module RubySMB::Dcerpc::Netlogon
Constants
- NETR_SERVER_AUTHENTICATE3
- NETR_SERVER_PASSWORD_SET2
- NETR_SERVER_REQ_CHALLENGE
Operation numbers
- UUID
see: docs.microsoft.com/en-us/openspecs/windows_protocols/ms-nrpc/592edbc8-f6f1-40c0-9ab3-fe6725ac6d7e
- VER_MAJOR
- VER_MINOR
Public Class Methods
Calculate the netlogon session key from the provided shared secret and challenges. The shared secret is an NTLM
hash.
@param shared_secret [String] the share secret between the client and the server @param client_challenge [String] the client challenge portion of the negotiation @param server_challenge [String] the server challenge portion of the negotiation @return [String] the session key for encryption
# File lib/ruby_smb/dcerpc/netlogon.rb, line 75 def self.calculate_session_key(shared_secret, client_challenge, server_challenge) client_challenge = client_challenge.to_binary_s if client_challenge.is_a? NetlogonCredential server_challenge = server_challenge.to_binary_s if server_challenge.is_a? NetlogonCredential hmac = OpenSSL::HMAC.new(shared_secret, OpenSSL::Digest::SHA256.new) hmac << client_challenge hmac << server_challenge hmac.digest.first(16) end
Encrypt the input data using the specified session key. This is used for certain Netlogon
service operations including the authentication process. Per the specification, this uses AES-128-CFB8 with an all zero initialization vector.
@param session_key [String] the session key to use for encryption (must be 16 bytes long) @param input_data [String] the data to encrypt @return [String] the encrypted data
# File lib/ruby_smb/dcerpc/netlogon.rb, line 93 def self.encrypt_credential(session_key, input_data) cipher = OpenSSL::Cipher.new('AES-128-CFB8').encrypt cipher.iv = "\x00" * 16 cipher.key = session_key cipher.update(input_data) + cipher.final end