dstruct 0.0.1

data/lib/rex/script/meterpreter.rb

@@ -0,0 +1,16 @@
+# -*- coding: binary -*-
+
+module Rex
+module Script
+class Meterpreter < Base
+
+begin
+  require 'msf/scripts/meterpreter'
+  include Msf::Scripts::Meterpreter::Common
+rescue ::LoadError
+end
+
+end
+end
+end
+

data/lib/rex/script/shell.rb

@@ -0,0 +1,10 @@
+# -*- coding: binary -*-
+
+module Rex
+module Script
+class Shell < Base
+
+end
+end
+end
+

data/lib/rex/service.rb

@@ -0,0 +1,49 @@
+# -*- coding: binary -*-
+require 'rex'
+require 'rex/proto'
+
+module Rex
+
+###
+#
+# The service module is used to extend classes that are passed into the
+# service manager start routine.  It provides extra methods, such as reference
+# counting, that are used to track the service instances more uniformly.
+#
+###
+module Service
+  include Ref
+
+  require 'rex/services/local_relay'
+
+  #
+  # Returns the hardcore, as in porno, alias for this service.  This is used
+  # by the service manager to manage singleton services.
+  #
+  def self.hardcore_alias(*args)
+    return "__#{args}"
+  end
+
+  def deref
+    rv = super
+
+    # If there's only one reference, then it's the service managers.
+    if @_references == 1
+      Rex::ServiceManager.stop_service(self)
+    end
+
+    rv
+  end
+
+  #
+  # Calls stop on the service once the ref count drops.
+  #
+  def cleanup
+    stop
+  end
+
+  attr_accessor :alias
+
+end
+
+end

data/lib/rex/service_manager.rb

@@ -0,0 +1,154 @@
+# -*- coding: binary -*-
+require 'singleton'
+require 'rex'
+require 'rex/service'
+
+module Rex
+
+###
+#
+# This class manages service allocation and interaction.  This class can be
+# used to start HTTP servers and manage them and all that stuff.  Yup.
+#
+###
+class ServiceManager < Hash
+
+  #
+  # This class is a singleton.
+  #
+  include Singleton
+
+  #
+  # Calls the instance method to start a service.
+  #
+  def self.start(klass, *args)
+    self.instance.start(klass, *args)
+  end
+
+  #
+  # Calls the instance method to stop a service.
+  #
+  def self.stop(klass, *args)
+    self.instance.stop(klass, *args)
+  end
+
+  #
+  # Stop a service using the alias that's associated with it.
+  #
+  def self.stop_by_alias(als)
+    self.instance.stop_by_alias(als)
+  end
+
+  #
+  # Stop the supplied service instance.
+  #
+  def self.stop_service(service)
+    self.instance.stop_service(service)
+  end
+
+  #
+  # Starts a service and assigns it a unique name in the service hash.
+  #
+  def start(klass, *args)
+    # Get the hardcore alias.
+    hals = "#{klass}" + klass.hardcore_alias(*args)
+
+    # Has a service already been constructed for this guy?  If so, increment
+    # its reference count like it aint no thang.
+    if (inst = self[hals])
+      inst.ref
+      return inst
+    end
+
+    inst = klass.new(*args)
+    als  = inst.alias
+
+    # Find an alias that isn't taken.
+    if (self[als])
+      cnt  = 1
+      cnt += 1 while (self[als + " #{cnt}"])
+      als  = inst.alias + " #{cnt}"
+    end
+
+    # Extend the instance as a service.
+    inst.extend(Rex::Service)
+
+    # Re-aliases the instance.
+    inst.alias = als
+
+    # Fire up the engines.  If an error occurs an exception will be
+    # raised.
+    inst.start
+
+    # Alias associate and initialize reference counting
+    self[als] = self[hals] = inst.refinit
+
+    # Pass the caller a reference
+    inst.ref
+
+    inst
+  end
+
+  #
+  # Stop a service using a given klass and arguments.  These should mirror
+  # what was originally passed to start exactly.  If the reference count of
+  # the service drops to zero the service will be destroyed.
+  #
+  def stop(klass, *args)
+    stop_service(hals[hardcore_alias(klass, *args)])
+  end
+
+  #
+  # Stops a service using the provided alias.
+  #
+  def stop_by_alias(als)
+    stop_service(self[als])
+  end
+
+  #
+  # Stops a service instance.
+  #
+  def stop_service(inst)
+    # Stop the service and be done wif it, but only if the number of
+    # references has dropped to zero
+    if (inst)
+      # Since the instance may have multiple aliases, scan through
+      # all the pairs for matching stuff.
+      self.each_pair { |cals, cinst|
+        self.delete(cals) if (inst == cinst)
+      }
+
+      # Lose the list-held reference to the instance
+      inst.deref
+
+      return true
+    end
+
+    # Return false if the service isn't there
+    return false
+  end
+
+  #
+  # Overrides the builtin 'each' operator to avoid the following exception on Ruby 1.9.2+
+  #    "can't add a new key into hash during iteration"
+  #
+  def each(&block)
+    list = []
+    self.keys.sort.each do |sidx|
+      list << [sidx, self[sidx]]
+    end
+    list.each(&block)
+  end
+
+protected
+
+  #
+  # Returns the alias for a given service instance.
+  #
+  def hardcore_alias(klass, *args)
+    "__#{klass.name}#{args}"
+  end
+
+end
+
+end

