RubyGems - ruby_smb - Versions diffs - 3.0.5 → 3.1.1 - Mend

ruby_smb 3.0.5 → 3.1.1

Files changed (110) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3a4881649381520e25f5f014f66baac4130dd8a58d4eadd3476198fec3fc9e8d
-  data.tar.gz: 809b581025c19ab7ca1162a7b73d342d63b24edd77835744191a0d7c930425fd
+  metadata.gz: 5567054608b80da9be641c717d1d8b69e71452fb2fc67c2e390d9a6a34fb19d3
+  data.tar.gz: 0b439033b20bd578414e51d56d98ee4ccc4d44c60e6248bf0b8ad37a33b0fd6d
 SHA512:
-  metadata.gz: 4e340189b0ae87ec98e7ca6bde9d4c30c1eb3a0d3e1f69383869e4803bf3d3d9bbc502cef143a83bad9f91dc1de10ca3bcd4132a8d518a1bb2121a7d4490309d
-  data.tar.gz: 0c7198d84416da8b995e50c17f7826abba21affa03cc1c2404e2e2ecaac1322178f76c356d8d026c4a75b7e9d356bd134f1a0df12fe327eca1240b87afaeee0d
+  metadata.gz: 19ad76e3ed2e1902141aac772cd7908de06b402414b787e7f2371584e5cee6fc1cf82e9b80dce10ae0599082ee65a4dbd4f6c62a3c32bd3b154d47de25944b20
+  data.tar.gz: dd970aad2f91aec70671b7364438ee7df79908c552a6826aad99318e10fb63b6ebcad5929f131fa4284ff5531c189061a83f499203188ac919dc74e6007d422f

checksums.yaml.gz.sig CHANGED Viewed

@@ -1,3 +1,2 @@
-����I�J��%���vV�
-�{Z���z<6�]�
-u��_A7��*�L)�X��N��c
+��Gӹ������=�|)�і��c�澫W^P��&d����Lx�<����L��A 8���y(�Չ���2+�\O,�S�o�Gɲ�)����5ו�����L�(@���Ea���ܴo��f� d!��4zn�2t�_��%9��[�?Y!�*Bﳯ���Wa���nO�c�Oz	�`x�Z|n"V��d,���H���@�����V��
+�|�A�C���\�~ۀ.�T)?	~\G��kG��z���	����}'>

data/.github/workflows/verify.yml CHANGED Viewed

@@ -17,10 +17,10 @@ jobs:
       fail-fast: true
       matrix:
         ruby:
-          - 2.5
           - 2.6
           - 2.7
           - 3.0.3
+          - 3.1.1
         test_cmd:
           - bundle exec rspec

data/.simplecov CHANGED Viewed

@@ -2,7 +2,7 @@
 # controlled by running with coverage, so don't explicitly start coverage (and
 # therefore generate a report) when in Rubymine.  This _will_ generate a report
 # whenever `rake spec` is run.
-unless ENV['RM_INFO']
+unless ENV['RM_INFO'] || SimpleCov.running
   SimpleCov.start
 end

data/CONTRIBUTING.md CHANGED Viewed

@@ -1,8 +1,33 @@
 # Contributing
+## Versioning
+RubySMB attempts to follow [the Semantic Versioning 2.0.0](https://semver.org/) standard, however due to certain key architectural qualities, some reservations are made regarding what will trigger major and minor version bumps. A large component of RubySMB are the data definitions written using [BinData](https://github.com/dmendel/bindata). These definitions are implemented in an incremental fashion, causing some to be missing while others are only partially implemented (particularly in cases where fields are dependent on other types that may or may not be defined). Because of this, the RubySMB project reserves the right to update these definitions without incrementing the major version. In most cases, the definitions and their fields do not need to be used to perform standard operations such as connecting to, authenticating to and reading a file from a remote SMB server. The API provided by non-BinData objects will remain stable across minor versions, with backwards incompatible changes triggering a major version bump. Backwards incompatible changes to data structure definitions in BinData will cause the RubySMB maintianers to perform a minor version bump. These changes include but are not limited to:
+* Changes to the class name due to how BinData's internal registration works
+* Their field names which may be updated to avoid conflicts
+* Their field types which may be extended with more functionality or switched from integers to full-flag based definitions
+### Usage Examples
+The following two examples show dangerous operations that may not be stable across minor version bumps, and safe operations.
+```
+# dangerous operation, the BinData object name (TransformHeader) may change in the future
+header = RubySMB::SMB2::Packet::TransformHeader.read(raw_request)
+# also dangerous operation, the field name may change in the future
+header.flags = 0
+```
+```
+# safe operation, the API exposed on the Client won't change without a major version bump
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
+# safe operation, methods on non-BinData objects won't change without a major version bump
+protocol = client.negotiate
+```
 ## Forking
-[Fork this repository](https://github.com/rapid7/smb2/fork)
+[Fork this repository](https://github.com/rapid7/ruby_smb/fork)
 ## Branching
@@ -14,7 +39,7 @@ Branch names follow the format `TYPE/ISSUE/SUMMARY`.  You can create it with `gi
 ### `ISSUE`
-`ISSUE` is either a [Github issue](https://github.com/rapid7/smb2/issues) or an issue from some other
+`ISSUE` is either a [Github issue](https://github.com/rapid7/ruby_smb/issues) or an issue from some other
 issue tracking software.
 ### `SUMMARY`
@@ -49,7 +74,7 @@ Push your branch to your fork on gitub: `git push TYPE/ISSUE/SUMMARY`
 ### Pull Request
-* [Create new Pull Request](https://github.com/rapid7/smb2/compare/)
+* [Create new Pull Request](https://github.com/rapid7/ruby_smb/compare/)
 * Add a Verification Steps to the description comment
 ```

data/README.md CHANGED Viewed

@@ -12,6 +12,12 @@ The RubySMB library provides client-level and packet-level support for the proto
 See the Wiki for more information on this project's long-term goals, style guide, and developer tips.
+## Versioning
+RubySMB attempts to follow [the Semantic Versioning 2.0.0](https://semver.org/) standard, however due to certain key architectural qualities, some reservations are made regarding what will trigger major and minor version bumps. Upstream consumers utilizing higher-level SMB operations can lock to minor (`~= 3.0`) versions however consumers utilizing raw SMB packet manipulation are recommended to set restrictions for compatibility to allow update resolution for patch versions (`~= 3.0.0`).
 ## Installation
 Add this line to your application's Gemfile:
@@ -34,6 +40,8 @@ Or install it yourself as:
 All packets are implemented in a declarative style with BinData. Nested data structures are used where appropriate to give users an easy method of manipulating individual fields inside of a packet.
+Note that these packets are defined using [BinData](https://github.com/dmendel/bindata) and that their struction is subject to change across minor version bumps. See [CONTRIBUTING.md](https://github.com/rapid7/ruby_smb/blob/master/CONTRIBUTING.md#versioning) for more information.
 #### SMB1
 SMB1 Packets are made up of three basic components:

data/examples/pwsh_service.rb ADDED Viewed

@@ -0,0 +1,112 @@
+#!/usr/bin/ruby
+# This example script is used for launching a powershell command as a service on a host.
+# It will attempt to connect to a host and create a new service to launch the command using powershell.exe.
+# Example usage: ruby pwsh_service.rb --username msfadmin --password msfadmin 192.168.172.138 "echo test > C:\\Users\\User\\Desktop\\test.txt"
+# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin credentials and create a new service to run the powershell command.
+def random_string(length)
+  return (1..length).map { (('a'..'z').to_a + ('A'..'Z').to_a)[rand(26*2)] }.join
+end
+require 'bundler/setup'
+require 'optparse'
+require 'ruby_smb'
+args = ARGV.dup
+options = {
+  domain: '.',
+  username: '',
+  password: '',
+  command: nil,
+  smbv1: true,
+  smbv2: true,
+  smbv3: true,
+  target: nil
+}
+options[:command] = args.pop
+options[:target] = args.pop
+optparser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{File.basename(__FILE__)} [options] target command"
+  opts.on("--[no-]smbv1", "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
+    options[:smbv1] = smbv1
+  end
+  opts.on("--[no-]smbv2", "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
+    options[:smbv2] = smbv2
+  end
+  opts.on("--[no-]smbv3", "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
+    options[:smbv3] = smbv3
+  end
+  opts.on("--username USERNAME", "The account's username (default: #{options[:username]})") do |username|
+    if username.include?('\\')
+      options[:domain], options[:username] = username.split('\\', 2)
+    else
+      options[:username] = username
+    end
+  end
+  opts.on("--password PASSWORD", "The account's password (default: #{options[:password]})") do |password|
+    options[:password] = password
+  end
+end
+optparser.parse!(args)
+if options[:target].nil? || options[:command].nil?
