librex 0.0.13 → 0.0.15

Sign up to get free protection for your applications and to get access to all the features.
Files changed (435) hide show
  1. data/README.markdown +1 -1
  2. data/Rakefile +1 -0
  3. metadata +3 -435
  4. data/lib/rex/LICENSE +0 -29
  5. data/lib/rex/arch.rb +0 -103
  6. data/lib/rex/arch/sparc.rb +0 -75
  7. data/lib/rex/arch/sparc.rb.ut.rb +0 -18
  8. data/lib/rex/arch/x86.rb +0 -513
  9. data/lib/rex/arch/x86.rb.ut.rb +0 -93
  10. data/lib/rex/assembly/nasm.rb +0 -104
  11. data/lib/rex/assembly/nasm.rb.ut.rb +0 -22
  12. data/lib/rex/codepage.map +0 -104
  13. data/lib/rex/compat.rb +0 -311
  14. data/lib/rex/constants.rb +0 -113
  15. data/lib/rex/elfparsey.rb +0 -11
  16. data/lib/rex/elfparsey/elf.rb +0 -123
  17. data/lib/rex/elfparsey/elfbase.rb +0 -258
  18. data/lib/rex/elfparsey/exceptions.rb +0 -27
  19. data/lib/rex/elfscan.rb +0 -12
  20. data/lib/rex/elfscan/scanner.rb +0 -207
  21. data/lib/rex/elfscan/search.rb +0 -46
  22. data/lib/rex/encoder/alpha2.rb +0 -31
  23. data/lib/rex/encoder/alpha2/alpha_mixed.rb +0 -68
  24. data/lib/rex/encoder/alpha2/alpha_upper.rb +0 -79
  25. data/lib/rex/encoder/alpha2/generic.rb +0 -114
  26. data/lib/rex/encoder/alpha2/unicode_mixed.rb +0 -117
  27. data/lib/rex/encoder/alpha2/unicode_upper.rb +0 -129
  28. data/lib/rex/encoder/ndr.rb +0 -89
  29. data/lib/rex/encoder/ndr.rb.ut.rb +0 -44
  30. data/lib/rex/encoder/nonalpha.rb +0 -61
  31. data/lib/rex/encoder/nonupper.rb +0 -64
  32. data/lib/rex/encoder/xdr.rb +0 -106
  33. data/lib/rex/encoder/xdr.rb.ut.rb +0 -29
  34. data/lib/rex/encoder/xor.rb +0 -69
  35. data/lib/rex/encoder/xor/dword.rb +0 -13
  36. data/lib/rex/encoder/xor/dword_additive.rb +0 -13
  37. data/lib/rex/encoders/xor_dword.rb +0 -35
  38. data/lib/rex/encoders/xor_dword_additive.rb +0 -53
  39. data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -12
  40. data/lib/rex/encoding/xor.rb +0 -20
  41. data/lib/rex/encoding/xor.rb.ts.rb +0 -14
  42. data/lib/rex/encoding/xor/byte.rb +0 -15
  43. data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -21
  44. data/lib/rex/encoding/xor/dword.rb +0 -21
  45. data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -15
  46. data/lib/rex/encoding/xor/dword_additive.rb +0 -92
  47. data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -15
  48. data/lib/rex/encoding/xor/exceptions.rb +0 -17
  49. data/lib/rex/encoding/xor/generic.rb +0 -146
  50. data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -120
  51. data/lib/rex/encoding/xor/qword.rb +0 -15
  52. data/lib/rex/encoding/xor/word.rb +0 -21
  53. data/lib/rex/encoding/xor/word.rb.ut.rb +0 -13
  54. data/lib/rex/exceptions.rb +0 -275
  55. data/lib/rex/exceptions.rb.ut.rb +0 -44
  56. data/lib/rex/exploitation/cmdstager.rb +0 -9
  57. data/lib/rex/exploitation/cmdstager/base.rb +0 -175
  58. data/lib/rex/exploitation/cmdstager/debug_asm.rb +0 -142
  59. data/lib/rex/exploitation/cmdstager/debug_write.rb +0 -136
  60. data/lib/rex/exploitation/cmdstager/tftp.rb +0 -63
  61. data/lib/rex/exploitation/cmdstager/vbs.rb +0 -128
  62. data/lib/rex/exploitation/egghunter.rb +0 -277
  63. data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -25
  64. data/lib/rex/exploitation/encryptjs.rb +0 -77
  65. data/lib/rex/exploitation/heaplib.js.b64 +0 -331
  66. data/lib/rex/exploitation/heaplib.rb +0 -94
  67. data/lib/rex/exploitation/javascriptosdetect.rb +0 -897
  68. data/lib/rex/exploitation/obfuscatejs.rb +0 -335
  69. data/lib/rex/exploitation/omelet.rb +0 -320
  70. data/lib/rex/exploitation/omelet.rb.ut.rb +0 -13
  71. data/lib/rex/exploitation/opcodedb.rb +0 -818
  72. data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -279
  73. data/lib/rex/exploitation/seh.rb +0 -92
  74. data/lib/rex/exploitation/seh.rb.ut.rb +0 -19
  75. data/lib/rex/file.rb +0 -112
  76. data/lib/rex/file.rb.ut.rb +0 -16
  77. data/lib/rex/image_source.rb +0 -12
  78. data/lib/rex/image_source/disk.rb +0 -60
  79. data/lib/rex/image_source/image_source.rb +0 -46
  80. data/lib/rex/image_source/memory.rb +0 -37
  81. data/lib/rex/io/bidirectional_pipe.rb +0 -157
  82. data/lib/rex/io/datagram_abstraction.rb +0 -35
  83. data/lib/rex/io/stream.rb +0 -319
  84. data/lib/rex/io/stream_abstraction.rb +0 -197
  85. data/lib/rex/io/stream_server.rb +0 -211
  86. data/lib/rex/job_container.rb +0 -187
  87. data/lib/rex/logging.rb +0 -4
  88. data/lib/rex/logging/log_dispatcher.rb +0 -179
  89. data/lib/rex/logging/log_sink.rb +0 -42
  90. data/lib/rex/logging/sinks/flatfile.rb +0 -55
  91. data/lib/rex/logging/sinks/stderr.rb +0 -43
  92. data/lib/rex/machparsey.rb +0 -9
  93. data/lib/rex/machparsey/exceptions.rb +0 -34
  94. data/lib/rex/machparsey/mach.rb +0 -209
  95. data/lib/rex/machparsey/machbase.rb +0 -408
  96. data/lib/rex/machscan.rb +0 -9
  97. data/lib/rex/machscan/scanner.rb +0 -217
  98. data/lib/rex/mime.rb +0 -9
  99. data/lib/rex/mime/header.rb +0 -77
  100. data/lib/rex/mime/message.rb +0 -144
  101. data/lib/rex/mime/part.rb +0 -20
  102. data/lib/rex/nop/opty2.rb +0 -108
  103. data/lib/rex/nop/opty2.rb.ut.rb +0 -23
  104. data/lib/rex/nop/opty2_tables.rb +0 -300
  105. data/lib/rex/ole.rb +0 -205
  106. data/lib/rex/ole/clsid.rb +0 -47
  107. data/lib/rex/ole/difat.rb +0 -141
  108. data/lib/rex/ole/directory.rb +0 -231
  109. data/lib/rex/ole/direntry.rb +0 -240
  110. data/lib/rex/ole/docs/dependencies.txt +0 -8
  111. data/lib/rex/ole/docs/references.txt +0 -1
  112. data/lib/rex/ole/fat.rb +0 -99
  113. data/lib/rex/ole/header.rb +0 -204
  114. data/lib/rex/ole/minifat.rb +0 -77
