RubyGems - ruby_smb - Versions diffs - 3.3.5 → 3.3.7 - Mend

ruby_smb 3.3.5 → 3.3.7

Files changed (24) hide show

checksums.yaml +4 -4
checksums.yaml.gz.sig +0 -0
data/examples/registry_key_security_descriptor.rb +109 -0
data/lib/ruby_smb/client/winreg.rb +12 -0
data/lib/ruby_smb/dcerpc/ndr.rb +16 -6
data/lib/ruby_smb/dcerpc/request.rb +19 -16
data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +1 -1
data/lib/ruby_smb/dcerpc/samr/sampr_domain_info_buffer.rb +151 -0
data/lib/ruby_smb/dcerpc/samr/samr_query_information_domain_request.rb +22 -0
data/lib/ruby_smb/dcerpc/samr/samr_query_information_domain_response.rb +23 -0
data/lib/ruby_smb/dcerpc/samr.rb +42 -1
data/lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +2 -0
data/lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb +26 -0
data/lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb +25 -0
data/lib/ruby_smb/dcerpc/winreg.rb +121 -9
data/lib/ruby_smb/field/security_descriptor.rb +17 -0
data/lib/ruby_smb/version.rb +1 -1
data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +80 -0
data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +267 -18
data.tar.gz.sig +0 -0
metadata +10 -2
metadata.gz.sig +0 -0

