ruby_smb 0.0.21 → 0.0.22
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +0 -0
- data/examples/net_share_enum_all.rb +5 -2
- data/lib/ruby_smb.rb +1 -1
- data/lib/ruby_smb/client.rb +4 -35
- data/lib/ruby_smb/dcerpc.rb +7 -22
- data/lib/ruby_smb/dcerpc/bind.rb +30 -36
- data/lib/ruby_smb/dcerpc/bind_ack.rb +72 -0
- data/lib/ruby_smb/dcerpc/error.rb +15 -0
- data/lib/ruby_smb/dcerpc/ndr.rb +31 -30
- data/lib/ruby_smb/dcerpc/p_syntax_id_t.rb +11 -0
- data/lib/ruby_smb/dcerpc/pdu_header.rb +29 -0
- data/lib/ruby_smb/dcerpc/ptypes.rb +26 -0
- data/lib/ruby_smb/dcerpc/request.rb +17 -30
- data/lib/ruby_smb/dcerpc/response.rb +15 -34
- data/lib/ruby_smb/dcerpc/srvsvc.rb +5 -7
- data/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all.rb +8 -4
- data/lib/ruby_smb/dcerpc/uuid.rb +31 -13
- data/lib/ruby_smb/smb1/bit_field.rb +0 -1
- data/lib/ruby_smb/smb1/bit_field/trans_flags.rb +3 -2
- data/lib/ruby_smb/smb1/data_block.rb +5 -0
- data/lib/ruby_smb/smb1/dcerpc.rb +67 -0
- data/lib/ruby_smb/smb1/packet.rb +1 -0
- data/lib/ruby_smb/smb1/packet/trans.rb +7 -1
- data/lib/ruby_smb/smb1/packet/trans/data_block.rb +19 -7
- data/lib/ruby_smb/smb1/packet/trans/request.rb +36 -25
- data/lib/ruby_smb/smb1/packet/trans/response.rb +22 -21
- data/lib/ruby_smb/smb1/packet/trans/subcommands.rb +1 -0
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request.rb +61 -0
- data/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response.rb +44 -0
- data/lib/ruby_smb/smb1/packet/trans2/request.rb +1 -1
- data/lib/ruby_smb/smb1/pipe.rb +3 -0
- data/lib/ruby_smb/smb2/dcerpc.rb +68 -0
- data/lib/ruby_smb/smb2/pipe.rb +3 -0
- data/lib/ruby_smb/version.rb +1 -1
- data/spec/lib/ruby_smb/client_spec.rb +53 -6
- data/spec/lib/ruby_smb/dcerpc/bind_ack_spec.rb +224 -0
- data/spec/lib/ruby_smb/dcerpc/bind_spec.rb +255 -7
- data/spec/lib/ruby_smb/dcerpc/p_syntax_id_t_spec.rb +31 -0
- data/spec/lib/ruby_smb/dcerpc/pdu_header_spec.rb +84 -0
- data/spec/lib/ruby_smb/dcerpc/request_spec.rb +106 -13
- data/spec/lib/ruby_smb/dcerpc/response_spec.rb +89 -8
- data/spec/lib/ruby_smb/dcerpc/srvsvc/net_share_enum_all_spec.rb +176 -0
- data/spec/lib/ruby_smb/dcerpc/uuid_spec.rb +97 -1
- data/spec/lib/ruby_smb/smb1/data_block_spec.rb +43 -3
- data/spec/lib/ruby_smb/smb1/packet/trans/data_block_spec.rb +137 -0
- data/spec/lib/ruby_smb/smb1/packet/trans/request_spec.rb +239 -13
- data/spec/lib/ruby_smb/smb1/packet/trans/response_spec.rb +122 -13
- data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_request_spec.rb +254 -0
- data/spec/lib/ruby_smb/smb1/packet/trans/transact_nmpipe_response_spec.rb +122 -0
- data/spec/lib/ruby_smb/smb1/packet/trans2/request_spec.rb +2 -2
- data/spec/lib/ruby_smb/smb1/pipe_spec.rb +199 -1
- data/spec/lib/ruby_smb/smb2/file_spec.rb +2 -1
- data/spec/lib/ruby_smb/smb2/pipe_spec.rb +196 -1
- metadata +25 -10
- metadata.gz.sig +0 -0
- data/lib/ruby_smb/dcerpc/handle.rb +0 -60
- data/lib/ruby_smb/smb1/bit_field/trans2_flags.rb +0 -15
- data/spec/lib/ruby_smb/dcerpc/handle_spec.rb +0 -31
- data/spec/lib/ruby_smb/dcerpc/srvsvc_spec.rb +0 -13
- data/spec/lib/ruby_smb/smb1/bit_field/trans2_flags_spec.rb +0 -26
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: d4cb624aedd613aa9611d226c2b8c65016407191
|
4
|
+
data.tar.gz: 8e5ccd06364177fb5250ecb18d54b3e10c8f860b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 54aa6c64d27071a61c523a9e78e4cf041b9d562b6337f04e7249e6cd13c756dbc2469dfc6dc0fc637d9f71dad83c4c36bcbb422c9c3065790b67ace8e8233384
|
7
|
+
data.tar.gz: 253fc4162a39697d3ffd237d6e4a33b222573df2195973c5c2f5fa3f602a3ee3f98ee20e32dbaa28424ddd923336b3ad37c196888f3b97eaecd36af6ce650e10
|
checksums.yaml.gz.sig
CHANGED
Binary file
|
data.tar.gz.sig
CHANGED
Binary file
|
@@ -16,7 +16,7 @@ path = "\\\\#{address}\\IPC$"
|
|
16
16
|
sock = TCPSocket.new address, 445
|
17
17
|
dispatcher = RubySMB::Dispatcher::Socket.new(sock, read_timeout: 60)
|
18
18
|
|
19
|
-
client = RubySMB::Client.new(dispatcher, smb1:
|
19
|
+
client = RubySMB::Client.new(dispatcher, smb1: true, smb2: true, username: username, password: password)
|
20
20
|
protocol = client.negotiate
|
21
21
|
status = client.authenticate
|
22
22
|
|
@@ -27,4 +27,7 @@ begin
|
|
27
27
|
puts shares
|
28
28
|
rescue => e
|
29
29
|
puts "failed to enum shares: #{e.message}, #{e.backtrace_locations}"
|
30
|
-
end
|
30
|
+
end
|
31
|
+
|
32
|
+
client.disconnect!
|
33
|
+
|
data/lib/ruby_smb.rb
CHANGED
@@ -8,6 +8,7 @@ require 'windows_error/nt_status'
|
|
8
8
|
# [[MS-SMB] Server Mesage Block (SMB) Protocol Version 1](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
|
9
9
|
# [[MS-SMB2] Server Mesage Block (SMB) Protocol Versions 2 and 3](https://msdn.microsoft.com/en-us/library/cc246482.aspx)
|
10
10
|
module RubySMB
|
11
|
+
require 'ruby_smb/error'
|
11
12
|
require 'ruby_smb/dispositions'
|
12
13
|
require 'ruby_smb/impersonation_levels'
|
13
14
|
require 'ruby_smb/gss'
|
@@ -17,7 +18,6 @@ module RubySMB
|
|
17
18
|
require 'ruby_smb/dcerpc'
|
18
19
|
require 'ruby_smb/generic_packet'
|
19
20
|
require 'ruby_smb/dispatcher'
|
20
|
-
require 'ruby_smb/error'
|
21
21
|
require 'ruby_smb/version'
|
22
22
|
require 'ruby_smb/version'
|
23
23
|
require 'ruby_smb/smb2'
|
data/lib/ruby_smb/client.rb
CHANGED
@@ -357,41 +357,9 @@ module RubySMB
|
|
357
357
|
