ruby_smb 3.3.5 → 3.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: b89cb4c288acaa9a8a0b92a92051e3d441f8a0221d4fd07d8e450a100e60c9f3
4
- data.tar.gz: '08ea52772ee67282ccc7bc1fd488e6ef7eb486960086c69aa8bff8945c67fe2f'
3
+ metadata.gz: 228afeef84601354373c132ceaa48341ed9f5f4bbab4e625c37d2f2d71864146
4
+ data.tar.gz: 71512d0529ba352d0cc0ee7c27a27e03116d50f31801beed3fd04cb19e73f4ff
5
5
  SHA512:
6
- metadata.gz: 3051889e91d780f88b08bfca39078bd25b00b9e8ef0eabd61e9e22a1636a2d760add5fc6e57b3316a500072ff0029f4c4f0485f3a3c52db80b9626c0458d5e6e
7
- data.tar.gz: 7f212f644989208c3d2d319e90be6bba3796abac64f458d41edcb56423afccf7cca307a88ef2d0eb55ddcd074b9c69d8c1bca2800965644ef01a160ab069c22f
6
+ metadata.gz: 3c7dede328c8d637b9088da518649deba6d758a1093e3591bb0cd9e2f4c458a5c5a82a37640aa14523586aa6e83b61d59d4fab21d3fa33739c47d687367cede3
7
+ data.tar.gz: 6c72f0673379264f71a55935dec05f13f195614c9cd8d6f44935687ab028545e233496ad04f4157a07d1f5f74092fac8dd43f69713d2ac1aeeb7006a12c47e21
checksums.yaml.gz.sig CHANGED
Binary file
@@ -0,0 +1,109 @@
1
+ #!/usr/bin/ruby
2
+
3
+ # This example script is used for testing the Winreg registry key security descriptor functionalities.
4
+ # It will attempt to connect to a host and reads (or writes) the security descriptor of a specified registry key.
5
+ #
6
+ # Example usage:
7
+ # - read:
8
+ # ruby examples/read_registry_key_security.rb --username msfadmin --password msfadmin -i 7 -o r 192.168.172.138 'HKLM\SECURITY\Policy\PolEKList'
9
+ # This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin
10
+ # credentialas and read the security descriptor of the
11
+ # `HKLM\SECURITY\Policy\PolEKList` registry key with the security information 7
12
+ # (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
13
+ # DACL_SECURITY_INFORMATION).
14
+ #
15
+ # - write:
16
+ # ruby examples/read_registry_key_security.rb --username msfadmin --password msfadmin -i 4 --sd 01000480000000000000000000000000140000000200340002000000000214003f000f00010100000000000512000000000218000000060001020000000000052000000020020000 -o w 192.168.172.138 'HKLM\SECURITY\Policy\PolEKList'
17
+ # This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin
18
+ # credentialas and write the given security descriptor to the
19
+ # `HKLM\SECURITY\Policy\PolEKList` registry key with the security information 4
20
+ # (DACL_SECURITY_INFORMATION).
