-
Notifications
You must be signed in to change notification settings - Fork 79
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
680 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,101 @@ | ||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/592edbc8-f6f1-40c0-9ab3-fe6725ac6d7e | ||
UUID = '12345678-1234-abcd-ef00-01234567cffb' | ||
VER_MAJOR = 1 | ||
VER_MINOR = 0 | ||
|
||
# Operation numbers | ||
NETR_SERVER_REQ_CHALLENGE = 4 | ||
NETR_SERVER_AUTHENTICATE3 = 26 | ||
NETR_SERVER_PASSWORD_SET2 = 30 | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640 | ||
class LogonsrvHandle < Ndr::NdrLpStr; end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/d55e2632-7163-4f6c-b662-4b870e8cc1cd | ||
class NetlogonCredential < Ndr::NdrFixedByteArray | ||
default_parameters length: 8 | ||
end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/76c93227-942a-4687-ab9d-9d972ffabdab | ||
class NetlogonAuthenticator < BinData::Record | ||
endian :little | ||
|
||
netlogon_credential :credential | ||
uint32 :timestamp | ||
end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/4d1235e3-2c96-4e9f-a147-3cb338a0d09f | ||
class NetlogonSecureChannelType < Ndr::NdrEnum | ||
# enum example from dmendel/bindata#38 https://github.com/dmendel/bindata/issues/38#issuecomment-46397163 | ||
ALL = { | ||
0 => :NullSecureChannel, | ||
1 => :MsvApSecureChannel, | ||
2 => :WorkstationSecureChannel, | ||
3 => :TrustedDnsDomainSecureChannel, | ||
4 => :TrustedDomainSecureChannel, | ||
5 => :UasServerSecureChannel, | ||
6 => :ServerSecureChannel, | ||
7 => :CdcServerSecureChannel | ||
} | ||
ALL.each_pair { |val,sym| const_set(sym.to_s.gsub(/([a-z])([A-Z])/, '\1_\2').upcase, val) } | ||
default_parameter assert: -> { ALL.keys.include? value } | ||
|
||
def as_enum | ||
ALL[value] | ||
end | ||
|
||
def assign(val) | ||
if val.is_a? Symbol | ||
val = ALL.key(val) | ||
raise ArgumentError, 'invalid value name' if val.nil? | ||
end | ||
|
||
super | ||
end | ||
end | ||
|
||
require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_request' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_response' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response' | ||
|
||
# Calculate the netlogon session key from the provided shared secret and | ||
# challenges. The shared secret is an NTLM hash. | ||
# | ||
# @param shared_secret [String] the share secret between the client and the server | ||
# @param client_challenge [String] the client challenge portion of the negotiation | ||
# @param server_challenge [String] the server challenge portion of the negotiation | ||
# @return [String] the session key for encryption | ||
def self.calculate_session_key(shared_secret, client_challenge, server_challenge) | ||
client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential | ||
server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential | ||
|
||
hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new) | ||
hmac << client_challenge | ||
hmac << server_challenge | ||
hmac.digest.first(16) | ||
end | ||
|
||
# Encrypt the input data using the specified session key. This is used for | ||
# certain Netlogon service operations including the authentication | ||
# process. Per the specification, this uses AES-128-CFB8 with an all zero | ||
# initialization vector. | ||
# | ||
# @param session_key [String] the session key to use for encryption (must be 16 bytes long) | ||
# @param input_data [String] the data to encrypt | ||
# @return [String] the encrypted data | ||
def self.encrypt_credential(session_key, input_data) | ||
cipher = OpenSSL::Cipher.new('AES-128-CFB8').encrypt | ||
cipher.iv = "\x00" * 16 | ||
cipher.key = session_key | ||
cipher.update(input_data) + cipher.final | ||
end | ||
end | ||
end | ||
end |
28 changes: 28 additions & 0 deletions
28
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9) | ||
class NetrServerAuthenticate3Request < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
logonsrv_handle :primary_name | ||
ndr_string :account_name | ||
netlogon_secure_channel_type :secure_channel_type | ||
ndr_string :computer_name | ||
netlogon_credential :client_credential | ||
uint32 :flags | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_AUTHENTICATE3 | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
26 changes: 26 additions & 0 deletions
26
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9) | ||
class NetrServerAuthenticate3Response < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
netlogon_credential :server_credential | ||
uint32 :negotiate_flags | ||
uint32 :account_rid | ||
uint32 :error_status | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_AUTHENTICATE3 | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
27 changes: 27 additions & 0 deletions
27
lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/14b020a8-0bcf-4af5-ab72-cc92bc6b1d81) | ||
class NetrServerPasswordSet2Request < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
logonsrv_handle :primary_name | ||
ndr_string :account_name | ||
netlogon_secure_channel_type :secure_channel_type | ||
ndr_string :computer_name | ||
netlogon_authenticator :authenticator | ||
ndr_fixed_byte_array :clear_new_password, length: 516 # this is an encrypted NL_TRUST_PASSWORD | ||
|
||
def initialize_instance | ||
super | ||
@opnum = Netlogon::NETR_SERVER_PASSWORD_SET2 | ||
end | ||
end | ||
end | ||
end | ||
end |
23 changes: 23 additions & 0 deletions
23
lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.5 NetrServerPasswordSet2 (Opnum 30)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/14b020a8-0bcf-4af5-ab72-cc92bc6b1d81) | ||
class NetrServerPasswordSet2Response < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
netlogon_authenticator :return_authenticator | ||
uint32 :error_status | ||
|
||
def initialize_instance | ||
super | ||
@opnum = Netlogon::NETR_SERVER_PASSWORD_SET2 | ||
end | ||
end | ||
end | ||
end | ||
end |
25 changes: 25 additions & 0 deletions
25
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32) | ||
class NetrServerReqChallengeRequest < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
logonsrv_handle :primary_name | ||
ndr_string :computer_name | ||
netlogon_credential :client_challenge | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_REQ_CHALLENGE | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
24 changes: 24 additions & 0 deletions
24
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32) | ||
class NetrServerReqChallengeResponse < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
netlogon_credential :server_challenge | ||
uint32 :error_status | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_REQ_CHALLENGE | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
Oops, something went wrong.