librex 0.0.13 → 0.0.15

data/lib/rex/proto/dcerpc/packet.rb.ut.rb

@@ -1,56 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
-
-require 'rex/test'
-require 'rex/proto/dcerpc/packet'
-
-class Rex::Proto::DCERPC::Packet::UnitTest < Test::Unit::TestCase
-
-	Klass = Rex::Proto::DCERPC::Packet
-
-	def test_parse
-		
-		actual = Klass.make_bind('367abb81-9844-35f1-ad32-98f038001003', '2.0')
-		expected = ["\005\000\v\003\020\000\000\000H\000\000\000\000\000\000\000\320\026\320\026\000\000\000\000\001\000\000\000\000\000\001\000\201\273z6D\230\3615\2552\230\3608\000\020\003\002\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000", 0]
-		assert_equal(expected, actual, 'bind')
-
-		srand(0)
-		actual = Klass.make_bind_fake_multi('367abb81-9844-35f1-ad32-98f038001003', '2.0')
-		expected = [ "\005\000\v\003\020\000\000\0004\003\000\000\000\000\000\000\320\026\320\026\000\000\000\000\022\000\000\000\000\000\001\000u\300C\373\303g\t\323\025\362$WF\330X\214\002\000\001\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\001\000\001\000\346'W\256XQ\245\031MH\t\224s\320\363\305\000\000\002\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\002\000\001\000c\330\261\363\035\223\223\216\247 \301\t\271\177 \037\002\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\003\000\001\000\227\243\376\313r\267\034\"\200\200\2445\205&\350\364\001\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\004\000\001\000\204i*\272\037x\001A\347\2519#fw\v\256\002\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\005\000\001\000\200\216c5\214y\252T\313D\006\304/\177\364\203\004\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\006\000\001\000\264\350N\217\224\343\272\027\317\215uU01E\251\003\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\a\000\001\000_\305^\000q\262$\2420]\203b*\315p\347\005\000\001\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\010\000\001\000\177\000\212r+\272\177\027\273\202yb>\243\336{\003\000\002\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\t\000\001\000\256\343\224\3212\233\016):\301$\nV+h\v\002\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\n\000\001\000P \266\200&\023\256*s\270\274\350M\036\030}\002\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\v\000\001\000^\342k\rp(H\023_H\232\302\370\264C\354\005\000\002\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\f\000\001\000`\004\303\355\213\374V\315ymK\270\020\230\235\225\001\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\r\000\001\000\274yvu\275S\241h\240\344\373\373yF\325\037\005\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\016\000\001\000\201\273z6D\230\3615\2552\230\3608\000\020\003\002\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\017\000\001\000\270\230O)\022(\266\317\v\246o]\371\201\337v\004\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\020\000\001\000}\030C\322\357\003\352\314\346#\326\376\275\305\327+\000\000\003\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000\021\000\001\000h\324\212\266\353\245}\234o\350\002\e\323\331\2275\003\000\002\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000", 14]
-		assert_equal(expected, actual, 'bind fake multi')
-
-		actual = Klass.make_alter_context('367abb81-9844-35f1-ad32-98f038001003', '2.0')
-		expected = "\005\000\016\003\020\000\000\000H\000\000\000\000\000\000\000\320\026\320\026\000\000\000\000\001\000\000\000\000\000\001\000\201\273z6D\230\3615\2552\230\3608\000\020\003\002\000\000\000\004]\210\212\353\034\311\021\237\350\010\000+\020H`\002\000\000\000"
-		assert_equal(expected, actual, 'alter context')
-	
-		actual = Klass.make_request(1337, '', 1024, 7331)
-		expected = ["\005\000\000\003\020\000\000\000\030\000\000\000\000\000\000\000\000\000\000\000\243\0349\005"]
-		assert_equal(expected, actual, 'make_request with no stub')
-		
-		actual = Klass.make_request(1337, 'ABCD', 1024, 7331)
-		expected = ["\005\000\000\003\020\000\000\000\034\000\000\000\000\000\000\000\004\000\000\000\243\0349\005ABCD"]
-		assert_equal(expected, actual, 'make_request with stub')
-		
-		actual = Klass.make_request(1337, 'ABCD', 3, 7331)
-		expected = ["\005\000\000\001\020\000\000\000\e\000\000\000\000\000\000\000\003\000\000\000\243\0349\005ABC", "\005\000\000\002\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005D"]
-		assert_equal(expected, actual, 'make_request with 2 frags')
-		
-		actual = Klass.make_request(1337, 'ABCD', 1, 7331)	
-		expected = ["\005\000\000\001\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005A", "\005\000\000\000\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005B", "\005\000\000\000\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005C", "\005\000\000\002\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005D"]
-		assert_equal(expected, actual, 'make_request with 4 frags')
-		
-		
-		actual = Klass.make_request(1337, '', 1024, 7331, '367abb81-9844-35f1-ad32-98f038001003')
-		expected = ["\005\000\000\x83\020\000\000\000\030\000\000\000\000\000\000\000\000\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003"]
-		assert_equal(expected, actual, 'make_request with no stub, with object_id')
-		
-		actual = Klass.make_request(1337, 'ABCD', 1024, 7331, '367abb81-9844-35f1-ad32-98f038001003')
-		expected = ["\005\000\000\x83\020\000\000\000\034\000\000\000\000\000\000\000\004\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003ABCD"]
-		assert_equal(expected, actual, 'make_request with stub, with object_id')
-		
-		actual = Klass.make_request(1337, 'ABCD', 1, 7331, '367abb81-9844-35f1-ad32-98f038001003')
-		expected = ["\005\000\000\x81\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003A", "\005\000\000\x80\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003B", "\005\000\000\x80\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003C", "\005\000\000\x82\020\000\000\000\031\000\000\000\000\000\000\000\001\000\000\000\243\0349\005\201\273z6D\230\3615\2552\230\3608\000\020\003D"]
-		assert_equal(expected, actual, 'make_request with 4 frags')
-	end
-end