21
+
22
+ require 'bundler/setup'
23
+ require 'optparse'
24
+ require 'ruby_smb'
25
+
26
+ OPERATIONS = %w{read write}
27
+ OPERATION_ALIASES = { "r" => "read", "w" => "write" }
28
+
29
+ args = ARGV.dup
30
+ options = {
31
+ domain: '.',
32
+ username: '',
33
+ password: '',
34
+ smbv1: true,
35
+ smbv2: true,
36
+ smbv3: true,
37
+ target: nil,
38
+ key: nil,
39
+ operation: 'read',
40
+ info: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION | RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION | RubySMB::Field::SecurityDescriptor::DACL_SECURITY_INFORMATION,
41
+ sd: nil
42
+ }
43
+ options[:key] = args.pop
44
+ options[:target ] = args.pop
45
+ optparser = OptionParser.new do |opts|
46
+ opts.banner = "Usage: #{File.basename(__FILE__)} [options] target reg_key"
47
+ opts.on('--[no-]smbv1', "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
48
+ options[:smbv1] = smbv1
49
+ end
50
+ opts.on('--[no-]smbv2', "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
51
+ options[:smbv2] = smbv2
52
+ end
53
+ opts.on('--[no-]smbv3', "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
54
+ options[:smbv3] = smbv3
55
+ end
56
+ opts.on('-u', '--username [USERNAME]', "The account's username (default: #{options[:username]})") do |username|
57
+ if username.include?('\\')
58
+ options[:domain], options[:username] = username.split('\\', 2)
59
+ else
60
+ options[:username] = username
61
+ end
62
+ end
63
+ opts.on('-p', '--password [PASSWORD]', "The account's password (default: #{options[:password]})") do |password|
64
+ options[:password] = password
65
+ end
66
+ operation_list = (OPERATION_ALIASES.keys + OPERATIONS).join(', ')
67
+ opts.on('-o', '--operation OPERATION', OPERATIONS, OPERATION_ALIASES, "The operation to perform on the registry key (default: #{options[:operation]})", "(#{operation_list})") do |operation|
68
+ options[:operation] = operation
69
+ end
70
+ opts.on('-i', '--info [SECURITY INFORMATION]', Integer, "The security information value (default: #{options[:info]})") do |password|
71
+ options[:info] = password
72
+ end
73
+ opts.on('-s', '--sd [SECURITY DESCRIPTOR]', "The security descriptor to write as an hex string") do |sd|
74
+ options[:sd] = sd
75
+ end
76
+ end
77
+ optparser.parse!(args)
78
+
79
+ if options[:target].nil? || options[:key].nil?
80
+ abort(optparser.help)
81
+ end
82
+
83
+ sock = TCPSocket.new options[:target], 445
84
+ dispatcher = RubySMB::Dispatcher::Socket.new(sock)
85
+
86
+ client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
87
+ protocol = client.negotiate
88
+ status = client.authenticate
89
+
90
+ puts "#{protocol}: #{status}"
91
+
92
+ case options[:operation]
93
+ when 'read', 'r'
94
+ puts "Read registry key #{options[:key]} security descriptor with security information #{options[:info]}"
95
+ security_descriptor = client.get_key_security_descriptor(options[:target], options[:key], options[:info])
96
+ puts "Security descriptor: #{security_descriptor.b.bytes.map {|c| "%02x" % c.ord}.join}"
97
+ when 'write', 'w'
98
+ unless options[:sd] && !options[:sd].empty?
99
+ puts "Security descriptor missing"
100
+ abort(optparser.help)
101
+ end
102
+ puts "Write security descriptor #{options[:sd]} to registry key #{options[:key]} with security information #{options[:info]}"
103
+ sd = options[:sd].chars.each_slice(2).map {|c| c.join.to_i(16).chr}.join
104
+ status = client.set_key_security_descriptor(options[:target], options[:key], sd, options[:info])
105
+ puts "Success!"
106
+ end
107
+
108
+ client.disconnect!
