lib/rex/proto/smb/client.rb in librex-0.0.65 vs lib/rex/proto/smb/client.rb in librex-0.0.66

- old
+ new

@@ -1,5 +1,6 @@ +# -*- coding: binary -*- module Rex module Proto module SMB class Client @@ -55,14 +56,14 @@ # Signing self.sequence_counter = 0 self.signing_key = '' self.require_signing = false - + #Misc self.spnopt = {} - + end # Read a SMB packet from the socket def smb_recv @@ -95,12 +96,12 @@ data << buff end #signing if self.require_signing && self.signing_key != '' - if self.verify_signature - raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data) + if self.verify_signature + raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data) end self.sequence_counter += 1 end return data @@ -157,11 +158,11 @@ data = self.smb_recv pkt = CONST::SMB_BASE_PKT.make_struct pkt.from_s(data) res = pkt - + begin case pkt['Payload']['SMB'].v['Command'] when CONST::SMB_COM_NEGOTIATE res = smb_parse_negotiate(pkt, data) @@ -558,12 +559,12 @@ # Coordinated Universal Time (UTC) format. # We convert it to a friendly Time object here self.system_time = UTILS.time_smb_to_unix(ack['Payload'].v['SystemTimeHigh'],ack['Payload'].v['SystemTimeLow']) self.system_time = ::Time.at( self.system_time ) - # A signed 16-bit signed integer that represents the server's time zone, in minutes, - # from UTC. The time zone of the server MUST be expressed in minutes, plus or minus, + # A signed 16-bit signed integer that represents the server's time zone, in minutes, + # from UTC. The time zone of the server MUST be expressed in minutes, plus or minus, # from UTC. # NOTE: althought the spec says +/- it doesn't say that it should be inverted :-/ system_zone = ack['Payload'].v['ServerTimeZone'] # Convert the ServerTimeZone to _seconds_ and back into a signed integer :-/ if (system_zone & 0x8000) == 0x8000 @@ -579,11 +580,11 @@ # Authenticate and establish a session def session_setup(*args) if (self.dialect =~ /^(NT LANMAN 1.0|NT LM 0.12)$/) - + if (self.challenge_key) return self.session_setup_no_ntlmssp(*args) end if ( self.extended_security ) @@ -654,21 +655,21 @@ # #raise XCEPT::SigningError if self.require_signing self.require_signing = false if self.require_signing - + if NTLM_UTILS.is_pass_ntlm_hash?(pass) arglm = { :lm_hash => [ pass.upcase()[0,32] ].pack('H32'), - :challenge => self.challenge_key + :challenge => self.challenge_key } hash_lm = NTLM_CRYPT::lm_response(arglm) argntlm = { - :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'), - :challenge => self.challenge_key + :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'), + :challenge => self.challenge_key } hash_nt = NTLM_CRYPT::ntlm_response(argntlm) else hash_lm = pass.length > 0 ? NTLM_CRYPT.lanman_des(pass, self.challenge_key) : '' hash_nt = pass.length > 0 ? NTLM_CRYPT.ntlm_md4(pass, self.challenge_key) : '' @@ -766,11 +767,11 @@ self.default_domain = info[2] return ack end - # Authenticate using extended security negotiation + # Authenticate using extended security negotiation def session_setup_with_ntlmssp(user = '', pass = '', domain = '', name = nil, do_recv = true) ntlm_options = { :signing => self.require_signing, :usentlm2_session => self.usentlm2_session, @@ -863,21 +864,21 @@ chall_MsvAvTimestamp = blob_data[:chall_MsvAvTimestamp] || '' resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, self.challenge_key, domain, default_name, default_domain, dns_host_name, - dns_domain_name, chall_MsvAvTimestamp , + dns_domain_name, chall_MsvAvTimestamp , self.spnopt, ntlm_options) enc_session_key = '' self.sequence_counter = 0 if self.require_signing - self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, - self.challenge_key, client_challenge, ntlm_cli_challenge, + self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, + self.challenge_key, client_challenge, ntlm_cli_challenge, ntlm_options) end - + # Create the security blob data blob = NTLM_UTILS.make_ntlmssp_secblob_auth(domain, name, user, resp_lm, resp_ntlm, enc_session_key, ntlmssp_flags) pkt = CONST::SMB_SETUP_NTLMV2_PKT.make_struct self.smb_defaults(pkt['Payload']['SMB']) @@ -907,15 +908,15 @@ ack = self.smb_recv_parse(CONST::SMB_COM_SESSION_SETUP_ANDX, true) # Make sure that authentication succeeded if (ack['Payload']['SMB'].v['ErrorClass'] != 0) - + if (user.length == 0) # Ensure that signing is disabled when we hit this corner case self.require_signing = false - + # Fall back to the non-ntlmssp authentication method return self.session_setup_no_ntlmssp(user, pass, domain) end failure = XCEPT::ErrorCode.new @@ -1918,30 +1919,30 @@ resp = trans2(CONST::TRANS2_CREATE_DIRECTORY, parm, '') end # public read/write methods attr_accessor :native_os, :native_lm, :encrypt_passwords, :extended_security, :read_timeout, :evasion_opts - attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm + attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm attr_accessor :system_time, :system_zone #misc attr_accessor :spnopt # used for SPN # public read methods attr_reader :dialect, :session_id, :challenge_key, :peer_native_lm, :peer_native_os attr_reader :default_domain, :default_name, :auth_user, :auth_user_id attr_reader :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id attr_reader :dns_host_name, :dns_domain_name attr_reader :security_mode, :server_guid - #signing related + #signing related attr_reader :sequence_counter,:signing_key, :require_signing # private methods attr_writer :dialect, :session_id, :challenge_key, :peer_native_lm, :peer_native_os attr_writer :default_domain, :default_name, :auth_user, :auth_user_id attr_writer :dns_host_name, :dns_domain_name attr_writer :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id attr_writer :security_mode, :server_guid - #signing related + #signing related attr_writer :sequence_counter,:signing_key, :require_signing attr_accessor :socket