RubyGems - ruby_smb - Versions diffs - 1.0.4 → 2.0.2 - Mend

ruby_smb 1.0.4 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (130) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/enum_registry_key.rb +28 -0
data/examples/enum_registry_values.rb +30 -0
data/examples/negotiate.rb +51 -8
data/examples/pipes.rb +2 -1
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +32 -0
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +207 -18
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +153 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +38 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +3 -0
data/lib/ruby_smb/dcerpc/ndr.rb +95 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +28 -9
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +35 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/winreg.rb +340 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dispatcher/socket.rb +4 -3
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +6 -4
data/lib/ruby_smb/smb1/packet/empty_packet.rb +4 -2
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +79 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +25 -43
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +9 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +77 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +23 -17
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1441 -61
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +410 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +98 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +108 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +90 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +150 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +710 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +2 -2
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/empty_packet_spec.rb +10 -0
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +210 -148
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +86 -62
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +29 -2
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +220 -149
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +53 -8
metadata +187 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

data/lib/ruby_smb/dcerpc.rb CHANGED

@@ -1,15 +1,53 @@
 module RubySMB
   module Dcerpc
+    MAX_XMIT_FRAG = 4280
+    MAX_RECV_FRAG = 4280
+    require 'windows_error/win32'
     require 'ruby_smb/dcerpc/error'
     require 'ruby_smb/dcerpc/uuid'
     require 'ruby_smb/dcerpc/ndr'
     require 'ruby_smb/dcerpc/ptypes'
     require 'ruby_smb/dcerpc/p_syntax_id_t'
+    require 'ruby_smb/dcerpc/rrp_unicode_string'
     require 'ruby_smb/dcerpc/pdu_header'
     require 'ruby_smb/dcerpc/srvsvc'
+    require 'ruby_smb/dcerpc/winreg'
     require 'ruby_smb/dcerpc/request'
     require 'ruby_smb/dcerpc/response'
     require 'ruby_smb/dcerpc/bind'
     require 'ruby_smb/dcerpc/bind_ack'
+    # Bind to the remote server interface endpoint.
+    #
+    # @param options [Hash] the options to pass to the Bind request packet. At least, :endpoint must but provided with an existing Dcerpc class
+    # @return [RubySMB::Dcerpc::BindAck] the BindAck response packet
+    # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if an invalid packet is received
+    # @raise [RubySMB::Dcerpc::Error::BindError] if the response is not a BindAck packet or if the Bind result code is not ACCEPTANCE
+    def bind(options={})
+      bind_req = RubySMB::Dcerpc::Bind.new(options)
+      write(data: bind_req.to_binary_s)
+      @size = 1024
+      dcerpc_raw_response = read()
+      begin
+        dcerpc_response = RubySMB::Dcerpc::BindAck.read(dcerpc_raw_response)
+      rescue IOError
+        raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the DCERPC response"
+      end
+      unless dcerpc_response.pdu_header.ptype == RubySMB::Dcerpc::PTypes::BIND_ACK
+        raise RubySMB::Dcerpc::Error::BindError, "Not a BindAck packet"
+      end
+      res_list = dcerpc_response.p_result_list
+      if res_list.n_results == 0 ||
+         res_list.p_results[0].result != RubySMB::Dcerpc::BindAck::ACCEPTANCE
+        raise RubySMB::Dcerpc::Error::BindError,
+          "Bind Failed (Result: #{res_list.p_results[0].result}, Reason: #{res_list.p_results[0].reason})"
+      end
+      @tree.client.max_buffer_size = dcerpc_response.max_xmit_frag
+      dcerpc_response
+    end
   end
 end

data/lib/ruby_smb/dcerpc/bind.rb CHANGED

@@ -35,8 +35,8 @@ module RubySMB
       pdu_header :pdu_header,        label: 'PDU header'
-      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: 0xFFFF
-      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: 0xFFFF
+      uint16 :max_xmit_frag,         label: 'max transmit frag size',    initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16 :max_recv_frag,         label: 'max receive  frag size',    initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32 :assoc_group_id,        label: 'ncarnation of client-server assoc group'
       p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }

