adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/SMB/Client/KerberosAuthentication.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

996 lines
44 KiB
HTML
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Module: Msf::Exploit::Remote::SMB::Client::KerberosAuthentication
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::SMB::Client::KerberosAuthentication";
relpath = '../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../_index.html">Index (K)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../SMB.html" title="Msf::Exploit::Remote::SMB (module)">SMB</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../Client.html" title="Msf::Exploit::Remote::SMB::Client (module)">Client</a></span></span>
&raquo;
<span class="title">KerberosAuthentication</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Module: Msf::Exploit::Remote::SMB::Client::KerberosAuthentication
</h1>
<div class="box_info">
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This class implements an override for RubySMBs default authentication method to instead use a kerberos authenticator</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#authenticate-instance_method" title="#authenticate (instance method)">#<strong>authenticate</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#kerberos_authenticator=-instance_method" title="#kerberos_authenticator= (instance method)">#<strong>kerberos_authenticator=</strong>(kerberos_authenticator) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb1_authenticate-instance_method" title="#smb1_authenticate (instance method)">#<strong>smb1_authenticate</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Handles SMB1 Kerberos Authentication by delegating to a kerberos_authenticator implementation to generate a GSS security blob with an embedded AP_REQ.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb1_kerberos_authenticate-instance_method" title="#smb1_kerberos_authenticate (instance method)">#<strong>smb1_kerberos_authenticate</strong>(security_buffer) &#x21d2; String </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>The raw binary response from the server.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb1_kerberos_authenticate_packet-instance_method" title="#smb1_kerberos_authenticate_packet (instance method)">#<strong>smb1_kerberos_authenticate_packet</strong>(security_blob) &#x21d2; RubySMB::SMB1::Packet::SessionSetupRequest </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Generates the RubySMB::SMB1::Packet::SessionSetupRequest packet with the NTLM Type 3 (Auth) message in the security_blob field.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb2_authenticate-instance_method" title="#smb2_authenticate (instance method)">#<strong>smb2_authenticate</strong> &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Handles SMB2 Kerberos Authentication by delegating to a kerberos_authenticator implementation to generate a GSS security blob with an embedded AP_REQ.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb2_kerberos_authenticate-instance_method" title="#smb2_kerberos_authenticate (instance method)">#<strong>smb2_kerberos_authenticate</strong>(security_blob) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#smb2_kerberos_authenticate_packet-instance_method" title="#smb2_kerberos_authenticate_packet (instance method)">#<strong>smb2_kerberos_authenticate_packet</strong>(security_blob) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="authenticate-instance_method">
#<strong>authenticate</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>::RubySMB::Error::AuthenticationFailure</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 13</span>
<span class='kw'>def</span> <span class='id identifier rubyid_authenticate'>authenticate</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>AuthenticationFailure</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Missing negotiation security buffer</span><span class='tstring_end'>&quot;</span></span> <span class='kw'>if</span> <span class='id identifier rubyid_negotiation_security_buffer'>negotiation_security_buffer</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_gss_api'>gss_api</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_negotiation_security_buffer'>negotiation_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_mech_types'>mech_types</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Gss</span><span class='period'>.</span><span class='id identifier rubyid_asn1dig'>asn1dig</span><span class='lparen'>(</span><span class='id identifier rubyid_gss_api'>gss_api</span><span class='comma'>,</span> <span class='int'>1</span><span class='comma'>,</span> <span class='int'>0</span><span class='comma'>,</span> <span class='int'>0</span><span class='comma'>,</span> <span class='int'>0</span><span class='rparen'>)</span><span class='op'>&amp;.</span><span class='id identifier rubyid_value'>value</span> <span class='op'>||</span> <span class='lbracket'>[</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_has_kerberos_gss_mech_type'>has_kerberos_gss_mech_type</span> <span class='op'>=</span> <span class='id identifier rubyid_mech_types'>mech_types</span><span class='op'>&amp;.</span><span class='id identifier rubyid_any?'>any?</span> <span class='lbrace'>{</span> <span class='op'>|</span><span class='id identifier rubyid_mech_type'>mech_type</span><span class='op'>|</span> <span class='id identifier rubyid_mech_type'>mech_type</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Gss.html" title="Rex::Proto::Gss (module)">Gss</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Gss.html#OID_MICROSOFT_KERBEROS_5-constant" title="Rex::Proto::Gss::OID_MICROSOFT_KERBEROS_5 (constant)">OID_MICROSOFT_KERBEROS_5</a></span></span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span> <span class='rbrace'>}</span>
