dstruct 0.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +15 -0
- data/README.markdown +23 -0
- data/examples/smb_example.rb +35 -0
- data/lib/rex.rb +108 -0
- data/lib/rex/LICENSE +29 -0
- data/lib/rex/arch.rb +104 -0
- data/lib/rex/arch/sparc.rb +75 -0
- data/lib/rex/arch/x86.rb +524 -0
- data/lib/rex/assembly/nasm.rb +104 -0
- data/lib/rex/codepage.map +104 -0
- data/lib/rex/compat.rb +389 -0
- data/lib/rex/constants.rb +124 -0
- data/lib/rex/elfparsey.rb +9 -0
- data/lib/rex/elfparsey/elf.rb +121 -0
- data/lib/rex/elfparsey/elfbase.rb +256 -0
- data/lib/rex/elfparsey/exceptions.rb +25 -0
- data/lib/rex/elfscan.rb +10 -0
- data/lib/rex/elfscan/scanner.rb +226 -0
- data/lib/rex/elfscan/search.rb +44 -0
- data/lib/rex/encoder/alpha2.rb +31 -0
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
- data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
- data/lib/rex/encoder/alpha2/generic.rb +90 -0
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
- data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
- data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
- data/lib/rex/encoder/ndr.rb +90 -0
- data/lib/rex/encoder/nonalpha.rb +61 -0
- data/lib/rex/encoder/nonupper.rb +64 -0
- data/lib/rex/encoder/xdr.rb +107 -0
- data/lib/rex/encoder/xor.rb +69 -0
- data/lib/rex/encoder/xor/dword.rb +13 -0
- data/lib/rex/encoder/xor/dword_additive.rb +13 -0
- data/lib/rex/encoders/xor_dword.rb +35 -0
- data/lib/rex/encoders/xor_dword_additive.rb +53 -0
- data/lib/rex/encoding/xor.rb +20 -0
- data/lib/rex/encoding/xor/byte.rb +15 -0
- data/lib/rex/encoding/xor/dword.rb +21 -0
- data/lib/rex/encoding/xor/dword_additive.rb +92 -0
- data/lib/rex/encoding/xor/exceptions.rb +17 -0
- data/lib/rex/encoding/xor/generic.rb +146 -0
- data/lib/rex/encoding/xor/qword.rb +15 -0
- data/lib/rex/encoding/xor/word.rb +21 -0
- data/lib/rex/exceptions.rb +275 -0
- data/lib/rex/exploitation/cmdstager.rb +10 -0
- data/lib/rex/exploitation/cmdstager/base.rb +190 -0
- data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
- data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
- data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
- data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
- data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
- data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
- data/lib/rex/exploitation/egghunter.rb +425 -0
- data/lib/rex/exploitation/encryptjs.rb +78 -0
- data/lib/rex/exploitation/heaplib.js.b64 +331 -0
- data/lib/rex/exploitation/heaplib.rb +107 -0
- data/lib/rex/exploitation/js.rb +6 -0
- data/lib/rex/exploitation/js/detect.rb +69 -0
- data/lib/rex/exploitation/js/memory.rb +81 -0
- data/lib/rex/exploitation/js/network.rb +84 -0
- data/lib/rex/exploitation/js/utils.rb +33 -0
- data/lib/rex/exploitation/jsobfu.rb +513 -0
- data/lib/rex/exploitation/obfuscatejs.rb +336 -0
- data/lib/rex/exploitation/omelet.rb +321 -0
- data/lib/rex/exploitation/opcodedb.rb +819 -0
- data/lib/rex/exploitation/powershell.rb +62 -0
- data/lib/rex/exploitation/powershell/function.rb +63 -0
- data/lib/rex/exploitation/powershell/obfu.rb +98 -0
- data/lib/rex/exploitation/powershell/output.rb +151 -0
- data/lib/rex/exploitation/powershell/param.rb +23 -0
- data/lib/rex/exploitation/powershell/parser.rb +183 -0
- data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
- data/lib/rex/exploitation/powershell/script.rb +99 -0
- data/lib/rex/exploitation/ropdb.rb +190 -0
- data/lib/rex/exploitation/seh.rb +93 -0
- data/lib/rex/file.rb +160 -0
- data/lib/rex/image_source.rb +10 -0
- data/lib/rex/image_source/disk.rb +58 -0
- data/lib/rex/image_source/image_source.rb +44 -0
- data/lib/rex/image_source/memory.rb +35 -0
- data/lib/rex/io/bidirectional_pipe.rb +161 -0
- data/lib/rex/io/datagram_abstraction.rb +35 -0
- data/lib/rex/io/ring_buffer.rb +369 -0
- data/lib/rex/io/stream.rb +312 -0
- data/lib/rex/io/stream_abstraction.rb +209 -0
- data/lib/rex/io/stream_server.rb +221 -0
- data/lib/rex/job_container.rb +200 -0
- data/lib/rex/logging.rb +4 -0
- data/lib/rex/logging/log_dispatcher.rb +180 -0
- data/lib/rex/logging/log_sink.rb +43 -0
- data/lib/rex/logging/sinks/flatfile.rb +56 -0
- data/lib/rex/logging/sinks/stderr.rb +44 -0
- data/lib/rex/mac_oui.rb +16581 -0
- data/lib/rex/machparsey.rb +9 -0
- data/lib/rex/machparsey/exceptions.rb +34 -0
- data/lib/rex/machparsey/mach.rb +209 -0
- data/lib/rex/machparsey/machbase.rb +408 -0
- data/lib/rex/machscan.rb +9 -0
- data/lib/rex/machscan/scanner.rb +217 -0
- data/lib/rex/mime.rb +10 -0
- data/lib/rex/mime/encoding.rb +17 -0
- data/lib/rex/mime/header.rb +78 -0
- data/lib/rex/mime/message.rb +150 -0
- data/lib/rex/mime/part.rb +50 -0
- data/lib/rex/nop/opty2.rb +109 -0
- data/lib/rex/nop/opty2_tables.rb +301 -0
- data/lib/rex/ole.rb +202 -0
- data/lib/rex/ole/clsid.rb +44 -0
- data/lib/rex/ole/difat.rb +138 -0
- data/lib/rex/ole/directory.rb +228 -0
- data/lib/rex/ole/direntry.rb +237 -0
- data/lib/rex/ole/docs/dependencies.txt +8 -0
- data/lib/rex/ole/docs/references.txt +1 -0
- data/lib/rex/ole/fat.rb +96 -0
- data/lib/rex/ole/header.rb +201 -0
- data/lib/rex/ole/minifat.rb +74 -0
- data/lib/rex/ole/propset.rb +141 -0
- data/lib/rex/ole/samples/create_ole.rb +27 -0
- data/lib/rex/ole/samples/dir.rb +35 -0
- data/lib/rex/ole/samples/dump_stream.rb +34 -0
- data/lib/rex/ole/samples/ole_info.rb +23 -0
- data/lib/rex/ole/storage.rb +392 -0
- data/lib/rex/ole/stream.rb +50 -0
- data/lib/rex/ole/substorage.rb +46 -0
- data/lib/rex/ole/util.rb +154 -0
- data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
- data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
- data/lib/rex/parser/appscan_nokogiri.rb +367 -0
- data/lib/rex/parser/arguments.rb +108 -0
- data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
- data/lib/rex/parser/ci_nokogiri.rb +193 -0
- data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/group_policy_preferences.rb +185 -0
- data/lib/rex/parser/ini.rb +186 -0
- data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
- data/lib/rex/parser/ip360_xml.rb +98 -0
- data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
- data/lib/rex/parser/nessus_xml.rb +121 -0