data/lib/rex/proto/dcerpc/response.rb

@@ -1,187 +0,0 @@
-require 'rex/proto/dcerpc/uuid'
-require 'rex/proto/dcerpc/exceptions'
-
-module Rex
-module Proto
-module DCERPC
-class Response
-
-	attr_accessor :frag_len, :auth_len, :type, :vers_major, :vers_minor
-	attr_accessor :flags, :data_rep, :call_id, :max_frag_xmit, :max_frag_recv
-	attr_accessor :assoc_group, :sec_addr_len, :sec_addr, :num_results
-	attr_accessor :nack_reason, :xfer_syntax_uuid, :xfer_syntax_vers
-	attr_accessor :ack_reason, :ack_result, :ack_xfer_syntax_uuid, :ack_xfer_syntax_vers
-	attr_accessor :alloc_hint, :context_id, :cancel_cnt, :status, :stub_data
-	attr_accessor :raw
-
-	# Create a new DCERPC::Response object
-	# This can be initialized in two ways:
-	# 1) Call .new() with the first 10 bytes of packet, then call parse on the rest
-	# 2) Call .new() with the full packet contents
-	def initialize(data)
-
-		self.ack_result = []
-		self.ack_reason = []
-		self.ack_xfer_syntax_uuid = []
-		self.ack_xfer_syntax_vers = []
-
-		if (! data or data.length < 10)
-			raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
-		end
-
-		if (data.length == 10)
-			self.frag_len = data[8,2].unpack('v')[0]
-			self.raw = data
-		end
-
-		if (data.length > 10)
-			self.raw = data
-			self.parse
-		end
-	end
-
-	# Parse the contents of a DCERPC response packet and fill out all the fields
-	def parse(body = '')
-		self.raw = self.raw + body
-		self.type = self.raw[2,1].unpack('C')[0]
-
-		uuid = Rex::Proto::DCERPC::UUID
-		data = self.raw
-
-
-		if(not data)
-			raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
-		end
-
-		# BIND_ACK == 12, ALTER_CONTEXT_RESP == 15
-		if (self.type == 12 or self.type == 15)
-
-			# Decode most of the DCERPC header
-			self.vers_major,
-			self.vers_minor,
-			trash,
-			self.flags,
-			self.data_rep,
-			self.frag_len,
-			self.auth_len,
-			self.call_id,
-			self.max_frag_xmit,
-			self.max_frag_recv,
-			self.assoc_group,
-			self.sec_addr_len = data.unpack('CCCCNvvVvvVv')
-
-
-			if(not self.frag_len or data.length < self.frag_len)
-				raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
-			end
-
-			# Keep an offset into the packet handy
-			x = 0
-
-			# XXX This is still somewhat broken (4 digit ports)
-			self.sec_addr = data[26, self.sec_addr_len]
-
-			# Move the pointer into the packet forward
-			x += 26 + self.sec_addr_len
-
-			# Align the pointer on a dword boundary
-			while (x % 4 != 0)
-				x += 1
-			end
-
