ruby_smb 3.3.8 → 3.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +2 -3
- data/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb +28 -0
- data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb +28 -0
- data/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb +24 -0
- data/lib/ruby_smb/dcerpc/netlogon.rb +3 -0
- data/lib/ruby_smb/dcerpc/request.rb +2 -1
- data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb +0 -3
- data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request.rb +25 -0
- data/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response.rb +25 -0
- data/lib/ruby_smb/dcerpc/wkssvc.rb +118 -3
- data/lib/ruby_smb/gss/provider/ntlm.rb +3 -3
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb +0 -8
- data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb +1 -1
- data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb +7 -0
- data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb +71 -0
- data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb +65 -0
- data/spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb +58 -1
- data.tar.gz.sig +0 -0
- metadata +13 -2
- metadata.gz.sig +0 -0
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 07f6abd7129c406c8b1c008c686eef226b8fa385fa06be6eec900b95b4f97a32
|
4
|
+
data.tar.gz: 4ddc7ee9c516a1649faa15ad4316e36149aa4304c4dc176dfd5234f46f9218be
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: e948d03583b517435a912b4ea07086ee0bff1fc07c0f65f0ea89e51ec10ee4ab2074d33a82c4f774656909c938331a7080fb521e5e65989bb301e10cd80d1bf5
|
7
|
+
data.tar.gz: 2f964acae7e74b25cb49e3d47ea125d4f4669f3f8868b9e895bb2f63be9e465e3fc1021e6695a1b837616a0f92419708ff4af6cb894b630d0b6292c95e3b4599
|
checksums.yaml.gz.sig
CHANGED
@@ -1,3 +1,2 @@
|
|
1
|
-
�
|
2
|
-
|
3
|
-
ގ�?�jU"#8<�.��N����orp΄�s�Su��+�-I_>�3�j9*!��Ґ��^�o�C&���ȇ1q�t��6
|
1
|
+
g;j̢����2�Dy�o��@}A�!��Y�,Y��R�J��㮿�W�;6)�/�t��z}���$L�"�9�I&�V@�#8��5<�-6�b����"�ڟ��X&��,vATܰt�[��x�'\?�1�� ��k�%��c��'(�3���u�l𥧥������P��P�K�����(��uJ�U�'>xt��cVD�v�$��R��l�3��X��2�=@�5GOT8�{U�;�P����9ܨoZɀ��"��>5�ӫ.������:垍?ί\�(x��Aj*�ۣ�1�a�H7�!Q��%�Ǘ����.�:[��4V�Tu�%p�6:��{�Kc�?x� Z�II�{��
|
2
|
+
��Z���^w�VMo�����
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
|
3
|
+
module RubySMB
|
4
|
+
module Dcerpc
|
5
|
+
module Netlogon
|
6
|
+
|
7
|
+
# [2.2.1.2.1 DOMAIN_CONTROLLER_INFOW](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/9b85a7a4-8d34-4b9e-9500-bf8644ebfc06)
|
8
|
+
class DomainControllerInfoW < Ndr::NdrStruct
|
9
|
+
default_parameters byte_align: 4
|
10
|
+
endian :little
|
11
|
+
|
12
|
+
ndr_wide_stringz_ptr :domain_controller_name
|
13
|
+
ndr_wide_stringz_ptr :domain_controller_address
|
14
|
+
ndr_uint32 :domain_controller_address_type
|
15
|
+
uuid :domain_guid
|
16
|
+
ndr_wide_stringz_ptr :domain_name
|
17
|
+
ndr_wide_stringz_ptr :dns_forest_name
|
18
|
+
ndr_uint32 :flags
|
19
|
+
ndr_wide_stringz_ptr :dc_site_name
|
20
|
+
ndr_wide_stringz_ptr :client_site_name
|
21
|
+
end
|
22
|
+
|
23
|
+
class DomainControllerInfoWPtr < DomainControllerInfoW
|
24
|
+
extend Ndr::PointerClassPlugin
