ruby_smb 2.0.1 → 2.0.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/lib/ruby_smb/client/negotiation.rb +18 -10
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/client_spec.rb +21 -33
- metadata +2 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e93c38e303cd6e34066d103fd2da4a21c760016778e221491f690d57f628e408
|
4
|
+
data.tar.gz: 5dfe1d3f1febbc197eb9cd4c4fe203a9b0d04a576e10d1aff4812dca5fcd4f4b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 915802d1d3685aa46074e721dc226f66904e9942654cceae5b3fd701be533f00057ef9d554edaaaad115754c4a75cad5c5ac09c53a11895658897ce5326236a1
|
7
|
+
data.tar.gz: 1f78090e799579e6f3a4dd6639cf20a88b89ed865157479e6634f55388125db05e7698117e66effde3e30bfaae98750a6230a8eb1ec057777339a70412390878
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
@@ -18,11 +18,9 @@ module RubySMB
|
|
18
18
|
# This is only valid for SMB1.
|
19
19
|
response_packet.dialects = request_packet.dialects if response_packet.respond_to? :dialects=
|
20
20
|
version = parse_negotiate_response(response_packet)
|
21
|
-
|
22
|
-
|
23
|
-
|
24
|
-
when '0x0311'
|
25
|
-
parse_smb3_encryption_data(request_packet, response_packet)
|
21
|
+
if @dialect == '0x0311'
|
22
|
+
update_preauth_hash(request_packet)
|
23
|
+
update_preauth_hash(response_packet)
|
26
24
|
end
|
27
25
|
|
28
26
|
# If the response contains the SMB2 wildcard revision number dialect;
|
@@ -123,14 +121,13 @@ module RubySMB
|
|
123
121
|
# protocol overhead every time.
|
124
122
|
self.server_max_buffer_size = packet.parameter_block.max_buffer_size - 260
|
125
123
|
self.negotiated_smb_version = 1
|
124
|
+
self.session_encrypt_data = false
|
126
125
|
'SMB1'
|
127
126
|
when RubySMB::SMB2::Packet::NegotiateResponse
|
128
127
|
self.smb1 = false
|
129
128
|
unless packet.dialect_revision.to_i == 0x02ff
|
130
129
|
self.smb2 = packet.dialect_revision.to_i >= 0x0200 && packet.dialect_revision.to_i < 0x0300
|
131
130
|
self.smb3 = packet.dialect_revision.to_i >= 0x0300 && packet.dialect_revision.to_i < 0x0400
|
132
|
-
# Only enable session encryption if the server supports it
|
133
|
-
@session_encrypt_data = self.smb3 && @session_encrypt_data && packet.capabilities.encryption == 1
|
134
131
|
end
|
135
132
|
self.signing_required = packet.security_mode.signing_required == 1 if self.smb2 || self.smb3
|
136
133
|
self.dialect = "0x%04x" % packet.dialect_revision
|
@@ -143,6 +140,19 @@ module RubySMB
|
|
143
140
|
self.server_guid = packet.server_guid
|
144
141
|
self.server_start_time = packet.server_start_time.to_time if packet.server_start_time != 0
|
145
142
|
self.server_system_time = packet.system_time.to_time if packet.system_time != 0
|
143
|
+
case self.dialect
|
144
|
+
when '0x02ff'
|
145
|
+
when '0x0300', '0x0302'
|
146
|
+
if packet&.capabilities&.encryption == 1
|
147
|
+
self.encryption_algorithm = RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM]
|
148
|
+
end
|
149
|
+
self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
|
150
|
+
when '0x0311'
|
151
|
+
parse_smb3_capabilities(packet)
|
152
|
+
self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
|
153
|
+
else
|
154
|
+
self.session_encrypt_data = false
|
155
|
+
end
|
146
156
|
return "SMB#{self.negotiated_smb_version}"
|
147
157
|
else
|
148
158
|
error = 'Unable to negotiate with remote host'
|
@@ -155,7 +165,7 @@ module RubySMB
|
|
155
165
|
end
|
156
166
|
end
|
157
167
|
|
158
|
-
def
|
168
|
+
def parse_smb3_capabilities(response_packet)
|
159
169
|
nc = response_packet.find_negotiate_context(
|
160
170
|
RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
|
161
171
|
)
|
@@ -185,8 +195,6 @@ module RubySMB
|
|
185
