Packetgen::Plugin::SMB

This is a plugin for PacketGen gem. It adds some support for SMB protocol suite:

• NetBIOS:
  • Datagram service,
  • Session service,
• SMB:
  • SMB common header,
  • Negotiate command,
  • Close command,
  • NtCreateAndX command,
  • Trans command,
  • Browser subprotocol,
• SMB2:
  • SMB2 common header (support 2.x and 3.x dialects),
  • Negotiate command,
  • SessionSetup command,
• GSSAPI, used to transport negotiation over SMB2 commands,
• NTLM, SMB authentication protocol,
• LLMNR (Link-Local Multicast Name Resolution), resolution protocol used in SMB networks.

Add this line to your application's Gemfile:

gem 'packetgen-plugin-smb'

And then execute:

$ bundle

Or install it yourself as:

$ gem install packetgen-plugin-smb

See examples/smb-responder.

LLMNR is a multicast protocol. Unless you want to have a fine control on UDP layer, the simplest way is to use it over a UDP ruby socket:

require 'socket'
require 'packetgen'
require 'packetgen-plugin-smb'

LLMNR_MCAST_ADDR = '224.0.0.252'
LOCAL_IPADDR = 'x.x.x.x' # your IP

# Open a UDP socket
socket = UDPSocket.new
# Bind it to receive LLMNR response packets
socket.bind(LOCAL_IPADDR, 0)

# Send a LLMNR query
query = PacketGen.gen('LLMNR', id: 0x1234, opcode: 'query')
query.llmnr.qd << { rtype: 'Question', name: 'example.local' }
socket.send(query.to_s, 0, LLMNR_MCAST_ADDR, PacketGen::Plugin::LLMNR::UDP_PORT)

# Get answer
# data = socket.recv(1024)
data, peer = socket.recvfrom(1024)
answer = PacketGen.parse(data, first_header: 'LLMNR')
example_local_ip = answer.llmnr.an.to_a
                         .find { |an| an.is_a?(PacketGen::Header::DNS::RR) }.human_rdata
puts example_local_ip

You have to manage multicast if you want to make a LLMNR responder. For further details, see examples/llmnr-responder.

API documentation: http://www.rubydoc.info/gems/packetgen-plugin-smb

MIT License (see LICENSE)

Bug reports and pull requests are welcome on GitHub at https://github.com/sdaubert/packetgen-plugin-smb.