librex 0.0.1

data/lib/rex/proto/smb/utils.rb.ut.rb

@@ -0,0 +1,20 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
+
+require 'rex/test'
+require 'rex/proto/smb/utils'
+
+class Rex::Proto::SMB::Utils::UnitTest < Test::Unit::TestCase
+	
+	Klass = Rex::Proto::SMB::Utils
+
+	def test_nbname
+	
+		nbdecoded = 'METASPLOITROCKS!'
+		nbencoded = 'ENEFFEEBFDFAEMEPEJFEFCEPEDELFDCB'
+		
+		assert_equal(Klass.nbname_encode(nbdecoded),  nbencoded )
+		assert_equal(Klass.nbname_decode(nbencoded),  nbdecoded )
+	end
+end

data/lib/rex/proto/sunrpc.rb

@@ -0,0 +1 @@
+require 'rex/proto/sunrpc/client'

data/lib/rex/proto/sunrpc/client.rb

@@ -0,0 +1,195 @@
+require 'rex/socket'
+require 'rex/encoder/xdr'
+
+module Rex
+module Proto
+module SunRPC
+
+class RPCTimeout < ::Interrupt
+   def initialize(msg = 'Operation timed out.')
+      @msg = msg
+   end
+
+	def to_s
+		@msg
+	end
+end
+
+# XXX: CPORT!
+class Client
+	AUTH_NULL = 0
+	AUTH_UNIX = 1
+
+	PMAP_PROG = 100000
+	PMAP_VERS = 2
+	PMAP_GETPORT = 3
+
+	CALL = 0
+
+	attr_accessor :rhost, :rport, :proto, :program, :version
+	attr_accessor :pport, :call_sock, :timeout, :context
+
+	attr_accessor :should_fragment
+
+	def initialize(opts)
+		self.rhost   = opts[:rhost]
+		self.rport   = opts[:rport]
+		self.program = opts[:program]
+		self.version = opts[:version]
+		self.timeout = opts[:timeout] || 20
+		self.context = opts[:context] || {}
+		self.proto   = opts[:proto]
+
+		if self.proto.downcase !~ /^(tcp|udp)$/
+			raise ::Rex::ArgumentError, 'Protocol is not "tcp" or "udp"'
+		end
+
+		@pport = nil
+
+		@auth_type = AUTH_NULL
+		@auth_data = ''
+
+		@call_sock = nil
+	end
+
+# XXX: Add optional parameter to have proto be something else
+	def create()
+		proto_num = 0
+		if @proto.eql?('tcp')
+			proto_num = 6
+		elsif @proto.eql?('udp')
+			proto_num = 17
+		end
+
+		buf =
+			Rex::Encoder::XDR.encode(CALL, 2, PMAP_PROG, PMAP_VERS, PMAP_GETPORT,
+				@auth_type, [@auth_data, 400], AUTH_NULL, '',
+				@program, @version, proto_num, 0)
+
+		sock = make_rpc(@proto, @rhost, @rport)
+		send_rpc(sock, buf)
+		ret = recv_rpc(sock)
+		close_rpc(sock)
+
+		return ret
+	end
+
+	def call(procedure, buffer, maxwait = self.timeout)
+		buf =
+			Rex::Encoder::XDR.encode(CALL, 2, @program, @version, procedure,
+				@auth_type, [@auth_data, 400], AUTH_NULL, '')+
+			buffer
+
+		if ! @call_sock
+			@call_sock = make_rpc(@proto, @rhost, @pport)
+		end
+
+		send_rpc(@call_sock, buf)
+		recv_rpc(@call_sock, maxwait)
+	end
+
+	def destroy
+		close_rpc(@call_sock) if @call_sock
+		@call_sock = nil
+	end
+
+	def authnull_create
+		@auth_type = AUTH_NULL
+		@auth_data = ''
+	end
+
+	def authunix_create(host, uid, gid, groupz)
+		raise ::Rex::ArgumentError, 'Hostname length is too long' if host.length > 255
+# 10?
+		raise ::Rex::ArgumentError, 'Too many groups' if groupz.length > 10
+
+		@auth_type = AUTH_UNIX
+		@auth_data =
+			Rex::Encoder::XDR.encode(0, host, uid, gid, groupz) # XXX: TIME! GROUPZ?!
+	end
+
+# XXX: Dirty, integrate some sort of request system into create/call?
+	def portmap_req(host, port, rpc_vers, procedure, buffer)
+		buf = Rex::Encoder::XDR.encode(CALL, 2, PMAP_PROG, rpc_vers, procedure,
+			AUTH_NULL, '', AUTH_NULL, '') + buffer
+
+		sock = make_rpc('tcp', host, port)
+		send_rpc(sock, buf)
+		ret = recv_rpc(sock)
+		close_rpc(sock)
+
+		return ret
+	end
+
+	private
+	def make_rpc(proto, host, port)
+		Rex::Socket.create(
+			'PeerHost'	=> host,
+			'PeerPort'	=> port,
+			'Proto'		=> proto,
+			'Timeout'   => self.timeout,
+			'Context'   => self.context
+		)
+	end
+
+	def build_tcp(buf)
+		if !self.should_fragment
+			return Rex::Encoder::XDR.encode(0x80000000 | buf.length) + buf
+		end
+
+		str = buf.dup
+
+		fragmented = ''
+
+		while (str.size > 0)
+			frag = str.slice!(0, rand(3) + 1)
+			len = frag.size
+			if str.size == 0
+				len |= 0x80000000
+			end
+
+			fragmented += Rex::Encoder::XDR.encode(len) + frag
+		end
+
+		return fragmented
+	end
+
+	def send_rpc(sock, buf)
+		buf = gen_xid() + buf
+		if sock.type?.eql?('tcp')
+			buf = build_tcp(buf)
+		end
+		sock.put(buf)
+	end
+
+	def recv_rpc(sock, maxwait=self.timeout)
+
+		buf = nil
+		begin
+			Timeout.timeout(maxwait) { buf = sock.get }
+		rescue ::Timeout
+		end
+
+		return nil if not buf
+
+		buf.slice!(0..3)
+		if sock.type?.eql?('tcp')
+			buf.slice!(0..3)
+		end
+		return buf if buf.length > 1
+		return nil
+	end
+
+	def close_rpc(sock)
+		sock.close
+	end
+
+	def gen_xid
+		return Rex::Encoder::XDR.encode(rand(0xffffffff) + 1)
+	end
+end
+
+end
+end
+end
+

