RubyGems - ruby_smb - Versions diffs - 3.3.7 → 3.3.8 - Mend

ruby_smb 3.3.7 → 3.3.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (35) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 228afeef84601354373c132ceaa48341ed9f5f4bbab4e625c37d2f2d71864146
-  data.tar.gz: 71512d0529ba352d0cc0ee7c27a27e03116d50f31801beed3fd04cb19e73f4ff
+  metadata.gz: 25bedacb57d3950d1ee6f3bbf731007c4e1f0bd2b8e3f38582679a5cd867793f
+  data.tar.gz: 1369c85136ad8336371ee55c1f8d90f0e85001b2c0d9e01e46b87e9b382ded16
 SHA512:
-  metadata.gz: 3c7dede328c8d637b9088da518649deba6d758a1093e3591bb0cd9e2f4c458a5c5a82a37640aa14523586aa6e83b61d59d4fab21d3fa33739c47d687367cede3
-  data.tar.gz: 6c72f0673379264f71a55935dec05f13f195614c9cd8d6f44935687ab028545e233496ad04f4157a07d1f5f74092fac8dd43f69713d2ac1aeeb7006a12c47e21
+  metadata.gz: 66d3566b68b64d0dc2ff8f58b373d8b6026b4980fcccb4b24c6263f59376373dadbc0b52c531ba5c212b255937d34dd281ce827eec111d0e7ef0b1a6dd5973f1
+  data.tar.gz: 8cee7210c06f8e603342b69706c2779f3e9fef2d46146505154b00bc91d6cc7dbad37735e5e6ae4ac6fac256b0ba6eaf3dda15185c161e992a12bab3b3a91bb1

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/README.md CHANGED Viewed

@@ -286,6 +286,20 @@ Configure Wireshark in Debian-based systems to be able to capture traffic withou
 - `sudo python setup.py install`
 - `cd examples && python smbclient.py <USER>:<PASS>@<WINDOWS HOST IP>`
+### Microsoft Network Monitor
+In situations where WireShark reports some requests/responses as malformed (not parsed correctly),
+[Microsoft Network Monitor](https://www.microsoft.com/en-us/download/details.aspx?id=4865) can be used instead.
+For example, the `LookupSids` response is not parsed correctly by WireShark, whereas it is by this tool.
+This software can be installed on a Windows machine:
+- Download & install the software
+- Open it
+- Click the `Start` button (or press F5) present at the top bar
+The SMB requests will be present under `All Traffic -> My Traffic -> System (4)`.
 ## License
 `ruby_smb` is released under a 3-clause BSD license. See [LICENSE.txt](LICENSE.txt) for full text.

data/lib/ruby_smb/dcerpc/error.rb CHANGED Viewed

@@ -47,6 +47,9 @@ module RubySMB
       # Raised when an error is returned during a Epm operation
       class EpmError < DcerpcError; end
+      # Raised when an error is returned during an LSARPC operation
+      class LsarpcError < DcerpcError; end
       # Raised when an error is returned during a Dfsnm operation
       class DfsnmError < DcerpcError
         include RubySMB::Error::UnexpectedStatusCode::Mixin

data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarClose Request Packet as defined in
+      # [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
+      class LsarCloseHandleRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        def initialize_instance
+          super
+          @opnum = LSAR_CLOSE_HANDLE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarClose Response Packet as defined in
+      # [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
+      class LsarCloseHandleResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_CLOSE_HANDLE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarLookupSids Request Packet as defined in
+      # [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
+      class LsarLookupSidsRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle           :policy_handle
+        lsapr_sid_enum_buffer  :sid_enum_buffer
+        lsapr_translated_names :translated_names
+        ndr_uint16             :lookup_level
+        ndr_uint32             :mapped_count
+        def initialize_instance
+          super
+          @opnum = LSAR_LOOKUP_SIDS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarLookupSids Response Packet as defined in
+      # [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
+      class LsarLookupSidsResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_referenced_domain_list_ptr :referenced_domains
+        lsapr_translated_names           :translated_names
+        ndr_uint32                       :mapped_count
+        ndr_uint32                       :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_LOOKUP_SIDS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy2 Request Packet as defined in
+      # [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
+      class LsarOpenPolicy2Request < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_wide_stringz_ptr    :system_name
+        lsapr_object_attributes :object_attributes
+        ndr_uint32              :access_mask
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy2 Response Packet as defined in
+      # [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
+      class LsarOpenPolicy2Response < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy Request Packet as defined in
+      # [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
+      class LsarOpenPolicyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_wide_string_ptr     :system_name
+        lsapr_object_attributes :object_attributes
+        ndr_uint32              :access_mask
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy Response Packet as defined in
+      # [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
+      class LsarOpenPolicyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy2 Request Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
+      class LsarQueryInformationPolicy2Request < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :information_class
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy2 Response Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
+      class LsarQueryInformationPolicy2Response < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_policy_information_ptr :policy_information
+        ndr_uint32                   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy Request Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
+      class LsarQueryInformationPolicyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :information_class
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy Response Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
+      class LsarQueryInformationPolicyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_policy_information_ptr :policy_information
+        ndr_uint32                   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY
+        end
+      end
+    end
+  end
+end