librex 0.0.1

data/lib/rex/socket/ssl_tcp.rb.ut.rb

@@ -0,0 +1,39 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
+
+require 'test/unit'
+require 'rex/socket/ssl_tcp'
+
+class Rex::Socket::SslTcp::UnitTest < Test::Unit::TestCase
+
+	def test_ssltcp
+
+		# Create an SslTcp instance
+		t = nil
+		assert_nothing_raised {
+			t = Rex::Socket::SslTcp.create(
+				'PeerHost' => 'www.google.com',
+				'PeerPort' => 443)
+		}
+		assert_kind_of(Rex::Socket::SslTcp, t, "valid ssl tcp")
+
+		# Send a HEAD request and make sure we get some kind of response
+		head_request = "HEAD / HTTP/1.0\r\n\r\n"
+
+		assert_equal(19, t.put(head_request), "sending head request")
+
+		head_response = ""
+
+		assert_nothing_raised {
+			head_response = t.get(nil) || ""
+		}
+
+		assert_match(/^HTTP\/1./, head_response, "valid head response")
+
+		assert_nothing_raised {
+			t.close
+		}
+	end
+
+end

data/lib/rex/socket/ssl_tcp_server.rb

@@ -0,0 +1,122 @@
+require 'rex/socket'
+require 'rex/socket/tcp_server'
+require 'rex/io/stream_server'
+
+###
+#
+# This class provides methods for interacting with an SSL wrapped TCP server.  It
+# implements the StreamServer IO interface.
+#
+###
+module Rex::Socket::SslTcpServer
+
+	@@loaded_openssl = false
+
+	begin
+		require 'openssl'
+		@@loaded_openssl = true
+	rescue ::Exception
+	end
+
+
+	include Rex::Socket::TcpServer
+
+	##
+	#
+	# Factory
+	#
+	##
+
+	def self.create(hash = {})
+		hash['Proto']  = 'tcp'
+		hash['Server'] = true
+		hash['SSL']    = true
+		self.create_param(Rex::Socket::Parameters.from_hash(hash))
+	end
+
+	#
+	# Wrapper around the base class' creation method that automatically sets
+	# the parameter's protocol to TCP and sets the server flag to true.
+	#
+	def self.create_param(param)
+		param.proto  = 'tcp'
+		param.server = true
+		param.ssl    = true
+		Rex::Socket.create_param(param)
+	end
+
+	def initsock(params = nil)
+		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
+		self.sslctx  = makessl()
+		super
+	end
+
+	def accept(opts = {})
+		sock = super()
+		return if not sock
+
+		begin
+			ssl = OpenSSL::SSL::SSLSocket.new(sock, self.sslctx)
+			ssl.accept
+			sock.extend(Rex::Socket::SslTcp)
+			sock.sslsock = ssl
+			sock.sslctx  = self.sslctx
+			return sock
+
+		rescue ::OpenSSL::SSL::SSLError
+			sock.close
+			nil
+		end
+	end
+
+
+	def makessl
+		key = OpenSSL::PKey::RSA.new(1024){ }
+
+		cert = OpenSSL::X509::Certificate.new
+		cert.version = 2
+		cert.serial = rand(0xFFFFFFFF)
+		# name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
+		subject = OpenSSL::X509::Name.new([
+				["C","US"],
+				['ST', Rex::Text.rand_state()],
+				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
+				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
+				["CN", Rex::Text.rand_hostname],
+			])
+		issuer = OpenSSL::X509::Name.new([
+				["C","US"],
+				['ST', Rex::Text.rand_state()],
+				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
+				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
+				["CN", Rex::Text.rand_hostname],
+			])
+
+		cert.subject = subject
+		cert.issuer = issuer
+		cert.not_before = Time.now - (3600 * 365)
+		cert.not_after = Time.now + (3600 * 365)
+		cert.public_key = key.public_key
+		ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+		cert.extensions = [
+			ef.create_extension("basicConstraints","CA:FALSE"),
+			ef.create_extension("subjectKeyIdentifier","hash"),
+			ef.create_extension("extendedKeyUsage","serverAuth"),
+			ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
+		]
+		ef.issuer_certificate = cert
+		cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+		cert.sign(key, OpenSSL::Digest::SHA1.new)
+
+		ctx = OpenSSL::SSL::SSLContext.new()
+		ctx.key = key
+		ctx.cert = cert
+
+		ctx.session_id_context = Rex::Text.rand_text(16)
+
+		return ctx
+	end
+
+	attr_accessor :sslctx
+end
+

