RubyGems - dstruct - Versions diffs - 0.0.1 - Mend

dstruct 0.0.1

Files changed (491) hide show

checksums.yaml +15 -0
data/README.markdown +23 -0
data/examples/smb_example.rb +35 -0
data/lib/rex.rb +108 -0
data/lib/rex/LICENSE +29 -0
data/lib/rex/arch.rb +104 -0
data/lib/rex/arch/sparc.rb +75 -0
data/lib/rex/arch/x86.rb +524 -0
data/lib/rex/assembly/nasm.rb +104 -0
data/lib/rex/codepage.map +104 -0
data/lib/rex/compat.rb +389 -0
data/lib/rex/constants.rb +124 -0
data/lib/rex/elfparsey.rb +9 -0
data/lib/rex/elfparsey/elf.rb +121 -0
data/lib/rex/elfparsey/elfbase.rb +256 -0
data/lib/rex/elfparsey/exceptions.rb +25 -0
data/lib/rex/elfscan.rb +10 -0
data/lib/rex/elfscan/scanner.rb +226 -0
data/lib/rex/elfscan/search.rb +44 -0
data/lib/rex/encoder/alpha2.rb +31 -0
data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
data/lib/rex/encoder/alpha2/generic.rb +90 -0
data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
data/lib/rex/encoder/ndr.rb +90 -0
data/lib/rex/encoder/nonalpha.rb +61 -0
data/lib/rex/encoder/nonupper.rb +64 -0
data/lib/rex/encoder/xdr.rb +107 -0
data/lib/rex/encoder/xor.rb +69 -0
data/lib/rex/encoder/xor/dword.rb +13 -0
data/lib/rex/encoder/xor/dword_additive.rb +13 -0
data/lib/rex/encoders/xor_dword.rb +35 -0
data/lib/rex/encoders/xor_dword_additive.rb +53 -0
data/lib/rex/encoding/xor.rb +20 -0
data/lib/rex/encoding/xor/byte.rb +15 -0
data/lib/rex/encoding/xor/dword.rb +21 -0
data/lib/rex/encoding/xor/dword_additive.rb +92 -0
data/lib/rex/encoding/xor/exceptions.rb +17 -0
data/lib/rex/encoding/xor/generic.rb +146 -0
data/lib/rex/encoding/xor/qword.rb +15 -0
data/lib/rex/encoding/xor/word.rb +21 -0
data/lib/rex/exceptions.rb +275 -0
data/lib/rex/exploitation/cmdstager.rb +10 -0
data/lib/rex/exploitation/cmdstager/base.rb +190 -0
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
data/lib/rex/exploitation/egghunter.rb +425 -0
data/lib/rex/exploitation/encryptjs.rb +78 -0
data/lib/rex/exploitation/heaplib.js.b64 +331 -0
data/lib/rex/exploitation/heaplib.rb +107 -0
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +513 -0
data/lib/rex/exploitation/obfuscatejs.rb +336 -0
data/lib/rex/exploitation/omelet.rb +321 -0
data/lib/rex/exploitation/opcodedb.rb +819 -0
data/lib/rex/exploitation/powershell.rb +62 -0
data/lib/rex/exploitation/powershell/function.rb +63 -0
data/lib/rex/exploitation/powershell/obfu.rb +98 -0
data/lib/rex/exploitation/powershell/output.rb +151 -0
data/lib/rex/exploitation/powershell/param.rb +23 -0
data/lib/rex/exploitation/powershell/parser.rb +183 -0
data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
data/lib/rex/exploitation/powershell/script.rb +99 -0
data/lib/rex/exploitation/ropdb.rb +190 -0
data/lib/rex/exploitation/seh.rb +93 -0
data/lib/rex/file.rb +160 -0
data/lib/rex/image_source.rb +10 -0
data/lib/rex/image_source/disk.rb +58 -0
data/lib/rex/image_source/image_source.rb +44 -0
data/lib/rex/image_source/memory.rb +35 -0
data/lib/rex/io/bidirectional_pipe.rb +161 -0
data/lib/rex/io/datagram_abstraction.rb +35 -0
data/lib/rex/io/ring_buffer.rb +369 -0
data/lib/rex/io/stream.rb +312 -0
data/lib/rex/io/stream_abstraction.rb +209 -0
data/lib/rex/io/stream_server.rb +221 -0
data/lib/rex/job_container.rb +200 -0
data/lib/rex/logging.rb +4 -0
data/lib/rex/logging/log_dispatcher.rb +180 -0
data/lib/rex/logging/log_sink.rb +43 -0
data/lib/rex/logging/sinks/flatfile.rb +56 -0
data/lib/rex/logging/sinks/stderr.rb +44 -0
data/lib/rex/mac_oui.rb +16581 -0
data/lib/rex/machparsey.rb +9 -0
data/lib/rex/machparsey/exceptions.rb +34 -0
data/lib/rex/machparsey/mach.rb +209 -0
data/lib/rex/machparsey/machbase.rb +408 -0
data/lib/rex/machscan.rb +9 -0
data/lib/rex/machscan/scanner.rb +217 -0
data/lib/rex/mime.rb +10 -0
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +78 -0
data/lib/rex/mime/message.rb +150 -0
data/lib/rex/mime/part.rb +50 -0
data/lib/rex/nop/opty2.rb +109 -0
data/lib/rex/nop/opty2_tables.rb +301 -0
data/lib/rex/ole.rb +202 -0
data/lib/rex/ole/clsid.rb +44 -0
data/lib/rex/ole/difat.rb +138 -0
data/lib/rex/ole/directory.rb +228 -0
data/lib/rex/ole/direntry.rb +237 -0
data/lib/rex/ole/docs/dependencies.txt +8 -0
data/lib/rex/ole/docs/references.txt +1 -0
data/lib/rex/ole/fat.rb +96 -0
data/lib/rex/ole/header.rb +201 -0
data/lib/rex/ole/minifat.rb +74 -0
data/lib/rex/ole/propset.rb +141 -0
data/lib/rex/ole/samples/create_ole.rb +27 -0
data/lib/rex/ole/samples/dir.rb +35 -0
data/lib/rex/ole/samples/dump_stream.rb +34 -0
data/lib/rex/ole/samples/ole_info.rb +23 -0
