RubyGems - ruby_smb - Versions diffs - 3.3.5 → 3.3.7 - Mend

ruby_smb 3.3.5 → 3.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (24) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/examples/registry_key_security_descriptor.rb +109 -0
data/lib/ruby_smb/client/winreg.rb +12 -0
data/lib/ruby_smb/dcerpc/ndr.rb +16 -6
data/lib/ruby_smb/dcerpc/request.rb +19 -16
data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +1 -1
data/lib/ruby_smb/dcerpc/samr/sampr_domain_info_buffer.rb +151 -0
data/lib/ruby_smb/dcerpc/samr/samr_query_information_domain_request.rb +22 -0
data/lib/ruby_smb/dcerpc/samr/samr_query_information_domain_response.rb +23 -0
data/lib/ruby_smb/dcerpc/samr.rb +42 -1
data/lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +2 -0
data/lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +121 -9
data/lib/ruby_smb/field/security_descriptor.rb +17 -0
data/lib/ruby_smb/version.rb +1 -1
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +80 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +267 -18
data.tar.gz.sig +0 -0
metadata +10 -2
metadata.gz.sig +0 -0

data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb CHANGED Viewed

@@ -73,12 +73,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     before :example do
       allow(described_class::OpenKeyRequest).to receive(:new).and_return(openkey_request_packet)
       allow(openkey_request_packet).to receive(:sam_desired).and_return(regsam)
-      allow(regsam).to receive_messages(
-        :read_control=           => nil,
-        :key_query_value=        => nil,
-        :key_enumerate_sub_keys= => nil,
-        :key_notify=             => nil,
-      )
+      allow(regsam).to receive(:maximum_allowed=)
       allow(winreg).to receive(:dcerpc_request).and_return(response)
       allow(described_class::OpenKeyResponse).to receive(:read).and_return(open_key_response)
       allow(open_key_response).to receive_messages(
@@ -94,10 +89,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     it 'sets the expected user rights on the request packet' do
       winreg.open_key(handle, sub_key)
-      expect(regsam).to have_received(:read_control=).with(1)
-      expect(regsam).to have_received(:key_query_value=).with(1)
-      expect(regsam).to have_received(:key_enumerate_sub_keys=).with(1)
-      expect(regsam).to have_received(:key_notify=).with(1)
+      expect(regsam).to have_received(:maximum_allowed=).with(1)
     end
     it 'sends the expected dcerpc request' do
@@ -132,12 +124,13 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
   describe '#query_value' do
     let(:handle)                      { double('Handle') }
     let(:value_name)                  { double('Value Name') }
-    let(:query_value_request_packet) { double('Query Value Request Packet #1') }
-    let(:lp_data)                    { double('LpData #2') }
+    let(:query_value_request_packet)  { double('Query Value Request Packet #1') }
+    let(:lp_data)                     { double('LpData #2') }
     let(:response1)                   { double('Response #1') }
     let(:response2)                   { double('Response #2') }
     let(:query_value_response1)       { double('Query Value Response #1') }
     let(:query_value_response2)       { double('Query Value Response #2') }
+    let(:lp_type)                     { double('Type') }
     let(:data)                        { double('Data') }
     let(:lpcb_data)                   { double('LpcbData') }
     let(:max_count)                   { 5 }
@@ -164,8 +157,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
       allow(described_class::QueryValueResponse).to receive(:read).with(response2).and_return(query_value_response2)
       allow(query_value_response1).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
       allow(query_value_response2).to receive_messages(
-        :error_status => WindowsError::Win32::ERROR_SUCCESS,
-        :data         => data
+        error_status: WindowsError::Win32::ERROR_SUCCESS,
+        lp_type:      lp_type,
+        data:         data
       )
       allow(query_value_response1).to receive(:lpcb_data).and_return(lpcb_data)
       allow(lpcb_data).to receive(:to_i).and_return(max_count)
@@ -234,8 +228,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     end
     it 'returns the expected response data' do
-      expect(winreg.query_value(handle, value_name)).to eq(data)
+      expect(winreg.query_value(handle, value_name)).to eq(RubySMB::Dcerpc::Winreg::RegValue.new(lp_type, data))
     end
   end
   describe '#close_key' do
@@ -529,13 +524,14 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     let(:value_name)      { 'registry_value_name' }
     let(:root_key_handle) { double('Root Key Handle') }
     let(:subkey_handle)   { double('Subkey Handle') }
-    let(:value)           { double('Value') }
+    let(:data)            { double('Reg value data') }
+    let(:reg_value)       { RubySMB::Dcerpc::Winreg::RegValue.new(nil, data) }
     before :example do
       allow(winreg).to receive_messages(
         :bind          => nil,
         :open_root_key => root_key_handle,
         :open_key      => subkey_handle,
-        :query_value   => value,
+        :query_value   => reg_value,
         :close_key     => nil
       )
     end
