ruby_smb 2.0.12 → 3.0.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e390e96aa471e87e6406cf5b7eae77a4c45f882201f4132d3243eb25506554dc
-  data.tar.gz: 65620d67c3dbfbf2d3f795856c8da03207a8df32aa439a6f6a0b5d46b385dd31
+  metadata.gz: 9a0b34939805bf96ca0b83284b946fc2d96c1e5d7b6e63c67c4d0c40b73d257d
+  data.tar.gz: f8c1e25526de8821ec484c820b32734e0cfcefce6e34de2a90b25ce876225e61
 SHA512:
-  metadata.gz: 0c252450305e217779de4c1bf6850fa55f12c95d6380795f6940c0451d33c64f1287ab13f6a373d1dcaa1752d399dac04fd0e358a49000335deba27d46ab8fc7
-  data.tar.gz: 2734dd65b1a84a03fdd914a6877640107caf6bcf561f3a41b769ef947e21276bc8759859ac4a36ba0b2ccfe15778ff06c234ff41dabf9ea4563a74a95ea1b891
+  metadata.gz: b669ae3cdc6e7c875c92890ac15608ab45b8d223eb064756d340e046a5dd3b4273971ebdf8419a033ae87fc75af8f08d7e7ce5466186e2e531adada3efaedab4
+  data.tar.gz: 052ad0693a7f9ea8b3b767a58ecc710e37f2c9c0ef7c910b8c385b22b9a6eee678596a49de385cb0d0200964e620b171bd667a76b7b393f96a1ebded64e6f5b7

data/.github/workflows/verify.yml

@@ -20,7 +20,7 @@ jobs:
           - 2.5
           - 2.6
           - 2.7
-          - 3.0
+          - 3.0.3
         test_cmd:
           - bundle exec rspec
 

data/examples/auth_capture.rb

@@ -1,12 +1,31 @@
 #!/usr/bin/ruby
 
 require 'bundler/setup'
+require 'optparse'
 require 'ruby_smb'
 require 'ruby_smb/gss/provider/ntlm'
 
 # we just need *a* default encoding to handle the strings from the NTLM messages
 Encoding.default_internal = 'UTF-8' if Encoding.default_internal.nil?
 
+options = {
+  smbv1: true,
+  smbv2: true,
+  smbv3: true
+}
+OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
+  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+end.parse!
+
 def bin_to_hex(s)
   s.each_byte.map { |b| b.to_s(16).rjust(2, '0') }.join
 end
@@ -63,6 +82,15 @@ end
 server = RubySMB::Server.new(
   gss_provider: HaxorNTLMProvider.new
 )
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+if server.dialects.empty?
+  puts "at least one version must be enabled"
+  exit false
+end
+
 puts "server is running"
 server.run do
   puts "received connection"

data/examples/dump_secrets_from_sid.rb

@@ -0,0 +1,207 @@
+#!/usr/bin/ruby
+
+# This example script is used for testing DCERPC client and DRSR structures.
+# It will attempt to connect to a host and enumerate user secrets.
+# Example usage: ruby dump_secrets_from_sid.rb 192.168.172.138 msfadmin msfadmin MYDOMAIN S-1-5-21-419547006-9448028-4223375872-500
+# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin
+# credentials and enumerate secrets of domain user with SID
+# S-1-5-21-419547006-9448028-4223375872-500
+
+require 'bundler/setup'
+require 'ruby_smb/dcerpc/client'
+
+
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+domain       = ARGV[3]
+sid          = ARGV[4]
+
+client = RubySMB::Dcerpc::Client.new(
+  address,
+  RubySMB::Dcerpc::Drsr,
+  username: username,
+  password: password,
+)
+client.connect
+puts('Binding to DRSR...')
+client.bind(
+  auth_level: RubySMB::Dcerpc::RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
+  auth_type: RubySMB::Dcerpc::RPC_C_AUTHN_WINNT
+)
+puts('Bound to DRSR')
+ph_drs = client.drs_bind
+puts "ph_drs: #{ph_drs}"
+puts
+
+dc_infos = client.drs_domain_controller_info(ph_drs, domain)
+dc_infos.each do |dc_info|
+  dc_info.field_names.each do |field|
+    puts "#{field}: #{dc_info.send(field).to_s.encode('utf-8')}"
+  end
+  puts
+  puts
+
+  crack_names = client.drs_crack_names(ph_drs, rp_names: [sid])
+  puts "SID: #{sid}"
+  crack_names.each do |crack_name|
+    puts "Domain: #{crack_name.p_domain.to_s.encode('utf-8')}"
+    puts "Name: #{crack_name.p_name.to_s.encode('utf-8')}"
+
+    user_record = client.drs_get_nc_changes(
+      ph_drs,
+      nc_guid: crack_name.p_name.to_s.encode('utf-8'),
+      dsa_object_guid: dc_info.ntds_dsa_object_guid,
+    )
+
+    # self.__decryptHash
+    dn = user_record.pmsg_out.msg_getchg.p_nc.string_name.to_ary[0..-1].join.encode('utf-8')
+    puts "Decrypting hash for user: #{dn}"
+
+    entinf_struct = user_record.pmsg_out.msg_getchg.p_objects.entinf
+    object_sid = rid = entinf_struct.p_name.sid[-4..-1].unpack('<L').first
+    lm_hash = Net::NTLM.lm_hash('')
+    nt_hash = Net::NTLM.ntlm_hash('')
+    disabled = nil
+    computer_account = nil
+    password_never_expires = nil
+    password_not_required = nil
+    pwd_last_set = nil
+    last_logon = nil
+    expires = nil
+    lm_history = []
+    nt_history = []
+    domain_name = ''
+    user = 'unknown'
+    kerberos_keys = {}
+    clear_text_passwords = []
+
+    entinf_struct.attr_block.p_attr.each do |attr|
+      next unless attr.attr_val.val_count > 0
+      # begin
+      att_id = user_record.pmsg_out.msg_getchg.oid_from_attid(attr.attr_typ)
+      lookup_table = RubySMB::Dcerpc::Drsr::ATTRTYP_TO_ATTID
+      # rescue XXXX
+      #   att_id = attr.attr_typ
+      #   lookup_table = NAME_TO_ATTRTYP
+      # end
+
+      #puts "#{lookup_table.key(att_id) || 'Unknown'}: #{attr.attr_val.p_aval[0].p_val}"
+
+      attribute_value = attr.attr_val.p_aval[0].p_val.to_ary.map(&:chr).join
+      case att_id
+      when lookup_table['dBCSPwd']
+        encrypted_lm_hash = client.decrypt_attribute_value(attribute_value)
+        lm_hash = client.remove_des_layer(encrypted_lm_hash, rid)
+      when lookup_table['unicodePwd']
+        encrypted_nt_hash = client.decrypt_attribute_value(attribute_value)
+        nt_hash = client.remove_des_layer(encrypted_nt_hash, rid)
+      when lookup_table['userPrincipalName']
+        domain_name = attribute_value.force_encoding('utf-16le').encode('utf-8').split('@').last
+      when lookup_table['sAMAccountName']
+        user = attribute_value.force_encoding('utf-16le').encode('utf-8')
+      when lookup_table['objectSid']
+        object_sid = attribute_value
+      when lookup_table['userAccountControl']
+        user_account_control =  attribute_value.unpack('L<')[0]
+        disabled = user_account_control & RubySMB::Dcerpc::Samr::UF_ACCOUNTDISABLE != 0
+        computer_account = user_account_control & RubySMB::Dcerpc::Samr::UF_NORMAL_ACCOUNT == 0
+        password_never_expires = user_account_control & RubySMB::Dcerpc::Samr::UF_DONT_EXPIRE_PASSWD != 0
+        password_not_required = user_account_control & RubySMB::Dcerpc::Samr::UF_PASSWD_NOTREQD != 0
+      when lookup_table['pwdLastSet']
+        pwd_last_set = Time.at(0)
+        time_value = attribute_value.unpack('Q<')[0]
+        if time_value > 0
+          pwd_last_set = RubySMB::Field::FileTime.new(time_value).to_time.utc
+        end
+      when lookup_table['accountExpires']
+        expires = Time.at(0)
+        time_value = attribute_value.unpack('Q<')[0]
+        if time_value > 0 && time_value != 0x7FFFFFFFFFFFFFFF
+          expires = RubySMB::Field::FileTime.new(time_value).to_time.utc
+        end
+      when lookup_table['lastLogonTimestamp']
+        last_logon = Time.at(0)
+        time_value = attribute_value.unpack('Q<')[0]
+        if time_value > 0
+          last_logon = RubySMB::Field::FileTime.new(time_value).to_time.utc
+        end
+      when lookup_table['lmPwdHistory']
+        tmp_lm_history = client.decrypt_attribute_value(attribute_value)
+        tmp_lm_history.bytes.each_slice(16) do |block|
+          lm_history << client.remove_des_layer(block.map(&:chr).join, rid)
+        end
+      when lookup_table['ntPwdHistory']
+        tmp_nt_history = client.decrypt_attribute_value(attribute_value)
+        tmp_nt_history.bytes.each_slice(16) do |block|
+          nt_history << client.remove_des_layer(block.map(&:chr).join, rid)
+        end
+      when lookup_table['supplementalCredentials']
+        # self.__decryptSupplementalInfo
+        plain_text = client.decrypt_attribute_value(attribute_value)
+        user_properties = RubySMB::Dcerpc::Samr::UserProperties.read(plain_text)
+        user_properties.user_properties.each do |user_property|
+          case user_property.property_name.encode('utf-8')
+          when 'Primary:Kerberos-Newer-Keys'
+            value = user_property.property_value
+            binary_value = value.chars.each_slice(2).map {|a,b| (a+b).hex.chr}.join
+            kerb_stored_credential_new = RubySMB::Dcerpc::Samr::KerbStoredCredentialNew.read(binary_value)
+            key_values = kerb_stored_credential_new.get_key_values
+            kerb_stored_credential_new.credentials.each_with_index do |credential, i|
+              kerberos_type = RubySMB::Dcerpc::Samr::KERBEROS_TYPE[credential.key_type]
+              if kerberos_type
+                kerberos_keys[kerberos_type] = key_values[i].unpack('H*')[0]
+              else
+                kerberos_keys["0x#{credential.key_type.to_i.to_s(16)}"] = key_values[i].unpack('H*')[0]
+              end
+            end
+          when 'Primary:CLEARTEXT'
+            # [MS-SAMR] 3.1.1.8.11.5 Primary:CLEARTEXT Property
+            # This credential type is the cleartext password. The value format is the UTF-16 encoded cleartext password.
+            begin
+              clear_text_passwords << user_property.property_value.to_s.force_encoding('utf-16le').encode('utf-8')
+            rescue EncodingError
+              # This could be because we're decoding a machine password. Printing it hex
+              # Keep clear_text_passwords with a ASCII-8BIT encoding
+              clear_text_passwords << user_property.property_value.to_s
+            end
+          end
+        end
+      end
+    end
+
+    user = "#{domain_name}\\#{user}" unless domain_name.empty?
+
+    puts "#{user}:#{rid}:#{lm_hash.unpack('H*')[0]}:#{nt_hash.unpack('H*')[0]}:::"
+    puts "Object SID: 0x#{object_sid.unpack('H*')[0]}"
+    puts "Password last set: #{pwd_last_set && pwd_last_set > Time.at(0) ? pwd_last_set : 'never'}"
+    puts "Last logon: #{last_logon && last_logon > Time.at(0) ? last_logon : 'never'}"
+    puts "Account disabled: #{disabled.nil? ? 'N/A' : disabled}"
+    puts "Computer account: #{computer_account.nil? ? 'N/A' : computer_account}"
+    puts "Password never expires: #{password_never_expires.nil? ?  'N/A' : password_never_expires}"
+    puts "Password not required: #{password_not_required.nil? ? 'N/A' : password_not_required}"
+    puts "Expired: #{!disabled && expires && expires > Time.at(0) && expires < Time.now}"
+    if nt_history.size > 1 and lm_history.size > 1
+      puts "Password history:"
+      nt_history[1..-1].zip(lm_history[1..-1]).each_with_index do |history, i|
+        nt_h, lm_h = history
+        empty_lm_h = Net::NTLM.lm_hash('')
+        puts "  #{user}_history#{i}:#{rid}:#{empty_lm_h.unpack('H*')[0]}:#{nt_h.to_s.unpack('H*')[0]}::: (if LMHashes are not stored)"
+        puts "  #{user}_history#{i}:#{rid}:#{lm_h.to_s.unpack('H*')[0]}:#{nt_h.to_s.unpack('H*')[0]}::: (if LMHashes are stored)"
+      end
+    end
+    puts "Kerberos keys:"
+    kerberos_keys.each do |key_type, key_value|
+      puts "  #{user}:#{key_type}:#{key_value}"
+    end
+    puts "Clear passwords:"
+    clear_text_passwords.each do |passwd|
+      puts "  #{user}:CLEARTEXT:#{passwd}"
+    end
+  end
+end
+
+client.drs_unbind(ph_drs)
+client.close
+
+puts 'Done'

