Class: Rex::Proto::DRDA::Utils

Inherits:
Object
  • Object
show all
Defined in:
lib/rex/proto/drda/utils.rb

Defined Under Namespace

Classes: UnitTest

Class Method Summary collapse

Class Method Details

._info_accsecrd(ddm) ⇒ Object 



68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
# File 'lib/rex/proto/drda/utils.rb', line 68

def self._info_accsecrd(ddm)
	info_hash = {:accsecrd => true}
	ddm.payload.each do |param|
		case param.codepoint
		when Constants::SECMEC
			info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/
		when Constants::SECCHKCD
			info_hash[:security_check_code] = param.payload.unpack("C").first
			# A little spurious? This is always nonzero when there's no SECCHKRM DDM.
			info_hash[:db_login_success] = false unless info_hash[:security_check_code].zero? 
		else
			next
		end
	end
	return info_hash
end

._info_excsatrd(ddm) ⇒ Object 



51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
 
# File 'lib/rex/proto/drda/utils.rb', line 51

def self._info_excsatrd(ddm)
	info_hash = {:excsatrd => true}
	ddm.payload.each do |param|
		case param.codepoint
		when Constants::SRVNAM
			info_hash[:instance_name] = Rex::Text.from_ebcdic(param.payload)
		when Constants::SRVCLSNM
			info_hash[:platform] = Rex::Text.from_ebcdic(param.payload)
		when Constants::SRVRLSLV
			info_hash[:version] = Rex::Text.from_ebcdic(param.payload)
		else
			next
		end
	end
 return info_hash	
end

._info_rdbnfnrm(ddm) ⇒ Object 



85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
 
# File 'lib/rex/proto/drda/utils.rb', line 85

def self._info_rdbnfnrm(ddm)
	info_hash = {:rdbnfnrm => true}
	info_hash[:database_found] = false
	ddm.payload.each do |param|
		case param.codepoint
		when Constants::RDBNAM
			info_hash[:db_name] = Rex::Text.from_ebcdic(param.payload).unpack("A*").first
		when Constants::SRVDGN
			info_hash[:error_message] = Rex::Text.from_ebcdic(param.payload)
		else
			next
		end
	end
	return info_hash
end

._info_secchkrm(ddm) ⇒ Object 



101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
 
# File 'lib/rex/proto/drda/utils.rb', line 101

def self._info_secchkrm(ddm)
	info_hash = {:secchkrm => true}
	ddm.payload.each do |param|
		case param.codepoint
		when Constants::SRVCOD
			info_hash[:severity_code] = param.payload.unpack("n").first
		when Constants::SECCHKCD
			info_hash[:security_check_code] = param.payload.unpack("C").first
		else
			next
		end
	end
	if info_hash[:serverity].to_i.zero? and info_hash[:security_check_code].to_i.zero?
		info_hash[:db_login_success] = true
	end
	return info_hash
end

.client_auth(args = {}) ⇒ Object

Creates a packet with EXCSAT_DDM and an SECCHK_DDM. In order to ever succeed, you do need a successful probe first.



20
21
22
23
24
25
26
27
28
29
 
# File 'lib/rex/proto/drda/utils.rb', line 20

def self.client_auth(args={})
	dbname = args[:dbname]
	dbuser = args[:dbuser]
	dbpass = args[:dbpass]
	pkt = [
		ACCSEC_DDM.new(:format => 0x41),
		SECCHK_DDM.new(:dbname => dbname, :dbuser => dbuser, :dbpass => dbpass)
	]
	pkt.map {|x| x.to_s}.join
end

.client_probe(dbname = nil) ⇒ Object

Creates a packet with EXCSAT_DDM and an ACCSEC_DDM. This will elicit a reponse from the target server.



10
11
12
13
14
15
16
 
# File 'lib/rex/proto/drda/utils.rb', line 10

def self.client_probe(dbname=nil)
	pkt = [
		EXCSAT_DDM.new,
		ACCSEC_DDM.new(:dbname => dbname)
	]
	pkt.map {|x| x.to_s}.join
end

.server_packet_info(obj) ⇒ Object 



31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
 
# File 'lib/rex/proto/drda/utils.rb', line 31

def self.server_packet_info(obj)
	info_hash = {}
	return info_hash unless obj.kind_of? Rex::Proto::DRDA::SERVER_PACKET
	obj.each do |ddm|
		case ddm.codepoint
		when Constants::EXCSATRD
			info_hash.merge!(_info_excsatrd(ddm))
		when Constants::ACCSECRD
			info_hash.merge!(_info_accsecrd(ddm))
		when Constants::RDBNFNRM
			info_hash.merge!(_info_rdbnfnrm(ddm))
		when Constants::SECCHKRM
			info_hash.merge!(_info_secchkrm(ddm))
		else
			next
		end 
	end
	return info_hash
end