -0
- data/examples/read_registry_key_value.rb +32 -0
- data/lib/ruby_smb.rb +4 -1
- data/lib/ruby_smb/client.rb +233 -22
- data/lib/ruby_smb/client/authentication.rb +70 -33
- data/lib/ruby_smb/client/echo.rb +20 -2
- data/lib/ruby_smb/client/encryption.rb +62 -0
- data/lib/ruby_smb/client/negotiation.rb +172 -24
- data/lib/ruby_smb/client/signing.rb +19 -0
- data/lib/ruby_smb/client/tree_connect.rb +24 -18
- data/lib/ruby_smb/client/utils.rb +8 -7
- data/lib/ruby_smb/client/winreg.rb +46 -0
- data/lib/ruby_smb/crypto.rb +30 -0
- data/lib/ruby_smb/dcerpc.rb +38 -0
- data/lib/ruby_smb/dcerpc/bind.rb +2 -2
- data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
- data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
- data/lib/ruby_smb/dcerpc/request.rb +28 -9
- data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
- data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
- data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
- data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
- data/lib/ruby_smb/dispatcher/socket.rb +4 -3
- data/lib/ruby_smb/error.rb +68 -2
- data/lib/ruby_smb/generic_packet.rb +33 -4
- data/lib/ruby_smb/smb1/commands.rb +1 -1
- data/lib/ruby_smb/smb1/file.rb +66 -15
- data/lib/ruby_smb/smb1/packet/close_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/close_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/echo_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/echo_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/empty_packet.rb +10 -1
- data/lib/ruby_smb/smb1/packet/logoff_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/logoff_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/negotiate_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/negotiate_response.rb +3 -7
- data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +4 -4
- data/lib/ruby_smb/smb1/packet/nt_create_andx_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/nt_create_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/create_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/create_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/nt_trans/request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/nt_trans/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/read_andx_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/read_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/session_setup_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_request.rb +0 -1
- data/lib/ruby_smb/smb1/packet/trans/peek_nmpipe_response.rb +3 -2
- data/lib/ruby_smb/smb1/packet/trans/request.rb +2 -5
- data/lib/ruby_smb/smb1/packet/trans/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +1 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_first2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_first2_response.rb +8 -2
- data/lib/ruby_smb/smb1/packet/trans2/find_next2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/find_next2_response.rb +8 -2
- data/lib/ruby_smb/smb1/packet/trans2/open2_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/open2_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/trans2/request_secondary.rb +2 -4
- data/lib/ruby_smb/smb1/packet/trans2/response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/set_file_information_request.rb +2 -1
- data/lib/ruby_smb/smb1/packet/trans2/set_file_information_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/tree_connect_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/tree_connect_response.rb +13 -3
- data/lib/ruby_smb/smb1/packet/tree_disconnect_request.rb +2 -4
- data/lib/ruby_smb/smb1/packet/tree_disconnect_response.rb +2 -1
- data/lib/ruby_smb/smb1/packet/write_andx_request.rb +3 -6
- data/lib/ruby_smb/smb1/packet/write_andx_response.rb +2 -1
- data/lib/ruby_smb/smb1/pipe.rb +87 -6
- data/lib/ruby_smb/smb1/tree.rb +50 -3
- data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
- data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
- data/lib/ruby_smb/smb2/file.rb +103 -25
- data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
- data/lib/ruby_smb/smb2/packet.rb +2 -0
- data/lib/ruby_smb/smb2/packet/close_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/close_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
- data/lib/ruby_smb/smb2/packet/create_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/create_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/echo_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/echo_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/error_packet.rb +15 -3
- data/lib/ruby_smb/smb2/packet/ioctl_request.rb +2 -5
- data/lib/ruby_smb/smb2/packet/ioctl_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/logoff_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/logoff_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -17
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +52 -5
- data/lib/ruby_smb/smb2/packet/query_directory_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/query_directory_response.rb +8 -2
- data/lib/ruby_smb/smb2/packet/read_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/read_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/session_setup_request.rb +2 -5
- data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/set_info_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/set_info_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +93 -10
- data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +10 -22
- data/lib/ruby_smb/smb2/packet/tree_disconnect_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/tree_disconnect_response.rb +2 -1
- data/lib/ruby_smb/smb2/packet/write_request.rb +2 -4
- data/lib/ruby_smb/smb2/packet/write_response.rb +2 -1
- data/lib/ruby_smb/smb2/pipe.rb +86 -12
- data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +65 -21
- data/lib/ruby_smb/version.rb +1 -1
- data/ruby_smb.gemspec +5 -3
- data/spec/lib/ruby_smb/client_spec.rb +1612 -108
- data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
- data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
- data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
- data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
- data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
- data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
- data/spec/lib/ruby_smb/error_spec.rb +59 -0
- data/spec/lib/ruby_smb/generic_packet_spec.rb +52 -4
- data/spec/lib/ruby_smb/smb1/file_spec.rb +191 -2
- data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +68 -0
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
- data/spec/lib/ruby_smb/smb1/packet/trans2/find_first2_response_spec.rb +11 -2
- data/spec/lib/ruby_smb/smb1/packet/trans2/find_next2_response_spec.rb +11 -2
- data/spec/lib/ruby_smb/smb1/packet/tree_connect_response_spec.rb +40 -0
- data/spec/lib/ruby_smb/smb1/pipe_spec.rb +272 -149
- data/spec/lib/ruby_smb/smb1/tree_spec.rb +44 -7
- data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
- data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
- data/spec/lib/ruby_smb/smb2/file_spec.rb +323 -6
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
- data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
- data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +78 -0
- data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
- data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
- data/spec/lib/ruby_smb/smb2/packet/query_directory_response_spec.rb +8 -0
- data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -22
- data/spec/lib/ruby_smb/smb2/pipe_spec.rb +286 -149
- data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +261 -2
- metadata +191 -83
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/smb1/dcerpc.rb +0 -67
- data/lib/ruby_smb/smb2/dcerpc.rb +0 -70
- data/spec/lib/ruby_smb/smb1/packet/error_packet_spec.rb +0 -37
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumKey Response Packet as defined in
|
|
6
|
+
# [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
|
|
7
|
+
class EnumKeyResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_name
|
|
13
|
+
string :pad1, length: -> { pad_length1 }
|
|
14
|
+
prrp_unicode_string :lp_class, initial_value: 0
|
|
15
|
+
string :pad2, length: -> { pad_length2 }
|
|
16
|
+
ndr_lp_file_time :lpft_last_write_time
|
|
17
|
+
uint32 :error_status
|
|
18
|
+
|
|
19
|
+
def initialize_instance
|
|
20
|
+
super
|
|
21
|
+
@opnum = REG_ENUM_KEY
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Determines the correct length for the padding in front of
|
|
25
|
+
# #lp_class. It should always force a 4-byte alignment.
|
|
26
|
+
def pad_length1
|
|
27
|
+
offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
|
|
28
|
+
(4 - offset) % 4
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Determines the correct length for the padding in front of
|
|
32
|
+
# #lpft_last_write_time. It should always force a 4-byte alignment.
|
|
33
|
+
def pad_length2
|
|
34
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
35
|
+
(4 - offset) % 4
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegEnumValue Request Packet as defined in
|
|
8
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
9
|
+
class EnumValueRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
uint32 :dw_index
|
|
16
|
+
rrp_unicode_string :lp_value_name
|
|
17
|
+
string :pad, length: -> { pad_length }
|
|
18
|
+
ndr_lp_dword :lp_type
|
|
19
|
+
ndr_lp_byte :lp_data
|
|
20
|
+
ndr_lp_dword :lpcb_data
|
|
21
|
+
ndr_lp_dword :lpcb_len
|
|
22
|
+
|
|
23
|
+
def initialize_instance
|
|
24
|
+
super
|
|
25
|
+
@opnum = REG_ENUM_VALUE
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Determines the correct length for the padding in front of
|
|
29
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
30
|
+
def pad_length
|
|
31
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
32
|
+
(4 - offset) % 4
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumValue Response Packet as defined in
|
|
6
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
7
|
+
class EnumValueResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_value_name
|
|
13
|
+
string :pad, length: -> { pad_length }
|
|
14
|
+
ndr_lp_dword :lp_type
|
|
15
|
+
ndr_lp_byte :lp_data
|
|
16
|
+
ndr_lp_dword :lpcb_data
|
|
17
|
+
ndr_lp_dword :lpcb_len
|
|
18
|
+
uint32 :error_status
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_ENUM_VALUE
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_sub_key
|
|
16
|
+
string :pad, length: -> { pad_length }
|
|
17
|
+
uint32 :dw_options
|
|
18
|
+
regsam :sam_desired
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_OPEN_KEY
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #dw_options. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_sub_key.abs_offset + lp_sub_key.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Response Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyResponse < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
prpc_hkey :phk_result
|
|
14
|
+
uint32 :error_status
|
|
15
|
+
|
|
16
|
+
def initialize_instance
|
|
17
|
+
super
|
|
18
|
+
@opnum = REG_OPEN_KEY
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a PREGISTRY_SERVER_NAME structure as defined in
|
|
6
|
+
# [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
|
|
7
|
+
