RubyGems - ruby_smb - Versions diffs - 3.3.7 → 3.3.8 - Mend

ruby_smb 3.3.7 → 3.3.8

Files changed (35) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 228afeef84601354373c132ceaa48341ed9f5f4bbab4e625c37d2f2d71864146
-  data.tar.gz: 71512d0529ba352d0cc0ee7c27a27e03116d50f31801beed3fd04cb19e73f4ff
+  metadata.gz: 25bedacb57d3950d1ee6f3bbf731007c4e1f0bd2b8e3f38582679a5cd867793f
+  data.tar.gz: 1369c85136ad8336371ee55c1f8d90f0e85001b2c0d9e01e46b87e9b382ded16
 SHA512:
-  metadata.gz: 3c7dede328c8d637b9088da518649deba6d758a1093e3591bb0cd9e2f4c458a5c5a82a37640aa14523586aa6e83b61d59d4fab21d3fa33739c47d687367cede3
-  data.tar.gz: 6c72f0673379264f71a55935dec05f13f195614c9cd8d6f44935687ab028545e233496ad04f4157a07d1f5f74092fac8dd43f69713d2ac1aeeb7006a12c47e21
+  metadata.gz: 66d3566b68b64d0dc2ff8f58b373d8b6026b4980fcccb4b24c6263f59376373dadbc0b52c531ba5c212b255937d34dd281ce827eec111d0e7ef0b1a6dd5973f1
+  data.tar.gz: 8cee7210c06f8e603342b69706c2779f3e9fef2d46146505154b00bc91d6cc7dbad37735e5e6ae4ac6fac256b0ba6eaf3dda15185c161e992a12bab3b3a91bb1

checksums.yaml.gz.sig CHANGED Viewed

Binary file

data/README.md CHANGED Viewed

@@ -286,6 +286,20 @@ Configure Wireshark in Debian-based systems to be able to capture traffic withou
 - `sudo python setup.py install`
 - `cd examples && python smbclient.py <USER>:<PASS>@<WINDOWS HOST IP>`
+### Microsoft Network Monitor
+In situations where WireShark reports some requests/responses as malformed (not parsed correctly),
+[Microsoft Network Monitor](https://www.microsoft.com/en-us/download/details.aspx?id=4865) can be used instead.
+For example, the `LookupSids` response is not parsed correctly by WireShark, whereas it is by this tool.
+This software can be installed on a Windows machine:
+- Download & install the software
+- Open it
+- Click the `Start` button (or press F5) present at the top bar
+The SMB requests will be present under `All Traffic -> My Traffic -> System (4)`.
 ## License
 `ruby_smb` is released under a 3-clause BSD license. See [LICENSE.txt](LICENSE.txt) for full text.

data/lib/ruby_smb/dcerpc/error.rb CHANGED Viewed

@@ -47,6 +47,9 @@ module RubySMB
       # Raised when an error is returned during a Epm operation
       class EpmError < DcerpcError; end
+      # Raised when an error is returned during an LSARPC operation
+      class LsarpcError < DcerpcError; end
       # Raised when an error is returned during a Dfsnm operation
       class DfsnmError < DcerpcError
         include RubySMB::Error::UnexpectedStatusCode::Mixin

data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_request.rb ADDED Viewed

@@ -0,0 +1,22 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarClose Request Packet as defined in
+      # [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
+      class LsarCloseHandleRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        def initialize_instance
+          super
+          @opnum = LSAR_CLOSE_HANDLE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_close_handle_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarClose Response Packet as defined in
+      # [3.1.4.9.4 LsarClose (Opnum 0)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/99dd2d7a-b0fc-4c6d-837a-2b4d342383ae)
+      class LsarCloseHandleResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_CLOSE_HANDLE
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_request.rb ADDED Viewed

@@ -0,0 +1,26 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarLookupSids Request Packet as defined in
+      # [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
+      class LsarLookupSidsRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle           :policy_handle
+        lsapr_sid_enum_buffer  :sid_enum_buffer
+        lsapr_translated_names :translated_names
+        ndr_uint16             :lookup_level
+        ndr_uint32             :mapped_count
+        def initialize_instance
+          super
+          @opnum = LSAR_LOOKUP_SIDS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_lookup_sids_response.rb ADDED Viewed

@@ -0,0 +1,25 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarLookupSids Response Packet as defined in
+      # [3.1.4.11 LsarLookupSids (Opnum 15)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsat/eb7ac899-e697-4883-93de-1e60c7720c02)
+      class LsarLookupSidsResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_referenced_domain_list_ptr :referenced_domains
+        lsapr_translated_names           :translated_names
+        ndr_uint32                       :mapped_count
+        ndr_uint32                       :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_LOOKUP_SIDS
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy2 Request Packet as defined in
+      # [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
+      class LsarOpenPolicy2Request < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_wide_stringz_ptr    :system_name
+        lsapr_object_attributes :object_attributes
+        ndr_uint32              :access_mask
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy2_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy2 Response Packet as defined in
+      # [3.1.4.4.1 LsarOpenPolicy2 (Opnum 44)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/9456a963-7c21-4710-af77-d0a2f5a72d6b)
+      class LsarOpenPolicy2Response < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_request.rb ADDED Viewed

@@ -0,0 +1,24 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy Request Packet as defined in
+      # [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
+      class LsarOpenPolicyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        ndr_wide_string_ptr     :system_name
+        lsapr_object_attributes :object_attributes
+        ndr_uint32              :access_mask
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_open_policy_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarOpenPolicy Response Packet as defined in
+      # [3.1.4.4.2 LsarOpenPolicy (Opnum 6)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/2a482ccf-1f89-4693-8594-855ff738ae8a)
+      class LsarOpenPolicyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_OPEN_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_request.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy2 Request Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
+      class LsarQueryInformationPolicy2Request < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :information_class
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy2_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy2 Response Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy2 (Opnum 46)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/516f503c-0230-489d-b012-e650b46b66a2)
+      class LsarQueryInformationPolicy2Response < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_policy_information_ptr :policy_information
+        ndr_uint32                   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY2
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_request.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy Request Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
+      class LsarQueryInformationPolicyRequest < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_handle :policy_handle
+        ndr_uint32   :information_class
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY
+        end
+      end
+    end
+  end
+end

data/lib/ruby_smb/dcerpc/lsarpc/lsar_query_information_policy_response.rb ADDED Viewed

@@ -0,0 +1,23 @@
+module RubySMB
+  module Dcerpc
+    module Lsarpc
+      # This class represents a LsarQueryInformationPolicy Response Packet as defined in
+      # [3.1.4.4.4 LsarQueryInformationPolicy (Opnum 7)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-lsad/3564ba70-84ea-4f04-a9dc-dede9f96a8bf)
+      class LsarQueryInformationPolicyResponse < BinData::Record
+        attr_reader :opnum
+        endian :little
+        lsapr_policy_information_ptr :policy_information
+        ndr_uint32                   :error_status
+        def initialize_instance
+          super
+          @opnum = LSAR_QUERY_INFORMATION_POLICY
+        end
+      end
+    end
+  end
+end