ruby_smb 1.0.4 → 2.0.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +3 -2
- data/Gemfile +6 -2
- data/README.md +35 -47
- data/examples/enum_registry_key.rb +28 -0
- data/examples/enum_registry_values.rb +30 -0
- data/examples/negotiate.rb +51 -8
- data/examples/pipes.rb +2 -1
- data/examples/read_file_encryption.rb +56 -0
- data/examples/read_registry_key_value.rb +32 -0
- data/lib/ruby_smb.rb +4 -1
- data/lib/ruby_smb/client.rb +207 -18
- data/lib/ruby_smb/client/authentication.rb +27 -8
- data/lib/ruby_smb/client/encryption.rb +62 -0
- data/lib/ruby_smb/client/negotiation.rb +153 -12
- data/lib/ruby_smb/client/signing.rb +19 -0
- data/lib/ruby_smb/client/tree_connect.rb +4 -4
- data/lib/ruby_smb/client/utils.rb +8 -7
- data/lib/ruby_smb/client/winreg.rb +46 -0
- data/lib/ruby_smb/crypto.rb +30 -0
- data/lib/ruby_smb/dcerpc.rb +38 -0
- data/lib/ruby_smb/dcerpc/bind.rb +2 -2
- data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
- data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
- data/lib/ruby_smb/dcerpc/request.rb +28 -9
- data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
- data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
- data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
- data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
- data/lib/ruby_smb/dispatcher/socket.rb +4 -3
- data/lib/ruby_smb/error.rb +28 -1
- data/lib/ruby_smb/smb1/commands.rb +1 -1
- data/lib/ruby_smb/smb1/file.rb +6 -4
- data/lib/ruby_smb/smb1/packet/empty_packet.rb +4 -2
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
- data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
- data/lib/ruby_smb/smb1/pipe.rb +79 -3
- data/lib/ruby_smb/smb1/tree.rb +12 -3
- data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
- data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
- data/lib/ruby_smb/smb2/file.rb +25 -43
- data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
- data/lib/ruby_smb/smb2/packet.rb +2 -0
- data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
- data/lib/ruby_smb/smb2/packet/error_packet.rb +9 -4
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
- data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
- data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
- data/lib/ruby_smb/smb2/pipe.rb +77 -3
- data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +23 -17
- data/lib/ruby_smb/version.rb +1 -1
- data/ruby_smb.gemspec +5 -3
- data/spec/lib/ruby_smb/client_spec.rb +1441 -61
- data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
- data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
- data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
- data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
- data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
- data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
- data/spec/lib/ruby_smb/error_spec.rb +59 -0
- data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
- data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +10 -0
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
- data/spec/lib/ruby_smb/smb1/pipe_spec.rb +210 -148
- data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
- data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
- data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
- data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
- data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +29 -2
- data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
- data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
- data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
- data/spec/lib/ruby_smb/smb2/pipe_spec.rb +220 -149
- data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
- metadata +187 -81
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
- data/lib/ruby_smb/smb2/dcerpc.rb +0 -75
data/lib/ruby_smb/dcerpc.rb
CHANGED
@@ -1,15 +1,53 @@
|
|
1
1
|
module RubySMB
|
2
2
|
module Dcerpc
|
3
|
+
MAX_XMIT_FRAG = 4280
|
4
|
+
MAX_RECV_FRAG = 4280
|
5
|
+
|
6
|
+
require 'windows_error/win32'
|
3
7
|
require 'ruby_smb/dcerpc/error'
|
4
8
|
require 'ruby_smb/dcerpc/uuid'
|
5
9
|
require 'ruby_smb/dcerpc/ndr'
|
6
10
|
require 'ruby_smb/dcerpc/ptypes'
|
7
11
|
require 'ruby_smb/dcerpc/p_syntax_id_t'
|
12
|
+
require 'ruby_smb/dcerpc/rrp_unicode_string'
|
8
13
|
require 'ruby_smb/dcerpc/pdu_header'
|
9
14
|
require 'ruby_smb/dcerpc/srvsvc'
|
15
|
+
require 'ruby_smb/dcerpc/winreg'
|
10
16
|
require 'ruby_smb/dcerpc/request'
|
11
17
|
require 'ruby_smb/dcerpc/response'
|
12
18
|
require 'ruby_smb/dcerpc/bind'
|
13
19
|
require 'ruby_smb/dcerpc/bind_ack'