@@ -572,7 +568,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     end
     it 'returns expect registry key value' do
-      expect(winreg.read_registry_key_value(key, value_name)).to eq(value)
+      expect(winreg.read_registry_key_value(key, value_name)).to eq(data)
     end
   end
@@ -864,4 +860,257 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
       end
     end
   end
+  describe '#get_key_security_descriptor' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :get_key_security => nil,
+        :close_key      => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'does not bind a DCERPC connection if #bind argument is false' do
+      winreg.get_key_security_descriptor(key, bind: false)
+      expect(winreg).to_not have_received(:bind)
+    end
+    it 'opens the expected root key' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'calls #get_key_security with the expected arguments' do
+      winreg.get_key_security_descriptor(key)
+      security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
+      expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
+    end
+    context 'with a non-default security informaiton' do
+      it 'calls #get_key_security with the expected arguments' do
+        security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+        winreg.get_key_security_descriptor(key, security_information)
+        expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
+      end
+    end
+  end
+  describe '#get_key_security' do
+    let(:handle)                    { double('Handle') }
+    let(:get_key_security_request)  { double('GetKeySecurity Request') }
+    let(:response)                  {
+      '0000020000100000940000000010000000000000940000000100048078000000880000'\
+      '0000000000140000000200640004000000000214003f000f0001010000000000051200'\
+      '0000000218000000060001020000000000052000000020020000000218000900060001'\
+      '0200000000000520000000200200000002180009000600010200000000000520000000'\
+      '2002000001020000000000052000000020020000010100000000000512000000000000'\
+      '00'.unhexlify
+    }
+    let(:security_descriptor) {
+      '01000480780000008800000000000000140000000200640004000000000214003f000f'\
+      '0001010000000000051200000000021800000006000102000000000005200000002002'\
+      '0000000218000900060001020000000000052000000020020000000218000900060001'\
+      '0200000000000520000000200200000102000000000005200000002002000001010000'\
+      '0000000512000000'.unhexlify
+    }
+    before :example do
+      allow(described_class::GetKeySecurityRequest).to receive(:new).and_return(get_key_security_request)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+    end
+    it 'create the expected GetKeySecurityRequest packet with the default options' do
+      opts = {
+        hkey:                   handle,
+        security_information:   RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
+        prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
+      }
+      winreg.get_key_security(handle)
+      expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'create the expected SaveKeyRequest packet with custom options' do
+      security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+      opts = {
+        hkey:                   handle,
+        security_information:   security_information,
+        prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
+      }
+      winreg.get_key_security(handle, security_information)
+      expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.get_key_security(handle)
+      expect(winreg).to have_received(:dcerpc_request).with(get_key_security_request)
+    end
+    it 'creates a GetKeySecurityResponse structure from the expected dcerpc response' do
+      expect(described_class::GetKeySecurityResponse).to receive(:read).with(response).and_call_original
+      winreg.get_key_security(handle)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::GetKeySecurityResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
+        expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected security descriptor' do
+      expect(winreg.get_key_security(handle)).to eq(security_descriptor)
+    end
+  end
+  describe '#set_key_security_descriptor' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:security_descriptor)       { 'Security Descriptor' }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :set_key_security => nil,
+        :close_key      => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'does not bind a DCERPC connection if #bind argument is false' do
+      winreg.set_key_security_descriptor(key, security_descriptor, bind: false)
+      expect(winreg).to_not have_received(:bind)
+    end
+    it 'opens the expected root key' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'calls #set_key_security with the expected arguments' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
+      expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
+    end
+    context 'with a non-default security informaiton' do
+      it 'calls #get_key_security with the expected arguments' do
+        security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+        winreg.set_key_security_descriptor(key, security_descriptor, security_information)