data/lib/ruby_smb/dcerpc/bind_ack.rb CHANGED

@@ -46,8 +46,8 @@ module RubySMB
       pdu_header :pdu_header,         label: 'PDU header'
-      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: 0xFFFF
-      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: 0xFFFF
+      uint16     :max_xmit_frag,      label: 'Max transmit frag size',  initial_value: RubySMB::Dcerpc::MAX_XMIT_FRAG
+      uint16     :max_recv_frag,      label: 'Max receive frag size',   initial_value: RubySMB::Dcerpc::MAX_RECV_FRAG
       uint32     :assoc_group_id,     label: 'Association group ID'
       port_any_t :sec_addr,           label: 'Secondary address'
       string     :pad,                length: -> { pad_length }

data/lib/ruby_smb/dcerpc/error.rb CHANGED

@@ -10,6 +10,9 @@ module RubySMB
       # Raised when an invalid packet is received
       class InvalidPacket < DcerpcError; end
+      # Raised when an error is returned during a Winreg operation
+      class WinregError < DcerpcError; end
     end
   end
 end

data/lib/ruby_smb/dcerpc/ndr.rb CHANGED

@@ -7,36 +7,115 @@ module RubySMB
       VER_MAJOR = 2
       VER_MINOR = 0
-      class NdrString < BinData::Record
+      # An NDR Top-level Full Pointers representation as defined in
+      # [Transfer Syntax NDR - Top-level Full Pointers](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_11_01)
+      # This class must be inherited and the subclass must have a #referent protperty
+      class NdrTopLevelFullPointer < BinData::Primitive
         endian :little
-        uint32    :max_count, initial_value: -> { str.length }
-        uint32    :offset, initial_value: 0
-        uint32    :actual_count, initial_value: -> { str.length }
-        stringz16 :str, read_length: -> { actual_count }
+        uint32 :referent_identifier, initial_value: 0x00020000
-        def assign(v)
-          self.max_count = v.size
-          self.actual_count = v.size
-          self.str = v
+        def get
+          is_a_null_pointer? ? 0 : self.referent
+        end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.referent_identifier = 0
+          else
+            self.referent = v
+          end
+        end
+        def is_a_null_pointer?
+          self.referent_identifier == 0
         end
       end
-      class NdrLpStr < BinData::Record
+      # An NDR Conformant and Varying String representation as defined in
+      # [Transfer Syntax NDR - Conformant and Varying Strings](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02)
+      # The string elements are Stringz16 (unicode)
+      class NdrString < BinData::Primitive
         endian :little
-        uint32     :referent_identifier
-        ndr_string :ndr_str
+        uint32    :max_count
+        uint32    :offset,     initial_value: 0
+        uint32    :actual_count
+        stringz16 :str,        read_length: -> { actual_count }, onlyif: -> { actual_count > 0 }
-        def assign(v)
-          self.ndr_str = v
+        def get
+          self.actual_count == 0 ? 0 : self.str
         end
+        def set(v)
+          if v.is_a?(Integer) && v == 0
+            self.actual_count = 0
+          else
+            self.str = v
+            self.max_count = self.actual_count = str.to_binary_s.size / 2
+          end
+        end
+      end
+      # A pointer to a NdrString structure
+      class NdrLpStr < NdrTopLevelFullPointer
+        endian :little
+        ndr_string :referent, onlyif: -> { !is_a_null_pointer? }
         def to_s
-          self.ndr_str.str
+          is_a_null_pointer? ? "\0" : self.referent
+        end
+      end
+      # An NDR Context Handle representation as defined in
+      # [IDL Data Type Declarations - Basic Type Declarations](http://pubs.opengroup.org/onlinepubs/9629399/apdxn.htm#tagcjh_34_01)
+      class NdrContextHandle < BinData::Primitive
+        endian :little
+        uint32 :context_handle_attributes
+        uuid   :context_handle_uuid
+        def get
+          {:context_handle_attributes => context_handle_attributes, :context_handle_uuid => context_handle_uuid}
         end
+        def set(handle)
+          if handle.is_a?(Hash)
+            self.context_handle_attributes = handle[:context_handle_attributes]
+            self.context_handle_uuid = handle[:context_handle_uuid]
+          elsif handle.is_a?(NdrContextHandle)
+            read(handle.to_binary_s)
+          else
+            read(handle.to_s)
+          end
+        end
+      end
+      # A pointer to a DWORD
+      class NdrLpDword < NdrTopLevelFullPointer
+        endian :little
+        uint32 :referent, onlyif: -> { !is_a_null_pointer? }
+      end
+      # An NDR Uni-dimensional Conformant-varying Arrays representation as defined in:
+      # [Transfer Syntax NDR - NDR Constructed Types](http://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_03_04)
+      class NdrLpByte < BinData::Record
+        endian :little
+        uint32 :referent_identifier, initial_value: 0x00020000
+        uint32 :max_count,           initial_value: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+        uint32 :offset,              initial_value: 0,                   onlyif: -> { referent_identifier != 0 }
+        uint32 :actual_count,        initial_value: -> { bytes.size },   onlyif: -> { referent_identifier != 0 }
+        array  :bytes, :type => :uint8, initial_length: -> { actual_count }, onlyif: -> { referent_identifier != 0 }
+      end
+      # A pointer to a Windows FILETIME structure
+      class NdrLpFileTime < NdrTopLevelFullPointer
+        endian :little
+        file_time :referent, onlyif: -> { !is_a_null_pointer? }
       end
     end
   end
 end