|
20
|
+
|
21
|
+
|
22
|
+
# Bind to the remote server interface endpoint.
|
23
|
+
#
|
24
|
+
# @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class
|
25
|
+
# @return [RubySMB::Dcerpc::BindAck] the BindAck response packet
|
26
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if an invalid packet is received
|
27
|
+
# @raise [RubySMB::Dcerpc::Error::BindError] if the response is not a BindAck packet or if the Bind result code is not ACCEPTANCE
|
28
|
+
def bind(options={})
|
29
|
+
bind_req = RubySMB::Dcerpc::Bind.new(options)
|
30
|
+
write(data: bind_req.to_binary_s)
|
31
|
+
@size = 1024
|
32
|
+
dcerpc_raw_response = read()
|
33
|
+
begin
|
34
|
+
dcerpc_response = RubySMB::Dcerpc::BindAck.read(dcerpc_raw_response)
|
35
|
+
rescue IOError
|
36
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
|
37
|
+
end
|
38
|
+
unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::BIND_ACK
|
39
|
+
raise RubySMB::Dcerpc::Error::BindError, "Not a BindAck packet"
|
40
|
+
end
|
41
|
+
|
42
|
+
res_list = dcerpc_response.p_result_list
|
43
|
+
if res_list.n_results == 0 ||
|
44
|
+
res_list.p_results[0].result != RubySMB::Dcerpc::BindAck::ACCEPTANCE
|
45
|
+
raise RubySMB::Dcerpc::Error::BindError,
|
46
|
+
"Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
|
47
|
+
end
|
48
|
+
@tree.client.max_buffer_size = dcerpc_response.max_xmit_frag
|
49
|
+
dcerpc_response
|
50
|
+
end
|
51
|
+
|
14
52
|
end
|
15
53
|
end
|
data/lib/ruby_smb/dcerpc/bind.rb
CHANGED
@@ -35,8 +35,8 @@ module RubySMB
|
|
35
35
|
|
36
36
|
pdu_header :pdu_header, label: 'PDU header'
|
37
37
|
|
38
|
-
uint16 :max_xmit_frag, label: 'max transmit frag size', initial_value:
|
39
|
-
uint16 :max_recv_frag, label: 'max receive frag size', initial_value:
|
38
|
+
uint16 :max_xmit_frag, label: 'max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
|
39
|
+
uint16 :max_recv_frag, label: 'max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
|
40
40
|
uint32 :assoc_group_id, label: 'ncarnation of client-server assoc group'
|
41
41
|
|
42
42
|
p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }
|
@@ -46,8 +46,8 @@ module RubySMB
|
|
46
46
|
|
47
47
|
pdu_header :pdu_header, label: 'PDU header'
|
48
48
|
|
49
|
-
uint16 :max_xmit_frag, label: 'Max transmit frag size', initial_value:
|
50
|
-
uint16 :max_recv_frag, label: 'Max receive frag size', initial_value:
|
49
|
+
uint16 :max_xmit_frag, label: 'Max transmit frag size', initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
|
50
|
+
uint16 :max_recv_frag, label: 'Max receive frag size', initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
|
51
51
|
uint32 :assoc_group_id, label: 'Association group ID'
|
52
52
|
port_any_t :sec_addr, label: 'Secondary address'
|
53
53
|
string :pad, length: -> { pad_length }
|
data/lib/ruby_smb/dcerpc/ndr.rb
CHANGED
@@ -7,36 +7,115 @@ module RubySMB
|
|
7
7
|
VER_MAJOR = 2
|
8
8
|
VER_MINOR = 0
|
9
9
|
|
10
|
-
|
10
|
+
# An NDR Top-level Full Pointers representation as defined in
|
11
|
+
# [Transfer Syntax NDR - Top-level Full Pointers](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_11_01)
|
12
|
+
# This class must be inherited and the subclass must have a #referent protperty
|
13
|
+
class NdrTopLevelFullPointer < BinData::Primitive
|
11
14
|
endian :little
|
12
15
|
|
13
|
-
uint32
|
14
|
-
uint32 :offset, initial_value: 0
|
15
|
-
uint32 :actual_count, initial_value: -> { str.length }
|
16
|
-
stringz16 :str, read_length: -> { actual_count }
|
16
|
+
uint32 :referent_identifier, initial_value: 0x00020000
|
17
17
|
|
18
|
-
def
|
19
|
-
|
20
|
-
|
21
|
-
|
18
|
+
def get
|
19
|
+
is_a_null_pointer? ? 0 : self.referent
|
20
|
+
end
|
21
|
+
|
22
|
+
def set(v)
|
23
|
+
if v.is_a?(Integer) && v == 0
|
24
|
+
self.referent_identifier = 0
|
25
|
+
else
|
26
|
+
self.referent = v
|
27
|
+
end
|
28
|
+
end
|
29
|
+
|
30
|
+
def is_a_null_pointer?