data/lib/rex/script.rb

@@ -0,0 +1,42 @@
+#!/usr/bin/env ruby
+
+module Rex
+
+###
+#
+# This class provides an easy interface for loading and executing ruby
+# scripts.
+#
+###
+module Script
+
+	class Completed < ::RuntimeError
+	end
+
+	#
+	# Reads the contents of the supplied file and exeutes them.
+	#
+	def self.execute_file(file, in_binding = nil)
+		str = ''
+		buf = ::File.read(file, ::File.size(file))
+		execute(buf, in_binding)
+	end
+
+	#
+	# Executes arbitrary ruby from the supplied string.
+	#
+	def self.execute(str, in_binding = nil)
+		begin
+			eval(str, in_binding)
+		rescue Completed
+		end
+	end
+
+end
+
+end
+
+require 'rex/script/base'
+require 'rex/script/shell'
+require 'rex/script/meterpreter'
+

data/lib/rex/script/base.rb

@@ -0,0 +1,59 @@
+module Rex
+module Script
+class Base
+
+	class OutputSink
+		def print(msg); end
+		def print_line(msg); end
+		def print_status(msg); end
+		def print_good(msg); end
+		def print_error(msg); end
+	end
+
+	attr_accessor :client, :framework, :path, :error, :args
+	attr_accessor :session, :sink, :workspace
+
+	def initialize(client, path)
+		self.client    = client
+		self.framework = client.framework
+		self.path      = path
+		self.sink      = OutputSink.new
+
+		if(client.framework.db and client.framework.db.active)
+			self.workspace = client.framework.db.find_workspace( client.workspace.to_s ) || client.framework.db.workspace
+		end
+
+		# Convenience aliases
+		self.session   = self.client
+	end
+
+	def output
+		client.user_output || self.sink
+	end
+
+	def completed
+		raise Rex::Script::Completed
+	end
+
+	def run(args)
+		self.args = args
+		begin
+			eval(::File.read(self.path, ::File.size(self.path)), binding )
+		rescue ::Interrupt
+		rescue ::Rex::Script::Completed
+		rescue ::Exception => e
+			self.error = e
+			raise e
+		end
+	end
+
+	def print(*args);         output.print(*args);          end
+	def print_status(*args);  output.print_status(*args);   end
+	def print_error(*args);   output.print_error(*args);    end
+	def print_good(*args);    output.print_good(*args);     end
+	def print_line(*args);    output.print_line(*args);     end
+
+end
+end
+end
+

data/lib/rex/script/meterpreter.rb

@@ -0,0 +1,9 @@
+
+module Rex
+module Script
+class Meterpreter < Base
+
+end
+end
+end
+