-			# Figure out how many results we have (multiple-context binds)
-			self.num_results = data[ x, 4 ].unpack('V')[0]
-
-			# Move the pointer to the ack_result[0] offset
-			x += 4
-
-			# Initialize the ack_result index
-			ack = 0
-
-			# Scan through all results and add them to the result arrays
-			while ack < self.num_results
-				self.ack_result[ack] = data[ x + 0, 2 ].unpack('v')[0]
-				self.ack_reason[ack] = data[ x + 2, 2 ].unpack('v')[0]
-				self.ack_xfer_syntax_uuid[ack] = uuid.uuid_unpack(data[ x + 4, 16 ])
-				self.ack_xfer_syntax_vers[ack] = data[ x + 20, 4 ].unpack('V')[0]
-				x += 24
-				ack += 1
-			end
-
-			# End of BIND_ACK || ALTER_CONTEXT_RESP
-		end
-
-		# BIND_NACK == 13
-		if (self.type == 13)
-
-			# Decode most of the DCERPC header
-			self.vers_major,
-			self.vers_minor,
-			trash,
-			self.flags,
-			self.data_rep,
-			self.frag_len,
-			self.auth_len,
-			self.call_id,
-			self.nack_reason = data.unpack('CCCCNvvVv')
-		end
-
-		# RESPONSE == 2
-		if (self.type == 2)
-
-			# Decode the DCERPC response header
-			self.vers_major,
-			self.vers_minor,
-			trash,
-			self.flags,
-			self.data_rep,
-			self.frag_len,
-			self.auth_len,
-			self.call_id,
-			self.alloc_hint,
-			self.context_id,
-			self.cancel_cnt = data.unpack('CCCCNvvVVvC')
-
-			# Error out if the whole header was not read
-			if !(self.alloc_hint and self.context_id and self.cancel_cnt)
-				raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
-			end
-
-			# Put the application data into self.stub_data
-			self.stub_data = data[data.length - self.alloc_hint, 0xffff]
-			# End of RESPONSE
-		end
-
-		# FAULT == 3
-		if (self.type == 3)
-
-			# Decode the DCERPC response header
-			self.vers_major,
-			self.vers_minor,
-			trash,
-			self.flags,
-			self.data_rep,
-			self.frag_len,
-			self.auth_len,
-			self.call_id,
-			self.alloc_hint,
-			self.context_id,
-			self.cancel_cnt,
-			trash,
-			self.status = data.unpack('CCCCNvvVVvCCV')
-
-			# Put the application data into self.stub_data
-			self.stub_data = data[data.length - self.alloc_hint, 0xffff]
-			# End of FAULT
-		end
-
-	end
-
-protected
-#	attr_accessor :raw
-
-end
-end
-end
-end
-

data/lib/rex/proto/dcerpc/response.rb.ut.rb

@@ -1,15 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
-
-require 'rex/test'
-require 'rex/proto/dcerpc/response'
-	
-class Rex::Proto::DCERPC::Response::UnitTest < Test::Unit::TestCase
-
-	Klass = Rex::Proto::DCERPC::Response
-
-	def test_parse
-
-	end
-end