|
31
|
+
self.referent_identifier == 0
|
22
32
|
end
|
23
33
|
end
|
24
34
|
|
25
|
-
|
35
|
+
# An NDR Conformant and Varying String representation as defined in
|
36
|
+
# [Transfer Syntax NDR - Conformant and Varying Strings](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02)
|
37
|
+
# The string elements are Stringz16 (unicode)
|
38
|
+
class NdrString < BinData::Primitive
|
26
39
|
endian :little
|
27
40
|
|
28
|
-
uint32
|
29
|
-
|
41
|
+
uint32 :max_count
|
42
|
+
uint32 :offset, initial_value: 0
|
43
|
+
uint32 :actual_count
|
44
|
+
stringz16 :str, read_length: -> { actual_count }, onlyif: -> { actual_count > 0 }
|
30
45
|
|
31
|
-
def
|
32
|
-
self.
|
46
|
+
def get
|
47
|
+
self.actual_count == 0 ? 0 : self.str
|
33
48
|
end
|
34
49
|
|
50
|
+
def set(v)
|
51
|
+
if v.is_a?(Integer) && v == 0
|
52
|
+
self.actual_count = 0
|
53
|
+
else
|
54
|
+
self.str = v
|
55
|
+
self.max_count = self.actual_count = str.to_binary_s.size / 2
|
56
|
+
end
|
57
|
+
end
|
58
|
+
end
|
59
|
+
|
60
|
+
# A pointer to a NdrString structure
|
61
|
+
class NdrLpStr < NdrTopLevelFullPointer
|
62
|
+
endian :little
|
63
|
+
|
64
|
+
ndr_string :referent, onlyif: -> { !is_a_null_pointer? }
|
65
|
+
|
35
66
|
def to_s
|
36
|
-
self.
|
67
|
+
is_a_null_pointer? ? "\0" : self.referent
|
68
|
+
end
|
69
|
+
end
|
70
|
+
|
71
|
+
# An NDR Context Handle representation as defined in
|
72
|
+
# [IDL Data Type Declarations - Basic Type Declarations](http://pubs.opengroup.org/onlinepubs/9629399/apdxn.htm#tagcjh_34_01)
|
73
|
+
class NdrContextHandle < BinData::Primitive
|
74
|
+
endian :little
|
75
|
+
uint32 :context_handle_attributes
|
76
|
+
uuid :context_handle_uuid
|
77
|
+
|
78
|
+
def get
|
79
|
+
{:context_handle_attributes => context_handle_attributes, :context_handle_uuid => context_handle_uuid}
|
37
80
|
end
|
81
|
+
|
82
|
+
def set(handle)
|
83
|
+
if handle.is_a?(Hash)
|
84
|
+
self.context_handle_attributes = handle[:context_handle_attributes]
|
85
|
+
self.context_handle_uuid = handle[:context_handle_uuid]
|
86
|
+
elsif handle.is_a?(NdrContextHandle)
|
87
|
+
read(handle.to_binary_s)
|
88
|
+
else
|
89
|
+
read(handle.to_s)
|
90
|
+
end
|
91
|
+
end
|
92
|
+
end
|
93
|
+
|
94
|
+
# A pointer to a DWORD
|
95
|
+
class NdrLpDword < NdrTopLevelFullPointer
|
96
|
+
endian :little
|
97
|
+
|
98
|
+
uint32 :referent, onlyif: -> { !is_a_null_pointer? }
|
99
|
+
end
|
100
|
+
|
101
|
+
# An NDR Uni-dimensional Conformant-varying Arrays representation as defined in:
|
102
|
+
# [Transfer Syntax NDR - NDR Constructed Types](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_03_04)
|
103
|
+
class NdrLpByte < BinData::Record
|
104
|
+
endian :little
|
105
|
+
|
106
|
+
uint32 :referent_identifier, initial_value: 0x00020000
|
107
|
+
uint32 :max_count, initial_value: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
|
108
|
+
uint32 :offset, initial_value: 0, onlyif: -> { referent_identifier != 0 }
|
109
|
+
uint32 :actual_count, initial_value: -> { bytes.size }, onlyif: -> { referent_identifier != 0 }
|
110
|
+
array :bytes, :type => :uint8, initial_length: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
|
111
|
+
end
|
112
|
+
|
113
|
+
# A pointer to a Windows FILETIME structure
|
114
|
+
class NdrLpFileTime < NdrTopLevelFullPointer
|
115
|
+
endian :little
|
116
|
+
|
117
|
+
file_time :referent, onlyif: -> { !is_a_null_pointer? }
|
38
118
|
end
|
39
119
|
end
|
40
120
|
end
|
41
|
-
|
42
121
|
end
|
@@ -21,7 +21,7 @@ module RubySMB
|
|
21
21
|
end
|
22
22
|
|
23
23
|
uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
|
24
|
-
uint16 :frag_length, label: 'Total length of fragment', initial_value: -> { parent.
