ruby_smb 3.3.9 → 3.3.11

data/lib/ruby_smb/ntlm/client.rb

@@ -1,78 +1,7 @@
 module RubySMB::NTLM
-  module Message
-    def deflag
-      security_buffers.inject(head_size) do |cur, a|
-        a[1].offset = cur
-        cur += a[1].data_size
-        has_flag?(:UNICODE) ? cur + cur % 2 : cur
-      end
-    end
-
-    def serialize
-      deflag
-      @alist.map { |n, f| f.serialize }.join + security_buffers.map { |n, f| f.value + (has_flag?(:UNICODE) ? "\x00".b * (f.value.length % 2) : '') }.join
-    end
-  end
-
   class Client < Net::NTLM::Client
-    class Session < Net::NTLM::Client::Session
-      def authenticate!
-        calculate_user_session_key!
-        type3_opts = {
-          :lm_response   => is_anonymous? ? "\x00".b : lmv2_resp,
-          :ntlm_response => is_anonymous? ? '' : ntlmv2_resp,
-          :domain        => domain,
-          :user          => username,
-          :workstation   => workstation,
-          :flag          => (challenge_message.flag & client.flags)
-        }
-        t3 = Net::NTLM::Message::Type3.create type3_opts
-        t3.extend(Message)
-        if negotiate_key_exchange?
-          t3.enable(:session_key)
-          rc4 = OpenSSL::Cipher.new("rc4")
-          rc4.encrypt
-          rc4.key = user_session_key
-          sk = rc4.update exported_session_key
-          sk << rc4.final
-          t3.session_key = sk
-        end
-        t3
-      end
-
-      def is_anonymous?
-        username == '' && password == ''
-      end
-
-      private
-
-      def use_oem_strings?
-        # @see https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832
-        !challenge_message.has_flag?(:UNICODE) && challenge_message.has_flag?(:OEM)
-      end
-
-      def ntlmv2_hash
-        @ntlmv2_hash ||= RubySMB::NTLM.ntlmv2_hash(username, password, domain, {:client_challenge => client_challenge, :unicode => !use_oem_strings?})
-      end
-
-      def calculate_user_session_key!
-        if is_anonymous?
-          # see MS-NLMP section 3.4
-          @user_session_key = "\x00".b * 16
-        else
-          @user_session_key = OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmv2_hash, nt_proof_str)
-        end
-      end
-    end
-
-    def init_context(resp = nil, channel_binding = nil)
-      if resp.nil?
-        @session = nil
-        type1_message
-      else
-        @session = Client::Session.new(self, Net::NTLM::Message.decode64(resp), channel_binding)
-        @session.authenticate!
-      end
-    end
+    # There was a bunch of code in here that was necessary in versions up to and including rubyntlm version 0.6.3.
+    # The class is kept because there are references to it that should be kept in place in case future alterations to
+    # rubyntlm are required.
   end
 end

data/lib/ruby_smb/ntlm.rb

@@ -1,5 +1,3 @@
-require 'ruby_smb/ntlm/custom/string_encoder'
-
 module RubySMB
   module NTLM
     # [[MS-NLMP] 2.2.2.5](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nlmp/99d90ff4-957f-4c8a-80e4-5bfe5a9a9832)
@@ -58,41 +56,6 @@ module RubySMB
         "Version #{major}.#{minor} (Build #{build}); NTLM Current Revision #{ntlm_revision}"
       end
     end
-
-    class << self
-
-      # Generate a NTLMv2 Hash
-      # @param [String] user The username
-      # @param [String] password The password
-      # @param [String] target The domain or workstation to authenticate to
-      # @option opt :unicode (false) Unicode encode the domain
-      def ntlmv2_hash(user, password, target, opt={})
-        if Net::NTLM.is_ntlm_hash? password
-          decoded_password = Net::NTLM::EncodeUtil.decode_utf16le(password)
-          ntlmhash = [decoded_password.upcase[33,65]].pack('H32')
-        else
-          ntlmhash = Net::NTLM.ntlm_hash(password, opt)
-        end
-
-        if opt[:unicode]
-          # Uppercase operation on username containing non-ASCII characters
-          # after being unicode encoded with `EncodeUtil.encode_utf16le`
-          # doesn't play well. Upcase should be done before encoding.
-          user_upcase = Net::NTLM::EncodeUtil.decode_utf16le(user).upcase
-          user_upcase = Net::NTLM::EncodeUtil.encode_utf16le(user_upcase)
-        else
-          user_upcase = user.upcase
-        end
-        userdomain = user_upcase + target
-
-        unless opt[:unicode]
-          userdomain = Net::NTLM::EncodeUtil.encode_utf16le(userdomain)
-        end
-        OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, ntlmhash, userdomain)
-      end
-
-    end
-
   end
 end
 

