ruby_smb 1.0.5 → 2.0.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +5 -5
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/.travis.yml +3 -2
- data/Gemfile +6 -2
- data/README.md +35 -47
- data/examples/anonymous_auth.rb +3 -3
- data/examples/append_file.rb +10 -8
- data/examples/authenticate.rb +9 -5
- data/examples/delete_file.rb +8 -6
- data/examples/enum_registry_key.rb +29 -0
- data/examples/enum_registry_values.rb +31 -0
- data/examples/list_directory.rb +8 -6
- data/examples/negotiate.rb +51 -8
- data/examples/negotiate_with_netbios_service.rb +9 -5
- data/examples/net_share_enum_all.rb +6 -4
- data/examples/pipes.rb +13 -13
- data/examples/query_service_status.rb +64 -0
- data/examples/read_file.rb +8 -6
- data/examples/read_file_encryption.rb +56 -0
- data/examples/read_registry_key_value.rb +33 -0
- data/examples/rename_file.rb +9 -7
- data/examples/tree_connect.rb +7 -5
- data/examples/write_file.rb +9 -7
- data/lib/ruby_smb.rb +4 -1
- data/lib/ruby_smb/client.rb +239 -21
- data/lib/ruby_smb/client/authentication.rb +27 -8
- data/lib/ruby_smb/client/encryption.rb +62 -0
- data/lib/ruby_smb/client/negotiation.rb +154 -12
- data/lib/ruby_smb/client/signing.rb +19 -0
- data/lib/ruby_smb/client/tree_connect.rb +4 -4
- data/lib/ruby_smb/client/utils.rb +8 -7
- data/lib/ruby_smb/client/winreg.rb +46 -0
- data/lib/ruby_smb/crypto.rb +30 -0
- data/lib/ruby_smb/dcerpc.rb +40 -0
- data/lib/ruby_smb/dcerpc/bind.rb +2 -2
- data/lib/ruby_smb/dcerpc/bind_ack.rb +2 -2
- data/lib/ruby_smb/dcerpc/error.rb +6 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +260 -16
- data/lib/ruby_smb/dcerpc/pdu_header.rb +1 -1
- data/lib/ruby_smb/dcerpc/request.rb +41 -9
- data/lib/ruby_smb/dcerpc/rpc_security_attributes.rb +34 -0
- data/lib/ruby_smb/dcerpc/rrp_unicode_string.rb +38 -0
- data/lib/ruby_smb/dcerpc/srvsvc.rb +10 -0
- data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +9 -0
- data/lib/ruby_smb/dcerpc/svcctl.rb +479 -0
- data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request.rb +48 -0
- data/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response.rb +26 -0
- data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request.rb +25 -0
- data/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response.rb +26 -0
- data/lib/ruby_smb/dcerpc/svcctl/control_service_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/svcctl/control_service_response.rb +26 -0
- data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request.rb +35 -0
- data/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/svcctl/open_service_w_request.rb +31 -0
- data/lib/ruby_smb/dcerpc/svcctl/open_service_w_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request.rb +25 -0
- data/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response.rb +44 -0
- data/lib/ruby_smb/dcerpc/svcctl/query_service_status_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/svcctl/query_service_status_response.rb +27 -0
- data/lib/ruby_smb/dcerpc/svcctl/service_status.rb +25 -0
- data/lib/ruby_smb/dcerpc/svcctl/start_service_w_request.rb +27 -0
- data/lib/ruby_smb/dcerpc/svcctl/start_service_w_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +421 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/winreg/close_key_response.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/create_key_request.rb +73 -0
- data/lib/ruby_smb/dcerpc/winreg/create_key_response.rb +36 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_request.rb +45 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_key_response.rb +42 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_request.rb +39 -0
- data/lib/ruby_smb/dcerpc/winreg/enum_value_response.rb +36 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_request.rb +34 -0
- data/lib/ruby_smb/dcerpc/winreg/open_key_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb +43 -0
- data/lib/ruby_smb/dcerpc/winreg/open_root_key_response.rb +35 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_request.rb +27 -0
- data/lib/ruby_smb/dcerpc/winreg/query_info_key_response.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_request.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +57 -0
- data/lib/ruby_smb/dcerpc/winreg/regsam.rb +40 -0
- data/lib/ruby_smb/dcerpc/winreg/save_key_request.rb +37 -0
- data/lib/ruby_smb/dcerpc/winreg/save_key_response.rb +23 -0
- data/lib/ruby_smb/dispatcher/base.rb +1 -1
- data/lib/ruby_smb/dispatcher/socket.rb +5 -4
- data/lib/ruby_smb/error.rb +28 -1
- data/lib/ruby_smb/field/stringz16.rb +17 -1
- data/lib/ruby_smb/nbss/session_header.rb +4 -4
- data/lib/ruby_smb/smb1/commands.rb +1 -1
- data/lib/ruby_smb/smb1/file.rb +8 -14
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_legacy_response.rb +2 -2
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_response.rb +2 -2
- data/lib/ruby_smb/smb1/packet/write_andx_request.rb +1 -1
- data/lib/ruby_smb/smb1/pipe.rb +81 -3
- data/lib/ruby_smb/smb1/tree.rb +12 -3
- data/lib/ruby_smb/smb2/bit_field/session_flags.rb +2 -1
- data/lib/ruby_smb/smb2/bit_field/share_flags.rb +6 -4
- data/lib/ruby_smb/smb2/file.rb +51 -61
- data/lib/ruby_smb/smb2/negotiate_context.rb +108 -0
- data/lib/ruby_smb/smb2/packet.rb +2 -0
- data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +41 -0
- data/lib/ruby_smb/smb2/packet/error_packet.rb +2 -4
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +51 -14
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +50 -4
- data/lib/ruby_smb/smb2/packet/transform_header.rb +84 -0
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +92 -6
- data/lib/ruby_smb/smb2/packet/tree_connect_response.rb +8 -26
- data/lib/ruby_smb/smb2/pipe.rb +80 -3
- data/lib/ruby_smb/smb2/smb2_header.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +32 -20
- data/lib/ruby_smb/version.rb +1 -1
- data/ruby_smb.gemspec +5 -3
- data/spec/lib/ruby_smb/client_spec.rb +1583 -102