# @return [Array] of shares
|
358
358
|
# @param [String] host
|
359
359
|
def net_share_enum_all(host)
|
360
|
-
if smb2
|
361
|
-
smb2_net_share_enum_all(host)
|
362
|
-
else
|
363
|
-
smb1_net_share_enum_all(host)
|
364
|
-
end
|
365
|
-
end
|
366
|
-
|
367
|
-
#
|
368
|
-
# SMB2 Methods
|
369
|
-
#
|
370
|
-
|
371
|
-
# Sends a request to connect to a remote host and returns the Array
|
372
|
-
# of shares
|
373
|
-
#
|
374
|
-
# @return [Array] List of shares
|
375
|
-
# @param [String] host
|
376
|
-
def smb2_net_share_enum_all(host)
|
377
|
-
|
378
360
|
tree = tree_connect("\\\\#{host}\\IPC$")
|
379
|
-
|
380
|
-
named_pipe
|
381
|
-
write: true,
|
382
|
-
read: true,
|
383
|
-
disposition: RubySMB::Dispositions::FILE_OPEN_IF)
|
384
|
-
|
385
|
-
handle = Dcerpc::Handle.new(named_pipe)
|
386
|
-
|
387
|
-
handle.bind(endpoint: Dcerpc::Srvsvc)
|
388
|
-
handle.request(
|
389
|
-
opnum: Dcerpc::Srvsvc::NetShareEnumAll::Opnum,
|
390
|
-
stub: Dcerpc::Srvsvc::NetShareEnumAll,
|
391
|
-
options:{host: host}
|
392
|
-
)
|
393
|
-
shares = Dcerpc::Srvsvc::NetShareEnumAll.parse_response(handle.response)
|
394
|
-
shares.map{|s|{name: s[0], type: s[1], comment: s[2]}}
|
361
|
+
named_pipe = tree.open_file(filename: "srvsvc", write: true, read: true)
|
362
|
+
named_pipe.net_share_enum_all(host)
|
395
363
|
end
|
396
364
|
|
397
365
|
# Resets all of the session state on the client, setting it
|
@@ -420,7 +388,8 @@ module RubySMB
|
|
420
388
|
session_request.session_header.session_packet_type = RubySMB::Nbss::SESSION_REQUEST
|
421
389
|
session_request.called_name = "\x20#{encoded_called_name}\x00"
|
422
390
|
session_request.calling_name = "\x20#{encoded_calling_name}\x00"
|
423
|
-
session_request.session_header.packet_length =
|
391
|
+
session_request.session_header.packet_length =
|
392
|
+
session_request.num_bytes - session_request.session_header.num_bytes
|
424
393
|
|
425
394
|
dispatcher.send_packet(session_request, nbss_header: false)
|
426
395
|
raw_response = dispatcher.recv_packet(full_response: true)
|
data/lib/ruby_smb/dcerpc.rb
CHANGED
@@ -1,30 +1,15 @@
|
|
1
1
|
module RubySMB
|
2
|
-
# DCERPC PDU's
|
3
|
-
# http://pubs.opengroup.org/onlinepubs/9629399/
|
4
2
|
module Dcerpc
|
5
|
-
|
6
|
-
class PduHeader < BinData::Record
|
7
|
-
endian :little
|
8
|
-
|
9
|
-
#common fields
|
10
|
-
uint8 :rpc_vers # 00:01 RPC version
|
11
|
-
uint8 :rpc_vers_minor # 01:01 minor version
|
12
|
-
uint8 :ptype # 02:01 request PDU
|
13
|
-
uint8 :pfc_flags # 03:01 flags
|
14
|
-
|
15
|
-
uint32 :packed_drep # 04:04 NDR data rep format label
|
16
|
-
|
17
|
-
uint16 :frag_length # 08:02 total length of fragment
