ruby_smb 2.0.1 → 2.0.2

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: a683fe9443f70b1f4e7dc98d02d7f4deaf785ae94097752696c516977bc3a36a
4
- data.tar.gz: 5e74a2b2daaedb9b2f096ef05fcd5465a9caa1b9672af6e42d13f18b70e47110
3
+ metadata.gz: e93c38e303cd6e34066d103fd2da4a21c760016778e221491f690d57f628e408
4
+ data.tar.gz: 5dfe1d3f1febbc197eb9cd4c4fe203a9b0d04a576e10d1aff4812dca5fcd4f4b
5
5
  SHA512:
6
- metadata.gz: efaaf45fb9fb49bd37a3f45681800f26437efdd76bd6b06ee763768c3674292fe3e7bc35946a489300a3d696a7f060cad2802335aabfd766dd6bc8dd9f503fdd
7
- data.tar.gz: cef65fae806b5b6bce656ef799f5ca4376a0cc71e1ad5746ddaf44898652580ce990d728960b2a4767898d1e7ebcb8e12d997919123b4cbc4a2d113c7db57822
6
+ metadata.gz: 915802d1d3685aa46074e721dc226f66904e9942654cceae5b3fd701be533f00057ef9d554edaaaad115754c4a75cad5c5ac09c53a11895658897ce5326236a1
7
+ data.tar.gz: 1f78090e799579e6f3a4dd6639cf20a88b89ed865157479e6634f55388125db05e7698117e66effde3e30bfaae98750a6230a8eb1ec057777339a70412390878
Binary file
data.tar.gz.sig CHANGED
Binary file
@@ -18,11 +18,9 @@ module RubySMB
18
18
  # This is only valid for SMB1.
19
19
  response_packet.dialects = request_packet.dialects if response_packet.respond_to? :dialects=
20
20
  version = parse_negotiate_response(response_packet)
21
- case @dialect
22
- when '0x0300', '0x0302'
23
- @encryption_algorithm = RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM]
24
- when '0x0311'
25
- parse_smb3_encryption_data(request_packet, response_packet)
21
+ if @dialect == '0x0311'
22
+ update_preauth_hash(request_packet)
23
+ update_preauth_hash(response_packet)
26
24
  end
27
25
 
28
26
  # If the response contains the SMB2 wildcard revision number dialect;
@@ -123,14 +121,13 @@ module RubySMB
123
121
  # protocol overhead every time.
124
122
  self.server_max_buffer_size = packet.parameter_block.max_buffer_size - 260
125
123
  self.negotiated_smb_version = 1
124
+ self.session_encrypt_data = false
126
125
  'SMB1'
127
126
  when RubySMB::SMB2::Packet::NegotiateResponse
128
127
  self.smb1 = false
129
128
  unless packet.dialect_revision.to_i == 0x02ff
130
129
  self.smb2 = packet.dialect_revision.to_i >= 0x0200 && packet.dialect_revision.to_i < 0x0300
131
130
  self.smb3 = packet.dialect_revision.to_i >= 0x0300 && packet.dialect_revision.to_i < 0x0400
132
- # Only enable session encryption if the server supports it
133
- @session_encrypt_data = self.smb3 && @session_encrypt_data && packet.capabilities.encryption == 1
134
131
  end
135
132
  self.signing_required = packet.security_mode.signing_required == 1 if self.smb2 || self.smb3
136
133
  self.dialect = "0x%04x" % packet.dialect_revision
@@ -143,6 +140,19 @@ module RubySMB
143
140
  self.server_guid = packet.server_guid
144
141
  self.server_start_time = packet.server_start_time.to_time if packet.server_start_time != 0
145
142
  self.server_system_time = packet.system_time.to_time if packet.system_time != 0
143
+ case self.dialect
144
+ when '0x02ff'
145
+ when '0x0300', '0x0302'
146
+ if packet&.capabilities&.encryption == 1
147
+ self.encryption_algorithm = RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM]
148
+ end
149
+ self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
150
+ when '0x0311'
151
+ parse_smb3_capabilities(packet)
152
+ self.session_encrypt_data = self.session_encrypt_data && !self.encryption_algorithm.nil?
153
+ else
154
+ self.session_encrypt_data = false
155
+ end
146
156
  return "SMB#{self.negotiated_smb_version}"
147
157
  else
148
158
  error = 'Unable to negotiate with remote host'
@@ -155,7 +165,7 @@ module RubySMB
155
165
  end
156
166
  end
157
167
 
158
- def parse_smb3_encryption_data(request_packet, response_packet)
168
+ def parse_smb3_capabilities(response_packet)
159
169
  nc = response_packet.find_negotiate_context(
160
170
  RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
161
171
  )
@@ -185,8 +195,6 @@ module RubySMB
185
195
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
186
196
  )
187
197
  end
188
- update_preauth_hash(request_packet)
189
- update_preauth_hash(response_packet)
190
198
 
