ruby_smb 3.3.6 → 3.3.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data/README.md +14 -0
- data/examples/registry_key_security_descriptor.rb +109 -0
- data/lib/ruby_smb/client/winreg.rb +12 -0
- data/lib/ruby_smb/dcerpc/error.rb +3 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb +22 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb +24 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb +23 -0
- data/lib/ruby_smb/dcerpc/lsarpc.rb +634 -2
- data/lib/ruby_smb/dcerpc/ndr.rb +10 -4
- data/lib/ruby_smb/dcerpc/request.rb +26 -16
- data/lib/ruby_smb/dcerpc/rrp_rpc_unicode_string.rb +1 -1
- data/lib/ruby_smb/dcerpc/samr/rpc_sid.rb +1 -1
- data/lib/ruby_smb/dcerpc/winreg/get_key_security_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/get_key_security_response.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/query_value_response.rb +2 -0
- data/lib/ruby_smb/dcerpc/winreg/set_key_security_request.rb +26 -0
- data/lib/ruby_smb/dcerpc/winreg/set_key_security_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/winreg.rb +121 -9
- data/lib/ruby_smb/field/security_descriptor.rb +17 -0
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request_spec.rb +40 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request_spec.rb +69 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response_spec.rb +56 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request_spec.rb +68 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response_spec.rb +45 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request_spec.rb +47 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response_spec.rb +54 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request_spec.rb +46 -0
- data/spec/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response_spec.rb +53 -0
- data/spec/lib/ruby_smb/dcerpc/ndr_spec.rb +80 -0
- data/spec/lib/ruby_smb/dcerpc/winreg_spec.rb +267 -18
- data.tar.gz.sig +0 -0
- metadata +44 -3
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 25bedacb57d3950d1ee6f3bbf731007c4e1f0bd2b8e3f38582679a5cd867793f
|
4
|
+
data.tar.gz: 1369c85136ad8336371ee55c1f8d90f0e85001b2c0d9e01e46b87e9b382ded16
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 66d3566b68b64d0dc2ff8f58b373d8b6026b4980fcccb4b24c6263f59376373dadbc0b52c531ba5c212b255937d34dd281ce827eec111d0e7ef0b1a6dd5973f1
|
7
|
+
data.tar.gz: 8cee7210c06f8e603342b69706c2779f3e9fef2d46146505154b00bc91d6cc7dbad37735e5e6ae4ac6fac256b0ba6eaf3dda15185c161e992a12bab3b3a91bb1
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data/README.md
CHANGED
@@ -286,6 +286,20 @@ Configure Wireshark in Debian-based systems to be able to capture traffic withou
|
|
286
286
|
- `sudo python setup.py install`
|
287
287
|
- `cd examples && python smbclient.py <USER>:<PASS>@<WINDOWS HOST IP>`
|
288
288
|
|
289
|
+
### Microsoft Network Monitor
|
290
|
+
|
291
|
+
In situations where WireShark reports some requests/responses as malformed (not parsed correctly),
|
292
|
+
[Microsoft Network Monitor](https://www.microsoft.com/en-us/download/details.aspx?id=4865) can be used instead.
|
293
|
+
For example, the `LookupSids` response is not parsed correctly by WireShark, whereas it is by this tool.
|
294
|
+
|
295
|
+
This software can be installed on a Windows machine:
|
296
|
+
|
297
|
+
- Download & install the software
|
298
|
+
- Open it
|
299
|
+
- Click the `Start` button (or press F5) present at the top bar
|
300
|
+
|
301
|
+
The SMB requests will be present under `All Traffic -> My Traffic -> System (4)`.
|
302
|
+
|
289
303
|
## License
|
290
304
|
|
291
305
|
`ruby_smb` is released under a 3-clause BSD license. See [LICENSE.txt](LICENSE.txt) for full text.