data/lib/rex/services/local_relay.rb

@@ -0,0 +1,424 @@
+# -*- coding: binary -*-
+require 'thread'
+require 'rex/socket'
+
+module Rex
+module Services
+
+###
+#
+# This service acts as a local TCP relay whereby clients can connect to a
+# local listener that forwards to an arbitrary remote endpoint.  Interaction
+# with the remote endpoint socket requires that it implement the
+# Rex::IO::Stream interface.
+#
+###
+class LocalRelay
+
+  include Rex::Service
+
+  ###
+  #
+  # This module is used to extend streams such that they can be associated
+  # with a relay context and the other side of the stream.
+  #
+  ###
+  module Stream
+
+    #
+    # This method is called when the other side has data that has been read
+    # in.
+    #
+    def on_other_data(data)
+      if (relay.on_other_data_proc)
+        relay.on_other_data_proc.call(relay, self, data)
+      else
+        put(data)
+      end
+    end
+
+    attr_accessor :relay
+    attr_accessor :other_stream
+  end
+
+  ###
+  #
+  # This module is used to extend stream servers such that they can be
+  # associated with a relay context.
+  #
+  ###
+  module StreamServer
+
+    #
+    # This method is called when the stream server receives a local
+    # connection such that the remote half can be allocated.  The return
+    # value of the callback should be a Stream instance.
+    #
+    def on_local_connection(relay, lfd)
+      if (relay.on_local_connection_proc)
+        relay.on_local_connection_proc.call(relay, lfd)
+      end
+    end
+
+    attr_accessor :relay
+  end
+
+
+  ###
+  #
+  # This class acts as an instance of a given local relay.
+  #
+  ###
+  class Relay
+
+    def initialize(name, listener, opts = {})
+      self.name                     = name
+      self.listener                 = listener
+      self.opts                     = opts
+      self.on_local_connection_proc = opts['OnLocalConnection']
+      self.on_conn_close_proc       = opts['OnConnectionClose']
+      self.on_other_data_proc       = opts['OnOtherData']
+      if (not $dispatcher['rex'])
+        register_log_source('rex', $dispatcher['core'], get_log_level('core'))
+      end
+    end
+
+    def shutdown
+      begin
+        listener.shutdown if (listener)
+      rescue ::Exception
+      end
+    end
+
+    def close
+      begin
+        listener.close if (listener)
+      rescue ::Exception
+      end
+      listener = nil
+    end
+
+    attr_reader :name, :listener, :opts
+    attr_accessor :on_local_connection_proc
+    attr_accessor :on_conn_close_proc
+    attr_accessor :on_other_data_proc
+  protected
+    attr_writer :name, :listener, :opts
+
+  end
+
+  #
+  # Initializes the local tcp relay monitor.
+  #
+  def initialize
+    self.relays       = Hash.new
+    self.rfds         = Array.new
+    self.relay_thread = nil
+    self.relay_mutex  = Mutex.new
+  end
+
+  ##
+  #
+  # Service interface implementors
+  #
+  ##
+
+  #
+  # Returns the hardcore alias for the local relay service.
+  #
+  def self.hardcore_alias(*args)
+    "__#{args}"
+  end
+
+  #
+  # Returns the alias for this service.
+  #
+  def alias
+    super || "Local Relay"
+  end
+
+  #
+  # Starts the thread that monitors the local relays.
+  #
+  def start
+    if (!self.relay_thread)
+      self.relay_thread = Rex::ThreadFactory.spawn("LocalRelay", false) {