- data/spec/lib/ruby_smb/crypto_spec.rb +25 -0
- data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +2 -2
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +1729 -0
- data/spec/lib/ruby_smb/dcerpc/request_spec.rb +50 -7
- data/spec/lib/ruby_smb/dcerpc/rpc_security_attributes_spec.rb +161 -0
- data/spec/lib/ruby_smb/dcerpc/rrp_unicode_string_spec.rb +135 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +13 -0
- data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +60 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_request_spec.rb +191 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/change_service_config_w_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_request_spec.rb +30 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/close_service_handle_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_request_spec.rb +39 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/control_service_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_request_spec.rb +78 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/open_sc_manager_w_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_request_spec.rb +59 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/open_service_w_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_request_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_config_w_response_spec.rb +152 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_request_spec.rb +30 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/query_service_status_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/service_status_spec.rb +72 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_request_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl/start_service_w_response_spec.rb +30 -0
- data/spec/lib/ruby_smb/dcerpc/svcctl_spec.rb +512 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_request_spec.rb +28 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/close_key_response_spec.rb +36 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/create_key_request_spec.rb +110 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/create_key_response_spec.rb +44 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_request_spec.rb +104 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_key_response_spec.rb +97 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_request_spec.rb +94 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/enum_value_response_spec.rb +82 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_request_spec.rb +74 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_key_response_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_request_spec.rb +95 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/open_root_key_response_spec.rb +38 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_request_spec.rb +35 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_info_key_response_spec.rb +113 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_request_spec.rb +88 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/query_value_response_spec.rb +138 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/regsam_spec.rb +32 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/save_key_request_spec.rb +57 -0
- data/spec/lib/ruby_smb/dcerpc/winreg/save_key_response_spec.rb +22 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +884 -0
- data/spec/lib/ruby_smb/dcerpc_spec.rb +81 -0
- data/spec/lib/ruby_smb/dispatcher/socket_spec.rb +12 -12
- data/spec/lib/ruby_smb/error_spec.rb +59 -0
- data/spec/lib/ruby_smb/field/stringz16_spec.rb +12 -0
- data/spec/lib/ruby_smb/nbss/session_header_spec.rb +4 -11
- data/spec/lib/ruby_smb/smb1/file_spec.rb +9 -1
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_legacy_response_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/packet/session_setup_response_spec.rb +1 -1
- data/spec/lib/ruby_smb/smb1/pipe_spec.rb +216 -147
- data/spec/lib/ruby_smb/smb2/bit_field/session_flags_spec.rb +9 -0
- data/spec/lib/ruby_smb/smb2/bit_field/share_flags_spec.rb +27 -0
- data/spec/lib/ruby_smb/smb2/file_spec.rb +146 -68
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +332 -0
- data/spec/lib/ruby_smb/smb2/packet/compression_transform_header_spec.rb +108 -0
- data/spec/lib/ruby_smb/smb2/packet/error_packet_spec.rb +3 -24
- data/spec/lib/ruby_smb/smb2/packet/negotiate_request_spec.rb +138 -3
- data/spec/lib/ruby_smb/smb2/packet/negotiate_response_spec.rb +120 -2
- data/spec/lib/ruby_smb/smb2/packet/transform_header_spec.rb +220 -0
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_request_spec.rb +339 -9
- data/spec/lib/ruby_smb/smb2/packet/tree_connect_response_spec.rb +3 -30
- data/spec/lib/ruby_smb/smb2/pipe_spec.rb +226 -148
- data/spec/lib/ruby_smb/smb2/smb2_header_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +88 -9
- metadata +257 -81
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/smb1/dcerpc.rb +0 -72
- data/lib/ruby_smb/smb2/dcerpc.rb +0 -75
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegCloseKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
|
|
9
|
+
class CloseKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
|
|
16
|
+
def initialize_instance
|
|
17
|
+
super
|
|
18
|
+
@opnum = REG_CLOSE_KEY
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegCloseKey Response Packet as defined in
|
|
8
|
+
# [3.1.5.6 BaseRegCloseKey (Opnum 5)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/bc7545ff-0a54-4465-a95a-396b5c2995df)
|
|
9
|
+
class CloseKeyResponse < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
uint32 :error_status
|
|
16
|
+
|
|
17
|
+
def initialize_instance
|
|
18
|
+
super
|
|
19
|
+
@opnum = REG_CLOSE_KEY
|
|
20
|
+
end
|
|
21
|
+
end
|
|
22
|
+
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
|
|
@@ -0,0 +1,73 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegCreateKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
|
|
9
|
+
class CreateKeyRequest < BinData::Record
|
|
10
|
+
# Options:
|
|
11
|
+
# bitwise OR of one of the key types (REG_KEY_TYPE_*), and any or none
|
|
12
|
+
# of the other options:
|
|
13
|
+
#
|
|
14
|
+
# This key is not volatile. The key and all its values MUST be
|
|
15
|
+
# persisted to the backing store and is preserved when the registry
|
|
16
|
+
# server loses context due to a computer restart, reboot, or shut down
|
|
17
|
+
# process.
|
|
18
|
+
REG_KEY_TYPE_NON_VOLATILE = 0x00000000
|
|
19
|
+
# This key is volatile. The key with all its subkeys and values MUST
|
|
20
|
+
# NOT be preserved when the registry server loses context due to a
|
|
21
|
+
# computer restart, reboot, or shut down process.
|
|
22
|
+
REG_KEY_TYPE_VOLATILE = 0x00000001
|
|
23
|
+
# This key is a symbolic link to another key.
|
|
24
|
+
REG_KEY_TYPE_SYMLINK = 0x00000002
|
|
25
|
+
# Indicates that the caller wishes to assert its backup and/or restore
|
|
26
|
+
# privileges.
|
|
27
|
+
REG_OPTION_BACKUP_RESTORE = 0x00000004
|
|
28
|
+
# Indicates that the caller wishes to open the targeted symlink source
|
|
29
|
+
# rather than the symlink target.
|
|
30
|
+
REG_OPTION_OPEN_LINK = 0x00000008
|
|
31
|
+
# Indicates that the caller wishes to disable limited user access
|
|
32
|
+
# virtualization for this operation.
|
|
33
|
+
REG_OPTION_DONT_VIRTUALIZE = 0x00000010
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
# Create disposition:
|
|
37
|
+
# The key did not exist and was created.
|
|
38
|
+
REG_CREATED_NEW_KEY = 0x00000001
|
|
39
|
+
# The key already existed and was opened without being changed.
|
|
40
|
+
REG_OPENED_EXISTING_KEY = 0x00000002
|
|
41
|
+
|
|
42
|
+
attr_reader :opnum
|
|
43
|
+
|
|
44
|
+
endian :little
|
|
45
|
+
|
|
46
|
+
rpc_hkey :hkey
|
|
47
|
+
rrp_unicode_string :lp_sub_key
|
|
48
|
+
string :pad1, length: -> { pad_length(self.lp_sub_key) }
|
|
49
|
+
rrp_unicode_string :lp_class
|
|
50
|
+
string :pad2, length: -> { pad_length(self.lp_class) }
|
|
51
|
+
uint32 :dw_options
|
|
52
|
+
regsam :sam_desired
|
|
53
|
+
prpc_security_attributes :lp_security_attributes
|
|
54
|
+
string :pad3, length: -> { pad_length(self.lp_security_attributes) }
|
|
55
|
+
ndr_lp_dword :lpdw_disposition
|
|
56
|
+
|
|
57
|
+
def initialize_instance
|
|
58
|
+
super
|
|
59
|
+
@opnum = REG_CREATE_KEY
|
|
60
|
+
end
|
|
61
|
+
|
|
62
|
+
# Determines the correct length for the padding, so that the next
|
|
63
|
+
# field is 4-byte aligned.
|
|
64
|
+
def pad_length(prev_element)
|
|
65
|
+