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
|
3
|
+
module RubySMB
|
4
|
+
module Dcerpc
|
5
|
+
module Netlogon
|
6
|
+
|
7
|
+
# [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620)
|
8
|
+
class DsrGetDcNameEx2Request < BinData::Record
|
9
|
+
attr_reader :opnum
|
10
|
+
|
11
|
+
endian :little
|
12
|
+
|
13
|
+
logonsrv_handle :computer_name
|
14
|
+
ndr_wide_stringz_ptr :account_name
|
15
|
+
ndr_uint32 :allowable_account_control_bits
|
16
|
+
ndr_wide_stringz_ptr :domain_name
|
17
|
+
uuid_ptr :domain_guid
|
18
|
+
ndr_wide_stringz_ptr :site_name
|
19
|
+
ndr_uint32 :flags
|
20
|
+
|
21
|
+
def initialize_instance
|
22
|
+
super
|
23
|
+
@opnum = DSR_GET_DC_NAME_EX2
|
24
|
+
end
|
25
|
+
end
|
26
|
+
end
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,24 @@
|
|
1
|
+
require 'ruby_smb/dcerpc/ndr'
|
2
|
+
require 'ruby_smb/dcerpc/netlogon/domain_controller_infow'
|
3
|
+
|
4
|
+
module RubySMB
|
5
|
+
module Dcerpc
|
6
|
+
module Netlogon
|
7
|
+
|
8
|
+
# [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620)
|
9
|
+
class DsrGetDcNameEx2Response < BinData::Record
|
10
|
+
attr_reader :opnum
|
11
|
+
|
12
|
+
endian :little
|
13
|
+
|
14
|
+
domain_controller_info_w_ptr :domain_controller_info
|
15
|
+
ndr_uint32 :error_status
|
16
|
+
|
17
|
+
def initialize_instance
|
18
|
+
super
|
19
|
+
@opnum = DSR_GET_DC_NAME_EX2
|
20
|
+
end
|
21
|
+
end
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
@@ -11,6 +11,7 @@ module RubySMB
|
|
11
11
|
NETR_SERVER_REQ_CHALLENGE = 4
|
12
12
|
NETR_SERVER_AUTHENTICATE3 = 26
|
13
13
|
NETR_SERVER_PASSWORD_SET2 = 30
|
14
|
+
DSR_GET_DC_NAME_EX2 = 34
|
14
15
|
|
15
16
|
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640
|
16
17
|
class LogonsrvHandle < Ndr::NdrWideStringzPtr; end
|
@@ -65,6 +66,8 @@ module RubySMB
|
|
65
66
|
require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_response'
|
66
67
|
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request'
|
67
68
|
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response'
|
69
|
+
require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request'
|
70
|
+
require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response'
|
68
71
|
|
69
72
|
# Calculate the netlogon session key from the provided shared secret and
|
70
73
|
# challenges. The shared secret is an NTLM hash.
|
@@ -80,7 +80,8 @@ module RubySMB
|
|
80
80
|
string :default
|
81
81
|
end
|
82
82
|
choice 'Wkssvc', selection: -> { opnum } do
|
83
|
-
netr_wksta_get_info_request
|
83
|
+
netr_wksta_get_info_request Wkssvc::NETR_WKSTA_GET_INFO
|
84
|
+
netr_wksta_user_enum_request Wkssvc::NETR_WKSTA_USER_ENUM
|
84
85
|
string :default
|
85
86
|
end
|
86
87
|
choice 'Epm', selection: -> { opnum } do
|
@@ -2,9 +2,6 @@ module RubySMB
|
|
2
2
|
module Dcerpc
|
3
3
|
module Wkssvc
|
4
4
|
|
5
|
-
# [2.2.2.1 WKSSVC_IDENTIFY_HANDLE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/9ef94a11-0e5c-49d7-9ac7-68d6f03565de)
|
6
|
-
class WkssvcIdentifyHandle < Ndr::NdrWideStringPtr; end
|
7
|
-
|
8
5
|
