Class: RubySMB::Client

Inherits:

Object

• Object
• RubySMB::Client

Includes:

Authentication, Echo, Negotiation, Signing, TreeConnect, Utils

Defined in:

lib/ruby_smb/client.rb,
lib/ruby_smb/client/echo.rb,
lib/ruby_smb/client/utils.rb,
lib/ruby_smb/client/signing.rb,
lib/ruby_smb/client/negotiation.rb,
lib/ruby_smb/client/tree_connect.rb,
lib/ruby_smb/client/authentication.rb

Overview

This module holds all of the methods backing the #open_file method

Defined Under Namespace

Modules: Authentication, Echo, Negotiation, Signing, TreeConnect, Utils

Constant Summary

SMB1_DIALECT_SMB1_DEFAULT =

The Default SMB1 Dialect string used in an SMB1 Negotiate Request

'NT LM 0.12'.freeze

SMB1_DIALECT_SMB2_DEFAULT =

The Default SMB2 Dialect string used in an SMB1 Negotiate Request

'SMB 2.002'.freeze

SMB2_DIALECT_DEFAULT =

Dialect value for SMB2 Default (Version 2.02)

0x0202

MAX_BUFFER_SIZE =

The default maximum size of a SMB message that the Client accepts (in bytes)

64512

SERVER_MAX_BUFFER_SIZE =

The default maximum size of a SMB message that the Server accepts (in bytes)

4356

Instance Attribute Summary

• #default_domain ⇒ String
• #default_name ⇒ String
• #dialect ⇒ Integer
• #dispatcher ⇒ RubySMB::Dispatcher::Socket
• #dns_domain_name ⇒ String
• #dns_host_name ⇒ String
• #dns_tree_name ⇒ String
• #domain ⇒ String
• #local_workstation ⇒ String
• #max_buffer_size ⇒ Integer
• #ntlm_client ⇒ String
• #os_version ⇒ String
• #password ⇒ String
• #peer_native_lm ⇒ String
• #peer_native_os ⇒ String
• #primary_domain ⇒ String
• #sequence_counter ⇒ Integer
• #server_max_buffer_size ⇒ Object

  The maximum size SMB message that the Server accepts (in bytes) The default value is small by default.

• #server_max_read_size ⇒ Integer
• #server_max_transact_size ⇒ Integer
• #server_max_write_size ⇒ Integer
• #session_id ⇒ Integer
• #signing_enabled ⇒ Boolean
• #signing_required ⇒ Object

  Whether or not the Server requires signing.

• #smb1 ⇒ Boolean
• #smb2 ⇒ Boolean
• #smb2_message_id ⇒ Integer
• #user_id ⇒ String
• #username ⇒ String

Attributes included from Utils

#auth_user, #evasion_opts, #last_file_id, #native_lm, #native_os, #open_files, #send_lm, #send_ntlm, #spnopt, #tree_connects, #use_lanman_key, #use_ntlmv2, #usentlm2_session, #verify_signature

Attributes included from Signing

#session_key

Instance Method Summary

• #disconnect! ⇒ void

  Logs off any currently open session on the server and closes the TCP socket connection.

• #echo(count: 1, data: '') ⇒ WindowsError::ErrorCode

  Sends an Echo request to the server and returns the NTStatus of the last response packet received.

• #increment_smb_message_id(packet) ⇒ RubySMB::GenericPacket

  Sets the message id field in an SMB2 packet's header to the one tracked by the client.

• #initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION') ⇒ Client constructor

  A new instance of Client.

• #login(username: self.username, password: self.password, domain: self.domain, local_workstation: self.local_workstation) ⇒ Object

  Performs protocol negotiation and session setup.

• #logoff! ⇒ WindowsError::ErrorCode

  Sends a LOGOFF command to the remote server to terminate the session.

• #nb_name_encode(name) ⇒ Object
• #net_share_enum_all(host) ⇒ Array

  Returns array of shares.

• #send_recv(packet) ⇒ String

  Sends a packet and receives the raw response through the Dispatcher.

• #session_request(name = '*SMBSERVER') ⇒ TrueClass

  Requests a NetBIOS Session Service using the provided name.

• #session_setup(user, pass, domain, do_recv = true, local_workstation: self.local_workstation) ⇒ Object
• #tree_connect(share) ⇒ RubySMB::SMB1::Tree, RubySMB::SMB2::Tree

  Connects to the supplied share.

• #wipe_state! ⇒ void

  Resets all of the session state on the client, setting it back to scratch.