data/lib/rex/socket/ssl_tcp_server.rb.ut.rb

@@ -0,0 +1,51 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
+
+require 'test/unit'
+require 'rex/socket/ssl_tcp_server'
+require 'rex/socket/ssl_tcp'
+
+class Rex::Socket::SslTcpServer::UnitTest < Test::Unit::TestCase
+
+	# XXX.  The client data is sent & decrypted just fine.  The server data is not.  the client thread just spins.  BAH.
+	def test_tcp_server
+		return;
+
+		serv_port = 65433
+		c = nil
+
+		threads = []
+		threads << Thread.new() {
+			serv = Rex::Socket.create_tcp_server('LocalPort' => serv_port, 'SSL' => true)
+			assert_kind_of(Rex::Socket::SslTcpServer, serv, "type => ssl")
+			assert_kind_of(Rex::Socket::TcpServer, serv, "type => tcp")
+			assert_kind_of(Rex::IO::StreamServer, serv, "type => stream")
+			s = serv.accept
+			assert_equal("client_data\n", s.get_once(), "s: get_once")
+			assert_equal(3, s.write("Yo\n"), "s: put Yo")
+			assert(s.methods.include?('<<'))
+			assert(s.methods.include?('>>'))
+			assert(s.methods.include?('has_read_data?'))
+			serv.close
+		}
+
+		threads << Thread.new() {
+			sleep(2)
+			assert_nothing_raised {
+				c = Rex::Socket::SslTcp.create(
+				'PeerHost' => '127.0.0.1',
+				'PeerPort' => serv_port
+				)
+			}
+			assert_kind_of(Rex::Socket::Tcp, c, "TCP")
+			assert_kind_of(Rex::Socket::SslTcp, c, "SSL")
+			assert_equal(12, c.write("client_data\n"), "c: write")
+			assert_equal("Yo\n", c.get_once(), "c: get_once")
+			c.close if (c)
+		}
+
+		threads.each { |aThread|  aThread.join }
+	end
+
+end

data/lib/rex/socket/subnet_walker.rb

@@ -0,0 +1,75 @@
+require 'rex/socket'
+
+module Rex
+module Socket
+
+###
+#
+# This class provides an interface to enumerating a subnet with a supplied
+# netmask.
+#
+###
+class SubnetWalker
+
+	#
+	# Initializes a subnet walker instance using the supplied subnet
+	# information.
+	#
+	def initialize(subnet, netmask)
+		self.subnet  = Socket.resolv_to_dotted(subnet)
+		self.netmask = Socket.resolv_to_dotted(netmask)
+
+		reset
+	end
+
+	#
+	# Resets the subnet walker back to its original state.
+	#
+	def reset
+		self.curr_ip     = self.subnet.split('.')
+		self.num_ips     = (1 << (32 - Socket.net2bitmask(self.netmask).to_i))
+		self.curr_ip_idx = 0
+	end
+
+	#
+	# Returns the next IP address.
+	#
+	def next_ip
+		if (curr_ip_idx >= num_ips)
+			return nil
+		end
+
+		if (curr_ip_idx > 0)
+			self.curr_ip[3] = (curr_ip[3].to_i + 1) % 256
+			self.curr_ip[2] = (curr_ip[2].to_i + 1) % 256 if (curr_ip[3] == 0)
+			self.curr_ip[1] = (curr_ip[1].to_i + 1) % 256 if (curr_ip[2] == 0)
+			self.curr_ip[0] = (curr_ip[0].to_i + 1) % 256 if (curr_ip[1] == 0)
+		end
+
+		self.curr_ip_idx += 1
+	
+		self.curr_ip.join('.')
+	end
+
+	#
+	# The subnet that is being enumerated.
+	#
+	attr_reader :subnet
+	#
+	# The netmask of the subnet.
+	#
+	attr_reader :netmask
+	#
+	# The total number of IPs within the subnet.
+	#
+	attr_reader :num_ips
+
+protected
+
+	attr_writer   :subnet, :netmask, :num_ips # :nodoc:
+	attr_accessor :curr_ip, :curr_ip_idx # :nodoc:
+
+end
+
+end
+end