data/examples/enum_domain_users.rb

@@ -0,0 +1,75 @@
+#!/usr/bin/ruby
+
+# This example script is used for testing DCERPC SAMR requests.
+# It will attempt to connect to a server object and enumerate domain users.
+# Example usage: ruby enum_domain_users.rb 192.168.172.138 msfadmin msfadmin MyDomain
+
+require 'bundler/setup'
+require 'ruby_smb'
+
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+domain       = ARGV[3]
+smb_versions = ARGV[4]&.split(',') || ['1','2','3']
+
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
+
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+protocol = client.negotiate
+status = client.authenticate
+
+puts "#{protocol} : #{status}"
+
+tree = client.tree_connect("\\\\#{address}\\IPC$")
+samr = tree.open_file(filename: 'samr', write: true, read: true)
+
+puts('Binding to \\samr...')
+samr.bind(endpoint: RubySMB::Dcerpc::Samr)
+puts('Bound to \\samr')
+
+puts('[+] SAMR Connect')
+server_handle = samr.samr_connect
+
+domain_sid = samr.samr_lookup_domain(server_handle: server_handle, name: domain)
+domain_handle = samr.samr_open_domain(server_handle: server_handle, domain_id: domain_sid)
+
+builtin_domain_sid = samr.samr_lookup_domain(server_handle: server_handle, name: 'Builtin')
+builtin_domain_handle = samr.samr_open_domain(server_handle: server_handle, domain_id: builtin_domain_sid)
+
+users = samr.samr_enumerate_users_in_domain(domain_handle: domain_handle)
+
+puts 'RID   | SID                                         | Name          | Domain Groups | Domain Alias Groups | Builtin Alias Groups'
+puts '--------------------------------------------------------------------------------------------------------------------------------'
+users.each do |rid, name|
+  sid = samr.samr_rid_to_sid(object_handle: domain_handle, rid: rid)
+  domain_sid = sid.to_s.split('-')[0..-2].join('-')
+
+  user_handle = samr.samr_open_user(domain_handle: domain_handle, user_id: rid)
+  groups = samr.samr_get_group_for_user(user_handle: user_handle)
+  groups = groups.map { |group| RubySMB::Dcerpc::Samr::RpcSid.new("#{domain_sid}-#{group.relative_id.to_i}") }
+
+  alias_groups = samr.samr_get_alias_membership(domain_handle: domain_handle, sids: groups + [sid])
+  alias_groups = alias_groups.map { |group| RubySMB::Dcerpc::Samr::RpcSid.new("#{domain_sid}-#{group}") }
+
+  builtin_alias_groups = samr.samr_get_alias_membership(domain_handle: builtin_domain_handle, sids: groups + [sid])
+  builtin_alias_groups = builtin_alias_groups.map { |group| RubySMB::Dcerpc::Samr::RpcSid.new("#{domain_sid}-#{group}") }
+
+  #TODO: implement [LSAT] LsarLookupSids2 call to get the name of the "Unknown SID"'s
+
+  output = "#{"%-5s" % rid} | #{"%-43s" % sid} | #{name.encode('UTF-8')}"
+  output << " | #{groups.empty? ? 'N/A' : groups.map(&:name).join(', ')}"
+  output << " | #{alias_groups.empty? ? 'N/A' : alias_groups.map(&:name).join(', ')}"
+  output << " | #{builtin_alias_groups.empty? ? 'N/A' : builtin_alias_groups.map(&:name).join(', ')}"
+  puts output
+
+  samr.close_handle(user_handle)
+end
+
+samr.close_handle(domain_handle)
+samr.close_handle(builtin_domain_handle)
+samr.close_handle(server_handle)
+
+client.disconnect!
+