data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb CHANGED Viewed

@@ -73,12 +73,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     before :example do
       allow(described_class::OpenKeyRequest).to receive(:new).and_return(openkey_request_packet)
       allow(openkey_request_packet).to receive(:sam_desired).and_return(regsam)
-      allow(regsam).to receive_messages(
-        :read_control=           => nil,
-        :key_query_value=        => nil,
-        :key_enumerate_sub_keys= => nil,
-        :key_notify=             => nil,
-      )
+      allow(regsam).to receive(:maximum_allowed=)
       allow(winreg).to receive(:dcerpc_request).and_return(response)
       allow(described_class::OpenKeyResponse).to receive(:read).and_return(open_key_response)
       allow(open_key_response).to receive_messages(
@@ -94,10 +89,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     it 'sets the expected user rights on the request packet' do
       winreg.open_key(handle, sub_key)
-      expect(regsam).to have_received(:read_control=).with(1)
-      expect(regsam).to have_received(:key_query_value=).with(1)
-      expect(regsam).to have_received(:key_enumerate_sub_keys=).with(1)
-      expect(regsam).to have_received(:key_notify=).with(1)
+      expect(regsam).to have_received(:maximum_allowed=).with(1)
     end
     it 'sends the expected dcerpc request' do
@@ -132,12 +124,13 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
   describe '#query_value' do
     let(:handle)                      { double('Handle') }
     let(:value_name)                  { double('Value Name') }
-    let(:query_value_request_packet) { double('Query Value Request Packet #1') }
-    let(:lp_data)                    { double('LpData #2') }
+    let(:query_value_request_packet)  { double('Query Value Request Packet #1') }
+    let(:lp_data)                     { double('LpData #2') }
     let(:response1)                   { double('Response #1') }
     let(:response2)                   { double('Response #2') }
     let(:query_value_response1)       { double('Query Value Response #1') }
     let(:query_value_response2)       { double('Query Value Response #2') }
+    let(:lp_type)                     { double('Type') }
     let(:data)                        { double('Data') }
     let(:lpcb_data)                   { double('LpcbData') }
     let(:max_count)                   { 5 }
@@ -164,8 +157,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
       allow(described_class::QueryValueResponse).to receive(:read).with(response2).and_return(query_value_response2)
       allow(query_value_response1).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
       allow(query_value_response2).to receive_messages(
-        :error_status => WindowsError::Win32::ERROR_SUCCESS,
-        :data         => data
+        error_status: WindowsError::Win32::ERROR_SUCCESS,
+        lp_type:      lp_type,
+        data:         data
       )
       allow(query_value_response1).to receive(:lpcb_data).and_return(lpcb_data)
       allow(lpcb_data).to receive(:to_i).and_return(max_count)
@@ -234,8 +228,9 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     end
     it 'returns the expected response data' do
-      expect(winreg.query_value(handle, value_name)).to eq(data)
+      expect(winreg.query_value(handle, value_name)).to eq(RubySMB::Dcerpc::Winreg::RegValue.new(lp_type, data))
     end
   end
   describe '#close_key' do
@@ -529,13 +524,14 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     let(:value_name)      { 'registry_value_name' }
     let(:root_key_handle) { double('Root Key Handle') }
     let(:subkey_handle)   { double('Subkey Handle') }
-    let(:value)           { double('Value') }
+    let(:data)            { double('Reg value data') }
+    let(:reg_value)       { RubySMB::Dcerpc::Winreg::RegValue.new(nil, data) }
     before :example do
       allow(winreg).to receive_messages(
         :bind          => nil,
         :open_root_key => root_key_handle,
         :open_key      => subkey_handle,
-        :query_value   => value,
+        :query_value   => reg_value,
         :close_key     => nil
       )
     end
@@ -572,7 +568,7 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
     end
     it 'returns expect registry key value' do
-      expect(winreg.read_registry_key_value(key, value_name)).to eq(value)
+      expect(winreg.read_registry_key_value(key, value_name)).to eq(data)
     end
   end
@@ -864,4 +860,257 @@ RSpec.describe RubySMB::Dcerpc::Winreg do
       end
     end
   end
+  describe '#get_key_security_descriptor' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :get_key_security => nil,
+        :close_key      => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'does not bind a DCERPC connection if #bind argument is false' do
+      winreg.get_key_security_descriptor(key, bind: false)
+      expect(winreg).to_not have_received(:bind)
+    end
+    it 'opens the expected root key' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.get_key_security_descriptor(key)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'calls #get_key_security with the expected arguments' do
+      winreg.get_key_security_descriptor(key)
+      security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
+      expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
+    end
+    context 'with a non-default security informaiton' do
+      it 'calls #get_key_security with the expected arguments' do
+        security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+        winreg.get_key_security_descriptor(key, security_information)
+        expect(winreg).to have_received(:get_key_security).with(subkey_handle, security_information)
+      end
+    end
+  end
+  describe '#get_key_security' do
+    let(:handle)                    { double('Handle') }
+    let(:get_key_security_request)  { double('GetKeySecurity Request') }
+    let(:response)                  {
+      '0000020000100000940000000010000000000000940000000100048078000000880000'\
+      '0000000000140000000200640004000000000214003f000f0001010000000000051200'\
+      '0000000218000000060001020000000000052000000020020000000218000900060001'\
+      '0200000000000520000000200200000002180009000600010200000000000520000000'\
+      '2002000001020000000000052000000020020000010100000000000512000000000000'\
+      '00'.unhexlify
+    }
+    let(:security_descriptor) {
+      '01000480780000008800000000000000140000000200640004000000000214003f000f'\
+      '0001010000000000051200000000021800000006000102000000000005200000002002'\
+      '0000000218000900060001020000000000052000000020020000000218000900060001'\
+      '0200000000000520000000200200000102000000000005200000002002000001010000'\
+      '0000000512000000'.unhexlify
+    }
+    before :example do
+      allow(described_class::GetKeySecurityRequest).to receive(:new).and_return(get_key_security_request)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+    end