195
|
'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
|
186
196
|
)
|
187
197
|
end
|
188
|
-
update_preauth_hash(request_packet)
|
189
|
-
update_preauth_hash(response_packet)
|
190
198
|
|
191
199
|
nc = response_packet.find_negotiate_context(
|
192
200
|
RubySMB::SMB2::NegotiateContext::SMB2_COMPRESSION_CAPABILITIES
|
data/lib/ruby_smb/version.rb
CHANGED
@@ -1065,6 +1065,11 @@ RSpec.describe RubySMB::Client do
|
|
1065
1065
|
smb3_response.capabilities.encryption = 1
|
1066
1066
|
end
|
1067
1067
|
|
1068
|
+
it 'sets the expected encryption algorithm' do
|
1069
|
+
client.parse_negotiate_response(smb3_response)
|
1070
|
+
expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
|
1071
|
+
end
|
1072
|
+
|
1068
1073
|
it 'keeps session encryption enabled if it was already' do
|
1069
1074
|
client.session_encrypt_data = true
|
1070
1075
|
client.parse_negotiate_response(smb3_response)
|
@@ -1166,26 +1171,15 @@ RSpec.describe RubySMB::Client do
|
|
1166
1171
|
end
|
1167
1172
|
end
|
1168
1173
|
|
1169
|
-
['0x0300', '0x0302'].each do |dialect|
|
1170
|
-
context "with #{dialect} dialect" do
|
1171
|
-
before :example do
|
1172
|
-
client.dialect = dialect
|
1173
|
-
end
|
1174
|
-
|
1175
|
-
it 'sets the expected encryption algorithm' do
|
1176
|
-
client.negotiate
|
1177
|
-
expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
|
1178
|
-
end
|
1179
|
-
end
|
1180
|
-
end
|
1181
|
-
|
1182
1174
|
context "with 0x0311 dialect" do
|
1183
|
-
it 'calls #
|
1175
|
+
it 'calls #parse_negotiate_response and updates the preauth hash' do
|
1184
1176
|
client.dialect = '0x0311'
|
1185
1177
|
request_packet = client.smb2_3_negotiate_request
|
1186
1178
|
allow(client).to receive(:negotiate_request).and_return(request_packet)
|
1187
1179
|
allow(client).to receive(:negotiate_response).and_return(smb3_response)
|
1188
|
-
expect(client).to receive(:
|
1180
|
+
expect(client).to receive(:parse_negotiate_response).with(smb3_response)
|
1181
|
+
expect(client).to receive(:update_preauth_hash).with(request_packet)
|
1182
|
+
expect(client).to receive(:update_preauth_hash).with(smb3_response)
|
1189
1183
|
client.negotiate
|
1190
1184
|
end
|
1191
1185
|
end
|
@@ -1258,7 +1252,7 @@ RSpec.describe RubySMB::Client do
|
|
1258
1252
|
end
|
1259
1253
|
end
|
1260
1254
|
|
1261
|
-
describe '#
|
1255
|
+
describe '#parse_smb3_capabilities' do
|
1262
1256
|
let(:request_packet) { client.smb2_3_negotiate_request }
|
1263
1257
|
let(:smb3_response) { RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311) }
|
1264
1258
|
let(:nc_encryption) do
|
@@ -1285,7 +1279,7 @@ RSpec.describe RubySMB::Client do
|
|
1285
1279
|
context 'when selecting the integrity hash algorithm' do
|
1286
1280
|
context 'with one algorithm' do
|
1287
1281
|
it 'selects the expected algorithm' do
|
1288
|
-
smb3_client.
|
1282
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1289
1283
|
expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
|
1290
1284
|
end
|
1291
1285
|
end
|
@@ -1296,7 +1290,7 @@ RSpec.describe RubySMB::Client do
|
|
1296
1290
|
RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
|
1297
1291
|
)
|
1298
1292
|
nc.data.hash_algorithms << 3
|
1299
|
-
smb3_client.
|
1293
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1300
1294
|
expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
|
1301
1295
|
end
|
1302
1296
|
end
|
@@ -1305,7 +1299,7 @@ RSpec.describe RubySMB::Client do
|
|
1305
1299
|
it 'raises the expected exception' do
|
1306
1300
|
smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
|
1307
1301
|
smb3_response.add_negotiate_context(nc_encryption)
|
1308
|
-
expect { smb3_client.