191
199
  nc = response_packet.find_negotiate_context(
192
200
  RubySMB::SMB2::NegotiateContext::SMB2_COMPRESSION_CAPABILITIES
@@ -1,3 +1,3 @@
1
1
  module RubySMB
2
- VERSION = '2.0.1'.freeze
2
+ VERSION = '2.0.2'.freeze
3
3
  end
@@ -1065,6 +1065,11 @@ RSpec.describe RubySMB::Client do
1065
1065
  smb3_response.capabilities.encryption = 1
1066
1066
  end
1067
1067
 
1068
+ it 'sets the expected encryption algorithm' do
1069
+ client.parse_negotiate_response(smb3_response)
1070
+ expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
1071
+ end
1072
+
1068
1073
  it 'keeps session encryption enabled if it was already' do
1069
1074
  client.session_encrypt_data = true
1070
1075
  client.parse_negotiate_response(smb3_response)
@@ -1166,26 +1171,15 @@ RSpec.describe RubySMB::Client do
1166
1171
  end
1167
1172
  end
1168
1173
 
1169
- ['0x0300', '0x0302'].each do |dialect|
1170
- context "with #{dialect} dialect" do
1171
- before :example do
1172
- client.dialect = dialect
1173
- end
1174
-
1175
- it 'sets the expected encryption algorithm' do
1176
- client.negotiate
1177
- expect(client.encryption_algorithm).to eq(RubySMB::SMB2::EncryptionCapabilities::ENCRYPTION_ALGORITHM_MAP[RubySMB::SMB2::EncryptionCapabilities::AES_128_CCM])
1178
- end
1179
- end
1180
- end
1181
-
1182
1174
  context "with 0x0311 dialect" do
1183
- it 'calls #parse_smb3_encryption_data' do
1175
+ it 'calls #parse_negotiate_response and updates the preauth hash' do
1184
1176
  client.dialect = '0x0311'
1185
1177
  request_packet = client.smb2_3_negotiate_request
1186
1178
  allow(client).to receive(:negotiate_request).and_return(request_packet)
1187
1179
  allow(client).to receive(:negotiate_response).and_return(smb3_response)
1188
- expect(client).to receive(:parse_smb3_encryption_data).with(request_packet, smb3_response)
1180
+ expect(client).to receive(:parse_negotiate_response).with(smb3_response)
1181
+ expect(client).to receive(:update_preauth_hash).with(request_packet)
1182
+ expect(client).to receive(:update_preauth_hash).with(smb3_response)
1189
1183
  client.negotiate
1190
1184
  end
1191
1185
  end
@@ -1258,7 +1252,7 @@ RSpec.describe RubySMB::Client do
1258
1252
  end
1259
1253
  end
1260
1254
 
1261
- describe '#parse_smb3_encryption_data' do
1255
+ describe '#parse_smb3_capabilities' do
1262
1256
  let(:request_packet) { client.smb2_3_negotiate_request }
1263
1257
  let(:smb3_response) { RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311) }
1264
1258
  let(:nc_encryption) do
@@ -1285,7 +1279,7 @@ RSpec.describe RubySMB::Client do
1285
1279
  context 'when selecting the integrity hash algorithm' do
1286
1280
  context 'with one algorithm' do
1287
1281
  it 'selects the expected algorithm' do
1288
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1282
+ smb3_client.parse_smb3_capabilities(smb3_response)
1289
1283
  expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
1290
1284
  end
1291
1285
  end
@@ -1296,7 +1290,7 @@ RSpec.describe RubySMB::Client do
1296
1290
  RubySMB::SMB2::NegotiateContext::SMB2_PREAUTH_INTEGRITY_CAPABILITIES
1297
1291
  )
1298
1292
  nc.data.hash_algorithms << 3
1299
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1293
+ smb3_client.parse_smb3_capabilities(smb3_response)
1300
1294
  expect(smb3_client.preauth_integrity_hash_algorithm).to eq('SHA512')
1301
1295
  end
1302
1296
  end
@@ -1305,7 +1299,7 @@ RSpec.describe RubySMB::Client do
1305
1299
  it 'raises the expected exception' do
1306
1300
  smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
1307
1301
  smb3_response.add_negotiate_context(nc_encryption)
1308
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1302
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1309
1303
  RubySMB::Error::EncryptionError,
1310
1304
  'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
1311
1305
  )
@@ -1321,7 +1315,7 @@ RSpec.describe RubySMB::Client do
1321
1315
  )
1322
1316
  nc.data.hash_algorithms << 5
1323
1317
  smb3_response.add_negotiate_context(nc)
1324
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1318
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1325
1319
  RubySMB::Error::EncryptionError,
1326
1320
  'Unable to retrieve the Preauth Integrity Hash Algorithm from the Negotiate response'
1327
1321
  )
@@ -1332,7 +1326,7 @@ RSpec.describe RubySMB::Client do
1332
1326
  context 'when selecting the encryption algorithm' do
1333
1327
  context 'with one algorithm' do
1334
1328
  it 'selects the expected algorithm' do
1335
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1329
+ smb3_client.parse_smb3_capabilities(smb3_response)
1336
1330
  expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
1337
1331
  end
1338
1332
  end
@@ -1343,7 +1337,7 @@ RSpec.describe RubySMB::Client do
1343
1337
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1344
1338
  )
1345
1339
  nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
1346
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1340
+ smb3_client.parse_smb3_capabilities(smb3_response)
1347
1341
  expect(smb3_client.encryption_algorithm).to eq('AES-128-GCM')
1348
1342
  end
1349
1343
 
