From 5bbc13adf6f9ad0f73bbbd68139994ba16ce6f86 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 7 Jun 2024 15:47:49 -0400 Subject: [PATCH 1/2] Add DsrGetDcNameEx2Response --- lib/ruby_smb/dcerpc/netlogon.rb | 1 + .../netlogon/domain_controller_infow.rb | 28 +++++++++++++++++++ .../netlogon/dsr_get_dc_name_ex2_response.rb | 24 ++++++++++++++++ 3 files changed, 53 insertions(+) create mode 100644 lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb create mode 100644 lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb diff --git a/lib/ruby_smb/dcerpc/netlogon.rb b/lib/ruby_smb/dcerpc/netlogon.rb index d26d28bb..7382f5a1 100644 --- a/lib/ruby_smb/dcerpc/netlogon.rb +++ b/lib/ruby_smb/dcerpc/netlogon.rb @@ -67,6 +67,7 @@ def assign(val) require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request' require 'ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response' require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request' + require 'ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response' # Calculate the netlogon session key from the provided shared secret and # challenges. The shared secret is an NTLM hash. diff --git a/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb b/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb new file mode 100644 index 00000000..027ba85f --- /dev/null +++ b/lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb @@ -0,0 +1,28 @@ +require 'ruby_smb/dcerpc/ndr' + +module RubySMB + module Dcerpc + module Netlogon + + # [2.2.1.2.1 DOMAIN_CONTROLLER_INFOW](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/9b85a7a4-8d34-4b9e-9500-bf8644ebfc06) + class DomainControllerInfoW < Ndr::NdrStruct + default_parameters byte_align: 4 + endian :little + + ndr_wide_stringz_ptr :domain_controller_name + ndr_wide_stringz_ptr :domain_controller_address + ndr_uint32 :domain_controller_address_type + uuid :domain_guid + ndr_wide_stringz_ptr :domain_name + ndr_wide_stringz_ptr :dns_forest_name + ndr_uint32 :flags + ndr_wide_stringz_ptr :dc_site_name + ndr_wide_stringz_ptr :client_site_name + end + + class DomainControllerInfoWPtr < DomainControllerInfoW + extend Ndr::PointerClassPlugin + end + end + end +end diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb new file mode 100644 index 00000000..d366b623 --- /dev/null +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb @@ -0,0 +1,24 @@ +require 'ruby_smb/dcerpc/ndr' +require 'ruby_smb/dcerpc/netlogon/domain_controller_infow' + +module RubySMB + module Dcerpc + module Netlogon + + # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDCNameEx2Response < BinData::Record + attr_reader :opnum + + endian :little + + domain_controller_info_w_ptr :domain_controller_info + ndr_uint32 :error_status + + def initialize_instance + super + @opnum = DSR_GET_DC_NAME_EX2 + end + end + end + end +end From 4a792e112d13566b3acc11dc08076d13ea309cf3 Mon Sep 17 00:00:00 2001 From: Spencer McIntyre Date: Fri, 7 Jun 2024 15:48:43 -0400 Subject: [PATCH 2/2] Use lowercase Cs for consistency with the spec --- .../netlogon/dsr_get_dc_name_ex2_request.rb | 18 +++++++++--------- .../netlogon/dsr_get_dc_name_ex2_response.rb | 8 ++++---- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb index 92ab12fc..91cd6fbd 100644 --- a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb @@ -4,19 +4,19 @@ module RubySMB module Dcerpc module Netlogon - # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) - class DsrGetDCNameEx2Request < BinData::Record + # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDcNameEx2Request < BinData::Record attr_reader :opnum endian :little - logonsrv_handle :computer_name - ndr_wide_stringz_ptr :account_name - ndr_uint32 :allowable_account_control_bits - ndr_wide_stringz_ptr :domain_name - uuid_ptr :domain_guid - ndr_wide_stringz_ptr :site_name - ndr_uint32 :flags + logonsrv_handle :computer_name + ndr_wide_stringz_ptr :account_name + ndr_uint32 :allowable_account_control_bits + ndr_wide_stringz_ptr :domain_name + uuid_ptr :domain_guid + ndr_wide_stringz_ptr :site_name + ndr_uint32 :flags def initialize_instance super diff --git a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb index d366b623..ae655bed 100644 --- a/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb +++ b/lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb @@ -5,14 +5,14 @@ module RubySMB module Dcerpc module Netlogon - # [3.5.4.3.1 DsrGetDCNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) - class DsrGetDCNameEx2Response < BinData::Record + # [3.5.4.3.1 DsrGetDcNameEx2 (Opnum 34)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/fb8e1146-a045-4c31-98d1-c68507ad5620) + class DsrGetDcNameEx2Response < BinData::Record attr_reader :opnum endian :little - domain_controller_info_w_ptr :domain_controller_info - ndr_uint32 :error_status + domain_controller_info_w_ptr :domain_controller_info + ndr_uint32 :error_status def initialize_instance super