109
+
@@ -40,6 +40,18 @@ module RubySMB
40
40
  end
41
41
  end
42
42
 
43
+ def get_key_security_descriptor(host, key, security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION)
44
+ connect_to_winreg(host) do |named_pipe|
45
+ named_pipe.get_key_security_descriptor(key, security_information)
46
+ end
47
+ end
48
+
49
+ def set_key_security_descriptor(host, key, security_descriptor, security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION)
50
+ connect_to_winreg(host) do |named_pipe|
51
+ named_pipe.set_key_security_descriptor(key, security_descriptor, security_information)
52
+ end
53
+ end
54
+
43
55
  end
44
56
  end
45
57
  end
@@ -66,12 +66,16 @@ module RubySMB::Dcerpc::Ndr
66
66
  end
67
67
 
68
68
  # [Integers](https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_02_05)
69
- # This will define the four size Integers accepted by the NDR protocol:
69
+ # This will define the eight Integers accepted by the NDR protocol:
70
+ # - NdrInt8
70
71
  # - NdrUint8
72
+ # - NdrInt16
71
73
  # - NdrUint16
74
+ # - NdrInt32
72
75
  # - NdrUint32
76
+ # - NdrInt64
73
77
  # - NdrUint64
74
- {Uint8: 1, Uint16le: 2, Uint32le: 4, Uint64le: 8}.each do |klass, nb_bytes|
78
+ {Int8: 1, Uint8: 1, Int16le: 2, Uint16le: 2, Int32le: 4, Uint32le: 4, Int64le: 8, Uint64le: 8}.each do |klass, nb_bytes|
75
79
  new_klass_name = "Ndr#{klass.to_s.chomp('le')}"
76
80
  unless self.const_defined?(new_klass_name)
77
81
  new_klass = Class.new(BinData.const_get(klass)) do
@@ -563,8 +567,11 @@ module RubySMB::Dcerpc::Ndr
563
567
  def get_max_count(val)
564
568
  if is_a?(BinData::Stringz)
565
569
  max_count = val.to_s.strip.length
566
- # Only count the terminating NULL byte if the string is not empty
567
- max_count += 1 if max_count > 0
570
+ # Add one to count the terminator. According to
571
+ # https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04_02,
572
+ # the NDR String must contain at least one element, the terminator. So,
573
+ # add one even if it is an empty string.
574
+ max_count += 1
568
575
  return max_count
569
576
  else
570
577
  return val.to_s.length
@@ -618,8 +625,11 @@ module RubySMB::Dcerpc::Ndr
618
625
  def update_actual_count(val)
619
626
  if is_a?(BinData::Stringz)
620
627
  @actual_count = val.to_s.strip.length
621
- # Only count the terminating NULL byte if the string is not empty
622
- @actual_count += 1 if @actual_count > 0
628
+ # Add one to count the terminator. According to
629
+ # https://pubs.opengroup.org/onlinepubs/9629399/chap14.htm#tagcjh_19_03_04,
630
+ # the NDR String must contain at least one element, the terminator. So,
631
+ # add one even if it is an empty string.
632
+ @actual_count += 1
623
633
  else
624
634
  @actual_count = val.to_s.length
625
635
  end
@@ -18,22 +18,24 @@ module RubySMB
18
18
  choice :stub, label: 'Stub', selection: -> { @obj.parent.get_parameter(:endpoint) || '' } do
19
19
  string 'Encrypted'
20
20
  choice 'Winreg', selection: -> { opnum } do
21
- open_root_key_request Winreg::OPEN_HKCR, opnum: Winreg::OPEN_HKCR