data/lib/ruby_smb/dcerpc/pdu_header.rb CHANGED

@@ -21,7 +21,7 @@ module RubySMB
       end
       uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
-      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.do_num_bytes }
+      uint16 :frag_length, label: 'Total length of fragment',             initial_value: -> { parent.num_bytes }
       uint16 :auth_length, label: 'Length of auth_value'
       uint32 :call_id,     label: 'Call identifier',                      initial_value: 1
     end

data/lib/ruby_smb/dcerpc/request.rb CHANGED

@@ -6,19 +6,38 @@ module RubySMB
       endian :little
       pdu_header :pdu_header, label: 'PDU header'
+      uint32     :alloc_hint, label: 'Allocation hint', initial_value: -> { stub.num_bytes }
+      uint16     :p_cont_id,  label: 'Presentation context identification'
+      uint16     :opnum,      label: 'Operation Number'
+      uuid       :object,     label: 'Object UID', onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      uint32 :alloc_hint,     label: 'Allocation hint',  initial_value: -> { stub.do_num_bytes }
-      uint16 :p_cont_id,      label: 'Presentation context identification'
-      uint16 :opnum,          label: 'Operation Number'
-      uuid   :object,         label: 'Object UID',      onlyif: -> { pdu_header.pfc_flags.object_uuid == 1 }
-      choice :stub, label: 'Stub', selection: -> { opnum } do
-        net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host }
+      choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
+        choice 'Winreg', selection: -> { opnum } do
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCR, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCR
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCU, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKLM, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPD, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPD
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKU,  opnum: RubySMB::Dcerpc::Winreg::OPEN_HKU
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKCC, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKCC
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPT, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPT
+          open_root_key_request  RubySMB::Dcerpc::Winreg::OPEN_HKPN, opnum: RubySMB::Dcerpc::Winreg::OPEN_HKPN
+          close_key_request      RubySMB::Dcerpc::Winreg::REG_CLOSE_KEY
+          enum_key_request       RubySMB::Dcerpc::Winreg::REG_ENUM_KEY
+          enum_value_request     RubySMB::Dcerpc::Winreg::REG_ENUM_VALUE
+          open_key_request       RubySMB::Dcerpc::Winreg::REG_OPEN_KEY
+          query_info_key_request RubySMB::Dcerpc::Winreg::REG_QUERY_INFO_KEY
+          query_value_request    RubySMB::Dcerpc::Winreg::REG_QUERY_VALUE
+          string                 :default
+        end
+        choice 'Srvsvc', selection: -> { opnum } do
+          net_share_enum_all RubySMB::Dcerpc::Srvsvc::NET_SHARE_ENUM_ALL, host: -> { host rescue '' }
+          string             :default
+        end
+        string :default
       end
       string :auth_verifier, label: 'Authentication verifier',
-        onlyif: -> { pdu_header.auth_length > 0 },
+        onlyif:      -> { pdu_header.auth_length > 0 },
         read_length: -> { pdu_header.auth_length }
       def initialize_instance

data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb ADDED

@@ -0,0 +1,35 @@
+require 'ruby_smb/dcerpc/ndr'
+module RubySMB
+  module Dcerpc
+    # A RRP_UNICODE_STRING structure as defined in
+    # [2.2.4 RRP_UNICODE_STRING](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c0c90f11-a4c4-496a-ac09-8a8a3697ceef)
+    class RrpUnicodeString < BinData::Primitive
+      endian :little
+      uint16     :buffer_length,  initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.actual_count * 2 }
+      uint16     :maximum_length, initial_value: -> { buffer.to_s == "\0" ? 0 : buffer.max_count * 2 }
+      ndr_lp_str :buffer
+      def get
+        self.buffer
+      end
+      def set(buf)
+        self.buffer = buf
+        self.buffer_length = self.buffer.to_s == "\0" ? 0 : self.buffer.actual_count * 2
+        self.maximum_length = self.buffer.to_s == "\0" ? 0 : self.buffer.max_count * 2
+      end
+    end
+    # A pointer to a RRP_UNICODE_STRING structure
+    class PrrpUnicodeString < Ndr::NdrTopLevelFullPointer
+      endian :little
+      rrp_unicode_string :referent, onlyif: -> { !is_a_null_pointer? }
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/srvsvc.rb CHANGED

