-
Notifications
You must be signed in to change notification settings - Fork 82
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
10 changed files
with
288 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,85 @@ | ||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/592edbc8-f6f1-40c0-9ab3-fe6725ac6d7e | ||
UUID = '12345678-1234-abcd-ef00-01234567cffb' | ||
VER_MAJOR = 1 | ||
VER_MINOR = 0 | ||
|
||
# Operation numbers | ||
NETR_SERVER_REQ_CHALLENGE = 4 | ||
NETR_SERVER_AUTHENTICATE3 = 26 | ||
NETR_SERVER_PASSWORD_SET2 = 30 | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640 | ||
class LogonsrvHandle < Ndr::NdrLpStr; end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/d55e2632-7163-4f6c-b662-4b870e8cc1cd | ||
class NetlogonCredential < Ndr::NdrFixedByteArray | ||
default_parameters length: 8 | ||
end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/76c93227-942a-4687-ab9d-9d972ffabdab | ||
class NetlogonAuthenticator < BinData::Record | ||
endian :little | ||
|
||
netlogon_credential :credential | ||
uint32 :timestamp | ||
end | ||
|
||
# see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/4d1235e3-2c96-4e9f-a147-3cb338a0d09f | ||
class NetlogonSecureChannelType < Ndr::NdrEnum | ||
# enum example from dmendel/bindata#38 https://github.com/dmendel/bindata/issues/38#issuecomment-46397163 | ||
ALL = { | ||
0 => :NullSecureChannel, | ||
1 => :MsvApSecureChannel, | ||
2 => :WorkstationSecureChannel, | ||
3 => :TrustedDnsDomainSecureChannel, | ||
4 => :TrustedDomainSecureChannel, | ||
5 => :UasServerSecureChannel, | ||
6 => :ServerSecureChannel, | ||
7 => :CdcServerSecureChannel | ||
} | ||
ALL.each_pair { |val,sym| const_set(sym.to_s.gsub(/([a-z])([A-Z])/, '\1_\2').upcase, val) } | ||
default_parameter assert: -> { ALL.keys.include? value } | ||
|
||
def as_enum | ||
ALL[value] | ||
end | ||
|
||
def assign(val) | ||
if val.is_a? Symbol | ||
val = ALL.key(val) | ||
raise ArgumentError, 'invalid value name' if val.nil? | ||
end | ||
|
||
super | ||
end | ||
end | ||
|
||
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request' | ||
require 'ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response' | ||
|
||
# Calculate the netlogon session key from the provided shared secret and | ||
# challenges. The shared secret is an NTLM hash. | ||
# | ||
# @param shared_secret [String] the share secret between the client and the server | ||
# @param client_challenge [String] the client challenge portion of the negotiation | ||
# @param server_challenge [String] the server challenge portion of the negotiation | ||
# @return [String] the session key for encryption | ||
def self.calculate_session_key(shared_secret, client_challenge, server_challenge) | ||
client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential | ||
server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential | ||
|
||
hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new) | ||
hmac << client_challenge | ||
hmac << server_challenge | ||
hmac.digest.first(16) | ||
end | ||
|
||
end | ||
end | ||
end |
28 changes: 28 additions & 0 deletions
28
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,28 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9) | ||
class NetrServerAuthenticate3Request < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
logonsrv_handle :primary_name | ||
ndr_string :account_name | ||
netlogon_secure_channel_type :secure_channel_type | ||
ndr_string :computer_name | ||
netlogon_credential :client_credential | ||
uint32 :flags | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_AUTHENTICATE3 | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
26 changes: 26 additions & 0 deletions
26
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,26 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.2 NetrServerAuthenticate3 (Opnum 26)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3a9ed16f-8014-45ae-80af-c0ecb06e2db9) | ||
class NetrServerAuthenticate3Response < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
netlogon_credential :server_credential | ||
uint32 :negotiate_flags | ||
uint32 :account_rid | ||
uint32 :error_status | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_AUTHENTICATE3 | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
25 changes: 25 additions & 0 deletions
25
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32) | ||
class NetrServerReqChallengeRequest < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
logonsrv_handle :primary_name | ||
ndr_string :computer_name | ||
netlogon_credential :client_challenge | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_REQ_CHALLENGE | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
24 changes: 24 additions & 0 deletions
24
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
require 'ruby_smb/dcerpc/ndr' | ||
|
||
module RubySMB | ||
module Dcerpc | ||
module Netlogon | ||
|
||
# [3.5.4.4.1 NetrServerReqChallenge (Opnum 4)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/5ad9db9f-7441-4ce5-8c7b-7b771e243d32) | ||
class NetrServerReqChallengeResponse < BinData::Record | ||
attr_reader :opnum | ||
|
||
endian :little | ||
|
||
netlogon_credential :server_challenge | ||
uint32 :error_status | ||
|
||
def initialize_instance | ||
super | ||
@opnum = NETR_SERVER_REQ_CHALLENGE | ||
end | ||
|
||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters