librex 0.0.12 → 0.0.13

data/README.markdown

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 
 Currently based on:
-SVN Revision: 11938
+SVN Revision: 12182
 
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/Rakefile

@@ -17,7 +17,7 @@ task :update do
 	system "git rm lib/rex.rb"
 	system "git rm lib/rex.rb.ts.rb"
 	system "git rm -rf lib/rex/"
-	system "git commit -a -m \"Removed old code.\""
+#	system "git commit -a -m \"Removed old code.\""
 	system "mkdir lib"
 	
 	puts "[*] Checking out Metasploit trunk"

data/lib/rex/io/stream.rb

@@ -95,7 +95,7 @@ module Stream
 				false
 			end
 		rescue ::Errno::EBADF, ::Errno::ENOTSOCK
-			return ::EOFError
+			raise ::EOFError
 		rescue StreamClosedError, ::IOError, ::EOFError, ::Errno::EPIPE
 			# If the thing that lead to the closure was an abortive close, then
 			# don't raise the stream closed error.

data/lib/rex/parser/nmap_xml.rb

@@ -84,9 +84,12 @@ class NmapXMLStreamParser
 			# <state> refers to the state of a port; values are "open", "closed", or "filtered"
 			@host["ports"].last["state"] = attributes["state"]
 		when "service"
-			# Store any service info with the associated port.  There shouldn't
+			# Store any service and script info with the associated port.  There shouldn't
 			# be any collisions on attribute names here, so just merge them.
 			@host["ports"].last.merge!(attributes)
+		when "script"
+			@host["ports"].last["scripts"] ||= {}
+			@host["ports"].last["scripts"][attributes["id"]] = attributes["output"]
 		when "trace"
 			@host["trace"] = {"port" => attributes["port"], "proto" => attributes["proto"], "hops" => [] }
 		when "hop"

data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb

@@ -0,0 +1,6 @@
+$:.unshift(File.join(File.dirname(__FILE__)))
+require 'railgun/api_constants.rb.ut'
+require 'railgun/buffer_item.rb.ut'
+require 'railgun/dll_function.rb.ut'
+require 'railgun/dll_helper.rb.ut'
+require 'railgun/win_const_manager.rb.ut'

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb

@@ -0,0 +1,31 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..','..','..','..','..', 'lib'))
+
+require 'rex/post/meterpreter/extensions/stdapi/railgun/api_constants'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager'
+require 'rex/text'
+require 'test/unit'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+class ApiConstants::UnitTest < Test::Unit::TestCase
+	def test_add_constants
+		const_manager = WinConstManager.new
+
+		ApiConstants.add_constants(const_manager)
+
+		assert_equal(0, const_manager.parse('SUCCESS'),
+			"ApiConstants.add_constants should have added WinAPI constants to given constant manager")
+	end
+end
+end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb

@@ -0,0 +1,47 @@
+# Copyright (c) 2010, patrickHVE@googlemail.com
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * The names of the author may not be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL patrickHVE@googlemail.com BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+
+#
+#
+#
+class BufferItem
+	
+	attr_reader :belongs_to_param_n, :addr, :length_in_bytes, :datatype
+
+	def initialize(belongs_to_param_n, addr, length_in_bytes, datatype)
+		@belongs_to_param_n = belongs_to_param_n
+		@addr = addr
+		@length_in_bytes = length_in_bytes
+		@datatype = datatype
+	end
+end
+
+end; end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb

@@ -0,0 +1,36 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..','..','..','..','..', 'lib')) 
+
+require 'rex/post/meterpreter/extensions/stdapi/railgun/buffer_item'
+require 'test/unit'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+class BufferItem::UnitTest < Test::Unit::TestCase
+
+	def test_initialization
+		target_belongs_to_param_n = 1
+		target_addr = 232323
+		target_length_in_bytes = 4
+		target_datatype = "DWORD"
+	
+		item = BufferItem.new(target_belongs_to_param_n, target_addr, 
+					target_length_in_bytes, target_datatype)
+
+		assert_equal(target_belongs_to_param_n, item.belongs_to_param_n)
+		assert_equal(target_addr, item.addr)
+		assert_equal(target_length_in_bytes, item.length_in_bytes)
+		assert_equal(target_datatype, item.datatype)
+	end
+end
+end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/{model.rb → dll.rb}

@@ -22,8 +22,9 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-require 'pp'
-require 'enumerator'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/dll_helper'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/dll_function'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/buffer_item'
 
 module Rex
 module Post
@@ -32,229 +33,6 @@ module Extensions
 module Stdapi
 module Railgun
 
