module RubySMB::Dcerpc::Netlogon

Constants

NETR_SERVER_AUTHENTICATE3
NETR_SERVER_PASSWORD_SET2
NETR_SERVER_REQ_CHALLENGE

Operation numbers

UUID

see: docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/592edbc8-f6f1-40c0-9ab3-fe6725ac6d7e

VER_MAJOR
VER_MINOR

Public Class Methods

calculate_session_key(shared_secret, client_challenge, server_challenge) click to toggle source

Calculate the netlogon session key from the provided shared secret and challenges. The shared secret is an NTLM hash.

@param shared_secret [String] the share secret between the client and the server @param client_challenge [String] the client challenge portion of the negotiation @param server_challenge [String] the server challenge portion of the negotiation @return [String] the session key for encryption

# File lib/ruby_smb/dcerpc/netlogon.rb, line 75
def self.calculate_session_key(shared_secret, client_challenge, server_challenge)
  client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential
  server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential

  hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new)
  hmac << client_challenge
  hmac << server_challenge
  hmac.digest.first(16)
end
encrypt_credential(session_key, input_data) click to toggle source

Encrypt the input data using the specified session key. This is used for certain Netlogon service operations including the authentication process. Per the specification, this uses AES-128-CFB8 with an all zero initialization vector.

@param session_key [String] the session key to use for encryption (must be 16 bytes long) @param input_data [String] the data to encrypt @return [String] the encrypted data

# File lib/ruby_smb/dcerpc/netlogon.rb, line 93
def self.encrypt_credential(session_key, input_data)
  cipher = OpenSSL::Cipher.new('AES-128-CFB8').encrypt
  cipher.iv = "\x00" * 16
  cipher.key = session_key
  cipher.update(input_data) + cipher.final
end