librex 0.0.13 → 0.0.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (435) hide show
  1. data/README.markdown +1 -1
  2. data/Rakefile +1 -0
  3. metadata +3 -435
  4. data/lib/rex/LICENSE +0 -29
  5. data/lib/rex/arch.rb +0 -103
  6. data/lib/rex/arch/sparc.rb +0 -75
  7. data/lib/rex/arch/sparc.rb.ut.rb +0 -18
  8. data/lib/rex/arch/x86.rb +0 -513
  9. data/lib/rex/arch/x86.rb.ut.rb +0 -93
  10. data/lib/rex/assembly/nasm.rb +0 -104
  11. data/lib/rex/assembly/nasm.rb.ut.rb +0 -22
  12. data/lib/rex/codepage.map +0 -104
  13. data/lib/rex/compat.rb +0 -311
  14. data/lib/rex/constants.rb +0 -113
  15. data/lib/rex/elfparsey.rb +0 -11
  16. data/lib/rex/elfparsey/elf.rb +0 -123
  17. data/lib/rex/elfparsey/elfbase.rb +0 -258
  18. data/lib/rex/elfparsey/exceptions.rb +0 -27
  19. data/lib/rex/elfscan.rb +0 -12
  20. data/lib/rex/elfscan/scanner.rb +0 -207
  21. data/lib/rex/elfscan/search.rb +0 -46
  22. data/lib/rex/encoder/alpha2.rb +0 -31
  23. data/lib/rex/encoder/alpha2/alpha_mixed.rb +0 -68
  24. data/lib/rex/encoder/alpha2/alpha_upper.rb +0 -79
  25. data/lib/rex/encoder/alpha2/generic.rb +0 -114
  26. data/lib/rex/encoder/alpha2/unicode_mixed.rb +0 -117
  27. data/lib/rex/encoder/alpha2/unicode_upper.rb +0 -129
  28. data/lib/rex/encoder/ndr.rb +0 -89
  29. data/lib/rex/encoder/ndr.rb.ut.rb +0 -44
  30. data/lib/rex/encoder/nonalpha.rb +0 -61
  31. data/lib/rex/encoder/nonupper.rb +0 -64
  32. data/lib/rex/encoder/xdr.rb +0 -106
  33. data/lib/rex/encoder/xdr.rb.ut.rb +0 -29
  34. data/lib/rex/encoder/xor.rb +0 -69
  35. data/lib/rex/encoder/xor/dword.rb +0 -13
  36. data/lib/rex/encoder/xor/dword_additive.rb +0 -13
  37. data/lib/rex/encoders/xor_dword.rb +0 -35
  38. data/lib/rex/encoders/xor_dword_additive.rb +0 -53
  39. data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -12
  40. data/lib/rex/encoding/xor.rb +0 -20
  41. data/lib/rex/encoding/xor.rb.ts.rb +0 -14
  42. data/lib/rex/encoding/xor/byte.rb +0 -15
  43. data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -21
  44. data/lib/rex/encoding/xor/dword.rb +0 -21
  45. data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -15
  46. data/lib/rex/encoding/xor/dword_additive.rb +0 -92
  47. data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -15
  48. data/lib/rex/encoding/xor/exceptions.rb +0 -17
  49. data/lib/rex/encoding/xor/generic.rb +0 -146
  50. data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -120
  51. data/lib/rex/encoding/xor/qword.rb +0 -15
  52. data/lib/rex/encoding/xor/word.rb +0 -21
  53. data/lib/rex/encoding/xor/word.rb.ut.rb +0 -13
  54. data/lib/rex/exceptions.rb +0 -275
  55. data/lib/rex/exceptions.rb.ut.rb +0 -44
  56. data/lib/rex/exploitation/cmdstager.rb +0 -9
  57. data/lib/rex/exploitation/cmdstager/base.rb +0 -175
  58. data/lib/rex/exploitation/cmdstager/debug_asm.rb +0 -142
  59. data/lib/rex/exploitation/cmdstager/debug_write.rb +0 -136
  60. data/lib/rex/exploitation/cmdstager/tftp.rb +0 -63
  61. data/lib/rex/exploitation/cmdstager/vbs.rb +0 -128
  62. data/lib/rex/exploitation/egghunter.rb +0 -277
  63. data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -25
  64. data/lib/rex/exploitation/encryptjs.rb +0 -77
  65. data/lib/rex/exploitation/heaplib.js.b64 +0 -331
  66. data/lib/rex/exploitation/heaplib.rb +0 -94
  67. data/lib/rex/exploitation/javascriptosdetect.rb +0 -897
  68. data/lib/rex/exploitation/obfuscatejs.rb +0 -335
  69. data/lib/rex/exploitation/omelet.rb +0 -320
  70. data/lib/rex/exploitation/omelet.rb.ut.rb +0 -13
  71. data/lib/rex/exploitation/opcodedb.rb +0 -818
  72. data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -279
  73. data/lib/rex/exploitation/seh.rb +0 -92
  74. data/lib/rex/exploitation/seh.rb.ut.rb +0 -19
  75. data/lib/rex/file.rb +0 -112
  76. data/lib/rex/file.rb.ut.rb +0 -16
  77. data/lib/rex/image_source.rb +0 -12
  78. data/lib/rex/image_source/disk.rb +0 -60
  79. data/lib/rex/image_source/image_source.rb +0 -46
  80. data/lib/rex/image_source/memory.rb +0 -37
  81. data/lib/rex/io/bidirectional_pipe.rb +0 -157
  82. data/lib/rex/io/datagram_abstraction.rb +0 -35
  83. data/lib/rex/io/stream.rb +0 -319
  84. data/lib/rex/io/stream_abstraction.rb +0 -197
  85. data/lib/rex/io/stream_server.rb +0 -211
  86. data/lib/rex/job_container.rb +0 -187
  87. data/lib/rex/logging.rb +0 -4
  88. data/lib/rex/logging/log_dispatcher.rb +0 -179
  89. data/lib/rex/logging/log_sink.rb +0 -42
  90. data/lib/rex/logging/sinks/flatfile.rb +0 -55
  91. data/lib/rex/logging/sinks/stderr.rb +0 -43
  92. data/lib/rex/machparsey.rb +0 -9
  93. data/lib/rex/machparsey/exceptions.rb +0 -34
  94. data/lib/rex/machparsey/mach.rb +0 -209
  95. data/lib/rex/machparsey/machbase.rb +0 -408
  96. data/lib/rex/machscan.rb +0 -9
  97. data/lib/rex/machscan/scanner.rb +0 -217
  98. data/lib/rex/mime.rb +0 -9
  99. data/lib/rex/mime/header.rb +0 -77
  100. data/lib/rex/mime/message.rb +0 -144
  101. data/lib/rex/mime/part.rb +0 -20
  102. data/lib/rex/nop/opty2.rb +0 -108
  103. data/lib/rex/nop/opty2.rb.ut.rb +0 -23
  104. data/lib/rex/nop/opty2_tables.rb +0 -300
  105. data/lib/rex/ole.rb +0 -205
  106. data/lib/rex/ole/clsid.rb +0 -47
  107. data/lib/rex/ole/difat.rb +0 -141
  108. data/lib/rex/ole/directory.rb +0 -231
  109. data/lib/rex/ole/direntry.rb +0 -240
  110. data/lib/rex/ole/docs/dependencies.txt +0 -8
  111. data/lib/rex/ole/docs/references.txt +0 -1
  112. data/lib/rex/ole/fat.rb +0 -99
  113. data/lib/rex/ole/header.rb +0 -204
  114. data/lib/rex/ole/minifat.rb +0 -77
  115. data/lib/rex/ole/propset.rb +0 -144
  116. data/lib/rex/ole/samples/create_ole.rb +0 -27
  117. data/lib/rex/ole/samples/dir.rb +0 -35
  118. data/lib/rex/ole/samples/dump_stream.rb +0 -34