data/examples/file_server.rb

@@ -0,0 +1,76 @@
+#!/usr/bin/ruby
+
+require 'bundler/setup'
+require 'optparse'
+require 'ruby_smb'
+require 'ruby_smb/gss/provider/ntlm'
+
+# we just need *a* default encoding to handle the strings from the NTLM messages
+Encoding.default_internal = 'UTF-8' if Encoding.default_internal.nil?
+
+options = {
+  allow_anonymous: true,
+  domain: nil,
+  username: 'RubySMB',
+  password: 'password',
+  share_name: 'home',
+  share_path: '.',
+  smbv1: true,
+  smbv2: true,
+  smbv3: true
+}
+OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options]"
+  opts.on("--path PATH", "The path to share (default: #{options[:share_path]})") do |path|
+    options[:share_path] = path
+  end
+  opts.on("--share SHARE", "The share name (default: #{options[:share_name]})") do |share|
+    options[:share_name] = share
+  end
+  opts.on("--[no-]anonymous", "Allow anonymous access (default: #{options[:allow_anonymous]})") do |allow_anonymous|
+    options[:allow_anonymous] = allow_anonymous
+  end
+  opts.on("--[no-]smbv1", "Enabled or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enabled or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enabled or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end.parse!
+
+ntlm_provider = RubySMB::Gss::Provider::NTLM.new(allow_anonymous: options[:allow_anonymous])
+ntlm_provider.put_account(options[:username], options[:password], domain: options[:domain])  # password can also be an NTLM hash
+
+server = RubySMB::Server.new(
+  gss_provider: ntlm_provider,
+  logger: :stdout
+)
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB1 } unless options[:smbv1]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB2 } unless options[:smbv2]
+server.dialects.select! { |dialect| RubySMB::Dialect[dialect].family != RubySMB::Dialect::FAMILY_SMB3 } unless options[:smbv3]
+
+if server.dialects.empty?
+  puts "at least one version must be enabled"
+  exit false
+end
+
+server.add_share(RubySMB::Server::Share::Provider::Disk.new(options[:share_name], options[:share_path]))
+puts "server is running"
+server.run do
+  puts "received connection"
+  true
+end
+