@@ -1352,7 +1346,7 @@ RSpec.describe RubySMB::Client do
1352
1346
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1353
1347
  )
1354
1348
  nc.data.ciphers << 3
1355
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1349
+ smb3_client.parse_smb3_capabilities(smb3_response)
1356
1350
  expect(smb3_client.encryption_algorithm).to eq('AES-128-CCM')
1357
1351
  end
1358
1352
 
@@ -1361,7 +1355,7 @@ RSpec.describe RubySMB::Client do
1361
1355
  RubySMB::SMB2::NegotiateContext::SMB2_ENCRYPTION_CAPABILITIES
1362
1356
  )
1363
1357
  nc.data.ciphers << RubySMB::SMB2::EncryptionCapabilities::AES_128_GCM
1364
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1358
+ smb3_client.parse_smb3_capabilities(smb3_response)
1365
1359
  expect(smb3_client.server_encryption_algorithms).to eq([1, 2])
1366
1360
  end
1367
1361
  end
@@ -1370,7 +1364,7 @@ RSpec.describe RubySMB::Client do
1370
1364
  it 'raises the expected exception' do
1371
1365
  smb3_response = RubySMB::SMB2::Packet::NegotiateResponse.new(dialect_revision: 0x311)
1372
1366
  smb3_response.add_negotiate_context(nc_integrity)
1373
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1367
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1374
1368
  RubySMB::Error::EncryptionError,
1375
1369
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
1376
1370
  )
@@ -1386,7 +1380,7 @@ RSpec.describe RubySMB::Client do
1386
1380
  )
1387
1381
  nc.data.ciphers << 14
1388
1382
  smb3_response.add_negotiate_context(nc)
1389
- expect { smb3_client.parse_smb3_encryption_data(request_packet, smb3_response) }.to raise_error(
1383
+ expect { smb3_client.parse_smb3_capabilities(smb3_response) }.to raise_error(
1390
1384
  RubySMB::Error::EncryptionError,
1391
1385
  'Unable to retrieve the encryption cipher list supported by the server from the Negotiate response'
1392
1386
  )
@@ -1404,16 +1398,10 @@ RSpec.describe RubySMB::Client do
1404
1398
  nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::LZ77_Huffman
1405
1399
  nc.data.compression_algorithms << RubySMB::SMB2::CompressionCapabilities::Pattern_V1
1406
1400
  smb3_response.add_negotiate_context(nc)
1407
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1401
+ smb3_client.parse_smb3_capabilities(smb3_response)
1408
1402
  expect(smb3_client.server_compression_algorithms).to eq([1, 2, 3, 4])
1409
1403
  end
1410
1404
  end
1411
-
1412
- it 'updates the preauth hash' do
1413
- expect(smb3_client).to receive(:update_preauth_hash).with(request_packet)
1414
- expect(smb3_client).to receive(:update_preauth_hash).with(smb3_response)
1415
- smb3_client.parse_smb3_encryption_data(request_packet, smb3_response)
1416
- end
1417
1405
  end
1418
1406
  end
1419
1407
  end
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: ruby_smb
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.0.1
4
+ version: 2.0.2
5
5
  platform: ruby
6
6
  authors:
7
7
  - Metasploit Hackers
@@ -97,7 +97,7 @@ cert_chain:
97
97
  JI/W23RbIRksG2pioMhd4dCXq3FLLlkOV1YfCwWixNB+iIhQPPZVaPNfgPhCn4Dt
98
98
  DeGjje/qA4fkLtRmOtb9PUBq3ToRDE4=
99
99
  -----END CERTIFICATE-----
100
- date: 2020-06-19 00:00:00.000000000 Z
100
+ date: 2020-06-23 00:00:00.000000000 Z
101
101
  dependencies:
102
102
  - !ruby/object:Gem::Dependency
103
103
  name: redcarpet
metadata.gz.sig CHANGED
Binary file