offset = (prev_element.abs_offset + prev_element.to_binary_s.length) % 4
|
|
66
|
+
(4 - offset) % 4
|
|
67
|
+
end
|
|
68
|
+
end
|
|
69
|
+
|
|
70
|
+
end
|
|
71
|
+
end
|
|
72
|
+
end
|
|
73
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegCreateKey Response Packet as defined in
|
|
8
|
+
# [3.1.5.7 BaseRegCreateKey (Opnum 6)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/c7186ae2-1c82-45e9-933b-97d9873657e8)
|
|
9
|
+
class CreateKeyResponse < BinData::Record
|
|
10
|
+
# Create disposition
|
|
11
|
+
# The key did not exist and was created.
|
|
12
|
+
REG_CREATED_NEW_KEY = 0x00000001
|
|
13
|
+
# The key already existed and was opened without being changed.
|
|
14
|
+
REG_OPENED_EXISTING_KEY = 0x00000002
|
|
15
|
+
|
|
16
|
+
attr_reader :opnum
|
|
17
|
+
|
|
18
|
+
endian :little
|
|
19
|
+
|
|
20
|
+
prpc_hkey :hkey
|
|
21
|
+
ndr_lp_dword :lpdw_disposition
|
|
22
|
+
uint32 :error_status
|
|
23
|
+
|
|
24
|
+
def initialize_instance
|
|
25
|
+
super
|
|
26
|
+
@opnum = REG_CREATE_KEY
|
|
27
|
+
end
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
|
|
35
|
+
|
|
36
|
+
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegEnumKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
|
|
9
|
+
class EnumKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
uint32 :dw_index
|
|
16
|
+
rrp_unicode_string :lp_name
|
|
17
|
+
string :pad1, length: -> { pad_length1 }
|
|
18
|
+
prrp_unicode_string :lp_class
|
|
19
|
+
string :pad2, length: -> { pad_length2 }
|
|
20
|
+
ndr_lp_file_time :lpft_last_write_time
|
|
21
|
+
|
|
22
|
+
def initialize_instance
|
|
23
|
+
super
|
|
24
|
+
@opnum = REG_ENUM_KEY
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
# Determines the correct length for the padding in front of
|
|
28
|
+
# #lp_class. It should always force a 4-byte alignment.
|
|
29
|
+
def pad_length1
|
|
30
|
+
offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
|
|
31
|
+
(4 - offset) % 4
|
|
32
|
+
end
|
|
33
|
+
|
|
34
|
+
# Determines the correct length for the padding in front of
|
|
35
|
+
# #lpft_last_write_time. It should always force a 4-byte alignment.
|
|
36
|
+
def pad_length2
|
|
37
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
38
|
+
(4 - offset) % 4
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
|
|
42
|
+
end
|
|
43
|
+
end
|
|
44
|
+
end
|
|
45
|
+
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumKey Response Packet as defined in
|
|
6
|
+
# [3.1.5.10 BaseRegEnumKey (Opnum 9)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/668627e9-e0eb-4ab1-911f-0af589beeac3)