<span class='kw'>rescue</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos.html" title="Rex::Proto::Kerberos (module)">Kerberos</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model.html" title="Rex::Proto::Kerberos::Model (module)">Model</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error.html" title="Rex::Proto::Kerberos::Model::Error (module)">Error</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error/KerberosDecodingError.html" title="Rex::Proto::Kerberos::Model::Error::KerberosDecodingError (class)">KerberosDecodingError</a></span></span><span class='period'>.</span><span class='id identifier rubyid_new'><span class='object_link'><a href="../../../../../Rex/Proto/Kerberos/Model/Error/KerberosDecodingError.html#initialize-instance_method" title="Rex::Proto::Kerberos::Model::Error::KerberosDecodingError#initialize (method)">new</a></span></span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Invalid GSS Response</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_error'>error</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to negotiate kerberos with the remote host. Expected oid </span><span class='embexpr_beg'>#{</span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Gss.html" title="Rex::Proto::Gss (module)">Gss</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Proto/Gss.html#OID_MICROSOFT_KERBEROS_5-constant" title="Rex::Proto::Gss::OID_MICROSOFT_KERBEROS_5 (constant)">OID_MICROSOFT_KERBEROS_5</a></span></span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='embexpr_end'>}</span><span class='tstring_content'> in </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_mech_types'>mech_types</span><span class='period'>.</span><span class='id identifier rubyid_map'>map</span><span class='lparen'>(</span><span class='op'>&amp;</span><span class='symbol'>:value</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_inspect'>inspect</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_raise'>raise</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>AuthenticationFailure</span><span class='comma'>,</span> <span class='id identifier rubyid_error'>error</span> <span class='kw'>unless</span> <span class='id identifier rubyid_has_kerberos_gss_mech_type'>has_kerberos_gss_mech_type</span>
<span class='ivar'>@mech_type</span> <span class='op'>=</span> <span class='symbol'>:kerberos</span>
<span class='kw'>if</span> <span class='id identifier rubyid_smb1'>smb1</span>
<span class='id identifier rubyid_smb1_authenticate'>smb1_authenticate</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_smb2_authenticate'>smb2_authenticate</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="kerberos_authenticator=-instance_method">
#<strong>kerberos_authenticator=</strong>(kerberos_authenticator) &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>kerberos_authenticator</span>
<span class='type'>(<tt><span class='object_link'><a href="../../Kerberos/ServiceAuthenticator/SMB.html" title="Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::SMB (class)">Msf::Exploit::Remote::Kerberos::ServiceAuthenticator::SMB</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>The authenticator to make the required Kerberos requests</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
9
10
11</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 9</span>
<span class='kw'>def</span> <span class='id identifier rubyid_kerberos_authenticator='>kerberos_authenticator=</span><span class='lparen'>(</span><span class='id identifier rubyid_kerberos_authenticator'>kerberos_authenticator</span><span class='rparen'>)</span>
<span class='ivar'>@kerberos_authenticator</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_authenticator'>kerberos_authenticator</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb1_authenticate-instance_method">
#<strong>smb1_authenticate</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Handles SMB1 Kerberos Authentication by delegating to a kerberos_authenticator implementation to generate a GSS security blob with an embedded AP_REQ. On success information is stored about the peer/server.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>::RubySMB::Error::AuthenticationFailure</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 42</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb1_authenticate'>smb1_authenticate</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>AuthenticationFailure</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Missing kerberos authenticator</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='ivar'>@kerberos_authenticator</span>
<span class='id identifier rubyid_kerberos_result'>kerberos_result</span> <span class='op'>=</span> <span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_authenticate'>authenticate</span>
<span class='ivar'>@application_key</span> <span class='op'>=</span> <span class='ivar'>@session_key</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:session_key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>...</span><span class='int'>16</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_raw_kerberos_response'>raw_kerberos_response</span> <span class='op'>=</span> <span class='id identifier rubyid_smb1_kerberos_authenticate'>smb1_kerberos_authenticate</span><span class='lparen'>(</span><span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:security_blob</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='id identifier rubyid_smb1_session_setup_response'>smb1_session_setup_response</span><span class='lparen'>(</span><span class='id identifier rubyid_raw_kerberos_response'>raw_kerberos_response</span><span class='rparen'>)</span>
<span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_validate_response!'>validate_response!</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_data_block'>data_block</span><span class='period'>.</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_response_code'>response_code</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_status_code'>status_code</span>
<span class='comment'># Store the available OS information before going forward.