data/lib/rex/ole/storage.rb +392 -0
data/lib/rex/ole/stream.rb +50 -0
data/lib/rex/ole/substorage.rb +46 -0
data/lib/rex/ole/util.rb +154 -0
data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
data/lib/rex/parser/appscan_nokogiri.rb +367 -0
data/lib/rex/parser/arguments.rb +108 -0
data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
data/lib/rex/parser/ci_nokogiri.rb +193 -0
data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/group_policy_preferences.rb +185 -0
data/lib/rex/parser/ini.rb +186 -0
data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
data/lib/rex/parser/ip360_xml.rb +98 -0
data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
data/lib/rex/parser/nessus_xml.rb +121 -0
data/lib/rex/parser/netsparker_xml.rb +109 -0
data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
data/lib/rex/parser/nexpose_xml.rb +172 -0
data/lib/rex/parser/nmap_nokogiri.rb +394 -0
data/lib/rex/parser/nmap_xml.rb +166 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
data/lib/rex/parser/retina_xml.rb +110 -0
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -0
data/lib/rex/payloads/win32.rb +3 -0
data/lib/rex/payloads/win32/common.rb +27 -0
data/lib/rex/payloads/win32/kernel.rb +54 -0
data/lib/rex/payloads/win32/kernel/common.rb +55 -0
data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
data/lib/rex/peparsey.rb +10 -0
data/lib/rex/peparsey/exceptions.rb +30 -0
data/lib/rex/peparsey/pe.rb +210 -0
data/lib/rex/peparsey/pe_memdump.rb +61 -0
data/lib/rex/peparsey/pebase.rb +1662 -0
data/lib/rex/peparsey/section.rb +128 -0
data/lib/rex/pescan.rb +11 -0
data/lib/rex/pescan/analyze.rb +366 -0
data/lib/rex/pescan/scanner.rb +230 -0
data/lib/rex/pescan/search.rb +68 -0
data/lib/rex/platforms.rb +2 -0
data/lib/rex/platforms/windows.rb +52 -0
data/lib/rex/poly.rb +134 -0
data/lib/rex/poly/block.rb +480 -0
data/lib/rex/poly/machine.rb +13 -0
data/lib/rex/poly/machine/machine.rb +830 -0
data/lib/rex/poly/machine/x86.rb +509 -0
data/lib/rex/poly/register.rb +101 -0
data/lib/rex/poly/register/x86.rb +41 -0
data/lib/rex/post.rb +7 -0
data/lib/rex/post/dir.rb +51 -0
data/lib/rex/post/file.rb +172 -0
data/lib/rex/post/file_stat.rb +220 -0
data/lib/rex/post/gen.pl +13 -0
data/lib/rex/post/io.rb +182 -0
data/lib/rex/post/meterpreter.rb +5 -0
data/lib/rex/post/meterpreter/channel.rb +446 -0
data/lib/rex/post/meterpreter/channel_container.rb +54 -0
data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
data/lib/rex/post/meterpreter/client.rb +483 -0
data/lib/rex/post/meterpreter/client_core.rb +352 -0
data/lib/rex/post/meterpreter/dependencies.rb +3 -0
data/lib/rex/post/meterpreter/extension.rb +32 -0
data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
data/lib/rex/post/meterpreter/packet.rb +709 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
data/lib/rex/post/meterpreter/ui/console.rb +142 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
data/lib/rex/post/permission.rb +26 -0
data/lib/rex/post/process.rb +57 -0
data/lib/rex/post/thread.rb +57 -0
data/lib/rex/post/ui.rb +52 -0
data/lib/rex/proto.rb +15 -0
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc.rb +7 -0
data/lib/rex/proto/dcerpc/client.rb +362 -0
data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
data/lib/rex/proto/dcerpc/handle.rb +48 -0
data/lib/rex/proto/dcerpc/ndr.rb +73 -0
data/lib/rex/proto/dcerpc/packet.rb +264 -0
data/lib/rex/proto/dcerpc/response.rb +188 -0
data/lib/rex/proto/dcerpc/uuid.rb +85 -0
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +7 -0
data/lib/rex/proto/dhcp/constants.rb +34 -0
data/lib/rex/proto/dhcp/server.rb +334 -0
data/lib/rex/proto/drda.rb +6 -0
data/lib/rex/proto/drda/constants.rb +50 -0
data/lib/rex/proto/drda/packet.rb +253 -0
data/lib/rex/proto/drda/utils.rb +124 -0
data/lib/rex/proto/http.rb +7 -0
data/lib/rex/proto/http/client.rb +722 -0
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +47 -0
data/lib/rex/proto/http/handler/erb.rb +129 -0
data/lib/rex/proto/http/handler/proc.rb +61 -0
data/lib/rex/proto/http/header.rb +173 -0
data/lib/rex/proto/http/packet.rb +414 -0
data/lib/rex/proto/http/request.rb +354 -0
data/lib/rex/proto/http/response.rb +151 -0
data/lib/rex/proto/http/server.rb +385 -0
data/lib/rex/proto/iax2.rb +2 -0
data/lib/rex/proto/iax2/call.rb +326 -0
data/lib/rex/proto/iax2/client.rb +218 -0
data/lib/rex/proto/iax2/codecs.rb +5 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
data/lib/rex/proto/iax2/constants.rb +262 -0