  119. data/lib/rex/ole/samples/ole_info.rb +0 -23
  120. data/lib/rex/ole/storage.rb +0 -395
  121. data/lib/rex/ole/stream.rb +0 -53
  122. data/lib/rex/ole/substorage.rb +0 -49
  123. data/lib/rex/ole/util.rb +0 -157
  124. data/lib/rex/parser/arguments.rb +0 -97
  125. data/lib/rex/parser/arguments.rb.ut.rb +0 -67
  126. data/lib/rex/parser/ini.rb +0 -185
  127. data/lib/rex/parser/ini.rb.ut.rb +0 -29
  128. data/lib/rex/parser/ip360_aspl_xml.rb +0 -102
  129. data/lib/rex/parser/ip360_xml.rb +0 -93
  130. data/lib/rex/parser/nessus_xml.rb +0 -118
  131. data/lib/rex/parser/netsparker_xml.rb +0 -94
  132. data/lib/rex/parser/nexpose_xml.rb +0 -131
  133. data/lib/rex/parser/nmap_xml.rb +0 -121
  134. data/lib/rex/parser/retina_xml.rb +0 -109
  135. data/lib/rex/payloads.rb +0 -1
  136. data/lib/rex/payloads/win32.rb +0 -2
  137. data/lib/rex/payloads/win32/common.rb +0 -26
  138. data/lib/rex/payloads/win32/kernel.rb +0 -53
  139. data/lib/rex/payloads/win32/kernel/common.rb +0 -54
  140. data/lib/rex/payloads/win32/kernel/migration.rb +0 -12
  141. data/lib/rex/payloads/win32/kernel/recovery.rb +0 -50
  142. data/lib/rex/payloads/win32/kernel/stager.rb +0 -194
  143. data/lib/rex/peparsey.rb +0 -12
  144. data/lib/rex/peparsey/exceptions.rb +0 -32
  145. data/lib/rex/peparsey/pe.rb +0 -212
  146. data/lib/rex/peparsey/pe_memdump.rb +0 -63
  147. data/lib/rex/peparsey/pebase.rb +0 -1680
  148. data/lib/rex/peparsey/section.rb +0 -136
  149. data/lib/rex/pescan.rb +0 -13
  150. data/lib/rex/pescan/analyze.rb +0 -309
  151. data/lib/rex/pescan/scanner.rb +0 -206
  152. data/lib/rex/pescan/search.rb +0 -56
  153. data/lib/rex/platforms.rb +0 -1
  154. data/lib/rex/platforms/windows.rb +0 -51
  155. data/lib/rex/poly.rb +0 -132
  156. data/lib/rex/poly/block.rb +0 -477
  157. data/lib/rex/poly/register.rb +0 -100
  158. data/lib/rex/poly/register/x86.rb +0 -40
  159. data/lib/rex/post.rb +0 -8
  160. data/lib/rex/post/dir.rb +0 -51
  161. data/lib/rex/post/file.rb +0 -172
  162. data/lib/rex/post/file_stat.rb +0 -220
  163. data/lib/rex/post/gen.pl +0 -13
  164. data/lib/rex/post/io.rb +0 -182
  165. data/lib/rex/post/meterpreter.rb +0 -4
  166. data/lib/rex/post/meterpreter/channel.rb +0 -445
  167. data/lib/rex/post/meterpreter/channel_container.rb +0 -54
  168. data/lib/rex/post/meterpreter/channels/pool.rb +0 -160
  169. data/lib/rex/post/meterpreter/channels/pools/file.rb +0 -62
  170. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +0 -103
  171. data/lib/rex/post/meterpreter/channels/stream.rb +0 -87
  172. data/lib/rex/post/meterpreter/client.rb +0 -364
  173. data/lib/rex/post/meterpreter/client_core.rb +0 -274
  174. data/lib/rex/post/meterpreter/dependencies.rb +0 -3
  175. data/lib/rex/post/meterpreter/extension.rb +0 -32
  176. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +0 -58
  177. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +0 -16
  178. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +0 -94
  179. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +0 -21
  180. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +0 -57
  181. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +0 -15
  182. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +0 -118
  183. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +0 -61
  184. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +0 -111
  185. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +0 -28
  186. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +0 -101
  187. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +0 -26
  188. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +0 -333
  189. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +0 -282
  190. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +0 -266
  191. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +0 -103
  192. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +0 -48
  193. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +0 -144
  194. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +0 -73
  195. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +0 -56
  196. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +0 -137
  197. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +0 -180
  198. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +0 -167
  199. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +0 -208
  200. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -6
  201. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +0 -38106
  202. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -31
  203. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +0 -47
  204. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -36
  205. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +0 -1818
  206. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +0 -96
  207. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +0 -3848
  208. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +0 -26
  209. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +0 -153
  210. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +0 -21
  211. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +0 -3169
  212. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +0 -599
  213. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +0 -318
  214. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +0 -100
  215. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -42
  216. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +0 -148
  217. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -127
  218. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +0 -309
  219. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +0 -204
  220. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +0 -51
  221. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +0 -630
  222. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +0 -75
  223. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -103
  224. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +0 -149
  225. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +0 -97
  226. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +0 -192
  227. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +0 -41
  228. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +0 -61
  229. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +0 -370
  230. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +0 -129
  231. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +0 -55
  232. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +0 -336
  233. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +0 -141
  234. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +0 -279
  235. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +0 -193
  236. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +0 -102
  237. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +0 -180
  238. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +0 -211
  239. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +0 -227
  240. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +0 -63
  241. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +0 -30
  242. data/lib/rex/post/meterpreter/object_aliases.rb +0 -83
  243. data/lib/rex/post/meterpreter/packet.rb +0 -688
  244. data/lib/rex/post/meterpreter/packet_dispatcher.rb +0 -431
  245. data/lib/rex/post/meterpreter/packet_parser.rb +0 -94
  246. data/lib/rex/post/meterpreter/packet_response_waiter.rb +0 -83
  247. data/lib/rex/post/meterpreter/ui/console.rb +0 -137
  248. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +0 -62
  249. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +0 -730
  250. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +0 -108
  251. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +0 -241
  252. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +0 -231
  253. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +0 -61
  254. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +0 -98
  255. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +0 -51
  256. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +0 -132
  257. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +0 -187
  258. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +0 -65
  259. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +0 -442
  260. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +0 -298
  261. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +0 -486
  262. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +0 -315
  263. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +0 -157
  264. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +0 -95
  265. data/lib/rex/post/permission.rb +0 -26
  266. data/lib/rex/post/process.rb +0 -57
  267. data/lib/rex/post/thread.rb +0 -57
  268. data/lib/rex/post/ui.rb +0 -52
  269. data/lib/rex/proto.rb +0 -13
  270. data/lib/rex/proto.rb.ts.rb +0 -8
  271. data/lib/rex/proto/dcerpc.rb +0 -6
  272. data/lib/rex/proto/dcerpc.rb.ts.rb +0 -9
  273. data/lib/rex/proto/dcerpc/client.rb +0 -361
  274. data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -491
  275. data/lib/rex/proto/dcerpc/exceptions.rb +0 -150
  276. data/lib/rex/proto/dcerpc/handle.rb +0 -47
  277. data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -85
  278. data/lib/rex/proto/dcerpc/ndr.rb +0 -72
  279. data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -41
  280. data/lib/rex/proto/dcerpc/packet.rb +0 -253
  281. data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -56
  282. data/lib/rex/proto/dcerpc/response.rb +0 -187
  283. data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -15
  284. data/lib/rex/proto/dcerpc/uuid.rb +0 -84
  285. data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -46
  286. data/lib/rex/proto/dhcp.rb +0 -7
  287. data/lib/rex/proto/dhcp/constants.rb +0 -33
  288. data/lib/rex/proto/dhcp/server.rb +0 -292
  289. data/lib/rex/proto/drda.rb +0 -5
  290. data/lib/rex/proto/drda.rb.ts.rb +0 -17
  291. data/lib/rex/proto/drda/constants.rb +0 -49
  292. data/lib/rex/proto/drda/constants.rb.ut.rb +0 -23
  293. data/lib/rex/proto/drda/packet.rb +0 -252
  294. data/lib/rex/proto/drda/packet.rb.ut.rb +0 -109
  295. data/lib/rex/proto/drda/utils.rb +0 -123
  296. data/lib/rex/proto/drda/utils.rb.ut.rb +0 -84
  297. data/lib/rex/proto/http.rb +0 -5
  298. data/lib/rex/proto/http.rb.ts.rb +0 -12
  299. data/lib/rex/proto/http/client.rb +0 -821
  300. data/lib/rex/proto/http/client.rb.ut.rb +0 -95
  301. data/lib/rex/proto/http/handler.rb +0 -46
  302. data/lib/rex/proto/http/handler/erb.rb +0 -128
  303. data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -21
  304. data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
  305. data/lib/rex/proto/http/handler/proc.rb +0 -60
  306. data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -24
  307. data/lib/rex/proto/http/header.rb +0 -161
  308. data/lib/rex/proto/http/header.rb.ut.rb +0 -46
  309. data/lib/rex/proto/http/packet.rb +0 -407
  310. data/lib/rex/proto/http/packet.rb.ut.rb +0 -165
  311. data/lib/rex/proto/http/request.rb +0 -356
  312. data/lib/rex/proto/http/request.rb.ut.rb +0 -214
  313. data/lib/rex/proto/http/response.rb +0 -90
  314. data/lib/rex/proto/http/response.rb.ut.rb +0 -149
  315. data/lib/rex/proto/http/server.rb +0 -369
  316. data/lib/rex/proto/http/server.rb.ut.rb +0 -79
  317. data/lib/rex/proto/ntlm.rb +0 -7
  318. data/lib/rex/proto/ntlm.rb.ut.rb +0 -177