</span> <span class='ivar'>@peer_native_os</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_data_block'>data_block</span><span class='period'>.</span><span class='id identifier rubyid_native_os'>native_os</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='ivar'>@peer_native_lm</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_data_block'>data_block</span><span class='period'>.</span><span class='id identifier rubyid_native_lan_man'>native_lan_man</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span>
<span class='ivar'>@user_id</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb_header'>smb_header</span><span class='period'>.</span><span class='id identifier rubyid_uid'>uid</span> <span class='kw'>if</span> <span class='id identifier rubyid_response_code'>response_code</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_response_code'>response_code</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb1_kerberos_authenticate-instance_method">
#<strong>smb1_kerberos_authenticate</strong>(security_buffer) &#x21d2; <tt>String</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns the raw binary response from the server.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>type3_message</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the NTLM Type 3 message</p>
</div>
</li>
<li>
<span class='name'>user_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>the temporary user ID from the Type 2 response</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the raw binary response from the server</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
68
69
70
71</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 68</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb1_kerberos_authenticate'>smb1_kerberos_authenticate</span><span class='lparen'>(</span><span class='id identifier rubyid_security_buffer'>security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span> <span class='op'>=</span> <span class='id identifier rubyid_smb1_kerberos_authenticate_packet'>smb1_kerberos_authenticate_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_security_buffer'>security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_send_recv'>send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb1_kerberos_authenticate_packet-instance_method">
#<strong>smb1_kerberos_authenticate_packet</strong>(security_blob) &#x21d2; <tt>RubySMB::SMB1::Packet::SessionSetupRequest</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Generates the RubySMB::SMB1::Packet::SessionSetupRequest packet with the NTLM Type 3 (Auth) message in the security_blob field.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>type3_message</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>the NTLM Type 3 message</p>
</div>
</li>
<li>
<span class='name'>user_id</span>
<span class='type'>(<tt>Integer</tt>)</span>
&mdash;
<div class='inline'>
<p>the temporary user ID from the Type 2 response</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>RubySMB::SMB1::Packet::SessionSetupRequest</tt>)</span>
&mdash;
<div class='inline'>
<p>the second authentication packet to send</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
79
80
81
82
83
84
85
86
87</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 79</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb1_kerberos_authenticate_packet'>smb1_kerberos_authenticate_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB1</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>SessionSetupRequest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='comment'># packet.smb_header.uid = user_id
</span> <span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_set_security_buffer'>set_security_buffer</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_parameter_block'>parameter_block</span><span class='period'>.</span><span class='id identifier rubyid_max_buffer_size'>max_buffer_size</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_max_buffer_size'>max_buffer_size</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_parameter_block'>parameter_block</span><span class='period'>.</span><span class='id identifier rubyid_max_mpx_count'>max_mpx_count</span> <span class='op'>=</span> <span class='int'>50</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_smb_header'>smb_header</span><span class='period'>.</span><span class='id identifier rubyid_flags2'>flags2</span><span class='period'>.</span><span class='id identifier rubyid_extended_security'>extended_security</span> <span class='op'>=</span> <span class='int'>1</span>
<span class='id identifier rubyid_packet'>packet</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb2_authenticate-instance_method">
#<strong>smb2_authenticate</strong> &#x21d2; <tt>Object</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Handles SMB2 Kerberos Authentication by delegating to a kerberos_authenticator implementation to generate a GSS security blob with an embedded AP_REQ. On success information is stored about the peer/server.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>::RubySMB::Error::AuthenticationFailure</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 96</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb2_authenticate'>smb2_authenticate</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Error</span><span class='op'>::</span><span class='const'>AuthenticationFailure</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Missing kerberos authenticator</span><span class='tstring_end'>&#39;</span></span> <span class='kw'>unless</span> <span class='ivar'>@kerberos_authenticator</span>
<span class='id identifier rubyid_kerberos_result'>kerberos_result</span> <span class='op'>=</span> <span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_authenticate'>authenticate</span>
<span class='id identifier rubyid_raw_kerberos_response'>raw_kerberos_response</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_kerberos_authenticate'>smb2_kerberos_authenticate</span><span class='lparen'>(</span><span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:security_blob</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_session_setup_response'>smb2_session_setup_response</span><span class='lparen'>(</span><span class='id identifier rubyid_raw_kerberos_response'>raw_kerberos_response</span><span class='rparen'>)</span>
<span class='ivar'>@kerberos_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_validate_response!'>validate_response!</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span><span class='rparen'>)</span>
<span class='ivar'>@session_id</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_session_id'>session_id</span>
<span class='kw'>if</span> <span class='ivar'>@encryption_algorithm</span><span class='period'>.</span><span class='id identifier rubyid_present?'>present?</span>
<span class='id identifier rubyid_key_len'>key_len</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>Cipher</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='ivar'>@encryption_algorithm</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_key_len'>key_len</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_key_len'>key_len</span> <span class='op'>=</span> <span class='int'>16</span>