|
24
|
+
uint16 :frag_length, label: 'Total length of fragment', initial_value: -> { parent.num_bytes }
|
25
25
|
uint16 :auth_length, label: 'Length of auth_value'
|
26
26
|
uint32 :call_id, label: 'Call identifier', initial_value: 1
|
27
27
|
end
|
@@ -6,19 +6,38 @@ module RubySMB
|
|
6
6
|
endian :little
|
7
7
|
|
8
8
|
pdu_header :pdu_header, label: 'PDU header'
|
9
|
+
uint32 :alloc_hint, label: 'Allocation hint', initial_value: -> { stub.num_bytes }
|
10
|
+
uint16 :p_cont_id, label: 'Presentation context identification'
|
11
|
+
uint16 :opnum, label: 'Operation Number'
|
12
|
+
uuid :object, label: 'Object UID', onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
|
9
13
|
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
14
|
+
choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
|
15
|
+
choice 'Winreg', selection: -> { opnum } do
|
16
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKCR, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR
|
17
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKCU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCU
|
18
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKLM, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM
|
19
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKPD, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD
|
20
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKU
|
21
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKCC, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCC
|
22
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKPT, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT
|
23
|
+
open_root_key_request RubySMB::Dcerpc::Winreg::OPEN_HKPN, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN
|
24
|
+
close_key_request RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY
|
25
|
+
enum_key_request RubySMB::Dcerpc::Winreg::REG_ENUM_KEY
|
26
|
+
enum_value_request RubySMB::Dcerpc::Winreg::REG_ENUM_VALUE
|
27
|
+
open_key_request RubySMB::Dcerpc::Winreg::REG_OPEN_KEY
|
28
|
+
query_info_key_request RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY
|
29
|
+
query_value_request RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE
|
30
|
+
string :default
|
31
|
+
end
|
32
|
+
choice 'Srvsvc', selection: -> { opnum } do
|
33
|
+
net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
|
34
|
+
string :default
|
35
|
+
end
|
36
|
+
string :default
|
18
37
|
end
|
19
38
|
|
20
39
|
string :auth_verifier, label: 'Authentication verifier',
|
21
|
-
onlyif:
|
40
|
+
onlyif: -> { pdu_header.auth_length > 0 },
|
22
41
|
read_length: -> { pdu_header.auth_length }
|
23
42
|
|
24
43
|
def initialize_instance
|
@@ -0,0 +1,35 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
|
3
|
+
module RubySMB
|
4
|
+
module Dcerpc
|
5
|
+
|
6
|
+
# A RRP_UNICODE_STRING structure as defined in
|
7
|
+
# [2.2.4 RRP_UNICODE_STRING](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c0c90f11-a4c4-496a-ac09-8a8a3697ceef)
|
8
|
+
class RrpUnicodeString < BinData::Primitive
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
uint16 :buffer_length, initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.actual_count * 2 }
|
12
|
+
uint16 :maximum_length, initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.max_count * 2 }
|
13
|
+
ndr_lp_str :buffer
|
14
|
+
|
15
|
+
def get
|
16
|
+
self.buffer
|
17
|
+
end
|
18
|
+
|
19
|
+
def set(buf)
|
20
|
+
self.buffer = buf
|
21
|
+
self.buffer_length = self.buffer.to_s == "\0" ? 0 : self.buffer.actual_count * 2
|
22
|
+
self.maximum_length = self.buffer.to_s == "\0" ? 0 : self.buffer.max_count * 2
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
26
|
+
# A pointer to a RRP_UNICODE_STRING structure
|
27
|
+
class PrrpUnicodeString < Ndr::NdrTopLevelFullPointer
|
28
|
+
endian :little
|
29
|
+
|
30
|
+
rrp_unicode_string :referent, onlyif: -> { !is_a_null_pointer? }
|
31
|
+
end
|
32
|
+
|
33
|
+
end
|
34
|
+
end
|
35
|
+
|
@@ -10,6 +10,16 @@ module RubySMB