+        begin
+          monitor_relays
+        rescue ::Exception
+          elog("Error in #{self} monitor_relays: #{$!}", 'rex')
+        end
+      }
+    end
+  end
+
+  #
+  # Stops the thread that monitors the local relays and destroys all local
+  # listeners.
+  #
+  def stop
+    if (self.relay_thread)
+      self.relay_thread.kill
+      self.relay_thread = nil
+    end
+
+    self.relay_mutex.synchronize {
+      self.relays.delete_if { |k, v|
+        v.shutdown
+        v.close
+        true
+      }
+    }
+
+    # Flush the relay list and read fd list
+    self.relays.clear
+    self.rfds.clear
+  end
+
+  ##
+  #
+  # Adding/removing local tcp relays
+  #
+  ##
+
+  #
+  # Starts a local TCP relay.
+  #
+  def start_tcp_relay(lport, opts = {})
+    # Make sure our options are valid
+    if ((opts['PeerHost'] == nil or opts['PeerPort'] == nil) and (opts['Stream'] != true))
+      raise ArgumentError, "Missing peer host or peer port.", caller
+    end
+
+    listener = Rex::Socket.create_tcp_server(
+      'LocalHost' => opts['LocalHost'],
+      'LocalPort' => lport)
+
+    opts['LocalPort']   = lport
+    opts['__RelayType'] = 'tcp'
+
+    start_relay(listener, lport.to_s + (opts['LocalHost'] || '0.0.0.0'), opts)
+  end
+
+  #
+  # Starts a local relay on the supplied local port.  This listener will call
+  # the supplied callback procedures when various events occur.
+  #
+  def start_relay(stream_server, name, opts = {})
+    # Create a Relay instance with the local stream and remote stream
+    relay = Relay.new(name, stream_server, opts)
+
+    # Extend the stream_server so that we can associate it with this relay
+    stream_server.extend(StreamServer)
+    stream_server.relay = relay
+
+    # Add the stream associations the appropriate lists and hashes
+    self.relay_mutex.synchronize {
+      self.relays[name] = relay
+
+      self.rfds << stream_server
+    }
+  end
+
+  #
+  # Stops relaying on a given local port.
+  #
+  def stop_tcp_relay(lport, lhost = nil)
+    stop_relay(lport.to_s + (lhost || '0.0.0.0'))
+  end
+
+  #
+  # Stops a relay with a given name.
+  #
+  def stop_relay(name)
+    rv = false
+
+    self.relay_mutex.synchronize {
+      relay = self.relays[name]
+
+      if (relay)
+        close_relay(relay)
+        rv = true
+      end
+    }
+
+    rv
+  end
+
+  #
+  # Enumerate each TCP relay
+  #
+  def each_tcp_relay(&block)
+    self.relays.each_pair { |name, relay|
+      next if (relay.opts['__RelayType'] != 'tcp')
+
+      yield(
+        relay.opts['LocalHost'] || '0.0.0.0',
+        relay.opts['LocalPort'],
+        relay.opts['PeerHost'],
+        relay.opts['PeerPort'],
+        relay.opts)
+    }
+  end
+
+protected
+
+  attr_accessor :relays, :relay_thread, :relay_mutex
+  attr_accessor :rfds
+
+  #
+  # Closes an cleans up a specific relay
+  #
+  def close_relay(relay)
+    self.rfds.delete(relay.listener)
+    self.relays.delete(relay.name)
+
+    begin
+      relay.shutdown
+      relay.close
+    rescue IOError
+    end
+  end
+
+  #
+  # Closes a specific relay connection without tearing down the actual relay
+  # itself.
+  #
+  def close_relay_conn(fd)
+    relay = fd.relay
+    ofd   = fd.other_stream
+
+    self.rfds.delete(fd)
+
+    begin
+      if (relay.on_conn_close_proc)