|
18
|
-
uint16 :auth_length # 10:02 length of auth_value
|
19
|
-
uint32 :call_id # 12:04 call identifier
|
20
|
-
end
|
21
|
-
|
3
|
+
require 'ruby_smb/dcerpc/error'
|
22
4
|
require 'ruby_smb/dcerpc/uuid'
|
23
5
|
require 'ruby_smb/dcerpc/ndr'
|
6
|
+
require 'ruby_smb/dcerpc/ptypes'
|
7
|
+
require 'ruby_smb/dcerpc/p_syntax_id_t'
|
8
|
+
require 'ruby_smb/dcerpc/pdu_header'
|
9
|
+
require 'ruby_smb/dcerpc/srvsvc'
|
24
10
|
require 'ruby_smb/dcerpc/request'
|
25
11
|
require 'ruby_smb/dcerpc/response'
|
26
|
-
require 'ruby_smb/dcerpc/handle'
|
27
|
-
require 'ruby_smb/dcerpc/srvsvc'
|
28
12
|
require 'ruby_smb/dcerpc/bind'
|
13
|
+
require 'ruby_smb/dcerpc/bind_ack'
|
29
14
|
end
|
30
|
-
end
|
15
|
+
end
|
data/lib/ruby_smb/dcerpc/bind.rb
CHANGED
@@ -1,60 +1,54 @@
|
|
1
1
|
module RubySMB
|
2
2
|
module Dcerpc
|
3
|
-
# The
|
4
|
-
# http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm
|
5
|
-
|
3
|
+
# The Bind PDU as defined in
|
4
|
+
# [The bind PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_03)
|
6
5
|
class PContElemT < BinData::Record
|
7
6
|
endian :little
|
8
7
|
|
9
|
-
uint16 :p_cont_id
|
10
|
-
uint8 :n_transfer_syn, initial_value: 1
|
8
|
+
uint16 :p_cont_id, label: 'Context ID'
|
9
|
+
uint8 :n_transfer_syn, label: 'Number of transfer syntaxes', initial_value: 1
|
11
10
|
uint8 :reserved
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
11
|
+
p_syntax_id_t :abstract_syntax, label: 'Abstract syntax',
|
12
|
+
uuid: -> { endpoint::UUID },
|
13
|
+
ver_major: -> { endpoint::VER_MAJOR },
|
14
|
+
ver_minor: -> { endpoint::VER_MINOR }
|
15
|
+
array :transfer_syntaxes, label: 'Transfer syntax', type: :p_syntax_id_t,
|
16
|
+
initial_length: -> { n_transfer_syn },
|
17
|
+
uuid: -> { Ndr::UUID },
|
18
|
+
ver_major: -> { Ndr::VER_MAJOR },
|
19
|
+
ver_minor: -> { Ndr::VER_MINOR }
|
16
20
|
end
|
17
21
|
|
18
22
|
class PContListT < BinData::Record
|
19
23
|
endian :little
|
20
24
|
|
21
|
-
uint8 :n_context_elem, initial_value: -> { 1 }
|
25
|
+
uint8 :n_context_elem, label: 'Number of context elements', initial_value: -> { 1 }
|
22
26
|
uint8 :reserved
|
23
27
|
uint16 :reserved2
|
24
|
-
array :p_cont_elem,
|
25
|
-
|
28
|
+
array :p_cont_elem, label: 'Presentation context elements', type: :p_cont_elem_t,
|
29
|
+
initial_length: -> {n_context_elem},
|
30
|
+
endpoint: -> {endpoint}
|
26
31
|
end
|
27
32
|
|
28
33
|
class Bind < BinData::Record
|
29
34
|
endian :little
|
30
35
|
|
31
|
-
|
32
|
-
uint8 :rpc_vers_minor, label: 'minor version'
|
33
|
-
uint8 :ptype, label: 'bind PDU', initial_value: 11
|
34
|
-
#uint8 :pfc_flags, label: 'flags', initial_value: 0x03
|
35
|
-
struct :pfc_flags do
|
36
|
-
bit1 :object
|
37
|
-
bit1 :maybe
|
38
|
-
bit1 :did_not_execute
|
39
|
-
bit1 :multiplex
|
40
|
-
bit1 :reserved
|
41
|
-
bit1 :cancel
|
42
|
-
bit1 :last_frag, initial_value: 1
|
43
|
-
bit1 :first_frag, initial_value: 1
|
44
|
-
end
|
45
|
-
|
46
|
-
uint32 :packed_drep, label: 'NDR data rep format label', initial_value: 16
|
36
|
+
pdu_header :pdu_header, label: 'PDU header'
|
47
37
|
|
48
|
-
uint16 :
|
49
|
-
uint16 :
|
50
|
-
uint32 :
|
38
|
+
uint16 :max_xmit_frag, label: 'max transmit frag size', initial_value: 0xFFFF
|
39
|
+
uint16 :max_recv_frag, label: 'max receive frag size', initial_value: 0xFFFF
|
40
|
+
uint32 :assoc_group_id, label: 'ncarnation of client-server assoc group'
|
51
41
|
|
52
|
-
|
53
|
-
|
54
|
-
|
42
|
+
p_cont_list_t :p_context_list, label: 'Presentation context list', endpoint: -> { endpoint }
|
43
|
+
string :auth_verifier, label: 'Authentication verifier',
|
44
|
+
onlyif: -> { pdu_header.auth_length > 0 },
|
45
|
+
read_length: -> { pdu_header.auth_length }
|
55
46
|
|
56
|
-
|
57
|
-
|
47
|
+
def initialize_instance
|
48
|
+
super
|
49
|
+
pdu_header.ptype = RubySMB::Dcerpc::PTypes::BIND
|
50
|
+
end
|
58
51
|
end
|
59
52
|
end
|
60
53
|
end
|
54
|
+
|
@@ -0,0 +1,72 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
# The Bind ACK PDU as defined in
|
4
|
+
# [The bind_ack PDU](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_04_04)
|
5
|
+
|
6
|
+
class PResultT < BinData::Record
|
7
|
+
endian :little
|
8
|
+
|
9
|
+
uint16 :result, label: 'Presentation context negotiation results'
|
10
|
+
uint16 :reason, label: 'Rejection reason'
|
11
|
+
p_syntax_id_t :transfer_syntax, label: 'Presentation syntax ID',
|
12
|
+
uuid: -> { Ndr::UUID },
|
13
|
+
ver_major: -> { Ndr::VER_MAJOR },
|
14
|
+
ver_minor: -> { Ndr::VER_MINOR }
|
15
|
+
end
|
16
|
+
|
17
|
+
class PResultListT < BinData::Record
|
18
|
+
endian :little
|
19
|
+
|
20
|
+
uint8 :n_results, label: 'Number of results'
|
21
|
+
uint8 :reserved
|
22
|
+
uint16 :reserved2
|
23
|
+
array :p_results, label: 'Results', type: :p_result_t, initial_length: -> { n_results }
|
24
|
+
end
|
25
|
+
|
26
|
+
class PortAnyT < BinData::Record
|
27
|
+
endian :little
|
28
|
+
|
29
|
+
uint16 :str_length, label: 'Length', initial_value: -> { port_spec.to_binary_s.size }
|
30
|
+
stringz :port_spec, label: 'Port string spec'
|
31
|
+
end
|
32
|
+
|
33
|
+
class BindAck < BinData::Record
|
34
|
+
# Presentation context negotiation results
|
35
|
+
ACCEPTANCE = 0
|
36
|
+
USER_REJECTION = 1
|
37
|
+
PROVIDER_REJECTION = 2
|
38
|
+
|
39
|
+
# Reasons for rejection of a context element
|
40
|
+
REASON_NOT_SPECIFIED = 0
|
41
|
+
ABSTRACT_SYNTAX_NOT_SUPPORTED = 1
|
42
|
+
PROPOSED_TRANSFER_SYNTAXES_NOT_SUPPORTED = 2
|
43
|
+
LOCAL_LIMIT_EXCEEDED = 3
|
44
|
+
|
45
|
+
endian :little
|
46
|
+
|
47
|
+
pdu_header :pdu_header, label: 'PDU header'
|
48
|
+
|
49
|
+
uint16 :max_xmit_frag, label: 'Max transmit frag size', initial_value: 0xFFFF
|
50
|
+
uint16 :max_recv_frag, label: 'Max receive frag size', initial_value: 0xFFFF
|
51
|
+
uint32 :assoc_group_id, label: 'Association group ID'
|
52
|
+
port_any_t :sec_addr, label: 'Secondary address'
|
53
|
+
string :pad, length: -> { pad_length }
|
54
|
+
|
55
|
+
p_result_list_t :p_result_list, label: 'Presentation context result list'
|
56
|
+
string :auth_verifier, label: 'Authentication verifier',
|
57
|
+
onlyif: -> { pdu_header.auth_length > 0 },
|
58
|
+
read_length: -> { pdu_header.auth_length }
|
59
|
+
|
60
|
+
def initialize_instance
|
61
|
+
super
|
62
|
+
pdu_header.ptype = RubySMB::Dcerpc::PTypes::BIND_ACK
|
63
|
+
end
|
64
|
+
|
65
|
+
def pad_length
|
66
|
+
offset = (sec_addr.abs_offset + sec_addr.do_num_bytes) % 4
|
67
|
+
(4 - offset) % 4
|
68
|
+
end
|
69
|
+
end
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
@@ -0,0 +1,15 @@
|
|
1
|
+
module RubySMB
|
2
|
+
# Contains all the DCERPC specific Error classes.
|
3
|
+
module Dcerpc
|
4
|
+
module Error
|
5
|
+
# Base class for DCERPC errors
|
6
|
+
class DcerpcError < RubySMB::Error::RubySMBError; end
|
7
|
+
|
8
|
+
# Raised when The Bind operation fails
|
9
|
+
class BindError < DcerpcError; end
|
10
|
+
|
11
|
+
# Raised when an invalid packet is received
|
12
|
+
class InvalidPacket < DcerpcError; end
|
13
|
+
end
|
14
|
+
end
|
15
|
+
end
|
data/lib/ruby_smb/dcerpc/ndr.rb
CHANGED
@@ -1,41 +1,42 @@
|
|
1
1
|
module RubySMB
|
2
2
|
module Dcerpc
|
3
|
-
|
4
|
-
|
5
|
-
|
6
|
-
|
7
|
-
|
8
|
-
|
9
|
-
|
10
|
-
|
11
|
-
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
3
|
+
module Ndr
|
4
|
+
|
5
|
+
# NDR Syntax
|
6
|
+
UUID = '8a885d04-1ceb-11c9-9fe8-08002b104860'
|
7
|
+
VER_MAJOR = 2
|
8
|
+
VER_MINOR = 0
|
9
|
+
|
10
|
+
class NdrString < BinData::Record
|
11
|
+
endian :little
|
12
|
+
|
13
|
+
uint32 :max_count, initial_value: -> { str.length }
|
14
|
+
uint32 :offset, initial_value: 0
|
15
|
+
uint32 :actual_count, initial_value: -> { str.length }
|
16
|
+
stringz16 :str, read_length: -> { actual_count }
|
17
|
+
|
18
|
+
def assign(v)
|
19
|
+
self.max_count = v.size
|
20
|
+
self.actual_count = v.size
|
21
|
+
self.str = v
|
22
|
+
end
|
23
23
|
end
|
24
|
-
end
|
25
24
|
|
26
|
-
|
27
|
-
|
25
|
+
class NdrLpStr < BinData::Record
|
26
|
+