# [3.2.4.1 NetrWkstaGetInfo (Opnum 0)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
|
9
6
|
class NetrWkstaGetInfoRequest < BinData::Record
|
10
7
|
attr_reader :opnum
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Wkssvc
|
4
|
+
|
5
|
+
# [3.2.4.3 NetrWkstaUserEnum (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
|
6
|
+
class NetrWkstaUserEnumRequest < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
wkssvc_identify_handle :server_name
|
12
|
+
wksta_user_enum_structure :user_info
|
13
|
+
ndr_uint32 :preferred_max_length, initial_value: 0xFFFFFFFF
|
14
|
+
ndr_uint32_ptr :result_handle, initial_value: 0
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = NETR_WKSTA_USER_ENUM
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module Wkssvc
|
4
|
+
|
5
|
+
# [3.2.4.3 NetrWkstaUserEnum (Opnum 2)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4af41d6f-b800-4de1-af5b-0b15a85f8e04)
|
6
|
+
class NetrWkstaUserEnumResponse < BinData::Record
|
7
|
+
attr_reader :opnum
|
8
|
+
|
9
|
+
endian :little
|
10
|
+
|
11
|
+
wksta_user_enum_structure :user_info
|
12
|
+
ndr_uint32_ptr :total_entries
|
13
|
+
ndr_uint32_ptr :result_handle
|
14
|
+
ndr_uint32 :error_status
|
15
|
+
|
16
|
+
def initialize_instance
|
17
|
+
super
|
18
|
+
@opnum = NETR_WKSTA_USER_ENUM
|
19
|
+
end
|
20
|
+
end
|
21
|
+
|
22
|
+
end
|
23
|
+
end
|
24
|
+
end
|
25
|
+
|
@@ -7,7 +7,8 @@ module RubySMB
|
|
7
7
|
VER_MINOR = 0
|
8
8
|
|
9
9
|
# Operation numbers
|
10
|
-
NETR_WKSTA_GET_INFO
|
10
|
+
NETR_WKSTA_GET_INFO = 0x0000
|
11
|
+
NETR_WKSTA_USER_ENUM = 0x0002
|
11
12
|
|
12
13
|
PLATFORM_ID = {
|
13
14
|
0x0000012C => "DOS",
|
@@ -23,9 +24,85 @@ module RubySMB
|
|
23
24
|
WKSTA_INFO_102 = 0x00000066
|
24
25
|
#TODO: WKSTA_INFO_502 = 0x000001F6
|
25
26
|
|
27
|
+
# User Enum Information Level
|
28
|
+
WKSTA_USER_INFO_0 = 0x00000000
|
29
|
+
WKSTA_USER_INFO_1 = 0x00000001
|
30
|
+
|
31
|
+
# [2.2.2.1 WKSSVC_IDENTIFY_HANDLE](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/9ef94a11-0e5c-49d7-9ac7-68d6f03565de)
|
32
|
+
class WkssvcIdentifyHandle < Ndr::NdrWideStringzPtr; end
|
33
|
+
|
34
|
+
# [2.2.5.9 WKSTA_USER_INFO_0](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/b7c53c6f-8b92-4e5d-9a2e-6462cb4ef1ac)
|
35
|
+
class WkstaUserInfo0 < Ndr::NdrStruct
|
36
|
+
default_parameter byte_align: 4
|
37
|
+
endian :little
|
38
|
+
|
39
|
+
ndr_wide_stringz_ptr :wkui0_username
|
40
|
+
end
|
41
|
+
|
42
|
+
class WkstaUserInfo0ArrayPtr < Ndr::NdrConfArray
|
43
|
+
default_parameter type: :wksta_user_info0
|
44
|
+
extend Ndr::PointerClassPlugin
|
45
|
+
end
|
46
|
+
|
47
|
+
# [2.2.5.12 WKSTA_USER_INFO_0_CONTAINER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/0b0cff8f-09bc-43a8-b0d3-88f0bf7e3664)
|
48
|
+
class WkstaUserInfo0Container < Ndr::NdrStruct
|
49
|
+
default_parameter byte_align: 4
|
50
|
+
endian :little
|
51
|
+
|
52
|
+
ndr_uint32 :wkui0_entries_read
|
53
|
+
wksta_user_info0_array_ptr :wkui0_buffer
|
54
|
+
end
|
55
|
+
|
56
|
+
class PwkstaUserInfo0Container < WkstaUserInfo0Container
|
57
|
+
extend Ndr::PointerClassPlugin
|
58
|
+