data/lib/ruby_smb/server/server_client/tree_connect.rb

@@ -7,7 +7,7 @@ module RubySMB
           # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-cifs/b062f3e3-1b65-4a9a-854a-0ee432499d8f
           response = RubySMB::SMB1::Packet::TreeConnectResponse.new
 
-          share_name = RubySMB::Utils.safe_encode(request.data_block.path, 'UTF-8').split('\\', 4).last
+          share_name = request.data_block.path.split('\\', 4).last
           share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
           if share_provider.nil?
             logger.warn("Received TREE_CONNECT request for non-existent share: #{share_name}")
@@ -51,7 +51,7 @@ module RubySMB
             return response
           end
 
-          share_name = RubySMB::Utils.safe_encode(request.path, 'UTF-8').split('\\', 4).last
+          share_name = request.path.encode.split('\\', 4).last
           share_provider = @server.shares.transform_keys(&:downcase)[share_name.downcase]
 
           if share_provider.nil?

data/lib/ruby_smb/version.rb

@@ -1,3 +1,3 @@
 module RubySMB
-  VERSION = '3.3.9'.freeze
+  VERSION = '3.3.11'.freeze
 end

data/lib/ruby_smb.rb

@@ -6,13 +6,11 @@ require 'openssl/ccm'
 require 'openssl/cmac'
 require 'windows_error'
 require 'windows_error/nt_status'
-require 'ruby_smb/ntlm/custom/string_encoder'
 # A packet parsing and manipulation library for the SMB1 and SMB2 protocols
 #
 # [[MS-SMB] Server Message Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
 # [[MS-SMB2] Server Message Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
 module RubySMB
-  require 'ruby_smb/utils'
   require 'ruby_smb/error'
   require 'ruby_smb/create_actions'
   require 'ruby_smb/dispositions'

data/ruby_smb.gemspec

@@ -6,7 +6,14 @@ require 'ruby_smb/version'
 Gem::Specification.new do |spec|
   spec.name          = 'ruby_smb'
   spec.version       = RubySMB::VERSION
-  spec.authors       = ['Metasploit Hackers', 'David Maloney', 'James Lee', 'Dev Mohanty', 'Christophe De La Fuente']
+  spec.authors       = [
+    'Metasploit Hackers',
+    'David Maloney',
+    'James Lee',
+    'Dev Mohanty',
+    'Christophe De La Fuente',
+    'Spencer McIntyre'
+  ]
   spec.email         = ['msfdev@metasploit.com']
   spec.summary       = 'A pure Ruby implementation of the SMB Protocol Family'
   spec.description   = ''
@@ -33,7 +40,7 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rake'
   spec.add_development_dependency 'yard'
 
-  spec.add_runtime_dependency 'rubyntlm'
+  spec.add_runtime_dependency 'rubyntlm', '>= 0.6.5'
   spec.add_runtime_dependency 'windows_error', '>= 0.1.4'
   spec.add_runtime_dependency 'bindata', '2.4.15'
   spec.add_runtime_dependency 'openssl-ccm'

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_request_spec.rb

@@ -1,11 +1,3 @@
-RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
-  subject(:packet) { described_class.new }
-
-  it 'is a Ndr::NdrWideStringPtr' do
-    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringPtr)
-  end
-end
-
 RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaGetInfoRequest do
   subject(:packet) { described_class.new }
 