data/examples/get_computer_info.rb

@@ -0,0 +1,42 @@
+#!/usr/bin/ruby
+
+# This example script is used for testing DCERPC WKST requests.
+# It will attempt to retrieve configuration information of a remote computer/server.
+# Example usage: ruby enum_domain_users.rb 192.168.172.138 msfadmin msfadmin MyDomain
+
+require 'bundler/setup'
+require 'ruby_smb'
+
+address      = ARGV[0]
+username     = ARGV[1]
+password     = ARGV[2]
+smb_versions = ARGV[3]&.split(',') || ['1','2','3']
+
+sock = TCPSocket.new address, 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
+
+client = RubySMB::Client.new(dispatcher, smb1: smb_versions.include?('1'), smb2: smb_versions.include?('2'), smb3: smb_versions.include?('3'), username: username, password: password)
+protocol = client.negotiate
+status = client.authenticate
+
+puts "#{protocol} : #{status}"
+
+tree = client.tree_connect("\\\\#{address}\\IPC$")
+wkssvc = tree.open_file(filename: 'wkssvc', write: true, read: true)
+
+puts('Binding to \\wkssvc...')
+wkssvc.bind(endpoint: RubySMB::Dcerpc::Wkssvc)
+puts('Bound to \\wkssvc')
+
+puts('[+] WKSSVC Connect')
+
+info = wkssvc.netr_wksta_get_info
+platform = RubySMB::Dcerpc::Wkssvc::PLATFORM_ID[info.wki100_platform_id]
+puts "Platform: #{platform || 'Unknown'}"
+puts "Computer Name: #{info.wki100_computername.encode('utf-8')}"
+puts "LAN Group: #{info.wki100_langroup.encode('utf-8')}"
+puts "OS Version: #{info.wki100_ver_major}.#{info.wki100_ver_minor}"
+
+client.disconnect!
+
+

data/examples/query_service_status.rb

@@ -36,25 +36,63 @@ scm_handle = svcctl.open_sc_manager_w(address)
 svc_handle = svcctl.open_service_w(scm_handle, service)
 svc_status = svcctl.query_service_status(svc_handle)
 
+puts
 case svc_status.dw_current_state
 when RubySMB::Dcerpc::Svcctl::SERVICE_RUNNING
   puts("Service #{service} is running")
 when RubySMB::Dcerpc::Svcctl::SERVICE_STOPPED
   puts("Service #{service} is in stopped state")
 end
+puts
 
 svc_config = svcctl.query_service_config(svc_handle)
+
+service_type = 'Service type: '
+case svc_config.dw_service_type
+when RubySMB::Dcerpc::Svcctl::SERVICE_KERNEL_DRIVER
+  service_type << 'Driver service'
+when RubySMB::Dcerpc::Svcctl::SERVICE_FILE_SYSTEM_DRIVER
+  service_type << 'File system driver service'
+when RubySMB::Dcerpc::Svcctl::SERVICE_WIN32_OWN_PROCESS
+  service_type << 'Service that runs in its own process'
+when RubySMB::Dcerpc::Svcctl::SERVICE_WIN32_SHARE_PROCESS
+  service_type << 'Service that shares a process with other services'
+end
+
+start_type = 'Service start type: '
 case svc_config.dw_start_type
 when RubySMB::Dcerpc::Svcctl::SERVICE_DISABLED
-  puts("Service #{service} is disabled")
+  start_type << 'Service is disabled'
 when RubySMB::Dcerpc::Svcctl::SERVICE_BOOT_START, RubySMB::Dcerpc::Svcctl::SERVICE_SYSTEM_START
-  puts("Service #{service} starts when the system boots up (driver)")
+  start_type << 'Service starts when the system boots up (driver)'
 when RubySMB::Dcerpc::Svcctl::SERVICE_AUTO_START
-  puts("Service #{service} starts automatically during system startup")
+  start_type << 'Service starts automatically during system startup'
 when RubySMB::Dcerpc::Svcctl::SERVICE_DEMAND_START
-  puts("Service #{service} starts manually")
+  start_type << 'Service starts manually'
 end
 