  319. data/lib/rex/proto/ntlm/base.rb +0 -326
  320. data/lib/rex/proto/ntlm/constants.rb +0 -74
  321. data/lib/rex/proto/ntlm/crypt.rb +0 -415
  322. data/lib/rex/proto/ntlm/exceptions.rb +0 -9
  323. data/lib/rex/proto/ntlm/message.rb +0 -533
  324. data/lib/rex/proto/ntlm/utils.rb +0 -763
  325. data/lib/rex/proto/proxy/socks4a.rb +0 -440
  326. data/lib/rex/proto/rfb.rb +0 -19
  327. data/lib/rex/proto/rfb.rb.ut.rb +0 -37
  328. data/lib/rex/proto/rfb/cipher.rb +0 -84
  329. data/lib/rex/proto/rfb/client.rb +0 -207
  330. data/lib/rex/proto/rfb/constants.rb +0 -52
  331. data/lib/rex/proto/smb.rb +0 -7
  332. data/lib/rex/proto/smb.rb.ts.rb +0 -8
  333. data/lib/rex/proto/smb/client.rb +0 -1952
  334. data/lib/rex/proto/smb/client.rb.ut.rb +0 -223
  335. data/lib/rex/proto/smb/constants.rb +0 -1047
  336. data/lib/rex/proto/smb/constants.rb.ut.rb +0 -18
  337. data/lib/rex/proto/smb/crypt.rb +0 -36
  338. data/lib/rex/proto/smb/evasions.rb +0 -66
  339. data/lib/rex/proto/smb/exceptions.rb +0 -858
  340. data/lib/rex/proto/smb/simpleclient.rb +0 -306
  341. data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -128
  342. data/lib/rex/proto/smb/utils.rb +0 -103
  343. data/lib/rex/proto/smb/utils.rb.ut.rb +0 -20
  344. data/lib/rex/proto/sunrpc.rb +0 -1
  345. data/lib/rex/proto/sunrpc/client.rb +0 -195
  346. data/lib/rex/proto/tftp.rb +0 -12
  347. data/lib/rex/proto/tftp/constants.rb +0 -39
  348. data/lib/rex/proto/tftp/server.rb +0 -497
  349. data/lib/rex/proto/tftp/server.rb.ut.rb +0 -28
  350. data/lib/rex/script.rb +0 -42
  351. data/lib/rex/script/base.rb +0 -59
  352. data/lib/rex/script/meterpreter.rb +0 -15
  353. data/lib/rex/script/shell.rb +0 -9
  354. data/lib/rex/service.rb +0 -48
  355. data/lib/rex/service_manager.rb +0 -141
  356. data/lib/rex/service_manager.rb.ut.rb +0 -32
  357. data/lib/rex/services/local_relay.rb +0 -423
  358. data/lib/rex/socket.rb +0 -684
  359. data/lib/rex/socket.rb.ut.rb +0 -107
  360. data/lib/rex/socket/comm.rb +0 -119
  361. data/lib/rex/socket/comm/local.rb +0 -412
  362. data/lib/rex/socket/comm/local.rb.ut.rb +0 -75
  363. data/lib/rex/socket/ip.rb +0 -130
  364. data/lib/rex/socket/parameters.rb +0 -345
  365. data/lib/rex/socket/parameters.rb.ut.rb +0 -51
  366. data/lib/rex/socket/range_walker.rb +0 -346
  367. data/lib/rex/socket/range_walker.rb.ut.rb +0 -55
  368. data/lib/rex/socket/ssl_tcp.rb +0 -184
  369. data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -39
  370. data/lib/rex/socket/ssl_tcp_server.rb +0 -122
  371. data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -61
  372. data/lib/rex/socket/subnet_walker.rb +0 -75
  373. data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -28
  374. data/lib/rex/socket/switch_board.rb +0 -278
  375. data/lib/rex/socket/switch_board.rb.ut.rb +0 -52
  376. data/lib/rex/socket/tcp.rb +0 -76
  377. data/lib/rex/socket/tcp.rb.ut.rb +0 -64
  378. data/lib/rex/socket/tcp_server.rb +0 -67
  379. data/lib/rex/socket/tcp_server.rb.ut.rb +0 -44
  380. data/lib/rex/socket/udp.rb +0 -164
  381. data/lib/rex/socket/udp.rb.ut.rb +0 -44
  382. data/lib/rex/struct2.rb +0 -5
  383. data/lib/rex/struct2/c_struct.rb +0 -181
  384. data/lib/rex/struct2/c_struct_template.rb +0 -39
  385. data/lib/rex/struct2/constant.rb +0 -26
  386. data/lib/rex/struct2/element.rb +0 -44
  387. data/lib/rex/struct2/generic.rb +0 -73
  388. data/lib/rex/struct2/restraint.rb +0 -54
  389. data/lib/rex/struct2/s_string.rb +0 -72
  390. data/lib/rex/struct2/s_struct.rb +0 -111
  391. data/lib/rex/sync.rb +0 -6
  392. data/lib/rex/sync/event.rb +0 -94
  393. data/lib/rex/sync/read_write_lock.rb +0 -176
  394. data/lib/rex/sync/ref.rb +0 -57
  395. data/lib/rex/sync/thread_safe.rb +0 -82
  396. data/lib/rex/test.rb +0 -35
  397. data/lib/rex/text.rb +0 -1149
  398. data/lib/rex/text.rb.ut.rb +0 -190
  399. data/lib/rex/thread_factory.rb +0 -42
  400. data/lib/rex/time.rb +0 -65
  401. data/lib/rex/transformer.rb +0 -115
  402. data/lib/rex/transformer.rb.ut.rb +0 -38
  403. data/lib/rex/ui.rb +0 -21
  404. data/lib/rex/ui/interactive.rb +0 -254
  405. data/lib/rex/ui/output.rb +0 -78
  406. data/lib/rex/ui/output/none.rb +0 -18
  407. data/lib/rex/ui/progress_tracker.rb +0 -96
  408. data/lib/rex/ui/subscriber.rb +0 -149
  409. data/lib/rex/ui/text/color.rb +0 -97
  410. data/lib/rex/ui/text/color.rb.ut.rb +0 -18
  411. data/lib/rex/ui/text/dispatcher_shell.rb +0 -467
  412. data/lib/rex/ui/text/input.rb +0 -117
  413. data/lib/rex/ui/text/input/buffer.rb +0 -75
  414. data/lib/rex/ui/text/input/readline.rb +0 -129
  415. data/lib/rex/ui/text/input/socket.rb +0 -95
  416. data/lib/rex/ui/text/input/stdio.rb +0 -45
  417. data/lib/rex/ui/text/irb_shell.rb +0 -57
  418. data/lib/rex/ui/text/output.rb +0 -80
  419. data/lib/rex/ui/text/output/buffer.rb +0 -61
  420. data/lib/rex/ui/text/output/file.rb +0 -43
  421. data/lib/rex/ui/text/output/socket.rb +0 -43
  422. data/lib/rex/ui/text/output/stdio.rb +0 -40
  423. data/lib/rex/ui/text/progress_tracker.rb +0 -56
  424. data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -34
  425. data/lib/rex/ui/text/shell.rb +0 -328
  426. data/lib/rex/ui/text/table.rb +0 -279
  427. data/lib/rex/ui/text/table.rb.ut.rb +0 -55
  428. data/lib/rex/zip.rb +0 -93
  429. data/lib/rex/zip/archive.rb +0 -184
  430. data/lib/rex/zip/blocks.rb +0 -182
  431. data/lib/rex/zip/entry.rb +0 -104
  432. data/lib/rex/zip/samples/comment.rb +0 -32
  433. data/lib/rex/zip/samples/mkwar.rb +0 -138
  434. data/lib/rex/zip/samples/mkzip.rb +0 -19
  435. data/lib/rex/zip/samples/recursive.rb +0 -58
data/lib/rex/LICENSE DELETED
@@ -1,29 +0,0 @@
1
- The Metasploit Rex library is provided under the 3-clause BSD license.
