Data

Tools

Indexes

Applications

Experiments

Awesome

An open API service indexing awesome lists of open source software.

https://github.com/sdaubert/packetgen-plugin-smb

SMB protocol suite plugin for packetgen
https://github.com/sdaubert/packetgen-plugin-smb

packetgen ruby smb smbv1

Last synced: 10 months ago
JSON representation

SMB protocol suite plugin for packetgen

Awesome Lists containing this project

README 

          
[![Gem Version](https://badge.fury.io/rb/packetgen-plugin-smb.svg)](https://badge.fury.io/rb/packetgen-plugin-smb)



# Packetgen::Plugin::SMB



This is a plugin for [PacketGen gem](https://github.com/sdaubert/packetgen). It adds some support for SMB protocol suite:



* NetBIOS:

  * Datagram service,

  * Session service,

* SMB:

  * SMB common header,

  * Negotiate command,

  * Close command,

  * NtCreateAndX command,

  * Trans command,

  * Browser subprotocol,

* SMB2:

  * SMB2 common header (support 2.x and 3.x dialects),

  * Negotiate command,

  * SessionSetup command,

* GSSAPI, used to transport negotiation over SMB2 commands,

* NTLM, SMB authentication protocol,

* LLMNR (_Link-Local Multicast Name Resolution_), resolution protocol used in SMB networks.



## Installation



Add this line to your application's Gemfile:



```ruby

gem 'packetgen-plugin-smb'

```



And then execute:



```bash

bundle

```



Or install it yourself as:



```bash

gem install packetgen-plugin-smb

```



## Usage



### SMB2 with NTLM negociation



See [examples/smb-responder](/examples/smb-responder).



### LLMNR



LLMNR is a multicast protocol. Unless you want to have a fine control on UDP layer, the simplest way is to use it over a UDP ruby socket:



```ruby

require 'socket'

require 'packetgen'

require 'packetgen-plugin-smb'



LLMNR_MCAST_ADDR = '224.0.0.252'

LOCAL_IPADDR = 'x.x.x.x' # your IP



# Open a UDP socket

socket = UDPSocket.new

# Bind it to receive LLMNR response packets

socket.bind(LOCAL_IPADDR, 0)



# Send a LLMNR query

query = PacketGen.gen('LLMNR', id: 0x1234, opcode: 'query')

query.llmnr.qd << { rtype: 'Question', name: 'example.local' }

socket.send(query.to_s, 0, LLMNR_MCAST_ADDR, PacketGen::Plugin::LLMNR::UDP_PORT)



# Get answer

# data = socket.recv(1024)

data, peer = socket.recvfrom(1024)

answer = PacketGen.parse(data, first_header: 'LLMNR')

example_local_ip = answer.llmnr.an.to_a

                         .find { |an| an.is_a?(PacketGen::Header::DNS::RR) }.human_rdata

puts example_local_ip

```



You have to manage multicast if you want to make a LLMNR responder. For further details, see [examples/llmnr-responder](/examples/llmnr-responder).



## See also



API documentation: 



## License



MIT License (see [LICENSE](https://github.com/sdaubert/packetgen-plugin-smb/blob/master/LICENSE))



## Contributing



Bug reports and pull requests are welcome on GitHub at .