librex 0.0.19 → 0.0.20

data/lib/rex/encoder/ndr.rb.ut.rb

@@ -1,44 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
-
-require 'rex/test'
-require 'rex/exceptions'
-require 'rex/encoder/ndr'
-
-class Rex::Encoder::NDR::UnitTest < Test::Unit::TestCase
-
-	Klass = Rex::Encoder::NDR
-
-    def test_align
-        assert_equal(0, Klass.align('').length, 'align 0')
-        assert_equal(3, Klass.align('f').length, 'align 1')
-        assert_equal(2, Klass.align('fo').length, 'align 2')
-        assert_equal(1, Klass.align('foo').length, 'align 3')
-        assert_equal(0, Klass.align('fooo').length, 'align 4')
-        assert_equal(3, Klass.align('foooo').length, 'align 5')
-    end
-
-    def test_numbers
-        assert_equal("\x0a\x00\x00\x00", Klass.long(10), 'long')
-        assert_equal("\x0a\x00", Klass.short(10), 'short')
-        assert_equal("\x0a", Klass.byte(10), 'byte')
-    end
-
-    def test_conformant_array
-        assert_equal("\x05\x00\x00\x00aaaaa", Klass.UniConformantArray('aaaaa').slice(0,9), 'UniConformantArray')
-        assert_equal(12, Klass.UniConformantArray('aaaaa').length, 'UniConformantArray length')
-    end
-    
-    def test_string
-        assert_equal("\x06\x00\x00\x00" + "\x00\x00\x00\x00" + "\x06\x00\x00\x00" "aaaaa\x00", Klass.string('aaaaa').slice(0,4+4+4+6), 'string')
-        assert_equal(20, Klass.string('aaaaa').length, 'string length')
-
-        assert_equal("\x06\x00\x00\x00" + "\x00\x00\x00\x00" + "\x06\x00\x00\x00" "a\x00a\x00a\x00a\x00a\x00\x00\x00", Klass.wstring('aaaaa').slice(0,4+4+4+12), 'wstring')
-        assert_equal(24, Klass.wstring('aaaaa').length, 'wstring length')
-       
-        assert_equal("\x02\x00\x00\x00" + "\x00\x00\x00\x00" + "\x02\x00\x00\x00" "aa\x00\x00", Klass.wstring_prebuilt('aa' + "\x00\x00"), 'wstring_prebuilt')
-        assert_equal(16, Klass.wstring_prebuilt('aa' + "\x00\x00").length, 'wstring_prebuilt length')
-    end
-
-end

data/lib/rex/encoder/nonalpha.rb

@@ -1,61 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/text'
-
-module Rex
-module Encoder
-
-class NonAlpha
-
-	def NonAlpha.gen_decoder()
-		decoder =
-			"\x66\xB9\xFF\xFF" +
-			"\xEB\x19"  +               # Jmp to table
-			"\x5E"      +               # pop esi
-			"\x8B\xFE"  +               # mov edi, esi      - Get table addr
-			"\x83\xC7"  + "A" +         # add edi, tablelen - Get shellcode addr
-			"\x8B\xD7"  +               # mov edx, edi      - Hold end of table ptr
-			"\x3B\xF2"  +               # cmp esi, edx
-			"\x7D\x0B"  +               # jle to end
-			"\xB0\x7B"  +               # mov eax, 0x7B     - Set up eax with magic
-			"\xF2\xAE"  +               # repne scasb       - Find magic!
-			"\xFF\xCF"  +               # dec edi           - scasb purs us one ahead
-			"\xAC"      +               # lodsb
-			"\x28\x07"  +               # subb [edi], al
-			"\xEB\xF1"  +               # jmp BACK!
-			"\xEB"      + "B" +         # jmp [shellcode]
-			"\xE8\xE2\xFF\xFF\xFF"
-	end
-
-	def NonAlpha.encode_byte(block, table, tablelen)
-		if (tablelen > 255) or (block == 0x7B)
-			raise RuntimeError, "BadChar"
-		end
- 
-		if (block >= 0x41 and block <= 0x5A) or (block >= 0x61 and block <= 0x7A)
-			# gen offset, return magic
-			offset = 0x7b - block;
-			table += offset.chr
-			tablelen = tablelen + 1
-			block = 0x7B
-		end
-
-		return [block.chr, table, tablelen]
-	end
-
-	def NonAlpha.encode(buf)
-		table = ""
-		tablelen = 0
-		nonascii = ""
-		encoded = gen_decoder()
-		buf.each_byte { |block|
-			newchar, table, tablelen = encode_byte(block.unpack('C')[0], table, tablelen)
-			nonascii += newchar
-		}
-		encoded.gsub!(/A/, tablelen)
-		encoded.gsub!(/B/, tablelen+5)
-		encoded += table
-		encoded += nonascii
-	end
-
-end end end