Methods included from Utils

#close, #create_pipe, #last_file, #last_tree, #last_tree_id, #open, #read, #tree_disconnect, #write

Methods included from Echo

#smb1_echo, #smb2_echo

Methods included from TreeConnect

#smb1_tree_connect, #smb1_tree_from_response, #smb2_tree_connect, #smb2_tree_from_response

Methods included from Signing

#smb1_sign, #smb2_sign

Methods included from Authentication

#authenticate, #extract_os_version, #smb1_anonymous_auth, #smb1_anonymous_auth_request, #smb1_anonymous_auth_response, #smb1_authenticate, #smb1_ntlmssp_auth_packet, #smb1_ntlmssp_authenticate, #smb1_ntlmssp_challenge_packet, #smb1_ntlmssp_final_packet, #smb1_ntlmssp_negotiate, #smb1_ntlmssp_negotiate_packet, #smb1_type2_message, #smb2_authenticate, #smb2_ntlmssp_auth_packet, #smb2_ntlmssp_authenticate, #smb2_ntlmssp_challenge_packet, #smb2_ntlmssp_final_packet, #smb2_ntlmssp_negotiate, #smb2_ntlmssp_negotiate_packet, #smb2_type2_message, #store_target_info

Methods included from Negotiation

#negotiate, #negotiate_request, #negotiate_response, #parse_negotiate_response, #smb1_negotiate_request, #smb2_negotiate_request

Constructor Details

#initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION') ⇒ Client

Returns a new instance of Client.

Parameters:

• dispatcher (RubySMB::Dispatcher::Socket) —

  the packet dispatcher to use

• smb1 (Boolean) (defaults to: true) —

  whether or not to enable SMB1 support

• smb2 (Boolean) (defaults to: true) —

  whether or not to enable SMB2 support

Raises:

• (ArgumentError)

# File 'lib/ruby_smb/client.rb', line 182

def initialize(dispatcher, smb1: true, smb2: true, username:, password:, domain: '.', local_workstation: 'WORKSTATION')
  raise ArgumentError, 'No Dispatcher provided' unless dispatcher.is_a? RubySMB::Dispatcher::Base
  if smb1 == false && smb2 == false
    raise ArgumentError, 'You must enable at least one Protocol'
  end
  @dispatcher        = dispatcher
  @domain            = domain
  @local_workstation = local_workstation
  @password          = password.encode('utf-8') || ''.encode('utf-8')
  @sequence_counter  = 0
  @session_id        = 0x00
  @session_key       = ''
  @signing_required  = false
  @smb1              = smb1
  @smb2              = smb2
  @username          = username.encode('utf-8') || ''.encode('utf-8')
  @max_buffer_size   = MAX_BUFFER_SIZE
  # These sizes will be modifed during negotiation
  @server_max_buffer_size = SERVER_MAX_BUFFER_SIZE
  @server_max_read_size   = RubySMB::SMB2::File::MAX_PACKET_SIZE
  @server_max_write_size  = RubySMB::SMB2::File::MAX_PACKET_SIZE
  @server_max_transact_size = RubySMB::SMB2::File::MAX_PACKET_SIZE

  negotiate_version_flag = 0x02000000
  flags = Net::NTLM::Client::DEFAULT_FLAGS |
    Net::NTLM::FLAGS[:TARGET_INFO] |
    negotiate_version_flag

  @ntlm_client = Net::NTLM::Client.new(
    @username,
    @password,
    workstation: @local_workstation,
    domain: @domain,
    flags: flags
  )

  @tree_connects = []
  @open_files = {}

  @smb2_message_id = 0
end

Instance Attribute Details

#default_domain ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 82

def default_domain
  @default_domain
end

#default_name ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 77

def default_name
  @default_name
end

#dialect ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 107

def dialect
  @dialect
end

#dispatcher ⇒ RubySMB::Dispatcher::Socket

Returns:

• (RubySMB::Dispatcher::Socket)

# File 'lib/ruby_smb/client.rb', line 33

def dispatcher
  @dispatcher
end

#dns_domain_name ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 92

def dns_domain_name
  @dns_domain_name
end

#dns_host_name ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 87

def dns_host_name
  @dns_host_name
end

#dns_tree_name ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 97

def dns_tree_name
  @dns_tree_name
end

#domain ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 38

def domain
  @domain
end

#local_workstation ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 43

def local_workstation
  @local_workstation
end

#max_buffer_size ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 155

def max_buffer_size
  @max_buffer_size
end

#ntlm_client ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 48

def ntlm_client
  @ntlm_client
end

#os_version ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 102

def os_version
  @os_version
end

#password ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 53

def password
  @password
end

#peer_native_lm ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 65

def peer_native_lm
  @peer_native_lm
end

#peer_native_os ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 59

def peer_native_os
  @peer_native_os
end

#primary_domain ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 72

def primary_domain
  @primary_domain
end

#sequence_counter ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 114

def sequence_counter
  @sequence_counter
end

#server_max_buffer_size ⇒ Object

The maximum size SMB message that the Server accepts (in bytes) The default value is small by default