+error_control = 'Error control: '
+case svc_config.dw_error_control
+when RubySMB::Dcerpc::Svcctl::SERVICE_ERROR_IGNORE
+  error_control << 'SERVICE_ERROR_IGNORE'
+when RubySMB::Dcerpc::Svcctl::SERVICE_ERROR_NORMAL
+  error_control << 'SERVICE_ERROR_NORMAL'
+when RubySMB::Dcerpc::Svcctl::SERVICE_ERROR_SEVERE
+  error_control << 'SERVICE_ERROR_SEVERE'
+when RubySMB::Dcerpc::Svcctl::SERVICE_ERROR_CRITICAL
+  error_control << 'SERVICE_ERROR_CRITICAL'
+end
+
+puts service_type
+puts start_type
+puts error_control
+puts "Binary path: #{svc_config.lp_binary_path_name.to_s.encode('utf-8')}"
+puts "Load ordering service group: #{svc_config.lp_load_order_group.to_s.encode('utf-8')}"
+puts "Service group tag ID: #{svc_config.dw_tag_id.to_s.encode('utf-8')}"
+puts "Dependencies: #{svc_config.lp_dependencies.to_s.encode('utf-8')}"
+puts "Service start name: #{svc_config.lp_service_start_name.to_s.encode('utf-8')}"
+
+
 if svcctl
   svcctl.close_service_handle(svc_handle) if svc_handle
   svcctl.close_service_handle(scm_handle) if scm_handle

data/lib/ruby_smb/client.rb

@@ -279,7 +279,7 @@ module RubySMB
     # @param smb2 [Boolean] whether or not to enable SMB2 support
     # @param smb3 [Boolean] whether or not to enable SMB3 support
     def initialize(dispatcher, smb1: true, smb2: true, smb3: true, username:, password:, domain: '.',
-                   local_workstation: 'WORKSTATION', always_encrypt: true, ntlm_flags: default_flags)
+                   local_workstation: 'WORKSTATION', always_encrypt: true, ntlm_flags: NTLM::DEFAULT_CLIENT_FLAGS)
       raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
       if smb1 == false && smb2 == false && smb3 == false
         raise ArgumentError, 'You must enable at least one Protocol'
@@ -366,7 +366,7 @@ module RubySMB
     # the credentials supplied during initialization, but can take a new set of credentials if needed.
     def login(username: self.username, password: self.password,
               domain: self.domain, local_workstation: self.local_workstation,
-              ntlm_flags: default_flags)
+              ntlm_flags: NTLM::DEFAULT_CLIENT_FLAGS)
       negotiate
       session_setup(username, password, domain,
                     local_workstation: local_workstation,
@@ -374,7 +374,7 @@ module RubySMB
     end
 
     def session_setup(user, pass, domain, do_recv=true,
-                      local_workstation: self.local_workstation, ntlm_flags: default_flags)
+                      local_workstation: self.local_workstation, ntlm_flags: NTLM::DEFAULT_CLIENT_FLAGS)
       @domain            = domain
       @local_workstation = local_workstation
       @password          = pass.encode('utf-8') || ''.encode('utf-8')
@@ -648,16 +648,5 @@ module RubySMB
       )
     end
 
-    private
-
-    def default_flags
-      negotiate_version_flag = 0x02000000
-      flags = Net::NTLM::Client::DEFAULT_FLAGS |
-        RubySMB::NTLM::NEGOTIATE_FLAGS[:TARGET_INFO] |
-        negotiate_version_flag ^
-        RubySMB::NTLM::NEGOTIATE_FLAGS[:OEM]
-
-      flags
-    end
   end
 end

data/lib/ruby_smb/create_actions.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  # This module holds the Create Actions used in NT_TRANSACT_CREATE,
+  # SMB_COM_NT_CREATE_ANDX, and SMB2_CREATE responses. The definitions for these
+  # values can be found at
+  # [2.2.7.1.2 Response](https://msdn.microsoft.com/en-us/library/ee441961.aspx)
+  # and
+  # [2.2.14 SMB2 CREATE Response](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/d166aa9e-0b53-410e-b35e-3933d8131927)
+  module CreateActions
+    # An existing file was deleted and a new file was created in its place.
+    FILE_SUPERSEDED = 0x00000000
+
+    # An existing file was opened.
+    FILE_OPENED = 0x00000001
+
+    # A new file was created.
+    FILE_CREATED = 0x00000002
+
+    # An existing file was overwritten.
+    FILE_OVERWRITTEN = 0x00000003
+  end
+end