Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add more password changing structures and calls #279

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Add more password changing structures and calls #279

wants to merge 2 commits into from

Conversation

smashery
Copy link
Contributor

@smashery smashery commented Nov 20, 2024
edited
Loading

Add structures for changing passwords. This is primarily to support rapid7/metasploit-framework#19666

@smashery smashery mentioned this pull request Nov 20, 2024
Open
6 tasks
@smashery smashery marked this pull request as ready for review November 20, 2024 04:28
@smcintyre-r7 smcintyre-r7 self-assigned this Nov 21, 2024
@smcintyre-r7 smcintyre-r7 added the DCERPC DCERPC related label Nov 21, 2024
smcintyre-r7
smcintyre-r7 reviewed Nov 25, 2024
View reviewed changes
Copy link
Contributor

@smcintyre-r7 smcintyre-r7 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a couple of minor comments. Over all this looks good so I'll start the testing with Metasploit.

lib/ruby_smb/dcerpc/samr.rb
cipher.key = key2
end

cipher1.update(block1) + cipher2.update(block2)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't the #final method need to be called?

Suggested change
cipher1.update(block1) + cipher2.update(block2)
cipher1.update(block1) + cipher1.final + cipher2.update(block2) + cipher2.final

lib/ruby_smb/dcerpc/samr.rb
cipher.encrypt
cipher.key = old_password_nt
end
cipher.update(buffer)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
cipher.update(buffer)
cipher.update(buffer) + cipher.final

lib/ruby_smb/dcerpc/samr/samr_get_members_in_group_response.rb
@@ -14,7 +14,7 @@ class PsamprGetMembersBuffer < SamprGetMembersBuffer
extend Ndr::PointerClassPlugin
end

# [2.1.5.8.3 SamrGetMembersInGroup (Opnum 25)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a4adbf20-040f-4416-a960-e5b7917fdae7)
# [3.1.5.8.3 SamrGetMembersInGroup (Opnum 25)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a4adbf20-040f-4416-a960-e5b7917fdae7)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
# [3.1.5.8.3 SamrGetMembersInGroup (Opnum 25)](https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/a4adbf20-040f-4416-a960-e5b7917fdae7)
# [3.1.5.8.3 SamrGetMembersInGroup (Opnum 25)](https://learn.microsoft.com/en-us/openspecs/windows_protocols/ms-samr/3ed5030d-88a3-42ca-a6e0-8c12aa2fdfbd)

I think the URL here is wrong too.

@cdelafuente-r7
Copy link
Contributor

Thanks @smashery! Do you think it would be possible to add specs for these new DCERPC structures?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@smcintyre-r7 smcintyre-r7 smcintyre-r7 left review comments

Assignees

@smcintyre-r7 smcintyre-r7

Labels
DCERPC DCERPC related
Projects
Metasploit Kanban
Status: In Progress
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smashery @cdelafuente-r7 @smcintyre-r7