class PRegistryServerName < Ndr::NdrTopLevelFullPointer
|
|
8
|
+
endian :little
|
|
9
|
+
|
|
10
|
+
string16 :referent, read_length: -> { 4 }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# This class is a generic class that represents OpenXXX Request packet,
|
|
14
|
+
# used to open one of the root keys, as defined in:
|
|
15
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
16
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
17
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
18
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
19
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
20
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
21
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
22
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
23
|
+
# The structure is define by the value of the #opnum parameter
|
|
24
|
+
# e.g. (OpenLocalMachine):
|
|
25
|
+
# OpenRootKeyRequest.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
26
|
+
class OpenRootKeyRequest < BinData::Record
|
|
27
|
+
attr_reader :opnum
|
|
28
|
+
|
|
29
|
+
endian :little
|
|
30
|
+
p_registry_server_name :p_registry_server_name
|
|
31
|
+
regsam :sam_desired
|
|
32
|
+
|
|
33
|
+
def initialize_instance
|
|
34
|
+
super
|
|
35
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
36
|
+
p_registry_server_name.referent = "\0\0"
|
|
37
|
+
sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class is a generic class that represents OpenXXX Response packet,
|
|
8
|
+
# used to open one of the root keys, as defined in:
|
|
9
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
10
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
11
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
12
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
13
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
14
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
15
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
16
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
17
|
+
# The structure is define by the value of the #opnum parameter
|
|
18
|
+
# e.g. (OpenLocalMachine):
|
|
19
|
+
# OpenRootKeyResponse.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
20
|
+
class OpenRootKeyResponse < BinData::Record
|
|
21
|
+
attr_reader :opnum
|
|
22
|
+
|
|
23
|
+
endian :little
|
|
24
|
+
prpc_hkey :ph_key
|
|
25
|
+
uint32 :error_status
|
|
26
|
+
|
|
27
|
+
def initialize_instance
|
|
28
|
+
super
|
|
29
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegQueryInfoKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
|
|
9
|
+
class QueryInfoKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_class, initial_value: 0
|
|
16
|
+
|
|
17
|
+
def initialize_instance
|
|
18
|
+
super
|
|
19
|
+
@opnum = REG_QUERY_INFO_KEY
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
# This class represents a BaseRegQueryInfoKey Response Packet as defined in
|
|
5
|
+
# [3.1.5.16 BaseRegQueryInfoKey (Opnum 16)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/a886ba66-5c7b-4331-bacd-7c77edc95d85)
|
|
6
|
+
class QueryInfoKeyResponse < BinData::Record
|
|
7
|
+
attr_reader :opnum
|
|
8
|
+
|
|
9
|
+
endian :little
|
|
10
|
+
|
|
11
|
+
rrp_unicode_string :lp_class, initial_value: 0
|
|
12
|
+
string :pad, length: -> { pad_length }
|
|
13
|
+
uint32 :lpc_sub_keys
|
|
14
|
+
uint32 :lpc_max_sub_key_len
|
|
15
|
+
uint32 :lpc_max_class_len
|
|
16
|
+
uint32 :lpc_values
|
|
17
|
+
uint32 :lpcb_max_value_name_len
|
|
18
|
+
uint32 :lpcb_max_value_len
|
|
19
|
+
uint32 :lpcb_security_descriptor
|
|
20
|
+
file_time :lpft_last_write_time
|
|
21
|
+
uint32 :error_status
|
|
22
|
+
|
|
23
|
+
def initialize_instance
|
|
24
|
+
super
|
|
25
|
+
@opnum = REG_QUERY_INFO_KEY
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Determines the correct length for the padding in front of
|
|
29
|
+
# #lpc_sub_keys. It should always force a 4-byte alignment.
|
|
30
|
+
def pad_length
|
|
31
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
32
|
+
(4 - offset) % 4
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegQueryValue Request Packet as defined in
|
|
8
|
+
# [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
|
|
9
|
+
class QueryValueRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_value_name
|
|
16
|
+
string :pad, length: -> { pad_length }
|
|
17
|
+
ndr_lp_dword :lp_type
|
|
18
|
+
ndr_lp_byte :lp_data
|
|
19
|
+
ndr_lp_dword :lpcb_data
|
|
20
|
+
ndr_lp_dword :lpcb_len
|
|
21
|
+
|
|
22
|
+
def initialize_instance
|
|
23
|
+
super
|
|
24
|
+
@opnum = REG_QUERY_VALUE
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Determines the correct length for the padding in front of
|
|
28
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
29
|
+
def pad_length
|
|
30
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
31
|
+
(4 - offset) % 4
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
|
|
35
|
+
end
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegQueryValue Response Packet as defined in
|
|
6
|
+
# [3.1.5.17 BaseRegQueryValue (Opnum 17)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bc10aa3-2f91-44e8-aa33-b3263c49ab9d)
|
|
7
|
+
class QueryValueResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
ndr_lp_dword :lp_type
|
|
13
|
+
ndr_lp_byte :lp_data
|
|
14
|
+
string :pad, length: -> { pad_length }
|
|
15
|
+
ndr_lp_dword :lpcb_data
|
|
16
|
+
ndr_lp_dword :lpcb_len
|
|
17
|
+
uint32 :error_status
|
|
18
|
+
|
|
19
|
+
def initialize_instance
|
|
20
|
+
super
|
|
21
|
+
@opnum = REG_QUERY_VALUE
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Determines the correct length for the padding in front of