22
- open_root_key_request Winreg::OPEN_HKCU, opnum: Winreg::OPEN_HKCU
23
- open_root_key_request Winreg::OPEN_HKLM, opnum: Winreg::OPEN_HKLM
24
- open_root_key_request Winreg::OPEN_HKPD, opnum: Winreg::OPEN_HKPD
25
- open_root_key_request Winreg::OPEN_HKU, opnum: Winreg::OPEN_HKU
26
- open_root_key_request Winreg::OPEN_HKCC, opnum: Winreg::OPEN_HKCC
27
- open_root_key_request Winreg::OPEN_HKPT, opnum: Winreg::OPEN_HKPT
28
- open_root_key_request Winreg::OPEN_HKPN, opnum: Winreg::OPEN_HKPN
29
- close_key_request Winreg::REG_CLOSE_KEY
30
- enum_key_request Winreg::REG_ENUM_KEY
31
- enum_value_request Winreg::REG_ENUM_VALUE
32
- open_key_request Winreg::REG_OPEN_KEY
33
- query_info_key_request Winreg::REG_QUERY_INFO_KEY
34
- query_value_request Winreg::REG_QUERY_VALUE
35
- create_key_request Winreg::REG_CREATE_KEY
36
- save_key_request Winreg::REG_SAVE_KEY
21
+ open_root_key_request Winreg::OPEN_HKCR, opnum: Winreg::OPEN_HKCR
22
+ open_root_key_request Winreg::OPEN_HKCU, opnum: Winreg::OPEN_HKCU
23
+ open_root_key_request Winreg::OPEN_HKLM, opnum: Winreg::OPEN_HKLM
24
+ open_root_key_request Winreg::OPEN_HKPD, opnum: Winreg::OPEN_HKPD
25
+ open_root_key_request Winreg::OPEN_HKU, opnum: Winreg::OPEN_HKU
26
+ open_root_key_request Winreg::OPEN_HKCC, opnum: Winreg::OPEN_HKCC
27
+ open_root_key_request Winreg::OPEN_HKPT, opnum: Winreg::OPEN_HKPT
28
+ open_root_key_request Winreg::OPEN_HKPN, opnum: Winreg::OPEN_HKPN
29
+ close_key_request Winreg::REG_CLOSE_KEY
30
+ enum_key_request Winreg::REG_ENUM_KEY
31
+ enum_value_request Winreg::REG_ENUM_VALUE
32
+ open_key_request Winreg::REG_OPEN_KEY
33
+ query_info_key_request Winreg::REG_QUERY_INFO_KEY
34
+ query_value_request Winreg::REG_QUERY_VALUE
35
+ create_key_request Winreg::REG_CREATE_KEY
36
+ save_key_request Winreg::REG_SAVE_KEY
37
+ get_key_security_request Winreg::REG_GET_KEY_SECURITY
38
+ set_key_security_request Winreg::REG_SET_KEY_SECURITY
37
39
  string :default
38
40
  end
39
41
  choice 'Netlogon', selection: -> { opnum } do
@@ -74,6 +76,7 @@ module RubySMB
74
76
  samr_create_user2_in_domain_request Samr::SAMR_CREATE_USER2_IN_DOMAIN
75
77
  samr_set_information_user2_request Samr::SAMR_SET_INFORMATION_USER2
76
78
  samr_delete_user_request Samr::SAMR_DELETE_USER
79
+ samr_query_information_domain_request Samr::SAMR_QUERY_INFORMATION_DOMAIN
77
80
  string :default
78
81
  end
79
82
  choice 'Wkssvc', selection: -> { opnum } do
@@ -20,7 +20,7 @@ module RubySMB
20
20
  when BinData::Stringz, BinData::String, String
21
21
  self.buffer = val.to_s
22
22
  val_length = val.strip.length
23
- val_length += 1 unless val == ''
23
+ val_length += 1
24
24
  self.buffer_length = val_length * 2
25
25
  self.maximum_length = val_length * 2
26
26
  else
@@ -0,0 +1,151 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Samr
4
+ # [2.2.3.5 DOMAIN_PASSWORD_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/0ae356d8-c220-4706-846e-ebbdc6fabdcb)
5
+ class SamprDomainPasswordInformation < Ndr::NdrStruct
6
+ default_parameters byte_align: 4
7
+ endian :little