  115. data/lib/rex/ole/propset.rb +0 -144
  116. data/lib/rex/ole/samples/create_ole.rb +0 -27
  117. data/lib/rex/ole/samples/dir.rb +0 -35
  118. data/lib/rex/ole/samples/dump_stream.rb +0 -34
  119. data/lib/rex/ole/samples/ole_info.rb +0 -23
  120. data/lib/rex/ole/storage.rb +0 -395
  121. data/lib/rex/ole/stream.rb +0 -53
  122. data/lib/rex/ole/substorage.rb +0 -49
  123. data/lib/rex/ole/util.rb +0 -157
  124. data/lib/rex/parser/arguments.rb +0 -97
  125. data/lib/rex/parser/arguments.rb.ut.rb +0 -67
  126. data/lib/rex/parser/ini.rb +0 -185
  127. data/lib/rex/parser/ini.rb.ut.rb +0 -29
  128. data/lib/rex/parser/ip360_aspl_xml.rb +0 -102
  129. data/lib/rex/parser/ip360_xml.rb +0 -93
  130. data/lib/rex/parser/nessus_xml.rb +0 -118
  131. data/lib/rex/parser/netsparker_xml.rb +0 -94
  132. data/lib/rex/parser/nexpose_xml.rb +0 -131
  133. data/lib/rex/parser/nmap_xml.rb +0 -121
  134. data/lib/rex/parser/retina_xml.rb +0 -109
  135. data/lib/rex/payloads.rb +0 -1
  136. data/lib/rex/payloads/win32.rb +0 -2
  137. data/lib/rex/payloads/win32/common.rb +0 -26
  138. data/lib/rex/payloads/win32/kernel.rb +0 -53
  139. data/lib/rex/payloads/win32/kernel/common.rb +0 -54
  140. data/lib/rex/payloads/win32/kernel/migration.rb +0 -12
  141. data/lib/rex/payloads/win32/kernel/recovery.rb +0 -50
  142. data/lib/rex/payloads/win32/kernel/stager.rb +0 -194
  143. data/lib/rex/peparsey.rb +0 -12
  144. data/lib/rex/peparsey/exceptions.rb +0 -32
  145. data/lib/rex/peparsey/pe.rb +0 -212
  146. data/lib/rex/peparsey/pe_memdump.rb +0 -63
  147. data/lib/rex/peparsey/pebase.rb +0 -1680
  148. data/lib/rex/peparsey/section.rb +0 -136
  149. data/lib/rex/pescan.rb +0 -13
  150. data/lib/rex/pescan/analyze.rb +0 -309
  151. data/lib/rex/pescan/scanner.rb +0 -206
  152. data/lib/rex/pescan/search.rb +0 -56
  153. data/lib/rex/platforms.rb +0 -1
  154. data/lib/rex/platforms/windows.rb +0 -51
  155. data/lib/rex/poly.rb +0 -132
  156. data/lib/rex/poly/block.rb +0 -477
  157. data/lib/rex/poly/register.rb +0 -100
  158. data/lib/rex/poly/register/x86.rb +0 -40
  159. data/lib/rex/post.rb +0 -8
  160. data/lib/rex/post/dir.rb +0 -51
  161. data/lib/rex/post/file.rb +0 -172
  162. data/lib/rex/post/file_stat.rb +0 -220
  163. data/lib/rex/post/gen.pl +0 -13
  164. data/lib/rex/post/io.rb +0 -182
  165. data/lib/rex/post/meterpreter.rb +0 -4
  166. data/lib/rex/post/meterpreter/channel.rb +0 -445
  167. data/lib/rex/post/meterpreter/channel_container.rb +0 -54
  168. data/lib/rex/post/meterpreter/channels/pool.rb +0 -160
  169. data/lib/rex/post/meterpreter/channels/pools/file.rb +0 -62
  170. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +0 -103
  171. data/lib/rex/post/meterpreter/channels/stream.rb +0 -87
  172. data/lib/rex/post/meterpreter/client.rb +0 -364
  173. data/lib/rex/post/meterpreter/client_core.rb +0 -274
  174. data/lib/rex/post/meterpreter/dependencies.rb +0 -3
  175. data/lib/rex/post/meterpreter/extension.rb +0 -32
  176. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +0 -58
  177. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +0 -16
  178. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +0 -94
  179. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +0 -21
  180. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +0 -57
  181. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +0 -15
  182. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +0 -118
  183. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +0 -61
  184. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +0 -111
  185. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +0 -28
  186. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +0 -101
  187. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +0 -26
  188. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +0 -333
  189. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +0 -282
  190. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +0 -266
  191. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +0 -103
  192. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +0 -48
  193. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +0 -144
  194. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +0 -73
  195. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +0 -56
  196. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +0 -137
  197. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +0 -180
  198. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +0 -167
  199. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +0 -208
  200. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -6
  201. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +0 -38106
  202. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -31
  203. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +0 -47
  204. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -36
  205. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +0 -1818
  206. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +0 -96
  207. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +0 -3848
  208. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +0 -26
  209. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +0 -153
  210. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +0 -21
  211. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +0 -3169
  212. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +0 -599
  213. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +0 -318
  214. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +0 -100
  215. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -42
