librex 0.0.1 → 0.0.3

data/lib/rex/proto/tftp/server.rb.ut.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+#
+# $Revision: 9333 $
+#
+# $Id: server.rb.ut.rb 9333 2010-05-21 00:03:04Z jduck $
+#
+
+require 'rex/compat'
+require 'rex/proto/tftp'
+
+content = nil
+
+fn = ARGV.shift
+if (fn and fn.length > 0)
+	File.open(fn, "rb") do |fd|
+		content = fd.read(fd.stat.size)
+	end
+end
+
+content ||= "A" * (1024*1024)
+
+
+tftp = Rex::Proto::TFTP::Server.new
+tftp.register_file("poo", content)
+tftp.start
+
+#loop { break if not tftp.thread.alive? }
+tftp.thread.join

data/lib/rex/script/meterpreter.rb

@@ -3,6 +3,12 @@ module Rex
 module Script
 class Meterpreter < Base
 
+begin
+	require 'msf/scripts/meterpreter'
+	include Msf::Scripts::Meterpreter::Common
+rescue ::LoadError
+end
+
 end
 end
 end

data/lib/rex/services/local_relay.rb

@@ -370,7 +370,7 @@ protected
 
 			# Poll all the streams...
 			begin
-				socks = select(rfds, nil, nil, 0.25)
+				socks = Rex::ThreadSafe.select(rfds, nil, nil, 0.25)
 			rescue StreamClosedError => e
 				dlog("monitor_relays: closing stream #{e.stream}", 'rex', LEV_3)
 
@@ -384,7 +384,7 @@ protected
 
 				next
 			rescue
-				elog("Error in #{self} monitor_relays select: #{$!}", 'rex')
+				elog("Error in #{self} monitor_relays select: #{$!.class} #{$!}", 'rex')
 				return
 			end
 

data/lib/rex/socket/ip.rb

@@ -19,7 +19,7 @@ module Rex::Socket::Ip
 	# Creates the client using the supplied hash.
 	#
 	def self.create(hash = {})
-		hash['Proto'] = 'ip' 
+		hash['Proto'] = 'ip'
 		self.create_param(Rex::Socket::Parameters.from_hash(hash))
 	end
 
@@ -65,7 +65,7 @@ module Rex::Socket::Ip
 	#
 	def sendto(gram, peerhost, flags = 0)
 		dest = ::Socket.pack_sockaddr_in(0, peerhost)
-		
+
 		# Some BSDs require byteswap for len and offset
 		if(
 			Rex::Compat.is_freebsd or
@@ -82,8 +82,8 @@ module Rex::Socket::Ip
 			send(gram, flags, dest)
 		rescue  ::Errno::EHOSTUNREACH,::Errno::ENETDOWN,::Errno::ENETUNREACH,::Errno::ENETRESET,::Errno::EHOSTDOWN,::Errno::EACCES,::Errno::EINVAL,::Errno::EADDRNOTAVAIL
 			return nil
-		end		
-		
+		end
+
 	end
 
 	#
@@ -92,7 +92,7 @@ module Rex::Socket::Ip
 	#
 	def recvfrom(length = 65535, timeout=def_read_timeout)
 		begin
-			if ((rv = Kernel.select([ fd ], nil, nil, timeout)) and
+			if ((rv = ::IO.select([ fd ], nil, nil, timeout)) and
 			    (rv[0]) and (rv[0][0] == fd)
 			   )
 					data, saddr    = super(length)
@@ -106,7 +106,7 @@ module Rex::Socket::Ip
 			return [ '', nil ]
 		end
 	end
-	
+
 	#
 	# Calls recvfrom and only returns the data
 	#
@@ -114,16 +114,17 @@ module Rex::Socket::Ip
 		data, saddr = recvfrom(65535, timeout)
 		return data
 	end
-	
+
 	#
 	# The default number of seconds to wait for a read operation to timeout.
 	#
 	def def_read_timeout
 		10
-	end	
+	end
 
 	def type?
 		return 'ip'
 	end
 
 end
+

data/lib/rex/socket/range_walker.rb

@@ -27,20 +27,46 @@ class RangeWalker
 		reset
 	end
 
+	#
+	# Calls the instance method
+	#
+	# This is basically only useful for determining if a range can be parsed
+	#
 	def self.parse(parseme)
 		self.new.parse(parseme)
 	end
 