8
+
9
+ ndr_uint16 :min_password_length
10
+ ndr_uint16 :password_history_length
11
+ ndr_uint32 :password_properties
12
+ ndr_int64 :max_password_age
13
+ ndr_int64 :min_password_age
14
+ end
15
+
16
+ # [2.2.3.12 SAMPR_DOMAIN_OEM_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/7cbb7ff0-e593-440d-8341-a3435195cdf1)
17
+ class SamprDomainOemInformation < Ndr::NdrStruct
18
+ default_parameters byte_align: 4
19
+ endian :little
20
+
21
+ rpc_unicode_string :oem_information
22
+ end
23
+
24
+ # [2.2.3.7 DOMAIN_SERVER_ROLE_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/cb0e586a-29c8-49b2-8ced-c273a7476c22)
25
+ class SamprDomainServerRoleInformation < Ndr::NdrStruct
26
+ default_parameters byte_align: 4
27
+ endian :little
28
+
29
+ ndr_uint16 :domain_server_role
30
+ end
31
+
32
+ # [2.2.3.15 SAMPR_DOMAIN_LOCKOUT_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/c9d789ed-c54a-4450-be56-251e627e1f52)
33
+ class SamprDomainLockoutInformation < Ndr::NdrStruct
34
+ default_parameters byte_align: 4
35
+ endian :little
36
+
37
+ ndr_uint64 :lockout_duration
38
+ ndr_uint64 :lockout_observation_window
39
+ ndr_uint16 :lockout_threshold
40
+ end
41
+
42
+ # [2.2.3.10 SAMPR_DOMAIN_GENERAL_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/85973e1c-96f2-4c80-8135-b24d74ad7794)
43
+ class SamprDomainGeneralInformation < Ndr::NdrStruct
44
+ default_parameters byte_align: 4
45
+ endian :little
46
+
47
+ ndr_int64 :force_logoff
48
+ rpc_unicode_string :oem_information
49
+ rpc_unicode_string :domain_name
50
+ rpc_unicode_string :replica_source_node_name
51
+ ndr_int64 :domain_modified_count
52
+ ndr_uint32 :domain_server_state
53
+ ndr_uint32 :domain_server_role
54
+ ndr_uint8 :uas_compatibility_required
55
+ ndr_uint32 :user_count
56
+ ndr_uint32 :group_count
57
+ ndr_uint32 :alias_count
58
+ end
59
+
60
+ # [2.2.3.6 DOMAIN_LOGOFF_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6fb0bbea-888c-4353-b5f8-75e7862344be)
61
+ class SamprDomainLogoffInformation < Ndr::NdrStruct
62
+ default_parameters byte_align: 4
63
+ endian :little
64
+
65
+ ndr_int64 :force_logoff
66
+ end
67
+
68
+ # [2.2.3.13 SAMPR_DOMAIN_NAME_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/5131d2c0-04c7-4c1b-8fd5-0b0b6cfa6c24)
69
+ class SamprDomainNameInformation < Ndr::NdrStruct
70
+ default_parameters byte_align: 4
71
+ endian :little
72
+
73
+ rpc_unicode_string :domain_name
74
+ end
75
+
76
+ # [2.2.3.8 DOMAIN_MODIFIED_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/e1da9680-8968-423b-98c0-fbdcf1535ef9)
77
+ class SamprDomainModifiedInformation < Ndr::NdrStruct
78
+ default_parameters byte_align: 4
79
+ endian :little
80
+
81
+ ndr_int64 :domain_modified_count
82
+ ndr_int64 :creation_time
83
+ end
84
+
85
+ # [2.2.3.9 DOMAIN_MODIFIED_INFORMATION2](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/47eea81b-5fee-4925-b5c1-fc594dcc8dff)
86
+ class SamprDomainModifiedInformation2 < Ndr::NdrStruct
87
+ default_parameters byte_align: 4
88
+ endian :little
89
+
90
+ ndr_int64 :domain_modified_count
91
+ ndr_int64 :creation_time
92
+ ndr_int64 :modified_count_at_last_promotion
93
+ end
94
+
95
+ # [2.2.3.3 DOMAIN_STATE_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/f224edcf-8d4e-4294-b0c3-b0eda384c402)
96
+ class SamprDomainStateInformation < Ndr::NdrStruct
97
+ default_parameters byte_align: 4
98
+ endian :little
99
+
100
+ ndr_uint16 :domain_server_state
101
+ end
102
+
103
+ # [2.2.3.11 SAMPR_DOMAIN_GENERAL_INFORMATION2](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/9a663cf2-0923-4959-b2c5-2e25c19735ff)
104
+ class SamprDomainGeneralInformation2 < Ndr::NdrStruct
105
+ default_parameters byte_align: 4
106
+ endian :little
107
+
108
+ sampr_domain_general_information :i1
109
+ ndr_uint64 :lockout_duration
110
+ ndr_uint64 :lockout_observation_window
111
+ ndr_uint16 :lockout_threshold
112
+ end
113
+
114
+ # [2.2.3.14 SAMPR_DOMAIN_REPLICATION_INFORMATION](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/c9293797-e11d-4098-be12-bf9e1de91f20)
115
+ class SamprDomainReplicationInformation < Ndr::NdrStruct
116
+ default_parameters byte_align: 4
117
+ endian :little
118
+
119
+ rpc_unicode_string :replica_node_name
120
+ end
121
+
122
+ # [2.2.3.17 SAMPR_DOMAIN_INFO_BUFFER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/1adc2142-dbb8-4554-aa24-010c713698bf)
123
+ class SamprDomainInfoBuffer < BinData::Record
124
+ default_parameters byte_align: 4
125
+ endian :little
126
+
127
+ uint16 :info_class
128
+ skip length: 2
129
+
130
+ choice :buffer, selection: :info_class do
131
+ sampr_domain_password_information DOMAIN_PASSWORD_INFORMATION
132
+ sampr_domain_oem_information DOMAIN_OEM_INFORMATION
133
+ sampr_domain_server_role_information DOMAIN_SERVER_ROLE_INFORMATION
134
+ sampr_domain_lockout_information DOMAIN_LOCKOUT_INFORMATION
135
+ sampr_domain_logoff_information DOMAIN_LOGOFF_INFORMATION
136
+ sampr_domain_general_information DOMAIN_GENERAL_INFORMATION
137
+ sampr_domain_name_information DOMAIN_NAME_INFORMATION
138
+ sampr_domain_modified_information DOMAIN_MODIFIED_INFORMATION
139
+ sampr_domain_modified_information2 DOMAIN_MODIFIED_INFORMATION2
140
+ sampr_domain_state_information DOMAIN_STATE_INFORMATION
141
+ sampr_domain_general_information2 DOMAIN_GENERAL_INFORMATION2
142
+ sampr_domain_replication_information DOMAIN_REPLICATION_INFORMATION
143
+ end
144
+ end
145
+
146
+ class PsamprDomainInfoBuffer < SamprDomainInfoBuffer
147
+ extend Ndr::PointerClassPlugin
148
+ end
149
+ end
150
+ end
151
+ end
@@ -0,0 +1,22 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Samr
4
+
5
+ # [3.1.5.5.2 SamrQueryInformationDomain (Opnum 8)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/5d6a2817-caa9-41ca-a269-fd13ecbb4fa8)
6
+ class SamrQueryInformationDomainRequest < BinData::Record
7
+ attr_reader :opnum
8
+
9
+ endian :little
10
+
11
+ sampr_handle :domain_handle
12
+ ndr_uint16 :domain_information_class
13
+
14
+ def initialize_instance
15
+ super
16
+ @opnum = SAMR_QUERY_INFORMATION_DOMAIN
17
+ end
18
+ end
19
+
20
+ end
21
+ end
22
+ end