  216. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +0 -148
  217. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -127
  218. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +0 -309
  219. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +0 -204
  220. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +0 -51
  221. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +0 -630
  222. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +0 -75
  223. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -103
  224. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +0 -149
  225. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +0 -97
  226. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +0 -192
  227. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +0 -41
  228. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +0 -61
  229. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +0 -370
  230. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +0 -129
  231. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +0 -55
  232. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +0 -336
  233. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +0 -141
  234. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +0 -279
  235. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +0 -193
  236. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +0 -102
  237. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +0 -180
  238. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +0 -211
  239. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +0 -227
  240. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +0 -63
  241. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +0 -30
  242. data/lib/rex/post/meterpreter/object_aliases.rb +0 -83
  243. data/lib/rex/post/meterpreter/packet.rb +0 -688
  244. data/lib/rex/post/meterpreter/packet_dispatcher.rb +0 -431
  245. data/lib/rex/post/meterpreter/packet_parser.rb +0 -94
  246. data/lib/rex/post/meterpreter/packet_response_waiter.rb +0 -83
  247. data/lib/rex/post/meterpreter/ui/console.rb +0 -137
  248. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +0 -62
  249. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +0 -730
  250. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +0 -108
  251. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +0 -241
  252. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +0 -231
  253. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +0 -61
  254. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +0 -98
  255. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +0 -51
  256. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +0 -132
  257. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +0 -187
  258. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +0 -65
  259. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +0 -442
  260. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +0 -298
  261. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +0 -486
  262. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +0 -315
  263. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +0 -157
  264. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +0 -95
  265. data/lib/rex/post/permission.rb +0 -26
  266. data/lib/rex/post/process.rb +0 -57
  267. data/lib/rex/post/thread.rb +0 -57
  268. data/lib/rex/post/ui.rb +0 -52
  269. data/lib/rex/proto.rb +0 -13
  270. data/lib/rex/proto.rb.ts.rb +0 -8
  271. data/lib/rex/proto/dcerpc.rb +0 -6
  272. data/lib/rex/proto/dcerpc.rb.ts.rb +0 -9
  273. data/lib/rex/proto/dcerpc/client.rb +0 -361
  274. data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -491
  275. data/lib/rex/proto/dcerpc/exceptions.rb +0 -150
  276. data/lib/rex/proto/dcerpc/handle.rb +0 -47
  277. data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -85
  278. data/lib/rex/proto/dcerpc/ndr.rb +0 -72
  279. data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -41
  280. data/lib/rex/proto/dcerpc/packet.rb +0 -253
  281. data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -56
  282. data/lib/rex/proto/dcerpc/response.rb +0 -187
  283. data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -15
  284. data/lib/rex/proto/dcerpc/uuid.rb +0 -84
  285. data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -46
  286. data/lib/rex/proto/dhcp.rb +0 -7
  287. data/lib/rex/proto/dhcp/constants.rb +0 -33
  288. data/lib/rex/proto/dhcp/server.rb +0 -292
  289. data/lib/rex/proto/drda.rb +0 -5
  290. data/lib/rex/proto/drda.rb.ts.rb +0 -17
  291. data/lib/rex/proto/drda/constants.rb +0 -49
  292. data/lib/rex/proto/drda/constants.rb.ut.rb +0 -23
  293. data/lib/rex/proto/drda/packet.rb +0 -252
  294. data/lib/rex/proto/drda/packet.rb.ut.rb +0 -109
  295. data/lib/rex/proto/drda/utils.rb +0 -123
  296. data/lib/rex/proto/drda/utils.rb.ut.rb +0 -84
  297. data/lib/rex/proto/http.rb +0 -5
  298. data/lib/rex/proto/http.rb.ts.rb +0 -12
  299. data/lib/rex/proto/http/client.rb +0 -821
  300. data/lib/rex/proto/http/client.rb.ut.rb +0 -95
  301. data/lib/rex/proto/http/handler.rb +0 -46
  302. data/lib/rex/proto/http/handler/erb.rb +0 -128
  303. data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -21
  304. data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
  305. data/lib/rex/proto/http/handler/proc.rb +0 -60
  306. data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -24
  307. data/lib/rex/proto/http/header.rb +0 -161
  308. data/lib/rex/proto/http/header.rb.ut.rb +0 -46
  309. data/lib/rex/proto/http/packet.rb +0 -407
  310. data/lib/rex/proto/http/packet.rb.ut.rb +0 -165
  311. data/lib/rex/proto/http/request.rb +0 -356
  312. data/lib/rex/proto/http/request.rb.ut.rb +0 -214
  313. data/lib/rex/proto/http/response.rb +0 -90
  314. data/lib/rex/proto/http/response.rb.ut.rb +0 -149
  315. data/lib/rex/proto/http/server.rb +0 -369
  316. data/lib/rex/proto/http/server.rb.ut.rb +0 -79
  317. data/lib/rex/proto/ntlm.rb +0 -7
  318. data/lib/rex/proto/ntlm.rb.ut.rb +0 -177
  319. data/lib/rex/proto/ntlm/base.rb +0 -326
  320. data/lib/rex/proto/ntlm/constants.rb +0 -74
  321. data/lib/rex/proto/ntlm/crypt.rb +0 -415
  322. data/lib/rex/proto/ntlm/exceptions.rb +0 -9
  323. data/lib/rex/proto/ntlm/message.rb +0 -533
  324. data/lib/rex/proto/ntlm/utils.rb +0 -763
  325. data/lib/rex/proto/proxy/socks4a.rb +0 -440
  326. data/lib/rex/proto/rfb.rb +0 -19
  327. data/lib/rex/proto/rfb.rb.ut.rb +0 -37
  328. data/lib/rex/proto/rfb/cipher.rb +0 -84
  329. data/lib/rex/proto/rfb/client.rb +0 -207
  330. data/lib/rex/proto/rfb/constants.rb +0 -52
  331. data/lib/rex/proto/smb.rb +0 -7
  332. data/lib/rex/proto/smb.rb.ts.rb +0 -8
  333. data/lib/rex/proto/smb/client.rb +0 -1952
  334. data/lib/rex/proto/smb/client.rb.ut.rb +0 -223
  335. data/lib/rex/proto/smb/constants.rb +0 -1047
  336. data/lib/rex/proto/smb/constants.rb.ut.rb +0 -18
  337. data/lib/rex/proto/smb/crypt.rb +0 -36
  338. data/lib/rex/proto/smb/evasions.rb +0 -66
  339. data/lib/rex/proto/smb/exceptions.rb +0 -858
  340. data/lib/rex/proto/smb/simpleclient.rb +0 -306
  341. data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -128
  342. data/lib/rex/proto/smb/utils.rb +0 -103
  343. data/lib/rex/proto/smb/utils.rb.ut.rb +0 -20
  344. data/lib/rex/proto/sunrpc.rb +0 -1
  345. data/lib/rex/proto/sunrpc/client.rb +0 -195
  346. data/lib/rex/proto/tftp.rb +0 -12
  347. data/lib/rex/proto/tftp/constants.rb +0 -39
  348. data/lib/rex/proto/tftp/server.rb +0 -497
  349. data/lib/rex/proto/tftp/server.rb.ut.rb +0 -28
  350. data/lib/rex/script.rb +0 -42
  351. data/lib/rex/script/base.rb +0 -59
  352. data/lib/rex/script/meterpreter.rb +0 -15
  353. data/lib/rex/script/shell.rb +0 -9
  354. data/lib/rex/service.rb +0 -48
  355. data/lib/rex/service_manager.rb +0 -141
  356. data/lib/rex/service_manager.rb.ut.rb +0 -32
  357. data/lib/rex/services/local_relay.rb +0 -423
  358. data/lib/rex/socket.rb +0 -684
  359. data/lib/rex/socket.rb.ut.rb +0 -107
  360. data/lib/rex/socket/comm.rb +0 -119
  361. data/lib/rex/socket/comm/local.rb +0 -412
  362. data/lib/rex/socket/comm/local.rb.ut.rb +0 -75
  363. data/lib/rex/socket/ip.rb +0 -130
  364. data/lib/rex/socket/parameters.rb +0 -345
  365. data/lib/rex/socket/parameters.rb.ut.rb +0 -51
  366. data/lib/rex/socket/range_walker.rb +0 -346
  367. data/lib/rex/socket/range_walker.rb.ut.rb +0 -55
  368. data/lib/rex/socket/ssl_tcp.rb +0 -184
  369. data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -39
  370. data/lib/rex/socket/ssl_tcp_server.rb +0 -122
  371. data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -61
  372. data/lib/rex/socket/subnet_walker.rb +0 -75
  373. data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -28
  374. data/lib/rex/socket/switch_board.rb +0 -278
  375. data/lib/rex/socket/switch_board.rb.ut.rb +0 -52
  376. data/lib/rex/socket/tcp.rb +0 -76
  377. data/lib/rex/socket/tcp.rb.ut.rb +0 -64
  378. data/lib/rex/socket/tcp_server.rb +0 -67
  379. data/lib/rex/socket/tcp_server.rb.ut.rb +0 -44
  380. data/lib/rex/socket/udp.rb +0 -164
  381. data/lib/rex/socket/udp.rb.ut.rb +0 -44
  382. data/lib/rex/struct2.rb +0 -5
  383. data/lib/rex/struct2/c_struct.rb +0 -181
  384. data/lib/rex/struct2/c_struct_template.rb +0 -39
  385. data/lib/rex/struct2/constant.rb +0 -26
  386. data/lib/rex/struct2/element.rb +0 -44
  387. data/lib/rex/struct2/generic.rb +0 -73
  388. data/lib/rex/struct2/restraint.rb +0 -54
  389. data/lib/rex/struct2/s_string.rb +0 -72
  390. data/lib/rex/struct2/s_struct.rb +0 -111
  391. data/lib/rex/sync.rb +0 -6
  392. data/lib/rex/sync/event.rb +0 -94
  393. data/lib/rex/sync/read_write_lock.rb +0 -176
  394. data/lib/rex/sync/ref.rb +0 -57
  395. data/lib/rex/sync/thread_safe.rb +0 -82
  396. data/lib/rex/test.rb +0 -35
  397. data/lib/rex/text.rb +0 -1149
  398. data/lib/rex/text.rb.ut.rb +0 -190
  399. data/lib/rex/thread_factory.rb +0 -42
  400. data/lib/rex/time.rb +0 -65
  401. data/lib/rex/transformer.rb +0 -115
  402. data/lib/rex/transformer.rb.ut.rb +0 -38
  403. data/lib/rex/ui.rb +0 -21
  404. data/lib/rex/ui/interactive.rb +0 -254
  405. data/lib/rex/ui/output.rb +0 -78
  406. data/lib/rex/ui/output/none.rb +0 -18
  407. data/lib/rex/ui/progress_tracker.rb +0 -96
  408. data/lib/rex/ui/subscriber.rb +0 -149
  409. data/lib/rex/ui/text/color.rb +0 -97
  410. data/lib/rex/ui/text/color.rb.ut.rb +0 -18
  411. data/lib/rex/ui/text/dispatcher_shell.rb +0 -467
  412. data/lib/rex/ui/text/input.rb +0 -117
  413. data/lib/rex/ui/text/input/buffer.rb +0 -75
  414. data/lib/rex/ui/text/input/readline.rb +0 -129
  415. data/lib/rex/ui/text/input/socket.rb +0 -95
  416. data/lib/rex/ui/text/input/stdio.rb +0 -45
  417. data/lib/rex/ui/text/irb_shell.rb +0 -57
  418. data/lib/rex/ui/text/output.rb +0 -80
  419. data/lib/rex/ui/text/output/buffer.rb +0 -61
  420. data/lib/rex/ui/text/output/file.rb +0 -43
  421. data/lib/rex/ui/text/output/socket.rb +0 -43
  422. data/lib/rex/ui/text/output/stdio.rb +0 -40
  423. data/lib/rex/ui/text/progress_tracker.rb +0 -56
  424. data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -34
  425. data/lib/rex/ui/text/shell.rb +0 -328