+	#
+	# Turn a human-readable range string into ranges we can step through one address at a time.
+	#
+	# Allow the following formats:
+	#	"a.b.c.d e.f.g.h"
+	#	"a.b.c.d, e.f.g.h"
+	# where each chunk is CIDR notation, (e.g. '10.1.1.0/24') or a range in nmap format (see expand_nmap)
+	#
+	# OR this format
+	#	"a.b.c.d-e.f.g.h"
+	# where a.b.c.d and e.f.g.h are single IPs and the second must be
+	# bigger than the first.
+	#
 	def parse(parseme)
 		return nil if not parseme
 		ranges = []
-		parseme.split(' ').each { |arg|
+		parseme.split(', ').map{ |a| a.split(' ') }.flatten.each { |arg|
 			if arg.include?("/")
 				# Then it's CIDR notation and needs special case
-				if arg =~ /[,-]/
-					# Improper CIDR notation (can't mix with 1,3 or 1-3 style IP ranges)
-					return false
+				return false if arg =~ /[,-]/ # Improper CIDR notation (can't mix with 1,3 or 1-3 style IP ranges)
+				return false if arg.scan("/").size > 1 # ..but there are too many slashes
+				ip_part,mask_part = arg.split("/")
+				return false if ip_part.nil? or ip_part.empty? or mask_part.nil? or mask_part.empty?
+				return false if mask_part !~ /^[0-9]{1,2}$/ # Illegal mask -- numerals only
+				return false if mask_part.to_i > 32 # This too -- between 0 and 32.
+				begin
+					Rex::Socket.addr_atoi(ip_part) # This allows for "www.metasploit.com/24" which is fun.
+				rescue Resolv::ResolvError
+					return false # Can't resolve the ip_part, so bail.
 				end
+
 				expanded = expand_cidr(arg)
 				if expanded
 					ranges += expanded
@@ -58,6 +84,16 @@ class RangeWalker
 				# unmolested to force a DNS lookup.
 				addr = Rex::Socket.addr_atoi(arg)
 				ranges.push [addr, addr]
+			elsif arg =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/
+				# Then it's in the format of 1.2.3.4-5.6.7.8
+				# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
+				begin 
+					addrs = [Rex::Socket.addr_atoi($1), Rex::Socket.addr_atoi($2)]
+					return false if addrs[0] > addrs[1] # The end is greater than the beginning.
+					ranges.push [addrs[0], addrs[1]]
+				rescue Resolv::ResolvError # Something's broken, forget it.
+					return false
+				end
 			else
 				expanded = expand_nmap(arg)
 				if expanded
@@ -274,14 +310,16 @@ class RangeWalker
 	#
 	# The total number of IPs within the range
 	#
-	attr_reader :ranges
 	attr_reader :length
 
 	# for backwards compatibility
 	alias :num_ips :length
 
+	attr_reader :ranges
+
 end
 
+# :nodoc:
 class Range < Array
 	def start; self[0]; end
 	def stop;  self[1]; end

data/lib/rex/socket/udp.rb

@@ -72,7 +72,7 @@ module Rex::Socket::Udp
 	#
 	def timed_read(length = 65535, timeout=def_read_timeout)
 		begin
-			if ((rv = Kernel.select([ fd ], nil, nil, timeout)) and
+			if ((rv = ::IO.select([ fd ], nil, nil, timeout)) and
 			    (rv[0]) and (rv[0][0] == fd)
 			   )
 					return read(length)
@@ -101,7 +101,10 @@ module Rex::Socket::Udp
 		# Catch unconnected IPv6 sockets talking to IPv4 addresses
 		peer = Rex::Socket.resolv_nbo(peerhost)
 		if (peer.length == 4 and self.ipv == 6)
-			peerhost = '::ffff:' + Rex::Socket.getaddress(peerhost)
+			peerhost = Rex::Socket.getaddress(peerhost)
+			if peerhost[0,7].downcase != '::ffff:'
+				peerhost = '::ffff:' + peerhost
+			end
 		end
 
 		begin
@@ -119,7 +122,7 @@ module Rex::Socket::Udp
 	def recvfrom(length = 65535, timeout=def_read_timeout)
 
 		begin
-			if ((rv = Kernel.select([ fd ], nil, nil, timeout)) and
+			if ((rv = ::IO.select([ fd ], nil, nil, timeout)) and
 			    (rv[0]) and (rv[0][0] == fd)
 			   )
 					data, saddr    = recvfrom_nonblock(length)
@@ -129,7 +132,11 @@ module Rex::Socket::Udp
 			else
 				return [ '', nil, nil ]
 			end
-		rescue Exception
+		rescue ::Timeout::Error
+			return [ '', nil, nil ]
+		rescue ::Interrupt
+			raise $!
+		rescue ::Exception
 			return [ '', nil, nil ]
 		end
 	end

data/lib/rex/text.rb

@@ -39,6 +39,10 @@ module Text
 	AllChars     = [*(0x00 .. 0xff)].pack("C*")
 
 	DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ]
+	
+	# In case Iconv isn't loaded
+	Iconv_EBCDIC = ["\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05", "%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "<", "=", "2", "&", "\x18", "\x19", "?", "'", "\x1C", "\x1D", "\x1E", "\x1F", "@", "Z", "\x7F", "{", "[", "l", "P", "}", "M", "]", "\\", "N", "k", "`", "K", "a", "\xF0", "\xF1", "\xF2", "\xF3", "\xF4", "\xF5", "\xF6", "\xF7", "\xF8", "\xF9", "z", "^", "L", "~", "n", "o", "|", "\xC1", "\xC2", "\xC3", "\xC4", "\xC5", "\xC6", "\xC7", "\xC8", "\xC9", "\xD1", "\xD2", "\xD3", "\xD4", "\xD5", "\xD6", "\xD7", "\xD8", "\xD9", "\xE2", "\xE3", "\xE4", "\xE5", "\xE6", "\xE7", "\xE8", "\xE9", nil, "\xE0", nil, nil, "m", "y", "\x81", "\x82", "\x83", "\x84", "\x85", "\x86", "\x87", "\x88", "\x89", "\x91", "\x92", "\x93", "\x94", "\x95", "\x96", "\x97", "\x98", "\x99", "\xA2", "\xA3", "\xA4", "\xA5", "\xA6", "\xA7", "\xA8", "\xA9", "\xC0", "O", "\xD0", "\xA1", "\a", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
+	Iconv_ASCII  = ["\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\a", "\b", "\t", "\n", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x19", "\x1A", "\e", "\x1C", "\x1D", "\x1E", "\x1F", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", nil, "\\", nil, nil, "_", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "\x7F", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
 
 	##
 	#
@@ -139,13 +143,43 @@ module Text
 	#
 	# Converts ASCII to EBCDIC
 	#
+	class IllegalSequence < ArgumentError; end
+
+	# A native implementation of the ASCII->EBCDIC table, used to fall back from using
+	# Iconv
+	def self.to_ebcdic_rex(str)
+		new_str = []
+		str.each_byte do |x| 
+			if Iconv_ASCII.index(x.chr)
+				new_str << Iconv_EBCDIC[Iconv_ASCII.index(x.chr)]
+			else
+				raise Rex::Text::IllegalSequence, ("\\x%x" % x)
+			end
+		end
+		new_str.join
+	end
+
+	# A native implementation of the EBCDIC->ASCII table, used to fall back from using
+	# Iconv
+	def self.from_ebcdic_rex(str)
+		new_str = []
+		str.each_byte do |x| 
+			if Iconv_EBCDIC.index(x.chr)
+				new_str << Iconv_ASCII[Iconv_EBCDIC.index(x.chr)]
+			else
+				raise Rex::Text::IllegalSequence, ("\\x%x" % x)
+			end
+		end
+		new_str.join
+	end
+
 	def self.to_ebcdic(str)
 		begin
 			Iconv.iconv("EBCDIC-US", "ASCII", str).first
 		rescue ::Iconv::IllegalSequence => e
 			raise e
 		rescue
-			raise ::RuntimeError, "Your installation does not support iconv (needed for EBCDIC conversion)"
+			self.to_ebcdic_rex(str)
 		end
 	end
 
@@ -158,7 +192,7 @@ module Text
 		rescue ::Iconv::IllegalSequence => e
 			raise e
 		rescue
-			raise ::RuntimeError, "Your installation does not support iconv (needed for EBCDIC conversion)"
+			self.from_ebcdic_rex(str)
 		end
 	end
 
@@ -463,7 +497,7 @@ module Text
 		coords = []
 		(1 << str.size).times { |i| coords << ("%0#{str.size}b" % i) }
 		mixed = []
-		coords.each do |coord| 
+		coords.each do |coord|
 			c = coord.scan(/./).map {|x| x.to_i}
 			this_str = ""
 			c.each_with_index { |d,i| this_str << letters[i][d] }
@@ -626,22 +660,11 @@ module Text
 
