From b56789305dea0a2e00079eba30418c099973506e Mon Sep 17 00:00:00 2001 From: sud0Ru Date: Fri, 31 May 2024 14:03:04 -0400 Subject: [PATCH 1/4] adding the request file --- .../netlogon/dsr_get_dc_name_ex2_request.rb | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb new file mode 100644 index 000000000..92ab12fcb --- /dev/null +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb @@ -0,0 +1,28 @@ +require 'ruby_smb/dcerpc/ndr' + +module RubySMB + module Dcerpc + module Netlogon + + # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDCNameEx2Request < BinData::Record + attr_reader :opnum + + endian :little + + logonsrv_handle :computer_name + ndr_wide_stringz_ptr :account_name + ndr_uint32 :allowable_account_control_bits + ndr_wide_stringz_ptr :domain_name + uuid_ptr :domain_guid + ndr_wide_stringz_ptr :site_name + ndr_uint32 :flags + + def initialize_instance + super + @opnum = DSR_GET_DC_NAME_EX2 + end + end + end + end +end From 8269886e94a0610f0d9e18252816af3762744771 Mon Sep 17 00:00:00 2001 From: sud0Ru Date: Fri, 31 May 2024 14:06:49 -0400 Subject: [PATCH 2/4] editing netlogon.rb --- lib/ruby_smb/dcerpc/netlogon.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/ruby_smb/dcerpc/netlogon.rb b/lib/ruby_smb/dcerpc/netlogon.rb index 8045866bd..d26d28bba 100644 --- a/lib/ruby_smb/dcerpc/netlogon.rb +++ b/lib/ruby_smb/dcerpc/netlogon.rb @@ -11,6 +11,7 @@ module Netlogon NETR_SERVER_REQ_CHALLENGE = 4 NETR_SERVER_AUTHENTICATE3 = 26 NETR_SERVER_PASSWORD_SET2 = 30 + DSR_GET_DC_NAME_EX2 = 34 # see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/3b224201-b531-43e2-8c79-b61f6dea8640 class LogonsrvHandle < Ndr::NdrWideStringzPtr; end @@ -65,6 +66,7 @@ def assign(val) require 'ruby_smb/dcerpc/netlogon/netr_server_password_set2_response' require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request' require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response' + require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request' # Calculate the netlogon session key from the provided shared secret and # challenges. The shared secret is an NTLM hash. From 5bbc13adf6f9ad0f73bbbd68139994ba16ce6f86 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 7 Jun 2024 15:47:49 -0400 Subject: [PATCH 3/4] Add DsrGetDcNameEx2Response --- lib/ruby_smb/dcerpc/netlogon.rb | 1 + .../netlogon/domain_controller_infow.rb | 28 +++++++++++++++++++ .../netlogon/dsr_get_dc_name_ex2_response.rb | 24 ++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb create mode 100644 lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb diff --git a/lib/ruby_smb/dcerpc/netlogon.rb b/lib/ruby_smb/dcerpc/netlogon.rb index d26d28bba..7382f5a18 100644 --- a/lib/ruby_smb/dcerpc/netlogon.rb +++ b/lib/ruby_smb/dcerpc/netlogon.rb @@ -67,6 +67,7 @@ def assign(val) require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request' require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response' require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request' + require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response' # Calculate the netlogon session key from the provided shared secret and # challenges. The shared secret is an NTLM hash. diff --git a/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb b/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb new file mode 100644 index 000000000..027ba85f8 --- /dev/null +++ b/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb @@ -0,0 +1,28 @@ +require 'ruby_smb/dcerpc/ndr' + +module RubySMB + module Dcerpc + module Netlogon + + # [2.2.1.2.1 DOMAIN_CONTROLLER_INFOW](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/9b85a7a4-8d34-4b9e-9500-bf8644ebfc06) + class DomainControllerInfoW < Ndr::NdrStruct + default_parameters byte_align: 4 + endian :little + + ndr_wide_stringz_ptr :domain_controller_name + ndr_wide_stringz_ptr :domain_controller_address + ndr_uint32 :domain_controller_address_type + uuid :domain_guid + ndr_wide_stringz_ptr :domain_name + ndr_wide_stringz_ptr :dns_forest_name + ndr_uint32 :flags + ndr_wide_stringz_ptr :dc_site_name + ndr_wide_stringz_ptr :client_site_name + end + + class DomainControllerInfoWPtr < DomainControllerInfoW + extend Ndr::PointerClassPlugin + end + end + end +end diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb new file mode 100644 index 000000000..d366b623d --- /dev/null +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb @@ -0,0 +1,24 @@ +require 'ruby_smb/dcerpc/ndr' +require 'ruby_smb/dcerpc/netlogon/domain_controller_infow' + +module RubySMB + module Dcerpc + module Netlogon + + # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDCNameEx2Response < BinData::Record + attr_reader :opnum + + endian :little + + domain_controller_info_w_ptr :domain_controller_info + ndr_uint32 :error_status + + def initialize_instance + super + @opnum = DSR_GET_DC_NAME_EX2 + end + end + end + end +end From 4a792e112d13566b3acc11dc08076d13ea309cf3 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 7 Jun 2024 15:48:43 -0400 Subject: [PATCH 4/4] Use lowercase Cs for consistency with the spec --- .../netlogon/dsr_get_dc_name_ex2_request.rb | 18 +++++++++--------- .../netlogon/dsr_get_dc_name_ex2_response.rb | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb index 92ab12fcb..91cd6fbda 100644 --- a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb @@ -4,19 +4,19 @@ module RubySMB module Dcerpc module Netlogon - # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) - class DsrGetDCNameEx2Request < BinData::Record + # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDcNameEx2Request < BinData::Record attr_reader :opnum endian :little - logonsrv_handle :computer_name - ndr_wide_stringz_ptr :account_name - ndr_uint32 :allowable_account_control_bits - ndr_wide_stringz_ptr :domain_name - uuid_ptr :domain_guid - ndr_wide_stringz_ptr :site_name - ndr_uint32 :flags + logonsrv_handle :computer_name + ndr_wide_stringz_ptr :account_name + ndr_uint32 :allowable_account_control_bits + ndr_wide_stringz_ptr :domain_name + uuid_ptr :domain_guid + ndr_wide_stringz_ptr :site_name + ndr_uint32 :flags def initialize_instance super diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb index d366b623d..ae655bed6 100644 --- a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb @@ -5,14 +5,14 @@ module RubySMB module Dcerpc module Netlogon - # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) - class DsrGetDCNameEx2Response < BinData::Record + # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDcNameEx2Response < BinData::Record attr_reader :opnum endian :little - domain_controller_info_w_ptr :domain_controller_info - ndr_uint32 :error_status + domain_controller_info_w_ptr :domain_controller_info + ndr_uint32 :error_status def initialize_instance super