data/lib/rex/proto/dcerpc/uuid.rb

@@ -1,84 +0,0 @@
-module Rex
-module Proto
-module DCERPC
-class UUID
-
-
-	@@known_uuids =
-	{
-		'MGMT'      => [ 'afa8bd80-7d8a-11c9-bef4-08002b102989', '2.0' ],
-		'REMACT'    => [ '4d9f4ab8-7d1c-11cf-861e-0020af6e7c57', '0.0' ],
-		'SYSACT'    => [ '000001a0-0000-0000-c000-000000000046', '0.0' ],
-		'LSA_DS'    => [ '3919286a-b10c-11d0-9ba8-00c04fd92ef5', '0.0' ],
-		'SAMR'      => [ '12345778-1234-abcd-ef00-0123456789ac', '1.0' ],
-		'MSMQ'      => [ 'fdb3a030-065f-11d1-bb9b-00a024ea5525', '1.0' ],
-		'EVENTLOG'  => [ '82273fdc-e32a-18c3-3f78-827929dc23ea', '0.0' ],
-		'SVCCTL'    => [ '367abb81-9844-35f1-ad32-98f038001003', '2.0' ],
-		'SRVSVC'    => [ '4b324fc8-1670-01d3-1278-5a47bf6ee188', '3.0' ],
-		'PNP'       => [ '8d9f4e40-a03d-11ce-8f69-08003e30051b', '1.0' ]
-	}
-
-	# Convert a UUID in binary format to the string representation	
-	def self.uuid_unpack(uuid_bin)
-		raise ArgumentError if uuid_bin.length != 16
-		sprintf("%.8x-%.4x-%.4x-%.4x-%s",
-			uuid_bin[ 0, 4].unpack('V')[0],
-			uuid_bin[ 4, 2].unpack('v')[0],
-			uuid_bin[ 6, 2].unpack('v')[0],
-			uuid_bin[ 8, 2].unpack('n')[0],
-			uuid_bin[10, 6].unpack('H*')[0]
-		)	
-	end
-
-	# Validate a text based UUID
-	def self.is? (uuid_str)
-		raise ArgumentError if !uuid_str
-		if uuid_str.match(/^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}$/)
-			return true
-		else
-			return false
-		end
-	end
-
-	# Convert a UUID in string format to the binary representation
-	def self.uuid_pack (uuid_str)
-		raise ArgumentError if !self.is?(uuid_str)
-		parts = uuid_str.split('-')
-		[ parts[0].hex, parts[1].hex, parts[2].hex, parts[3].hex ].pack('Vvvn') + [ parts[4] ].pack('H*')
-	end
-	
-	# Provide the common TransferSyntax UUID in packed format
-	def self.xfer_syntax_uuid ()
-		self.uuid_pack('8a885d04-1ceb-11c9-9fe8-08002b104860')
-	end
-	
-	# Provide the common TransferSyntax version number
-	def self.xfer_syntax_vers ()
-		'2.0'
-	end
-	
-	# Determine the UUID string for the DCERPC service with this name	
-	def self.uuid_by_name (name) 
-		if @@known_uuids.key?(name)
-			@@known_uuids[name][0]
-		end
-	end
-	
-	# Determine the common version number for the DCERPC service with this name
-	def self.vers_by_name (name)
-		if @@known_uuids.key?(name)
-			@@known_uuids[name][1]
-		end
-	end
-	
-	# Convert a string or number in float format to two unique numbers 2.0 => [2, 0]
-	def self.vers_to_nums (vers) 
-		vers_maj = vers.to_i
-		vers_min = ((vers.to_f - vers.to_i) * 10).to_i
-		return vers_maj, vers_min
-	end
-	
-end
-end
-end
-end