+    it 'create the expected GetKeySecurityRequest packet with the default options' do
+      opts = {
+        hkey:                   handle,
+        security_information:   RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
+        prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
+      }
+      winreg.get_key_security(handle)
+      expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'create the expected SaveKeyRequest packet with custom options' do
+      security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+      opts = {
+        hkey:                   handle,
+        security_information:   security_information,
+        prpc_security_descriptor_in: { cb_in_security_descriptor: 4096 }
+      }
+      winreg.get_key_security(handle, security_information)
+      expect(described_class::GetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.get_key_security(handle)
+      expect(winreg).to have_received(:dcerpc_request).with(get_key_security_request)
+    end
+    it 'creates a GetKeySecurityResponse structure from the expected dcerpc response' do
+      expect(described_class::GetKeySecurityResponse).to receive(:read).with(response).and_call_original
+      winreg.get_key_security(handle)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::GetKeySecurityResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
+        expect { winreg.get_key_security(handle) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected security descriptor' do
+      expect(winreg.get_key_security(handle)).to eq(security_descriptor)
+    end
+  end
+  describe '#set_key_security_descriptor' do
+    let(:root_key)                  { 'HKLM' }
+    let(:sub_key)                   { 'my\\sub\\key\\path' }
+    let(:key)                       { "#{root_key}\\#{sub_key}" }
+    let(:security_descriptor)       { 'Security Descriptor' }
+    let(:root_key_handle)           { double('Root Key Handle') }
+    let(:subkey_handle)             { double('Subkey Handle') }
+    before :example do
+      allow(winreg).to receive_messages(
+        :bind           => nil,
+        :open_root_key  => root_key_handle,
+        :open_key       => subkey_handle,
+        :set_key_security => nil,
+        :close_key      => nil
+      )
+    end
+    it 'binds a DCERPC connection to the expected remote endpoint' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:bind).with(endpoint: RubySMB::Dcerpc::Winreg)
+    end
+    it 'does not bind a DCERPC connection if #bind argument is false' do
+      winreg.set_key_security_descriptor(key, security_descriptor, bind: false)
+      expect(winreg).to_not have_received(:bind)
+    end
+    it 'opens the expected root key' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:open_root_key).with(root_key)
+    end
+    it 'opens the expected registry key' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      expect(winreg).to have_received(:open_key).with(root_key_handle, sub_key)
+    end
+    it 'calls #set_key_security with the expected arguments' do
+      winreg.set_key_security_descriptor(key, security_descriptor)
+      security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION
+      expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
+    end
+    context 'with a non-default security informaiton' do
+      it 'calls #get_key_security with the expected arguments' do
+        security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+        winreg.set_key_security_descriptor(key, security_descriptor, security_information)
+        expect(winreg).to have_received(:set_key_security).with(subkey_handle, security_descriptor, security_information)
+      end
+    end
+  end
+  describe '#set_key_security' do
+    let(:handle)                    { double('Handle') }
+    let(:set_key_security_request)  { double('GetKeySecurity Request') }
+    let(:response)                  { '00000000'.unhexlify }
+    let(:security_descriptor) {
+      '0100048014000000240000000000000030000000010200000000000520000000200200'\
+      '0001010000000000051200000002007c0005000000000214003f000f00010100000000'\
+      '0005120000000002180000000600010200000000000520000000200200000002180009'\
+      '0006000102000000000005200000002002000000021800090006000102000000000005'\
+      '2000000020020000000218000900060001020000000000052000000020020000'.unhexlify
+    }
+    before :example do
+      allow(described_class::SetKeySecurityRequest).to receive(:new).and_return(set_key_security_request)
+      allow(winreg).to receive(:dcerpc_request).and_return(response)
+    end
+    it 'create the expected SetKeySecurityRequest packet with the default options' do
+      opts = {
+        hkey: handle,
+        security_information: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION,
+        prpc_security_descriptor: {
+          lp_security_descriptor: security_descriptor.bytes,
+          cb_in_security_descriptor: security_descriptor.size,
+          cb_out_security_descriptor: security_descriptor.size
+        }
+      }
+      winreg.set_key_security(handle, security_descriptor)
+      expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'create the expected SaveKeyRequest packet with custom options' do
+      security_information = RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION
+      opts = {
+        hkey:                   handle,
+        security_information:   security_information,
+        prpc_security_descriptor: {
+          lp_security_descriptor: security_descriptor.bytes,
+          cb_in_security_descriptor: security_descriptor.size,
+          cb_out_security_descriptor: security_descriptor.size
+        }
+      }
+      winreg.set_key_security(handle, security_descriptor, security_information)
+      expect(described_class::SetKeySecurityRequest).to have_received(:new).with(opts)
+    end
+    it 'sends the expected dcerpc request' do
+      winreg.set_key_security(handle, security_descriptor)
+      expect(winreg).to have_received(:dcerpc_request).with(set_key_security_request)
+    end
+    it 'creates a SetKeySecurityResponse structure from the expected dcerpc response' do
+      expect(described_class::SetKeySecurityResponse).to receive(:read).with(response).and_call_original
+      winreg.set_key_security(handle, security_descriptor)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::SetKeySecurityResponse).to receive(:read).and_raise(IOError)
+        expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        response[-4..-1] = [WindowsError::Win32::ERROR_INVALID_DATA.value].pack('V')
+        expect { winreg.set_key_security(handle, security_descriptor) }.to raise_error(RubySMB::Dcerpc::Error::WinregError)
+      end
+    end
+    it 'returns the expected error status' do
+      expect(winreg.set_key_security(handle, security_descriptor)).to eq(WindowsError::Win32::ERROR_SUCCESS)
+    end
+  end
 end