end
|
59
|
+
|
60
|
+
# [2.2.5.10 WKSTA_USER_INFO_1](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/c37b9606-866f-40ac-9490-57b8334968e2)
|
61
|
+
class WkstaUserInfo1 < Ndr::NdrStruct
|
62
|
+
default_parameter byte_align: 4
|
63
|
+
endian :little
|
64
|
+
|
65
|
+
ndr_wide_stringz_ptr :wkui1_username
|
66
|
+
ndr_wide_stringz_ptr :wkui1_logon_domain
|
67
|
+
ndr_wide_stringz_ptr :wkui1_oth_domains
|
68
|
+
ndr_wide_stringz_ptr :wkui1_logon_server
|
69
|
+
end
|
70
|
+
|
71
|
+
class WkstaUserInfo1ArrayPtr < Ndr::NdrConfArray
|
72
|
+
default_parameter type: :wksta_user_info1
|
73
|
+
extend Ndr::PointerClassPlugin
|
74
|
+
end
|
75
|
+
|
76
|
+
# [2.2.5.13 WKSTA_USER_INFO_1_CONTAINER](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/22a813e4-fc7d-4fe3-a6d6-78debfd2c0c9)
|
77
|
+
class WkstaUserInfo1Container < Ndr::NdrStruct
|
78
|
+
default_parameter byte_align: 4
|
79
|
+
endian :little
|
80
|
+
|
81
|
+
ndr_uint32 :wkui1_entries_read
|
82
|
+
wksta_user_info1_array_ptr :wkui1_buffer
|
83
|
+
end
|
84
|
+
|
85
|
+
class PwkstaUserInfo1Container < WkstaUserInfo1Container
|
86
|
+
extend Ndr::PointerClassPlugin
|
87
|
+
end
|
88
|
+
|
89
|
+
# [2.2.5.14 WKSTA_USER_ENUM_STRUCT](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-wkst/4041455a-52be-4389-a4fc-82fea3cb3160)
|
90
|
+
class WkstaUserEnumStructure < Ndr::NdrStruct
|
91
|
+
default_parameter byte_align: 4
|
92
|
+
endian :little
|
93
|
+
|
94
|
+
ndr_uint32 :level
|
95
|
+
ndr_uint32 :tag, value: -> { self.level }
|
96
|
+
choice :info, selection: :level, byte_align: 4 do
|
97
|
+
pwksta_user_info0_container WKSTA_USER_INFO_0
|
98
|
+
pwksta_user_info1_container WKSTA_USER_INFO_1
|
99
|
+
end
|
100
|
+
end
|
26
101
|
|
27
102
|
require 'ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request'
|
28
103
|
require 'ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response'
|
104
|
+
require 'ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request'
|
105
|
+
require 'ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response'
|
29
106
|
|
30
107
|
# Returns details about a computer environment, including
|
31
108
|
# platform-specific information, the names of the domain and local
|
@@ -33,14 +110,14 @@ module RubySMB
|
|
33
110
|
#
|
34
111
|
# @param server_name [optional, String] String that identifies the server (optional
|
35
112
|
# since it is ignored by the server)
|
36
|
-
# @param
|
113
|
+
# @param level [optional, Integer] The information level of the data (default: WKSTA_INFO_100)
|
37
114
|
# @return [RubySMB::Dcerpc::Wkssvc::WkstaInfo100, RubySMB::Dcerpc::Wkssvc::WkstaInfo101,
|
38
115
|
# RubySMB::Dcerpc::Wkssvc::WkstaInfo102] The structure containing the requested information
|
39
116
|
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
|
40
117
|
# NetrWkstaGetInfoResponse packet
|
41
118
|
# @raise [RubySMB::Dcerpc::Error::WkssvcError] if the response error status
|
42
119
|
# is not STATUS_SUCCESS
|
43
|
-
def netr_wksta_get_info(server_name:
|
120
|
+
def netr_wksta_get_info(server_name: '', level: WKSTA_INFO_100)