+        relay.on_conn_close_proc.call(fd)
+      end
+
+      fd.shutdown
+      fd.close
+    rescue IOError
+    end
+
+    if (ofd)
+      self.rfds.delete(ofd)
+
+      begin
+        if (relay.on_conn_close_proc)
+          relay.on_conn_close_proc.call(ofd)
+        end
+
+        ofd.shutdown
+        ofd.close
+      rescue IOError
+      end
+    end
+  end
+
+  #
+  # Accepts a client connection on a local relay.
+  #
+  def accept_relay_conn(srvfd)
+    relay = srvfd.relay
+
+    begin
+      dlog("Accepting relay client connection...", 'rex', LEV_3)
+
+      # Accept the child connection
+      lfd = srvfd.accept
+      dlog("Got left side of relay: #{lfd}", 'rex', LEV_3)
+
+      # Call the relay's on_local_connection method which should return a
+      # remote connection on success
+      rfd = srvfd.on_local_connection(relay, lfd)
+
+      dlog("Got right side of relay: #{rfd}", 'rex', LEV_3)
+    rescue
+      wlog("Failed to get remote half of local connection on relay #{relay.name}: #{$!}", 'rex')
+      lfd.close
+      return
+    end
+
+    # If we have both sides, then we rock.  Extend the instances, associate
+    # them with the relay, associate them with each other, and add them to
+    # the list of polling file descriptors
+    if (lfd and rfd)
+      lfd.extend(Stream)
+      rfd.extend(Stream)
+
+      lfd.relay = relay
+      rfd.relay = relay
+
+      lfd.other_stream = rfd
+      rfd.other_stream = lfd
+
+      self.rfds << lfd
+      self.rfds << rfd
+
+    # Otherwise, we don't have both sides, we'll close them.
+    else
+      close_relay_conn(lfd)
+    end
+  end
+
+  #
+  # Monitors the relays for data and passes it in both directions.
+  #
+  def monitor_relays
+    begin
+      # Helps with latency
+      Thread.current.priority = 2
+
+      # Poll all the streams...
+      begin
+        socks = Rex::ThreadSafe.select(rfds, nil, nil, 0.25)
+      rescue StreamClosedError => e
+        dlog("monitor_relays: closing stream #{e.stream}", 'rex', LEV_3)
+
+        # Close the relay connection that is associated with the stream
+        # closed error
+        if (e.stream.kind_of?(Stream))
+          close_relay_conn(e.stream)
+        end
+
+        dlog("monitor_relays: closed stream #{e.stream}", 'rex', LEV_3)
+
+        next
+      rescue
+        elog("Error in #{self} monitor_relays select: #{$!.class} #{$!}", 'rex')
+        return
+      end
+
+      # If socks is nil, go again.
+      next unless socks
+
+      # Process read-ready file descriptors, if any.
+      socks[0].each { |rfd|
+
+        # If this file descriptor is a server, accept the connection
+        if (rfd.kind_of?(StreamServer))
+          accept_relay_conn(rfd)
+        # Otherwise, it's a relay connection, read data from one side
+        # and write it to the other
+        else
+          begin
+            # Pass the data onto the other fd, most likely writing it.
+            data = rfd.sysread(65536)
+            rfd.other_stream.on_other_data(data)
+          # If we catch an error, close the connection
+          rescue ::Exception
+            elog("Error in #{self} monitor_relays read: #{$!}", 'rex')
+            close_relay_conn(rfd)
+          end
+        end
+
+      } if (socks[0])
+
+    end while true
+  end
+
+end
+
+end
+end
+