data/lib/rex/encoder/nonupper.rb

@@ -1,64 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/text'
-
-module Rex
-module Encoder
-
-class NonUpper
-	
-	
-	def NonUpper.gen_decoder()
-		decoder =
-			"\x66\xB9\xFF\xFF" +
-			"\xEB\x19"  +               # Jmp to table
-			"\x5E"      +               # pop esi
-			"\x8B\xFE"  +               # mov edi, esi      - Get table addr
-			"\x83\xC7"  + "A" +         # add edi, tablelen - Get shellcode addr
-			"\x8B\xD7"  +               # mov edx, edi      - Hold end of table ptr
-			"\x3B\xF2"  +               # cmp esi, edx
-			"\x7D\x0B"  +               # jle to end
-			"\xB0\x7B"  +               # mov eax, 0x7B     - Set up eax with magic
-			"\xF2\xAE"  +               # repne scasb       - Find magic!
-			"\xFF\xCF"  +               # dec edi           - scasb purs us one ahead
-			"\xAC"      +               # lodsb
-			"\x28\x07"  +               # subb [edi], al
-			"\xEB\xF1"  +               # jmp BACK!
-			"\xEB"      + "B" +         # jmp [shellcode]
-			"\xE8\xE2\xFF\xFF\xFF"  
-	end
-
-	def NonUpper.encode_byte(badchars, block, table, tablelen)
-		if (tablelen > 255) or (block == 0x40)
-			raise RuntimeError, "BadChar"
-		end
- 
-		if (block >= 0x41 and block <= 0x40) or (badchars =~ block)
-			# gen offset, return magic
-			offset = 0x40 - block;
-			table += offset.chr
-			tablelen = tablelen + 1
-			block = 0x40
-		end
-
-		return [block.chr, table, tablelen]
-	end
-
-	def NonUpper.encode(buf)
-		table = ""
-		tablelen = 0
-		nonascii = ""
-		encoded = gen_decoder()
-		buf.each_byte {
-			|block|
-
-			newchar, table, tablelen = encode_byte(block.unpack('C')[0], table, tablelen)
-			nonascii += newchar
-		}
-		encoded.gsub!(/A/, tablelen)
-		encoded.gsub!(/B/, tablelen+5)
-		encoded += table
-		encoded += nonascii
-	end
-
-end end end

data/lib/rex/encoder/xdr.rb

@@ -1,106 +0,0 @@
-module Rex
-module Encoder
-
-###
-#
-# This class implements basic XDR encoding.
-#
-###
-module XDR
-	MAX_ARG = 0xffffffff
-	
-	# Also: unsigned int, bool, enum
-	def XDR.encode_int(int)
-		return [int].pack('N')
-	end
-	
-	def XDR.decode_int!(data)
-		  return data.slice!(0..3).unpack('N')[0] if data
-      data = 0
-	end
-	
-	def XDR.encode_lchar(char)
-		char |= 0xffffff00 if char & 0x80 != 0
-		return encode_int(char)
-	end
-	
-	def XDR.decode_lchar!(data)
-		return (decode_int!(data) & 0xff).chr
-	end
-
-	# Also: Variable length opaque
-	def XDR.encode_string(str, max=MAX_ARG)
-		raise ArgumentError, 'XDR: String too long' if str.length > max
-		len = str.length
-		str << "\x00" * ((4 - (len & 3)) & 3)
-		return encode_int(len) + str
-	end
-
-	def XDR.decode_string!(data)
-		real_len = decode_int!(data)
-		return "" if real_len == 0
-		align_len = (real_len + 3) & ~3
-		return data.slice!(0..align_len-1).slice(0..real_len-1)
-	end
-
-	def XDR.encode_varray(arr, max=MAX_ARG, &block)
-		raise ArgumentError, 'XDR: Too many array elements' if arr.length > max
-		return encode_int(arr.length) + arr.collect(&block).join(nil)
-	end
-
-	def XDR.decode_varray!(data)
-		buf = []
-		1.upto(decode_int!(data)) { buf.push(yield(data)) }
-		return buf
-	end
-	
-	# encode(0, [0, 1], "foo", ["bar", 4]) does:
-	#   encode_int(0) + 
-	#   encode_varray([0, 1]) { |i| XDR.encode_int(i) } +
-	#   encode_string("foo") + 
-	#   encode_string("bar", 4)
-	def XDR.encode(*data)
-		data.collect do |var|
-			if var.kind_of?(String)
-				encode_string(var)
-			elsif var.kind_of?(Integer)
-				encode_int(var)
-			elsif var.kind_of?(Array) && var[0].kind_of?(String)
-				raise ArgumentError, 'XDR: Incorrect string array arguments' if var.length != 2
-				encode_string(var[0], var[1])
-			elsif var.kind_of?(Array) && var[0].kind_of?(Integer)
-				encode_varray(var) { |i| XDR.encode_int(i) }
-			# 0 means an empty array index in the case of Integer and an empty string in
-			#   the case of String so we get the best of both worlds
-			elsif var.kind_of?(Array) && var[0].nil?
-				encode_int(0)
-			else
-				type = var.class
-				type = var[0].class if var.kind_of?(Array)
-				raise TypeError, "XDR: encode does not support #{type}"
-			end
-		end.join(nil)
-	end
-
-# decode(buf, Integer, String, [Integer], [String]) does:
-# [decode_int!(buf), decode_string!(buf),
-#   decode_varray!(buf) { |i| XDR.decode_int!(i) },
-#   decode_varray!(buf) { |s| XDR.decode_string(s) }]
-	def XDR.decode!(buf, *data)
-		return *data.collect do |var|
-			if data.length == 0
-			elsif var.kind_of?(Array) && var[0] == String
-				decode_varray!(buf) { |s| XDR.decode_string!(s) }
-			elsif var.kind_of?(Array) && var[0] == Integer
-				decode_varray!(buf) { |i| XDR.decode_int!(i) }
-			elsif var == String
-				decode_string!(buf)
-			elsif var == Integer
-				decode_int!(buf)
-			end
-		end
-	end
-end
-
-end
-end

