librex 0.0.19 → 0.0.20

data/lib/rex/machscan.rb

@@ -1,9 +0,0 @@
-#!/usr/bin/env ruby
-
-module Rex
-module MachScan
-
-end
-end
-
-require 'rex/machscan/scanner'

data/lib/rex/machscan/scanner.rb

@@ -1,217 +0,0 @@
-#!/usr/bin/env ruby
-
-module Rex
-module MachScan
-module Scanner
-class Generic
-
-	attr_accessor :mach, :fat, :regex
-
-	def initialize(binary)
-		if binary.class == Rex::MachParsey::Mach
-			self.mach = binary
-		else
-			self.fat = binary
-		end
-	end
-
-	def config(param)
-	end
-
-	def scan(param)
-			config(param)
-
-			$stdout.puts "[#{param['file']}]"
-
-			if !self.mach
-				for mach in fat.machos
-					if mach.mach_header.cputype == 0x7 #since we only support intel for the time being its all we process
-						self.mach = mach
-					end
-				end
-			end
-
-			self.mach.segments.each do |segment|
-				if segment.segname.include? "__TEXT"
-					scan_segment(segment, param).each do |hit|
-						vaddr  = hit[0]
-						message  = hit[1].is_a?(Array) ? hit[1].join(" ") : hit[1]
-						$stdout.puts self.mach.ptr_s(vaddr - self.mach.fat_offset) + " " + message
-					end
-				end
-			end
-
-	end
-
-	def scan_segment(segment, param={})
-		[]
-	end
-end
-
-class JmpRegScanner < Generic
-
-	def config(param)
-		regnums = param['args']
-
-		# build a list of the call bytes
-		calls  = _build_byte_list(0xd0, regnums - [4]) # note call esp's don't work..
-		jmps   = _build_byte_list(0xe0, regnums)
-		pushs1 = _build_byte_list(0x50, regnums)
-		pushs2 = _build_byte_list(0xf0, regnums)
-
-		regexstr = '('
-		if !calls.empty?
-				regexstr += "\xff[#{calls}]|"
-		end
-
-		regexstr += "\xff[#{jmps}]|([#{pushs1}]|\xff[#{pushs2}])(\xc3|\xc2..))"
-
-		self.regex = Regexp.new(regexstr, nil, 'n')
-	end
-
-	# build a list for regex of the possible bytes, based on a base
-	# byte and a list of register numbers..
-	def _build_byte_list(base, regnums)
-		regnums.collect { |regnum| Regexp.escape((base | regnum).chr) }.join('')
-	end
-
-	def _ret_size(offset)
-		case mach.read(offset, 1)
-		when "\xc3"
-				return 1
-		when "\xc2"
-				return 3
-		end
-		$stderr.puts("Invalid return instruction")
-	end
-
-	def _parse_ret(data)
-		if data.length == 1
-			return "ret"
-		else
-			return "retn 0x%04x" % data[1, 2].unpack('v')[0]
-		end
-	end
-
-	def scan_segment(segment, param={})
-		base_addr = segment.vmaddr
-		segment_offset = segment.fileoff
-		offset = segment_offset
-
-		hits = []
-
-		while (offset = mach.index(regex, offset)) != nil
-
-			vaddr = base_addr + (offset - segment_offset)
-			message = ''
-
-			parse_ret = false
-
-			byte1 = mach.read(offset, 1).unpack("C*")[0]
-
-			if byte1 == 0xff
-				byte2   = mach.read(offset+1, 1).unpack("C*")[0]
-				regname = Rex::Arch::X86.reg_name32(byte2 & 0x7)
-
-				case byte2 & 0xf8
-				when 0xd0
-						message = "call #{regname}"
-						offset += 2
-				when 0xe0
-						message = "jmp #{regname}"
-						offset += 2
-				when 0xf0
-						retsize = _ret_size(offset+2)
-						message = "push #{regname}; " + _parse_ret(mach.read(offset+2, retsize))
-						offset += 2 + retsize
-				else
-						raise "wtf"
-				end
-			else
-				regname = Rex::Arch::X86.reg_name32(byte1 & 0x7)
-				retsize = _ret_size(offset+1)
-				message = "push #{regname}; " + _parse_ret(mach.read(offset+1, retsize))
-				offset += 1 + retsize
-			end
-
-			hits << [ vaddr, message ]
-		end
-
-		return hits
-	end
-end
-
-class PopPopRetScanner < JmpRegScanner
-
-	def config(param)
-		pops = _build_byte_list(0x58, (0 .. 7).to_a - [4]) # we don't want pop esp's...
-		self.regex = Regexp.new("[#{pops}][#{pops}](\xc3|\xc2..)", nil, 'n')
-	end
-
-	def scan_segment(segment, param={})
-		base_addr = segment.vmaddr
-		segment_offset = segment.fileoff
-		offset = segment_offset
-
-		hits = []
-
-		while offset < segment.fileoff + segment.filesize && (offset = mach.index(regex, offset)) != nil
-
-			vaddr = base_addr + (offset - segment_offset)
-			message = ''
-
-			pops = mach.read(offset, 2)
-			reg1 = Rex::Arch::X86.reg_name32(pops[0,1].unpack("C*")[0] & 0x7)
-			reg2 = Rex::Arch::X86.reg_name32(pops[1,1].unpack("C*")[0] & 0x7)
-
-			message = "pop #{reg1}; pop #{reg2}; "
-
-			retsize = _ret_size(offset+2)
-			message += _parse_ret(mach.read(offset+2, retsize))
-
-			offset += 2 + retsize
-
-			hits << [ vaddr, message ]
-		end
-
-		return hits
-	end
-end
-
-class RegexScanner < JmpRegScanner
-
-	def config(param)
-		self.regex = Regexp.new(param['args'], nil, 'n')
-	end
-
-	def scan_segment(segment, param={})
-		base_addr = segment.vmaddr
-		segment_offset = segment.fileoff
-		offset = segment_offset
-
-		hits = []
-
-		while offset < segment.fileoff + segment.filesize && (offset = mach.index(regex, offset)) != nil
-
-			idx = offset
-			buf = ''
-			mat = nil
-
-			while (! (mat = buf.match(regex)))
-				buf << mach.read(idx, 1)
-				idx += 1
-			end
-
-			vaddr = base_addr + (offset - segment_offset)
-
-			hits << [ vaddr, buf.unpack("H*") ]
-			offset += buf.length
-		end
-		return hits
-	end
-end
-
-end
-end
-end
-