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_get_info_response_spec.rb

@@ -305,7 +305,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc::LpwkstaInfo do
   it 'is little endian' do
     expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
   end
-  it 'it is a Ndr::NdrStruct' do
+  it 'is a Ndr::NdrStruct' do
     expect(described_class).to be < RubySMB::Dcerpc::Ndr::NdrStruct
   end
   describe '#level' do

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_identity_handle.rb

@@ -0,0 +1,7 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
+  subject(:packet) { described_class.new }
+
+  it 'is a Ndr::NdrWideStringPtr' do
+    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringPtr)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_request_spec.rb

@@ -0,0 +1,71 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumRequest do
+  subject(:packet) { described_class.new }
+
+  def random_str(nb = 8)
+    nb.times.map { rand('a'.ord..'z'.ord).chr }.join
+  end
+
+  it { is_expected.to respond_to :server_name }
+  it { is_expected.to respond_to :user_info }
+  it { is_expected.to respond_to :preferred_max_length }
+  it { is_expected.to respond_to :result_handle }
+  it { is_expected.to respond_to :opnum }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#server_name' do
+    it 'is a WkssvcIdentifyHandle structure' do
+      expect(packet.server_name).to be_a RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle
+    end
+  end
+  describe '#user_info' do
+    it 'is a WkstaUserEnumStructure structure' do
+      expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
+    end
+  end
+  describe '#preferred_max_length' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.preferred_max_length).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+
+    it 'has a default value of 0xFFFFFFFF' do
+      expect(packet.preferred_max_length).to eq(0xFFFFFFFF)
+    end
+  end
+  describe '#result_handle' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+
+    it 'has a default value of 0' do
+      expect(packet.result_handle).to eq(0)
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
+    end
+  end
+  it 'reads itself' do
+    packet = described_class.new(
+      server_name: 'TestServer',
+      user_info: {
+        level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_0,
+        info: {
+          wkui0_entries_read: 1,
+          wkui0_buffer: [{
+            wkui0_username: random_str
+          }],
+        },
+      },
+      preferred_max_length: 0xFFFFFFFF,
+      result_handle: 0
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc/netr_wksta_user_enum_response_spec.rb

@@ -0,0 +1,65 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::NetrWkstaUserEnumResponse do
+  subject(:packet) { described_class.new }
+
+  def random_str(nb = 8)
+    nb.times.map { rand('a'.ord..'z'.ord).chr }.join
+  end
+
+  it { is_expected.to respond_to :user_info }
+  it { is_expected.to respond_to :total_entries }
+  it { is_expected.to respond_to :result_handle }
+  it { is_expected.to respond_to :error_status }
+
+  it 'is little endian' do
+    expect(described_class.fields.instance_variable_get(:@hints)[:endian]).to eq :little
+  end
+  it 'is a BinData::Record' do
+    expect(packet).to be_a(BinData::Record)
+  end
+  describe '#user_info' do
+    it 'is a WkstaUserEnumStructure structure' do
+      expect(packet.user_info).to be_a RubySMB::Dcerpc::Wkssvc::WkstaUserEnumStructure
+    end
+  end
+  describe '#total_entries' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.total_entries).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+  describe '#result_handle' do
+    it 'is a NdrUint32Ptr structure' do
+      expect(packet.result_handle).to be_a RubySMB::Dcerpc::Ndr::NdrUint32Ptr
+    end
+  end
+  describe '#error_status' do
+    it 'is a NdrUint32 structure' do
+      expect(packet.error_status).to be_a RubySMB::Dcerpc::Ndr::NdrUint32
+    end
+  end
+  describe '#initialize_instance' do
+    it 'sets #opnum to NETR_WKSTA_USER_ENUM constant' do
+      expect(packet.opnum).to eq(RubySMB::Dcerpc::Wkssvc::NETR_WKSTA_USER_ENUM)
+    end
+  end
+  it 'reads itself' do
+    packet = described_class.new(
+      user_info: {
+        level: RubySMB::Dcerpc::Wkssvc::WKSTA_USER_INFO_1,
+        info: {
+          wkui1_entries_read: 1,
+          wkui1_buffer: [{
+            wkui1_username: random_str,
+            wkui1_logon_domain: random_str,
+            wkui1_oth_domains: random_str,
+            wkui1_logon_server: random_str
+          }],
+        },
+      },
+      total_entries: 1,
+      result_handle: 0,
+      error_status: 0
+    )
+    binary = packet.to_binary_s
+    expect(described_class.read(binary)).to eq(packet)
+  end
+end

