ruby_smb 2.0.1 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a683fe9443f70b1f4e7dc98d02d7f4deaf785ae94097752696c516977bc3a36a
4
- data.tar.gz: 5e74a2b2daaedb9b2f096ef05fcd5465a9caa1b9672af6e42d13f18b70e47110
3
+ metadata.gz: e93c38e303cd6e34066d103fd2da4a21c760016778e221491f690d57f628e408
4
+ data.tar.gz: 5dfe1d3f1febbc197eb9cd4c4fe203a9b0d04a576e10d1aff4812dca5fcd4f4b
5
5
  SHA512:
6
- metadata.gz: efaaf45fb9fb49bd37a3f45681800f26437efdd76bd6b06ee763768c3674292fe3e7bc35946a489300a3d696a7f060cad2802335aabfd766dd6bc8dd9f503fdd
7
- data.tar.gz: cef65fae806b5b6bce656ef799f5ca4376a0cc71e1ad5746ddaf44898652580ce990d728960b2a4767898d1e7ebcb8e12d997919123b4cbc4a2d113c7db57822
6
+ metadata.gz: 915802d1d3685aa46074e721dc226f66904e9942654cceae5b3fd701be533f00057ef9d554edaaaad115754c4a75cad5c5ac09c53a11895658897ce5326236a1
7
+ data.tar.gz: 1f78090e799579e6f3a4dd6639cf20a88b89ed865157479e6634f55388125db05e7698117e66effde3e30bfaae98750a6230a8eb1ec057777339a70412390878
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -18,11 +18,9 @@ module RubySMB
18
18
  # This is only valid for SMB1.
19
19
  response_packet.dialects = request_packet.dialects if response_packet.respond_to? :dialects=
20
20
  version = parse_negotiate_response(response_packet)
21
- case @dialect
22
- when '0x0300', '0x0302'
23
- @encryption_algorithm = RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM]
24
- when '0x0311'
25
- parse_smb3_encryption_data(request_packet, response_packet)
21
+ if @dialect == '0x0311'
22
+ update_preauth_hash(request_packet)
23
+ update_preauth_hash(response_packet)
26
24
  end
27
25
 
28
26
  # If the response contains the SMB2 wildcard revision number dialect;
@@ -123,14 +121,13 @@ module RubySMB
123
121
  # protocol overhead every time.
124
122
  self.server_max_buffer_size = packet.parameter_block.max_buffer_size - 260
125
123
  self.negotiated_smb_version = 1
124
+ self.session_encrypt_data = false
126
125
  'SMB1'
127
126
  when RubySMB::SMB2::Packet::NegotiateResponse
128
127
  self.smb1 = false
129
128
  unless packet.dialect_revision.to_i == 0x02ff
130
129
  self.smb2 = packet.dialect_revision.to_i >= 0x0200 && packet.dialect_revision.to_i < 0x0300
131
130
  self.smb3 = packet.dialect_revision.to_i >= 0x0300 && packet.dialect_revision.to_i < 0x0400
132
- # Only enable session encryption if the server supports it
133
- @session_encrypt_data = self.smb3 && @session_encrypt_data && packet.capabilities.encryption == 1
134
131
  end
135
132
  self.signing_required = packet.security_mode.signing_required == 1 if self.smb2 || self.smb3
136
133
  self.dialect = "0x%04x" % packet.dialect_revision
@@ -143,6 +140,19 @@ module RubySMB
143
140
  self.server_guid = packet.server_guid
144
141
  self.server_start_time = packet.server_start_time.to_time if packet.server_start_time != 0
145
142
  self.server_system_time = packet.system_time.to_time if packet.system_time != 0
143
+ case self.dialect
144
+ when '0x02ff'
145
+ when '0x0300', '0x0302'
146
+ if packet&.capabilities&.encryption == 1
147
+ self.encryption_algorithm = RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM]
148
+ end
149
+ self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
150
+ when '0x0311'
151
+ parse_smb3_capabilities(packet)
152
+ self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
153
+ else
154
+ self.session_encrypt_data = false
155
+ end
146
156
  return "SMB#{self.negotiated_smb_version}"
147
157
  else
148
158
  error = 'Unable to negotiate with remote host'
@@ -155,7 +165,7 @@ module RubySMB
155
165
  end
156
166
  end
157
167
 