2
-
3
- Copyright (c) 2005-2006, Rapid7 LLC
4
- All rights reserved.
5
-
6
- Redistribution and use in source and binary forms, with or without modification,
7
- are permitted provided that the following conditions are met:
8
-
9
- * Redistributions of source code must retain the above copyright notice, this
10
- list of conditions and the following disclaimer.
11
-
12
- * Redistributions in binary form must reproduce the above copyright notice,
13
- this list of conditions and the following disclaimer in the documentation
14
- and/or other materials provided with the distribution.
15
-
16
- * Neither the name of Rapid7 LLC nor the names of its contributors may be
17
- used to endorse or promote products derived from this software without
18
- specific prior written permission.
19
-
20
- THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
21
- ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
22
- WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
23
- DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR
24
- ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25
- (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26
- LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON
27
- ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28
- (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
29
- SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
data/lib/rex/arch.rb DELETED
@@ -1,103 +0,0 @@
1
- require 'rex/constants'
2
-
3
- module Rex
4
-
5
-
6
- ###
7
- #
8
- # This module provides generalized methods for performing operations that are
9
- # architecture specific. Furthermore, the modules contained within this
10
- # module provide features that are specific to a given architecture.
11
- #
12
- ###
13
- module Arch
14
-
15
- #
16
- # Architecture classes
17
- #
18
- require 'rex/arch/x86'
19
- require 'rex/arch/sparc'
20
-
21
- #
22
- # This routine adjusts the stack pointer for a given architecture.
23
- #
24
- def self.adjust_stack_pointer(arch, adjustment)
25
-
26
- if ( arch.is_a?(::Array))
27
- arch = arch[0]
28
- end
29
-
30
- case arch
31
- when /x86/
32
- Rex::Arch::X86.adjust_reg(Rex::Arch::X86::ESP, adjustment)
33
- else
34
- nil
35
- end
36
- end
37
-
38
- #
39
- # This route provides address packing for the specified arch
40
- #
41
- def self.pack_addr(arch, addr)
42
-
43
- if ( arch.is_a?(::Array))
44
- arch = arch[0]
45
- end
46
-
47
- case arch
48
- when ARCH_X86
49
- [addr].pack('V')
50
- when ARCH_X86_64
51
- [addr].pack('Q')
52
- when ARCH_MIPS # ambiguous
53
- [addr].pack('N')
54
- when ARCH_MIPSBE
55
- [addr].pack('N')
56
- when ARCH_MIPSLE
57
- [addr].pack('V')
58
- when ARCH_PPC # ambiguous
59
- [addr].pack('N')
60
- when ARCH_SPARC
61
- [addr].pack('N')
62
- when ARCH_ARMLE
63
- [addr].pack('V')
64
- when ARCH_ARMBE
65
- [addr].pack('N')
66
- end
67
- end
68
-
69
- #
70
- # This routine reports the endianess of a given architecture
71
- #
72
- def self.endian(arch)
73
-
74
- if ( arch.is_a?(::Array))
75
- arch = arch[0]
76
- end
77
-
78
- case arch
79
- when ARCH_X86
80
- return ENDIAN_LITTLE
81
- when ARCH_X86_64
82
- return ENDIAN_LITTLE
83
- when ARCH_MIPS # ambiguous
84
- return ENDIAN_BIG
85
- when ARCH_MIPSLE
86
- return ENDIAN_LITTLE
87
- when ARCH_MIPSBE
88
- return ENDIAN_BIG
89
- when ARCH_PPC # ambiguous
90
- return ENDIAN_BIG
91
- when ARCH_SPARC
92
- return ENDIAN_BIG
93
- when ARCH_ARMLE
94
- return ENDIAN_LITTLE
95
- when ARCH_ARMBE
96
- return ENDIAN_BIG
97
- end
98
-
99
- return ENDIAN_LITTLE
100
- end
101
-
102
- end
103
- end
@@ -1,75 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- module Rex
4
- module Arch
5
-
6
- #
7
- # Everything here is mostly stolen from vlad's perl sparc stuff
8
- #
9
- module Sparc
10
-
11
- #
12
- # Register number constants
13
- #
14
- RegisterNumber =
15
- {
16
- 'g0' => 0, 'g1' => 1, 'g2' => 2, 'g3' => 3,
17
- 'g4' => 4, 'g5' => 5, 'g6' => 6, 'g7' => 7,
18
- 'o0' => 8, 'o1' => 9, 'o2' => 10, 'o3' => 11,
19
- 'o4' => 12, 'o5' => 13, 'o6' => 14, 'o7' => 15,
20
- 'l0' => 16, 'l1' => 17, 'l2' => 18, 'l3' => 19,
21
- 'l4' => 20, 'l5' => 21, 'l6' => 22, 'l7' => 23,
22
- 'i0' => 24, 'i1' => 25, 'i2' => 26, 'i3' => 27,
23
- 'i4' => 28, 'i5' => 29, 'i6' => 30, 'i7' => 31,
24
- 'sp' => 14, 'fp' => 30,
25
- } # :nodoc:
26
-
27
- #
28
- # Encodes a SETHI instruction with the value 'constant' being put into 'dst' register
29
- #
30
- def self.sethi(constant, dst)
31
- [
32
- (RegisterNumber[dst] << 25) |
33
- (4 << 22) |
34
- (constant >> 10)
35
- ].pack('N')
36
- end
37
-
38
- #
39
- # Encodes an OR instruction with the value 'constant' being OR'ed with the 'src' register into the 'dst' register
40
- #
41
- def self.ori(src, constant, dst)
42
- [
43
- (2 << 30) |
44
- (RegisterNumber[dst] << 25) |
45
- (2 << 19) |
46
- (RegisterNumber[src] << 14) |
47
- (1 << 13) |
48
- (constant & 0x1fff)
49
- ].pack('N')
50
- end
51
-
52
- #
53
- # Puts 'constant' into the 'dst' register using as few instructions as possible by checking the size of the value.
