RubyGems - ruby_smb - Versions diffs - 1.0.5 → 2.0.3 - Mend

ruby_smb 1.0.5 → 2.0.3

Files changed (191) hide show

checksums.yaml +5 -5
checksums.yaml.gz.sig +0 -0
data.tar.gz.sig +0 -0
data/.travis.yml +3 -2
data/Gemfile +6 -2
data/README.md +35 -47
data/examples/anonymous_auth.rb +3 -3
data/examples/append_file.rb +10 -8
data/examples/authenticate.rb +9 -5
data/examples/delete_file.rb +8 -6
data/examples/enum_registry_key.rb +29 -0
data/examples/enum_registry_values.rb +31 -0
data/examples/list_directory.rb +8 -6
data/examples/negotiate.rb +51 -8
data/examples/negotiate_with_netbios_service.rb +9 -5
data/examples/net_share_enum_all.rb +6 -4
data/examples/pipes.rb +13 -13
data/examples/query_service_status.rb +64 -0
data/examples/read_file.rb +8 -6
data/examples/read_file_encryption.rb +56 -0
data/examples/read_registry_key_value.rb +33 -0
data/examples/rename_file.rb +9 -7
data/examples/tree_connect.rb +7 -5
data/examples/write_file.rb +9 -7
data/lib/ruby_smb.rb +4 -1
data/lib/ruby_smb/client.rb +239 -21
data/lib/ruby_smb/client/authentication.rb +27 -8
data/lib/ruby_smb/client/encryption.rb +62 -0
data/lib/ruby_smb/client/negotiation.rb +154 -12
data/lib/ruby_smb/client/signing.rb +19 -0
data/lib/ruby_smb/client/tree_connect.rb +4 -4
data/lib/ruby_smb/client/utils.rb +8 -7
data/lib/ruby_smb/client/winreg.rb +46 -0
data/lib/ruby_smb/crypto.rb +30 -0
data/lib/ruby_smb/dcerpc.rb +40 -0
data/lib/ruby_smb/dcerpc/bind.rb +2 -2
data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
data/lib/ruby_smb/dcerpc/error.rb +6 -0
data/lib/ruby_smb/dcerpc/ndr.rb +260 -16
data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
data/lib/ruby_smb/dcerpc/request.rb +41 -9
data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +38 -0
data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +421 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
data/lib/ruby_smb/dispatcher/base.rb +1 -1
data/lib/ruby_smb/dispatcher/socket.rb +5 -4
data/lib/ruby_smb/error.rb +28 -1
data/lib/ruby_smb/field/stringz16.rb +17 -1
data/lib/ruby_smb/nbss/session_header.rb +4 -4
data/lib/ruby_smb/smb1/commands.rb +1 -1
data/lib/ruby_smb/smb1/file.rb +8 -14
data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
data/lib/ruby_smb/smb1/pipe.rb +81 -3
data/lib/ruby_smb/smb1/tree.rb +12 -3
data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
data/lib/ruby_smb/smb2/file.rb +51 -61
data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
data/lib/ruby_smb/smb2/packet.rb +2 -0
data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
data/lib/ruby_smb/smb2/packet/error_packet.rb +2 -4
data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
data/lib/ruby_smb/smb2/pipe.rb +80 -3
data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
data/lib/ruby_smb/smb2/tree.rb +32 -20
data/lib/ruby_smb/version.rb +1 -1
data/ruby_smb.gemspec +5 -3
data/spec/lib/ruby_smb/client_spec.rb +1583 -102
data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1729 -0
data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +135 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +104 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +95 -0
data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +35 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +138 -0
data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +884 -0
data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +12 -12
data/spec/lib/ruby_smb/error_spec.rb +59 -0
data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
data/spec/lib/ruby_smb/smb1/pipe_spec.rb +216 -147
data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
data/spec/lib/ruby_smb/smb2/file_spec.rb +146 -68
data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +3 -24
data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
data/spec/lib/ruby_smb/smb2/pipe_spec.rb +226 -148
data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
data/spec/lib/ruby_smb/smb2/tree_spec.rb +88 -9
metadata +257 -81
metadata.gz.sig +0 -0
data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
data/lib/ruby_smb/smb2/dcerpc.rb +0 -75