data/spec/lib/ruby_smb/dcerpc/wkssvc_spec.rb

@@ -1,3 +1,11 @@
+RSpec.describe RubySMB::Dcerpc::Wkssvc::WkssvcIdentifyHandle do
+  subject(:packet) { described_class.new }
+
+  it 'is a Ndr::NdrWideStringzPtr' do
+    expect(packet).to be_a(RubySMB::Dcerpc::Ndr::NdrWideStringzPtr)
+  end
+end
+
 RSpec.describe RubySMB::Dcerpc::Wkssvc do
   let(:wkssvc) do
     RubySMB::SMB1::Pipe.new(
@@ -23,7 +31,7 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
     it 'sets the request with the expected values' do
       wkssvc.netr_wksta_get_info
       expect(described_class::NetrWkstaGetInfoRequest).to have_received(:new).with(
-        server_name: "\x00",
+        server_name: '',
         level: described_class::WKSTA_INFO_100
       )
     end
@@ -67,4 +75,53 @@ RSpec.describe RubySMB::Dcerpc::Wkssvc do
       end
     end
   end
+
+  describe '#netr_wksta_user_enum' do
+    let(:wkst_netr_wksta_user_enum_request) { double('NetrWkstaUserEnumRequest') }
+    let(:response) { double('Response') }
+    let(:wkst_netr_wksta_user_enum_response) { double('NetrWkstaUserEnumResponse') }
+    let(:info) { double('info') }
+    before :example do
+      allow(described_class::NetrWkstaUserEnumRequest).to receive(:new).and_return(wkst_netr_wksta_user_enum_request)
+      allow(wkssvc).to receive(:dcerpc_request).and_return(response)
+      allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_return(wkst_netr_wksta_user_enum_response)
+      allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_SUCCESS)
+      allow(wkst_netr_wksta_user_enum_response).to receive_message_chain(:user_info, :info => info)
+    end
+
+    it 'sets the request with the expected values' do
+      wkssvc.netr_wksta_user_enum
+      expect(described_class::NetrWkstaUserEnumRequest).to have_received(:new).with(
+        server_name: '',
+        user_info: {
+          level: described_class::WKSTA_USER_INFO_0,
+          tag: described_class::WKSTA_USER_INFO_0,
+          info: {
+            wkui0_entries_read: 0,
+          },
+        },
+        preferred_max_length: 0xFFFFFFFF,
+        result_handle: 0
+      )
+    end
+    it 'send the expected request structure' do
+      wkssvc.netr_wksta_user_enum
+      expect(wkssvc).to have_received(:dcerpc_request).with(wkst_netr_wksta_user_enum_request)
+    end
+    context 'when an IOError occurs while parsing the response' do
+      it 'raises a RubySMB::Dcerpc::Error::InvalidPacket' do
+        allow(described_class::NetrWkstaUserEnumResponse).to receive(:read).and_raise(IOError)
+        expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::InvalidPacket)
+      end
+    end
+    context 'when the response error status is not WindowsError::Win32::ERROR_SUCCESS' do
+      it 'raises a RubySMB::Dcerpc::Error::WinregError' do
+        allow(wkst_netr_wksta_user_enum_response).to receive(:error_status).and_return(WindowsError::Win32::ERROR_INVALID_DATA)
+        expect { wkssvc.netr_wksta_user_enum }.to raise_error(RubySMB::Dcerpc::Error::WkssvcError)
+      end
+    end
+    it 'returns the expected handler' do
+      expect(wkssvc.netr_wksta_user_enum).to eq(info)
+    end
+  end
 end

data/spec/lib/ruby_smb/gss/provider/ntlm/authenticator_spec.rb

@@ -9,8 +9,11 @@ RSpec.describe RubySMB::Gss::Provider::NTLM::Authenticator do
       msg.domain = domain
     end
   end
+  let(:type2_msg) do
+    Net::NTLM::Message::Type2.new
+  end
   let(:type3_msg) do
-    Net::NTLM::Message::Type2.new.response(user: username, password: '', domain: domain)
+    type2_msg.response({user: username, password: password, domain: domain}, {ntlmv2: true})
   end
 