|
@@ -0,0 +1,109 @@
|
|
1
|
+
#!/usr/bin/ruby
|
2
|
+
|
3
|
+
# This example script is used for testing the Winreg registry key security descriptor functionalities.
|
4
|
+
# It will attempt to connect to a host and reads (or writes) the security descriptor of a specified registry key.
|
5
|
+
#
|
6
|
+
# Example usage:
|
7
|
+
# - read:
|
8
|
+
# ruby examples/read_registry_key_security.rb --username msfadmin --password msfadmin -i 7 -o r 192.168.172.138 'HKLM\SECURITY\Policy\PolEKList'
|
9
|
+
# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin
|
10
|
+
# credentialas and read the security descriptor of the
|
11
|
+
# `HKLM\SECURITY\Policy\PolEKList` registry key with the security information 7
|
12
|
+
# (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
|
13
|
+
# DACL_SECURITY_INFORMATION).
|
14
|
+
#
|
15
|
+
# - write:
|
16
|
+
# ruby examples/read_registry_key_security.rb --username msfadmin --password msfadmin -i 4 --sd 01000480000000000000000000000000140000000200340002000000000214003f000f00010100000000000512000000000218000000060001020000000000052000000020020000 -o w 192.168.172.138 'HKLM\SECURITY\Policy\PolEKList'
|
17
|
+
# This will try to connect to \\192.168.172.138 with the msfadmin:msfadmin
|
18
|
+
# credentialas and write the given security descriptor to the
|
19
|
+
# `HKLM\SECURITY\Policy\PolEKList` registry key with the security information 4
|
20
|
+
# (DACL_SECURITY_INFORMATION).
|
21
|
+
|
22
|
+
require 'bundler/setup'
|
23
|
+
require 'optparse'
|
24
|
+
require 'ruby_smb'
|
25
|
+
|
26
|
+
OPERATIONS = %w{read write}
|
27
|
+
OPERATION_ALIASES = { "r" => "read", "w" => "write" }
|
28
|
+
|
29
|
+
args = ARGV.dup
|
30
|
+
options = {
|
31
|
+
domain: '.',
|
32
|
+
username: '',
|
33
|
+
password: '',
|
34
|
+
smbv1: true,
|
35
|
+
smbv2: true,
|
36
|
+
smbv3: true,
|
37
|
+
target: nil,
|
38
|
+
key: nil,
|
39
|
+
operation: 'read',
|
40
|
+
info: RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION | RubySMB::Field::SecurityDescriptor::GROUP_SECURITY_INFORMATION | RubySMB::Field::SecurityDescriptor::DACL_SECURITY_INFORMATION,
|
41
|
+
sd: nil
|
42
|
+
}
|
43
|
+
options[:key] = args.pop
|
44
|
+
options[:target ] = args.pop
|
45
|
+
optparser = OptionParser.new do |opts|
|
46
|
+
opts.banner = "Usage: #{File.basename(__FILE__)} [options] target reg_key"
|
47
|
+
opts.on('--[no-]smbv1', "Enable or disable SMBv1 (default: #{options[:smbv1] ? 'Enabled' : 'Disabled'})") do |smbv1|
|
48
|
+
options[:smbv1] = smbv1
|
49
|
+
end
|
50
|
+
opts.on('--[no-]smbv2', "Enable or disable SMBv2 (default: #{options[:smbv2] ? 'Enabled' : 'Disabled'})") do |smbv2|
|
51
|
+
options[:smbv2] = smbv2
|
52
|
+
end
|
53
|
+
opts.on('--[no-]smbv3', "Enable or disable SMBv3 (default: #{options[:smbv3] ? 'Enabled' : 'Disabled'})") do |smbv3|
|
54
|
+
options[:smbv3] = smbv3
|
55
|
+
end
|
56
|
+
opts.on('-u', '--username [USERNAME]', "The account's username (default: #{options[:username]})") do |username|
|
57
|
+
if username.include?('\\')
|
58
|
+
options[:domain], options[:username] = username.split('\\', 2)
|
59
|
+
else
|
60
|
+
options[:username] = username
|
61
|
+
end
|
62
|
+
end
|
63
|
+
opts.on('-p', '--password [PASSWORD]', "The account's password (default: #{options[:password]})") do |password|
|
64
|
+
options[:password] = password
|
65
|
+
end
|
66
|
+
operation_list = (OPERATION_ALIASES.keys + OPERATIONS).join(', ')
|
67
|
+
opts.on('-o', '--operation OPERATION', OPERATIONS, OPERATION_ALIASES, "The operation to perform on the registry key (default: #{options[:operation]})", "(#{operation_list})") do |operation|
|
68
|
+
options[:operation] = operation
|
69
|
+
end
|
70
|
+
opts.on('-i', '--info [SECURITY INFORMATION]', Integer, "The security information value (default: #{options[:info]})") do |password|
|
71
|
+
options[:info] = password
|
72
|
+
end
|
73
|
+
opts.on('-s', '--sd [SECURITY DESCRIPTOR]', "The security descriptor to write as an hex string") do |sd|
|
74
|
+
options[:sd] = sd
|
75
|
+
end
|
76
|
+
end
|
77
|
+
optparser.parse!(args)
|
78
|
+
|
79
|
+
if options[:target].nil? || options[:key].nil?