data/lib/rex/proto/dcerpc/uuid.rb.ut.rb

@@ -1,46 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
-
-require 'rex/test'
-require 'rex/exceptions'
-require 'rex/proto/dcerpc/uuid'
-
-class Rex::Proto::DCERPC::UUID::UnitTest < Test::Unit::TestCase
-
-	Klass = Rex::Proto::DCERPC::UUID
-
-	def test_is_uuid
-		assert(Klass.is?('afa8bd80-7d8a-11c9-bef4-08002b102989'), 'valid')
-		assert(!Klass.is?('afa8bd80-7d8a-11c9-bef4-08002b10298'), 'too short')
-		assert(!Klass.is?('afa8bd80-7d8a-11c9-bef4-08002b10298Z'), 'invalid character')
-		assert(!Klass.is?('afa8bd80-7d8a-11c9-bef4a08002b10298a'), 'missing dash')
-		assert(!Klass.is?('afa8bd80-7d8a-11c9-bef-a08002b10298a'), 'dash in wrong place')
-		assert_raise(Rex::ArgumentError, 'pack - too short') { Klass.is?(nil) }
-	end
-
-	def test_lookup
-		assert_equal(Klass.uuid_by_name('MGMT'), 'afa8bd80-7d8a-11c9-bef4-08002b102989', 'uuid_by_name')
-		assert_equal(Klass.vers_by_name('MGMT'), '2.0', 'vers_by_name')
-		assert(!Klass.uuid_by_name('NO_SUCH_UUID'), 'uuid_by_name - invalid')
-		assert(!Klass.vers_by_name('NO_SUCH_UUID'), 'vers_by_name - invalid')
-	end
-
-	def test_packing
-		uuid = '367abb81-9844-35f1-ad32-98f038001003'
-		assert_equal(Klass.uuid_pack(uuid), "\201\273z6D\230\3615\2552\230\3608\000\020\003", 'pack')
-		assert_equal(Klass.uuid_unpack("\201\273z6D\230\3615\2552\230\3608\000\020\003"), uuid, 'unpack')
-		assert_raise(Rex::ArgumentError, 'pack - too short') { Klass.uuid_pack('foo') }
-		assert_raise(Rex::ArgumentError, 'unpack - too short') { Klass.uuid_unpack('foo') }
-	end
-
-	def test_xfer
-		assert_equal(Klass.xfer_syntax_uuid(), "\004]\210\212\353\034\311\021\237\350\010\000+\020H`", 'xfer_syntax_uuid')
-		assert_equal(Klass.xfer_syntax_vers(), '2.0', 'xfer_syntax_vers')
-	end
-
-	def test_vers
-		assert_equal(Klass.vers_to_nums('2.0'), [2, 0], 'vers_to_nums')
-		assert_equal(Klass.vers_to_nums('2'), [2, 0], 'vers_to_nums (short)')
-	end
-end

data/lib/rex/proto/dhcp.rb

@@ -1,7 +0,0 @@
-# $Id: dhcp.rb 9970 2010-08-07 06:45:02Z jduck $
-#
-# DHCP Server support written by scriptjunkie
-#
-
-require 'rex/proto/dhcp/constants'
-require 'rex/proto/dhcp/server'

data/lib/rex/proto/dhcp/constants.rb

@@ -1,33 +0,0 @@
-# $Id: constants.rb 9990 2010-08-13 03:11:30Z jduck $
-require 'rex/proto/dhcp'
-
-module Rex
-module Proto
-module DHCP
-
-Request = 1
-Response = 2
-
-DHCPDiscover = 1
-DHCPOffer = 2
-DHCPRequest = 3
-DHCPAck = 5
-
-DHCPMagic = "\x63\x82\x53\x63"
-
-OpDHCPServer = 0x36
-OpLeaseTime = 0x33
-OpSubnetMask = 1
-OpRouter = 3
-OpDns = 6
-OpEnd = 0xff
-
-PXEMagic = "\xF1\x00\x74\x7E"
-OpPXEMagic = 0xD0
-OpPXEConfigFile = 0xD1
-OpPXEPathPrefix = 0xD2
-OpPXERebootTime = 0xD3
-
-end
-end
-end