data/lib/rex/mime.rb

@@ -1,9 +0,0 @@
-module Rex
-module MIME
-
-require 'rex/mime/header'
-require 'rex/mime/part'
-require 'rex/mime/message'
-
-end
-end

data/lib/rex/mime/header.rb

@@ -1,77 +0,0 @@
-module Rex
-module MIME
-class Header
-
-	require 'rex/text'
-
-	attr_accessor :headers
-
-	def initialize(data='')
-		self.headers = []
-		parse(data)
-	end
-
-	def parse(data)
-		prev = nil
-		data.gsub("\r", '').split("\n").each do |line|
-
-			# Handle header folding
-			if (line =~ /^\s+/)
-				# Ignore if there is no previous header
-				next if not prev
-				next if not self.headers[prev]
-				self.headers[prev][1] << line.strip
-				next
-			end
-
-			var,val = line.split(':')
-			next if not val
-			self.headers << [ var.to_s.strip, val.to_s.strip ]
-			prev = self.headers.length - 1
-		end
-	end
-
-	def to_s
-		self.headers.map{ |pair| "#{pair[0]}: #{pair[1]}\r\n" }.join
-	end
-
-	def find(idx)
-		if (idx.class == ::Fixnum)
-			return self.headers[idx]
-		else
-			self.headers.each do |pair|
-				if (pair[0] == idx.to_s)
-					return pair
-				end
-			end
-		end
-		nil
-	end
-
-	def set(var, val)
-		hdr = self.find(var) || self.add(var, '')
-		hdr[1] = val
-	end
-
-	def add(var, val)
-		self.headers << [var, val]
-		self.headers[-1]
-	end
-
-	def remove(idx)
-		if (idx.class == ::Fixnum)
-			self.headers.delete_at(idx)
-		else
-			self.headers.each_index do |i|
-				pair = self.headers[i]
-				if (pair[0] == idx.to_s)
-					self.headers.delete_at(i)
-				end
-			end
-		end
-	end
-
-end
-end
-end
-