data/lib/rex/script/shell.rb

@@ -0,0 +1,9 @@
+
+module Rex
+module Script
+class Shell < Base
+
+end
+end
+end
+

data/lib/rex/service.rb

@@ -0,0 +1,48 @@
+require 'rex'
+require 'rex/proto'
+
+module Rex
+
+###
+#
+# The service module is used to extend classes that are passed into the
+# service manager start routine.  It provides extra methods, such as reference
+# counting, that are used to track the service instances more uniformly.
+#
+###
+module Service
+	include Ref
+
+	require 'rex/services/local_relay'
+
+	#
+	# Returns the hardcore, as in porno, alias for this service.  This is used
+	# by the service manager to manage singleton services.
+	#
+	def self.hardcore_alias(*args)
+		return "__#{args}"
+	end
+
+	def deref
+		rv = super
+
+		# If there's only one reference, then it's the service managers.
+		if @_references == 1
+			Rex::ServiceManager.stop_service(self)
+		end
+
+		rv
+	end
+
+	#
+	# Calls stop on the service once the ref count drops.
+	#
+	def cleanup
+		stop
+	end
+
+	attr_accessor :alias
+
+end
+
+end

data/lib/rex/service_manager.rb

@@ -0,0 +1,141 @@
+require 'singleton'
+require 'rex'
+require 'rex/service'
+
+module Rex
+
+###
+#
+# This class manages service allocation and interaction.  This class can be
+# used to start HTTP servers and manage them and all that stuff.  Yup.
+#
+###
+class ServiceManager < Hash
+
+	#
+	# This class is a singleton.
+	#
+	include Singleton
+
+	#
+	# Calls the instance method to start a service.
+	#
+	def self.start(klass, *args)
+		self.instance.start(klass, *args)
+	end
+	
+	#
+	# Calls the instance method to stop a service.
+	#
+	def self.stop(klass, *args)
+		self.instance.stop(klass, *args)
+	end
+
+	#
+	# Stop a service using the alias that's associated with it.
+	#
+	def self.stop_by_alias(als)
+		self.instance.stop_by_alias(als)
+	end
+
+	#
+	# Stop the supplied service instance.
+	#
+	def self.stop_service(service)
+		self.instance.stop_service(service)
+	end
+
+	#
+	# Starts a service and assigns it a unique name in the service hash.
+	#
+	def start(klass, *args)
+		# Get the hardcore alias.
+		hals = "#{klass}" + klass.hardcore_alias(*args)
+
+		# Has a service already been constructed for this guy?  If so, increment
+		# its reference count like it aint no thang.
+		if (inst = self[hals])
+			inst.ref
+			return inst
+		end
+
+		inst = klass.new(*args)
+		als  = inst.alias
+
+		# Find an alias that isn't taken.
+		if (self[als])
+			cnt  = 1
+			cnt += 1 while (self[als + " #{cnt}"])
+			als  = inst.alias + " #{cnt}"
+		end
+
+		# Extend the instance as a service.
+		inst.extend(Rex::Service)
+
+		# Re-aliases the instance.
+		inst.alias = als
+
+		# Fire up the engines.  If an error occurs an exception will be 
+		# raised.
+		inst.start
+
+		# Alias associate and initialize reference counting
+		self[als] = self[hals] = inst.refinit
+
+		# Pass the caller a reference
+		inst.ref
+
+		inst
+	end
+
+	#
+	# Stop a service using a given klass and arguments.  These should mirror
+	# what was originally passed to start exactly.  If the reference count of
+	# the service drops to zero the service will be destroyed.
+	#
+	def stop(klass, *args)
+		stop_service(hals[hardcore_alias(klass, *args)])
+	end
+
+	#
+	# Stops a service using the provided alias.
+	#
+	def stop_by_alias(als)
+		stop_service(self[als])
+	end
+
+	#
+	# Stops a service instance.
+	#
+	def stop_service(inst)
+		# Stop the service and be done wif it, but only if the number of
+		# references has dropped to zero
+		if (inst)
+			# Since the instance may have multiple aliases, scan through
+			# all the pairs for matching stuff.
+			self.each_pair { |cals, cinst|
+				self.delete(cals) if (inst == cinst)
+			}
+
+			# Lose the list-held reference to the instance
+			inst.deref
+
+			return true
+		end
+
+		# Return false if the service isn't there
+		return false
+	end
+
+protected
+
+	# 
+	# Returns the alias for a given service instance.
+	#
+	def hardcore_alias(klass, *args)
+		"__#{klass.name}#{args}"
+	end
+	
+end
+
+end