-#
-# Manages our library of windows constants
-#
-class WinConstManager
-
-	def initialize()
-		@consts = {}
-	end
-
-	def add_const(name, value)
-		@consts[name] = value
-	end
-
-	# parses a string constaining constants and returns an integer
-	# the string can be either "CONST" or "CONST1 | CONST2"
-	#
-	# this function will NOT throw an exception but return "nil" if it can't parse a string
-	def parse(s)
-		if s.class != String
-			return nil # it's not even a string'
-		end
-		return_value = 0
-		for one_const in s.split('|')
-			one_const = one_const.strip()
-			if not @consts.has_key? one_const
-				return nil # at least one "Constant" is unknown to us
-			end
-			return_value |= @consts[one_const]
-		end
-		return return_value
-	end
-
-	def is_parseable(s)
-		return parse(s) != nil
-	end
-end
-
-#
-# represents one function, e.g. MessageBoxW
-#
-class DLLFunction
-	attr_reader :return_type,  :params, :windows_name
-	
-	def initialize(return_type, params, windows_name)
-		check_return_type(return_type) # we do error checking as early as possible so the library is easier to use
-		check_params(params)
-		@return_type = return_type
-		@params = params
-		@windows_name = windows_name
-	end
-
-	@@directions = ["in", "out", "inout", "return"]
-	
-	@@allowed_datatypes = {
-		"VOID"   => ["return"],
-		"BOOL"   => ["in", "return"],
-		"DWORD"  => ["in", "return"],
-		"WORD"   => ["in", "return"],
-		"BYTE"   => ["in", "return"],
-		"LPVOID" => ["in", "return"], # sf: for specifying a memory address (e.g. VirtualAlloc/HeapAlloc/...) where we dont want ot back it up with actuall mem ala PBLOB
-		"HANDLE" => ["in", "return"],
-		"PDWORD" => ["in", "out", "inout"], # todo: support for functions that return pointers to strings
-		"PWCHAR" => ["in", "out", "inout"],
-		"PCHAR"  => ["in", "out", "inout"],
-		"PBLOB"  => ["in", "out", "inout"],
-	}
-	
-	private
-	
-	def check_type_exists (type)
-		if not @@allowed_datatypes.has_key?(type)
-			raise "Type unknown: #{type}. Allowed types: #{PP.pp(@@allowed_datatypes.keys, "")}"
-		end
-	end
-
-	def check_return_type (type)
-		check_type_exists(type)
-		if not @@allowed_datatypes[type].include?("return")
-			raise "#{type} is not allowed as a return type"
-		end
-	end
-
-	def check_params (params)
-		params.each do |param|
-			throw "each param must be descriped by a three-tuple [type,name,direction]" unless param.length == 3
-			type = param[0]
-			direction = param[2]
-			check_type_exists(type)
-			throw "invalid direction: #{direction}" unless @@directions.include?(direction)
-			throw "direction 'return' is only for the return value of the function." unless direction != "return"
-		end
-	end
-	
-end
-
-#
-#
-#
-class BufferItem
-	
-	attr_reader :belongs_to_param_n, :addr, :length_in_bytes, :datatype
-
-	def initialize(belongs_to_param_n, addr, length_in_bytes, datatype)
-		@belongs_to_param_n = belongs_to_param_n
-		@addr = addr
-		@length_in_bytes = length_in_bytes
-		@datatype = datatype
-	end
-end
-
-#
-# shared functions
-#
-module DLLHelper
-
-	# converts ruby string to zero-terminated ASCII string
-	def str_to_ascii_z(str)
-		return str+"\x00"
-	end
-
-	# converts 0-terminated ASCII string to ruby string
-	def asciiz_to_str(asciiz)
-		zero_byte_idx = asciiz.index("\x00")
-		if zero_byte_idx != nil
-			return asciiz[0, zero_byte_idx]
-		else
-			return asciiz
-		end
-	end
-
-	# converts ruby string to zero-terminated WCHAR string
-	def str_to_uni_z(str)
-		enc = str.unpack("C*").pack("v*")
-		enc += "\x00\x00"
-		return enc
-	end
-
-	# converts 0-terminated UTF16 to ruby string
-	def uniz_to_str(uniz)
-		uniz.unpack("v*").pack("C*").unpack("A*")[0]
-	end
-
-	# parses a number param and returns the value
-	# raises an exception if the param cannot be converted to a number
-	# examples:
-	#   nil => 0
-	#   3 => 3
-	#   "MB_OK" => 0
-	#   "SOME_CONSTANT | OTHER_CONSTANT" => 17
-	#   "tuna" => !!!!!!!!!!Exception
-	def param_to_number(v)
-		if v.class == NilClass then
-			return 0
-		elsif v.class == Fixnum then
-			return v # ok, it's already a number
-		elsif v.class == Bignum then
-			return v # ok, it's already a number
-		elsif v.class == String then
-			dw = @win_consts.parse(v) # might raise an exception
-			if dw != nil
-				return dw
-			else
-				raise "Param #{v} (class #{v.class}) cannot be converted to a number. It's a string but matches no constants I know."
-			end
-		else
-			raise "Param #{v} (class #{v.class}) should be a number but isn't"
-		end
-	end
-
-	# assembles the buffers "in" and "inout"
-	def assemble_buffer(direction, function, args)
-		layout = {} # paramName => BufferItem
-		blob = ""
-		#puts " building buffer: #{direction}"
-		function.params.each_with_index do |param_desc, param_idx|
-			#puts "  processing #{param_desc[0]} #{param_desc[1]} #{param_desc[2]}"
-			# we care only about inout buffers
-			if param_desc[2] == direction
-				buffer = nil
-				# Special case:
-				# The user can choose to supply a Null pointer instead of a buffer
-				# in this case we don't need space in any heap buffer
-				if param_desc[0][0,1] == 'P' # type is a pointer
-					if args[param_idx] == nil
-						next
-					end
-				end
-
-				case param_desc[0] # required argument type
-					when "PDWORD"
-						dw = param_to_number(args[param_idx])
-						buffer = [dw].pack('V')
-					when "PWCHAR"
-						raise "param #{param_desc[1]}: string expected" unless args[param_idx].class == String
-						buffer = str_to_uni_z(args[param_idx])
-					when "PCHAR"
-						raise "param #{param_desc[1]}: string expected" unless args[param_idx].class == String
-						buffer = str_to_ascii_z(args[param_idx])
-					when "PBLOB"
-						raise "param #{param_desc[1]}: please supply your BLOB as string!" unless args[param_idx].class == String
-						buffer = args[param_idx]
-					# other types (non-pointers) don't reference buffers
-					# and don't need any treatment here
-				end
-
-				if buffer != nil
-					#puts "   adding #{buffer.length} bytes to heap blob"
-					layout[param_desc[1]] = BufferItem.new(param_idx, blob.length, buffer.length, param_desc[0])
-					blob += buffer
-					# sf: force 8 byte alignment to satisfy x64, wont matter on x86.
-					while( blob.length % 8 != 0 )
-						blob += "\x00" 
-					end
-					#puts "   heap blob size now #{blob.length}"
-				end
-			end
-		end
-		#puts "  built buffer: #{direction}"
-		return [layout, blob]
-	end
-	
-end
-
 #
 # represents a DLL, e.g. kernel32.dll
 #
@@ -537,4 +315,4 @@ class DLL
 	end
 end
 