+  abort(optparser.help)
+end
+sock = TCPSocket.new options[:target], 445
+dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
+client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
+protocol = client.negotiate
+status = client.authenticate
+puts "#{protocol} : #{status}"
+tree = client.tree_connect("\\\\#{options[:target]}\\IPC$")
+svcctl = tree.open_file(filename: 'svcctl', write: true, read: true)
+puts('Binding to \\svcctl...')
+svcctl.bind(endpoint: RubySMB::Dcerpc::Svcctl)
+puts('Bound to \\svcctl')
+puts('Opening Service Control Manager')
+scm_handle = svcctl.open_sc_manager_w(options[:target])
+service_name = random_string(8)
+display_name = random_string(8)
+binary_path_name = "%COMSPEC% /c start /b /min powershell.exe -nop -win hid -noni -en #{[options[:command].encode("UTF-16LE")].pack("m0")}"
+puts "Full Command: #{binary_path_name}"
+svc_handle = svcctl.create_service_w(scm_handle, service_name, display_name, binary_path_name)
+puts('Created new service')
+svcctl.close_service_handle(svc_handle)
+puts('Opening the service')
+svc_handle = svcctl.open_service_w(scm_handle, service_name)
+puts('Starting the service')
+begin
+  svcctl.start_service_w(svc_handle)
+rescue RubySMB::Dcerpc::Error::SvcctlError => e
+  if e.message.include?('ERROR_SERVICE_REQUEST_TIMEOUT')
+    puts "Service start timed out, OK if running a command or non-service executable..."
+  else
+    puts "Service start error: #{e}"
+  end
+end
+puts('Deleting the service')
+svcctl.delete_service(svc_handle)
+puts('Closing Service Control Manager')
+svcctl.close_service_handle(scm_handle)
+puts('Done')
+client.disconnect!

data/lib/ruby_smb/client/encryption.rb CHANGED Viewed

@@ -4,18 +4,24 @@ module RubySMB
     module Encryption
       def smb3_encrypt(data)
         unless @client_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerIn \x00"
+              "ServerIn \x00",
+              length: key_bit_len
             )
           when '0x0311'
             @client_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBC2SCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 encryption')
@@ -33,18 +39,24 @@ module RubySMB
       def smb3_decrypt(th)
         unless @server_encryption_key
+          raise RubySMB::Error::EncryptionError.new('The encryption algorithm has not been set') if @encryption_algorithm.nil?
+          key_bit_len = OpenSSL::Cipher.new(@encryption_algorithm).key_len * 8
           case @dialect
           when '0x0300', '0x0302'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMB2AESCCM\x00",
-              "ServerOut\x00"
+              "ServerOut\x00",
+              length: key_bit_len
             )
           when '0x0311'
             @server_encryption_key = RubySMB::Crypto::KDF.counter_mode(
               @session_key,
               "SMBS2CCipherKey\x00",
-              @preauth_integrity_hash_value
+              @preauth_integrity_hash_value,
+              length: key_bit_len
             )
           else
             raise RubySMB::Error::EncryptionError.new('Dialect is incompatible with SMBv3 decryption')

data/lib/ruby_smb/client/negotiation.rb CHANGED Viewed

@@ -5,7 +5,7 @@ module RubySMB
     module Negotiation
       # Handles the entire SMB Multi-Protocol Negotiation from the
       # Client to the Server. It sets state on the client appropriate
-      # to the protocol and capabilites negotiated during the exchange.
+      # to the protocol and capabilities negotiated during the exchange.
       # It also keeps track of the negotiated dialect.
       #
       # @return [void]
@@ -23,13 +23,13 @@ module RubySMB
           update_preauth_hash(response_packet)
         end
-        # If the response contains the SMB2 wildcard revision number dialect;
-        # it indicates that the server implements SMB 2.1 or future dialect
-        # revisions and expects the client to send a subsequent SMB2 Negotiate
-        # request to negotiate the actual SMB 2 Protocol revision to be used.
