ruby_smb 2.0.7 → 2.0.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/.github/workflows/verify.yml +57 -0
- data/README.md +0 -1
- data/examples/auth_capture.rb +71 -0
- data/lib/ruby_smb/client/negotiation.rb +11 -13
- data/lib/ruby_smb/client.rb +32 -27
- data/lib/ruby_smb/compression/lznt1.rb +164 -0
- data/lib/ruby_smb/compression.rb +7 -0
- data/lib/ruby_smb/dialect.rb +45 -0
- data/lib/ruby_smb/dispatcher/base.rb +1 -1
- data/lib/ruby_smb/dispatcher/socket.rb +1 -1
- data/lib/ruby_smb/gss/provider/authenticator.rb +42 -0
- data/lib/ruby_smb/gss/provider/ntlm.rb +303 -0
- data/lib/ruby_smb/gss/provider.rb +35 -0
- data/lib/ruby_smb/gss.rb +56 -63
- data/lib/ruby_smb/ntlm.rb +45 -0
- data/lib/ruby_smb/server/server_client/negotiation.rb +155 -0
- data/lib/ruby_smb/server/server_client/session_setup.rb +82 -0
- data/lib/ruby_smb/server/server_client.rb +163 -0
- data/lib/ruby_smb/server.rb +54 -0
- data/lib/ruby_smb/signing.rb +59 -0
- data/lib/ruby_smb/smb1/packet/negotiate_response.rb +11 -11
- data/lib/ruby_smb/smb1/packet/negotiate_response_extended.rb +1 -1
- data/lib/ruby_smb/smb1/packet/session_setup_request.rb +1 -1
- data/lib/ruby_smb/smb1/tree.rb +1 -1
- data/lib/ruby_smb/smb2/negotiate_context.rb +18 -2
- data/lib/ruby_smb/smb2/packet/compression_transform_header.rb +4 -0
- data/lib/ruby_smb/smb2/packet/negotiate_request.rb +9 -0
- data/lib/ruby_smb/smb2/packet/negotiate_response.rb +0 -1
- data/lib/ruby_smb/smb2/packet/session_setup_response.rb +2 -2
- data/lib/ruby_smb/smb2/packet/tree_connect_request.rb +1 -1
- data/lib/ruby_smb/smb2/tree.rb +1 -1
- data/lib/ruby_smb/smb2.rb +3 -1
- data/lib/ruby_smb/version.rb +1 -1
- data/lib/ruby_smb.rb +5 -3
- data/spec/lib/ruby_smb/client_spec.rb +24 -16
- data/spec/lib/ruby_smb/compression/lznt1_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb +101 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb +32 -0
- data/spec/lib/ruby_smb/gss/provider/ntlm_spec.rb +113 -0
- data/spec/lib/ruby_smb/server/server_client_spec.rb +156 -0
- data/spec/lib/ruby_smb/server_spec.rb +32 -0
- data/spec/lib/ruby_smb/smb1/tree_spec.rb +4 -4
- data/spec/lib/ruby_smb/smb2/negotiate_context_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb2/tree_spec.rb +5 -5
- data/spec/spec_helper.rb +1 -1
- data.tar.gz.sig +3 -1
- metadata +30 -4
- metadata.gz.sig +0 -0
- data/.travis.yml +0 -6
- data/lib/ruby_smb/client/signing.rb +0 -64
@@ -501,16 +501,16 @@ RSpec.describe RubySMB::SMB1::Tree do
|
|
501
501
|
it 'calls #open_file with the provided options' do
|
502
502
|
opts[:filename] ='\\test'
|
503
503
|
expect(tree).to receive(:open_file).with(opts)
|
504
|
-
tree.open_pipe(opts)
|
504
|
+
tree.open_pipe(**opts)
|
505
505
|
end
|
506
506
|
|
507
507
|
it 'prepends the filename with \\ if needed' do
|
508
|
-
