Module: RubySMB::Dcerpc::Epm

Included in:

Client

Defined in:

lib/ruby_smb/dcerpc/epm.rb,
lib/ruby_smb/dcerpc/epm/epm_twrt.rb,
lib/ruby_smb/dcerpc/epm/epm_ept_map_request.rb,
lib/ruby_smb/dcerpc/epm/epm_ept_map_response.rb

Defined Under Namespace

Classes: EpmDecodedTowerOctetString, EpmEptMapRequest, EpmEptMapResponse, EpmFloorHostOrAddr, EpmFloorInterfaceOrDataIdentifier, EpmFloorPipeOrHost, EpmFloorPipeOrPort, EpmFloorProtocolIdentifier, EpmIpv4Address, EpmIpxSpxAddress, EpmTowerOctetString, EpmTwrpt, EpmTwrt

Constant Summary

UUID =

'E1AF8308-5D1F-11C9-91A4-08002B14A0FA'

VER_MAJOR =

3

VER_MINOR =

0

EPT_MAP =

Operation numbers

0x0003

Instance Method Summary

• #get_host_port_from_ept_mapper(uuid:, maj_ver:, min_ver:, max_towers: 1) ⇒ Hash

  Retrieve the service port number given a DCERPC interface UUID See: 2.2.1.2.5 ept_map Method https://pubs.opengroup.org/onlinepubs/9629399/apdxo.htm.

Instance Method Details

#get_host_port_from_ept_mapper(uuid:, maj_ver:, min_ver:, max_towers: 1) ⇒ Hash

Retrieve the service port number given a DCERPC interface UUID See: 2.2.1.2.5 ept_map Method https://pubs.opengroup.org/onlinepubs/9629399/apdxo.htm

Parameters:

• uuid (String) —

  The interface UUID

• maj_ver (Integer) —

  The interface Major version

• min_ver (Integer) —

  The interface Minor version

• max_towers (Integer) (defaults to: 1) —

  The maximum number of elements to be returned

Returns:

• (Hash) —

  A hash with the host and port

Raises:

• (RubySMB::Dcerpc::Error::InvalidPacket) —

  if the response is not a EpmEptMap packet

• (RubySMB::Dcerpc::Error::EpmError) —

  if the response error status is not STATUS_SUCCESS

# File 'lib/ruby_smb/dcerpc/epm.rb', line 30

def get_host_port_from_ept_mapper(uuid:, maj_ver:, min_ver:, max_towers: 1)
  decoded_tower = EpmDecodedTowerOctetString.new(
    interface_identifier: {
      interface: uuid,
      major_version: maj_ver,
      minor_version: min_ver
    },
    data_representation: {
      interface: Ndr::UUID,
      major_version: Ndr::VER_MAJOR,
      minor_version: Ndr::VER_MINOR
    }
  )
  tower = EpmTwrt.new(decoded_tower)
  ept_map_request = EpmEptMapRequest.new(
    obj: Uuid.new,
    map_tower: tower,
    entry_handle: Ndr::NdrContextHandle.new,
    max_towers: max_towers
  )
  response = dcerpc_request(ept_map_request)
  begin
    ept_map_response = EpmEptMapResponse.read(response)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading EptMapResponse'
  end
  unless ept_map_response.error_status == WindowsError::NTStatus::STATUS_SUCCESS
    raise RubySMB::Dcerpc::Error::EpmError,
      "Error returned with ept_map: "\
      "#{WindowsError::NTStatus.find_by_retval(ept_map_response.error_status.value).join(',')}"
  end
  tower_binary = ept_map_response.towers[0].tower_octet_string.to_binary_s
  begin
    decoded_tower = EpmDecodedTowerOctetString.read(tower_binary)
  rescue IOError
    raise RubySMB::Dcerpc::Error::InvalidPacket, 'Error reading EpmDecodedTowerOctetString'
  end
  {
    port: decoded_tower.pipe_or_port.pipe_or_port.to_i,
    host: decoded_tower.host_or_addr.host_or_addr.to_i
  }
end