-        # The wildcard revision number is sent only in response to a
+        # If the response contains an SMB2 dialect and the request was SMB1;
+        # it indicates that the server supports SMB2 and wants to upgrade the
+        # connection. The server expects the client to send a subsequent SMB2
+        # Negotiate request to negotiate the actual SMB 2 Protocol revision to
+        # be used. The wildcard revision number is sent only in response to a
         # multi-protocol negotiate request with the "SMB 2.???" dialect string.
-        if @dialect == '0x02ff'
+        if request_packet.packet_smb_version == 'SMB1' && RubySMB::Dialect[@dialect]&.order == RubySMB::Dialect::ORDER_SMB2
           self.smb2_message_id += 1
           version = negotiate
         end
@@ -265,8 +265,10 @@ module RubySMB
           nc = RubySMB::SMB2::NegotiateContext.new(
             context_type: RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
           )
-          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_256_CCM
           nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
+          nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM
           packet.add_negotiate_context(nc)
           nc = RubySMB::SMB2::NegotiateContext.new(

data/lib/ruby_smb/dcerpc/request.rb CHANGED Viewed

@@ -48,6 +48,7 @@ module RubySMB
         end
         choice 'Svcctl', selection: -> { opnum } do
           open_sc_manager_w_request       Svcctl::OPEN_SC_MANAGER_W
+          create_service_w_request        Svcctl::CREATE_SERVICE_W
           open_service_w_request          Svcctl::OPEN_SERVICE_W
           query_service_status_request    Svcctl::QUERY_SERVICE_STATUS
           query_service_config_w_request  Svcctl::QUERY_SERVICE_CONFIG_W
@@ -55,6 +56,7 @@ module RubySMB
           start_service_w_request         Svcctl::START_SERVICE_W
           control_service_request         Svcctl::CONTROL_SERVICE
           close_service_handle_request    Svcctl::CLOSE_SERVICE_HANDLE
+          delete_service_request          Svcctl::DELETE_SERVICE
           string                          :default
         end
         choice 'Samr', selection: -> { opnum } do

data/lib/ruby_smb/dcerpc/svcctl/create_service_w_request.rb ADDED Viewed

@@ -0,0 +1,35 @@
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.12 RCreateServiceW (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6a8ca926-9477-4dd4-b766-692fab07227e)
+      class CreateServiceWRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sc_rpc_handle             :h_sc_object
+        ndr_conf_var_wide_stringz :lp_service_name
+        ndr_wide_stringz_ptr      :lp_display_name
+        ndr_uint32                :dw_desired_access
+        ndr_uint32                :dw_service_type
+        ndr_uint32                :dw_start_type
+        ndr_uint32                :dw_error_control
+        ndr_conf_var_wide_stringz :lp_binary_path_name
+        ndr_wide_stringz_ptr      :lp_load_order_group
+        ndr_uint32_ptr            :lp_dw_tag_id
+        svcctl_byte_array_ptr     :lp_dependencies, type: :ndr_uint8
+        ndr_uint32                :dw_depend_size, initial_value: -> { lp_dependencies.size }
+        ndr_wide_stringz_ptr      :lp_service_start_name
+        svcctl_byte_array_ptr     :lp_password, type: :ndr_uint8
+        ndr_uint32                :dw_pw_size, initial_value: -> { lp_password.size }
+        def initialize_instance
+          super
+          @opnum = CREATE_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl/create_service_w_response.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.12 RCreateServiceW (Opnum 12)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6a8ca926-9477-4dd4-b766-692fab07227e)
+      class CreateServiceWResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_uint32_ptr :lp_dw_tag_id
+        sc_rpc_handle  :lp_sc_handle
+        ndr_uint32     :error_status
+        def initialize_instance
+          super
+          @opnum = CREATE_SERVICE_W
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl/delete_service_request.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.2 RDeleteService (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6744cdb8-f162-4be0-bb31-98996b6495be)
+      class DeleteServiceRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        sc_rpc_handle             :lp_sc_handle