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
data/lib/rex/proto/ipmi/rakp2.rb +36 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +7 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +8 -0
data/lib/rex/proto/ntlm/base.rb +327 -0
data/lib/rex/proto/ntlm/constants.rb +75 -0
data/lib/rex/proto/ntlm/crypt.rb +412 -0
data/lib/rex/proto/ntlm/exceptions.rb +17 -0
data/lib/rex/proto/ntlm/message.rb +534 -0
data/lib/rex/proto/ntlm/utils.rb +765 -0
data/lib/rex/proto/ntp.rb +3 -0
data/lib/rex/proto/ntp/constants.rb +12 -0
data/lib/rex/proto/ntp/modes.rb +130 -0
data/lib/rex/proto/pjl.rb +31 -0
data/lib/rex/proto/pjl/client.rb +163 -0
data/lib/rex/proto/proxy/socks4a.rb +441 -0
data/lib/rex/proto/rfb.rb +13 -0
data/lib/rex/proto/rfb/cipher.rb +82 -0
data/lib/rex/proto/rfb/client.rb +205 -0
data/lib/rex/proto/rfb/constants.rb +50 -0
data/lib/rex/proto/sip.rb +4 -0
data/lib/rex/proto/sip/response.rb +61 -0
data/lib/rex/proto/smb.rb +8 -0
data/lib/rex/proto/smb/client.rb +2064 -0
data/lib/rex/proto/smb/constants.rb +1064 -0
data/lib/rex/proto/smb/crypt.rb +37 -0
data/lib/rex/proto/smb/evasions.rb +67 -0
data/lib/rex/proto/smb/exceptions.rb +867 -0
data/lib/rex/proto/smb/simpleclient.rb +173 -0
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +104 -0
data/lib/rex/proto/sunrpc.rb +2 -0
data/lib/rex/proto/sunrpc/client.rb +196 -0
data/lib/rex/proto/tftp.rb +13 -0
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +39 -0
data/lib/rex/proto/tftp/server.rb +497 -0
data/lib/rex/random_identifier_generator.rb +177 -0
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +8 -0
data/lib/rex/ropbuilder/rop.rb +271 -0
data/lib/rex/script.rb +42 -0
data/lib/rex/script/base.rb +61 -0
data/lib/rex/script/meterpreter.rb +16 -0
data/lib/rex/script/shell.rb +10 -0
data/lib/rex/service.rb +49 -0
data/lib/rex/service_manager.rb +154 -0
data/lib/rex/services/local_relay.rb +424 -0
data/lib/rex/socket.rb +788 -0
data/lib/rex/socket/comm.rb +120 -0
data/lib/rex/socket/comm/local.rb +526 -0
data/lib/rex/socket/ip.rb +132 -0
data/lib/rex/socket/parameters.rb +363 -0
data/lib/rex/socket/range_walker.rb +470 -0
data/lib/rex/socket/ssl_tcp.rb +345 -0
data/lib/rex/socket/ssl_tcp_server.rb +188 -0
data/lib/rex/socket/subnet_walker.rb +76 -0
data/lib/rex/socket/switch_board.rb +289 -0
data/lib/rex/socket/tcp.rb +79 -0
data/lib/rex/socket/tcp_server.rb +67 -0
data/lib/rex/socket/udp.rb +165 -0
data/lib/rex/sslscan/result.rb +201 -0
data/lib/rex/sslscan/scanner.rb +206 -0
data/lib/rex/struct2.rb +5 -0
data/lib/rex/struct2/c_struct.rb +181 -0
data/lib/rex/struct2/c_struct_template.rb +39 -0
data/lib/rex/struct2/constant.rb +26 -0
data/lib/rex/struct2/element.rb +44 -0
data/lib/rex/struct2/generic.rb +73 -0
data/lib/rex/struct2/restraint.rb +54 -0
data/lib/rex/struct2/s_string.rb +72 -0
data/lib/rex/struct2/s_struct.rb +111 -0
data/lib/rex/sync.rb +6 -0
data/lib/rex/sync/event.rb +85 -0
data/lib/rex/sync/read_write_lock.rb +177 -0
data/lib/rex/sync/ref.rb +58 -0
data/lib/rex/sync/thread_safe.rb +83 -0
data/lib/rex/text.rb +1813 -0
data/lib/rex/thread_factory.rb +43 -0
data/lib/rex/time.rb +66 -0
data/lib/rex/transformer.rb +116 -0
data/lib/rex/ui.rb +22 -0
data/lib/rex/ui/interactive.rb +304 -0
data/lib/rex/ui/output.rb +85 -0
data/lib/rex/ui/output/none.rb +19 -0
data/lib/rex/ui/progress_tracker.rb +97 -0
data/lib/rex/ui/subscriber.rb +160 -0
data/lib/rex/ui/text/color.rb +98 -0
data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
data/lib/rex/ui/text/input.rb +119 -0
data/lib/rex/ui/text/input/buffer.rb +79 -0
data/lib/rex/ui/text/input/readline.rb +129 -0
data/lib/rex/ui/text/input/socket.rb +96 -0
data/lib/rex/ui/text/input/stdio.rb +46 -0
data/lib/rex/ui/text/irb_shell.rb +62 -0
data/lib/rex/ui/text/output.rb +86 -0
data/lib/rex/ui/text/output/buffer.rb +62 -0
data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
data/lib/rex/ui/text/output/file.rb +44 -0
data/lib/rex/ui/text/output/socket.rb +44 -0
data/lib/rex/ui/text/output/stdio.rb +53 -0
data/lib/rex/ui/text/output/tee.rb +56 -0
data/lib/rex/ui/text/progress_tracker.rb +57 -0
data/lib/rex/ui/text/shell.rb +403 -0
data/lib/rex/ui/text/table.rb +346 -0
data/lib/rex/zip.rb +96 -0
data/lib/rex/zip/archive.rb +130 -0
data/lib/rex/zip/blocks.rb +184 -0
data/lib/rex/zip/entry.rb +122 -0
data/lib/rex/zip/jar.rb +283 -0
data/lib/rex/zip/samples/comment.rb +32 -0
data/lib/rex/zip/samples/mkwar.rb +138 -0
data/lib/rex/zip/samples/mkzip.rb +19 -0
data/lib/rex/zip/samples/recursive.rb +58 -0
metadata +536 -0