expect(tree).to receive(:open_file).with(
|
509
|
-
tree.open_pipe(opts)
|
508
|
+
expect(tree).to receive(:open_file).with(filename: '\\test', write: true)
|
509
|
+
tree.open_pipe(**opts)
|
510
510
|
end
|
511
511
|
|
512
512
|
it 'does not modify the original option hash' do
|
513
|
-
tree.open_pipe(opts)
|
513
|
+
tree.open_pipe(**opts)
|
514
514
|
expect(opts).to eq( { filename: 'test', write: true } )
|
515
515
|
end
|
516
516
|
end
|
@@ -162,7 +162,7 @@ RSpec.describe RubySMB::SMB2::CompressionCapabilities do
|
|
162
162
|
end
|
163
163
|
end
|
164
164
|
|
165
|
-
RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId
|
165
|
+
RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
|
166
166
|
subject(:capability) { described_class.new }
|
167
167
|
|
168
168
|
it { is_expected.to respond_to :net_name }
|
@@ -173,7 +173,7 @@ RSpec.describe RubySMB::SMB2::NetnameNegotiateContextId do
|
|
173
173
|
|
174
174
|
describe '#net_name' do
|
175
175
|
it 'is a unicode string' do
|
176
|
-
expect(capability.net_name).to be_a RubySMB::Field::
|
176
|
+
expect(capability.net_name).to be_a RubySMB::Field::String16
|
177
177
|
end
|
178
178
|
end
|
179
179
|
|
@@ -540,17 +540,17 @@ RSpec.describe RubySMB::SMB2::Tree do
|
|
540
540
|
|
541
541
|
it 'calls #open_file with the provided options' do
|
542
542
|
opts[:filename] ='test'
|
543
|
-
expect(tree).to receive(:open_file).with(opts)
|
544
|
-
tree.open_pipe(opts)
|
543
|
+
expect(tree).to receive(:open_file).with(**opts)
|
544
|
+
tree.open_pipe(**opts)
|
545
545
|
end
|
546
546
|
|
547
547
|
it 'remove the leading \\ from the filename if needed' do
|
548
|
-
expect(tree).to receive(:open_file).with(
|
549
|
-
tree.open_pipe(opts)
|
548
|
+
expect(tree).to receive(:open_file).with(filename: 'test', write: true)
|
549
|
+
tree.open_pipe(**opts)
|
550
550
|
end
|
551
551
|
|
552
552
|
it 'does not modify the original option hash' do
|
553
|
-
tree.open_pipe(opts)
|
553
|
+
tree.open_pipe(**opts)
|
554
554
|
expect(opts).to eq( { filename: '\\test', write: true } )
|
555
555
|
end
|
556
556
|
end
|
data/spec/spec_helper.rb
CHANGED
@@ -7,7 +7,7 @@ end
|
|
7
7
|
require 'coveralls'
|
8
8
|
require 'ruby_smb'
|
9
9
|
|
10
|
-
if ENV['
|
10
|
+
if ENV['CI'] == 'true'
|
11
11
|
# don't generate local report as it is inaccessible on travis-ci, which is
|
12
12
|
# why coveralls is being used.
|
13
13
|
SimpleCov.formatter = Coveralls::SimpleCov::Formatter
|
data.tar.gz.sig
CHANGED
@@ -1 +1,3 @@
|
|
1
|
-
|
1
|
+
)��3PIco�!�r
|
2
|
+
�.6� �;�D�H��r���Ɔ��#L�0�l��ǀ�ҫ��������p3����¡� ڥ P!�ˢA��b�$"�h�h<�Z\L�ӕ@��@E��oJ�U��[E�v{E=-���l���'~����\^�g?���ǰQ���5l�:��[Г��|��oy����`��Y�&[�!�jI���c6��<�Gec
|
3
|
+
nMj
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_smb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.0.