data/lib/rex/encoder/xdr.rb.ut.rb

@@ -1,29 +0,0 @@
-#!/usr/bin/env ruby
-
-$:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
-
-require 'test/unit'
-require 'rex/exceptions'
-require 'rex/encoder/xdr'
-
-class Rex::Encoder::XDR::UnitTest < Test::Unit::TestCase
-
-	def test_encode
-		assert_equal("\000\000\004\322", Rex::Encoder::XDR.encode_int(1234), 'encode_int')
-		assert_equal("\377\377\377\322", Rex::Encoder::XDR.encode_lchar(1234), 'encode_lchar')
-		assert_equal("\000\000\000\003abc\000", Rex::Encoder::XDR.encode_string('abc'), 'encode_string')
-		assert_equal("\000\000\000\003abc\000", Rex::Encoder::XDR.encode_string('abc', 4), 'encode_string with maxlen')
-		assert_raises(Rex::ArgumentError) {
-			Rex::Encoder::XDR.encode_string('abc', 2)
-		}
-		assert_equal("\000\000\000\003\000\000\000\001\000\000\000\002\000\000\000\003", Rex::Encoder::XDR.encode_varray([1,2,3]) {|i| Rex::Encoder::XDR.encode_int(i) }, 'encode_varray')
-		assert_equal("\000\000\000\000\000\000\000\002\000\000\000\000\000\000\000\001\000\000\000\003foo\000\000\000\000\003bar\000", Rex::Encoder::XDR.encode(0, [0, 1], "foo", ["bar", 4]), 'encode')
-	end
-
-	def test_decode
-		assert_equal(1234, Rex::Encoder::XDR.decode_int!("\000\000\004\322"), 'decode_int!')
-		assert_equal('abc', Rex::Encoder::XDR.decode_string!("\000\000\000\003abc\000"), 'decode_string')
-		assert_equal([1,2,3], Rex::Encoder::XDR.decode_varray!("\000\000\000\003\000\000\000\001\000\000\000\002\000\000\000\003") { |i| Rex::Encoder::XDR.decode_int!(i) } , 'decode_varray!')
-		assert_equal(1234, Rex::Encoder::XDR.decode_lchar!("\377\377\377\322"), 'decode_lchar!')
-	end
-end