data/lib/rex/mime/message.rb

@@ -1,144 +0,0 @@
-module Rex
-module MIME
-class Message
-
-	require 'rex/mime/header'
-	require 'rex/mime/part'
-	require 'rex/text'
-
-	attr_accessor :header, :parts, :bound, :content
-
-	def initialize(data=nil)
-		self.header = Rex::MIME::Header.new
-		self.parts  = []
-		self.bound  = "_Part_#{rand(1024)}_#{rand(0xffffffff)}_#{rand(0xffffffff)}"
-		self.content = ''
-		if data
-			head,body = data.split(/\r?\n\r?\n/, 2)
-
-			self.header.parse(head)
-			ctype = self.header.find('Content-Type')
-
-			if ctype and ctype[1] and ctype[1] =~ /multipart\/mixed;\s*boundary=([^\s]+)/
-				self.bound = $1
-
-				chunks = body.to_s.split(/--#{self.bound}(--)?\r?\n/)
-				self.content = chunks.shift.to_s.gsub(/\s+$/, '')
-				self.content << "\r\n" if not self.content.empty?
-
-				chunks.each do |chunk|
-					break if chunk == "--"
-					head,body = chunk.split(/\r?\n\r?\n/, 2)
-					part = Rex::MIME::Part.new
-					part.header.parse(head)
-					part.content = body.gsub(/\s+$/, '')
-					self.parts << part
-				end
-			else
-				self.content = body.to_s.gsub(/\s+$/, '') + "\r\n"
-			end
-		end
-	end
-
-	def to
-		(self.header.find('To') || [nil, nil])[1]
-	end
-
-	def to=(val)
-		self.header.set("To", val)
-	end
-
-	def from=(val)
-		self.header.set("From", val)
-	end
-
-	def from
-		(self.header.find('From') || [nil, nil])[1]
-	end
-
-	def subject=(val)
-		self.header.set("Subject", val)
-	end
-
-	def subject
-		(self.header.find('Subject') || [nil, nil])[1]
-	end
-
-	def mime_defaults
-		self.header.set("MIME-Version", "1.0")
-		self.header.set("Content-Type", "multipart/mixed; boundary=\"#{self.bound}\"")
-		self.header.set("Subject", '') # placeholder
-		self.header.set("Date", Time.now.strftime("%a,%e %b %Y %H:%M:%S %z"))
-		self.header.set("Message-ID",
-			"<"+
-			Rex::Text.rand_text_alphanumeric(rand(20)+40)+
-			"@"+
-			Rex::Text.rand_text_alpha(rand(20)+3)+
-			">"
-		)
-		self.header.set("From", '')    # placeholder
-		self.header.set("To", '')      # placeholder
-	end
-
-
-	def add_part(data='', content_type='text/plain', transfer_encoding="8bit", content_disposition=nil)
-		part = Rex::MIME::Part.new
-
-		if (content_disposition)
-			part.header.set("Content-Disposition", content_disposition)
-		end
-
-		part.header.set("Content-Type", content_type)
-
-		if (transfer_encoding)
-			part.header.set("Content-Transfer-Encoding", transfer_encoding)
-		end
-
-		part.content = data
-		self.parts << part
-		part
-	end
-
-	def add_part_attachment(data, name)
-		self.add_part(
-			Rex::Text.encode_base64(data, "\r\n"),
-			"application/octet-stream; name=\"#{name}\"",
-			"base64",
-			"attachment; filename=\"#{name}\""
-		)
-	end
-
-
-	def add_part_inline_attachment(data, name)
-		self.add_part(
-			Rex::Text.encode_base64(data, "\r\n"),
-			"application/octet-stream; name=\"#{name}\"",
-			"base64",
-			"inline; filename=\"#{name}\""
-		)
-	end
-
-	def to_s
-		msg = self.header.to_s + "\r\n"
-
-		if self.content and not self.content.empty?
-			msg << self.content + "\r\n"
-		end
-
-		self.parts.each do |part|
-			msg << "--" + self.bound + "\r\n"
-			msg << part.to_s + "\r\n"
-		end
-
-		if self.parts.length > 0
-			msg << "--" + self.bound + "--\r\n"
-		end
-
-		# Force CRLF for SMTP compatibility
-		msg.gsub("\r", '').gsub("\n", "\r\n")
-	end
-
-end
-end
-end
-