Open cdelafuente-r7 opened 1 year ago
Specs are needed for the new EFS RPC structures added in this PR. As a reference, this script from the original PR can be used for this:
#!/usr/bin/ruby # This script tests a full Authentication/Session Setup cycle # including protocol negotiation and authentication. require 'bundler/setup' require 'ruby_smb' empty = "\x00\x00\x00\x005\x00\x00\x00".b # file_name: "\\\\localhost\\C$\\Users\\smcintyre\\Desktop\\Encrypted\\hello world.txt" populated = "\x00\x00\x02\x00".b populated << "\x01\x00\x00\x00".b populated << "\x04\x00\x02\x00\x01\x00\x00\x00\b\x00\x02\x00 \x00\x00\x00\x00\x00\x00\x00\f\x00\x02\x00\x14\x00\x02\x00\x14\x00\x00\x00\x10\x00\x02\x00\x14\x00\x00\x00\x15\xC9\xADB\x8A\x8Au\x10Lk\xDC}7v\n\xA1\xBD{\x00/\"\x00\x00\x00\x00\x00\x00\x00\"\x00\x00\x00s\x00m\x00c\x00i\x00n\x00t\x00y\x00r\x00e\x00(\x00s\x00m\x00c\x00i\x00n\x00t\x00y\x00r\x00e\x00@\x00m\x00s\x00f\x00l\x00a\x00b\x00.\x00l\x00o\x00c\x00a\x00l\x00)\x00\x00\x00\x00\x00\x00\x00".b $stderr.puts 'empty:' BinData::trace_reading do empty = RubySMB::Dcerpc::EncryptingFileSystem::EfsRpcQueryRecoveryAgentsResponse.read(empty) end $stderr.puts empty.inspect $stderr.puts 'populated:' BinData::trace_reading do populated = RubySMB::Dcerpc::EncryptingFileSystem::EfsRpcQueryRecoveryAgentsResponse.read(populated) end $stderr.puts populated.inspect
Specs are needed for the new EFS RPC structures added in this PR. As a reference, this script from the original PR can be used for this: