Class: Rex::Proto::DRDA::Utils
- Inherits:
-
Object
- Object
- Rex::Proto::DRDA::Utils
- Defined in:
- lib/rex/proto/drda/utils.rb
Class Method Summary collapse
- ._info_accsecrd(ddm) ⇒ Object
- ._info_excsatrd(ddm) ⇒ Object
- ._info_rdbnfnrm(ddm) ⇒ Object
- ._info_secchkrm(ddm) ⇒ Object
-
.client_auth(args = {}) ⇒ Object
Creates a packet with EXCSAT_DDM and an SECCHK_DDM.
-
.client_probe(dbname = nil) ⇒ Object
Creates a packet with EXCSAT_DDM and an ACCSEC_DDM.
- .server_packet_info(obj) ⇒ Object
Class Method Details
._info_accsecrd(ddm) ⇒ Object
69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 |
# File 'lib/rex/proto/drda/utils.rb', line 69 def self._info_accsecrd(ddm) info_hash = {:accsecrd => true} ddm.payload.each do |param| case param.codepoint when Constants::SECMEC info_hash[:plaintext_auth] = true if param.payload =~ /\x00\x03/n when Constants::SECCHKCD info_hash[:security_check_code] = param.payload.unpack("C").first # A little spurious? This is always nonzero when there's no SECCHKRM DDM. info_hash[:db_login_success] = false unless info_hash[:security_check_code].zero? else next end end return info_hash end |
._info_excsatrd(ddm) ⇒ Object
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 |
# File 'lib/rex/proto/drda/utils.rb', line 52 def self._info_excsatrd(ddm) info_hash = {:excsatrd => true} ddm.payload.each do |param| case param.codepoint when Constants::SRVNAM info_hash[:instance_name] = Rex::Text.from_ebcdic(param.payload) when Constants::SRVCLSNM info_hash[:platform] = Rex::Text.from_ebcdic(param.payload) when Constants::SRVRLSLV info_hash[:version] = Rex::Text.from_ebcdic(param.payload) else next end end return info_hash end |
._info_rdbnfnrm(ddm) ⇒ Object
86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 |
# File 'lib/rex/proto/drda/utils.rb', line 86 def self._info_rdbnfnrm(ddm) info_hash = {:rdbnfnrm => true} info_hash[:database_found] = false ddm.payload.each do |param| case param.codepoint when Constants::RDBNAM info_hash[:db_name] = Rex::Text.from_ebcdic(param.payload).unpack("A*").first when Constants::SRVDGN info_hash[:error_message] = Rex::Text.from_ebcdic(param.payload) else next end end return info_hash end |
._info_secchkrm(ddm) ⇒ Object
102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 |
# File 'lib/rex/proto/drda/utils.rb', line 102 def self._info_secchkrm(ddm) info_hash = {:secchkrm => true} ddm.payload.each do |param| case param.codepoint when Constants::SRVCOD info_hash[:severity_code] = param.payload.unpack("n").first when Constants::SECCHKCD info_hash[:security_check_code] = param.payload.unpack("C").first else next end end if info_hash[:serverity].to_i.zero? and info_hash[:security_check_code].to_i.zero? info_hash[:db_login_success] = true end return info_hash end |
.client_auth(args = {}) ⇒ Object
Creates a packet with EXCSAT_DDM and an SECCHK_DDM. In order to ever succeed, you do need a successful probe first.
21 22 23 24 25 26 27 28 29 30 |
# File 'lib/rex/proto/drda/utils.rb', line 21 def self.client_auth(args={}) dbname = args[:dbname] dbuser = args[:dbuser] dbpass = args[:dbpass] pkt = [ ACCSEC_DDM.new(:format => 0x41), SECCHK_DDM.new(:dbname => dbname, :dbuser => dbuser, :dbpass => dbpass) ] pkt.map {|x| x.to_s}.join end |
.client_probe(dbname = nil) ⇒ Object
Creates a packet with EXCSAT_DDM and an ACCSEC_DDM. This will elicit a reponse from the target server.
11 12 13 14 15 16 17 |
# File 'lib/rex/proto/drda/utils.rb', line 11 def self.client_probe(dbname=nil) pkt = [ EXCSAT_DDM.new, ACCSEC_DDM.new(:dbname => dbname) ] pkt.map {|x| x.to_s}.join end |
.server_packet_info(obj) ⇒ Object
32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 |
# File 'lib/rex/proto/drda/utils.rb', line 32 def self.server_packet_info(obj) info_hash = {} return info_hash unless obj.kind_of? Rex::Proto::DRDA::SERVER_PACKET obj.each do |ddm| case ddm.codepoint when Constants::EXCSATRD info_hash.merge!(_info_excsatrd(ddm)) when Constants::ACCSECRD info_hash.merge!(_info_accsecrd(ddm)) when Constants::RDBNFNRM info_hash.merge!(_info_rdbnfnrm(ddm)) when Constants::SECCHKRM info_hash.merge!(_info_secchkrm(ddm)) else next end end return info_hash end |