|
|
7
|
+
class EnumKeyResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_name
|
|
13
|
+
string :pad1, length: -> { pad_length1 }
|
|
14
|
+
prrp_unicode_string :lp_class, initial_value: 0
|
|
15
|
+
string :pad2, length: -> { pad_length2 }
|
|
16
|
+
ndr_lp_file_time :lpft_last_write_time
|
|
17
|
+
uint32 :error_status
|
|
18
|
+
|
|
19
|
+
def initialize_instance
|
|
20
|
+
super
|
|
21
|
+
@opnum = REG_ENUM_KEY
|
|
22
|
+
end
|
|
23
|
+
|
|
24
|
+
# Determines the correct length for the padding in front of
|
|
25
|
+
# #lp_class. It should always force a 4-byte alignment.
|
|
26
|
+
def pad_length1
|
|
27
|
+
offset = (lp_name.abs_offset + lp_name.to_binary_s.length) % 4
|
|
28
|
+
(4 - offset) % 4
|
|
29
|
+
end
|
|
30
|
+
|
|
31
|
+
# Determines the correct length for the padding in front of
|
|
32
|
+
# #lpft_last_write_time. It should always force a 4-byte alignment.
|
|
33
|
+
def pad_length2
|
|
34
|
+
offset = (lp_class.abs_offset + lp_class.to_binary_s.length) % 4
|
|
35
|
+
(4 - offset) % 4
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
end
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegEnumValue Request Packet as defined in
|
|
8
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
9
|
+
class EnumValueRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
uint32 :dw_index
|
|
16
|
+
rrp_unicode_string :lp_value_name
|
|
17
|
+
string :pad, length: -> { pad_length }
|
|
18
|
+
ndr_lp_dword :lp_type
|
|
19
|
+
ndr_lp_byte_array :lp_data
|
|
20
|
+
ndr_lp_dword :lpcb_data
|
|
21
|
+
ndr_lp_dword :lpcb_len
|
|
22
|
+
|
|
23
|
+
def initialize_instance
|
|
24
|
+
super
|
|
25
|
+
@opnum = REG_ENUM_VALUE
|
|
26
|
+
end
|
|
27
|
+
|
|
28
|
+
# Determines the correct length for the padding in front of
|
|
29
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
30
|
+
def pad_length
|
|
31
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
32
|
+
(4 - offset) % 4
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a BaseRegEnumValue Response Packet as defined in
|
|
6
|
+
# [3.1.5.11 BaseRegEnumValue (Opnum 10)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/56e99ef3-05dc-4f24-bcf5-9cff00412945)
|
|
7
|
+
class EnumValueResponse < BinData::Record
|
|
8
|
+
attr_reader :opnum
|
|
9
|
+
|
|
10
|
+
endian :little
|
|
11
|
+
|
|
12
|
+
rrp_unicode_string :lp_value_name
|
|
13
|
+
string :pad, length: -> { pad_length }
|
|
14
|
+
ndr_lp_dword :lp_type
|
|
15
|
+
ndr_lp_byte_array :lp_data
|
|
16
|
+
ndr_lp_dword :lpcb_data
|
|
17
|
+
ndr_lp_dword :lpcb_len
|
|
18
|
+
uint32 :error_status
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_ENUM_VALUE
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #lp_type. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_value_name.abs_offset + lp_value_name.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|
|
36
|
+
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class RpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Request Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyRequest < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