<span class='kw'>end</span>
<span class='ivar'>@application_key</span> <span class='op'>=</span> <span class='ivar'>@session_key</span> <span class='op'>=</span> <span class='id identifier rubyid_kerberos_result'>kerberos_result</span><span class='lbracket'>[</span><span class='symbol'>:session_key</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='lbracket'>[</span><span class='int'>0</span><span class='op'>...</span><span class='id identifier rubyid_key_len'>key_len</span><span class='rbracket'>]</span>
<span class='ivar'>@session_is_guest</span> <span class='op'>=</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_session_flags'>session_flags</span><span class='period'>.</span><span class='id identifier rubyid_guest'>guest</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='kw'>if</span> <span class='ivar'>@smb3</span>
<span class='kw'>if</span> <span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_session_flags'>session_flags</span><span class='period'>.</span><span class='id identifier rubyid_encrypt_data'>encrypt_data</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='comment'># if the server indicates that encryption is required, enable it
</span> <span class='ivar'>@session_encrypt_data</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='kw'>elsif</span> <span class='lparen'>(</span><span class='ivar'>@session_is_guest</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_password'>password</span> <span class='op'>!=</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span> <span class='op'>||</span> <span class='lparen'>(</span><span class='id identifier rubyid_username'>username</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_password'>password</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='comment'># disable encryption when necessary
</span> <span class='ivar'>@session_encrypt_data</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='kw'>end</span>
<span class='comment'># see: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/7fd079ca-17e6-4f02-8449-46b606ea289c
</span> <span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0300</span><span class='tstring_end'>&#39;</span></span> <span class='op'>||</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0302</span><span class='tstring_end'>&#39;</span></span>
<span class='ivar'>@application_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='ivar'>@session_key</span><span class='comma'>,</span>
<span class='int'>16</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA256</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SMB2APP\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SmbRpc\x00</span><span class='tstring_end'>&quot;</span></span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>else</span>
<span class='ivar'>@application_key</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto.html" title="Rex::Crypto (module)">Crypto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation.html" title="Rex::Crypto::KeyDerivation (module)">KeyDerivation</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108 (module)">NIST_SP_800_108</a></span></span><span class='period'>.</span><span class='id identifier rubyid_counter_hmac'><span class='object_link'><a href="../../../../../Rex/Crypto/KeyDerivation/NIST_SP_800_108.html#counter_hmac-class_method" title="Rex::Crypto::KeyDerivation::NIST_SP_800_108.counter_hmac (method)">counter_hmac</a></span></span><span class='lparen'>(</span>
<span class='ivar'>@session_key</span><span class='comma'>,</span>
<span class='int'>16</span><span class='comma'>,</span>
<span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SHA256</span><span class='tstring_end'>&#39;</span></span><span class='comma'>,</span>
<span class='label'>label:</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>SMBAppKey\x00</span><span class='tstring_end'>&quot;</span></span><span class='comma'>,</span>
<span class='label'>context:</span> <span class='ivar'>@preauth_integrity_hash_value</span>
<span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>end</span>
<span class='comment'># otherwise, leave encryption to the default value that it was initialized to
</span> <span class='kw'>end</span>
<span class='comment'>######
</span> <span class='comment'># DEBUG
</span> <span class='comment'>#puts &quot;Session ID = #{@session_id.to_binary_s.each_byte.map {|e| &#39;%02x&#39; % e}.join}&quot;
</span> <span class='comment'>#puts &quot;Session key = #{@session_key.each_byte.map {|e| &#39;%02x&#39; % e}.join}&quot;
</span> <span class='comment'>#puts &quot;PreAuthHash = #{@preauth_integrity_hash_value.each_byte.map {|e| &#39;%02x&#39; % e}.join}&quot; if @preauth_integrity_hash_value
</span> <span class='comment'>######
</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_status_code'>status_code</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb2_kerberos_authenticate-instance_method">
#<strong>smb2_kerberos_authenticate</strong>(security_blob) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
161
162
163
164
165
166
167
168</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 161</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb2_kerberos_authenticate'>smb2_kerberos_authenticate</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span> <span class='op'>=</span> <span class='id identifier rubyid_smb2_kerberos_authenticate_packet'>smb2_kerberos_authenticate_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='id identifier rubyid_send_recv'>send_recv</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_packet'>packet</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="smb2_kerberos_authenticate_packet-instance_method">
#<strong>smb2_kerberos_authenticate_packet</strong>(security_blob) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
154
155
156
157
158
159</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/client/kerberos_authentication.rb', line 154</span>
<span class='kw'>def</span> <span class='id identifier rubyid_smb2_kerberos_authenticate_packet'>smb2_kerberos_authenticate_packet</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB2</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>SessionSetupRequest</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_set_security_buffer'>set_security_buffer</span><span class='lparen'>(</span><span class='id identifier rubyid_security_blob'>security_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_packet'>packet</span><span class='period'>.</span><span class='id identifier rubyid_security_mode'>security_mode</span><span class='period'>.</span><span class='id identifier rubyid_signing_enabled'>signing_enabled</span> <span class='op'>=</span> <span class='int'>1</span>
<span class='id identifier rubyid_packet'>packet</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:02:50 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink