ruby_smb 3.2.4 → 3.2.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 8f850321711ac70e25f6b483f82454520f2b567cc349ee02eb99bba5c48dfeb4
-  data.tar.gz: 22ee0ab297710e76071fa8302165b903b39d211205ca1d6b95d697bf3eecae67
+  metadata.gz: 94370417b66a804dd7d24a57070fe9e5accf48f042baf4cbc56ead2227b92bd5
+  data.tar.gz: 5f130535d6ccf03dd60c9fc879b0bb050d328c4906f40a702260370c24ac52a3
 SHA512:
-  metadata.gz: 8708897bda47dd2c07b064eaafbbfe8641af469a1b5688a98bbef9e38119675de9ce52287fdb00c75f908e29e70499d14203fc53a11c6824691c315a5ebeb746
-  data.tar.gz: aad169c776223bb67198ba223f0b53d640706540f67ec125d4527a05fa4ac8c42676588b84f5e0385c4db846631783159c2a44801964284b6ae0b78b83c0a031
+  metadata.gz: fcc08f98211ef0970ab0cedd56f5955d9ca3f52235b2751a84972036b67f3b2f2c3fd07c22919e8522d4ad1876d43ca3099a1286140abedece7f399f0dc871bf
+  data.tar.gz: a4fe143def77e9e85fb40e44dfb5f33be4fb8499c4aff196ded4ad1710f84f278be70752fd9a4827cbc66e1afe299716f80854a74492998fb26c5cd6f6572a7d

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request.rb

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.6 Receiving an EfsRpcDecryptFileSrv Message (Opnum 5)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/043715de-caee-402a-a61b-921743337e78)
+      class EfsRpcDecryptFileSrvRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+        ndr_uint32                :open_flag
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_DECRYPT_FILE_SRV
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.6 Receiving an EfsRpcDecryptFileSrv Message (Opnum 5)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/043715de-caee-402a-a61b-921743337e78)
+      class EfsRpcDecryptFileSrvResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_uint32         :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_DECRYPT_FILE_SRV
+        end
+      end
+
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.8 Receiving an EfsRpcQueryRecoveryAgents Message (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/cf759c00-1b90-4c33-9ace-f51c20149cea)
+      class EfsRpcQueryRecoveryAgentsRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_RECOVERY_AGENTS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.8 Receiving an EfsRpcQueryRecoveryAgents Message (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/cf759c00-1b90-4c33-9ace-f51c20149cea)
+      class EfsRpcQueryRecoveryAgentsResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        encryption_certificate_hash_list_ptr :recover_agents
+        ndr_uint32                           :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_RECOVERY_AGENTS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request.rb

@@ -0,0 +1,20 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.7 Receiving an EfsRpcQueryUsersOnFile Message (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/a058dc6c-bb7e-491c-9143-a5cb1f7e7cea)
+      class EfsRpcQueryUsersOnFileRequest < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        ndr_conf_var_wide_stringz :file_name
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_USERS_ON_FILE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response.rb

@@ -0,0 +1,21 @@
+module RubySMB
+  module Dcerpc
+    module EncryptingFileSystem
+
+      # [3.1.4.2.7 Receiving an EfsRpcQueryUsersOnFile Message (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/a058dc6c-bb7e-491c-9143-a5cb1f7e7cea)
+      class EfsRpcQueryUsersOnFileResponse < BinData::Record
+        attr_reader :opnum
+
+        endian :little
+
+        encryption_certificate_hash_list_ptr :users
+        ndr_uint32                           :error_status
+
+        def initialize_instance
+          super
+          @opnum = EFS_RPC_QUERY_USERS_ON_FILE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/encrypting_file_system.rb

@@ -35,10 +35,62 @@ module RubySMB
       OVERWRITE_HIDDEN = 0x00000004
       EFS_DROP_ALTERNATE_STREAMS = 0x00000010
 