|
4
|
+
version: 2.0.11
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -97,7 +97,7 @@ cert_chain:
|
|
97
97
|
EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
|
98
98
|
9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
|
99
99
|
-----END CERTIFICATE-----
|
100
|
-
date:
|
100
|
+
date: 2021-08-25 00:00:00.000000000 Z
|
101
101
|
dependencies:
|
102
102
|
- !ruby/object:Gem::Dependency
|
103
103
|
name: redcarpet
|
@@ -246,10 +246,10 @@ executables: []
|
|
246
246
|
extensions: []
|
247
247
|
extra_rdoc_files: []
|
248
248
|
files:
|
249
|
+
- ".github/workflows/verify.yml"
|
249
250
|
- ".gitignore"
|
250
251
|
- ".rspec"
|
251
252
|
- ".simplecov"
|
252
|
-
- ".travis.yml"
|
253
253
|
- ".yardopts"
|
254
254
|
- CONTRIBUTING.md
|
255
255
|
- Gemfile
|
@@ -258,6 +258,7 @@ files:
|
|
258
258
|
- Rakefile
|
259
259
|
- examples/anonymous_auth.rb
|
260
260
|
- examples/append_file.rb
|
261
|
+
- examples/auth_capture.rb
|
261
262
|
- examples/authenticate.rb
|
262
263
|
- examples/delete_file.rb
|
263
264
|
- examples/enum_registry_key.rb
|
@@ -280,10 +281,11 @@ files:
|
|
280
281
|
- lib/ruby_smb/client/echo.rb
|
281
282
|
- lib/ruby_smb/client/encryption.rb
|
282
283
|
- lib/ruby_smb/client/negotiation.rb
|
283
|
-
- lib/ruby_smb/client/signing.rb
|
284
284
|
- lib/ruby_smb/client/tree_connect.rb
|
285
285
|
- lib/ruby_smb/client/utils.rb
|
286
286
|
- lib/ruby_smb/client/winreg.rb
|
287
|
+
- lib/ruby_smb/compression.rb
|
288
|
+
- lib/ruby_smb/compression/lznt1.rb
|
287
289
|
- lib/ruby_smb/crypto.rb
|
288
290
|
- lib/ruby_smb/dcerpc.rb
|
289
291
|
- lib/ruby_smb/dcerpc/bind.rb
|
@@ -345,6 +347,7 @@ files:
|
|
345
347
|
- lib/ruby_smb/dcerpc/winreg/regsam.rb
|
346
348
|
- lib/ruby_smb/dcerpc/winreg/save_key_request.rb
|
347
349
|
- lib/ruby_smb/dcerpc/winreg/save_key_response.rb
|
350
|
+
- lib/ruby_smb/dialect.rb
|
348
351
|
- lib/ruby_smb/dispatcher.rb
|
349
352
|
- lib/ruby_smb/dispatcher/base.rb
|
350
353
|
- lib/ruby_smb/dispatcher/socket.rb
|
@@ -379,12 +382,21 @@ files:
|
|
379
382
|
- lib/ruby_smb/fscc/file_information/file_rename_information.rb
|
380
383
|
- lib/ruby_smb/generic_packet.rb
|
381
384
|
- lib/ruby_smb/gss.rb
|
385
|
+
- lib/ruby_smb/gss/provider.rb
|
386
|
+
- lib/ruby_smb/gss/provider/authenticator.rb
|
387
|
+
- lib/ruby_smb/gss/provider/ntlm.rb
|
382
388
|
- lib/ruby_smb/impersonation_levels.rb
|
383
389
|
- lib/ruby_smb/nbss.rb
|
384
390
|
- lib/ruby_smb/nbss/negative_session_response.rb
|
385
391
|
- lib/ruby_smb/nbss/netbios_name.rb
|
386
392
|
- lib/ruby_smb/nbss/session_header.rb
|
387
393
|
- lib/ruby_smb/nbss/session_request.rb
|
394
|
+
- lib/ruby_smb/ntlm.rb
|
395
|
+
- lib/ruby_smb/server.rb
|
396
|
+
- lib/ruby_smb/server/server_client.rb
|
397
|
+
- lib/ruby_smb/server/server_client/negotiation.rb
|
398
|
+
- lib/ruby_smb/server/server_client/session_setup.rb
|
399
|
+
- lib/ruby_smb/signing.rb
|
388
400
|
- lib/ruby_smb/smb1.rb
|
389
401
|
- lib/ruby_smb/smb1/andx_block.rb