@@ -0,0 +1,23 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Samr
4
+
5
+ # [3.1.5.5.2 SamrQueryInformationDomain (Opnum 8)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/5d6a2817-caa9-41ca-a269-fd13ecbb4fa8)
6
+ class SamrQueryInformationDomainResponse < BinData::Record
7
+ attr_reader :opnum
8
+
9
+ endian :little
10
+
11
+ psampr_domain_info_buffer :buffer
12
+ ndr_uint32 :error_status
13
+
14
+ def initialize_instance
15
+ super
16
+ @opnum = SAMR_QUERY_INFORMATION_DOMAIN
17
+ end
18
+ end
19
+
20
+ end
21
+ end
22
+ end
23
+
@@ -16,6 +16,7 @@ module RubySMB
16
16
  SAMR_LOOKUP_DOMAIN_IN_SAM_SERVER = 0x0005
17
17
  SAMR_ENUMERATE_DOMAINS_IN_SAM_SERVER = 0x0006
18
18
  SAMR_OPEN_DOMAIN = 0x0007
19
+ SAMR_QUERY_INFORMATION_DOMAIN = 0x0008
19
20
  SAMR_ENUMERATE_USERS_IN_DOMAIN = 0x000D
20
21
  SAMR_GET_ALIAS_MEMBERSHIP = 0x0010
21
22
  SAMR_LOOKUP_NAMES_IN_DOMAIN = 0x0011
@@ -139,6 +140,20 @@ module RubySMB
139
140
  USER_ALL_SECURITYDESCRIPTOR = 0x10000000
140
141
  USER_ALL_UNDEFINED_MASK = 0xC0000000
141
142
 
143
+ # [2.2.3.16 DOMAIN_INFORMATION_CLASS Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6b0dff90-5ac0-429a-93aa-150334adabf6)
144
+ DOMAIN_PASSWORD_INFORMATION = 1
145
+ DOMAIN_GENERAL_INFORMATION = 2
146
+ DOMAIN_LOGOFF_INFORMATION = 3
147
+ DOMAIN_OEM_INFORMATION = 4
148
+ DOMAIN_NAME_INFORMATION = 5
149
+ DOMAIN_REPLICATION_INFORMATION = 6
150
+ DOMAIN_SERVER_ROLE_INFORMATION = 7
151
+ DOMAIN_MODIFIED_INFORMATION = 8
152
+ DOMAIN_STATE_INFORMATION = 9
153
+ DOMAIN_GENERAL_INFORMATION2 = 11
154
+ DOMAIN_LOCKOUT_INFORMATION = 12
155
+ DOMAIN_MODIFIED_INFORMATION2 = 13
156
+
142
157
  # [2.2.6.28 USER_INFORMATION_CLASS Values](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/6b0dff90-5ac0-429a-93aa-150334adabf6)
143
158
  USER_GENERAL_INFORMATION = 1
144
159
  USER_PREFERENCES_INFORMATION = 2
@@ -474,6 +489,7 @@ module RubySMB
474
489
  end
475
490
 
476
491
  require 'ruby_smb/dcerpc/samr/rpc_sid'
492
+ require 'ruby_smb/dcerpc/samr/sampr_domain_info_buffer'
477
493
 
478
494
  require 'ruby_smb/dcerpc/samr/samr_connect_request'
479
495
  require 'ruby_smb/dcerpc/samr/samr_connect_response'
@@ -503,6 +519,8 @@ module RubySMB
503
519
  require 'ruby_smb/dcerpc/samr/samr_set_information_user2_response'
504
520
  require 'ruby_smb/dcerpc/samr/samr_delete_user_request'
505
521
  require 'ruby_smb/dcerpc/samr/samr_delete_user_response'
522
+ require 'ruby_smb/dcerpc/samr/samr_query_information_domain_request'
523
+ require 'ruby_smb/dcerpc/samr/samr_query_information_domain_response'
506
524
 
507
525
  # Returns a handle to a server object.
508
526
  #
@@ -979,7 +997,30 @@ module RubySMB
979
997
  samr_get_groups_for_user_reponse.groups.groups.to_ary
980
998
  end
981
999
 
1000
+ # Returns domain information.
1001
+ #
1002
+ # @param domain_handle [RubySMB::Dcerpc::Samr::SamprHandle] An RPC context
1003
+ # representing a domain object
1004
+ # @param info_class [Integer] The class of information to retrieve
1005
+ # @return [BinData::Choice] The requested information.