|
80
|
+
abort(optparser.help)
|
81
|
+
end
|
82
|
+
|
83
|
+
sock = TCPSocket.new options[:target], 445
|
84
|
+
dispatcher = RubySMB::Dispatcher::Socket.new(sock)
|
85
|
+
|
86
|
+
client = RubySMB::Client.new(dispatcher, smb1: options[:smbv1], smb2: options[:smbv2], smb3: options[:smbv3], username: options[:username], password: options[:password], domain: options[:domain])
|
87
|
+
protocol = client.negotiate
|
88
|
+
status = client.authenticate
|
89
|
+
|
90
|
+
puts "#{protocol}: #{status}"
|
91
|
+
|
92
|
+
case options[:operation]
|
93
|
+
when 'read', 'r'
|
94
|
+
puts "Read registry key #{options[:key]} security descriptor with security information #{options[:info]}"
|
95
|
+
security_descriptor = client.get_key_security_descriptor(options[:target], options[:key], options[:info])
|
96
|
+
puts "Security descriptor: #{security_descriptor.b.bytes.map {|c| "%02x" % c.ord}.join}"
|
97
|
+
when 'write', 'w'
|
98
|
+
unless options[:sd] && !options[:sd].empty?
|
99
|
+
puts "Security descriptor missing"
|
100
|
+
abort(optparser.help)
|
101
|
+
end
|
102
|
+
puts "Write security descriptor #{options[:sd]} to registry key #{options[:key]} with security information #{options[:info]}"
|
103
|
+
sd = options[:sd].chars.each_slice(2).map {|c| c.join.to_i(16).chr}.join
|
104
|
+
status = client.set_key_security_descriptor(options[:target], options[:key], sd, options[:info])
|
105
|
+
puts "Success!"
|
106
|
+
end
|
107
|
+
|
108
|
+
client.disconnect!
|
109
|
+
|
@@ -40,6 +40,18 @@ module RubySMB
|
|
40
40
|
end
|
41
41
|
end
|
42
42
|
|
43
|
+
def get_key_security_descriptor(host, key, security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION)
|
44
|
+
connect_to_winreg(host) do |named_pipe|
|
45
|
+
named_pipe.get_key_security_descriptor(key, security_information)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def set_key_security_descriptor(host, key, security_descriptor, security_information = RubySMB::Field::SecurityDescriptor::OWNER_SECURITY_INFORMATION)
|
50
|
+
connect_to_winreg(host) do |named_pipe|
|
51
|
+
named_pipe.set_key_security_descriptor(key, security_descriptor, security_information)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
43
55
|
end
|
44
56
|
end
|
45
57
|
end
|
@@ -47,6 +47,9 @@ module RubySMB
|
|
47
47
|
# Raised when an error is returned during a Epm operation
|
48
48
|
class EpmError < DcerpcError; end
|
49
49
|
|
50
|
+
# Raised when an error is returned during an LSARPC operation
|
51
|
+
class LsarpcError < DcerpcError; end
|
52
|
+
|
50
53
|
# Raised when an error is returned during a Dfsnm operation
|
51
54
|
class DfsnmError < DcerpcError
|
52
55
|
include RubySMB::Error::UnexpectedStatusCode::Mixin
|
@@ -0,0 +1,22 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarClose Request Packet as defined in
|
6
|
+
# [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
|
7
|
+
class LsarCloseHandleRequest < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
|
14
|
+
def initialize_instance
|
15
|
+
super
|
16
|
+
@opnum = LSAR_CLOSE_HANDLE
|
17
|
+
end
|
18
|
+
end
|
19
|
+
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarClose Response Packet as defined in
|
6
|
+
# [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
|
7
|
+
class LsarCloseHandleResponse < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
ndr_uint32 :error_status
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_CLOSE_HANDLE
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarLookupSids Request Packet as defined in
|
6
|
+
# [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
|
7
|
+
class LsarLookupSidsRequest < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
lsapr_sid_enum_buffer :sid_enum_buffer
|
14
|
+
lsapr_translated_names :translated_names
|
15
|
+
ndr_uint16 :lookup_level
|
16
|
+
ndr_uint32 :mapped_count
|
17
|
+
|
18
|
+
def initialize_instance
|
19
|
+
super
|
20
|
+
@opnum = LSAR_LOOKUP_SIDS
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarLookupSids Response Packet as defined in