 	# Base text generator method
 	def self.rand_base(len, bad, *foo)
-		# Remove restricted characters
-		(bad || '').split('').each { |c| foo.delete(c) }
-
-		# Return nil if all bytes are restricted
-		return nil if foo.length == 0
-
-		buff = ""
-
-		# Generate a buffer from the remaining bytes
-		if foo.length >= 256
-			len.times { buff << Kernel.rand(256) }
-		else
-			len.times { buff << foo[ rand(foo.length) ] }
-		end
-
-		return buff
+		cset = (foo.join.unpack("C*") - bad.to_s.unpack("C*")).uniq
+		return if cset.length == 0
+		outp = []
+		len.times { outp << cset[rand(cset.length)] }
+		outp.pack("C*")
 	end
 
 	# Generate random bytes of data

data/lib/rex/ui/interactive.rb

@@ -16,12 +16,12 @@ module Interactive
 	include Rex::Ui::Subscriber
 
 	#
-	# Starts interacting with the session at the most raw level, simply 
+	# Starts interacting with the session at the most raw level, simply
 	# forwarding input from user_input to rstream and forwarding input from
 	# rstream to user_output.
 	#
 	def interact(user_input, user_output)
-	
+
 		# Detach from any existing console
 		if(self.interacting)
 			detach()
@@ -34,13 +34,13 @@ module Interactive
 
 		eof = false
 
-		# Start the readline stdin monitor 
+		# Start the readline stdin monitor
 		# XXX disabled
 		# user_input.readline_start() if user_input.supports_readline
-		
+
 		# Handle suspend notifications
 		handle_suspend
-		
+
 		# As long as we're interacting...
 		while (self.interacting == true)
 
@@ -52,18 +52,18 @@ module Interactive
 				# abort the interaction.  If they do, then we return out of
 				# the interact function and call it a day.
 				eof = true if (_interrupt)
-		
+
 			rescue EOFError, Errno::ECONNRESET, IOError
 				# If we reach EOF or the connection is reset...
 				eof = true
-				
+
 			end
 
 			break if eof
 		end
 
 		begin
-		
+
 			# Restore the suspend handler
 			restore_suspend
 
@@ -73,10 +73,10 @@ module Interactive
 			# Shutdown the readline thread
  			# XXX disabled
 			# user_input.readline_stop() if user_input.supports_readline
-			
+
 			# Detach from the input/output handles
 			reset_ui()
-					
+
 		ensure
 			# Mark this as completed
 			self.completed = true
@@ -93,7 +93,7 @@ module Interactive
 		if (self.interacting)
 			self.interacting = false
 			while(not self.completed)
-				select(nil, nil, nil, 0.25)	
+				::IO.select(nil, nil, nil, 0.25)
 			end
 		end
 	end
@@ -102,14 +102,14 @@ module Interactive
 	# Whether or not the session is currently being interacted with
 	#
 	attr_accessor   :interacting
-	
+
 	#
 	# Whether or not the session has completed interaction
 	#
 	attr_accessor	:completed
 
 protected
-	
+
 	#
 	# The original suspend proc.
 	#
@@ -156,7 +156,7 @@ protected
 	#
 	def _stream_read_local_write_remote(stream)
 		data = user_input.gets
-		
+
 		stream.put(data)
 	end
 
@@ -180,10 +180,10 @@ protected
 	#
 	def interact_stream(stream)
 		while self.interacting
-		
+
 			# Select input and rstream
 			sd = Rex::ThreadSafe.select([ _local_fd, _remote_fd(stream) ], nil, nil, 0.25)
-			
+
 			# Cycle through the items that have data
 			# From the stream?  Write to user_output.
 			sd[0].each { |s|
@@ -194,7 +194,7 @@ protected
 					_stream_read_local_write_remote(stream)
 				end
 			} if (sd)
-			
+
 			Thread.pass
 		end
 	end
@@ -218,13 +218,14 @@ protected
 	# notifications.
 	#
 	def restore_suspend
-		if (orig_suspend)
-			begin
+		begin
+			if (orig_suspend)
 				Signal.trap("TSTP", orig_suspend)
-			rescue
+			else
+				Signal.trap("TSTP", "DEFAULT")
 			end
-
 			self.orig_suspend = nil
+		rescue
 		end
 	end
 
@@ -238,7 +239,7 @@ protected
 			user_input.sysread(2)
 		end
 	end
-	
+
 	#
 	# Check the return value of a yes/no prompt
 	#
@@ -250,3 +251,4 @@ end
 
 end
 end
+