data/lib/rex/proto/dhcp/server.rb

@@ -1,292 +0,0 @@
-# $Id: server.rb 12030 2011-03-20 00:33:02Z scriptjunkie $
-
-require 'rex/socket'
-require 'rex/proto/dhcp'
-
-module Rex
-module Proto
-module DHCP
-
-##
-#
-# DHCP Server class
-# not completely configurable - written specifically for a PXE server
-# - scriptjunkie
-##
-
-class Server
-
-	include Rex::Socket
-
-	def initialize(hash, context = {})
-		self.listen_host = '0.0.0.0' # clients don't already have addresses. Needs to be 0.0.0.0
-		self.listen_port = 67 # mandatory (bootps)
-		self.context = context
-		self.sock = nil
-
-		@shutting_down = false
-
-		self.myfilename = hash['FILENAME'] || ""
-		self.myfilename << ("\x00" * (128 - self.myfilename.length))
-
-		source = hash['SRVHOST'] || Rex::Socket.source_address
-		self.ipstring = Rex::Socket.addr_aton(source)
-
-		ipstart = hash['DHCPIPSTART']
-		if ipstart
-			self.start_ip = Rex::Socket.addr_atoi(ipstart)
-		else
-			# Use the first 3 octects of the server's IP to construct the
-			# default range of x.x.x.32-254
-			self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first
-		end
-		self.current_ip = start_ip
-
-		ipend = hash['DHCPIPEND']
-		if ipend
-			self.end_ip = Rex::Socket.addr_atoi(ipend)
-		else
-			# Use the first 3 octects of the server's IP to construct the
-			# default range of x.x.x.32-254
-			self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first
-		end
-
-		# netmask
-		netmask = hash['NETMASK'] || "255.255.255.0"
-		self.netmaskn = Rex::Socket.addr_aton(netmask)
-
-		# router
-		router = hash['ROUTER'] || source
-		self.router = Rex::Socket.addr_aton(router)
-
-		# dns
-		dnsserv = hash['DNSSERVER'] || source
-		self.dnsserv = Rex::Socket.addr_aton(dnsserv)
-
-		# broadcast
-		if hash['BROADCAST']
-			self.broadcasta = Rex::Socket.addr_aton(hash['BROADCAST'])
-		else
-			self.broadcasta = Rex::Socket.addr_itoa( self.start_ip | (Rex::Socket.addr_ntoi(self.netmaskn) ^ 0xffffffff) )
-		end
-
-		self.served = {}
-		if (hash['SERVEONCE'])
-			self.serveOnce = true
-		else
-			self.serveOnce = false
-		end
-		
-		if (hash['PXE'])
-			self.servePXE = true
-		else
-			self.servePXE = false
-		end
-		
-		self.leasetime = 600
-		self.relayip = "\x00\x00\x00\x00" # relay ip - not currently suported
-		self.pxeconfigfile = "update2"
-		self.pxepathprefix = ""
-		self.pxereboottime = 2000
-	end
-
-
-	# Start the DHCP server
-	def start
-		self.sock = Rex::Socket::Udp.create(
-			'LocalHost' => listen_host,
-			'LocalPort' => listen_port,
-			'Context'   => context
-		)
-
-		self.thread = Rex::ThreadFactory.spawn("DHCPServerMonitor", false) {
-			monitor_socket
-		}
-	end
-
-	# Stop the DHCP server
-	def stop
-		@shutting_down = true
-		self.thread.kill
-		self.sock.close rescue nil
-	end
-
-
-	# Set an option
-	def set_option(opts)
-		allowed_options = [
-			:serveOnce, :servePXE, :relayip, :leasetime, :dnsserv,
-			:pxeconfigfile, :pxepathprefix, :pxereboottime, :router
-		]
-
-		opts.each_pair { |k,v|
-			next if not v
-			if allowed_options.include?(k)
-				self.instance_variable_set("@#{k}", v)
-			end
-		}
-	end
-
-
-	# Send a single packet to the specified host
-	def send_packet(ip, pkt)
-		port = 68 # bootpc
-		if ip
-			self.sock.sendto( pkt, ip, port )
-		else
-			if not self.sock.sendto( pkt, '255.255.255.255', port )
-				self.sock.sendto( pkt, self.broadcasta, port )
-			end
-		end
-	end
-
-	attr_accessor :listen_host, :listen_port, :context, :leasetime, :relayip, :router, :dnsserv
-	attr_accessor :sock, :thread, :myfilename, :ipstring, :served, :serveOnce
-	attr_accessor :current_ip, :start_ip, :end_ip, :broadcasta, :netmaskn
-	attr_accessor :servePXE, :pxeconfigfile, :pxepathprefix, :pxereboottime
-
-protected
-
-