|
6
|
+
# [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
|
7
|
+
class LsarLookupSidsResponse < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_referenced_domain_list_ptr :referenced_domains
|
13
|
+
lsapr_translated_names :translated_names
|
14
|
+
ndr_uint32 :mapped_count
|
15
|
+
ndr_uint32 :error_status
|
16
|
+
|
17
|
+
def initialize_instance
|
18
|
+
super
|
19
|
+
@opnum = LSAR_LOOKUP_SIDS
|
20
|
+
end
|
21
|
+
end
|
22
|
+
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarOpenPolicy2 Request Packet as defined in
|
6
|
+
# [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
|
7
|
+
class LsarOpenPolicy2Request < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
ndr_wide_stringz_ptr :system_name
|
13
|
+
lsapr_object_attributes :object_attributes
|
14
|
+
ndr_uint32 :access_mask
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = LSAR_OPEN_POLICY2
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarOpenPolicy2 Response Packet as defined in
|
6
|
+
# [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
|
7
|
+
class LsarOpenPolicy2Response < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
ndr_uint32 :error_status
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_OPEN_POLICY2
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarOpenPolicy Request Packet as defined in
|
6
|
+
# [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
|
7
|
+
class LsarOpenPolicyRequest < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
ndr_wide_string_ptr :system_name
|
13
|
+
lsapr_object_attributes :object_attributes
|
14
|
+
ndr_uint32 :access_mask
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = LSAR_OPEN_POLICY
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarOpenPolicy Response Packet as defined in
|
6
|
+
# [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
|
7
|
+
class LsarOpenPolicyResponse < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
ndr_uint32 :error_status
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_OPEN_POLICY
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarQueryInformationPolicy2 Request Packet as defined in
|
6
|
+
# [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
|
7
|
+
class LsarQueryInformationPolicy2Request < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
ndr_uint32 :information_class
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_QUERY_INFORMATION_POLICY2
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarQueryInformationPolicy2 Response Packet as defined in
|
6
|
+
# [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
|
7
|
+
class LsarQueryInformationPolicy2Response < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_policy_information_ptr :policy_information
|
13
|
+
ndr_uint32 :error_status
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_QUERY_INFORMATION_POLICY2
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarQueryInformationPolicy Request Packet as defined in
|
6
|
+
# [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
|
7
|
+
class LsarQueryInformationPolicyRequest < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_handle :policy_handle
|
13
|
+
ndr_uint32 :information_class
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_QUERY_INFORMATION_POLICY
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
@@ -0,0 +1,23 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Lsarpc
|
4
|
+
|
5
|
+
# This class represents a LsarQueryInformationPolicy Response Packet as defined in
|
6
|
+
# [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
|
7
|
+
class LsarQueryInformationPolicyResponse < BinData::Record
|
8
|
+
attr_reader :opnum
|
9
|
+
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
lsapr_policy_information_ptr :policy_information
|
13
|
+
ndr_uint32 :error_status
|
14
|
+
|
15
|
+
def initialize_instance
|
16
|
+
super
|
17
|
+
@opnum = LSAR_QUERY_INFORMATION_POLICY
|
18
|
+
end
|
19
|
+
end
|
20
|
+
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|