No release in over 3 years
Low commit activity in last 3 years
SMB plugin for packetgen.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
 Dependencies

Runtime

~> 3.2, >= 3.2.1
~> 0.8, >= 0.8.0
 Project Readme

Gem Version

Packetgen::Plugin::SMB

This is a plugin for PacketGen gem. It adds some support for SMB protocol suite:

  • NetBIOS:
    • Datagram service,
    • Session service,
  • SMB:
    • SMB common header,
    • Negotiate command,
    • Close command,
    • NtCreateAndX command,
    • Trans command,
    • Browser subprotocol,
  • SMB2:
    • SMB2 common header (support 2.x and 3.x dialects),
    • Negotiate command,
    • SessionSetup command,
  • GSSAPI, used to transport negotiation over SMB2 commands,
  • NTLM, SMB authentication protocol,
  • LLMNR (Link-Local Multicast Name Resolution), resolution protocol used in SMB networks.

Installation

Add this line to your application's Gemfile:

gem 'packetgen-plugin-smb'

And then execute:

$ bundle

Or install it yourself as:

$ gem install packetgen-plugin-smb

Usage

SMB2 with NTLM negociation

See examples/smb-responder.

LLMNR

LLMNR is a multicast protocol. Unless you want to have a fine control on UDP layer, the simplest way is to use it over a UDP ruby socket:

require 'socket'
require 'packetgen'
require 'packetgen-plugin-smb'

LLMNR_MCAST_ADDR = '224.0.0.252'
LOCAL_IPADDR = 'x.x.x.x' # your IP

# Open a UDP socket
socket = UDPSocket.new
# Bind it to receive LLMNR response packets
socket.bind(LOCAL_IPADDR, 0)

# Send a LLMNR query
query = PacketGen.gen('LLMNR', id: 0x1234, opcode: 'query')
query.llmnr.qd << { rtype: 'Question', name: 'example.local' }
socket.send(query.to_s, 0, LLMNR_MCAST_ADDR, PacketGen::Plugin::LLMNR::UDP_PORT)

# Get answer
# data = socket.recv(1024)
data, peer = socket.recvfrom(1024)
answer = PacketGen.parse(data, first_header: 'LLMNR')
example_local_ip = answer.llmnr.an.to_a
                         .find { |an| an.is_a?(PacketGen::Header::DNS::RR) }.human_rdata
puts example_local_ip

You have to manage multicast if you want to make a LLMNR responder. For further details, see examples/llmnr-responder.

See also

API documentation: http://www.rubydoc.info/gems/packetgen-plugin-smb

License

MIT License (see LICENSE)

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/sdaubert/packetgen-plugin-smb.