@@ -0,0 +1,85 @@
+# -*- coding: binary -*-
+module Rex
+module Proto
+module DCERPC
+class UUID
+  @@known_uuids =
+  {
+    'MGMT'      => [ 'afa8bd80-7d8a-11c9-bef4-08002b102989', '2.0' ],
+    'REMACT'    => [ '4d9f4ab8-7d1c-11cf-861e-0020af6e7c57', '0.0' ],
+    'SYSACT'    => [ '000001a0-0000-0000-c000-000000000046', '0.0' ],
+    'LSA_DS'    => [ '3919286a-b10c-11d0-9ba8-00c04fd92ef5', '0.0' ],
+    'SAMR'      => [ '12345778-1234-abcd-ef00-0123456789ac', '1.0' ],
+    'MSMQ'      => [ 'fdb3a030-065f-11d1-bb9b-00a024ea5525', '1.0' ],
+    'EVENTLOG'  => [ '82273fdc-e32a-18c3-3f78-827929dc23ea', '0.0' ],
+    'SVCCTL'    => [ '367abb81-9844-35f1-ad32-98f038001003', '2.0' ],
+    'SRVSVC'    => [ '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0' ],
+    'PNP'       => [ '8d9f4e40-a03d-11ce-8f69-08003e30051b', '1.0' ]
+  }
+  # Convert a UUID in binary format to the string representation
+  def self.uuid_unpack(uuid_bin)
+    raise ArgumentError if uuid_bin.length != 16
+    sprintf("%.8x-%.4x-%.4x-%.4x-%s",
+      uuid_bin[ 0, 4].unpack('V')[0],
+      uuid_bin[ 4, 2].unpack('v')[0],
+      uuid_bin[ 6, 2].unpack('v')[0],
+      uuid_bin[ 8, 2].unpack('n')[0],
+      uuid_bin[10, 6].unpack('H*')[0]
+    )
+  end
+  # Validate a text based UUID
+  def self.is? (uuid_str)
+    raise ArgumentError if !uuid_str
+    if uuid_str.match(/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/)
+      return true
+    else
+      return false
+    end
+  end
+  # Convert a UUID in string format to the binary representation
+  def self.uuid_pack (uuid_str)
+    raise ArgumentError if !self.is?(uuid_str)
+    parts = uuid_str.split('-')
+    [ parts[0].hex, parts[1].hex, parts[2].hex, parts[3].hex ].pack('Vvvn') + [ parts[4] ].pack('H*')
+  end
+  # Provide the common TransferSyntax UUID in packed format
+  def self.xfer_syntax_uuid ()
+    self.uuid_pack('8a885d04-1ceb-11c9-9fe8-08002b104860')
+  end
+  # Provide the common TransferSyntax version number
+  def self.xfer_syntax_vers ()
+    '2.0'
+  end
+  # Determine the UUID string for the DCERPC service with this name
+  def self.uuid_by_name (name)
+    if @@known_uuids.key?(name)
+      @@known_uuids[name][0]
+    end
+  end
+  # Determine the common version number for the DCERPC service with this name
+  def self.vers_by_name (name)
+    if @@known_uuids.key?(name)
+      @@known_uuids[name][1]
+    end
+  end
+  # Convert a string or number in float format to two unique numbers 2.0 => [2, 0]
+  def self.vers_to_nums (vers)
+    vers_maj = vers.to_i
+    vers_min = ((vers.to_f - vers.to_i) * 10).to_i
+    return vers_maj, vers_min
+  end
+end
+end
+end
+end