data/lib/rex/encoder/xor.rb

@@ -1,69 +0,0 @@
-#!/usr/bin/env ruby
-
-module Rex
-module Encoder
-
-###
-#
-# This class performs basic XOR encoding.
-#
-###
-class Xor
-
-	attr_accessor :raw, :encoded, :badchars, :opts, :key, :fkey # :nodoc:
-
-	#
-	# wrap that in a wanna be static class
-	#
-	def self.encode(*args)
-		self.new.encode(*args)
-	end
-
-	#
-	# Return the class associated with this encoder.
-	#
-	def encoder()
-		self.class::EncoderKlass
-	end
-
-	#
-	# This method encodes the supplied data, taking into account the badchar
-	# list, and returns the encoded buffer.
-	#
-	def encode(data, badchars = '', opts = { })
-		self.raw      = data
-		self.badchars = badchars
-		self.opts     = opts
-
-		# apply any transforms to the plaintext data
-		data = _unencoded_transform(data)
-
-		self.encoded, self.key, self.fkey = encoder().find_key_and_encode(data, badchars)
-
-		# apply any transforms to the encoded data
-		self.encoded = _encoded_transform(encoded)
-
-		return _prepend() + encoded + _append()
-	end
-
-	protected
-	def _unencoded_transform(data) # :nodoc:
-		data
-	end
-
-	def _encoded_transform(data) # :nodoc:
-		data
-	end
-
-	def _prepend() # :nodoc:
-		""
-	end
-
-	def _append() # :nodoc:
-		""
-	end
-
-end
-
-end end
-

data/lib/rex/encoder/xor/dword.rb

@@ -1,13 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/encoder/xor'
-require 'rex/encoding/xor/dword'
-
-###
-#
-# This class wraps the Dword XOR encoder.
-#
-###
-class Rex::Encoder::Xor::Dword < Rex::Encoder::Xor
-	EncoderKlass = Rex::Encoding::Xor::Dword
-end

data/lib/rex/encoder/xor/dword_additive.rb

@@ -1,13 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/encoder/xor'
-require 'rex/encoding/xor/dword_additive'
-
-###
-#
-# This class wraps the Dword XOR Additive feedback encoder.
-#
-###
-class Rex::Encoder::Xor::DwordAdditive < Rex::Encoder::Xor
-	EncoderKlass = Rex::Encoding::Xor::DwordAdditive
-end

data/lib/rex/encoders/xor_dword.rb

@@ -1,35 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/arch/x86'
-require 'rex/encoder/xor/dword'
-
-module Rex
-module Encoders
-
-###
-#
-# Spoon's smaller variable-length encoder (updated to use call $+4 by vlad902)
-#
-###
-class XorDword < Rex::Encoder::Xor::Dword
-	module Backend
-		def _prepend
-			# set the counter to the rounded up number of dwords to decode
-			Rex::Arch::X86.set(
-				Rex::Arch::X86::ECX,
-				(encoded.length - 1 >> 2) + 1,
-				badchars
-			) +
-			"\xe8\xff\xff\xff" +                # call $+4
-			"\xff\xc0" +                        # inc eax
-			"\x5e" +                            # pop esi
-			"\x81\x76\x0e" + key +              # xor_xor: xor [esi + 0x0e], $xorkey
-			"\x83\xee\xfc" +                    # sub esi, -4
-			"\xe2\xf4"                          # loop xor_xor
-		end
-	end
-
-	include Backend
-end
-
-end end

data/lib/rex/encoders/xor_dword_additive.rb

@@ -1,53 +0,0 @@
-#!/usr/bin/env ruby
-
-require 'rex/encoder/xor/dword_additive'
-
-##
-#
-# Jmp/Call Dword Additive Feedback Encoder
-# Author: skape
-# Arch:   x86
-#
-##
-module Rex
-module Encoders
-
-class XorDwordAdditive < Rex::Encoder::Xor::DwordAdditive
-	module Backend
-
-		def _unencoded_transform(data)
-			# check for any dword aligned zeros that would falsely terminate the decoder
-			idx = 0
-			while true
-				idx = data.index("\x00\x00\x00\x00", idx)
-				break if !idx
-				if idx & 3 == 0
-					raise RuntimeError, "Unencoded data cannot have a dword aligned 0 dword!", caller()
-				end
-				idx += 1
-			end
-
-			# pad to a dword boundary and append null dword for termination
-			data = data + ("\x00" * ((4 - data.length & 3) & 3)) + "\x00\x00\x00\x00"
-		end
-
-		def _prepend
-			"\xfc"                + # cld
-			"\xbb" + key          + # mov ebx, key
-			"\xeb\x0c"            + # jmp short 0x14
-			"\x5e"                + # pop esi
-			"\x56"                + # push esi
-			"\x31\x1e"            + # xor [esi], ebx
-			"\xad"                + # lodsd
-			"\x01\xc3"            + # add ebx, eax
-			"\x85\xc0"            + # test eax, eax
-			"\x75\xf7"            + # jnz 0xa
-			"\xc3"                + # ret
-			"\xe8\xef\xff\xff\xff"  # call 0x8
-		end
-	end
-
-	include Backend
-end
-
-end end