|
390
402
|
- lib/ruby_smb/smb1/bit_field.rb
|
@@ -526,6 +538,7 @@ files:
|
|
526
538
|
- lib/ruby_smb/version.rb
|
527
539
|
- ruby_smb.gemspec
|
528
540
|
- spec/lib/ruby_smb/client_spec.rb
|
541
|
+
- spec/lib/ruby_smb/compression/lznt1_spec.rb
|
529
542
|
- spec/lib/ruby_smb/crypto_spec.rb
|
530
543
|
- spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb
|
531
544
|
- spec/lib/ruby_smb/dcerpc/bind_spec.rb
|
@@ -610,10 +623,16 @@ files:
|
|
610
623
|
- spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
|
611
624
|
- spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
|
612
625
|
- spec/lib/ruby_smb/generic_packet_spec.rb
|
626
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
|
627
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
|
628
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
|
629
|
+
- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
|
613
630
|
- spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
|
614
631
|
- spec/lib/ruby_smb/nbss/netbios_name_spec.rb
|
615
632
|
- spec/lib/ruby_smb/nbss/session_header_spec.rb
|
616
633
|
- spec/lib/ruby_smb/nbss/session_request_spec.rb
|
634
|
+
- spec/lib/ruby_smb/server/server_client_spec.rb
|
635
|
+
- spec/lib/ruby_smb/server_spec.rb
|
617
636
|
- spec/lib/ruby_smb/smb1/andx_block_spec.rb
|
618
637
|
- spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
|
619
638
|
- spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb
|
@@ -760,6 +779,7 @@ specification_version: 4
|
|
760
779
|
summary: A pure Ruby implementation of the SMB Protocol Family
|
761
780
|
test_files:
|
762
781
|
- spec/lib/ruby_smb/client_spec.rb
|
782
|
+
- spec/lib/ruby_smb/compression/lznt1_spec.rb
|
763
783
|
- spec/lib/ruby_smb/crypto_spec.rb
|
764
784
|
- spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb
|
765
785
|
- spec/lib/ruby_smb/dcerpc/bind_spec.rb
|
@@ -844,10 +864,16 @@ test_files:
|
|
844
864
|
- spec/lib/ruby_smb/fscc/file_information/file_rename_information_spec.rb
|
845
865
|
- spec/lib/ruby_smb/fscc/fscc_file_attributes_spec.rb
|
846
866
|
- spec/lib/ruby_smb/generic_packet_spec.rb
|
867
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/account_spec.rb
|
868
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb
|
869
|
+
- spec/lib/ruby_smb/gss/provider/ntlm/os_version_spec.rb
|
870
|
+
- spec/lib/ruby_smb/gss/provider/ntlm_spec.rb
|
847
871
|
- spec/lib/ruby_smb/nbss/negative_session_response_spec.rb
|
848
872
|
- spec/lib/ruby_smb/nbss/netbios_name_spec.rb
|
849
873
|
- spec/lib/ruby_smb/nbss/session_header_spec.rb
|
850
874
|
- spec/lib/ruby_smb/nbss/session_request_spec.rb
|
875
|
+
- spec/lib/ruby_smb/server/server_client_spec.rb
|
876
|
+
- spec/lib/ruby_smb/server_spec.rb
|
851
877
|
- spec/lib/ruby_smb/smb1/andx_block_spec.rb
|
852
878
|
- spec/lib/ruby_smb/smb1/bit_field/capabilities_spec.rb
|
853
879
|
- spec/lib/ruby_smb/smb1/bit_field/create_options_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|