data/lib/rex/proto/dcerpc/wdscp.rb ADDED

@@ -0,0 +1,3 @@
+# -*- coding: binary -*-
+require 'rex/proto/dcerpc/wdscp/constants'
+require 'rex/proto/dcerpc/wdscp/packet'

data/lib/rex/proto/dcerpc/wdscp/constants.rb ADDED

@@ -0,0 +1,89 @@
+# -*- coding: binary -*-
+module Rex
+module Proto
+module DCERPC
+module WDSCP
+# http://msdn.microsoft.com/en-us/library/dd891406(prot.20).aspx
+# http://msdn.microsoft.com/en-us/library/dd541332(prot.20).aspx
+# Not all values defined by the spec have been imported...
+class Constants
+    WDSCP_RPC_UUID		= "1A927394-352E-4553-AE3F-7CF4AAFCA620"
+    OS_DEPLOYMENT_GUID 	= "\x5a\xeb\xde\xd8\xfd\xef\xb2\x43\x99\xfc\x1a\x8a\x59\x21\xc2\x27"
+    VAR_NAME_ARCHITECTURE 	= "ARCHITECTURE"
+    VAR_NAME_CLIENT_GUID 	= "CLIENT_GUID"
+    VAR_NAME_CLIENT_MAC 	= "CLIENT_MAC"
+    VAR_NAME_VERSION 	= "VERSION"
+    VAR_NAME_MESSAGE_TYPE 	= "MESSAGE_TYPE"
+    VAR_NAME_TRANSACTION_ID = "TRANSACTION_ID"
+    VAR_NAME_FLAGS		= "FLAGS"
+    VAR_NAME_CC		= "CC" #Client Capabilities
+    VAR_NAME_IMDC		= "IMDC"
+    VAR_TYPE_LOOKUP = {
+      VAR_NAME_ARCHITECTURE 	=> :ULONG,
+      VAR_NAME_CLIENT_GUID	=> :WSTRING,
+      VAR_NAME_CLIENT_MAC	=> :WSTRING,
+      VAR_NAME_VERSION	=> :ULONG,
+      VAR_NAME_MESSAGE_TYPE	=> :ULONG,
+      VAR_NAME_TRANSACTION_ID	=> :WSTRING,
+      VAR_NAME_FLAGS		=> :ULONG,
+      VAR_NAME_CC		=> :ULONG,
+      VAR_NAME_IMDC		=> :ULONG
+    }
+    CC_FLAGS = {
+      :V2	=> 1,
+      :VHDX	=> 2
+    }
+    DOMAIN_JOIN_FLAGS = {
+      :JOIN_DOMAIN		=> 1,
+      :ACCOUNT_EXISTS		=> 2,
+      :PRESTAGE_USING_MAC	=> 3,
+      :RESET_BOOT_PROGRAM	=> 256
+    }
+    ARCHITECTURE = {
+      :X64 	=> 9,
+      :X86 	=> 0,
+      :IA64 	=> 6,
+      :ARM 	=> 5
+    }
+    PACKET_TYPE = {
+      :REQUEST 	=> 1,
+      :REPLY 		=> 2
+    }
+    OPCODE = {
+      :IMG_ENUMERATE 			=> 2,
+      :LOG_INIT 			=> 3,
+      :LOG_MSG 			=> 4,
+      :GET_CLIENT_UNATTEND 		=> 5,
+      :GET_UNATTEND_VARIABLES 	=> 6,
+      :GET_DOMAIN_JOIN_INFORMATION 	=> 7,
+      :RESET_BOOT_PROGRAM 		=> 8,
+      :GET_MACHINE_DRIVER_PACKAGES 	=> 200
+    }
+    BASE_TYPE = {
+      :BYTE		=> 0x0001,
+      :USHORT 	=> 0x0002,
+      :ULONG	 	=> 0x0004,
+      :ULONG64 	=> 0x0008,
+      :STRING 	=> 0x0010,
+      :WSTRING	=> 0x0020,
+      :BLOB	 	=> 0x0040
+    }
+    TYPE_MODIFIER = {
+      :NONE 	=> 0x0000,
+      :ARRAY 	=> 0x1000
+    }
+end
+end
+end
+end
+end