- data/lib/rex/parser/netsparker_xml.rb +109 -0
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
- data/lib/rex/parser/nexpose_xml.rb +172 -0
- data/lib/rex/parser/nmap_nokogiri.rb +394 -0
- data/lib/rex/parser/nmap_xml.rb +166 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
- data/lib/rex/parser/retina_xml.rb +110 -0
- data/lib/rex/parser/unattend.rb +171 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -0
- data/lib/rex/payloads/win32.rb +3 -0
- data/lib/rex/payloads/win32/common.rb +27 -0
- data/lib/rex/payloads/win32/kernel.rb +54 -0
- data/lib/rex/payloads/win32/kernel/common.rb +55 -0
- data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
- data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
- data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
- data/lib/rex/peparsey.rb +10 -0
- data/lib/rex/peparsey/exceptions.rb +30 -0
- data/lib/rex/peparsey/pe.rb +210 -0
- data/lib/rex/peparsey/pe_memdump.rb +61 -0
- data/lib/rex/peparsey/pebase.rb +1662 -0
- data/lib/rex/peparsey/section.rb +128 -0
- data/lib/rex/pescan.rb +11 -0
- data/lib/rex/pescan/analyze.rb +366 -0
- data/lib/rex/pescan/scanner.rb +230 -0
- data/lib/rex/pescan/search.rb +68 -0
- data/lib/rex/platforms.rb +2 -0
- data/lib/rex/platforms/windows.rb +52 -0
- data/lib/rex/poly.rb +134 -0
- data/lib/rex/poly/block.rb +480 -0
- data/lib/rex/poly/machine.rb +13 -0
- data/lib/rex/poly/machine/machine.rb +830 -0
- data/lib/rex/poly/machine/x86.rb +509 -0
- data/lib/rex/poly/register.rb +101 -0
- data/lib/rex/poly/register/x86.rb +41 -0
- data/lib/rex/post.rb +7 -0
- data/lib/rex/post/dir.rb +51 -0
- data/lib/rex/post/file.rb +172 -0
- data/lib/rex/post/file_stat.rb +220 -0
- data/lib/rex/post/gen.pl +13 -0
- data/lib/rex/post/io.rb +182 -0
- data/lib/rex/post/meterpreter.rb +5 -0
- data/lib/rex/post/meterpreter/channel.rb +446 -0
- data/lib/rex/post/meterpreter/channel_container.rb +54 -0
- data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
- data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
- data/lib/rex/post/meterpreter/client.rb +483 -0
- data/lib/rex/post/meterpreter/client_core.rb +352 -0
- data/lib/rex/post/meterpreter/dependencies.rb +3 -0
- data/lib/rex/post/meterpreter/extension.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
- data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
- data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
- data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
- data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
- data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
- data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
- data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
- data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
- data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
- data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
- data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
- data/lib/rex/post/meterpreter/packet.rb +709 -0
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
- data/lib/rex/post/meterpreter/ui/console.rb +142 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
- data/lib/rex/post/permission.rb +26 -0
- data/lib/rex/post/process.rb +57 -0
- data/lib/rex/post/thread.rb +57 -0
- data/lib/rex/post/ui.rb +52 -0
- data/lib/rex/proto.rb +15 -0
- data/lib/rex/proto/addp.rb +218 -0
- data/lib/rex/proto/dcerpc.rb +7 -0
- data/lib/rex/proto/dcerpc/client.rb +362 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
- data/lib/rex/proto/dcerpc/handle.rb +48 -0
- data/lib/rex/proto/dcerpc/ndr.rb +73 -0
- data/lib/rex/proto/dcerpc/packet.rb +264 -0
- data/lib/rex/proto/dcerpc/response.rb +188 -0
- data/lib/rex/proto/dcerpc/uuid.rb +85 -0
- data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
- data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
- data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
- data/lib/rex/proto/dhcp.rb +7 -0
- data/lib/rex/proto/dhcp/constants.rb +34 -0
- data/lib/rex/proto/dhcp/server.rb +334 -0
- data/lib/rex/proto/drda.rb +6 -0
- data/lib/rex/proto/drda/constants.rb +50 -0
- data/lib/rex/proto/drda/packet.rb +253 -0
- data/lib/rex/proto/drda/utils.rb +124 -0
- data/lib/rex/proto/http.rb +7 -0
- data/lib/rex/proto/http/client.rb +722 -0
- data/lib/rex/proto/http/client_request.rb +472 -0
- data/lib/rex/proto/http/handler.rb +47 -0
- data/lib/rex/proto/http/handler/erb.rb +129 -0
- data/lib/rex/proto/http/handler/proc.rb +61 -0
- data/lib/rex/proto/http/header.rb +173 -0
- data/lib/rex/proto/http/packet.rb +414 -0
- data/lib/rex/proto/http/request.rb +354 -0
- data/lib/rex/proto/http/response.rb +151 -0
- data/lib/rex/proto/http/server.rb +385 -0
- data/lib/rex/proto/iax2.rb +2 -0
- data/lib/rex/proto/iax2/call.rb +326 -0
- data/lib/rex/proto/iax2/client.rb +218 -0
- data/lib/rex/proto/iax2/codecs.rb +5 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
- data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
- data/lib/rex/proto/iax2/constants.rb +262 -0
- data/lib/rex/proto/ipmi.rb +57 -0
- data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
- data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
- data/lib/rex/proto/ipmi/rakp2.rb +36 -0
- data/lib/rex/proto/ipmi/utils.rb +125 -0
- data/lib/rex/proto/natpmp.rb +7 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +8 -0
- data/lib/rex/proto/ntlm/base.rb +327 -0
- data/lib/rex/proto/ntlm/constants.rb +75 -0
- data/lib/rex/proto/ntlm/crypt.rb +412 -0
- data/lib/rex/proto/ntlm/exceptions.rb +17 -0
- data/lib/rex/proto/ntlm/message.rb +534 -0
- data/lib/rex/proto/ntlm/utils.rb +765 -0
- data/lib/rex/proto/ntp.rb +3 -0
- data/lib/rex/proto/ntp/constants.rb +12 -0
- data/lib/rex/proto/ntp/modes.rb +130 -0
- data/lib/rex/proto/pjl.rb +31 -0
- data/lib/rex/proto/pjl/client.rb +163 -0
- data/lib/rex/proto/proxy/socks4a.rb +441 -0
- data/lib/rex/proto/rfb.rb +13 -0
- data/lib/rex/proto/rfb/cipher.rb +82 -0
- data/lib/rex/proto/rfb/client.rb +205 -0
- data/lib/rex/proto/rfb/constants.rb +50 -0
- data/lib/rex/proto/sip.rb +4 -0
- data/lib/rex/proto/sip/response.rb +61 -0
- data/lib/rex/proto/smb.rb +8 -0
- data/lib/rex/proto/smb/client.rb +2064 -0
- data/lib/rex/proto/smb/constants.rb +1064 -0
- data/lib/rex/proto/smb/crypt.rb +37 -0
- data/lib/rex/proto/smb/evasions.rb +67 -0
- data/lib/rex/proto/smb/exceptions.rb +867 -0
- data/lib/rex/proto/smb/simpleclient.rb +173 -0
- data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
- data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
- data/lib/rex/proto/smb/utils.rb +104 -0
- data/lib/rex/proto/sunrpc.rb +2 -0
- data/lib/rex/proto/sunrpc/client.rb +196 -0
- data/lib/rex/proto/tftp.rb +13 -0
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +39 -0
- data/lib/rex/proto/tftp/server.rb +497 -0
- data/lib/rex/random_identifier_generator.rb +177 -0
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +8 -0
- data/lib/rex/ropbuilder/rop.rb +271 -0
- data/lib/rex/script.rb +42 -0
- data/lib/rex/script/base.rb +61 -0
- data/lib/rex/script/meterpreter.rb +16 -0
- data/lib/rex/script/shell.rb +10 -0
- data/lib/rex/service.rb +49 -0
- data/lib/rex/service_manager.rb +154 -0
- data/lib/rex/services/local_relay.rb +424 -0
- data/lib/rex/socket.rb +788 -0
- data/lib/rex/socket/comm.rb +120 -0
- data/lib/rex/socket/comm/local.rb +526 -0
- data/lib/rex/socket/ip.rb +132 -0
- data/lib/rex/socket/parameters.rb +363 -0
- data/lib/rex/socket/range_walker.rb +470 -0
- data/lib/rex/socket/ssl_tcp.rb +345 -0
- data/lib/rex/socket/ssl_tcp_server.rb +188 -0
- data/lib/rex/socket/subnet_walker.rb +76 -0
- data/lib/rex/socket/switch_board.rb +289 -0
- data/lib/rex/socket/tcp.rb +79 -0
- data/lib/rex/socket/tcp_server.rb +67 -0
- data/lib/rex/socket/udp.rb +165 -0
- data/lib/rex/sslscan/result.rb +201 -0
- data/lib/rex/sslscan/scanner.rb +206 -0
- data/lib/rex/struct2.rb +5 -0
- data/lib/rex/struct2/c_struct.rb +181 -0
- data/lib/rex/struct2/c_struct_template.rb +39 -0
- data/lib/rex/struct2/constant.rb +26 -0
- data/lib/rex/struct2/element.rb +44 -0
- data/lib/rex/struct2/generic.rb +73 -0
- data/lib/rex/struct2/restraint.rb +54 -0
- data/lib/rex/struct2/s_string.rb +72 -0
- data/lib/rex/struct2/s_struct.rb +111 -0
- data/lib/rex/sync.rb +6 -0
- data/lib/rex/sync/event.rb +85 -0
- data/lib/rex/sync/read_write_lock.rb +177 -0
- data/lib/rex/sync/ref.rb +58 -0
- data/lib/rex/sync/thread_safe.rb +83 -0
- data/lib/rex/text.rb +1813 -0
- data/lib/rex/thread_factory.rb +43 -0
- data/lib/rex/time.rb +66 -0
- data/lib/rex/transformer.rb +116 -0
- data/lib/rex/ui.rb +22 -0
- data/lib/rex/ui/interactive.rb +304 -0
- data/lib/rex/ui/output.rb +85 -0
- data/lib/rex/ui/output/none.rb +19 -0
- data/lib/rex/ui/progress_tracker.rb +97 -0
- data/lib/rex/ui/subscriber.rb +160 -0
- data/lib/rex/ui/text/color.rb +98 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
- data/lib/rex/ui/text/input.rb +119 -0
- data/lib/rex/ui/text/input/buffer.rb +79 -0
- data/lib/rex/ui/text/input/readline.rb +129 -0
- data/lib/rex/ui/text/input/socket.rb +96 -0
- data/lib/rex/ui/text/input/stdio.rb +46 -0
- data/lib/rex/ui/text/irb_shell.rb +62 -0
- data/lib/rex/ui/text/output.rb +86 -0
- data/lib/rex/ui/text/output/buffer.rb +62 -0
- data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
- data/lib/rex/ui/text/output/file.rb +44 -0
- data/lib/rex/ui/text/output/socket.rb +44 -0
- data/lib/rex/ui/text/output/stdio.rb +53 -0
- data/lib/rex/ui/text/output/tee.rb +56 -0
- data/lib/rex/ui/text/progress_tracker.rb +57 -0
- data/lib/rex/ui/text/shell.rb +403 -0
- data/lib/rex/ui/text/table.rb +346 -0
- data/lib/rex/zip.rb +96 -0
- data/lib/rex/zip/archive.rb +130 -0
- data/lib/rex/zip/blocks.rb +184 -0
- data/lib/rex/zip/entry.rb +122 -0
- data/lib/rex/zip/jar.rb +283 -0
- data/lib/rex/zip/samples/comment.rb +32 -0
- data/lib/rex/zip/samples/mkwar.rb +138 -0
- data/lib/rex/zip/samples/mkzip.rb +19 -0
- data/lib/rex/zip/samples/recursive.rb +58 -0
- metadata +536 -0
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
#
|
|
3
|
+
# TFTP Server implementation according to:
|
|
4
|
+
#
|
|
5
|
+
# RFC1350, RFC2347, RFC2348, RFC2349
|
|
6
|
+
#
|
|
7
|
+
# written by jduck <jduck [at] metasploit.com>
|
|
8
|
+
# thx to scriptjunkie for pointing out option extensions
|
|
9
|
+
#
|
|
10
|
+
|
|
11
|
+
require 'rex/proto/tftp/constants'
|
|
12
|
+
require 'rex/proto/tftp/server'
|
|
13
|
+
require 'rex/proto/tftp/client'
|
|
@@ -0,0 +1,344 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
require 'rex/socket'
|
|
3
|
+
require 'rex/proto/tftp'
|
|
4
|
+
require 'tempfile'
|
|
5
|
+
|
|
6
|
+
module Rex
|
|
7
|
+
module Proto
|
|
8
|
+
module TFTP
|
|
9
|
+
|
|
10
|
+
#
|
|
11
|
+
# TFTP Client class
|
|
12
|
+
#
|
|
13
|
+
# Note that TFTP has blocks, and so does Ruby. Watch out with the variable names!
|
|
14
|
+
#
|
|
15
|
+
# The big gotcha right now is that setting the mode between octet, netascii, or
|
|
16
|
+
# anything else doesn't actually do anything other than declare it to the
|
|
17
|
+
# server.
|
|
18
|
+
#
|
|
19
|
+
# Also, since TFTP clients act as both clients and servers, we use two
|
|
20
|
+
# threads to handle transfers, regardless of the direction. For this reason,
|
|
21
|
+
# the transfer actions are nonblocking; if you need to see the
|
|
22
|
+
# results of a transfer before doing something else, check the boolean complete
|
|
23
|
+
# attribute and any return data in the :status attribute. It's a little
|
|
24
|
+
# weird like that.
|
|
25
|
+
#
|
|
26
|
+
# Finally, most (all?) clients will alter the data in netascii mode in order
|
|
27
|
+
# to try to conform to the RFC standard for what "netascii" means, but there are
|
|
28
|
+
# ambiguities in implementations on things like if nulls are allowed, what
|
|
29
|
+
# to do with Unicode, and all that. For this reason, "octet" is default, and
|
|
30
|
+
# if you want to send "netascii" data, it's on you to fix up your source data
|
|
31
|
+
# prior to sending it.
|
|
32
|
+
#
|
|
33
|
+
class Client
|
|
34
|
+
|
|
35
|
+
attr_accessor :local_host, :local_port, :peer_host, :peer_port
|
|
36
|
+
attr_accessor :threads, :context, :server_sock, :client_sock
|
|
37
|
+
attr_accessor :local_file, :remote_file, :mode, :action
|
|
38
|
+
attr_accessor :complete, :recv_tempfile, :status
|
|
39
|
+
attr_accessor :block_size # This definitely breaks spec, should only use for fuzz/sploit.