|
44
121
|
wkst_netr_wksta_get_info_request = NetrWkstaGetInfoRequest.new(
|
45
122
|
server_name: server_name,
|
46
123
|
level: level
|
@@ -59,6 +136,44 @@ module RubySMB
|
|
59
136
|
wkst_netr_wksta_get_info_response.wksta_info.info
|
60
137
|
end
|
61
138
|
|
139
|
+
# Returns details about users who are currently active on a remote computer.
|
140
|
+
#
|
141
|
+
# @param server_name [optional, String] String that identifies the server (optional
|
142
|
+
# since it is ignored by the server)
|
143
|
+
# @param level [optional, Integer] The information level of the data (default: WKSTA_USER_INFO_0)
|
144
|
+
# @return [RubySMB::Dcerpc::Wkssvc::WkstaUserInfo0, RubySMB::Dcerpc::Wkssvc::WkstaUserInfo1]
|
145
|
+
# The structure containing the requested information
|
146
|
+
# @raise [RubySMB::Dcerpc::Error::InvalidPacket] if the response is not a
|
147
|
+
# NetrWkstaGetInfoResponse packet
|
148
|
+
# @raise [RubySMB::Dcerpc::Error::WkssvcError] if the response error status
|
149
|
+
# is not STATUS_SUCCESS
|
150
|
+
def netr_wksta_user_enum(server_name: '', level: WKSTA_USER_INFO_0)
|
151
|
+
wkst_netr_wksta_enum_user_request = NetrWkstaUserEnumRequest.new(
|
152
|
+
server_name: server_name,
|
153
|
+
user_info: {
|
154
|
+
level: level,
|
155
|
+
tag: level,
|
156
|
+
info: {
|
157
|
+
wkui0_entries_read: 0,
|
158
|
+
},
|
159
|
+
},
|
160
|
+
preferred_max_length: 0xFFFFFFFF,
|
161
|
+
result_handle: 0
|
162
|
+
)
|
163
|
+
response = dcerpc_request(wkst_netr_wksta_enum_user_request)
|
164
|
+
begin
|
165
|
+
wkst_netr_wksta_enum_user_response = NetrWkstaUserEnumResponse.read(response)
|
166
|
+
rescue IOError
|
167
|
+
raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading WkstNetrWkstaUserEnumResponse'
|
168
|
+
end
|
169
|
+
unless wkst_netr_wksta_enum_user_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
|
170
|
+
raise RubySMB::Dcerpc::Error::WkssvcError,
|
171
|
+
"Error returned with netr_wksta_enum_user: #{wkst_netr_wksta_enum_user_response.error_status.value} - "\
|
172
|
+
"#{WindowsError::NTStatus.find_by_retval(wkst_netr_wksta_enum_user_response.error_status.value).join(',')}"
|
173
|
+
end
|
174
|
+
wkst_netr_wksta_enum_user_response.user_info.info
|
175
|
+
end
|
176
|
+
|
62
177
|
end
|
63
178
|
end
|
64
179
|
end
|
@@ -155,9 +155,9 @@ module RubySMB
|
|
155
155
|
their_blob = type3_msg.ntlm_response[digest.digest_length..-1]
|
156
156
|
|
157
157
|
ntlmv2_hash = Net::NTLM.ntlmv2_hash(
|
158
|
-
|
159
|
-
|
160
|
-
|
158
|
+
Net::NTLM::EncodeUtil.encode_utf16le(account.username),
|
159
|
+
Net::NTLM::EncodeUtil.encode_utf16le(account.password),
|
160
|
+
type3_msg.domain.force_encoding('ASCII-8BIT'), # don't use the account domain because of the special '.' value
|
161
161
|
{client_challenge: their_blob[16...24], unicode: true}
|
162
162
|
)
|
163
163
|
|
data/lib/ruby_smb/version.rb
CHANGED
@@ -1,11 +1,3 @@
|
|
1
|
-
RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
|
2
|
-
subject(:packet) { described_class.new }
|
3
|
-
|
4
|
-
it 'is a Ndr::NdrWideStringPtr' do
|
5
|
-
expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringPtr)
|
6
|
-
end
|
7
|
-
end
|
8
|
-
|
9
1
|
RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaGetInfoRequest do
|
10
2
|
subject(:packet) { described_class.new }
|
11
3
|
|
@@ -305,7 +305,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc::LpwkstaInfo do
|
|
305
305
|
it 'is little endian' do
|
306
306
|
expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
|
307
307
|
end
|
308
|
-
it '
|
308
|
+
it 'is a Ndr::NdrStruct' do
|
309
309
|
expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrStruct
|
310
310
|
end
|
311