@@ -10,6 +10,16 @@ module RubySMB
       NET_SHARE_ENUM_ALL = 0xF
       require 'ruby_smb/dcerpc/srvsvc/net_share_enum_all'
+      def net_share_enum_all(host)
+        bind(endpoint: RubySMB::Dcerpc::Srvsvc)
+        net_share_enum_all_request_packet = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.new(host: host)
+        response = dcerpc_request(net_share_enum_all_request_packet)
+        shares = RubySMB::Dcerpc::Srvsvc::NetShareEnumAll.parse_response(response)
+        shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb CHANGED

@@ -5,6 +5,10 @@ module RubySMB
       #https://msdn.microsoft.com/en-us/library/cc247293.aspx
       class NetShareEnumAll < BinData::Record
+        attr_reader :opnum
+        mandatory_parameter :host
         endian :little
         uint32    :referent_id,  initial_value: 0x00000001
@@ -27,6 +31,11 @@ module RubySMB
         uint32 :resume_referent_id, initial_value: 0x00000001
         uint32 :resume_handle,    initial_value: 0
+        def initialize_instance
+          super
+          @opnum = NET_SHARE_ENUM_ALL
+        end
         def pad_length
           offset = (server_unc.abs_offset + server_unc.to_binary_s.length) % 4
           (4 - offset) % 4

data/lib/ruby_smb/dcerpc/winreg.rb ADDED

@@ -0,0 +1,340 @@
+module RubySMB
+  module Dcerpc
+    module Winreg
+      UUID = '338CD001-2244-31F1-AAAA-900038001003'
+      VER_MAJOR = 1
+      VER_MINOR = 0
+      # Operation numbers
+      OPEN_HKCR             = 0x00
+      OPEN_HKCU             = 0x01
+      OPEN_HKLM             = 0x02
+      OPEN_HKPD             = 0x03
+      OPEN_HKU              = 0x04
+      REG_CLOSE_KEY         = 0x05
+      REG_ENUM_KEY          = 0x09
+      REG_ENUM_VALUE        = 0x0a
+      REG_OPEN_KEY          = 0x0f
+      REG_QUERY_INFO_KEY    = 0x10
+      REG_QUERY_VALUE       = 0x11
+      OPEN_HKCC             = 0x1b
+      OPEN_HKPT             = 0x20
+      OPEN_HKPN             = 0x21
+      require 'ruby_smb/dcerpc/winreg/regsam'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_root_key_response'
+      require 'ruby_smb/dcerpc/winreg/close_key_request'
+      require 'ruby_smb/dcerpc/winreg/close_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_key_request'
+      require 'ruby_smb/dcerpc/winreg/enum_key_response'
+      require 'ruby_smb/dcerpc/winreg/enum_value_request'
+      require 'ruby_smb/dcerpc/winreg/enum_value_response'
+      require 'ruby_smb/dcerpc/winreg/open_key_request'
+      require 'ruby_smb/dcerpc/winreg/open_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_request'
+      require 'ruby_smb/dcerpc/winreg/query_info_key_response'
+      require 'ruby_smb/dcerpc/winreg/query_value_request'
+      require 'ruby_smb/dcerpc/winreg/query_value_response'
+      ROOT_KEY_MAP = {
+        "HKEY_CLASSES_ROOT"         => OPEN_HKCR,
+        "HKCR"                      => OPEN_HKCR,
+        "HKEY_CURRENT_USER"         => OPEN_HKCU,
+        "HKCU"                      => OPEN_HKCU,
+        "HKEY_LOCAL_MACHINE"        => OPEN_HKLM,
+        "HKLM"                      => OPEN_HKLM,
+        "HKEY_PERFORMANCE_DATA"     => OPEN_HKPD,
+        "HKPD"                      => OPEN_HKPD,
+        "HKEY_USERS"                => OPEN_HKU,
+        "HKU"                       => OPEN_HKU,
+        "HKEY_CURRENT_CONFIG"       => OPEN_HKCC,
+        "HKCC"                      => OPEN_HKCC,
+        "HKEY_PERFORMANCE_TEXT"     => OPEN_HKPT,
+        "HKPT"                      => OPEN_HKPT,
+        "HKEY_PERFORMANCE_NLS_TEXT" => OPEN_HKPN,
+        "HKPN"                      => OPEN_HKPN
+      }
+      # Open the registry root key and return a handle for it. The key can be
+      # either a long format (e.g. HKEY_LOCAL_MACHINE) or a short format
+      # (e.g. HKLM)
+      #
+      # @param root_key [String] the root key to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the root key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenRootKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_root_key(root_key)
+        root_key_opnum = RubySMB::Dcerpc::Winreg::ROOT_KEY_MAP[root_key]
+        raise ArgumentError, "Unknown Root Key: #{root_key}" unless root_key_opnum
+        root_key_request_packet = OpenRootKeyRequest.new(opnum: root_key_opnum)
+        response = dcerpc_request(root_key_request_packet)
+        begin
+          root_key_response_packet = OpenRootKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket,
+            "Error reading OpenRootKeyResponse (command = #{root_key_opnum})"
+        end
+        unless root_key_response_packet.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError,
+            "Error returned when opening root key #{root_key}: "\
+            "#{WindowsError::Win32.find_by_retval(root_key_response_packet.error_status.value).join(',')}"
+        end
+        root_key_response_packet.ph_key
+      end
+      # Open the registry key specified by a root key handle (previously open
+      # with #open_root_key) and a subkey. It returns a handle for the key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the root key
+      # @param sub_key [String] the subkey to open
+      # @return [Ndr::NdrContextHandle] the RPC context handle for the key
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def open_key(handle, sub_key)
+        openkey_request_packet = RubySMB::Dcerpc::Winreg::OpenKeyRequest.new(hkey: handle, lp_sub_key: sub_key)
+        openkey_request_packet.sam_desired.read_control = 1
+        openkey_request_packet.sam_desired.key_query_value = 1
+        openkey_request_packet.sam_desired.key_enumerate_sub_keys = 1
+        openkey_request_packet.sam_desired.key_notify = 1
+        response = dcerpc_request(openkey_request_packet)
+        begin
+          open_key_response = RubySMB::Dcerpc::Winreg::OpenKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the OpenKey response"
+        end
+        unless open_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when opening subkey #{sub_key}: "\
+            "#{WindowsError::Win32.find_by_retval(open_key_response.error_status.value).join(',')}"
+        end
+        open_key_response.phk_result
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry open key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param value_name [String] the name of the value
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_value(handle, value_name)
+        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
+        query_value_request_packet.lp_data.referent_identifier = 0
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_request_packet = RubySMB::Dcerpc::Winreg::QueryValueRequest.new(hkey: handle, lp_value_name: value_name)
+        query_value_request_packet.lpcb_data = query_value_response.lpcb_data
+        query_value_request_packet.lp_data.max_count = query_value_response.lpcb_data.referent
+        response = dcerpc_request(query_value_request_packet)
+        begin
+          query_value_response = RubySMB::Dcerpc::Winreg::QueryValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the QueryValue response"
+        end
+        unless query_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when reading value #{value_name}: "\
+            "#{WindowsError::Win32.find_by_retval(query_value_response.error_status.value).join(',')}"
+        end
+        query_value_response.data
+      end
+      # Close the handle to the registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [WindowsError::Win32] the response error status
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CloseKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def close_key(handle)
