Module: RubySMB::Dcerpc::Netlogon

Defined in:
lib/ruby_smb/dcerpc/netlogon.rb,
lib/ruby_smb/dcerpc/netlogon/domain_controller_infow.rb,
lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_request.rb,
lib/ruby_smb/dcerpc/netlogon/dsr_get_dc_name_ex2_response.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_request.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_request.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_request.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_authenticate3_response.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_password_set2_response.rb,
lib/ruby_smb/dcerpc/netlogon/netr_server_req_challenge_response.rb

Defined Under Namespace

Classes: DomainControllerInfoW, DomainControllerInfoWPtr, DsrGetDcNameEx2Request, DsrGetDcNameEx2Response, LogonsrvHandle, NetlogonAuthenticator, NetlogonCredential, NetlogonSecureChannelType, NetrServerAuthenticate3Request, NetrServerAuthenticate3Response, NetrServerPasswordSet2Request, NetrServerPasswordSet2Response, NetrServerReqChallengeRequest, NetrServerReqChallengeResponse

Constant Summary collapse

UUID =
'12345678-1234-abcd-ef00-01234567cffb'
VER_MAJOR =
1
VER_MINOR =
0
NETR_SERVER_REQ_CHALLENGE =

Operation numbers

4
NETR_SERVER_AUTHENTICATE3 =
26
NETR_SERVER_PASSWORD_SET2 =
30
DSR_GET_DC_NAME_EX2 =
34

Class Method Summary collapse

Class Method Details

.calculate_session_key(shared_secret, client_challenge, server_challenge) ⇒ String

Calculate the netlogon session key from the provided shared secret and challenges. The shared secret is an NTLM hash.

Parameters:

  • shared_secret (String)

    the share secret between the client and the server

  • client_challenge (String)

    the client challenge portion of the negotiation

  • server_challenge (String)

    the server challenge portion of the negotiation

Returns:

  • (String)

    the session key for encryption



79
80
81
82
83
84
85
86
87
# File 'lib/ruby_smb/dcerpc/netlogon.rb', line 79

def self.calculate_session_key(shared_secret, client_challenge, server_challenge)
  client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential
  server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential

  hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new)
  hmac << client_challenge
  hmac << server_challenge
  hmac.digest.first(16)
end

.encrypt_credential(session_key, input_data) ⇒ String

Encrypt the input data using the specified session key. This is used for certain Netlogon service operations including the authentication process. Per the specification, this uses AES-128-CFB8 with an all zero initialization vector.

Parameters:

  • session_key (String)

    the session key to use for encryption (must be 16 bytes long)

  • input_data (String)

    the data to encrypt

Returns:

  • (String)

    the encrypted data



97
98
99
100
101
102
# File 'lib/ruby_smb/dcerpc/netlogon.rb', line 97

def self.encrypt_credential(session_key, input_data)
  cipher = OpenSSL::Cipher.new('AES-128-CFB8').encrypt
  cipher.iv = "\x00" * 16
  cipher.key = session_key
  cipher.update(input_data) + cipher.final
end