data/lib/rex/socket/subnet_walker.rb.ut.rb

@@ -0,0 +1,28 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
+
+require 'test/unit'
+require 'rex/socket/subnet_walker'
+
+class Rex::Socket::SubnetWalker::UnitTest < Test::Unit::TestCase
+
+	Klass = Rex::Socket::SubnetWalker
+
+	def test_walker
+		s = Klass.new('10.0.0.0', '255.255.255.0')
+
+		0.upto(255) { |x|
+			assert_equal('10.0.0.' + x.to_s, s.next_ip)
+		}
+		assert_nil(s.next_ip)
+
+		s.reset
+
+		0.upto(255) { |x|
+			assert_equal('10.0.0.' + x.to_s, s.next_ip)
+		}
+		assert_nil(s.next_ip)
+	end
+
+end

data/lib/rex/socket/switch_board.rb

@@ -0,0 +1,272 @@
+require 'singleton'
+require 'thread'
+require 'rex/socket'
+
+module Rex
+module Socket
+
+###
+#
+# This class provides a global routing table that associates subnets with Comm
+# classes.  Comm classes are used to instantiate objects that are tied to
+# remote network entities.  For example, the Local Comm class is used to
+# building network connections directly from the local machine whereas, for
+# instance, a Meterpreter Comm would build a local socket pair that is
+# associated with a connection established by a remote entity.  This can be
+# seen as a uniform way of communicating with hosts through arbitrary
+# channels.
+#
+###
+class SwitchBoard
+
+	include Singleton
+	include Enumerable
+
+	def initialize
+		@_initialized = false
+	end
+	
+	###
+	#
+	# This class represents a logical switch board route.
+	# TODO: Enable this to work with IPv6 addresses
+	#
+	###
+	class Route
+		def initialize(subnet, netmask, comm)
+			self.subnet      = subnet
+			self.netmask     = netmask
+			self.comm        = comm
+			self.subnet_nbo  = Socket.resolv_nbo_i(subnet)
+			self.netmask_nbo = Socket.resolv_nbo_i(netmask)
+		end
+
+		#
+		# Sort according to bitmask
+		#
+		def <=>(other)
+			self.bitmask <=> other.bitmask
+		end
+
+		#
+		# Convert the netmask to a bitmask and cache it.
+		#
+		def bitmask
+			@_bitmask = Socket.net2bitmask(self.netmask) if (@_bitmask == nil)
+			@_bitmask
+		end
+
+		attr_reader :subnet, :netmask, :comm
+		attr_reader :subnet_nbo, :netmask_nbo
+	protected
+		attr_writer :subnet, :netmask, :comm
+		attr_writer :subnet_nbo, :netmask_nbo
+	end
+
+	##
+	#
+	# Class method wrappers
+	#
+	##
+
+	#
+	# Adds a route to the switch board routing table using the supplied Comm
+	# instance.
+	#
+	def self.add_route(subnet, mask, comm)
+		self.instance.add_route(subnet, mask, comm)
+	end
+
+	#
+	# Removes a route from the switch board routing table for the supplied
+	# subnet routing through the supplied Comm instance.
+	#
+	def self.remove_route(subnet, mask, comm)
+		self.instance.remove_route(subnet, mask, comm)
+	end
+
+	#
+	# Flush all the routes from the switch board routing table.
+	#
+	def self.flush_routes
+		self.instance.flush_routes
+	end
+
+	#
+	# Enumerate each route in the routing table.
+	#
+	def self.each(&block)
+		self.instance.each(&block)
+	end
+
+	#
+	# Returns the array of routes.
+	#
+	def self.routes