+      # [2.2.7 EFS_HASH_BLOB](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/242d857f-ac8e-4cc8-b5e4-9314a942f45e)
+      class EfsHashBlob < Ndr::NdrStruct
+        endian :little
+        default_parameter byte_align: 4
+
+        ndr_uint32   :cb_data
+        ndr_byte_conf_array_ptr :b_data
+      end
+
+      class EfsHashBlobPtr < EfsHashBlob
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.10 ENCRYPTION_CERTIFICATE_HASH](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/3a7e7151-edcb-4b32-a119-35cdce1584c0)
+      class EncryptionCertificateHash < Ndr::NdrStruct
+        endian :little
+        default_parameter byte_align: 4
+
+        ndr_uint32                :cb_total_length
+        prpc_sid                  :user_sid
+        efs_hash_blob_ptr         :certificate_hash
+        ndr_wide_stringz_ptr      :lp_display_information
+      end
+
+      class EncryptionCertificateHashPtr < EncryptionCertificateHash
+        extend Ndr::PointerClassPlugin
+      end
+
+      class EncryptionCertificateHashPtrArrayPtr < Ndr::NdrConfArray
+        default_parameter type: :encryption_certificate_hash_ptr
+        extend Ndr::PointerClassPlugin
+      end
+
+      # [2.2.11 ENCRYPTION_CERTIFICATE_HASH_LIST](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-efsr/2718804c-6ab9-45fd-98cf-541bc3b6bc75)
+      class EncryptionCertificateHashList < BinData::Record
+        endian :little
+        default_parameter byte_align: 4
+
+        uint32                                    :ncert_hash
+        encryption_certificate_hash_ptr_array_ptr :users
+      end
+
+      class EncryptionCertificateHashListPtr < EncryptionCertificateHashList
+        extend Ndr::PointerClassPlugin
+      end
+
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request'
       require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request'
+      require 'ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response'
     end
   end
 end

data/lib/ruby_smb/ntlm/custom/string_encoder.rb

@@ -0,0 +1,22 @@
+require 'net/ntlm'
+
+module RubySMB
+  module NTLM
+    module Custom
+      module StringEncoder
+
+        def self.prepended(base)
+          base.singleton_class.send(:prepend, ClassMethods)
+        end
+
+        module ClassMethods
+          def encode_utf16le(str)
+            str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
+          end
+        end
+      end
+    end
+  end
+end
+
+Net::NTLM::EncodeUtil.send(:prepend, RubySMB::NTLM::Custom::StringEncoder)

data/lib/ruby_smb/ntlm.rb

@@ -1,4 +1,4 @@
-require 'ruby_smb/ntlm/custom/ntlm'
+require 'ruby_smb/ntlm/custom/string_encoder'
 
 module RubySMB
   module NTLM

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.2.4'.freeze
+  VERSION = '3.2.5'.freeze
 end

data/lib/ruby_smb.rb

@@ -6,7 +6,7 @@ require 'openssl/ccm'
 require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
-require 'ruby_smb/ntlm/custom/ntlm'
+require 'ruby_smb/ntlm/custom/string_encoder'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
 #
 # [[MS-SMB] Server Message Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.2.4
+  version: 3.2.5
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
   EknWpNgVhohbot1lfVAMmIhdtOVaRVcQQixWPwprDj/ydB8ryDMDosIMcw+fkoXU
   9GJsSaSRRYQ9UUkVL27b64okU8D48m8=
   -----END CERTIFICATE-----
-date: 2023-01-30 00:00:00.000000000 Z
+date: 2023-03-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -316,10 +316,16 @@ files:
 - lib/ruby_smb/dcerpc/drsr/drs_unbind_request.rb
 - lib/ruby_smb/dcerpc/drsr/drs_unbind_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_decrypt_file_srv_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_request.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_encrypt_file_srv_response.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_request.rb
 - lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_open_file_raw_response.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_recover_agents_response.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_request.rb
+- lib/ruby_smb/dcerpc/encrypting_file_system/efs_rpc_query_users_on_file_response.rb
 - lib/ruby_smb/dcerpc/epm.rb
 - lib/ruby_smb/dcerpc/epm/epm_ept_map_request.rb
 - lib/ruby_smb/dcerpc/epm/epm_ept_map_response.rb
@@ -493,7 +499,7 @@ files:
 - lib/ruby_smb/nbss/session_request.rb
 - lib/ruby_smb/ntlm.rb
 - lib/ruby_smb/ntlm/client.rb
-- lib/ruby_smb/ntlm/custom/ntlm.rb
+- lib/ruby_smb/ntlm/custom/string_encoder.rb
 - lib/ruby_smb/peer_info.rb
 - lib/ruby_smb/server.rb
 - lib/ruby_smb/server/cli.rb

data/lib/ruby_smb/ntlm/custom/ntlm.rb

@@ -1,19 +0,0 @@
-require 'net/ntlm'
-
-module Custom
-  module NTLM
-
-    def self.prepended(base)
-      base.singleton_class.send(:prepend, ClassMethods)
-    end
-
-    module ClassMethods
-      def encode_utf16le(str)
-        str.dup.force_encoding('UTF-8').encode(Encoding::UTF_16LE, Encoding::UTF_8).force_encoding('ASCII-8BIT')
-      end
-    end
-
-  end
-end
-
-Net::NTLM::EncodeUtil.send(:prepend, Custom::NTLM)