-	# See if there is anything to do.. If so, dispatch it.
-	def monitor_socket
-		while true
-			rds = [@sock]
-			wds = []
-			eds = [@sock]
-
-			r,w,e = ::IO.select(rds,wds,eds,1)
-
-			if (r != nil and r[0] == self.sock)
-				buf,host,port = self.sock.recvfrom(65535)
-				# Lame compatabilitiy :-/
-				from = [host, port]
-				dispatch_request(from, buf)
-			end
-
-		end
-	end
-
-	def dhcpoption(type, val = nil)
-		ret = ''
-		ret << [type].pack('C')
-
-		if val
-			ret << [val.length].pack('C') + val
-		end
-
-		ret
-	end
-
-	# Dispatch a packet that we received
-	def dispatch_request(from, buf)
-		type = buf.unpack('C').first
-		if (type != Request)
-			#dlog("Unknown DHCP request type: #{type}")
-			return
-		end
-
-		# parse out the members
-		hwtype = buf[1,1]
-		hwlen = buf[2,1].unpack("C").first
-		hops = buf[3,1]
-		txid = buf[4..7]
-		elapsed = buf[8..9]
-		flags = buf[10..11]
-		clientip = buf[12..15]
-		givenip = buf[16..19]
-		nextip = buf[20..23]
-		relayip = buf[24..27]
-		clienthwaddr = buf[28..(27+hwlen)]
-		servhostname = buf[44..107]
-		filename = buf[108..235]
-		magic = buf[236..239]
-
-		if (magic != DHCPMagic)
-			#dlog("Invalid DHCP request - bad magic.")
-			return
-		end
-
-		messageType = 0
-		pxeclient = false
-
-		# options parsing loop
-		spot = 240
-		while (spot < buf.length - 3)
-			optionType = buf[spot,1].unpack("C").first
-			break if optionType == 0xff
-
-			optionLen = buf[spot + 1,1].unpack("C").first
-			optionValue = buf[(spot + 2)..(spot + optionLen + 1)]
-			spot = spot + optionLen + 2
-			if optionType == 53
-				messageType = optionValue.unpack("C").first
-			elsif optionType == 150
-				pxeclient = true
-			end
-		end
-
-		if pxeclient == false && self.servePXE == true
-			#dlog ("No tftp server request; ignoring (probably not PXE client)")
-			return
-		end
-
-		# prepare response
-		pkt = [Response].pack('C')
-		pkt << buf[1..7] #hwtype, hwlen, hops, txid
-		pkt << "\x00\x00\x00\x00"  #elapsed, flags
-		pkt << clientip
-		if messageType == DHCPDiscover
-			# give next ip address (not super reliable high volume but it should work for a basic server)
-			self.current_ip += 1
-			if self.current_ip > self.end_ip
-				self.current_ip = self.start_ip
-			end
-		end
-		pkt << Rex::Socket.addr_iton(self.current_ip)
-		pkt << self.ipstring #next server ip
-		pkt << self.relayip
-		pkt << buf[28..43] #client hw address
-		pkt << servhostname
-		pkt << self.myfilename
-		pkt << magic
-		pkt << "\x35\x01" #Option
-
-		if messageType == DHCPDiscover  #DHCP Discover - send DHCP Offer
-			pkt << [DHCPOffer].pack('C')
-			# check if already served based on hw addr (MAC address)
-			if self.serveOnce == true && self.served.has_key?(buf[28..43])
-				#dlog ("Already served; allowing normal boot")
-				return
-			end
-		elsif messageType == DHCPRequest #DHCP Request - send DHCP ACK
-			pkt << [DHCPAck].pack('C')
-			# now we ignore their discovers (but we'll respond to requests in case a packet was lost)
-			self.served.merge!( buf[28..43] => true ) 
-		else
-			#dlog("ignoring unknown DHCP request - type #{messageType}")
-			return
-		end
-
-		# Options!
-		pkt << dhcpoption(OpDHCPServer, self.ipstring)
-		pkt << dhcpoption(OpLeaseTime, [self.leasetime].pack('N'))
-		pkt << dhcpoption(OpSubnetMask, self.netmaskn)
-		pkt << dhcpoption(OpRouter, self.router)
-		pkt << dhcpoption(OpDns, self.dnsserv)
-		pkt << dhcpoption(OpPXEMagic, PXEMagic)
-		pkt << dhcpoption(OpPXEConfigFile, self.pxeconfigfile)
-		pkt << dhcpoption(OpPXEPathPrefix, self.pxepathprefix)
-		pkt << dhcpoption(OpPXERebootTime, [self.pxereboottime].pack('N'))
-		pkt << dhcpoption(OpEnd)
-
-		pkt << ("\x00" * 32) #padding
-
-		send_packet(nil, pkt)
-	end
-
-end
-
-end
-end
-end