+		self.instance.routes
+	end
+
+	def self.route_exists?(subnet, mask)
+		self.instance.route_exists?(subnet, mask)
+	end
+
+	#
+	# Returns the Comm instance that should be used for the supplied address.
+	# If no comm can be found, the default Local Comm is returned.
+	#
+	def self.best_comm(addr)
+		self.instance.best_comm(addr)
+	end
+
+	#
+	# Removes all routes that go through the supplied Comm.
+	#
+	def self.remove_by_comm(comm)
+		self.instance.remove_by_comm(comm)
+	end
+
+	##
+	#
+	# Instance methods
+	#
+	##
+
+	#
+	# Adds a route for a given subnet and netmask destined through a given comm
+	# instance.
+	#
+	def add_route(subnet, mask, comm)
+		# If a bitmask was supplied, convert it.
+		netmask = (mask.to_s =~ /^\d+$/) ? Rex::Socket.bit2netmask(mask.to_i) : mask
+		rv      = true
+
+		_init
+
+		mutex.synchronize {
+			# If the route already exists, return false to the caller.
+			if (route_exists?(subnet, netmask) == false)
+				self.routes << Route.new(subnet, netmask, comm)
+			else
+				rv = false
+			end
+		}
+
+		rv
+	end
+
+	#
+	# Removes a route for a given subnet and netmask destined through a given
+	# comm instance.
+	#
+	def remove_route(subnet, mask, comm)
+		# If a bitmask was supplied, convert it.
+		netmask = (mask.to_s =~ /^\d+$/) ? Rex::Socket.bit2netmask(mask.to_i) : mask
+		rv      = false
+
+		_init
+
+		mutex.synchronize {
+			self.routes.delete_if { |route|
+				if (route.subnet == subnet and route.netmask == netmask and route.comm == comm)
+					rv = true
+				else
+					false
+				end
+			}
+		}
+
+		rv
+	end
+
+	#
+	# Flushes all established routes.
+	#
+	def flush_routes
+		_init
+
+		self.routes = Array.new
+	end
+
+	#
+	# Checks to see if a route already exists for the supplied subnet and
+	# netmask.
+	#
+	def route_exists?(subnet, netmask)
+		each { |route|
+			return true if (route.subnet == subnet and route.netmask == netmask)
+		}
+
+		false
+	end
+
+	#
+	# Enumerates each entry in the routing table.
+	#
+	def each(&block)
+		_init
+
+		routes.each(&block)
+	end
+
+	#
+	# Finds the best possible comm for the supplied target address.
+	#
+	def best_comm(addr)
+
+		addr_nbo = Socket.resolv_nbo_i(addr)
+		comm     = nil
+		msb      = 0
+
+		each { |route|
+			if ((route.subnet_nbo & route.netmask_nbo) ==
+			    (addr_nbo & route.netmask_nbo))
+				if (route.bitmask >= msb)
+					comm = route.comm
+					msb  = route.bitmask
+				end		
+			end
+		}
+
+		comm
+	end
+
+	#
+	# Remove all routes that go through the supplied comm.
+	#
+	def remove_by_comm(comm)
+		_init
+		mutex.synchronize {
+			routes.delete_if { |route|
+				route.comm == comm
+			}
+		}
+	end
+
+	#
+	# The routes array.
+	#
+	attr_reader :routes
+	#
+	# The mutex protecting the routes array.
+	#
+	attr_reader :mutex
+
+protected
+
+	attr_writer :routes, :mutex # :nodoc:
+
+	#
+	# Initializes the underlying stuff.
+	#
+	def _init
+		if (@_initialized != true)
+			@_initialized = true
+			self.routes   = Array.new
+			self.mutex    = Mutex.new
+		end
+	end
+
+end
+
+end
+end