  426. data/lib/rex/ui/text/table.rb +0 -279
  427. data/lib/rex/ui/text/table.rb.ut.rb +0 -55
  428. data/lib/rex/zip.rb +0 -93
  429. data/lib/rex/zip/archive.rb +0 -184
  430. data/lib/rex/zip/blocks.rb +0 -182
  431. data/lib/rex/zip/entry.rb +0 -104
  432. data/lib/rex/zip/samples/comment.rb +0 -32
  433. data/lib/rex/zip/samples/mkwar.rb +0 -138
  434. data/lib/rex/zip/samples/mkzip.rb +0 -19
  435. data/lib/rex/zip/samples/recursive.rb +0 -58
@@ -1,763 +0,0 @@
1
- require 'rex/proto/ntlm/constants'
2
- require 'rex/proto/ntlm/crypt'
3
-
4
- module Rex
5
- module Proto
6
- module NTLM
7
- class Utils
8
-
9
- CONST = Rex::Proto::NTLM::Constants
10
- CRYPT = Rex::Proto::NTLM::Crypt
11
-
12
- #duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
13
- # Convert a unix timestamp to a 64-bit signed server time
14
- def self.time_unix_to_smb(unix_time)
15
- t64 = (unix_time + 11644473600) * 10000000
16
- thi = (t64 & 0xffffffff00000000) >> 32
17
- tlo = (t64 & 0x00000000ffffffff)
18
- return [thi, tlo]
19
- end
20
-
21
- # Determine whether the password is a known hash format
22
- def self.is_pass_ntlm_hash?(str)
23
- str.downcase =~ /^[0-9a-f]{32}:[0-9a-f]{32}$/
24
- end
25
-
26
- #
27
- # Prepends an ASN1 formatted length field to a piece of data
28
- #
29
- def self.asn1encode(str = '')
30
- res = ''
31
-
32
- # If the high bit of the first byte is 1, it contains the number of
33
- # length bytes that follow
34
-
35
- case str.length
36
- when 0 .. 0x7F
37
- res = [str.length].pack('C') + str
38
- when 0x80 .. 0xFF
39
- res = [0x81, str.length].pack('CC') + str
40
- when 0x100 .. 0xFFFF
41
- res = [0x82, str.length].pack('Cn') + str
42
- when 0x10000 .. 0xffffff
43
- res = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
44
- when 0x1000000 .. 0xffffffff
45
- res = [0x84, str.length].pack('CN') + str
46
- else
47
- raise "ASN1 str too long"
48
- end
49
- return res
50
- end
51
-
52
- # GSS functions
53
-
54
- # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
55
- # mechTypes: 2 items :
56
- # -MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
57
- # -MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
58
- #
59
- # this is the default on Win7
60
- def self.make_simple_negotiate_secblob_resp
61
- blob =
62
- "\x60" + self.asn1encode(
63
- "\x06" + self.asn1encode(
64
- "\x2b\x06\x01\x05\x05\x02"
65
- ) +
66
- "\xa0" + self.asn1encode(
67
- "\x30" + self.asn1encode(
68
- "\xa0" + self.asn1encode(
69
- "\x30" + self.asn1encode(
70
- "\x06" + self.asn1encode(
71
- "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
72
- )
73
- )
74
- )
75
- )
76
- )
77
- )
78
-
79
- return blob
80
- end
81
-
82
- # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
83
- # mechTypes: 4 items :
84
- # MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
85
- # MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
86
- # MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
87
- # MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
88
- # mechListMIC:
89
- # principal: account@domain
90
- def self.make_negotiate_secblob_resp(account, domain)
91
- blob =
92
- "\x60" + self.asn1encode(
93
- "\x06" + self.asn1encode(
94
- "\x2b\x06\x01\x05\x05\x02"
95
- ) +
96
- "\xa0" + self.asn1encode(
97
- "\x30" + self.asn1encode(
98
- "\xa0" + self.asn1encode(
99
- "\x30" + self.asn1encode(
100
- "\x06" + self.asn1encode(
101
- "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"
102
- ) +
103
- "\x06" + self.asn1encode(
104
- "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
105
- ) +
106
- "\x06" + self.asn1encode(
107
- "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
108
- ) +
109
- "\x06" + self.asn1encode(
110
- "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
111
- )
112
- )
113
- ) +
114
- "\xa3" + self.asn1encode(
115
- "\x30" + self.asn1encode(
116
- "\xa0" + self.asn1encode(
117
- "\x1b" + self.asn1encode(
118
- account + '@' + domain
119
- )
120
- )
121
- )
122
- )
123
- )
124
- )
125
- )
126
-
127
- return blob
128
- end
129
-
130
- # BLOB without GSS usefull for ntlmssp type 1 message
131
- def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
132
- blob = "NTLMSSP\x00" +
133
- [1, flags].pack('VV') +
134
-
135
- [
136
- domain.length, #length
137
- domain.length, #max length
138
- 32
139
- ].pack('vvV') +
140
-
141
- [
142
- name.length, #length
143
- name.length, #max length
144
- domain.length + 32
145
- ].pack('vvV') +
146
-
147
- domain + name
148
- return blob
149
- end
150
-
151
- # GSS BLOB usefull for ntlmssp type 1 message
152
- def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
153
- blob =
154
- "\x60" + self.asn1encode(
155
- "\x06" + self.asn1encode(
156
- "\x2b\x06\x01\x05\x05\x02"
157
- ) +
158
- "\xa0" + self.asn1encode(
159
- "\x30" + self.asn1encode(
160
- "\xa0" + self.asn1encode(
161
- "\x30" + self.asn1encode(
162
- "\x06" + self.asn1encode(
163
- "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
164
- )
165
- )
166
- ) +
167
- "\xa2" + self.asn1encode(
168
- "\x04" + self.asn1encode(
169
- make_ntlmssp_blob_init(domain, name, flags)
170
- )
171
- )
172
- )
173
- )
174
- )
175
-
176
- return blob
177
- end
178
-
179
-
180
- # BLOB without GSS usefull for ntlm type 2 message
181
- def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
182
-
183
- addr_list = ''
184
- addr_list << [2, win_domain.length].pack('vv') + win_domain
185
- addr_list << [1, win_name.length].pack('vv') + win_name
186
- addr_list << [4, dns_domain.length].pack('vv') + dns_domain
187
- addr_list << [3, dns_name.length].pack('vv') + dns_name
188