311
|
describe '#level' do
|
@@ -0,0 +1,71 @@
|
|
1
|
+
RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumRequest do
|
2
|
+
subject(:packet) { described_class.new }
|
3
|
+
|
4
|
+
def random_str(nb = 8)
|
5
|
+
nb.times.map { rand('a'.ord..'z'.ord).chr }.join
|
6
|
+
end
|
7
|
+
|
8
|
+
it { is_expected.to respond_to :server_name }
|
9
|
+
it { is_expected.to respond_to :user_info }
|
10
|
+
it { is_expected.to respond_to :preferred_max_length }
|
11
|
+
it { is_expected.to respond_to :result_handle }
|
12
|
+
it { is_expected.to respond_to :opnum }
|
13
|
+
|
14
|
+
it 'is little endian' do
|
15
|
+
expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
|
16
|
+
end
|
17
|
+
it 'is a BinData::Record' do
|
18
|
+
expect(packet).to be_a(BinData::Record)
|
19
|
+
end
|
20
|
+
describe '#server_name' do
|
21
|
+
it 'is a WkssvcIdentifyHandle structure' do
|
22
|
+
expect(packet.server_name).to be_a RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle
|
23
|
+
end
|
24
|
+
end
|
25
|
+
describe '#user_info' do
|
26
|
+
it 'is a WkstaUserEnumStructure structure' do
|
27
|
+
expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
|
28
|
+
end
|
29
|
+
end
|
30
|
+
describe '#preferred_max_length' do
|
31
|
+
it 'is a NdrUint32 structure' do
|
32
|
+
expect(packet.preferred_max_length).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
|
33
|
+
end
|
34
|
+
|
35
|
+
it 'has a default value of 0xFFFFFFFF' do
|
36
|
+
expect(packet.preferred_max_length).to eq(0xFFFFFFFF)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
describe '#result_handle' do
|
40
|
+
it 'is a NdrUint32Ptr structure' do
|
41
|
+
expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
|
42
|
+
end
|
43
|
+
|
44
|
+
it 'has a default value of 0' do
|
45
|
+
expect(packet.result_handle).to eq(0)
|
46
|
+
end
|
47
|
+
end
|
48
|
+
describe '#initialize_instance' do
|
49
|
+
it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
|
50
|
+
expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
|
51
|
+
end
|
52
|
+
end
|
53
|
+
it 'reads itself' do
|
54
|
+
packet = described_class.new(
|
55
|
+
server_name: 'TestServer',
|
56
|
+
user_info: {
|
57
|
+
level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_0,
|
58
|
+
info: {
|
59
|
+
wkui0_entries_read: 1,
|
60
|
+
wkui0_buffer: [{
|
61
|
+
wkui0_username: random_str
|
62
|
+
}],
|
63
|
+
},
|
64
|
+
},
|
65
|
+
preferred_max_length: 0xFFFFFFFF,
|
66
|
+
result_handle: 0
|
67
|
+
)
|
68
|
+
binary = packet.to_binary_s
|
69
|
+
expect(described_class.read(binary)).to eq(packet)
|
70
|
+
end
|
71
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumResponse do
|
2
|
+
subject(:packet) { described_class.new }
|
3
|
+
|
4
|
+
def random_str(nb = 8)
|
5
|
+
nb.times.map { rand('a'.ord..'z'.ord).chr }.join
|
6
|
+
end
|
7
|
+
|
8
|
+
it { is_expected.to respond_to :user_info }
|
9
|
+
it { is_expected.to respond_to :total_entries }
|
10
|
+
it { is_expected.to respond_to :result_handle }
|
11
|
+
it { is_expected.to respond_to :error_status }
|
12
|
+
|
13
|
+
it 'is little endian' do
|
14
|
+
expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
|
15
|
+
end
|
16
|
+
it 'is a BinData::Record' do
|
17
|
+
expect(packet).to be_a(BinData::Record)
|
18
|
+
end
|
19
|
+
describe '#user_info' do
|
20
|
+
it 'is a WkstaUserEnumStructure structure' do
|
21
|
+
expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
|
22
|
+
end
|
23
|
+
end
|
24
|
+
describe '#total_entries' do
|
25
|
+
it 'is a NdrUint32Ptr structure' do
|
26
|
+
expect(packet.total_entries).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
|
27
|
+
end
|
28
|
+
end
|
29
|
+
describe '#result_handle' do
|
30
|
+
it 'is a NdrUint32Ptr structure' do
|
31
|
+
expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
|
32
|
+
end
|
33
|
+
end
|
34
|
+
describe '#error_status' do
|
35
|
+
it 'is a NdrUint32 structure' do
|
36
|
+
expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
|
37
|
+
end
|
38
|
+
end
|
39
|
+
describe '#initialize_instance' do
|
40
|
+
it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
|
41
|
+
expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
|
42
|
+
end
|
43
|
+
end
|
44
|
+
it 'reads itself' do
|
45
|
+
packet = described_class.new(
|
46
|
+
user_info: {
|
47
|
+
level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_1,
|
48
|
+
info: {
|
49
|
+
wkui1_entries_read: 1,
|
50
|
+
wkui1_buffer: [{
|
51
|
+
wkui1_username: random_str,
|
52
|
+
wkui1_logon_domain: random_str,
|
53
|
+
wkui1_oth_domains: random_str,
|
54
|
+
wkui1_logon_server: random_str
|
55
|
+
}],
|
56
|
+
},
|
57
|
+
},
|
58
|
+
total_entries: 1,
|
59
|
+
result_handle: 0,
|
60
|
+
error_status: 0
|
61
|
+
)
|
62
|
+
binary = packet.to_binary_s
|
63
|
+
expect(described_class.read(binary)).to eq(packet)
|
64
|
+
end
|
65
|
+
end
|
@@ -1,3 +1,11 @@
|
|
1
|
+
RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
|
2
|
+
subject(:packet) { described_class.new }
|
3
|
+
|
4
|
+
it 'is a Ndr::NdrWideStringzPtr' do
|
5
|
+
expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringzPtr)
|
6
|
+
end
|
7
|
+
end
|
8
|
+
|
1
9
|
RSpec.describe RubySMB::Dcerpc::Wkssvc do
|
2
10
|
let(:wkssvc) do
|
3
11
|
RubySMB::SMB1::Pipe.new(
|
@@ -23,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
|
|
23
31
|
it 'sets the request with the expected values' do
|
24
32
|
wkssvc.netr_wksta_get_info
|
25
33
|
expect(described_class::NetrWkstaGetInfoRequest).to have_received(:new).with(
|
26
|
-
server_name:
|
34
|
+
server_name: '',
|
27
35
|
level: described_class::WKSTA_INFO_100
|
28
36
|
)
|
29
37
|
end
|
@@ -67,4 +75,53 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
|
|
67
75
|
end
|
68
76
|
end
|
69
77
|
end
|
78
|
+
|
79
|
+
describe '#netr_wksta_user_enum' do
|
80
|
+
let(:wkst_netr_wksta_user_enum_request) { double('NetrWkstaUserEnumRequest') }
|
81
|
+
let(:response) { double('Response') }
|
82
|
+
let(:wkst_netr_wksta_user_enum_response) { double('NetrWkstaUserEnumResponse') }
|
83
|
+
let(:info) { double('info') }
|
84
|
+
before :example do
|
85
|
+
allow(described_class::NetrWkstaUserEnumRequest).to receive(:new).and_return(wkst_netr_wksta_user_enum_request)
|
86
|
+
allow(wkssvc).to receive(:dcerpc_request).and_return(response)
|
87
|
+
allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_return(wkst_netr_wksta_user_enum_response)
|
88
|
+
allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
|
89
|
+
allow(wkst_netr_wksta_user_enum_response).to receive_message_chain(:user_info, :info => info)
|
90
|
+
end
|
91
|
+
|
92
|
+
it 'sets the request with the expected values' do
|
93
|
+
wkssvc.netr_wksta_user_enum
|
94
|
+
expect(described_class::NetrWkstaUserEnumRequest).to have_received(:new).with(
|
95
|
+
server_name: '',
|
96
|
+
user_info: {
|
97
|
+
level: described_class::WKSTA_USER_INFO_0,
|
98
|
+
tag: described_class::WKSTA_USER_INFO_0,
|
99
|
+
info: {
|
100
|
+
wkui0_entries_read: 0,
|
101
|
+
},
|
102
|
+
},
|
103
|
+
preferred_max_length: 0xFFFFFFFF,
|
104
|
+
result_handle: 0
|
105
|
+
)
|
106
|
+
end
|
107
|
+
it 'send the expected request structure' do
|
108
|
+
wkssvc.netr_wksta_user_enum
|
109
|
+
expect(wkssvc).to have_received(:dcerpc_request).with(wkst_netr_wksta_user_enum_request)
|
110
|
+
end
|
111
|
+
context 'when an IOError occurs while parsing the response' do
|
112
|
+
it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
|
113
|
+
allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_raise(IOError)
|
114
|
+
expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
|
115
|
+
end
|
116
|
+
end
|
117
|
+
context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
|
118
|
+
it 'raises a RubySMB::Dcerpc::Error::WinregError' do
|
119
|
+
allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
|
120
|
+
expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::WkssvcError)
|
121
|
+
end
|
122
|
+
end
|
123
|
+
it 'returns the expected handler' do
|
124
|
+
expect(wkssvc.netr_wksta_user_enum).to eq(info)
|
125
|
+
end
|
126
|
+
end
|
70
127
|
end
|
data.tar.gz.sig
CHANGED
Binary file
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: ruby_smb
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 3.3.
|
4
|
+
version: 3.3.10
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Metasploit Hackers
|
@@ -38,7 +38,7 @@ cert_chain:
|
|
38
38
|
DgscAao7wB3xW2BWEp1KnaDWkf1x9ttgoBEYyuYwU7uatB67kBQG1PKvLt79wHvz
|
39
39
|
Dxs+KOjGbBRfMnPgVGYkORKVrZIwlaboHbDKxcVW5xv+oZc7KYXWGg==
|
40
40
|
-----END CERTIFICATE-----
|
41
|
-
date: 2024-
|
41
|
+
date: 2024-09-11 00:00:00.000000000 Z
|
42
42
|
dependencies:
|
43
43
|
- !ruby/object:Gem::Dependency
|
44
44
|
name: redcarpet
|
@@ -295,6 +295,9 @@ files:
|
|
295
295
|
- lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb
|
296
296
|
- lib/ruby_smb/dcerpc/ndr.rb
|
297
297
|
- lib/ruby_smb/dcerpc/netlogon.rb
|
298
|
+
- lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb
|
299
|
+
- lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb
|
300
|
+
- lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb
|
298
301
|
- lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb
|
299
302
|
- lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb
|
300
303
|
- lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb
|
@@ -406,6 +409,8 @@ files:
|
|
406
409
|
- lib/ruby_smb/dcerpc/wkssvc.rb
|
407
410
|
- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request.rb
|
408
411
|
- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response.rb
|
412
|
+
- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request.rb
|
413
|
+
- lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response.rb
|
409
414
|
- lib/ruby_smb/dialect.rb
|
410
415
|
- lib/ruby_smb/dispatcher.rb
|
411
416
|
- lib/ruby_smb/dispatcher/base.rb
|
@@ -776,6 +781,9 @@ files:
|
|
776
781
|
- spec/lib/ruby_smb/dcerpc/winreg_spec.rb
|
777
782
|
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb
|
778
783
|
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb
|
784
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb
|
785
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb
|
786
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb
|
779
787
|
- spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb
|
780
788
|
- spec/lib/ruby_smb/dcerpc_spec.rb
|
781
789
|
- spec/lib/ruby_smb/dispatcher/base_spec.rb
|
@@ -1117,6 +1125,9 @@ test_files:
|
|
1117
1125
|
- spec/lib/ruby_smb/dcerpc/winreg_spec.rb
|
1118
1126
|
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb
|
1119
1127
|
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb
|
1128
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb
|
1129
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb
|
1130
|
+
- spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb
|
1120
1131
|
- spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb
|
1121
1132
|
- spec/lib/ruby_smb/dcerpc_spec.rb
|
1122
1133
|
- spec/lib/ruby_smb/dispatcher/base_spec.rb
|
metadata.gz.sig
CHANGED
Binary file
|