@@ -7,18 +7,61 @@
 require 'bundler/setup'
 require 'ruby_smb'
-def run_negotiation(address, smb1, smb2)
+def run_negotiation(address, smb1, smb2, smb3, opts = {})
   # Create our socket and add it to the dispatcher
   sock = TCPSocket.new address, 445
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: 'msfadmin', password: 'msfadmin')
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: 'msfadmin', password: 'msfadmin')
   client.negotiate
 end
-# Negotiate with both SMB1 and SMB2 enabled on the client
-run_negotiation(ARGV[0], true, true)
-# Negotiate with only SMB1 enabled
-run_negotiation(ARGV[0], true, false)
-# Negotiate with only SMB2 enabled
-run_negotiation(ARGV[0], false, true)
+begin
+  puts "Negotiate with only SMB1 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB2 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with only SMB3 enabled..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB2 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, false)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], false, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with both SMB1 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, false, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end
+begin
+  puts "Negotiate with SMB1, SMB2 and SMB3 enabled on the client..."
+  puts "  Negotiated version: #{run_negotiation(ARGV[0], true, true, true)}"
+rescue RubySMB::Error::RubySMBError => e
+  puts "Error: #{e.message}"
+end

data/examples/negotiate_with_netbios_service.rb CHANGED

@@ -9,11 +9,11 @@
 require 'bundler/setup'
 require 'ruby_smb'
-def run_negotiation(address, smb1, smb2, netbios_name)
+def run_negotiation(address, smb1, smb2, smb3, netbios_name)
   sock = TCPSocket.new address, 139
   dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, username: 'msfadmin', password: 'msfadmin')
+  client = RubySMB::Client.new(dispatcher, smb1: smb1, smb2: smb2, smb3: smb3, username: 'msfadmin', password: 'msfadmin')
   begin
     client.session_request(netbios_name)
   rescue RubySMB::Error::NetBiosSessionService => e
@@ -28,9 +28,13 @@ end
 address      = ARGV[0]
 netbios_name = ARGV[1] || '*SMBSERVER'
+# Negotiate with SMB1, SMB2 and SMB3 enabled on the client
+run_negotiation(ARGV[0], true, true, true, netbios_name)
 # Negotiate with both SMB1 and SMB2 enabled on the client
-run_negotiation(ARGV[0], true, true, netbios_name)
+run_negotiation(ARGV[0], true, true, false, netbios_name)
 # Negotiate with only SMB1 enabled
-run_negotiation(ARGV[0], true, false, netbios_name)
+run_negotiation(ARGV[0], true, false, false, netbios_name)
 # Negotiate with only SMB2 enabled
-run_negotiation(ARGV[0], false, true, netbios_name)
+run_negotiation(ARGV[0], false, true, false, netbios_name)
+# Negotiate with only SMB3 enabled
+run_negotiation(ARGV[0], false, false, true, netbios_name)

data/examples/net_share_enum_all.rb CHANGED

@@ -8,15 +8,17 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-username = ARGV[1]
-password = ARGV[2]
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+smb_versions = ARGV[3]&.split(',') || ['1','2','3']
 path     = "\\\\#{address}\\IPC$"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
-client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate

data/examples/pipes.rb CHANGED

@@ -10,30 +10,30 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-pipename = ARGV[1]
-username = ARGV[2]
-password = ARGV[3]
-smbver   = ARGV[4].to_i
+address      = ARGV[0]
+pipename     = ARGV[1]
+username     = ARGV[2]
+password     = ARGV[3]
+smb_versions = ARGV[4]&.split(',') || ['1','2','3']
 sock = TCPSocket.new(address, 445)
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-if smbver == 2
-  client = RubySMB::Client.new(dispatcher, smb1: false, username: username, password: password)
-  client.negotiate
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+smbver = client.negotiate
+if smbver == 'SMB1'
+  puts "ServerMaxBuffer: #{client.server_max_buffer_size}"
+else
   puts "ServerMaxRead:   #{client.server_max_read_size}"
   puts "ServerMaxWrite:  #{client.server_max_write_size}"
   puts "ServerMaxTrans:  #{client.server_max_transact_size}"
-elsif smbver == 1
-  client = RubySMB::Client.new(dispatcher, smb2: false, username: username, password: password)
-  client.negotiate
-  puts "ServerMaxBuffer: #{client.server_max_buffer_size}"
 end
 client.authenticate
 client.tree_connect("\\\\#{address}\\IPC$")
-pipe = client.create_pipe(pipename, nil)
+client.create_pipe(pipename)
+pipe = client.last_file
 puts "Available:       #{pipe.peek_available}"
 puts "PipeState:       #{pipe.peek_state}" # 3 == OK