data/lib/rex/proto/dcerpc/wdscp/packet.rb ADDED

@@ -0,0 +1,94 @@
+# -*- coding: binary -*-
+module Rex
+module Proto
+module DCERPC
+module WDSCP
+class Packet
+  WDS_CONST 	= Rex::Proto::DCERPC::WDSCP::Constants
+  def initialize(packet_type, opcode)
+    if opcode.nil? || packet_type.nil?
+      raise(ArgumentError, "Packet arguments cannot be nil")
+    end
+    @variables = []
+    @packet_type = WDS_CONST::PACKET_TYPE[packet_type]
+    @opcode = WDS_CONST::OPCODE[opcode]
+  end
+  def add_var(name, type_mod=0, value_length=nil, array_size=0, value)
+    padding = 0
+    vt = WDS_CONST::VAR_TYPE_LOOKUP[name]
+    value_type = WDS_CONST::BASE_TYPE[vt]
+    name = Rex::Text.to_unicode(name).unpack('H*')[0]
+    # Terminate strings with null char
+    if vt == :STRING
+      value << "\x00"
+    elsif vt == :WSTRING
+      value = Rex::Text.to_unicode(value)
+      value << "\x00\x00"
+    end
+    value_length ||= value.length
+    # Variable block total size should be evenly divisible by 16.
+    len = 16 * (1 + (value_length/16))
+    @variables <<
+      [	name,
+        padding,
+        value_type,
+        type_mod,
+        value_length,
+        array_size,
+        value
+      ].pack('H132vvvVVa%i' % len)
+  end
+  def create
+    packet = []
+    var_count = @variables.count
+    packet_size = 0
+    @variables.each do |var|
+      packet_size += var.length
+    end
+    # variables + operation
+    packet_size += 16
+    # These bytes are not part of the spec but are not part of DCERPC according to Wireshark
+    # Perhaps something from MSRPC specific? Basically length of the WDSCP packet twice...
+    packet << [(packet_size+40)].pack('V') * 2
+    packet << create_endpoint_header(packet_size)
+    packet << create_operation_header(packet_size, var_count, @packet_type, @opcode)
+    packet.concat(@variables)
+    return packet.join
+  end
+  def create_operation_header(packet_size, var_count, packet_type=:REQUEST, opcode)
+    return 	[
+        packet_size, # PacketSize
+        256,         # Version
+        packet_type, # Packet_Type
+        0,           # Padding
+        opcode,      # Opcode
+        var_count,   # Variable Count
+      ].pack('VvCCVV')
+  end
+  def create_endpoint_header(packet_size)
+    return [
+        40,                            # Header_Size
+        256,                           # Version
+        packet_size,                   # Packet_Size - This doesn't differ from operation header despite the spec...
+        WDS_CONST::OS_DEPLOYMENT_GUID, # GUID
+        "\x00"*16,                     # Reserved
+      ].pack('vvVa16a16')
+  end
+end
+end
+end
+end
+end

data/lib/rex/proto/dhcp.rb ADDED

@@ -0,0 +1,7 @@
+# -*- coding: binary -*-
+#
+# DHCP Server support written by scriptjunkie
+#
+require 'rex/proto/dhcp/constants'
+require 'rex/proto/dhcp/server'

data/lib/rex/proto/dhcp/constants.rb ADDED

@@ -0,0 +1,34 @@
+# -*- coding: binary -*-
+require 'rex/proto/dhcp'
+module Rex
+module Proto
+module DHCP
+Request = 1
+Response = 2
+DHCPDiscover = 1
+DHCPOffer = 2
+DHCPRequest = 3
+DHCPAck = 5
+DHCPMagic = "\x63\x82\x53\x63"
+OpDHCPServer = 0x36
+OpLeaseTime = 0x33
+OpSubnetMask = 1
+OpRouter = 3
+OpDns = 6
+OpHostname = 0x0c
+OpEnd = 0xff
+PXEMagic = "\xF1\x00\x74\x7E"
+OpPXEMagic = 0xD0
+OpPXEConfigFile = 0xD1
+OpPXEPathPrefix = 0xD2
+OpPXERebootTime = 0xD3
+end
+end
+end

data/lib/rex/proto/dhcp/server.rb ADDED

@@ -0,0 +1,334 @@
+# -*- coding: binary -*-
+require 'rex/socket'
+require 'rex/proto/dhcp'
+module Rex
+module Proto
+module DHCP
+##
+#
+# DHCP Server class
+# not completely configurable - written specifically for a PXE server
+# - scriptjunkie
+#
+# extended to support testing/exploiting CVE-2011-0997
+# - apconole@yahoo.com
+##
+class Server
+  include Rex::Socket
+  def initialize(hash, context = {})
+    self.listen_host = '0.0.0.0' # clients don't already have addresses. Needs to be 0.0.0.0
+    self.listen_port = 67 # mandatory (bootps)
+    self.context = context
+    self.sock = nil
+    self.myfilename = hash['FILENAME'] || ""
+    self.myfilename << ("\x00" * (128 - self.myfilename.length))
+    source = hash['SRVHOST'] || Rex::Socket.source_address
+    self.ipstring = Rex::Socket.addr_aton(source)
+    ipstart = hash['DHCPIPSTART']
+    if ipstart
+      self.start_ip = Rex::Socket.addr_atoi(ipstart)
+    else
+      # Use the first 3 octects of the server's IP to construct the
+      # default range of x.x.x.32-254
+      self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first
+    end
+    self.current_ip = start_ip
+    ipend = hash['DHCPIPEND']
+    if ipend
+      self.end_ip = Rex::Socket.addr_atoi(ipend)
+    else
+      # Use the first 3 octects of the server's IP to construct the
+      # default range of x.x.x.32-254
+      self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first
+    end
+    # netmask
+    netmask = hash['NETMASK'] || "255.255.255.0"
+    self.netmaskn = Rex::Socket.addr_aton(netmask)
+    # router
+    router = hash['ROUTER'] || source
+    self.router = Rex::Socket.addr_aton(router)
+    # dns
+    dnsserv = hash['DNSSERVER'] || source
+    self.dnsserv = Rex::Socket.addr_aton(dnsserv)
+    # broadcast
+    if hash['BROADCAST']
+      self.broadcasta = Rex::Socket.addr_aton(hash['BROADCAST'])
+    else
+      self.broadcasta = Rex::Socket.addr_itoa( self.start_ip | (Rex::Socket.addr_ntoi(self.netmaskn) ^ 0xffffffff) )
+    end
+    self.served = {}
+    self.serveOnce = hash.include?('SERVEONCE')
+    self.servePXE = (hash.include?('PXE') or hash.include?('FILENAME') or hash.include?('PXEONLY'))
+    self.serveOnlyPXE = hash.include?('PXEONLY')
+    # Always assume we don't give out hostnames ...
+    self.give_hostname = false
+    self.served_over = 0
+    if (hash['HOSTNAME'])
+      self.give_hostname = true
+      self.served_hostname = hash['HOSTNAME']
+      if ( hash['HOSTSTART'] )
+        self.served_over = hash['HOSTSTART'].to_i
+      end
+    end
+    self.leasetime = 600
+    self.relayip = "\x00\x00\x00\x00" # relay ip - not currently suported
+    self.pxeconfigfile = "update2"
+    self.pxealtconfigfile = "update0"
+    self.pxepathprefix = ""
+    self.pxereboottime = 2000
+  end
+  def report(&block)
+    self.reporter = block
+  end
+  # Start the DHCP server
+  def start
+    self.sock = Rex::Socket::Udp.create(
+      'LocalHost' => listen_host,
+      'LocalPort' => listen_port,
+      'Context'   => context
+    )
+    self.thread = Rex::ThreadFactory.spawn("DHCPServerMonitor", false) {
+      monitor_socket
+    }
+  end
+  # Stop the DHCP server
+  def stop
+    self.thread.kill
+    self.served = {}
+    self.sock.close rescue nil
+  end
+  # Set an option
+  def set_option(opts)
+    allowed_options = [
+      :serveOnce, :pxealtconfigfile, :servePXE, :relayip, :leasetime, :dnsserv,
+      :pxeconfigfile, :pxepathprefix, :pxereboottime, :router,
+      :give_hostname, :served_hostname, :served_over, :serveOnlyPXE
+    ]
+    opts.each_pair { |k,v|
+      next if not v
+      if allowed_options.include?(k)
+        self.instance_variable_set("@#{k}", v)
+      end
+    }
+  end
+  # Send a single packet to the specified host
+  def send_packet(ip, pkt)
+    port = 68 # bootpc
+    if ip
+      self.sock.sendto( pkt, ip, port )
+    else
+      if not self.sock.sendto( pkt, '255.255.255.255', port )
+        self.sock.sendto( pkt, self.broadcasta, port )
+      end
+    end
+  end
+  attr_accessor :listen_host, :listen_port, :context, :leasetime, :relayip, :router, :dnsserv
+  attr_accessor :sock, :thread, :myfilename, :ipstring, :served, :serveOnce
+  attr_accessor :current_ip, :start_ip, :end_ip, :broadcasta, :netmaskn
+  attr_accessor :servePXE, :pxeconfigfile, :pxealtconfigfile, :pxepathprefix, :pxereboottime, :serveOnlyPXE
+  attr_accessor :give_hostname, :served_hostname, :served_over, :reporter
+protected
+  # See if there is anything to do.. If so, dispatch it.
+  def monitor_socket
+    while true
+      rds = [@sock]
+      wds = []
+      eds = [@sock]
+      r,w,e = ::IO.select(rds,wds,eds,1)
+      if (r != nil and r[0] == self.sock)
+        buf,host,port = self.sock.recvfrom(65535)
+        # Lame compatabilitiy :-/
+        from = [host, port]
+        dispatch_request(from, buf)
+      end
+    end
+  end
+  def dhcpoption(type, val = nil)
+    ret = ''
+    ret << [type].pack('C')
+    if val
+      ret << [val.length].pack('C') + val
+    end
+    ret
+  end
+  # Dispatch a packet that we received
+  def dispatch_request(from, buf)
+    type = buf.unpack('C').first
+    if (type != Request)
+      #dlog("Unknown DHCP request type: #{type}")
+      return
+    end
+    # parse out the members
+    hwtype = buf[1,1]
+    hwlen = buf[2,1].unpack("C").first
+    hops = buf[3,1]
+    txid = buf[4..7]
+    elapsed = buf[8..9]
+    flags = buf[10..11]
+    clientip = buf[12..15]
+    givenip = buf[16..19]
+    nextip = buf[20..23]
+    relayip = buf[24..27]
+    clienthwaddr = buf[28..(27+hwlen)]
+    servhostname = buf[44..107]
+    filename = buf[108..235]
+    magic = buf[236..239]
+    if (magic != DHCPMagic)
+      #dlog("Invalid DHCP request - bad magic.")
+      return
+    end
+    messageType = 0
+    pxeclient = false
+    # options parsing loop
+    spot = 240
+    while (spot < buf.length - 3)
+      optionType = buf[spot,1].unpack("C").first
+      break if optionType == 0xff
+      optionLen = buf[spot + 1,1].unpack("C").first
+      optionValue = buf[(spot + 2)..(spot + optionLen + 1)]
+      spot = spot + optionLen + 2
+      if optionType == 53
+        messageType = optionValue.unpack("C").first
+      elsif optionType == 150 or (optionType == 60 and optionValue.include? "PXEClient")
+        pxeclient = true
+      end
+    end
+    # don't serve if only serving PXE and not PXE request
+    return if pxeclient == false and self.serveOnlyPXE == true
+    # prepare response
+    pkt = [Response].pack('C')
+    pkt << buf[1..7] #hwtype, hwlen, hops, txid
+    pkt << "\x00\x00\x00\x00"  #elapsed, flags
+    pkt << clientip
+    # if this is somebody we've seen before, use the saved IP
+    if self.served.include?( buf[28..43] )
+      pkt << Rex::Socket.addr_iton(self.served[buf[28..43]][0])
+    else # otherwise go to next ip address
+      self.current_ip += 1
+      if self.current_ip > self.end_ip
+        self.current_ip = self.start_ip
+      end
+      self.served.merge!( buf[28..43] => [ self.current_ip, messageType == DHCPRequest ] )
+      pkt << Rex::Socket.addr_iton(self.current_ip)
+    end
+    pkt << self.ipstring #next server ip
+    pkt << self.relayip
+    pkt << buf[28..43] #client hw address
+    pkt << servhostname
+    pkt << self.myfilename
+    pkt << magic
+    pkt << "\x35\x01" #Option
+    if messageType == DHCPDiscover  #DHCP Discover - send DHCP Offer
+      pkt << [DHCPOffer].pack('C')
+      # check if already served an Ack based on hw addr (MAC address)
+      # if serveOnce & PXE, don't reply to another PXE request
+      # if serveOnce & ! PXE, don't reply to anything
+      if self.serveOnce == true and self.served.has_key?(buf[28..43]) and
+          self.served[buf[28..43]][1] and (pxeclient == false or self.servePXE == false)
+        return
+      end
+    elsif messageType == DHCPRequest #DHCP Request - send DHCP ACK
+      pkt << [DHCPAck].pack('C')
+      # now we ignore their discovers (but we'll respond to requests in case a packet was lost)
+      if ( self.served_over != 0 )
+        # NOTE: this is sufficient for low-traffic net
+        # for high-traffic, this will probably lead to
+        # hostname collision
+        self.served_over += 1
+      end
+    else
+      return  # ignore unknown DHCP request
+    end
+    # Options!
+    pkt << dhcpoption(OpDHCPServer, self.ipstring)
+    pkt << dhcpoption(OpLeaseTime, [self.leasetime].pack('N'))
+    pkt << dhcpoption(OpSubnetMask, self.netmaskn)
+    pkt << dhcpoption(OpRouter, self.router)
+    pkt << dhcpoption(OpDns, self.dnsserv)
+    if self.servePXE  # PXE options
+      pkt << dhcpoption(OpPXEMagic, PXEMagic)
+      # We already got this one, serve localboot file
+      if self.serveOnce == true and self.served.has_key?(buf[28..43]) and
+          self.served[buf[28..43]][1] and pxeclient == true
+        pkt << dhcpoption(OpPXEConfigFile, self.pxealtconfigfile)
+      else
+        # We are handing out an IP and our PXE attack
+        if(self.reporter)
+          self.reporter.call(buf[28..43],self.ipstring)
+        end
+        pkt << dhcpoption(OpPXEConfigFile, self.pxeconfigfile)
+      end
+      pkt << dhcpoption(OpPXEPathPrefix, self.pxepathprefix)
+      pkt << dhcpoption(OpPXERebootTime, [self.pxereboottime].pack('N'))
+      if ( self.give_hostname == true )
+        send_hostname = self.served_hostname
+        if ( self.served_over != 0 )
+          # NOTE : see above comments for the 'uniqueness' of this value
+          send_hostname += self.served_over.to_s
+        end
+        pkt << dhcpoption(OpHostname, send_hostname)
+      end
+    end
+    pkt << dhcpoption(OpEnd)
+    pkt << ("\x00" * 32) #padding
+    # And now we mark as requested
+    self.served[buf[28..43]][1] = true if messageType == DHCPRequest
+    send_packet(nil, pkt)
+  end
+end
+end
+end
+end