1006
+ def samr_query_information_domain(domain_handle:, info_class:)
1007
+ samr_request = SamrQueryInformationDomainRequest.new(
1008
+ domain_handle: domain_handle,
1009
+ domain_information_class: info_class
1010
+ )
1011
+ response = dcerpc_request(samr_request)
1012
+ begin
1013
+ samr_response = SamrQueryInformationDomainResponse.read(response)
1014
+ rescue IOError
1015
+ raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading SamrQueryInformationDomainResponse'
1016
+ end
1017
+ unless samr_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
1018
+ raise RubySMB::Dcerpc::Error::SamrError,
1019
+ "Error returned while querying domain information: "\
1020
+ "#{WindowsError::NTStatus.find_by_retval(samr_response.error_status.value).join(',')}"
1021
+ end
1022
+ samr_response.buffer.buffer
1023
+ end
982
1024
  end
983
1025
  end
984
1026
  end
985
-
@@ -0,0 +1,26 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Winreg
4
+
5
+ # This class represents a GetKeySecurity Request Packet as defined in
6
+ # [3.1.5.13 BaseRegGetKeySecurity (Opnum 12)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/b0e1868c-f4fd-4b43-959f-c0f0cac3ee26)
7
+ class GetKeySecurityRequest < BinData::Record
8
+ attr_reader :opnum
9
+
10
+ endian :little
11
+
12
+ rpc_hkey :hkey
13
+ uint32 :security_information
14
+ rpc_security_descriptor :prpc_security_descriptor_in
15
+
16
+ def initialize_instance
17
+ super
18
+ @opnum = REG_GET_KEY_SECURITY
19
+ end
20
+ end
21
+
22
+ end
23
+ end
24
+ end
25
+
26
+
@@ -0,0 +1,26 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Winreg
4
+
5
+ # This class represents a GetKeySecurity Response Packet as defined in
6
+ # [3.1.5.13 BaseRegGetKeySecurity (Opnum 12)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/b0e1868c-f4fd-4b43-959f-c0f0cac3ee26)
7
+ class GetKeySecurityResponse < BinData::Record
8
+ attr_reader :opnum
9
+
10
+ endian :little
11
+
12
+ rpc_security_descriptor :prpc_security_descriptor_out
13
+ ndr_uint32 :error_status
14
+
15
+ def initialize_instance
16
+ super
17
+ @opnum = REG_GET_KEY_SECURITY
18
+ end
19
+ end
20
+
21
+ end
22
+ end
23
+ end
24
+
25
+
26
+
@@ -25,6 +25,8 @@ module RubySMB
25
25
  def data
26
26
  bytes = lp_data.to_a.pack('C*')
27
27
  case lp_type
28
+ when 0 # 0 is undefined type, let's consider an array of bytes
29
+ bytes
28
30
  when 1,2
29
31
  bytes.force_encoding('utf-16le').strip
30
32
  when 3
@@ -0,0 +1,26 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Winreg
4
+
5
+ # This class represents a SetKeySecurity Request Packet as defined in
6
+ # [3.1.5.21 BaseRegSetKeySecurity (Opnum 21)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/da18856c-8a6d-4217-8e93-3625865e562c)
7
+ class SetKeySecurityRequest < BinData::Record
8
+ attr_reader :opnum
9
+
10
+ endian :little
11
+
12
+ rpc_hkey :hkey
13
+ uint32 :security_information
14
+ rpc_security_descriptor :prpc_security_descriptor
15
+
16
+ def initialize_instance
17
+ super
18
+ @opnum = REG_SET_KEY_SECURITY
19
+ end
20
+ end
21
+
22
+ end
23
+ end
24
+ end
25
+
26
+
@@ -0,0 +1,25 @@
1
+ module RubySMB
2
+ module Dcerpc
3
+ module Winreg
4
+
5
+ # This class represents a SetKeySecurity Response Packet as defined in
6
+ # [3.1.5.21 BaseRegSetKeySecurity (Opnum 21)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-rrp/da18856c-8a6d-4217-8e93-3625865e562c)
7
+ class SetKeySecurityResponse < BinData::Record
8
+ attr_reader :opnum
9
+
10
+ endian :little
11
+
12
+ ndr_uint32 :error_status
13
+
14
+ def initialize_instance
15
+ super
16
+ @opnum = REG_SET_KEY_SECURITY
17
+ end
18
+ end
19
+
20
+ end
21
+ end
22
+ end
23
+
24
+
25
+