158
- def parse_smb3_encryption_data(request_packet, response_packet)
168
+ def parse_smb3_capabilities(response_packet)
159
169
  nc = response_packet.find_negotiate_context(
160
170
  RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
161
171
  )
@@ -185,8 +195,6 @@ module RubySMB
185
195
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
186
196
  )
187
197
  end
188
- update_preauth_hash(request_packet)
189
- update_preauth_hash(response_packet)
190
198
 
191
199
  nc = response_packet.find_negotiate_context(
192
200
  RubySMB::SMB2::NegotiateContext::SMB2_COMPRESSION_CAPABILITIES
@@ -1,3 +1,3 @@
1
1
  module RubySMB
2
- VERSION = '2.0.1'.freeze
2
+ VERSION = '2.0.2'.freeze
3
3
  end
@@ -1065,6 +1065,11 @@ RSpec.describe RubySMB::Client do
1065
1065
  smb3_response.capabilities.encryption = 1
1066
1066
  end
1067
1067
 
1068
+ it 'sets the expected encryption algorithm' do
1069
+ client.parse_negotiate_response(smb3_response)
1070
+ expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
1071
+ end
1072
+
1068
1073
  it 'keeps session encryption enabled if it was already' do
1069
1074
  client.session_encrypt_data = true
1070
1075
  client.parse_negotiate_response(smb3_response)
@@ -1166,26 +1171,15 @@ RSpec.describe RubySMB::Client do
1166
1171
  end
1167
1172
  end
1168
1173
 
1169
- ['0x0300', '0x0302'].each do |dialect|
1170
- context "with #{dialect} dialect" do
1171
- before :example do
1172
- client.dialect = dialect
1173
- end
1174
-
1175
- it 'sets the expected encryption algorithm' do
1176
- client.negotiate
1177
- expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
1178
- end
1179
- end
1180
- end
1181
-
1182
1174
  context "with 0x0311 dialect" do
1183
- it 'calls #parse_smb3_encryption_data' do
1175
+ it 'calls #parse_negotiate_response and updates the preauth hash' do
1184
1176
  client.dialect = '0x0311'
1185
1177
  request_packet = client.smb2_3_negotiate_request
1186
1178
  allow(client).to receive(:negotiate_request).and_return(request_packet)
1187
1179
  allow(client).to receive(:negotiate_response).and_return(smb3_response)
1188
- expect(client).to receive(:parse_smb3_encryption_data).with(request_packet, smb3_response)
1180
+ expect(client).to receive(:parse_negotiate_response).with(smb3_response)
1181
+ expect(client).to receive(:update_preauth_hash).with(request_packet)
1182
+ expect(client).to receive(:update_preauth_hash).with(smb3_response)
1189
1183
  client.negotiate
1190
1184
  end
1191
1185
  end
@@ -1258,7 +1252,7 @@ RSpec.describe RubySMB::Client do
1258
1252
  end
1259
1253
  end
1260
1254
 