54
- # XXX: signedness support
55
- #
56
- def self.set(constant, dst)
57
- if (constant <= 4095 and constant >= 0)
58
- ori('g0', constant, dst)
59
- elsif (constant & 0x3ff != 0)
60
- set_dword(constant, dst)
61
- else
62
- sethi(constant, dst)
63
- end
64
- end
65
-
66
- #
67
- # Puts 'constant' into the 'dst' register using both sethi and ori (necessary to use both uncessarily in some cases with encoders)
68
- #
69
- def self.set_dword(constant, dst)
70
- sethi(constant, dst) + ori(dst, constant & 0x3ff, dst)
71
- end
72
-
73
- end
74
-
75
- end end
@@ -1,18 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- $:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
4
-
5
- require 'test/unit'
6
- require 'rex/text'
7
- require 'rex/arch/sparc'
8
-
9
- class Rex::Arch::Sparc::UnitTest < ::Test::Unit::TestCase
10
-
11
- Klass = Rex::Arch::Sparc
12
-
13
- def test_set
14
- assert_equal("\x88\x10\x20\x02", Klass.set(0x2, 'g4'))
15
- assert_equal("\x09\x00\x00\x08\x88\x11\x22\x22", Klass.set(0x2222, 'g4'))
16
- end
17
-
18
- end
data/lib/rex/arch/x86.rb DELETED
@@ -1,513 +0,0 @@
1
- #!/usr/bin/env ruby
2
-
3
- module Rex
4
- module Arch
5
-
6
- #
7
- # everything here is mostly stole from vlad's perl x86 stuff
8
- #
9
-
10
- module X86
11
-
12
- #
13
- # Register number constants
14
- #
15
- EAX = AL = AX = ES = 0
16
- ECX = CL = CX = CS = 1
17
- EDX = DL = DX = SS = 2
18
- EBX = BL = BX = DS = 3
19
- ESP = AH = SP = FS = 4
20
- EBP = CH = BP = GS = 5
21
- ESI = DH = SI = 6
22
- EDI = BH = DI = 7
23
-
24
- REG_NAMES32 = [ 'eax', 'ecx', 'edx', 'ebx',
25
- 'esp', 'ebp', 'esi', 'edi' ] # :nodoc:
26
-
27
- # Jump tp a specific register
28
- def self.jmp_reg(str)
29
- reg = reg_number(str)
30
- _check_reg(reg)
31
- "\xFF" + [224 + reg].pack('C')
32
- end
33
-
34
- # This method returns the opcodes that compose a jump instruction to the
35
- # supplied relative offset.
36
- def self.jmp(addr)
37
- "\xe9" + pack_dword(rel_number(addr))
38
- end
39
-
40
- #
41
- # This method adds/subs a packed long integer
42
- #
43
- def self.dword_adjust(dword, amount=0)
44
- pack_dword(dword.unpack('V')[0] + amount)
45
- end
46
-
47
- #
48
- # This method returns the opcodes that compose a tag-based search routine
49
- #
50
- def self.searcher(tag)
51
- "\xbe" + dword_adjust(tag,-1)+ # mov esi, Tag - 1
52
- "\x46" + # inc esi
53
- "\x47" + # inc edi (end_search:)
54
- "\x39\x37" + # cmp [edi],esi
55
- "\x75\xfb" + # jnz 0xa (end_search)
56
- "\x46" + # inc esi
57
- "\x4f" + # dec edi (start_search:)
58
- "\x39\x77\xfc" + # cmp [edi-0x4],esi
59
- "\x75\xfa" + # jnz 0x10 (start_search)
60
- jmp_reg('edi') # jmp edi
61
- end
62
-
63
- #
64
- # Generates a buffer that will copy memory immediately following the stub
65
- # that is generated to be copied to the stack
66
- #
67
- def self.copy_to_stack(len)
68
- # four byte align
69
- len = (len + 3) & ~0x3
70
-
71
- stub =
72
- "\xeb\x0f"+ # jmp _end
73
- push_dword(len)+ # push n
74
- "\x59"+ # pop ecx
75
- "\x5e"+ # pop esi
76
- "\x29\xcc"+ # sub esp, ecx
77
- "\x89\xe7"+ # mov edi, esp
78
- "\xf3\xa4"+ # rep movsb
79
- "\xff\xe4"+ # jmp esp
80
- "\xe8\xec\xff\xff\xff" # call _start
81
-
82
- stub
83
- end
84
-
85
- #
86
- # This method returns the opcodes that compose a short jump instruction to
87
- # the supplied relative offset.
88
- #
89
- def self.jmp_short(addr)
90
- "\xeb" + pack_lsb(rel_number(addr, -2))
91
- end
92
-
93
- #
94
- # This method returns the opcodes that compose a relative call instruction
95
- # to the address specified.
96
- #
97
- def self.call(addr)
98
- "\xe8" + pack_dword(rel_number(addr, -5))
99
- end
100
-
101
- #
102
- # This method returns a number offset to the supplied string.
103
- #
104
- def self.rel_number(num, delta = 0)
105
- s = num.to_s
106
-
107
- case s[0, 2]
108
- when '$+'
109
- num = s[2 .. -1].to_i
110
- when '$-'
111
- num = -1 * s[2 .. -1].to_i
112
- when '0x'
113
- num = s.hex
114
- else
115
- delta = 0
116
- end
117
-
118
- return num + delta
119
- end
120
-
121
- #
122
- # This method returns the number associated with a named register.
123
- #
124
- def self.reg_number(str)
125
- return self.const_get(str.upcase)
126
- end
127
-
128
- #
129
- # This method returns the register named associated with a given register
130
- # number.