endian :little
|
28
27
|
|
29
|
-
|
30
|
-
|
28
|
+
uint32 :referent_identifier
|
29
|
+
ndr_string :ndr_str
|
31
30
|
|
32
|
-
|
33
|
-
|
34
|
-
|
31
|
+
def assign(v)
|
32
|
+
self.ndr_str = v
|
33
|
+
end
|
35
34
|
|
36
|
-
|
37
|
-
|
35
|
+
def to_s
|
36
|
+
self.ndr_str.str
|
37
|
+
end
|
38
38
|
end
|
39
39
|
end
|
40
40
|
end
|
41
|
+
|
41
42
|
end
|
@@ -0,0 +1,11 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
class PSyntaxIdT < BinData::Record
|
4
|
+
endian :little
|
5
|
+
|
6
|
+
uuid :if_uuid, initial_value: -> { uuid }
|
7
|
+
uint16 :if_ver_major, initial_value: -> { ver_major }
|
8
|
+
uint16 :if_ver_minor, initial_value: -> { ver_minor }
|
9
|
+
end
|
10
|
+
end
|
11
|
+
end
|
@@ -0,0 +1,29 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
# The common header fields for connection-oriented PDU's as defined in
|
4
|
+
# [Connection-oriented PDU Data Types](http://pubs.opengroup.org/onlinepubs/9629399/chap12.htm#tagcjh_17_06_03)
|
5
|
+
class PDUHeader < BinData::Record
|
6
|
+
endian :little
|
7
|
+
|
8
|
+
uint8 :rpc_vers, label: 'RPC version', initial_value: 5
|
9
|
+
uint8 :rpc_vers_minor, label: 'Minor version'
|
10
|
+
uint8 :ptype, label: 'PDU type'
|
11
|
+
|
12
|
+
struct :pfc_flags do
|
13
|
+
bit1 :object_uuid, label: 'Object UUID'
|
14
|
+
bit1 :maybe, label: 'Maybe call semantics'
|
15
|
+
bit1 :did_not_execute, label: 'Did not execute'
|
16
|
+
bit1 :conc_mpx, label: 'Concurrent multiplexing'
|
17
|
+
bit1 :reserved_1, label: 'Reserved'
|
18
|
+
bit1 :pending_cancel, label: 'Pending cancel'
|
19
|
+
bit1 :last_frag, label: 'Last fragment', initial_value: 1
|
20
|
+
bit1 :first_frag, label: 'First fragment', initial_value: 1
|
21
|
+
end
|
22
|
+
|
23
|
+
uint32 :packed_drep, label: 'NDR data representation format label', initial_value: 0x10
|
24
|
+
uint16 :frag_length, label: 'Total length of fragment', initial_value: -> { parent.do_num_bytes }
|
25
|
+
uint16 :auth_length, label: 'Length of auth_value'
|
26
|
+
uint32 :call_id, label: 'Call identifier', initial_value: 1
|
27
|
+
end
|
28
|
+
end
|
29
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module RubySMB
|
2
|
+
module Dcerpc
|
3
|
+
module PTypes
|
4
|
+
REQUEST = 0
|
5
|
+
PING = 1
|
6
|
+
RESPONSE = 2
|
7
|
+
FAULT = 3
|
8
|
+
WORKING = 4
|
9
|
+
NOCALL = 5
|
10
|
+
REJECT = 6
|
11
|
+
ACK = 7
|
12
|
+
CL_CANCEL = 8
|
13
|
+
FACK = 9
|
14
|
+
CANCEL_ACK = 10
|
15
|
+
BIND = 11
|
16
|
+
BIND_ACK = 12
|
17
|
+
BIND_NAK = 13
|
18
|
+
ALTER_CONTEXT = 14
|
19
|
+
ALTER_CONTEXT_RESP = 15
|
20
|
+
SHUTDOWN = 17
|
21
|
+
CO_CANCEL = 18
|
22
|
+
ORPHANED = 19
|
23
|
+
end
|
24
|
+
end
|
25
|
+
end
|
26
|
+
|