|
|
14
|
+
rpc_hkey :hkey
|
|
15
|
+
rrp_unicode_string :lp_sub_key
|
|
16
|
+
string :pad, length: -> { pad_length }
|
|
17
|
+
uint32 :dw_options
|
|
18
|
+
regsam :sam_desired
|
|
19
|
+
|
|
20
|
+
def initialize_instance
|
|
21
|
+
super
|
|
22
|
+
@opnum = REG_OPEN_KEY
|
|
23
|
+
end
|
|
24
|
+
|
|
25
|
+
# Determines the correct length for the padding in front of
|
|
26
|
+
# #dw_options. It should always force a 4-byte alignment.
|
|
27
|
+
def pad_length
|
|
28
|
+
offset = (lp_sub_key.abs_offset + lp_sub_key.to_binary_s.length) % 4
|
|
29
|
+
(4 - offset) % 4
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
end
|
|
33
|
+
end
|
|
34
|
+
end
|
|
@@ -0,0 +1,25 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class represents a BaseRegOpenKey Response Packet as defined in
|
|
8
|
+
# [3.1.5.15 BaseRegOpenKey (Opnum 15)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8cb48f55-19e1-4ea2-8d76-dd0f6934f0d9)
|
|
9
|
+
class OpenKeyResponse < BinData::Record
|
|
10
|
+
attr_reader :opnum
|
|
11
|
+
|
|
12
|
+
endian :little
|
|
13
|
+
prpc_hkey :phk_result
|
|
14
|
+
uint32 :error_status
|
|
15
|
+
|
|
16
|
+
def initialize_instance
|
|
17
|
+
super
|
|
18
|
+
@opnum = REG_OPEN_KEY
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
end
|
|
23
|
+
end
|
|
24
|
+
end
|
|
25
|
+
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
# This class represents a PREGISTRY_SERVER_NAME structure as defined in
|
|
6
|
+
# [2.2.2 PREGISTRY_SERVER_NAME](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/8bcd15fd-1aa5-44e2-8662-112ec3e9817b)
|
|
7
|
+
class PRegistryServerName < Ndr::NdrPointer
|
|
8
|
+
endian :little
|
|
9
|
+
|
|
10
|
+
string16 :referent, onlyif: -> { self.referent_id != 0 }, read_length: -> { 4 }
|
|
11
|
+
end
|
|
12
|
+
|
|
13
|
+
# This class is a generic class that represents OpenXXX Request packet,
|
|
14
|
+
# used to open one of the root keys, as defined in:
|
|
15
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
16
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
17
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
18
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
19
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
20
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
21
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
22
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
23
|
+
# The structure is define by the value of the #opnum parameter
|
|
24
|
+
# e.g. (OpenLocalMachine):
|
|
25
|
+
# OpenRootKeyRequest.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
26
|
+
class OpenRootKeyRequest < BinData::Record
|
|
27
|
+
attr_reader :opnum
|
|
28
|
+
|
|
29
|
+
endian :little
|
|
30
|
+
p_registry_server_name :p_registry_server_name
|
|
31
|
+
regsam :sam_desired
|
|
32
|
+
|
|
33
|
+
def initialize_instance
|
|
34
|
+
super
|
|
35
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
36
|
+
self.p_registry_server_name = :null
|
|
37
|
+
self.sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
|
|
41
|
+
end
|
|
42
|
+
end
|
|
43
|
+
end
|
|
@@ -0,0 +1,35 @@
|
|
|
1
|
+
module RubySMB
|
|
2
|
+
module Dcerpc
|
|
3
|
+
module Winreg
|
|
4
|
+
|
|
5
|
+
class PrpcHkey < Ndr::NdrContextHandle; end
|
|
6
|
+
|
|
7
|
+
# This class is a generic class that represents OpenXXX Response packet,
|
|
8
|
+
# used to open one of the root keys, as defined in:
|
|
9
|
+
# [3.1.5.1 OpenClassesRoot (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/956a3052-6580-43ee-91aa-aaf61726149b)
|
|
10
|
+
# [3.1.5.2 OpenCurrentUser (Opnum 1)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/ec140ed9-4d00-4c03-a15c-c7245a497ed5)
|
|
11
|
+
# [3.1.5.3 OpenLocalMachine (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/6cef29ae-21ba-423f-9158-05145ac80a5b)
|
|
12
|
+
# [3.1.5.4 OpenPerformanceData (Opnum 3)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/7b514c63-6cad-4fe1-9780-743959e377e6)
|
|
13
|
+
# [3.1.5.5 OpenUsers (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/694e57f4-da3e-4285-8b71-3181d71d6cd1)
|
|
14
|
+
# [3.1.5.25 OpenCurrentConfig (Opnum 27)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/160767d7-83cf-4718-a4f3-d864faee3bb1)
|
|
15
|
+
# [3.1.5.28 OpenPerformanceText (Opnum 32)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/44954f6d-ef2c-4ec1-a27d-32b9b87e3c8a)
|
|
16
|
+
# [3.1.5.29 OpenPerformanceNlsText (Opnum 33)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/3626fa8a-b20f-4243-bf85-cdb615ed2ca0)
|
|
17
|
+
# The structure is define by the value of the #opnum parameter
|
|
18
|
+
# e.g. (OpenLocalMachine):
|
|
19
|
+
# OpenRootKeyResponse.new(opnum: RubySMB::Dcerpc::Winreg::OPEN_HKLM)
|
|
20
|
+
class OpenRootKeyResponse < BinData::Record
|
|
21
|
+
attr_reader :opnum
|
|
22
|
+
|
|
23
|
+
endian :little
|
|
24
|
+
prpc_hkey :ph_key
|
|
25
|
+
uint32 :error_status
|
|
26
|
+
|
|
27
|
+
def initialize_instance
|
|
28
|
+
super
|
|
29
|
+
@opnum = get_parameter(:opnum) if has_parameter?(:opnum)
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
33
|
+
end
|
|
34
|
+
end
|
|
35
|
+
end
|