131
- #
132
- def self.reg_name32(num)
133
- _check_reg(num)
134
- return REG_NAMES32[num].dup
135
- end
136
-
137
- #
138
- # This method generates the encoded effective value for a register.
139
- #
140
- def self.encode_effective(shift, dst)
141
- return (0xc0 | (shift << 3) | dst)
142
- end
143
-
144
- #
145
- # This method generates the mod r/m character for a source and destination
146
- # register.
147
- #
148
- def self.encode_modrm(dst, src)
149
- _check_reg(dst, src)
150
- return (0xc0 | src | dst << 3).chr
151
- end
152
-
153
- #
154
- # This method generates a push byte instruction.
155
- #
156
- def self.push_byte(byte)
157
- # push byte will sign extend...
158
- if byte < 128 && byte >= -128
159
- return "\x6a" + (byte & 0xff).chr
160
- end
161
- raise ::ArgumentError, "Can only take signed byte values!", caller()
162
- end
163
-
164
- #
165
- # This method generates a push word instruction.
166
- #
167
- def self.push_word(val)
168
- return "\x66\x68" + pack_word(val)
169
- end
170
-
171
- #
172
- # This method generates a push dword instruction.
173
- #
174
- def self.push_dword(val)
175
- return "\x68" + pack_dword(val)
176
- end
177
-
178
- #
179
- # This method generates a pop dword instruction into a register.
180
- #
181
- def self.pop_dword(dst)
182
- _check_reg(dst)
183
- return (0x58 | dst).chr
184
- end
185
-
186
- #
187
- # This method generates an instruction that clears the supplied register in
188
- # a manner that attempts to avoid bad characters, if supplied.
189
- #
190
- def self.clear(reg, badchars = '')
191
- _check_reg(reg)
192
- return set(reg, 0, badchars)
193
- end
194
-
195
- #
196
- # This method generates the opcodes that set the low byte of a given
197
- # register to the supplied value.
198
- #
199
- def self.mov_byte(reg, val)
200
- _check_reg(reg)
201
- # chr will raise RangeError if val not between 0 .. 255
202
- return (0xb0 | reg).chr + val.chr
203
- end
204
-
205
- #
206
- # This method generates the opcodes that set the low word of a given
207
- # register to the supplied value.
208
- #
209
- def self.mov_word(reg, val)
210
- _check_reg(reg)
211
- if val < 0 || val > 0xffff
212
- raise RangeError, "Can only take unsigned word values!", caller()
213
- end
214
- return "\x66" + (0xb8 | reg).chr + pack_word(val)
215
- end
216
-
217
- #
218
- # This method generates the opcodes that set the a register to the
219
- # supplied value.
220
- #
221
- def self.mov_dword(reg, val)
222
- _check_reg(reg)
223
- return (0xb8 | reg).chr + pack_dword(val)
224
- end
225
-
226
- #
227
- # This method is a general way of setting a register to a value. Depending
228
- # on the value supplied, different sets of instructions may be used.
229
- #
230
- # TODO: Make this moderatly intelligent so it chain instructions by itself
231
- # (ie. xor eax, eax + mov al, 4 + xchg ah, al)
232
- def self.set(dst, val, badchars = '')
233
- _check_reg(dst)
234
-
235
- # If the value is 0 try xor/sub dst, dst (2 bytes)
236
- if(val == 0)
237
- opcodes = Rex::Text.remove_badchars("\x29\x2b\x31\x33", badchars)
238
- if !opcodes.empty?
239
- return opcodes[rand(opcodes.length)].chr + encode_modrm(dst, dst)
240
- end
241
- # TODO: SHL/SHR
242
- # TODO: AND
243
- end
244
-
245
- # try push BYTE val; pop dst (3 bytes)
246
- begin
247
- return _check_badchars(push_byte(val) + pop_dword(dst), badchars)
248
- rescue ::ArgumentError, ::RuntimeError, ::RangeError
249
- end
250
-
251
- # try clear dst, mov BYTE dst (4 bytes)
252
- begin
253
- # break if val == 0
254
- return _check_badchars(clear(dst, badchars) + mov_byte(dst, val), badchars)
255
- rescue ::ArgumentError, ::RuntimeError, ::RangeError
256
- end
257
-
258
- # try mov DWORD dst (5 bytes)
259
- begin
260
- return _check_badchars(mov_dword(dst, val), badchars)
261
- rescue ::ArgumentError, ::RuntimeError, ::RangeError
262
- end
263
-
264
- # try push DWORD, pop dst (6 bytes)
265
- begin
266
- return _check_badchars(push_dword(val) + pop_dword(dst), badchars)
267
- rescue ::ArgumentError, ::RuntimeError, ::RangeError
268
- end
269
-
270
- # try clear dst, mov WORD dst (6 bytes)
271
- begin
272
- # break if val == 0
273
- return _check_badchars(clear(dst, badchars) + mov_word(dst, val), badchars)
274
- rescue ::ArgumentError, ::RuntimeError, ::RangeError
275
- end
276
-
277
- raise RuntimeError, "No valid set instruction could be created!", caller()
278
- end
279
-
280
- #
281
- # Builds a subtraction instruction using the supplied operand
282
- # and register.
283
- #
284
- def self.sub(val, reg, badchars = '', add = false, adjust = false, bits = 0)
285
- opcodes = []
286
- shift = (add == true) ? 0 : 5
287
-
288
- if (bits <= 8 and val >= -0x7f and val <= 0x7f)
289
- opcodes <<
290
- ((adjust) ? '' : clear(reg, badchars)) +
291
- "\x83" +
292
- [ encode_effective(shift, reg) ].pack('C') +
293
- [ val.to_i ].pack('C')
294
- end
295
-
296
- if (bits <= 16 and val >= -0xffff and val <= 0)
297
- opcodes <<
298
- ((adjust) ? '' : clear(reg, badchars)) +
299
- "\x66\x81" +
300
- [ encode_effective(shift, reg) ].pack('C') +
301
- [ val.to_i ].pack('v')
302
- end
303
-
304
- opcodes <<
305
- ((adjust) ? '' : clear(reg, badchars)) +
306
- "\x81" +
307
- [ encode_effective(shift, reg) ].pack('C') +
308
- [ val.to_i ].pack('V')
309
-
310
- # Search for a compatible opcode
311
- opcodes.each { |op|
312
- begin
313
- _check_badchars(op, badchars)
314
- rescue
315
- next
316
- end
317
-
318
- return op
319
- }
320
-
321
- if opcodes.empty?