- addr_list << [0, 0].pack('vv')
189
-
190
- ptr = 0
191
- blob = "NTLMSSP\x00" +
192
- [2].pack('V') +
193
- [
194
- win_domain.length, # length
195
- win_domain.length, # max length
196
- (ptr += 48) # offset
197
- ].pack('vvV') +
198
- [ flags ].pack('V') +
199
- chall +
200
- "\x00\x00\x00\x00\x00\x00\x00\x00" +
201
- [
202
- addr_list.length, # length
203
- addr_list.length, # max length
204
- (ptr += win_domain.length)
205
- ].pack('vvV') +
206
- win_domain +
207
- addr_list
208
- return blob
209
- end
210
-
211
- # GSS BLOB usefull for ntlmssp type 2 message
212
- def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
213
-
214
- blob =
215
- "\xa1" + self.asn1encode(
216
- "\x30" + self.asn1encode(
217
- "\xa0" + self.asn1encode(
218
- "\x0a" + self.asn1encode(
219
- "\x01"
220
- )
221
- ) +
222
- "\xa1" + self.asn1encode(
223
- "\x06" + self.asn1encode(
224
- "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
225
- )
226
- ) +
227
- "\xa2" + self.asn1encode(
228
- "\x04" + self.asn1encode(
229
- make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
230
- )
231
- )
232
- )
233
- )
234
-
235
- return blob
236
- end
237
-
238
- # BLOB without GSS Usefull for ntlmssp type 3 message
239
- def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
240
- lm ||= "\x00" * 24
241
- ntlm ||= "\x00" * 24
242
-
243
- domain_uni = Rex::Text.to_unicode(domain)
244
- user_uni = Rex::Text.to_unicode(user)
245
- name_uni = Rex::Text.to_unicode(name)
246
- session = enc_session_key
247
-
248
- ptr = 64
249
-
250
- blob = "NTLMSSP\x00" +
251
- [ 3 ].pack('V') +
252
-
253
- [ # Lan Manager Response
254
- lm.length,
255
- lm.length,
256
- (ptr)
257
- ].pack('vvV') +
258
-
259
- [ # NTLM Manager Response
260
- ntlm.length,
261
- ntlm.length,
262
- (ptr += lm.length)
263
- ].pack('vvV') +
264
-
265
- [ # Domain Name
266
- domain_uni.length,
267
- domain_uni.length,
268
- (ptr += ntlm.length)
269
- ].pack('vvV') +
270
-
271
- [ # Username
272
- user_uni.length,
273
- user_uni.length,
274
- (ptr += domain_uni.length)
275
- ].pack('vvV') +
276
-
277
- [ # Hostname
278
- name_uni.length,
279
- name_uni.length,
280
- (ptr += user_uni.length)
281
- ].pack('vvV') +
282
-
283
- [ # Session Key (none)
284
- session.length,
285
- session.length,
286
- (ptr += name_uni.length)
287
- ].pack('vvV') +
288
-
289
- [ flags ].pack('V') +
290
-
291
- lm +
292
- ntlm +
293
- domain_uni +
294
- user_uni +
295
- name_uni +
296
- session + "\x00"
297
- return blob
298
-
299
- end
300
-
301
- # GSS BLOB Usefull for ntlmssp type 3 message
302
- def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
303
-
304
- blob =
305
- "\xa1" + self.asn1encode(
306
- "\x30" + self.asn1encode(
307
- "\xa2" + self.asn1encode(
308
- "\x04" + self.asn1encode(
309
- make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags )
310
- )
311
- )
312
- )
313
- )
314
- return blob
315
- end
316
-
317
-
318
- # GSS BLOB Usefull for SMB Success
319
- def self.make_ntlmv2_secblob_success
320
- blob =
321
- "\xa1" + self.asn1encode(
322
- "\x30" + self.asn1encode(
323
- "\xa0" + self.asn1encode(
324
- "\x0a" + self.asn1encode(
325
- "\x00"
326
- )
327
- )
328
- )
329
- )
330
- return blob
331
- end
332
-
333
- # Return the correct ntlmflags upon the configuration
334
- def self.make_ntlm_flags(opt = {})
335
-
336
- signing = opt[:signing] != nil ? opt[:signing] : false
337
- usentlm2_session = opt[:usentlm2_session] != nil ? opt[:usentlm2_session] : true
338
- use_ntlmv2 = opt[:use_ntlmv2] != nil ? opt[:use_ntlmv2] : false
339
- send_lm = opt[:send_lm] != nil ? opt[:send_lm] : true
340
- send_ntlm = opt[:send_ntlm] != nil ? opt[:send_ntlm] : true
341
- use_lanman_key = opt[:use_lanman_key] != nil ? opt[:use_lanman_key] : false
342
-
343
- if signing
344
- ntlmssp_flags = 0xe2088215
345
- else
346
-
347
- ntlmssp_flags = 0xa2080205
348
- end
349
-
350
- if usentlm2_session
351
- if use_ntlmv2
352
- #set Negotiate Target Info
353
- ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
354
- end
355
-
356
- else
357
- #remove the ntlm2_session flag
358
- ntlmssp_flags &= 0xfff7ffff
359
- #set lanmanflag only when lm and ntlm are sent
360
- if send_lm
361
- ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
362
- end
363
- end
364
-
365
- #we can also downgrade ntlm2_session when we send only lmv1
366
- ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
367
-
368
- return ntlmssp_flags
369
- end
370
-
371
-
372
- # Parse an ntlm type 2 challenge blob and return usefull data
373
- def self.parse_ntlm_type_2_blob(blob)
374
- data = {}
375
- # Extract the NTLM challenge key the lazy way
376
- cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
377
-
378
- if not cidx
379
- raise XCEPT::NTLM2MissingChallenge
380
- end
381
-
382
- data[:challenge_key] = blob[cidx + 24, 8]
383
-
384
- data[:server_ntlmssp_flags] = blob[cidx + 20, 4].unpack("V")[0]
385
-
386
- # Extract the address list from the blob
387
- alist_len,alist_mlen,alist_off = blob[cidx + 40, 8].unpack("vvV")
388
- alist_buf = blob[cidx + alist_off, alist_len]
389
-
390
- while(alist_buf.length > 0)
391
- atype, alen = alist_buf.slice!(0,4).unpack('vv')
392
- break if atype == 0x00
393
- addr = alist_buf.slice!(0, alen)
394
- case atype
395
- when 1
396
- #netbios name
397
- data[:default_name] = addr.gsub("\x00", '')
398
- when 2
399
- #netbios domain
400
- data[:default_domain] = addr.gsub("\x00", '')
401
- when 3
402
- #dns name
403
- data[:dns_host_name] = addr.gsub("\x00", '')
404
- when 4
405
- #dns domain
406
- data[:dns_domain_name] = addr.gsub("\x00", '')
407
- when 5
408
- #The FQDN of the forest.