-end; end; end; end; end; end
+end; end; end; end; end; end;

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb

@@ -0,0 +1,100 @@
+# Copyright (c) 2010, patrickHVE@googlemail.com
+# All rights reserved.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#     * Redistributions of source code must retain the above copyright
+#       notice, this list of conditions and the following disclaimer.
+#     * Redistributions in binary form must reproduce the above copyright
+#       notice, this list of conditions and the following disclaimer in the
+#       documentation and/or other materials provided with the distribution.
+#     * The names of the author may not be used to endorse or promote products
+#       derived from this software without specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
+# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL patrickHVE@googlemail.com BE LIABLE FOR ANY
+# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+# ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+
+#
+# represents one function, e.g. MessageBoxW
+#
+class DLLFunction
+	@@allowed_datatypes = {
+		"VOID"   => ["return"],
+		"BOOL"   => ["in", "return"],
+		"DWORD"  => ["in", "return"],
+		"WORD"   => ["in", "return"],
+		"BYTE"   => ["in", "return"],
+		"LPVOID" => ["in", "return"], # sf: for specifying a memory address (e.g. VirtualAlloc/HeapAlloc/...) where we dont want ot back it up with actuall mem ala PBLOB
+		"HANDLE" => ["in", "return"],
+		"PDWORD" => ["in", "out", "inout"], # todo: support for functions that return pointers to strings
+		"PWCHAR" => ["in", "out", "inout"],
+		"PCHAR"  => ["in", "out", "inout"],
+		"PBLOB"  => ["in", "out", "inout"],
+	}.freeze
+
+	@@directions = ["in", "out", "inout", "return"].freeze
+
+	attr_reader :return_type,  :params, :windows_name
+	
+	def initialize(return_type, params, windows_name)
+		check_return_type(return_type) # we do error checking as early as possible so the library is easier to use
+		check_params(params)
+		@return_type = return_type
+		@params = params
+		@windows_name = windows_name
+	end
+	
+	private
+	
+	def check_type_exists (type)
+		if not @@allowed_datatypes.has_key?(type)
+			raise ArgumentError, "Type unknown: #{type}. Allowed types: #{PP.pp(@@allowed_datatypes.keys, "")}"
+		end
+	end
+
+	def check_return_type (type)
+		check_type_exists(type)
+		if not @@allowed_datatypes[type].include?("return")
+			raise ArgumentError, "#{type} is not allowed as a return type"
+		end
+	end
+
+	def check_params (params)
+		params.each do |param|
+			raise ArgumentError, "each param must be descriped by a three-tuple [type,name,direction]" unless param.length == 3
+			type = param[0]
+			direction = param[2]
+
+			# Assert a valid type
+			check_type_exists(type)
+
+			# Only our set of predefined directions are valid
+			unless @@directions.include?(direction)
+				raise ArgumentError, "invalid direction: #{direction}" 
+			end
+
+			# 'return' is not a valid direction in this context
+			unless direction != "return"
+				raise "direction 'return' is only for the return value of the function." 
+			end
+		end
+	end
+	
+end
+
+end; end; end; end; end; end