+        def initialize_instance
+          super
+          @opnum = DELETE_SERVICE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl/delete_service_response.rb ADDED Viewed

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module Svcctl
+      # [3.1.4.2 RDeleteService (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-scmr/6744cdb8-f162-4be0-bb31-98996b6495be)
+      class DeleteServiceResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_uint32                :error_status
+        def initialize_instance
+          super
+          @opnum = DELETE_SERVICE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/svcctl.rb CHANGED Viewed

@@ -9,8 +9,10 @@ module RubySMB
       # Operation numbers
       CLOSE_SERVICE_HANDLE    = 0x0000
       CONTROL_SERVICE         = 0x0001
+      DELETE_SERVICE          = 0x0002
       QUERY_SERVICE_STATUS    = 0x0006
       CHANGE_SERVICE_CONFIG_W = 0x000B
+      CREATE_SERVICE_W        = 0x000C
       OPEN_SC_MANAGER_W       = 0x000F
       OPEN_SERVICE_W          = 0x0010
       QUERY_SERVICE_CONFIG_W  = 0x0011
@@ -19,6 +21,10 @@ module RubySMB
       class ScRpcHandle < Ndr::NdrContextHandle; end
+      class SvcctlByteArrayPtr < Ndr::NdrConfArray
+        default_parameters type: :ndr_uint8
+        extend Ndr::PointerClassPlugin
+      end
       #################################
       #           Constants           #
@@ -254,10 +260,14 @@ module RubySMB
       require 'ruby_smb/dcerpc/svcctl/open_service_w_response'
       require 'ruby_smb/dcerpc/svcctl/query_service_status_request'
       require 'ruby_smb/dcerpc/svcctl/query_service_status_response'
+      require 'ruby_smb/dcerpc/svcctl/delete_service_request'
+      require 'ruby_smb/dcerpc/svcctl/delete_service_response'
       require 'ruby_smb/dcerpc/svcctl/query_service_config_w_request'
       require 'ruby_smb/dcerpc/svcctl/query_service_config_w_response'
       require 'ruby_smb/dcerpc/svcctl/change_service_config_w_request'
       require 'ruby_smb/dcerpc/svcctl/change_service_config_w_response'
+      require 'ruby_smb/dcerpc/svcctl/create_service_w_request'
+      require 'ruby_smb/dcerpc/svcctl/create_service_w_response'
       require 'ruby_smb/dcerpc/svcctl/start_service_w_request'
       require 'ruby_smb/dcerpc/svcctl/start_service_w_response'
       require 'ruby_smb/dcerpc/svcctl/control_service_request'
@@ -289,10 +299,41 @@ module RubySMB
         open_sc_manager_w_response.lp_sc_handle
       end
+      # Creates an RPC context handle to a new service record.
+      #
+      # @param scm_handle [RubySMB::Dcerpc::Svcctl::ScRpcHandle] handle to the SCM database
+      # @param service_name [String] the ServiceName of the service record
+      # @param display_name [String] the DisplayName of the service record
+      # @param binary_path_name [String] the BinaryPathName of the service record
+      # @return [RubySMB::Dcerpc::Svcctl::ScRpcHandle] handle to the created service record
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a CreateServiceWResponse packet
+      # @raise [RubySMB::Dcerpc::Error::SvcctlError] if the response error status is not ERROR_SUCCESS
+      def create_service_w(scm_handle, service_name, display_name, binary_path_name)
+        create_service_w_request = CreateServiceWRequest.new(dw_desired_access: SERVICE_ALL_ACCESS)
+        create_service_w_request.dw_service_type = SERVICE_INTERACTIVE_PROCESS | SERVICE_WIN32_OWN_PROCESS
+        create_service_w_request.dw_start_type = SERVICE_DEMAND_START
+        create_service_w_request.h_sc_object = scm_handle
+        create_service_w_request.lp_service_name = service_name
+        create_service_w_request.lp_display_name = display_name
+        create_service_w_request.lp_binary_path_name = binary_path_name
+        response = dcerpc_request(create_service_w_request)
+        begin
+          create_service_w_response = CreateServiceWResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading CreateServiceWResponse'
+        end
+        unless create_service_w_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+          raise RubySMB::Dcerpc::Error::SvcctlError,
+            "Error returned when creating #{service_name} service: "\
+            "#{WindowsError::Win32.find_by_retval(create_service_w_response.error_status.value).join(',')}"