+        expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
+      end
+    end
+  end
+  describe '#set_key_security' do
+    let(:handle)                    { double('Handle') }
+    let(:set_key_security_request)  { double('GetKeySecurity Request') }
+    let(:response)                  { '00000000'.unhexlify }
+    let(:security_descriptor) {
+      '0100048014000000240000000000000030000000010200000000000520000000200200'\
+      '0001010000000000051200000002007c0005000000000214003f000f00010100000000'\
+      '0005120000000002180000000600010200000000000520000000200200000002180009'\
+      '0006000102000000000005200000002002000000021800090006000102000000000005'\
+      '2000000020020000000218000900060001020000000000052000000020020000'.unhexlify
+    }
+    before :example do
+      allow(described_class::SetKeySecurityRequest).to receive(:new).and_return(set_key_security_request)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+    end
+    it 'create the expected SetKeySecurityRequest packet with the default options' do
+      opts = {
+        hkey: handle,
+        security_information: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
+        prpc_security_descriptor: {
+          lp_security_descriptor: security_descriptor.bytes,
+          cb_in_security_descriptor: security_descriptor.size,
+          cb_out_security_descriptor: security_descriptor.size
+        }
+      }
+      winreg.set_key_security(handle, security_descriptor)
+      expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'create the expected SaveKeyRequest packet with custom options' do
+      security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+      opts = {
+        hkey:                   handle,
+        security_information:   security_information,
+        prpc_security_descriptor: {
+          lp_security_descriptor: security_descriptor.bytes,
+          cb_in_security_descriptor: security_descriptor.size,
+          cb_out_security_descriptor: security_descriptor.size
+        }
+      }
+      winreg.set_key_security(handle, security_descriptor, security_information)
+      expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.set_key_security(handle, security_descriptor)
+      expect(winreg).to have_received(:dcerpc_request).with(set_key_security_request)
+    end
+    it 'creates a SetKeySecurityResponse structure from the expected dcerpc response' do
+      expect(described_class::SetKeySecurityResponse).to receive(:read).with(response).and_call_original
+      winreg.set_key_security(handle, security_descriptor)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::SetKeySecurityResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
+        expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected error status' do
+      expect(winreg.set_key_security(handle, security_descriptor)).to eq(WindowsError::Win32::ERROR_SUCCESS)
+    end
+  end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.3.5
+  version: 3.3.7
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -38,7 +38,7 @@ cert_chain:
   DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
   Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
   -----END CERTIFICATE-----
-date: 2024-04-12 00:00:00.000000000 Z
+date: 2024-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -219,6 +219,7 @@ files:
 - examples/read_file.rb
 - examples/read_file_encryption.rb
 - examples/read_registry_key_value.rb
+- examples/registry_key_security_descriptor.rb
 - examples/rename_file.rb
 - examples/tree_connect.rb
 - examples/virtual_file_server.rb
@@ -309,6 +310,7 @@ files:
 - lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb
 - lib/ruby_smb/dcerpc/samr.rb
 - lib/ruby_smb/dcerpc/samr/rpc_sid.rb
+- lib/ruby_smb/dcerpc/samr/sampr_domain_info_buffer.rb
 - lib/ruby_smb/dcerpc/samr/samr_close_handle_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_close_handle_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_connect_request.rb
@@ -333,6 +335,8 @@ files:
 - lib/ruby_smb/dcerpc/samr/samr_open_domain_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_open_user_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_open_user_response.rb
+- lib/ruby_smb/dcerpc/samr/samr_query_information_domain_request.rb
+- lib/ruby_smb/dcerpc/samr/samr_query_information_domain_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request.rb
@@ -372,6 +376,8 @@ files:
 - lib/ruby_smb/dcerpc/winreg/enum_key_response.rb
 - lib/ruby_smb/dcerpc/winreg/enum_value_request.rb
 - lib/ruby_smb/dcerpc/winreg/enum_value_response.rb
+- lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb
+- lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb
 - lib/ruby_smb/dcerpc/winreg/open_key_request.rb
 - lib/ruby_smb/dcerpc/winreg/open_key_response.rb
 - lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb
@@ -383,6 +389,8 @@ files:
 - lib/ruby_smb/dcerpc/winreg/regsam.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_request.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_response.rb
+- lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb
+- lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb
 - lib/ruby_smb/dcerpc/wkssvc.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response.rb

metadata.gz.sig CHANGED Viewed

Binary file