|
|
10
10
|
NET_SHARE_ENUM_ALL = 0xF
|
11
11
|
|
12
12
|
require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
|
13
|
+
|
14
|
+
def net_share_enum_all(host)
|
15
|
+
bind(endpoint: RubySMB::Dcerpc::Srvsvc)
|
16
|
+
|
17
|
+
net_share_enum_all_request_packet = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host)
|
18
|
+
response = dcerpc_request(net_share_enum_all_request_packet)
|
19
|
+
|
20
|
+
shares = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.parse_response(response)
|
21
|
+
shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
|
22
|
+
end
|
13
23
|
end
|
14
24
|
end
|
15
25
|
end
|
@@ -5,6 +5,10 @@ module RubySMB
|
|
5
5
|
#https://msdn.microsoft.com/en-us/library/cc247293.aspx
|
6
6
|
|
7
7
|
class NetShareEnumAll < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
mandatory_parameter :host
|
11
|
+
|
8
12
|
endian :little
|
9
13
|
|
10
14
|
uint32 :referent_id, initial_value: 0x00000001
|
@@ -27,6 +31,11 @@ module RubySMB
|
|
27
31
|
uint32 :resume_referent_id, initial_value: 0x00000001
|
28
32
|
uint32 :resume_handle, initial_value: 0
|
29
33
|
|
34
|
+
def initialize_instance
|
35
|
+
super
|
36
|
+
@opnum = NET_SHARE_ENUM_ALL
|
37
|
+
end
|
38
|
+
|
30
39
|
def pad_length
|
31
40
|
offset = (server_unc.abs_offset + server_unc.to_binary_s.length) % 4
|
32
41
|
(4 - offset) % 4
|
@@ -0,0 +1,340 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Winreg
|
4
|
+
|
5
|
+
UUID = '338CD001-2244-31F1-AAAA-900038001003'
|
6
|
+
VER_MAJOR = 1
|
7
|
+
VER_MINOR = 0
|
8
|
+
|
9
|
+
# Operation numbers
|
10
|
+
OPEN_HKCR = 0x00
|
11
|
+
OPEN_HKCU = 0x01
|
12
|
+
OPEN_HKLM = 0x02
|
13
|
+
OPEN_HKPD = 0x03
|
14
|
+
OPEN_HKU = 0x04
|
15
|
+
REG_CLOSE_KEY = 0x05
|
16
|
+
REG_ENUM_KEY = 0x09
|
17
|
+
REG_ENUM_VALUE = 0x0a
|
18
|
+
REG_OPEN_KEY = 0x0f
|
19
|
+
REG_QUERY_INFO_KEY = 0x10
|
20
|
+
REG_QUERY_VALUE = 0x11
|
21
|
+
OPEN_HKCC = 0x1b
|
22
|
+
OPEN_HKPT = 0x20
|
23
|
+
OPEN_HKPN = 0x21
|
24
|
+
|
25
|
+
require 'ruby_smb/dcerpc/winreg/regsam'
|
26
|
+
require 'ruby_smb/dcerpc/winreg/open_root_key_request'
|
27
|
+
require 'ruby_smb/dcerpc/winreg/open_root_key_response'
|
28
|
+
require 'ruby_smb/dcerpc/winreg/close_key_request'
|
29
|
+
require 'ruby_smb/dcerpc/winreg/close_key_response'
|
30
|
+
require 'ruby_smb/dcerpc/winreg/enum_key_request'
|
31
|
+
require 'ruby_smb/dcerpc/winreg/enum_key_response'
|
32
|
+
require 'ruby_smb/dcerpc/winreg/enum_value_request'
|
33
|
+
require 'ruby_smb/dcerpc/winreg/enum_value_response'
|
34
|
+
require 'ruby_smb/dcerpc/winreg/open_key_request'
|
35
|
+
require 'ruby_smb/dcerpc/winreg/open_key_response'
|
36
|
+
require 'ruby_smb/dcerpc/winreg/query_info_key_request'
|
37
|
+
require 'ruby_smb/dcerpc/winreg/query_info_key_response'
|
38
|
+
require 'ruby_smb/dcerpc/winreg/query_value_request'
|
39
|
+
require 'ruby_smb/dcerpc/winreg/query_value_response'
|
40
|
+
|
41
|
+
ROOT_KEY_MAP = {
|
42
|
+
"HKEY_CLASSES_ROOT" => OPEN_HKCR,
|
43
|
+
"HKCR" => OPEN_HKCR,
|
44
|
+
"HKEY_CURRENT_USER" => OPEN_HKCU,
|
45
|
+
"HKCU" => OPEN_HKCU,
|
46
|
+
"HKEY_LOCAL_MACHINE" => OPEN_HKLM,
|
47
|
+
"HKLM" => OPEN_HKLM,
|
48
|
+
"HKEY_PERFORMANCE_DATA" => OPEN_HKPD,
|
49
|
+
"HKPD" => OPEN_HKPD,
|
50
|
+
"HKEY_USERS" => OPEN_HKU,
|
51
|
+
"HKU" => OPEN_HKU,
|
52
|
+
"HKEY_CURRENT_CONFIG" => OPEN_HKCC,
|
53
|
+
"HKCC" => OPEN_HKCC,
|
54
|
+
"HKEY_PERFORMANCE_TEXT" => OPEN_HKPT,
|
55
|
+
"HKPT" => OPEN_HKPT,
|
56
|
+
"HKEY_PERFORMANCE_NLS_TEXT" => OPEN_HKPN,
|
57
|
+
"HKPN" => OPEN_HKPN
|
58
|
+
}
|
59
|
+
|
60
|
+
# Open the registry root key and return a handle for it. The key can be
|
61
|
+
# either a long format (e.g. HKEY_LOCAL_MACHINE) or a short format
|
62
|
+
# (e.g. HKLM)
|
63
|
+
#
|
64
|
+
# @param root_key [String] the root key to open
|
65
|
+
# @return [Ndr::NdrContextHandle] the RPC context handle for the root key
|
66
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenRootKeyResponse packet
|
67
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