+        end
+        create_service_w_response.lp_sc_handle
+      end
       # Creates an RPC context handle to an existing service record.
       #
       # @param scm_handle [RubySMB::Dcerpc::Svcctl::ScRpcHandle] handle to the SCM database
-      # @param service_name [Srting] the ServiceName of the service record
+      # @param service_name [String] the ServiceName of the service record
       # @param access [Integer] access right
       # @return [RubySMB::Dcerpc::Svcctl::ScRpcHandle] handle to the found service record
       # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a OpenServiceWResponse packet
@@ -303,16 +344,16 @@ module RubySMB
         open_service_w_request.lp_service_name = service_name
         response = dcerpc_request(open_service_w_request)
         begin
-          open_sercice_w_response = OpenServiceWResponse.read(response)
+          open_service_w_response = OpenServiceWResponse.read(response)
         rescue IOError
           raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading OpenServiceWResponse'
         end
-        unless open_sercice_w_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+        unless open_service_w_response.error_status == WindowsError::Win32::ERROR_SUCCESS
           raise RubySMB::Dcerpc::Error::SvcctlError,
             "Error returned when opening #{service_name} service: "\
-            "#{WindowsError::Win32.find_by_retval(open_sercice_w_response.error_status.value).join(',')}"
+            "#{WindowsError::Win32.find_by_retval(open_service_w_response.error_status.value).join(',')}"
         end
-        open_sercice_w_response.lp_sc_handle
+        open_service_w_response.lp_sc_handle
       end
       # Returns the current status of the specified service
@@ -472,6 +513,26 @@ module RubySMB
             "#{WindowsError::Win32.find_by_retval(csh_response.error_status.value).join(',')}"
         end
       end
+      # Deletes the specified service
+      #
+      # @param scm_handle [RubySMB::Dcerpc::Svcctl::ScRpcHandle] handle to the service record
+      # @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a DeleteServiceResponse packet
+      # @raise [RubySMB::Dcerpc::Error::SvcctlError] if the response error status is not ERROR_SUCCESS
+      def delete_service(svc_handle)
+        ds_request = DeleteServiceRequest.new(lp_sc_handle: svc_handle)
+        response = dcerpc_request(ds_request)
+        begin
+          ds_response = DeleteServiceResponse.read(response)
+        rescue IOError
+          raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading DeleteServiceResponse'
+        end
+        unless ds_response.error_status == WindowsError::Win32::ERROR_SUCCESS
+         raise RubySMB::Dcerpc::Error::SvcctlError,
+           "Error returned when deleting the service: "\
+           "#{WindowsError::Win32.find_by_retval(ds_response.error_status.value).join(',')}"
+        end
+      end
     end
   end
 end

data/lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module RubySMB
           super
           @opnum = get_parameter(:opnum) if has_parameter?(:opnum)
           self.server_name = :null
-          self.sam_desired.maximum = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
+          self.sam_desired.maximum_allowed = 1 unless [OPEN_HKPD, OPEN_HKPT, OPEN_HKPN].include?(@opnum)
         end
       end

data/lib/ruby_smb/dcerpc/winreg/regsam.rb CHANGED Viewed

@@ -33,7 +33,7 @@ module RubySMB
         bit1    :generic_execute,        label: 'Generic Execute'
         bit1    :generic_all,            label: 'Generic All'
         bit2    :reserved4,              label: 'Reserved Space'
-        bit1    :maximum,                label: 'Maximum Allowed'
+        bit1    :maximum_allowed,        label: 'Maximum Allowed'
         bit1    :system_security,        label: 'System Security'
       end

data/lib/ruby_smb/dcerpc/winreg.rb CHANGED Viewed

@@ -274,7 +274,7 @@ module RubySMB
           lp_sub_key:             sub_key,
           lp_class:               opts[:lp_class] || :null,
           dw_options:             opts[:dw_options] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_KEY_TYPE_VOLATILE,
-          sam_desired:            opts[:sam_desired] || RubySMB::Dcerpc::Winreg::Regsam.new(maximum: 1),
+          sam_desired:            opts[:sam_desired] || RubySMB::Dcerpc::Winreg::Regsam.new(maximum_allowed: 1),
           lp_security_attributes: opts[:lp_security_attributes] || RubySMB::Dcerpc::RpcSecurityAttributes.new,
           lpdw_disposition:       opts[:lpdw_disposition] || RubySMB::Dcerpc::Winreg::CreateKeyRequest::REG_CREATED_NEW_KEY,
         }

data/lib/ruby_smb/fscc/file_information.rb CHANGED Viewed

@@ -65,6 +65,10 @@ module RubySMB
       # [2.2.2.3.5 Pass-through Information Level Codes](https://msdn.microsoft.com/en-us/library/ff470158.aspx)
       SMB_INFO_PASSTHROUGH               = 0x03e8
+      def self.name(value)
+        constants.select { |c| c.upcase == c }.find { |c| const_get(c) == value }
+      end
       # The FILE_NAME_INFORMATION type as defined in
       # https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/20406fb1-605f-4629-ba9a-c67ee25f23d2
       class FileNameInformation < BinData::Record

data/lib/ruby_smb/gss/provider/ntlm.rb CHANGED Viewed

@@ -78,6 +78,10 @@ module RubySMB
                 msg.flag |= NTLM::NEGOTIATE_FLAGS.fetch(flag)
               end
+              if type1_msg.flag & NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY] == NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+                msg.flag |= NTLM::NEGOTIATE_FLAGS[:EXTENDED_SECURITY]
+              end
               @server_challenge = @provider.generate_server_challenge
               msg.challenge = @server_challenge.unpack1('Q<') # 64-bit unsigned, little endian (uint64_t)
               target_info = Net::NTLM::TargetInfo.new('')