|
|
40
|
+
|
|
41
|
+
# Returns an array of [code, type, msg]. Data packets
|
|
42
|
+
# specifically will /not/ unpack, since that would drop any trailing spaces or nulls.
|
|
43
|
+
def parse_tftp_response(str)
|
|
44
|
+
return nil unless str.length >= 4
|
|
45
|
+
ret = str.unpack("nnA*")
|
|
46
|
+
ret[2] = str[4,str.size] if ret[0] == OpData
|
|
47
|
+
return ret
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
def initialize(params)
|
|
51
|
+
self.threads = []
|
|
52
|
+
self.local_host = params["LocalHost"] || "0.0.0.0"
|
|
53
|
+
self.local_port = params["LocalPort"] || (1025 + rand(0xffff-1025))
|
|
54
|
+
self.peer_host = params["PeerHost"] || (raise ArgumentError, "Need a peer host.")
|
|
55
|
+
self.peer_port = params["PeerPort"] || 69
|
|
56
|
+
self.context = params["Context"]
|
|
57
|
+
self.local_file = params["LocalFile"]
|
|
58
|
+
self.remote_file = params["RemoteFile"] || (::File.split(self.local_file).last if self.local_file)
|
|
59
|
+
self.mode = params["Mode"] || "octet"
|
|
60
|
+
self.action = params["Action"] || (raise ArgumentError, "Need an action.")
|
|
61
|
+
self.block_size = params["BlockSize"] || 512
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
#
|
|
65
|
+
# Methods for both upload and download
|
|
66
|
+
#
|
|
67
|
+
|
|
68
|
+
def start_server_socket
|
|
69
|
+
self.server_sock = Rex::Socket::Udp.create(
|
|
70
|
+
'LocalHost' => local_host,
|
|
71
|
+
'LocalPort' => local_port,
|
|
72
|
+
'Context' => context
|
|
73
|
+
)
|
|
74
|
+
if self.server_sock and block_given?
|
|
75
|
+
yield "Started TFTP client listener on #{local_host}:#{local_port}"
|
|
76
|
+
end
|
|
77
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
|
|
78
|
+
if block_given?
|
|
79
|
+
monitor_server_sock {|msg| yield msg}
|
|
80
|
+
else
|
|
81
|
+
monitor_server_sock
|
|
82
|
+
end
|
|
83
|
+
}
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def monitor_server_sock
|
|
87
|
+
yield "Listening for incoming ACKs" if block_given?
|
|
88
|
+
res = self.server_sock.recvfrom(65535)
|
|
89
|
+
if res and res[0]
|
|
90
|
+
code, type, data = parse_tftp_response(res[0])
|
|
91
|
+
if code == OpAck and self.action == :upload
|
|
92
|
+
if block_given?
|
|
93
|
+
yield "WRQ accepted, sending the file." if type == 0
|
|
94
|
+
send_data(res[1], res[2]) {|msg| yield msg}
|
|
95
|
+
else
|
|
96
|
+
send_data(res[1], res[2])
|
|
97
|
+
end
|
|
98
|
+
elsif code == OpData and self.action == :download
|
|
99
|
+
if block_given?
|
|
100
|
+
recv_data(res[1], res[2], data) {|msg| yield msg}
|
|
101
|
+
else
|
|
102
|
+
recv_data(res[1], res[2], data)
|
|
103
|
+
end
|
|
104
|
+
elsif code == OpError
|
|
105
|
+
yield("Aborting, got error type:%d, message:'%s'" % [type, data]) if block_given?
|
|
106
|
+
self.status = {:error => [code, type, data]}
|
|
107
|
+
else
|
|
108
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
|
|
109
|
+
self.status = {:error => [code, type, data]}
|
|
110
|
+
end
|
|
111
|
+
end
|
|
112
|
+
stop
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
def monitor_client_sock
|
|
116
|
+
res = self.client_sock.recvfrom(65535)
|
|
117
|
+
if res[1] # Got a response back, so that's never good; Acks come back on server_sock.
|
|
118
|
+
code, type, data = parse_tftp_response(res[0])
|
|
119
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
|
|
120
|
+
self.status = {:error => [code, type, data]}
|
|
121
|
+
stop
|
|
122
|
+
end
|
|
123
|
+
end
|
|
124
|
+
|
|
125
|
+
def stop
|
|
126
|
+
self.complete = true
|
|
127
|
+
begin
|
|
128
|
+
self.server_sock.close
|
|
129
|
+
self.client_sock.close
|
|
130
|
+
self.server_sock = nil
|
|
131
|
+
self.client_sock = nil
|
|
132
|
+
self.threads.each {|t| t.kill}
|
|
133
|
+
rescue
|
|
134
|
+
nil
|
|
135
|
+
end
|
|
136
|
+
end
|
|
137
|
+
|
|
138
|
+
#
|
|
139
|
+
# Methods for download
|
|
140
|
+
#
|
|
141
|
+
|
|
142
|
+
def rrq_packet
|
|
143
|
+
req = [OpRead, self.remote_file, self.mode]
|
|
144
|
+
packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
|
|
145
|
+
req.pack(packstr)
|
|
146
|
+
end
|
|
147
|
+
|
|
148
|
+
def ack_packet(blocknum=0)
|
|
149
|
+
req = [OpAck, blocknum].pack("nn")
|
|
150
|
+
end
|
|
151
|
+
|
|
152
|
+
def send_read_request(&block)
|
|
153
|
+
self.status = nil
|
|
154
|
+
self.complete = false
|
|
155
|
+
if block_given?
|
|
156
|
+
start_server_socket {|msg| yield msg}
|
|
157
|
+
else
|
|
158
|
+
start_server_socket
|
|
159
|
+
end
|
|
160
|
+
self.client_sock = Rex::Socket::Udp.create(
|
|
161
|
+
'PeerHost' => peer_host,
|
|
162
|
+
'PeerPort' => peer_port,
|
|
163
|
+
'LocalHost' => local_host,
|
|
164
|
+
'LocalPort' => local_port,
|
|
165
|
+
'Context' => context
|
|
166
|
+
)
|
|
167
|
+
self.client_sock.sendto(rrq_packet, peer_host, peer_port)
|
|
168
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
|
|
169
|
+
if block_given?
|
|
170
|
+
monitor_client_sock {|msg| yield msg}
|
|
171
|
+
else
|
|
172
|
+
monitor_client_sock
|
|
173
|
+
end
|
|
174
|
+
}
|
|
175
|
+
until self.complete
|
|
176
|
+
return self.status
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
180
|
+
def recv_data(host, port, first_block)
|
|
181
|
+
self.recv_tempfile = Rex::Quickfile.new('msf-tftp')
|
|
182
|
+
recvd_blocks = 1
|
|
183
|
+
if block_given?
|
|
184
|
+
yield "Source file: #{self.remote_file}, destination file: #{self.local_file}"
|
|
185
|
+
yield "Received and acknowledged #{first_block.size} in block #{recvd_blocks}"
|
|
186
|
+
end
|
|
187
|
+
if block_given?
|
|
188
|
+
write_and_ack_data(first_block,1,host,port) {|msg| yield msg}
|
|
189
|
+
else
|
|
190
|
+
write_and_ack_data(first_block,1,host,port)
|
|
191
|
+
end
|
|
192
|
+
current_block = first_block
|
|
193
|
+
while current_block.size == 512
|
|
194
|
+
res = self.server_sock.recvfrom(65535)
|
|
195
|
+
if res and res[0]
|
|
196
|
+
code, block_num, current_block = parse_tftp_response(res[0])
|
|
197
|
+
if code == 3
|
|
198
|
+
if block_given?
|
|
199
|
+
write_and_ack_data(current_block,block_num,host,port) {|msg| yield msg}
|
|
200
|
+
else
|
|
201
|
+
write_and_ack_data(current_block,block_num,host,port)
|
|
202
|
+
end
|
|
203
|
+
recvd_blocks += 1
|
|
204
|
+
else
|
|
205
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, msg]) if block_given?