68
|
+
def open_root_key(root_key)
|
69
|
+
root_key_opnum = RubySMB::Dcerpc::Winreg::ROOT_KEY_MAP[root_key]
|
70
|
+
raise ArgumentError, "Unknown Root Key: #{root_key}" unless root_key_opnum
|
71
|
+
|
72
|
+
root_key_request_packet = OpenRootKeyRequest.new(opnum: root_key_opnum)
|
73
|
+
response = dcerpc_request(root_key_request_packet)
|
74
|
+
|
75
|
+
begin
|
76
|
+
root_key_response_packet = OpenRootKeyResponse.read(response)
|
77
|
+
rescue IOError
|
78
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket,
|
79
|
+
"Error reading OpenRootKeyResponse (command = #{root_key_opnum})"
|
80
|
+
end
|
81
|
+
unless root_key_response_packet.error_status == WindowsError::Win32::ERROR_SUCCESS
|
82
|
+
raise RubySMB::Dcerpc::Error::WinregError,
|
83
|
+
"Error returned when opening root key #{root_key}: "\
|
84
|
+
"#{WindowsError::Win32.find_by_retval(root_key_response_packet.error_status.value).join(',')}"
|
85
|
+
end
|
86
|
+
|
87
|
+
root_key_response_packet.ph_key
|
88
|
+
end
|
89
|
+
|
90
|
+
# Open the registry key specified by a root key handle (previously open
|
91
|
+
# with #open_root_key) and a subkey. It returns a handle for the key.
|
92
|
+
#
|
93
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the root key
|
94
|
+
# @param sub_key [String] the subkey to open
|
95
|
+
# @return [Ndr::NdrContextHandle] the RPC context handle for the key
|
96
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenKeyResponse packet
|
97
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
98
|
+
def open_key(handle, sub_key)
|
99
|
+
openkey_request_packet = RubySMB::Dcerpc::Winreg::OpenKeyRequest.new(hkey: handle, lp_sub_key: sub_key)
|
100
|
+
openkey_request_packet.sam_desired.read_control = 1
|
101
|
+
openkey_request_packet.sam_desired.key_query_value = 1
|
102
|
+
openkey_request_packet.sam_desired.key_enumerate_sub_keys = 1
|
103
|
+
openkey_request_packet.sam_desired.key_notify = 1
|
104
|
+
response = dcerpc_request(openkey_request_packet)
|
105
|
+
begin
|
106
|
+
open_key_response = RubySMB::Dcerpc::Winreg::OpenKeyResponse.read(response)
|
107
|
+
rescue IOError
|
108
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the OpenKey response"
|
109
|
+
end
|
110
|
+
unless open_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
111
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when opening subkey #{sub_key}: "\
|
112
|
+
"#{WindowsError::Win32.find_by_retval(open_key_response.error_status.value).join(',')}"
|
113
|
+
end
|
114
|
+
|
115
|
+
open_key_response.phk_result
|
116
|
+
end
|
117
|
+
|
118
|
+
# Retrieve the data associated with the named value of a specified
|
119
|
+
# registry open key.
|
120
|
+
#
|
121
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the key
|
122
|
+
# @param value_name [String] the name of the value
|
123
|
+
# @return [String] the data of the value entry
|
124
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryValueResponse packet
|
125
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
126
|
+
def query_value(handle, value_name)
|
127
|
+
query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
|
128
|
+
query_value_request_packet.lp_data.referent_identifier = 0
|
129
|
+
response = dcerpc_request(query_value_request_packet)
|
130
|
+
begin
|
131
|
+
query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
|
132
|
+
rescue IOError
|
133
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
|
134
|
+
end
|
135
|
+
unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
136
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
|
137
|
+
"#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
|
138
|
+
end
|
139
|
+
|
140
|
+
query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
|
141
|
+
query_value_request_packet.lpcb_data = query_value_response.lpcb_data
|
142
|
+
query_value_request_packet.lp_data.max_count = query_value_response.lpcb_data.referent
|
143
|
+
response = dcerpc_request(query_value_request_packet)
|
144
|
+
begin
|
145
|
+
query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
|
146
|
+
rescue IOError
|
147
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
|
148
|
+
end
|
149
|
+
unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
150
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
|
151
|
+
"#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
|
152
|
+
end
|
153
|
+
|
154
|
+
query_value_response.data
|
155
|
+
end
|
156
|
+
|
157
|
+
# Close the handle to the registry key.
|
158
|
+
#
|
159
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the key
|
160
|
+
# @return [WindowsError::Win32] the response error status
|
161
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CloseKeyResponse packet
|
162
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
163
|
+
def close_key(handle)
|
164
|
+
close_key_request_packet = RubySMB::Dcerpc::Winreg::CloseKeyRequest.new(hkey: handle)
|
165
|
+
response = dcerpc_request(close_key_request_packet)
|
166
|
+
begin
|
167
|
+
close_key_response = RubySMB::Dcerpc::Winreg::CloseKeyResponse.read(response)
|
168
|
+
rescue IOError
|
169
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CloseKey response"
|
170
|
+
end
|
171
|
+
unless close_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
172
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when closing the key: "\
|
173
|
+
"#{WindowsError::Win32.find_by_retval(close_key_response.error_status.value).join(',')}"
|
174
|
+
end
|
175
|
+
|
176
|
+
close_key_response.error_status
|
177
|
+
end
|
178
|
+
|
179
|
+
# Retrive relevant information on the key that corresponds to the
|
180
|
+
# specified key handle.
|
181
|
+
#
|
182
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the key
|
183
|
+
# @return [RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse] the QueryInfoKeyResponse packet
|
184
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryInfoKeyResponse packet
|
185
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
186
|
+
def query_info_key(handle)
|
187
|
+
query_info_key_request_packet = RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest.new(hkey: handle)
|
188
|
+
response = dcerpc_request(query_info_key_request_packet)
|
189
|
+
begin
|
190
|
+
query_info_key_response = RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse.read(response)
|
191
|
+
rescue IOError
|
192
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the query_infoKey response"
|
193
|
+
end
|
194
|
+
unless query_info_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
195
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when querying information: "\
|
196
|
+
"#{WindowsError::Win32.find_by_retval(query_info_key_response.error_status.value).join(',')}"
|
197
|
+
end
|
198
|
+
|
199
|
+
query_info_key_response
|
200
|
+
end
|
201
|
+
|
202
|
+
# Enumerate the subkey at the specified index.
|
203
|
+
#
|
204
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the key
|
205
|
+
# @param index [Numeric] the index of the subkey
|
206
|
+
# @return [String] the subkey name
|
207
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumKeyResponse packet
|
208
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
209
|
+
def enum_key(handle, index)
|
210
|
+
enum_key_request_packet = RubySMB::Dcerpc::Winreg::EnumKeyRequest.new(hkey: handle, dw_index: index)
|
211
|
+
enum_key_request_packet.lpft_last_write_time = 0
|
212
|
+
enum_key_request_packet.lp_class.referent.buffer = 0
|
213
|
+
enum_key_request_packet.lp_name.buffer.referent.max_count = 256
|
214
|
+
response = dcerpc_request(enum_key_request_packet)
|
215
|
+
begin
|
216
|
+
enum_key_response = RubySMB::Dcerpc::Winreg::EnumKeyResponse.read(response)
|
217
|
+
rescue IOError
|
218
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the EnumKey response"
|
219
|
+
end
|
220
|
+
unless enum_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
221
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating the key: "\
|
222
|
+
"#{WindowsError::Win32.find_by_retval(enum_key_response.error_status.value).join(',')}"
|
223
|
+
end
|
224
|
+
|
225
|
+
enum_key_response.lp_name.to_s
|
226
|
+
end
|
227
|
+
|
228
|
+
# Enumerate the value at the specified index for the specified registry key.
|
229
|
+
#
|
230
|
+
# @param handle [Ndr::NdrContextHandle] the handle for the key
|
231
|
+
# @param index [Numeric] the index of the subkey
|
232
|
+
# @return [String] the data of the value entry
|
233
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumValueResponse packet
|
234
|
+
# @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
|
235
|
+
def enum_value(handle, index)
|
236
|
+
enum_value_request_packet = RubySMB::Dcerpc::Winreg::EnumValueRequest.new(hkey: handle, dw_index: index)
|
237
|
+
enum_value_request_packet.lp_data.referent_identifier = 0
|
238
|
+
enum_value_request_packet.lp_value_name.buffer.referent.max_count = 256
|
239
|
+
response = dcerpc_request(enum_value_request_packet)
|
240
|
+
begin
|
241
|
+
enum_value_response = RubySMB::Dcerpc::Winreg::EnumValueResponse.read(response)
|
242
|
+
rescue IOError
|
243
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the Enumvalue response"
|
244
|
+
end
|
245
|
+
unless enum_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
|
246
|
+
raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating values: "\
|
247
|
+
"#{WindowsError::Win32.find_by_retval(enum_value_response.error_status.value).join(',')}"