322
- raise RuntimeError, "Could not find a usable opcode", caller()
323
- end
324
- end
325
-
326
- #
327
- # This method generates the opcodes equivalent to subtracting with a
328
- # negative value from a given register.
329
- #
330
- def self.add(val, reg, badchars = '', adjust = false, bits = 0)
331
- sub(val, reg, badchars, true, adjust, bits)
332
- end
333
-
334
- #
335
- # This method wrappers packing a short integer as a little-endian buffer.
336
- #
337
- def self.pack_word(num)
338
- [num].pack('v')
339
- end
340
-
341
- #
342
- # This method wrappers packing an integer as a little-endian buffer.
343
- #
344
- def self.pack_dword(num)
345
- [num].pack('V')
346
- end
347
-
348
- #
349
- # This method returns the least significant byte of a packed dword.
350
- #
351
- def self.pack_lsb(num)
352
- pack_dword(num)[0,1]
353
- end
354
-
355
- #
356
- # This method adjusts the value of the ESP register by a given amount.
357
- #
358
- def self.adjust_reg(reg, adjustment)
359
- if (adjustment > 0)
360
- sub(adjustment, reg, '', false, false, 32)
361
- else
362
- add(adjustment, reg, '', true, 32)
363
- end
364
- end
365
-
366
- def self._check_reg(*regs) # :nodoc:
367
- regs.each { |reg|
368
- if reg > 7 || reg < 0
369
- raise ArgumentError, "Invalid register #{reg}", caller()
370
- end
371
- }
372
- return nil
373
- end
374
-
375
- def self._check_badchars(data, badchars) # :nodoc:
376
- idx = Rex::Text.badchar_index(data, badchars)
377
- if idx
378
- raise RuntimeError, "Bad character at #{idx}", caller()
379
- end
380
- return data
381
- end
382
-
383
- #
384
- # This method returns an array of 'safe' FPU instructions
385
- #
386
- def self.fpu_instructions
387
- fpus = []
388
-
389
- 0xe8.upto(0xee) { |x| fpus << "\xd9" + x.chr }
390
- 0xc0.upto(0xcf) { |x| fpus << "\xd9" + x.chr }
391
- 0xc0.upto(0xdf) { |x| fpus << "\xda" + x.chr }
392
- 0xc0.upto(0xdf) { |x| fpus << "\xdb" + x.chr }
393
- 0xc0.upto(0xc7) { |x| fpus << "\xdd" + x.chr }
394
-
395
- fpus << "\xd9\xd0"
396
- fpus << "\xd9\xe1"
397
- fpus << "\xd9\xf6"
398
- fpus << "\xd9\xf7"
399
- fpus << "\xd9\xe5"
400
-
401
- # This FPU instruction seems to fail consistently on Linux
402
- #fpus << "\xdb\xe1"
403
-
404
- fpus
405
- end
406
-
407
- #
408
- # This method returns an array containing a geteip stub, a register, and an offset
409
- # This method will return nil if the getip generation fails
410
- #
411
- def self.geteip_fpu(badchars)
412
-
413
- #
414
- # Default badchars to an empty string
415
- #
416
- badchars ||= ''
417
-
418
- #
419
- # Bail out early if D9 is restricted
420
- #
421
- return nil if badchars.index("\xd9")
422
-
423
- #
424
- # Create a list of FPU instructions
425
- #
426
- fpus = *self.fpu_instructions
427
- bads = []
428
- badchars.each_byte do |c|
429
- fpus.each do |str|
430
- bads << str if (str.index(c.chr))
431
- end
432
- end
433
- bads.each { |str| fpus.delete(str) }
434
- return nil if fpus.length == 0
435
-
436
- #
437
- # Create a list of registers to use for fnstenv
438
- #
439
- dsts = []
440
- 0.upto(7) do |c|
441
- dsts << c if (not badchars.index( (0x70+c).chr ))
442
- end
443
-
444
- if (dsts.include?(ESP) and badchars.index("\x24"))
445
- dsts.delete(ESP)
446
- end
447
-
448
- return nil if dsts.length == 0
449
-
450
- #
451
- # Grab a random FPU instruction
452
- #
453
- fpu = fpus[ rand(fpus.length) ]
454
-
455
- #
456
- # Grab a random register from dst
457
- #
458
- while(dsts.length > 0)
459
- buf = ''
460
- dst = dsts[ rand(dsts.length) ]
461
- dsts.delete(dst)
462
-
463
- # If the register is not ESP, copy ESP
464
- if (dst != ESP)
465
- next if badchars.index( (0x70 + dst).chr )
466
-
467
- if !(badchars.index("\x89") or badchars.index( (0xE0+dst).chr ))
468
- buf << "\x89" + (0xE0 + dst).chr
469
- else
470
- next if badchars.index("\x54")
471
- next if badchars.index( (0x58+dst).chr )
472
- buf << "\x54" + (0x58 + dst).chr
473
- end
474
- end
475
-
476
- pad = 0
477
- while (pad < (128-12) and badchars.index( (256-12-pad).chr))
478
- pad += 4
479
- end
480
-
481
- # Give up on finding a value to use here
482
- if (pad == (128-12))
483
- return nil
484
- end
485
-
486
- out = buf + fpu + "\xd9" + (0x70 + dst).chr
487
- out << "\x24" if dst == ESP
488
- out << (256-12-pad).chr
489
-
490
- regs = [*(0..7)]
491
- while (regs.length > 0)
492
- reg = regs[ rand(regs.length) ]
493
- regs.delete(reg)
494
- next if reg == ESP
495
- next if badchars.index( (0x58 + reg).chr )
496
-
497
- # Pop the value back out
498
- 0.upto(pad / 4) { |c| out << (0x58 + reg).chr }
499
-
500
- # Fix the value to point to self
501
- gap = out.length - buf.length
502
-
503
- return [out, REG_NAMES32[reg].upcase, gap]
504
- end
505
- end
506
-
507
- return nil
508
- end
509
-
510
- end
511
-
512
- end end
513
-