|
1302
|
+
expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
|
1309
1303
|
RubySMB::Error::EncryptionError,
|
1310
1304
|
'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
|
1311
1305
|
)
|
@@ -1321,7 +1315,7 @@ RSpec.describe RubySMB::Client do
|
|
1321
1315
|
)
|
1322
1316
|
nc.data.hash_algorithms << 5
|
1323
1317
|
smb3_response.add_negotiate_context(nc)
|
1324
|
-
expect { smb3_client.
|
1318
|
+
expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
|
1325
1319
|
RubySMB::Error::EncryptionError,
|
1326
1320
|
'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
|
1327
1321
|
)
|
@@ -1332,7 +1326,7 @@ RSpec.describe RubySMB::Client do
|
|
1332
1326
|
context 'when selecting the encryption algorithm' do
|
1333
1327
|
context 'with one algorithm' do
|
1334
1328
|
it 'selects the expected algorithm' do
|
1335
|
-
smb3_client.
|
1329
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1336
1330
|
expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
|
1337
1331
|
end
|
1338
1332
|
end
|
@@ -1343,7 +1337,7 @@ RSpec.describe RubySMB::Client do
|
|
1343
1337
|
RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
|
1344
1338
|
)
|
1345
1339
|
nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
|
1346
|
-
smb3_client.
|
1340
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1347
1341
|
expect(smb3_client.encryption_algorithm).to eq('AES-128-GCM')
|
1348
1342
|
end
|
1349
1343
|
|
@@ -1352,7 +1346,7 @@ RSpec.describe RubySMB::Client do
|
|
1352
1346
|
RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
|
1353
1347
|
)
|
1354
1348
|
nc.data.ciphers << 3
|
1355
|
-
smb3_client.
|
1349
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1356
1350
|
expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
|
1357
1351
|
end
|
1358
1352
|
|
@@ -1361,7 +1355,7 @@ RSpec.describe RubySMB::Client do
|
|
1361
1355
|
RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
|
1362
1356
|
)
|
1363
1357
|
nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
|
1364
|
-
smb3_client.
|
1358
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1365
1359
|
expect(smb3_client.server_encryption_algorithms).to eq([1, 2])
|
1366
1360
|
end
|
1367
1361
|
end
|
@@ -1370,7 +1364,7 @@ RSpec.describe RubySMB::Client do
|
|
1370
1364
|
it 'raises the expected exception' do
|
1371
1365
|
smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
|
1372
1366
|
smb3_response.add_negotiate_context(nc_integrity)
|
1373
|
-
expect { smb3_client.
|
1367
|
+
expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
|
1374
1368
|
RubySMB::Error::EncryptionError,
|
1375
1369
|
'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
|
1376
1370
|
)
|
@@ -1386,7 +1380,7 @@ RSpec.describe RubySMB::Client do
|
|
1386
1380
|
)
|
1387
1381
|
nc.data.ciphers << 14
|
1388
1382
|
smb3_response.add_negotiate_context(nc)
|
1389
|
-
expect { smb3_client.
|
1383
|
+
expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
|
1390
1384
|
RubySMB::Error::EncryptionError,
|
1391
1385
|
'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
|
1392
1386
|
)
|
@@ -1404,16 +1398,10 @@ RSpec.describe RubySMB::Client do
|
|
1404
1398
|
nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZ77_Huffman
|
1405
1399
|
nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::Pattern_V1
|
1406
1400
|
smb3_response.add_negotiate_context(nc)
|
1407
|
-
smb3_client.
|
1401
|
+
smb3_client.parse_smb3_capabilities(smb3_response)
|
1408
1402
|
expect(smb3_client.server_compression_algorithms).to eq([1, 2, 3, 4])
|
1409
1403
|
end
|
1410
1404
|
end
|
1411
|
-
|
1412
|
-
it 'updates the preauth hash' do
|
1413
|
-
expect(smb3_client).to receive(:update_preauth_hash).with(request_packet)
|
1414
|
-
expect(smb3_client).to receive(:update_preauth_hash).with(smb3_response)
|
1415
|
-
smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
|
1416
|
-
end
|
1417
1405
|
end
|
1418
1406
|
end
|
1419
1407
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_smb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.2
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -97,7 +97,7 @@ cert_chain:
|
|
97
97
|
JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
|
98
98
|
DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
|
99
99
|
-----END CERTIFICATE-----
|
100
|
-
date: 2020-06-
|
100
|
+
date: 2020-06-23 00:00:00.000000000 Z
|
101
101
|
dependencies:
|
102
102
|
- !ruby/object:Gem::Dependency
|
103
103
|
name: redcarpet
|
metadata.gz.sig
CHANGED
Binary file
|