data.tar.gz.sig CHANGED Viewed

Binary file

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ruby_smb
 version: !ruby/object:Gem::Version
-  version: 3.3.5
+  version: 3.3.7
 platform: ruby
 authors:
 - Metasploit Hackers
@@ -38,7 +38,7 @@ cert_chain:
   DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
   Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
   -----END CERTIFICATE-----
-date: 2024-04-12 00:00:00.000000000 Z
+date: 2024-04-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redcarpet
@@ -219,6 +219,7 @@ files:
 - examples/read_file.rb
 - examples/read_file_encryption.rb
 - examples/read_registry_key_value.rb
+- examples/registry_key_security_descriptor.rb
 - examples/rename_file.rb
 - examples/tree_connect.rb
 - examples/virtual_file_server.rb
@@ -309,6 +310,7 @@ files:
 - lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb
 - lib/ruby_smb/dcerpc/samr.rb
 - lib/ruby_smb/dcerpc/samr/rpc_sid.rb
+- lib/ruby_smb/dcerpc/samr/sampr_domain_info_buffer.rb
 - lib/ruby_smb/dcerpc/samr/samr_close_handle_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_close_handle_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_connect_request.rb
@@ -333,6 +335,8 @@ files:
 - lib/ruby_smb/dcerpc/samr/samr_open_domain_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_open_user_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_open_user_response.rb
+- lib/ruby_smb/dcerpc/samr/samr_query_information_domain_request.rb
+- lib/ruby_smb/dcerpc/samr/samr_query_information_domain_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_request.rb
 - lib/ruby_smb/dcerpc/samr/samr_rid_to_sid_response.rb
 - lib/ruby_smb/dcerpc/samr/samr_set_information_user2_request.rb
@@ -372,6 +376,8 @@ files:
 - lib/ruby_smb/dcerpc/winreg/enum_key_response.rb
 - lib/ruby_smb/dcerpc/winreg/enum_value_request.rb
 - lib/ruby_smb/dcerpc/winreg/enum_value_response.rb
+- lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb
+- lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb
 - lib/ruby_smb/dcerpc/winreg/open_key_request.rb
 - lib/ruby_smb/dcerpc/winreg/open_key_response.rb
 - lib/ruby_smb/dcerpc/winreg/open_root_key_request.rb
@@ -383,6 +389,8 @@ files:
 - lib/ruby_smb/dcerpc/winreg/regsam.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_request.rb
 - lib/ruby_smb/dcerpc/winreg/save_key_response.rb
+- lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb
+- lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb
 - lib/ruby_smb/dcerpc/wkssvc.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb
 - lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response.rb

metadata.gz.sig CHANGED Viewed

Binary file