|
248
|
+
end
|
249
|
+
|
250
|
+
enum_value_response.lp_value_name.to_s
|
251
|
+
end
|
252
|
+
|
253
|
+
# Checks if the specified registry key exists. It returns true if it
|
254
|
+
# exists, false otherwise.
|
255
|
+
#
|
256
|
+
# @param key [String] the registry key to check
|
257
|
+
# @return [Boolean]
|
258
|
+
def has_registry_key?(key)
|
259
|
+
bind(endpoint: RubySMB::Dcerpc::Winreg)
|
260
|
+
|
261
|
+
root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
|
262
|
+
begin
|
263
|
+
root_key_handle = open_root_key(root_key)
|
264
|
+
subkey_handle = open_key(root_key_handle, sub_key)
|
265
|
+
rescue RubySMB::Dcerpc::Error::WinregError
|
266
|
+
return false
|
267
|
+
end
|
268
|
+
close_key(subkey_handle)
|
269
|
+
return true
|
270
|
+
end
|
271
|
+
|
272
|
+
# Retrieve the data associated with the named value of a specified
|
273
|
+
# registry key.
|
274
|
+
#
|
275
|
+
# @param key [String] the registry key
|
276
|
+
# @param value_name [String] the name of the value to read
|
277
|
+
# @return [String] the data of the value entry
|
278
|
+
def read_registry_key_value(key, value_name)
|
279
|
+
bind(endpoint: RubySMB::Dcerpc::Winreg)
|
280
|
+
|
281
|
+
root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
|
282
|
+
root_key_handle = open_root_key(root_key)
|
283
|
+
subkey_handle = open_key(root_key_handle, sub_key)
|
284
|
+
value = query_value(subkey_handle, value_name)
|
285
|
+
close_key(subkey_handle)
|
286
|
+
value
|
287
|
+
end
|
288
|
+
|
289
|
+
# Enumerate the subkeys of a specified registry key. If only a root key
|
290
|
+
# is provided, it enumerates its subkeys.
|
291
|
+
#
|
292
|
+
# @param key [String] the registry key
|
293
|
+
# @return [Array<String>] the subkeys
|
294
|
+
def enum_registry_key(key)
|
295
|
+
bind(endpoint: RubySMB::Dcerpc::Winreg)
|
296
|
+
|
297
|
+
root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
|
298
|
+
root_key_handle = open_root_key(root_key)
|
299
|
+
subkey_handle = if sub_key.nil? || sub_key.empty?
|
300
|
+
root_key_handle
|
301
|
+
else
|
302
|
+
open_key(root_key_handle, sub_key)
|
303
|
+
end
|
304
|
+
query_info_key_response = query_info_key(subkey_handle)
|
305
|
+
key_count = query_info_key_response.lpc_sub_keys.to_i
|
306
|
+
enum_result = []
|
307
|
+
key_count.times do |i|
|
308
|
+
enum_result << enum_key(subkey_handle, i)
|
309
|
+
end
|
310
|
+
close_key(subkey_handle)
|
311
|
+
enum_result
|
312
|
+
end
|
313
|
+
|
314
|
+
# Enumerate the values for the specified registry key.
|
315
|
+
#
|
316
|
+
# @param key [String] the registry key
|
317
|
+
# @return [Array<String>] the values
|
318
|
+
def enum_registry_values(key)
|
319
|
+
bind(endpoint: RubySMB::Dcerpc::Winreg)
|
320
|
+
|
321
|
+
root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
|
322
|
+
root_key_handle = open_root_key(root_key)
|
323
|
+
subkey_handle = if sub_key.nil? || sub_key.empty?
|
324
|
+
root_key_handle
|
325
|
+
else
|
326
|
+
open_key(root_key_handle, sub_key)
|
327
|
+
end
|
328
|
+
query_info_key_response = query_info_key(subkey_handle)
|
329
|
+
value_count = query_info_key_response.lpc_values.to_i
|
330
|
+
enum_result = []
|
331
|
+
value_count.times do |i|
|
332
|
+
enum_result << enum_value(subkey_handle, i)
|
333
|
+
end
|
334
|
+
close_key(subkey_handle)
|
335
|
+
enum_result
|
336
|
+
end
|
337
|
+
|
338
|
+
end
|
339
|
+
end
|
340
|
+
end
|