data/examples/query_service_status.rb ADDED

@@ -0,0 +1,64 @@
+#!/usr/bin/ruby
+# This example script is used for testing remote service status and start type query.
+# It will attempt to connect to a host and query the status and start type of the provided service.
+# Example usage: ruby query_service_status.rb 192.168.172.138 msfadmin msfadmin "RemoteRegistry"
+# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin credentialas and get the status and start type of the "RemoteRegistry" service.
+require 'bundler/setup'
+require 'ruby_smb'
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+service      = ARGV[3]
+smb_versions = ARGV[4]&.split(',') || ['1','2','3']
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+protocol = client.negotiate
+status = client.authenticate
+puts "#{protocol} : #{status}"
+tree = client.tree_connect("\\\\#{address}\\IPC$")
+svcctl = tree.open_file(filename: 'svcctl', write: true, read: true)
+puts('Binding to \\svcctl...')
+svcctl.bind(endpoint: RubySMB::Dcerpc::Svcctl)
+puts('Bound to \\svcctl')
+puts('Opening Service Control Manager')
+scm_handle = svcctl.open_sc_manager_w(address)
+svc_handle = svcctl.open_service_w(scm_handle, service)
+svc_status = svcctl.query_service_status(svc_handle)
+case svc_status.dw_current_state
+when RubySMB::Dcerpc::Svcctl::SERVICE_RUNNING
+  puts("Service #{service} is running")
+when RubySMB::Dcerpc::Svcctl::SERVICE_STOPPED
+  puts("Service #{service} is in stopped state")
+end
+svc_config = svcctl.query_service_config(svc_handle)
+case svc_config.dw_start_type
+when RubySMB::Dcerpc::Svcctl::SERVICE_DISABLED
+  puts("Service #{service} is disabled")
+when RubySMB::Dcerpc::Svcctl::SERVICE_BOOT_START, RubySMB::Dcerpc::Svcctl::SERVICE_SYSTEM_START
+  puts("Service #{service} starts when the system boots up (driver)")
+when RubySMB::Dcerpc::Svcctl::SERVICE_AUTO_START
+  puts("Service #{service} starts automatically during system startup")
+when RubySMB::Dcerpc::Svcctl::SERVICE_DEMAND_START
+  puts("Service #{service} starts manually")
+end
+if svcctl
+  svcctl.close_service_handle(svc_handle) if svc_handle
+  svcctl.close_service_handle(scm_handle) if scm_handle
+  svcctl.close
+end
+client.disconnect!

data/examples/read_file.rb CHANGED

@@ -9,17 +9,19 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-username = ARGV[1]
-password = ARGV[2]
-share    = ARGV[3]
-file     = ARGV[4]
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+share        = ARGV[3]
+file         = ARGV[4]
+smb_versions = ARGV[5]&.split(',') || ['1','2','3']
 path     = "\\\\#{address}\\#{share}"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate

data/examples/read_file_encryption.rb ADDED

@@ -0,0 +1,56 @@
+#!/usr/bin/ruby
+# This example script is used for testing the reading of a file.
+# It will attempt to connect to a specific share and then read a specified file.
+# Example usage: ruby read_file.rb 192.168.172.138 msfadmin msfadmin TEST_SHARE short.txt
+# This will try to connect to \\192.168.172.138\TEST_SHARE with the msfadmin:msfadmin credentials
+# and read the file short.txt
+require 'bundler/setup'
+require 'ruby_smb'
+address  = ARGV[0]
+username = ARGV[1]
+password = ARGV[2]
+share    = ARGV[3]
+filename = ARGV[4]
+path     = "\\\\#{address}\\#{share}"
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock)
+# To require encryption on the server, run this in an elevated Powershell:
+# C:\> Set-SmbServerConfiguration -EncryptData $true
+# To enable per-share encryption on the server, run this in an elevated Powershell:
+# C:\ Set-SmbServerConfiguration -EncryptData $false
+# C:\ Set-SmbShare -Name <share name> -EncryptData 1
+# For this encryption to work, it has to be SMBv3. By only setting smb3 to true,
+# we make sure the server will negotiate this version, if it supports it
+opts = {
+  smb1: false,
+  smb2: false,
+  smb3: true,
+  username: username,
+  password: password,
+}
+# By default, the client uses encryption even if it is not required by the server. Disable this by setting always_encrypt to false
+#opts[:always_encrypt] = false
+client = RubySMB::Client.new(dispatcher, opts)
+protocol = client.negotiate
+status = client.authenticate
+begin
+  tree = client.tree_connect(path)
+rescue StandardError => e
+  puts "Failed to connect to #{path}: #{e.message}"
+end
+file = tree.open_file(filename: filename)
+data = file.read
+puts data
+file.close

data/examples/read_registry_key_value.rb ADDED

@@ -0,0 +1,33 @@
+#!/usr/bin/ruby
+# This example script is used for testing the Winreg registry key value read functionality.
+# It will attempt to connect to a host and reads the value of a specified registry key.
+# Example usage: ruby enum_registry_key.rb 192.168.172.138 msfadmin msfadmin HKLM\\My\\Key ValueName
+# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin credentialas and reads the ValueName data corresponding to the HKLM\\My\\Key registry key.
+require 'bundler/setup'
+require 'ruby_smb'
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+registry_key = ARGV[3]
+value_name   = ARGV[4]
+smb_versions = ARGV[5]&.split(',') || ['1','2','3']
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+protocol = client.negotiate
+status = client.authenticate
+puts "#{protocol}: #{status}"
+puts "Key:   #{registry_key}"
+puts "Value: #{value_name}"
+key_value = client.read_registry_key_value(address, registry_key, value_name)
+puts key_value
+client.disconnect!

data/examples/rename_file.rb CHANGED

@@ -9,18 +9,20 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-username = ARGV[1]
-password = ARGV[2]
-share    = ARGV[3]
-file     = ARGV[4]
-new_name = ARGV[5]
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+share        = ARGV[3]
+file         = ARGV[4]
+new_name     = ARGV[5]
+smb_versions = ARGV[6]&.split(',') || ['1','2','3']
 path     = "\\\\#{address}\\#{share}"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate

data/examples/tree_connect.rb CHANGED

@@ -8,16 +8,18 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-username = ARGV[1]
-password = ARGV[2]
-share    = ARGV[3]
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+share        = ARGV[3]
+smb_versions = ARGV[4]&.split(',') || ['1','2','3']
 path     = "\\\\#{address}\\#{share}"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate

data/examples/write_file.rb CHANGED

@@ -9,18 +9,20 @@
 require 'bundler/setup'
 require 'ruby_smb'
-address  = ARGV[0]
-username = ARGV[1]
-password = ARGV[2]
-share    = ARGV[3]
-file     = ARGV[4]
-data     = ARGV[5]
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+share        = ARGV[3]
+file         = ARGV[4]
+data         = ARGV[5]
+smb_versions = ARGV[6]&.split(',') || ['1','2','3']
 path     = "\\\\#{address}\\#{share}"
 sock = TCPSocket.new address, 445
 dispatcher = RubySMB::Dispatcher::Socket.new(sock)
-client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
 protocol = client.negotiate
 status = client.authenticate

data/lib/ruby_smb.rb CHANGED

@@ -1,6 +1,9 @@
 require 'bindata'
 require 'net/ntlm'
 require 'net/ntlm/client'
+require 'openssl'
+require 'openssl/ccm'
+require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
@@ -15,7 +18,6 @@ module RubySMB
   require 'ruby_smb/field'
   require 'ruby_smb/nbss'
   require 'ruby_smb/fscc'
-  require 'ruby_smb/dcerpc'
   require 'ruby_smb/generic_packet'
   require 'ruby_smb/dispatcher'
   require 'ruby_smb/version'
@@ -23,4 +25,5 @@ module RubySMB
   require 'ruby_smb/smb2'
   require 'ruby_smb/smb1'
   require 'ruby_smb/client'
+  require 'ruby_smb/crypto'
 end