|
|
206
|
+
stop
|
|
207
|
+
end
|
|
208
|
+
end
|
|
209
|
+
end
|
|
210
|
+
if block_given?
|
|
211
|
+
yield("Transferred #{self.recv_tempfile.size} bytes in #{recvd_blocks} blocks, download complete!")
|
|
212
|
+
end
|
|
213
|
+
self.status = {:success => [
|
|
214
|
+
self.local_file,
|
|
215
|
+
self.remote_file,
|
|
216
|
+
self.recv_tempfile.size,
|
|
217
|
+
recvd_blocks.size]
|
|
218
|
+
}
|
|
219
|
+
self.recv_tempfile.close
|
|
220
|
+
stop
|
|
221
|
+
end
|
|
222
|
+
|
|
223
|
+
def write_and_ack_data(data,blocknum,host,port)
|
|
224
|
+
self.recv_tempfile.write(data)
|
|
225
|
+
self.recv_tempfile.flush
|
|
226
|
+
req = ack_packet(blocknum)
|
|
227
|
+
self.server_sock.sendto(req, host, port)
|
|
228
|
+
yield "Received and acknowledged #{data.size} in block #{blocknum}" if block_given?
|
|
229
|
+
end
|
|
230
|
+
|
|
231
|
+
#
|
|
232
|
+
# Methods for upload
|
|
233
|
+
#
|
|
234
|
+
|
|
235
|
+
def wrq_packet
|
|
236
|
+
req = [OpWrite, self.remote_file, self.mode]
|
|
237
|
+
packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
|
|
238
|
+
req.pack(packstr)
|
|
239
|
+
end
|
|
240
|
+
|
|
241
|
+
# Note that the local filename for uploading need not be a real filename --
|
|
242
|
+
# if it begins with DATA: it can be any old string of bytes. If it's missing
|
|
243
|
+
# completely, then just quit.
|
|
244
|
+
def blockify_file_or_data
|
|
245
|
+
if self.local_file =~ /^DATA:(.*)/m
|
|
246
|
+
data = $1
|
|
247
|
+
elsif ::File.file?(self.local_file) and ::File.readable?(self.local_file)
|
|
248
|
+
data = ::File.open(self.local_file, "rb") {|f| f.read f.stat.size} rescue []
|
|
249
|
+
else
|
|
250
|
+
return []
|
|
251
|
+
end
|
|
252
|
+
data_blocks = data.scan(/.{1,#{block_size}}/m)
|
|
253
|
+
# Drop any trailing empty blocks
|
|
254
|
+
if data_blocks.size > 1 and data_blocks.last.empty?
|
|
255
|
+
data_blocks.pop
|
|
256
|
+
end
|
|
257
|
+
return data_blocks
|
|
258
|
+
end
|
|
259
|
+
|
|
260
|
+
def send_write_request(&block)
|
|
261
|
+
self.status = nil
|
|
262
|
+
self.complete = false
|
|
263
|
+
if block_given?
|
|
264
|
+
start_server_socket {|msg| yield msg}
|
|
265
|
+
else
|
|
266
|
+
start_server_socket
|
|
267
|
+
end
|
|
268
|
+
self.client_sock = Rex::Socket::Udp.create(
|
|
269
|
+
'PeerHost' => peer_host,
|
|
270
|
+
'PeerPort' => peer_port,
|
|
271
|
+
'LocalHost' => local_host,
|
|
272
|
+
'LocalPort' => local_port,
|
|
273
|
+
'Context' => context
|
|
274
|
+
)
|
|
275
|
+
self.client_sock.sendto(wrq_packet, peer_host, peer_port)
|
|
276
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
|
|
277
|
+
if block_given?
|
|
278
|
+
monitor_client_sock {|msg| yield msg}
|
|
279
|
+
else
|
|
280
|
+
monitor_client_sock
|
|
281
|
+
end
|
|
282
|
+
}
|
|
283
|
+
until self.complete
|
|
284
|
+
return self.status
|
|
285
|
+
end
|
|
286
|
+
end
|
|
287
|
+
|
|
288
|
+
def send_data(host,port)
|
|
289
|
+
self.status = {:write_allowed => true}
|
|
290
|
+
data_blocks = blockify_file_or_data()
|
|
291
|
+
if data_blocks.empty?
|
|
292
|
+
yield "Closing down since there is no data to send." if block_given?
|
|
293
|
+
self.status = {:success => [self.local_file, self.local_file, 0, 0]}
|
|
294
|
+
return nil
|
|
295
|
+
end
|
|
296
|
+
sent_data = 0
|
|
297
|
+
sent_blocks = 0
|
|
298
|
+
expected_blocks = data_blocks.size
|
|
299
|
+
expected_size = data_blocks.join.size
|
|
300
|
+
if block_given?
|
|
301
|
+
yield "Source file: #{self.local_file =~ /^DATA:/ ? "(Data)" : self.remote_file}, destination file: #{self.remote_file}"
|
|
302
|
+
yield "Sending #{expected_size} bytes (#{expected_blocks} blocks)"
|
|
303
|
+
end
|
|
304
|
+
data_blocks.each_with_index do |data_block,idx|
|
|
305
|
+
req = [OpData, (idx + 1), data_block].pack("nnA*")
|
|
306
|
+
if self.server_sock.sendto(req, host, port) > 0
|
|
307
|
+
sent_data += data_block.size
|
|
308
|
+
end
|
|
309
|
+
res = self.server_sock.recvfrom(65535)
|
|
310
|
+
if res
|
|
311
|
+
code, type, msg = parse_tftp_response(res[0])
|
|
312
|
+
if code == 4
|
|
313
|
+
sent_blocks += 1
|
|
314
|
+
yield "Sent #{data_block.size} bytes in block #{sent_blocks}" if block_given?
|
|
315
|
+
else
|
|
316
|
+
if block_given?
|
|
317
|
+
yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
|
|
318
|
+
end
|
|
319
|
+
break
|
|
320
|
+
end
|
|
321
|
+
end
|
|
322
|
+
end
|
|
323
|
+
if block_given?
|
|
324
|
+
if(sent_data == expected_size)
|
|
325
|
+
yield("Transferred #{sent_data} bytes in #{sent_blocks} blocks, upload complete!")
|
|
326
|
+
else
|
|
327
|
+
yield "Upload complete, but with errors."
|
|
328
|
+
end
|
|
329
|
+
end
|
|
330
|
+
if sent_data == expected_size
|
|
331
|
+
self.status = {:success => [
|
|
332
|
+
self.local_file,
|
|
333
|
+
self.remote_file,
|
|
334
|
+
sent_data,
|
|
335
|
+
sent_blocks
|
|
336
|
+
] }
|
|
337
|
+
end
|
|
338
|
+
end
|
|
339
|
+
|
|
340
|
+
end
|
|
341
|
+
|
|
342
|
+
end
|
|
343
|
+
end
|
|
344
|
+
end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
require 'rex/proto/tftp'
|
|
3
|
+
|
|
4
|
+
module Rex
|
|
5
|
+
module Proto
|
|
6
|
+
module TFTP
|
|
7
|
+
|
|
8
|
+
OPCODES = %w{ Unknown RRQ WRQ DATA ACK ERROR }
|
|
9
|
+
OpRead = 1
|
|
10
|
+
OpWrite = 2
|
|
11
|
+
OpData = 3
|
|
12
|
+
OpAck = 4
|
|
13
|
+
OpError = 5
|
|
14
|
+
OpOptAck = 6
|
|
15
|
+
|
|
16
|
+
ERRCODES = [
|
|
17
|
+
"Undefined",
|
|
18
|
+
"File not found",
|
|
19
|
+
"Access violation",
|
|
20
|
+
"Disk full or allocation exceeded",
|
|
21
|
+
"Illegal TFTP operation",
|
|
22
|
+
"Unknown transfer ID",
|
|
23
|
+
"File already exists",
|
|
24
|
+
"No such user",
|
|
25
|
+
"Failed option negotiation"
|
|
26
|
+
]
|
|
27
|
+
|
|
28
|
+
ErrFileNotFound = 1
|
|
29
|
+
ErrAccessViolation = 2
|
|
30
|
+
ErrDiskFull = 3
|
|
31
|
+
ErrIllegalOperation = 4
|
|
32
|
+
ErrUnknownTransferId = 5
|
|
33
|
+
ErrFileExists = 6
|
|
34
|
+
ErrNoSuchUser = 7
|
|
35
|
+
ErrFailedOptNegotiation = 8
|
|
36
|
+
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
|
@@ -0,0 +1,497 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
require 'rex/socket'
|
|
3
|
+
require 'rex/proto/tftp'
|
|
4
|
+
|
|
5
|
+
module Rex
|
|
6
|
+
module Proto
|
|
7
|
+
module TFTP
|
|
8
|
+
|
|
9
|
+
#
|
|
10
|
+
# Little util function
|
|
11
|
+
#
|
|
12
|
+
def self.get_string(data)
|
|
13
|
+
idx = data.index("\x00")
|
|
14
|
+
return nil if not idx
|
|
15
|
+
ret = data.slice!(0, idx)
|
|
16
|
+
# Slice off the nul byte.
|
|
17
|
+
data.slice!(0,1)
|
|
18
|
+
ret
|
|
19
|
+
end
|
|
20
|
+
|
|
21
|
+
|
|
22
|
+
##
|
|
23
|
+
#
|
|
24
|
+
# TFTP Server class
|
|
25
|
+
#
|
|
26
|
+
##
|
|
27
|
+
class Server
|
|
28
|
+
|
|
29
|
+
def initialize(port = 69, listen_host = '0.0.0.0', context = {})
|
|
30
|
+
self.listen_host = listen_host
|
|
31
|
+
self.listen_port = port
|
|
32
|
+
self.context = context
|
|
33
|
+
self.sock = nil
|
|
34
|
+
@shutting_down = false
|
|
35
|
+
@output_dir = nil
|
|
36
|
+
@tftproot = nil
|
|
37
|
+
|
|
38
|
+
self.files = []
|
|
39
|
+
self.uploaded = []
|
|
40
|
+
self.transfers = []
|
|
41
|
+
end
|
|
42
|
+
|
|
43
|
+
|
|
44
|
+
#
|
|
45
|
+
# Start the TFTP server
|
|
46
|
+
#
|
|
47
|
+
def start
|
|
48
|
+
self.sock = Rex::Socket::Udp.create(
|
|
49
|
+
'LocalHost' => listen_host,
|
|
50
|
+
'LocalPort' => listen_port,
|
|
51
|
+
'Context' => context
|
|
52
|
+
)
|
|
53
|
+
|
|
54
|
+
self.thread = Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
|
|
55
|
+
monitor_socket
|
|
56
|
+
}
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
#
|
|
61
|
+
# Stop the TFTP server
|
|
62
|
+
#
|
|
63
|
+
def stop
|
|
64
|
+
@shutting_down = true
|
|
65
|
+
|
|
66
|
+
# Wait a maximum of 30 seconds for all transfers to finish.
|
|
67
|
+
start = ::Time.now
|
|
68
|
+
while (self.transfers.length > 0)
|
|
69
|
+
::IO.select(nil, nil, nil, 0.5)
|
|
70
|
+
dur = ::Time.now - start
|
|
71
|
+
break if (dur > 30)
|
|
72
|
+
end
|
|
73
|
+
|
|
74
|
+
self.files.clear
|
|
75
|
+
self.thread.kill
|
|
76
|
+
self.sock.close rescue nil # might be closed already
|
|
77
|
+
end
|
|
78
|
+
|
|
79
|
+
|
|
80
|
+
#
|
|
81
|
+
# Register a filename and content for a client to request
|
|
82
|
+
#
|
|
83
|
+
def register_file(fn, content, once = false)
|
|
84
|
+
self.files << {
|
|
85
|
+
:name => fn,
|
|
86
|
+
:data => content,
|
|
87
|
+
:once => once
|
|
88
|
+
}
|
|
89
|
+
end
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
#
|
|
93
|
+
# Register an entire directory to serve files from
|
|
94
|
+
#
|
|
95
|
+
def set_tftproot(rootdir)
|
|
96
|
+
@tftproot = rootdir if ::File.directory?(rootdir)
|
|
97
|
+
end
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
#
|
|
101
|
+
# Register a directory to write uploaded files to
|
|
102
|
+
#
|
|
103
|
+
def set_output_dir(outdir)
|
|
104
|
+
@output_dir = outdir if ::File.directory?(outdir)
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
|
|
108
|
+
#
|
|
109
|
+
# Send an error packet w/the specified code and string
|
|
110
|
+
#
|
|
111
|
+
def send_error(from, num)
|
|
112
|
+
if (num < 1 or num >= ERRCODES.length)
|
|
113
|
+
# ignore..
|
|
114
|
+
return
|
|
115
|
+
end
|
|
116
|
+
pkt = [OpError, num].pack('nn')
|
|
117
|
+
pkt << ERRCODES[num]
|
|
118
|
+
pkt << "\x00"
|
|
119
|
+
send_packet(from, pkt)
|
|
120
|
+
end
|
|
121
|
+
|
|
122
|
+
|
|
123
|
+
#
|
|
124
|
+
# Send a single packet to the specified host
|
|
125
|
+
#
|
|
126
|
+
def send_packet(from, pkt)
|
|
127
|
+
self.sock.sendto(pkt, from[0], from[1])
|
|
128
|
+
end
|
|
129
|
+
|
|
130
|
+
|
|
131
|
+
#
|
|
132
|
+
# Find the hash entry for a file that may be offered
|
|
133
|
+
#
|
|
134
|
+
def find_file(fname)
|
|
135
|
+
# Files served via register_file() take precedence.
|
|
136
|
+
self.files.each do |f|
|
|
137
|
+
if (fname == f[:name])
|
|
138
|
+
return f
|
|
139
|
+
end
|
|
140
|
+
end
|
|
141
|
+
|
|
142
|
+
# Now, if we have a tftproot, see if it can serve from it
|
|
143
|
+
if @tftproot
|
|
144
|
+
return find_file_in_root(fname)
|
|
145
|
+
end
|
|
146
|
+
|
|
147
|
+
nil
|
|
148
|
+
end
|
|
149
|
+
|
|
150
|
+
|
|
151
|
+
#
|
|
152
|
+
# Find the file in the specified tftp root and add a temporary
|
|
153
|
+
# entry to the files hash.
|
|
154
|
+
#
|
|
155
|
+
def find_file_in_root(fname)
|
|
156
|
+
fn = ::File.expand_path(::File.join(@tftproot, fname))
|
|
157
|
+
|
|
158
|
+
# Don't allow directory traversal
|
|
159
|
+
return nil if fn.index(@tftproot) != 0
|
|
160
|
+
|
|
161
|
+
return nil if not ::File.file?(fn) or not ::File.readable?(fn)
|
|
162
|
+
|
|
163
|
+
# Read the file contents, and register it as being served once
|
|
164
|
+
data = data = ::File.open(fn, "rb") { |fd| fd.read(fd.stat.size) }
|
|
165
|
+
register_file(fname, data)
|
|
166
|
+
|
|
167
|
+
# Return the last file in the array
|
|
168
|
+
return self.files[-1]
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
|
|
172
|
+
attr_accessor :listen_host, :listen_port, :context
|
|
173
|
+
attr_accessor :sock, :files, :transfers, :uploaded
|
|
174
|
+
attr_accessor :thread
|
|
175
|
+
|
|
176
|
+
attr_accessor :incoming_file_hook
|
|
177
|
+
|
|
178
|
+
protected
|
|
179
|
+
|
|
180
|
+
def find_transfer(type, from, block)
|
|
181
|
+
self.transfers.each do |tr|
|
|
182
|
+
if (tr[:type] == type and tr[:from] == from and tr[:block] == block)
|
|
183
|
+
return tr
|
|
184
|
+
end
|
|
185
|
+
end
|
|
186
|
+
nil
|
|
187
|
+
end
|
|
188
|
+
|
|
189
|
+
def save_output(tr)
|
|
190
|
+
self.uploaded << tr[:file]
|
|
191
|
+
|
|
192
|
+
return incoming_file_hook.call(tr) if incoming_file_hook
|
|
193
|
+
|
|
194
|
+
if @output_dir
|
|
195
|
+
fn = tr[:file][:name].split(File::SEPARATOR)[-1]
|
|
196
|
+
if fn
|
|
197
|
+
fn = ::File.join(@output_dir, Rex::FileUtils.clean_path(fn))
|
|
198
|
+
::File.open(fn, "wb") { |fd|
|
|
199
|
+
fd.write(tr[:file][:data])
|
|
200
|
+
}
|
|
201
|
+
end
|
|
202
|
+
end
|
|
203
|
+
end
|
|
204
|
+
|
|
205
|
+
|
|
206
|
+
def check_retransmission(tr)
|
|
207
|
+
elapsed = ::Time.now - tr[:last_sent]
|
|
208
|
+
if (elapsed >= tr[:timeout])
|
|
209
|
+
# max retries reached?
|
|
210
|
+
if (tr[:retries] < 3)
|
|
211
|
+
#if (tr[:type] == OpRead)
|
|
212
|
+
# puts "[-] ack timed out, resending block"
|
|
213
|
+
#else
|
|
214
|
+
# puts "[-] block timed out, resending ack"
|
|
215
|
+
#end
|
|
216
|
+
tr[:last_sent] = nil
|
|
217
|
+
tr[:retries] += 1
|
|
218
|
+
else
|
|
219
|
+
#puts "[-] maximum tries reached, terminating transfer"
|
|
220
|
+
self.transfers.delete(tr)
|
|
221
|
+
end
|
|
222
|
+
end
|
|
223
|
+
end
|
|
224
|
+
|
|
225
|
+
|
|
226
|
+
#
|
|
227
|
+
# See if there is anything to do.. If so, dispatch it.
|
|
228
|
+
#
|
|
229
|
+
def monitor_socket
|
|
230
|
+
while true
|
|
231
|
+
rds = [@sock]
|
|
232
|
+
wds = []
|
|
233
|
+
self.transfers.each do |tr|
|
|
234
|
+
if (not tr[:last_sent])
|
|
235
|
+
wds << @sock
|
|
236
|
+
break
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
eds = [@sock]
|
|
240
|
+
|
|
241
|
+
r,w,e = ::IO.select(rds,wds,eds,1)
|
|
242
|
+
|
|
243
|
+
if (r != nil and r[0] == self.sock)
|
|
244
|
+
buf,host,port = self.sock.recvfrom(65535)
|
|
245
|
+
# Lame compatabilitiy :-/
|
|
246
|
+
from = [host, port]
|
|
247
|
+
dispatch_request(from, buf)
|
|
248
|
+
end
|
|
249
|
+
|
|
250
|
+
#
|
|
251
|
+
# Check to see if transfers need maintenance
|
|
252
|
+
#
|
|
253
|
+
self.transfers.each do |tr|
|
|
254
|
+
# We handle RRQ and WRQ separately
|
|
255
|
+
#
|
|
256
|
+
if (tr[:type] == OpRead)
|
|
257
|
+
# Are we awaiting an ack?
|
|
258
|
+
if (tr[:last_sent])
|
|
259
|
+
check_retransmission(tr)
|
|
260
|
+
elsif (w != nil and w[0] == self.sock)
|
|
261
|
+
# No ack waiting, send next block..
|
|
262
|
+
chunk = tr[:file][:data].slice(tr[:offset], tr[:blksize])
|
|
263
|
+
if (chunk and chunk.length >= 0)
|
|
264
|
+
pkt = [OpData, tr[:block]].pack('nn')
|
|
265
|
+
pkt << chunk
|
|
266
|
+
|
|
267
|
+
send_packet(tr[:from], pkt)
|
|
268
|
+
tr[:last_sent] = ::Time.now
|
|
269
|
+
|
|
270
|
+
# If the file is a one-serve, mark it as started
|
|
271
|
+
tr[:file][:started] = true if (tr[:file][:once])
|
|
272
|
+
else
|
|
273
|
+
# No more chunks.. transfer is most likely done.
|
|
274
|
+
# However, we can only delete it once the last chunk has been
|
|
275
|
+
# acked.
|
|
276
|
+
end
|
|
277
|
+
end
|
|
278
|
+
else
|
|
279
|
+
# Are we awaiting data?
|
|
280
|
+
if (tr[:last_sent])
|
|
281
|
+
check_retransmission(tr)
|
|
282
|
+
elsif (w != nil and w[0] == self.sock)
|
|
283
|
+
# Not waiting for data, send an ack..
|
|
284
|
+
#puts "[*] sending ack for block %d" % [tr[:block]]
|
|
285
|
+
pkt = [OpAck, tr[:block]].pack('nn')
|
|
286
|
+
|
|
287
|
+
send_packet(tr[:from], pkt)
|
|
288
|
+
tr[:last_sent] = ::Time.now
|
|
289
|
+
|
|
290
|
+
# If we had a 0-511 byte chunk, we're done.
|
|
291
|
+
if (tr[:last_size] and tr[:last_size] < tr[:blksize])
|
|
292
|
+
#puts "[*] Transfer complete, saving output"
|
|
293
|
+
save_output(tr)
|
|
294
|
+
self.transfers.delete(tr)
|
|
295
|
+
end
|
|
296
|
+
end
|
|
297
|
+
end
|
|
298
|
+
end
|
|
299
|
+
end
|
|
300
|
+
end
|
|
301
|
+
|
|
302
|
+
|
|
303
|
+
def next_block(tr)
|
|
304
|
+
tr[:block] += 1
|
|
305
|
+
tr[:last_sent] = nil
|
|
306
|
+
tr[:retries] = 0
|
|
307
|
+
end
|
|
308
|
+
|
|
309
|
+
|
|
310
|
+
#
|
|
311
|
+
# Dispatch a packet that we received
|
|
312
|
+
#
|
|
313
|
+
def dispatch_request(from, buf)
|
|
314
|
+
|
|
315
|
+
op = buf.unpack('n')[0]
|
|
316
|
+
buf.slice!(0,2)
|
|
317
|
+
|
|
318
|
+
#XXX: todo - create call backs for status
|
|
319
|
+
#start = "[*] TFTP - %s:%u - %s" % [from[0], from[1], OPCODES[op]]
|
|
320
|
+
|
|
321
|
+
case op
|
|
322
|
+
when OpRead
|
|
323
|
+
# Process RRQ packets
|
|
324
|
+
fn = TFTP::get_string(buf)
|
|
325
|
+
mode = TFTP::get_string(buf).downcase
|
|
326
|
+
|
|
327
|
+
#puts "%s %s %s" % [start, fn, mode]
|
|
328
|
+
|
|
329
|
+
if (not @shutting_down) and (file = self.find_file(fn))
|
|
330
|
+
if (file[:once] and file[:started])
|
|
331
|
+
send_error(from, ErrFileNotFound)
|
|
332
|
+
else
|
|
333
|
+
transfer = {
|
|
334
|
+
:type => OpRead,
|
|
335
|
+
:from => from,
|
|
336
|
+
:file => file,
|
|
337
|
+
:block => 1,
|
|
338
|
+
:blksize => 512,
|
|
339
|
+
:offset => 0,
|
|
340
|
+
:timeout => 3,
|
|
341
|
+
:last_sent => nil,
|
|
342
|
+
:retries => 0
|
|
343
|
+
}
|
|
344
|
+
|
|
345
|
+
process_options(from, buf, transfer)
|
|
346
|
+
|
|
347
|
+
self.transfers << transfer
|
|
348
|
+
end
|
|
349
|
+
else
|
|
350
|
+
#puts "[-] file not found!"