409
- when 6
410
- #A 32-bit value indicating server or client configuration
411
- when 7
412
- #Client time
413
- data[:chall_MsvAvTimestamp] = addr
414
- when 8
415
- #A Restriction_Encoding structure
416
- when 9
417
- #The SPN of the target server.
418
- when 10
419
- #A channel bindings hash.
420
- end
421
- end
422
- return data
423
- end
424
-
425
- # This function return an ntlmv2 client challenge
426
- # This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
427
- def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
428
- client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
429
-
430
- client_challenge ||= Rex::Text.rand_text(8)
431
- # We have to set the timestamps here to the one in the challenge message from server if present
432
- # If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
433
- timestamp = chall_MsvAvTimestamp != '' ? chall_MsvAvTimestamp : self.time_unix_to_smb(Time.now.to_i).reverse.pack("VV")
434
- # Make those values unicode as requested
435
- win_domain = Rex::Text.to_unicode(win_domain)
436
- win_name = Rex::Text.to_unicode(win_name)
437
- dns_domain = Rex::Text.to_unicode(dns_domain)
438
- dns_name = Rex::Text.to_unicode(dns_name)
439
- # Make the AV_PAIRs
440
- addr_list = ''
441
- addr_list << [2, win_domain.length].pack('vv') + win_domain
442
- addr_list << [1, win_name.length].pack('vv') + win_name
443
- addr_list << [4, dns_domain.length].pack('vv') + dns_domain
444
- addr_list << [3, dns_name.length].pack('vv') + dns_name
445
- addr_list << [7, 8].pack('vv') + timestamp
446
-
447
- # Windows Seven / 2008r2 Request this type if in local security policies,
448
- # Microsoft network server : Server SPN target name validation level is set to <Required from client>
449
- # otherwise it send an STATUS_ACCESS_DENIED packet
450
- if spnopt[:use_spn]
451
- spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
452
- addr_list << [9, spn.length].pack('vv') + spn
453
- end
454
-
455
- # MAY BE USEFUL FOR FUTURE
456
- # Seven (client) add at least one more av that is of type MsAvRestrictions (8)
457
- # maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
458
- # restriction_encoding = [48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
459
- # Rex::Text.rand_text(32) # MachineId generated on startup on win7 and above
460
- # addr_list << [8, restriction_encoding.length].pack('vv') + restriction_encoding
461
-
462
- # Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
463
- # addr_list << [10, 16].pack('vv') + "\x00" * 16
464
-
465
-
466
- addr_list << [0, 0].pack('vv')
467
- ntlm_clientchallenge = [1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
468
- timestamp + #Timestamp
469
- client_challenge + #clientchallenge
470
- [0].pack("V") + #Reserved3
471
- addr_list + "\x00" * 4
472
-
473
- end
474
-
475
- # create lm/ntlm responses
476
- def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
477
- dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
478
-
479
- usentlm2_session = opt[:usentlm2_session] != nil ? opt[:usentlm2_session] : true
480
- use_ntlmv2 = opt[:use_ntlmv2] != nil ? opt[:use_ntlmv2] : false
481
- send_lm = opt[:send_lm] != nil ? opt[:send_lm] : true
482
- send_ntlm = opt[:send_ntlm] != nil ? opt[:send_ntlm] : true
483
-
484
- #calculate the lm/ntlm response
485
- resp_lm = "\x00" * 24
486
- resp_ntlm = "\x00" * 24
487
-
488
- client_challenge = Rex::Text.rand_text(8)
489
- ntlm_cli_challenge = ''
490
- if send_ntlm #should be default
491
- if usentlm2_session
492
- if use_ntlmv2
493
- ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
494
- dns_host_name,client_challenge ,
495
- chall_MsvAvTimestamp, spnopt)
496
- if self.is_pass_ntlm_hash?(pass)
497
- argntlm = {
498
- :ntlmv2_hash => CRYPT::ntlmv2_hash(
499
- user,
500
- [ pass.upcase()[33,65] ].pack('H32'),
501
- domain,{:pass_is_hash => true}
502
- ),
503
- :challenge => challenge_key
504
- }
505
- else
506
- argntlm = {
507
- :ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain),
508
- :challenge => challenge_key
509
- }
510
- end
511
-
512
- optntlm = { :nt_client_challenge => ntlm_cli_challenge}
513
- ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
514
- resp_ntlm = ntlmv2_response
515
-
516
- if send_lm
517
- if self.is_pass_ntlm_hash?(pass)
518
- arglm = {
519
- :ntlmv2_hash => CRYPT::ntlmv2_hash(
520
- user,
521
- [ pass.upcase()[33,65] ].pack('H32'),
522
- domain,{:pass_is_hash => true}
523
- ),
524
- :challenge => challenge_key
525
- }
526
- else
527
- arglm = {
528
- :ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
529
- :challenge => challenge_key
530
- }
531
- end
532
-
533
- optlm = { :client_challenge => client_challenge }
534
- resp_lm = CRYPT::lmv2_response(arglm, optlm)
535
- else
536
- resp_lm = "\x00" * 24
537
- end
538
-
539
- else # ntlm2_session
540
- if self.is_pass_ntlm_hash?(pass)
541
- argntlm = {
542
- :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
543
- :challenge => challenge_key
544
- }
545
- else
546
- argntlm = {
547
- :ntlm_hash => CRYPT::ntlm_hash(pass),
548
- :challenge => challenge_key
549
- }
550
- end
551
-
552
- optntlm = { :client_challenge => client_challenge}
553
- resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
554
-
555
- # Generate the fake LANMAN hash
556
- resp_lm = client_challenge + ("\x00" * 16)
557
- end
558
-
559
- else # we use lmv1/ntlmv1
560
- if self.is_pass_ntlm_hash?(pass)
561
- argntlm = {
562
- :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
563
- :challenge => challenge_key
564
- }
565
- else
566
- argntlm = {
567
- :ntlm_hash => CRYPT::ntlm_hash(pass),
568
- :challenge => challenge_key
569
- }
570
- end
571
-
572
- resp_ntlm = CRYPT::ntlm_response(argntlm)
573
- if send_lm
574
- if self.is_pass_ntlm_hash?(pass)
575
- arglm = {
576
- :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
577
- :challenge => challenge_key
578
- }
579
- else
580
- arglm = {
581
- :lm_hash => CRYPT::lm_hash(pass),
582
- :challenge => challenge_key
583
- }
584
- end
585
- resp_lm = CRYPT::lm_response(arglm)
586
- else
587
- #when windows does not send lm in ntlmv1 type response,
588
- # it gives lm response the same value as ntlm response
589
- resp_lm = resp_ntlm
590
- end
591
- end
592
- else #send_ntlm = false
593
- #lmv2
594
- if usentlm2_session && use_ntlmv2
595
- if self.is_pass_ntlm_hash?(pass)
596
- arglm = {
597
- :ntlmv2_hash => CRYPT::ntlmv2_hash(
598
- user,
599
- [ pass.upcase()[33,65] ].pack('H32'),
600
- domain,{:pass_is_hash => true}
601
- ),
602
- :challenge => challenge_key
603
- }
604
- else
605
- arglm = {
606
- :ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
607
- :challenge => challenge_key
608
- }
609
- end
610
- optlm = { :client_challenge => client_challenge }
611
- resp_lm = CRYPT::lmv2_response(arglm, optlm)
612
- else
613
- if self.is_pass_ntlm_hash?(pass)
614
- arglm = {
615
- :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
616
- :challenge => challenge_key
617
- }
618
- else
619
- arglm = {
620
- :lm_hash => CRYPT::lm_hash(pass),
621
- :challenge => challenge_key
622
- }
623
- end
624
- resp_lm = CRYPT::lm_response(arglm)
625
- end
626
- resp_ntlm = ""
627
- end
628
- return resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge
629
- end
630
-
631
- # create the session key
632
- def self.create_session_key(server_ntlmssp_flags, user, pass, domain, challenge_key,
633
- client_challenge = '', ntlm_cli_challenge = '' , opt = {} )
634
-
635
- usentlm2_session = opt[:usentlm2_session] != nil ? opt[:usentlm2_session] : true
636
- use_ntlmv2 = opt[:use_ntlmv2] != nil ? opt[:use_ntlmv2] : false
637
- send_lm = opt[:send_lm] != nil ? opt[:send_lm] : true
638
- send_ntlm = opt[:send_ntlm] != nil ? opt[:send_ntlm] : true
639
- use_lanman_key = opt[:use_lanman_key] != nil ? opt[:use_lanman_key] : false
640
-
641
- # Create the sessionkey (aka signing key, aka mackey) and encrypted session key
642
- # Server will decide for key_size and key_exchange
643
- enc_session_key = ''
644
- signing_key = ''
645
-
646
- # Set default key size and key exchange values
647
- key_size = 40
648
- key_exchange = false
649
- # Remove ntlmssp.negotiate56
650
- ntlmssp_flags &= 0x7fffffff
651
- # Remove ntlmssp.negotiatekeyexch
652
- ntlmssp_flags &= 0xbfffffff
653
- # Remove ntlmssp.negotiate128
654
- ntlmssp_flags &= 0xdfffffff
655
- # Check the keyexchange
656
- if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
657
- key_exchange = true
658
- ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
659
- end
660
- # Check 128bits
661
- if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
662
- key_size = 128
663
- ntlmssp_flags |= CONST::NEGOTIATE_128
664
- ntlmssp_flags |= CONST::NEGOTIATE_56
665
- # Check 56bits
666
- else
667
- if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
668
- key_size = 56
669
- ntlmssp_flags |= CONST::NEGOTIATE_56
670
- end
671
- end
672
-
673
- # Generate the user session key
674
- lanman_weak = false
675
- if send_ntlm # Should be default
676
- if usentlm2_session
677
- if use_ntlmv2
678
- if self.is_pass_ntlm_hash?(pass)
679
- user_session_key = CRYPT::ntlmv2_user_session_key(user,
680
- [ pass.upcase()[33,65] ].pack('H32'),
681
- domain,
682
- challenge_key, ntlm_cli_challenge,
683
- {:pass_is_hash => true})
684
- else
685
- user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
686
- challenge_key, ntlm_cli_challenge)
687
- end
688
- else
689
- if self.is_pass_ntlm_hash?(pass)
690
- user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
691
- challenge_key,
692
- client_challenge,
693
- {:pass_is_hash => true})
694
- else
695
- user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
696
- client_challenge)
697
- end
698
- end
699
- else # lmv1/ntlmv1
700
- # lanman_key may also be used without ntlm response but it is not so much used
701
- # so we don't care about this feature
702
- if send_lm && use_lanman_key
703
- if self.is_pass_ntlm_hash?(pass)
704
- user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
705
- challenge_key,
706
- {:pass_is_hash => true})
707
- else
708
- user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
709
- end
710
- lanman_weak = true
711
-
712
-
713
- else
714
- if self.is_pass_ntlm_hash?(pass)
715
- user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
716
- {:pass_is_hash => true})
717
- else
718
- user_session_key = CRYPT::ntlmv1_user_session_key(pass)
719
- end
720
- end
721
- end
722
- else
723
- if usentlm2_session && use_ntlmv2
724
- if self.is_pass_ntlm_hash?(pass)
725
- user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
726
- domain,
727
- challenge_key, client_challenge,
728
- {:pass_is_hash => true})
729
- else
730
- user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
731
- challenge_key, client_challenge)
732
- end
733
- else
734
- if self.is_pass_ntlm_hash?(pass)
735
- user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
736
- {:pass_is_hash => true})
737
- else
738
- user_session_key = CRYPT::lmv1_user_session_key(pass)
739
- end
740
- end
741
- end
742
-
743
- user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
744
-
745
- # Sessionkey and encrypted session key
746
- if key_exchange
747
- signing_key = Rex::Text.rand_text(16)
748
- enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
749
- else
750
- signing_key = user_session_key
751
- end
752
-
753
- return signing_key, enc_session_key
754
-
755
-
756
- end
757
-
758
-
759
-
760
- end
761
- end
762
- end
763
- end