# File 'lib/ruby_smb/client.rb', line 161

def server_max_buffer_size
  @server_max_buffer_size
end

#server_max_read_size ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 171

def server_max_read_size
  @server_max_read_size
end

#server_max_transact_size ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 177

def server_max_transact_size
  @server_max_transact_size
end

#server_max_write_size ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 166

def server_max_write_size
  @server_max_write_size
end

#session_id ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 119

def session_id
  @session_id
end

#signing_enabled ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ruby_smb/client.rb', line 124

attr_accessor :signing_required

#signing_required ⇒ Object

Whether or not the Server requires signing

# File 'lib/ruby_smb/client.rb', line 124

def signing_required
  @signing_required
end

#smb1 ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ruby_smb/client.rb', line 129

def smb1
  @smb1
end

#smb2 ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/ruby_smb/client.rb', line 134

def smb2
  @smb2
end

#smb2_message_id ⇒ Integer

Returns:

• (Integer)

# File 'lib/ruby_smb/client.rb', line 139

def smb2_message_id
  @smb2_message_id
end

#user_id ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 149

def user_id
  @user_id
end

#username ⇒ String

Returns:

• (String)

# File 'lib/ruby_smb/client.rb', line 144

def username
  @username
end

Instance Method Details

#disconnect! ⇒ void

This method returns an undefined value.

Logs off any currently open session on the server and closes the TCP socket connection.

# File 'lib/ruby_smb/client.rb', line 228

def disconnect!
  begin
    logoff!
  rescue
    wipe_state!
  end
  dispatcher.tcp_socket.close
end

#echo(count: 1, data: '') ⇒ WindowsError::ErrorCode

Sends an Echo request to the server and returns the NTStatus of the last response packet received.

Parameters:

• echo (Integer) —

  the number of times the server should echo (ignored in SMB2)

• data (String) (defaults to: '') —

  the data the server should echo back (ignored in SMB2)

Returns:

• (WindowsError::ErrorCode) —

  the NTStatus of the last response received

# File 'lib/ruby_smb/client.rb', line 243

def echo(count: 1, data: '')
  response = if smb2
               smb2_echo
             else
               smb1_echo(count: count, data: data)
             end
  response.status_code
end

#increment_smb_message_id(packet) ⇒ RubySMB::GenericPacket

Sets the message id field in an SMB2 packet's header to the one tracked by the client. It then increments the counter on the client.

Parameters:

• packet (RubySMB::GenericPacket) —

  the packet to set the message id for

Returns:

• (RubySMB::GenericPacket) —

  the modified packet

# File 'lib/ruby_smb/client.rb', line 258

def increment_smb_message_id(packet)
  if packet.smb2_header.message_id.zero? && smb2_message_id != 0
    packet.smb2_header.message_id = smb2_message_id
    self.smb2_message_id += 1
  end
  packet
end

#login(username: self.username, password: self.password, domain: self.domain, local_workstation: self.local_workstation) ⇒ Object

Performs protocol negotiation and session setup. It defaults to using the credentials supplied during initialization, but can take a new set of credentials if needed.

# File 'lib/ruby_smb/client.rb', line 268

def login(username: self.username, password: self.password, domain: self.domain, local_workstation: self.local_workstation)
  negotiate
  session_setup(username, password, domain, true,
                local_workstation: local_workstation)
end

#logoff! ⇒ WindowsError::ErrorCode

Sends a LOGOFF command to the remote server to terminate the session

Returns:

• (WindowsError::ErrorCode) —

  the NTStatus of the response

# File 'lib/ruby_smb/client.rb', line 300

def logoff!
  if smb2
    request      = RubySMB::SMB2::Packet::LogoffRequest.new
    raw_response = send_recv(request)
    response     = RubySMB::SMB2::Packet::LogoffResponse.read(raw_response)
  else
    request      = RubySMB::SMB1::Packet::LogoffRequest.new
    raw_response = send_recv(request)
    response     = RubySMB::SMB1::Packet::LogoffResponse.read(raw_response)
  end
  wipe_state!
  response.status_code
end

#nb_name_encode(name) ⇒ Object

# File 'lib/ruby_smb/client.rb', line 405

def nb_name_encode(name)
  encoded_name = ''
  name.each_byte do |char|
    first_half = (char >> 4) + 'A'.ord
    second_half = (char & 0xF) + 'A'.ord
    encoded_name << first_half.chr
    encoded_name << second_half.chr
  end
  encoded_name
end

#net_share_enum_all(host) ⇒ Array

Returns array of shares

Parameters:

• host (String)

Returns:

• (Array) —

  of shares

# File 'lib/ruby_smb/client.rb', line 359

def net_share_enum_all(host)
  tree = tree_connect("\\\\#{host}\\IPC$")
  named_pipe = tree.open_file(filename: "srvsvc", write: true, read: true)
  named_pipe.net_share_enum_all(host)
end

#send_recv(packet) ⇒ String

Sends a packet and receives the raw response through the Dispatcher. It will also sign the packet if neccessary.

Parameters:

• packet (RubySMB::GenericPacket) —

  the request to be sent

Returns:

• (String) —

  the raw response data received

# File 'lib/ruby_smb/client.rb', line 319

def send_recv(packet)
  case packet.packet_smb_version
  when 'SMB1'
    packet.smb_header.uid = user_id if user_id
    packet = smb1_sign(packet)
  when 'SMB2'
    packet = increment_smb_message_id(packet)
    packet.smb2_header.session_id = session_id
    unless packet.is_a?(RubySMB::SMB2::Packet::SessionSetupRequest)
      packet = smb2_sign(packet)
    end
  else
    packet = packet
  end
  dispatcher.send_packet(packet)
  raw_response = dispatcher.recv_packet

  self.sequence_counter += 1 if signing_required && !session_key.empty?
  raw_response
end

#session_request(name = '*SMBSERVER') ⇒ TrueClass

Requests a NetBIOS Session Service using the provided name.

Parameters:

• name (String) (defaults to: '*SMBSERVER') —

  the NetBIOS name to request

Returns:

• (TrueClass) —

  if session request is granted

Raises:

• (RubySMB::Error::NetBiosSessionService) —

  if session request is refused

# File 'lib/ruby_smb/client.rb', line 383

def session_request(name = '*SMBSERVER')
  encoded_called_name = nb_name_encode("#{name.upcase.ljust(15)}\x20")
  encoded_calling_name = nb_name_encode("#{''.ljust(15)}\x00")

  session_request = RubySMB::Nbss::SessionRequest.new
  session_request.session_header.session_packet_type = RubySMB::Nbss::SESSION_REQUEST
  session_request.called_name  = "\x20#{encoded_called_name}\x00"
  session_request.calling_name = "\x20#{encoded_calling_name}\x00"
  session_request.session_header.packet_length =
    session_request.num_bytes - session_request.session_header.num_bytes

  dispatcher.send_packet(session_request, nbss_header: false)
  raw_response = dispatcher.recv_packet(full_response: true)
  session_header =  RubySMB::Nbss::SessionHeader.read(raw_response)
  if session_header.session_packet_type == RubySMB::Nbss::NEGATIVE_SESSION_RESPONSE
    negative_session_response =  RubySMB::Nbss::NegativeSessionResponse.read(raw_response)
    raise RubySMB::Error::NetBiosSessionService, "Session Request failed: #{negative_session_response.error_msg}"
  end

  return true
end

#session_setup(user, pass, domain, do_recv = true, local_workstation: self.local_workstation) ⇒ Object

# File 'lib/ruby_smb/client.rb', line 274

def session_setup(user, pass, domain, do_recv=true,
                  local_workstation: self.local_workstation)
  @domain            = domain
  @local_workstation = local_workstation
  @password          = pass.encode('utf-8') || ''.encode('utf-8')
  @username          = user.encode('utf-8') || ''.encode('utf-8')

  negotiate_version_flag = 0x02000000
  flags = Net::NTLM::Client::DEFAULT_FLAGS |
    Net::NTLM::FLAGS[:TARGET_INFO] |
    negotiate_version_flag

  @ntlm_client = Net::NTLM::Client.new(
      @username,
      @password,
      workstation: @local_workstation,
      domain: @domain,
      flags: flags
  )

  authenticate
end

#tree_connect(share) ⇒ RubySMB::SMB1::Tree, RubySMB::SMB2::Tree

Connects to the supplied share

Parameters:

• share (String) —

  the path to the share in \\server\share_name format

Returns:

• (RubySMB::SMB1::Tree) —

  if talking over SMB1

• (RubySMB::SMB2::Tree) —

  if talking over SMB2

# File 'lib/ruby_smb/client.rb', line 345

def tree_connect(share)
  connected_tree = if smb2
    smb2_tree_connect(share)
  else
    smb1_tree_connect(share)
  end
  @tree_connects << connected_tree
  connected_tree
end

#wipe_state! ⇒ void

This method returns an undefined value.

Resets all of the session state on the client, setting it back to scratch. Should only be called when a session is no longer valid.

# File 'lib/ruby_smb/client.rb', line 370

def wipe_state!
  self.session_id       = 0x00
  self.user_id          = 0x00
  self.session_key      = ''
  self.sequence_counter = 0
  self.smb2_message_id  = 0
end