|
|
351
|
+
send_error(from, ErrFileNotFound)
|
|
352
|
+
end
|
|
353
|
+
|
|
354
|
+
when OpWrite
|
|
355
|
+
# Process WRQ packets
|
|
356
|
+
fn = TFTP::get_string(buf)
|
|
357
|
+
mode = TFTP::get_string(buf).downcase
|
|
358
|
+
|
|
359
|
+
#puts "%s %s %s" % [start, fn, mode]
|
|
360
|
+
|
|
361
|
+
if not @shutting_down
|
|
362
|
+
transfer = {
|
|
363
|
+
:type => OpWrite,
|
|
364
|
+
:from => from,
|
|
365
|
+
:file => { :name => fn, :data => '' },
|
|
366
|
+
:block => 0, # WRQ starts at 0
|
|
367
|
+
:blksize => 512,
|
|
368
|
+
:timeout => 3,
|
|
369
|
+
:last_sent => nil,
|
|
370
|
+
:retries => 0
|
|
371
|
+
}
|
|
372
|
+
|
|
373
|
+
process_options(from, buf, transfer)
|
|
374
|
+
|
|
375
|
+
self.transfers << transfer
|
|
376
|
+
else
|
|
377
|
+
send_error(from, ErrIllegalOperation)
|
|
378
|
+
end
|
|
379
|
+
|
|
380
|
+
when OpAck
|
|
381
|
+
# Process ACK packets
|
|
382
|
+
block = buf.unpack('n')[0]
|
|
383
|
+
|
|
384
|
+
#puts "%s %d" % [start, block]
|
|
385
|
+
|
|
386
|
+
tr = find_transfer(OpRead, from, block)
|
|
387
|
+
if not tr
|
|
388
|
+
# NOTE: some clients, such as pxelinux, send an ack for block 0.
|
|
389
|
+
# To deal with this, we simply ignore it as we start with block 1.
|
|
390
|
+
return if block == 0
|
|
391
|
+
|
|
392
|
+
# If we didn't find it, send an error.
|
|
393
|
+
send_error(from, ErrUnknownTransferId)
|
|
394
|
+
else
|
|
395
|
+
# acked! send the next block
|
|
396
|
+
tr[:offset] += tr[:blksize]
|
|
397
|
+
next_block(tr)
|
|
398
|
+
|
|
399
|
+
# If the transfer is finished, delete it
|
|
400
|
+
if (tr[:offset] > tr[:file][:data].length)
|
|
401
|
+
#puts "[*] Transfer complete"
|
|
402
|
+
self.transfers.delete(tr)
|
|
403
|
+
|
|
404
|
+
# if the file is a one-serve, delete it from the files array
|
|
405
|
+
if tr[:file][:once]
|
|
406
|
+
#puts "[*] Removed one-serve file: #{tr[:file][:name]}"
|
|
407
|
+
self.files.delete(tr[:file])
|
|
408
|
+
end
|
|
409
|
+
end
|
|
410
|
+
end
|
|
411
|
+
|
|
412
|
+
when OpData
|
|
413
|
+
# Process Data packets
|
|
414
|
+
block = buf.unpack('n')[0]
|
|
415
|
+
data = buf.slice(2, buf.length)
|
|
416
|
+
|
|
417
|
+
#puts "%s %d %d bytes" % [start, block, data.length]
|
|
418
|
+
|
|
419
|
+
tr = find_transfer(OpWrite, from, (block-1))
|
|
420
|
+
if not tr
|
|
421
|
+
# If we didn't find it, send an error.
|
|
422
|
+
send_error(from, ErrUnknownTransferId)
|
|
423
|
+
else
|
|
424
|
+
tr[:file][:data] << data
|
|
425
|
+
tr[:last_size] = data.length
|
|
426
|
+
next_block(tr)
|
|
427
|
+
|
|
428
|
+
# Similar to RRQ transfers, we cannot detect that the
|
|
429
|
+
# transfer finished here. We must do so after transmitting
|
|
430
|
+
# the final ACK.
|
|
431
|
+
end
|
|
432
|
+
|
|
433
|
+
else
|
|
434
|
+
# Other packets are unsupported
|
|
435
|
+
#puts start
|
|
436
|
+
send_error(from, ErrAccessViolation)
|
|
437
|
+
|
|
438
|
+
end
|
|
439
|
+
end
|
|
440
|
+
|
|
441
|
+
def process_options(from, buf, tr)
|
|
442
|
+
found = 0
|
|
443
|
+
to_ack = []
|
|
444
|
+
while buf.length >= 4
|
|
445
|
+
opt = TFTP::get_string(buf)
|
|
446
|
+
break if not opt
|
|
447
|
+
val = TFTP::get_string(buf)
|
|
448
|
+
break if not val
|
|
449
|
+
|
|
450
|
+
found += 1
|
|
451
|
+
|
|
452
|
+
# Is it one we support?
|
|
453
|
+
opt.downcase!
|
|
454
|
+
|
|
455
|
+
case opt
|
|
456
|
+
when "blksize"
|
|
457
|
+
val = val.to_i
|
|
458
|
+
if val > 0
|
|
459
|
+
tr[:blksize] = val
|
|
460
|
+
to_ack << [ opt, val.to_s ]
|
|
461
|
+
end
|
|
462
|
+
|
|
463
|
+
when "timeout"
|
|
464
|
+
val = val.to_i
|
|
465
|
+
if val >= 1 and val <= 255
|
|
466
|
+
tr[:timeout] = val
|
|
467
|
+
to_ack << [ opt, val.to_s ]
|
|
468
|
+
end
|
|
469
|
+
|
|
470
|
+
when "tsize"
|
|
471
|
+
if tr[:type] == OpRead
|
|
472
|
+
len = tr[:file][:data].length
|
|
473
|
+
else
|
|
474
|
+
val = val.to_i
|
|
475
|
+
len = val
|
|
476
|
+
end
|
|
477
|
+
to_ack << [ opt, len.to_s ]
|
|
478
|
+
|
|
479
|
+
end
|
|
480
|
+
end
|
|
481
|
+
|
|
482
|
+
return if to_ack.length < 1
|
|
483
|
+
|
|
484
|
+
# if we have anything to ack, do it
|
|
485
|
+
data = [OpOptAck].pack('n')
|
|
486
|
+
to_ack.each { |el|
|
|
487
|
+
data << el[0] << "\x00" << el[1] << "\x00"
|
|
488
|
+
}
|
|
489
|
+
|
|
490
|
+
send_packet(from, data)
|
|
491
|
+
end
|
|
492
|
+
|
|
493
|
+
end
|
|
494
|
+
|
|
495
|
+
end
|
|
496
|
+
end
|
|
497
|
+
end
|