   before(:each) do
@@ -65,9 +68,121 @@ RSpec.describe RubySMB::Gss::Provider::NTLM::Authenticator do
   end
 
   describe '#process_ntlm_type3' do
-    it 'should process a NTLM type 3 message and return an error code' do
-      expect(authenticator.process_ntlm_type3(type3_msg)).to be_a WindowsError::ErrorCode
-      expect(authenticator.process_ntlm_type3(type3_msg)).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
+    context 'when the message is anonymous' do
+      let(:type3_msg) do
+        type2_msg.response({user: '', password: ''}, {ntlmv2: true})
+      end
+
+      context 'when anonymous access is disabled' do
+        before(:each) do
+          expect(provider).to_not receive(:allow_guests)
+          expect(provider).to receive(:allow_anonymous).and_return(false)
+        end
+
+        it 'should process a NTLM type 3 message and return STATUS_LOGON_FAILURE' do
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to be_nil
+        end
+      end
+
+      context 'when anonymous access is enabled' do
+        before(:each) do
+          expect(provider).to_not receive(:allow_guests)
+          expect(provider).to receive(:allow_anonymous).and_return(true)
+        end
+
+        it 'should process a NTLM type 3 message and return STATUS_SUCCESS' do
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_SUCCESS
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to eq "\x00".b * 16
+        end
+      end
+    end
+
+    context 'when the message is a guest' do
+      let(:type3_msg) do
+        type2_msg.response({user: 'Spencer', password: password}, {ntlmv2: true})
+      end
+
+      context 'when guest access is disabled' do
+        before(:each) do
+          expect(provider).to_not receive(:allow_anonymous)
+          expect(provider).to receive(:allow_guests).and_return(false)
+        end
+
+        it 'should process a NTLM type 3 message and return STATUS_LOGON_FAILURE' do
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to be_nil
+        end
+      end
+
+      context 'when guest access is enabled' do
+        before(:each) do
+          expect(provider).to_not receive(:allow_anonymous)
+          expect(provider).to receive(:allow_guests).and_return(true)
+        end
+
+        it 'should process a NTLM type 3 message and return STATUS_SUCCESS' do
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_SUCCESS
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to eq "\x00".b * 16
+        end
+      end
+    end
+
+    context 'when the message is a known user' do
+      before(:each) do
+        authenticator.instance_variable_set(:@server_challenge, type2_msg[:challenge].serialize)
+      end
+
+      context 'when the password is correct' do
+        it 'should process a NTLM type 3 message and return STATUS_SUCCESS' do
+          type3_msg.user.force_encoding('UTF-16LE')
+          type3_msg.domain.force_encoding('UTF-16LE')
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_SUCCESS
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to be_a String
+          expect(authenticator.session_key.length).to eq 16
+        end
+      end
+
+      context 'when the password is wrong' do
+        let(:type3_msg) do
+          type2_msg.response({user: username, password: 'Wrong' + password, domain: domain}, {ntlmv2: true})
+        end
+
+        it 'should process a NTLM type 3 message and return STATUS_LOGON_FAILURE' do
+          status = authenticator.process_ntlm_type3(type3_msg)
+          expect(status).to be_a WindowsError::ErrorCode
+          expect(status).to eq WindowsError::NTStatus::STATUS_LOGON_FAILURE
+        end
+
+        after(:each) do
+          expect(authenticator.session_key).to be nil
+        end
+      end
     end
   end
 

data/spec/lib/ruby_smb/ntlm/client/session_spec.rb

@@ -24,7 +24,7 @@ RSpec.describe RubySMB::NTLM::Client::Session do
 
     it 'returns a Type3 message' do
       expect(session.authenticate!).to be_a Net::NTLM::Message::Type3
-      expect(session.authenticate!).to be_a RubySMB::NTLM::Message
+      expect(session.authenticate!).to be_a Net::NTLM::Message
     end
 
     context 'when it is anonymous' do