+        close_key_request_packet = RubySMB::Dcerpc::Winreg::CloseKeyRequest.new(hkey: handle)
+        response = dcerpc_request(close_key_request_packet)
+        begin
+          close_key_response = RubySMB::Dcerpc::Winreg::CloseKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the CloseKey response"
+        end
+        unless close_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when closing the key: "\
+            "#{WindowsError::Win32.find_by_retval(close_key_response.error_status.value).join(',')}"
+        end
+        close_key_response.error_status
+      end
+      # Retrive relevant information on the key that corresponds to the
+      # specified key handle.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @return [RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse] the QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a QueryInfoKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def query_info_key(handle)
+        query_info_key_request_packet = RubySMB::Dcerpc::Winreg::QueryInfoKeyRequest.new(hkey: handle)
+        response = dcerpc_request(query_info_key_request_packet)
+        begin
+          query_info_key_response = RubySMB::Dcerpc::Winreg::QueryInfoKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the query_infoKey response"
+        end
+        unless query_info_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when querying information: "\
+            "#{WindowsError::Win32.find_by_retval(query_info_key_response.error_status.value).join(',')}"
+        end
+        query_info_key_response
+      end
+      # Enumerate the subkey at the specified index.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the subkey name
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumKeyResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_key(handle, index)
+        enum_key_request_packet = RubySMB::Dcerpc::Winreg::EnumKeyRequest.new(hkey: handle, dw_index: index)
+        enum_key_request_packet.lpft_last_write_time = 0
+        enum_key_request_packet.lp_class.referent.buffer = 0
+        enum_key_request_packet.lp_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_key_request_packet)
+        begin
+          enum_key_response = RubySMB::Dcerpc::Winreg::EnumKeyResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the EnumKey response"
+        end
+        unless enum_key_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating the key: "\
+            "#{WindowsError::Win32.find_by_retval(enum_key_response.error_status.value).join(',')}"
+        end
+        enum_key_response.lp_name.to_s
+      end
+      # Enumerate the value at the specified index for the specified registry key.
+      #
+      # @param handle [Ndr::NdrContextHandle] the handle for the key
+      # @param index [Numeric] the index of the subkey
+      # @return [String] the data of the value entry
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a EnumValueResponse packet
+      # @raise [RubySMB::Dcerpc::Error::WinregError] if the response error status is not ERROR_SUCCESS
+      def enum_value(handle, index)
+        enum_value_request_packet = RubySMB::Dcerpc::Winreg::EnumValueRequest.new(hkey: handle, dw_index: index)
+        enum_value_request_packet.lp_data.referent_identifier = 0
+        enum_value_request_packet.lp_value_name.buffer.referent.max_count = 256
+        response = dcerpc_request(enum_value_request_packet)
+        begin
+          enum_value_response = RubySMB::Dcerpc::Winreg::EnumValueResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, "Error reading the Enumvalue response"
+        end
+        unless enum_value_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::WinregError, "Error returned when enumerating values: "\
+            "#{WindowsError::Win32.find_by_retval(enum_value_response.error_status.value).join(',')}"
+        end
+        enum_value_response.lp_value_name.to_s
+      end
+      # Checks if the specified registry key exists. It returns true if it
+      # exists, false otherwise.
+      #
+      # @param key [String] the registry key to check
+      # @return [Boolean]
+      def has_registry_key?(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        begin
+          root_key_handle = open_root_key(root_key)
+          subkey_handle = open_key(root_key_handle, sub_key)
+        rescue RubySMB::Dcerpc::Error::WinregError
+          return false
+        end
+        close_key(subkey_handle)
+        return true
+      end
+      # Retrieve the data associated with the named value of a specified
+      # registry key.
+      #
+      # @param key [String] the registry key
+      # @param value_name [String] the name of the value to read
+      # @return [String] the data of the value entry
+      def read_registry_key_value(key, value_name)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = open_key(root_key_handle, sub_key)
+        value = query_value(subkey_handle, value_name)
+        close_key(subkey_handle)
+        value
+      end
+      # Enumerate the subkeys of a specified registry key. If only a root key
+      # is provided, it enumerates its subkeys.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the subkeys
+      def enum_registry_key(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        key_count = query_info_key_response.lpc_sub_keys.to_i
+        enum_result = []
+        key_count.times do |i|
+          enum_result << enum_key(subkey_handle, i)
+        end
+        close_key(subkey_handle)
+        enum_result
+      end
+      # Enumerate the values for the specified registry key.
+      #
+      # @param key [String] the registry key
+      # @return [Array<String>] the values
+      def enum_registry_values(key)
+        bind(endpoint: RubySMB::Dcerpc::Winreg)
+        root_key, sub_key = key.gsub(/\//, '\\').split('\\', 2)
+        root_key_handle = open_root_key(root_key)
+        subkey_handle = if sub_key.nil? || sub_key.empty?
+                          root_key_handle
+                        else
+                          open_key(root_key_handle, sub_key)
+                        end
+        query_info_key_response = query_info_key(subkey_handle)
+        value_count = query_info_key_response.lpc_values.to_i
+        enum_result = []
+        value_count.times do |i|
+          enum_result << enum_value(subkey_handle, i)
+        end
+        close_key(subkey_handle)
+        enum_result
+      end
+    end
+  end
+end