1261
- describe '#parse_smb3_encryption_data' do
1255
+ describe '#parse_smb3_capabilities' do
1262
1256
  let(:request_packet) { client.smb2_3_negotiate_request }
1263
1257
  let(:smb3_response) { RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311) }
1264
1258
  let(:nc_encryption) do
@@ -1285,7 +1279,7 @@ RSpec.describe RubySMB::Client do
1285
1279
  context 'when selecting the integrity hash algorithm' do
1286
1280
  context 'with one algorithm' do
1287
1281
  it 'selects the expected algorithm' do
1288
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1282
+ smb3_client.parse_smb3_capabilities(smb3_response)
1289
1283
  expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
1290
1284
  end
1291
1285
  end
@@ -1296,7 +1290,7 @@ RSpec.describe RubySMB::Client do
1296
1290
  RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
1297
1291
  )
1298
1292
  nc.data.hash_algorithms << 3
1299
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1293
+ smb3_client.parse_smb3_capabilities(smb3_response)
1300
1294
  expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
1301
1295
  end
1302
1296
  end
@@ -1305,7 +1299,7 @@ RSpec.describe RubySMB::Client do
1305
1299
  it 'raises the expected exception' do
1306
1300
  smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
1307
1301
  smb3_response.add_negotiate_context(nc_encryption)
1308
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1302
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1309
1303
  RubySMB::Error::EncryptionError,
1310
1304
  'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
1311
1305
  )
@@ -1321,7 +1315,7 @@ RSpec.describe RubySMB::Client do
1321
1315
  )
1322
1316
  nc.data.hash_algorithms << 5
1323
1317
  smb3_response.add_negotiate_context(nc)
1324
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1318
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1325
1319
  RubySMB::Error::EncryptionError,
1326
1320
  'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
1327
1321
  )
@@ -1332,7 +1326,7 @@ RSpec.describe RubySMB::Client do
1332
1326
  context 'when selecting the encryption algorithm' do
1333
1327
  context 'with one algorithm' do
1334
1328
  it 'selects the expected algorithm' do
1335
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1329
+ smb3_client.parse_smb3_capabilities(smb3_response)
1336
1330
  expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
1337
1331
  end
1338
1332
  end
@@ -1343,7 +1337,7 @@ RSpec.describe RubySMB::Client do
1343
1337
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1344
1338
  )
1345
1339
  nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
1346
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1340
+ smb3_client.parse_smb3_capabilities(smb3_response)
1347
1341
  expect(smb3_client.encryption_algorithm).to eq('AES-128-GCM')
1348
1342
  end
1349
1343
 
@@ -1352,7 +1346,7 @@ RSpec.describe RubySMB::Client do
1352
1346
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1353
1347
  )
1354
1348
  nc.data.ciphers << 3
1355
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1349
+ smb3_client.parse_smb3_capabilities(smb3_response)
1356
1350
  expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
1357
1351
  end
1358
1352
 
@@ -1361,7 +1355,7 @@ RSpec.describe RubySMB::Client do
1361
1355
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1362
1356
  )
1363
1357
  nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
1364
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1358
+ smb3_client.parse_smb3_capabilities(smb3_response)
1365
1359
  expect(smb3_client.server_encryption_algorithms).to eq([1, 2])
1366
1360
  end
1367
1361
  end
@@ -1370,7 +1364,7 @@ RSpec.describe RubySMB::Client do
1370
1364
  it 'raises the expected exception' do
1371
1365
  smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
1372
1366
  smb3_response.add_negotiate_context(nc_integrity)
1373
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1367
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1374
1368
  RubySMB::Error::EncryptionError,
1375
1369
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
1376
1370
  )
@@ -1386,7 +1380,7 @@ RSpec.describe RubySMB::Client do
1386
1380
  )
1387
1381
  nc.data.ciphers << 14
1388
1382
  smb3_response.add_negotiate_context(nc)
1389
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1383
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1390
1384
  RubySMB::Error::EncryptionError,
1391
1385
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
1392
1386
  )
@@ -1404,16 +1398,10 @@ RSpec.describe RubySMB::Client do
1404
1398
  nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZ77_Huffman
1405
1399
  nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::Pattern_V1
1406
1400
  smb3_response.add_negotiate_context(nc)
1407
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1401
+ smb3_client.parse_smb3_capabilities(smb3_response)
1408
1402
  expect(smb3_client.server_compression_algorithms).to eq([1, 2, 3, 4])
1409
1403
  end
1410
1404
  end
1411
-
1412
- it 'updates the preauth hash' do
1413
- expect(smb3_client).to receive(:update_preauth_hash).with(request_packet)
1414
- expect(smb3_client).to receive(:update_preauth_hash).with(smb3_response)
1415
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1416
- end
1417
1405
  end
1418
1406
  end
1419
1407
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_smb
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
97
97
  JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
98
98
  DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
99
99
  -----END CERTIFICATE-----
100
- date: 2020-06-19 00:00:00.000000000 Z
100
+ date: 2020-06-23 00:00:00.000000000 Z
101
101
  dependencies:
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: redcarpet
metadata.gz.sig CHANGED
Binary file