|
|
25
|
+
# #lpcb_data. It should always force a 4-byte alignment.
|
|
26
|
+
def pad_length
|
|
27
|
+
offset = (lp_data.abs_offset + lp_data.to_binary_s.length) % 4
|
|
28
|
+
(4 - offset) % 4
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Returns the data portion of the registry value formatted according to its type:
|
|
32
|
+
# [3.1.1.5 Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3d64dbea-f016-4373-8cac-e43bf343837d)
|
|
33
|
+
def data
|
|
34
|
+
bytes = lp_data.bytes.to_a.pack('C*')
|
|
35
|
+
case lp_type
|
|
36
|
+
when 1,2
|
|
37
|
+
bytes.force_encoding('utf-16le').strip
|
|
38
|
+
when 3
|
|
39
|
+
bytes
|
|
40
|
+
when 4
|
|
41
|
+
bytes.unpack('V').first
|
|
42
|
+
when 5
|
|
43
|
+
bytes.unpack('N').first
|
|
44
|
+
when 7
|
|
45
|
+
str = bytes.force_encoding('utf-16le')
|
|
46
|
+
str.split("\0".encode('utf-16le'))
|
|
47
|
+
when 11
|
|
48
|
+
bytes.unpack('Q<').first
|
|
49
|
+
else
|
|
50
|
+
""
|
|
51
|
+
end
|
|
52
|
+
end
|
|
53
|
+
|
|
54
|
+
end
|
|
55
|
+
end
|
|
56
|
+
end
|
|
57
|
+
end
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a REGSAM structure as defined in
|
|
6
|
+
# [2.2.3 REGSAM](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/fefbc801-b141-4bb1-9dcb-bf366da3ae7e)
|
|
7
|
+
# [2.4.3 ACCESS_MASK](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dtyp/7a53f60e-e730-4dfe-bbe9-b21b62eb790b)
|
|
8
|
+
class Regsam < BinData::Record
|
|
9
|
+
endian :little
|
|
10
|
+
bit2 :reserved, label: 'Reserved Space'
|
|
11
|
+
bit1 :key_create_link, label: 'Key Create Link'
|
|
12
|
+
bit1 :key_notify, label: 'Key Notify'
|
|
13
|
+
bit1 :key_enumerate_sub_keys, label: 'Key Enumerate Sub Keys'
|
|
14
|
+
bit1 :key_create_sub_key, label: 'Key Create Sub Key'
|
|
15
|
+
bit1 :key_set_value, label: 'Key Set Value'
|
|
16
|
+
bit1 :key_query_value, label: 'Key Query Value'
|
|
17
|
+
# byte boundary
|
|
18
|
+
bit6 :reserved2, label: 'Reserved Space'
|
|
19
|
+
bit1 :key_wow64_32key, label: 'Key Wow64 32key'
|
|
20
|
+
bit1 :key_wow64_64key, label: 'Key Wow64 64key'
|
|
21
|
+
# byte boundary
|
|
22
|
+
bit3 :reserved3, label: 'Reserved Space'
|
|
23
|
+
bit1 :synchronize, label: 'Synchronize'
|
|
24
|
+
bit1 :write_owner, label: 'Write Owner'
|
|
25
|
+
bit1 :write_dac, label: 'Write DAC'
|
|
26
|
+
bit1 :read_control, label: 'Read Control'
|
|
27
|
+
bit1 :delete_access, label: 'Delete'
|
|
28
|
+
# byte boundary
|
|
29
|
+
bit1 :generic_read, label: 'Generic Read'
|
|
30
|
+
bit1 :generic_write, label: 'Generic Write'
|
|
31
|
+
bit1 :generic_execute, label: 'Generic Execute'
|
|
32
|
+
bit1 :generic_all, label: 'Generic All'
|
|
33
|
+
bit2 :reserved4, label: 'Reserved Space'
|
|
34
|
+
bit1 :maximum, label: 'Maximum Allowed'
|
|
35
|
+
bit1 :system_security, label: 'System Security'
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|