data/.travis.yml
DELETED
@@ -1,64 +0,0 @@
|
|
1
|
-
module RubySMB
|
2
|
-
class Client
|
3
|
-
# Contains the methods for handling packet signing
|
4
|
-
module Signing
|
5
|
-
# The NTLM Session Key used for signing
|
6
|
-
# @!attribute [rw] session_key
|
7
|
-
# @return [String]
|
8
|
-
attr_accessor :session_key
|
9
|
-
|
10
|
-
# Take an SMB1 packet and checks to see if it should be signed.
|
11
|
-
# If signing is enabled and we have a session key already, then
|
12
|
-
# it will sign the packet appropriately.
|
13
|
-
#
|
14
|
-
# @param packet [RubySMB::GenericPacket] the packet to sign
|
15
|
-
# @return [RubySMB::GenericPacket] the packet, signed if needed
|
16
|
-
def smb1_sign(packet)
|
17
|
-
if signing_required && !session_key.empty?
|
18
|
-
# Pack the Sequence counter into a int64le
|
19
|
-
packed_sequence_counter = [sequence_counter].pack('Q<')
|
20
|
-
packet.smb_header.security_features = packed_sequence_counter
|
21
|
-
signature = OpenSSL::Digest::MD5.digest(session_key + packet.to_binary_s)[0, 8]
|
22
|
-
packet.smb_header.security_features = signature
|
23
|
-
self.sequence_counter += 1
|
24
|
-
end
|
25
|
-
packet
|
26
|
-
end
|
27
|
-
|
28
|
-
# Take an SMB2 packet and checks to see if it should be signed.
|
29
|
-
# If signing is enabled and we have a session key already, then
|
30
|
-
# it will sign the packet appropriately.
|
31
|
-
#
|
32
|
-
# @param packet [RubySMB::GenericPacket] the packet to sign
|
33
|
-
# @return [RubySMB::GenericPacket] the packet, signed if needed
|
34
|
-
def smb2_sign(packet)
|
35
|
-
if signing_required && !session_key.empty?
|
36
|
-
packet.smb2_header.flags.signed = 1
|
37
|
-
packet.smb2_header.signature = "\x00" * 16
|
38
|
-
hmac = OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, session_key, packet.to_binary_s)
|
39
|
-
packet.smb2_header.signature = hmac[0, 16]
|
40
|
-
end
|
41
|
-
packet
|
42
|
-
end
|
43
|
-
|
44
|
-
def smb3_sign(packet)
|
45
|
-
if !session_key.empty? && (signing_required || packet.is_a?(RubySMB::SMB2::Packet::TreeConnectRequest))
|
46
|
-
case @dialect
|
47
|
-
when '0x0300', '0x0302'
|
48
|
-
signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMB2AESCMAC\x00", "SmbSign\x00")
|
49
|
-
when '0x0311'
|
50
|
-
signing_key = RubySMB::Crypto::KDF.counter_mode(@session_key, "SMBSigningKey\x00", @preauth_integrity_hash_value)
|
51
|
-
else
|
52
|
-
raise RubySMB::Error::SigningError.new('Dialect is incompatible with SMBv3 signing')
|
53
|
-
end
|
54
|
-
|
55
|
-
packet.smb2_header.flags.signed = 1
|
56
|
-
packet.smb2_header.signature = "\x00" * 16
|
57
|
-
hmac = OpenSSL::CMAC.digest('AES', signing_key, packet.to_binary_s)
|
58
|
-
packet.smb2_header.signature = hmac[0, 16]
|
59
|
-
end
|
60
|
-
packet
|
61
|
-
end
|
62
|
-
end
|
63
|
-
end
|
64
|
-
end
|