librex 0.0.20 → 0.0.21

data/lib/rex/encoding/xor/qword.rb

@@ -0,0 +1,15 @@
+#!/usr/bin/env ruby
+
+require 'rex/encoding/xor/generic'
+
+module Rex
+module Encoding
+module Xor
+
+class Qword < Generic
+
+	def Qword.keysize
+		8
+	end
+
+end end end end

data/lib/rex/encoding/xor/word.rb

@@ -0,0 +1,21 @@
+#!/usr/bin/env ruby
+
+require 'rex/encoding/xor/generic'
+
+#
+# Routine for xor encoding a buffer by a 2-byte (intel word) key.  The perl
+# version used to pad this buffer out to a 2-byte boundary, but I can't think
+# of a good reason to do that anymore, so this doesn't.
+#
+
+module Rex
+module Encoding
+module Xor
+
+class Word < Generic
+
+	def Word.keysize
+		2
+	end
+
+end end end end # Word/Xor/Encoding/Rex

data/lib/rex/encoding/xor/word.rb.ut.rb

@@ -0,0 +1,13 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
+
+require 'rex/encoding/xor/word'
+require 'rex/encoding/xor/byte.rb.ut'
+
+class Rex::Encoding::Xor::Word::UnitTest < Rex::Encoding::Xor::Byte::UnitTest
+
+	def enc
+		Rex::Encoding::Xor::Word
+	end
+end

data/lib/rex/exceptions.rb

@@ -0,0 +1,275 @@
+#!/usr/bin/env ruby
+
+module Rex
+
+###
+#
+# Base mixin for all exceptions that can be thrown from inside Rex.
+#
+###
+module Exception
+end
+
+###
+#
+# This exception is raised when a timeout occurs.
+#
+###
+class TimeoutError < Interrupt
+	include Exception
+
+	def to_s
+		"Operation timed out."
+	end
+end
+
+###
+#
+# This exception is raised when a method is called or a feature is used that
+# is not implemented.
+#
+###
+class NotImplementedError < ::NotImplementedError
+	include Exception
+
+	def to_s
+		"The requested method is not implemented."
+	end
+end
+
+###
+#
+# This exception is raised when a generalized runtime error occurs.
+#
+###
+class RuntimeError < ::RuntimeError
+	include Exception
+end
+
+###
+#
+# This exception is raised when an invalid argument is supplied to a method.
+#
+###
+class ArgumentError < ::ArgumentError
+	include Exception
+
+	def initialize(message = nil)
+		@message = message
+	end
+
+	def to_s
+		str = 'An invalid argument was specified.'
+		if @message
+			str << " #{@message}"
+		end
+		str
+	end
+end
+
+###
+#
+# This exception is raised when an argument that was supplied to a method
+# could not be parsed correctly.
+#
+###
+class ArgumentParseError < ::ArgumentError
+	include Exception
+
+	def to_s
+		"The argument could not be parsed correctly."
+	end
+end
+
+###
+#
+# This exception is raised when an argument is ambiguous.
+#
+###
+class AmbiguousArgumentError < ::RuntimeError
+	include Exception
+
+	def initialize(name = nil)
+		@name = name
+	end
+
+	def to_s
+		"The name #{@name} is ambiguous."
+	end
+end
+
+###
+#
+# This error is thrown when a stream is detected as being closed.
+#
+###
+class StreamClosedError < ::IOError
+	include Exception
+
+	def initialize(stream)
+		@stream = stream
+	end
+
+	def stream
+		@stream
+	end
+
+	def to_s
+		"Stream #{@stream} is closed."
+	end
+end
+
+##
+#
+# Socket exceptions
+#
+##
+
+###
+#
+# This exception is raised when a general socket error occurs.
+#
+###
+module SocketError
+	include Exception
+
+	def to_s
+		"A socket error occurred."
+	end
+end
+
+###
+#
+# This exception is raised when there is some kind of error related to
+# communication with a host.
+#
+###
+module HostCommunicationError
+	def initialize(addr = nil, port = nil)
+		self.host = addr
+		self.port = port
+	end
+
+	#
+	# This method returns a printable address and optional port associated
+	# with the host that triggered the exception.
+	#
+	def addr_to_s
+		if host and port
+			"(#{host}:#{port})"
+		elsif host
+			"(#{host})"
+		else
+			""
+		end
+	end
+
+	attr_accessor :host, :port
+end
+
+
+###
+#
+# This exception is raised when a connection attempt fails because the remote
+# side refused the connection.
+#
+###
+
+class ConnectionError < ::IOError
+	include SocketError
+	include HostCommunicationError
+end
+
+###
+#
+# This exception is raised when a connection attempt fails because the remote
+# side refused the connection.
+#
+###
+class ConnectionRefused < ConnectionError
+	def to_s
+		"The connection was refused by the remote host #{addr_to_s}."
+	end
+end
+
+###
+#
+# This exception is raised when a connection attempt fails because the remote
+# side is unreachable.
+#
+###
+class HostUnreachable < ConnectionError
+	def to_s
+		"The host #{addr_to_s} was unreachable."
+	end
+end
+
+###
+#
+# This exception is raised when a connection attempt times out.
+#
+###
+class ConnectionTimeout < ConnectionError
+	def to_s
+		"The connection timed out #{addr_to_s}."
+	end
+end
+
+
+###
+#
+# This exception is raised when an attempt to use an address or port that is
+# already in use occurs, such as binding to a host on a given port that is
+# already in use.
+#
+###
+class AddressInUse < ::RuntimeError
+	include SocketError
+	include HostCommunicationError
+
+	def to_s
+		"The address is already in use #{addr_to_s}."
+	end
+end
+
+###
+#
+# This exception is raised when an unsupported internet protocol is specified.
+#
+###
+class UnsupportedProtocol < ::ArgumentError
+	include SocketError
+
+	def initialize(proto = nil)
+		self.proto = proto
+	end
+
+	def to_s
+		"The protocol #{proto} is not supported."
+	end
+
+	attr_accessor :proto
+end
+
+
+###
+#
+# This exception is raised when a proxy fails to pass a connection
+#
+###
+class ConnectionProxyError < ConnectionError
+	def initialize(host,port,ptype,reason)
+		super(host,port)
+		self.ptype = ptype
+		self.reason = reason
+	end
+
+	def to_s
+		self.ptype + ": " + self.reason
+	end
+
+	attr_accessor :ptype, :reason
+end
+
+end
+

data/lib/rex/exceptions.rb.ut.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby
+
+$:.unshift(File.join(File.dirname(__FILE__), '..'))
+
+require 'test/unit'
+require 'rex/exceptions'
+
+module Rex
+module Exceptions
+
+class UnitTest < Test::Unit::TestCase
+
+	def test_exceptions
+		Rex.constants.each { |const|
+			mod = Rex.const_get(const)
+
+			if ((mod.kind_of?(Class) == false) ||
+			    (mod.ancestors.include?(Rex::Exception) == false))
+				next
+			end
+
+			begin
+				raise mod.new
+			rescue ::ArgumentError
+			rescue mod => detail
+				assert_respond_to(detail, 'to_s', "#{mod} does not implement to_s")
+				assert_not_nil(detail.to_s, "invalid to_s")
+			end
+		}
+
+		# Test communication error detail strings
+		begin
+			raise ConnectionRefused.new('127.0.0.1', 4444)
+		rescue HostCommunicationError => detail
+			assert_match(/^The connection(.*)\(127.0.0.1:4444\)/, detail.to_s)
+			assert_equal('127.0.0.1', detail.host)
+			assert_equal(4444, detail.port)
+		end
+	end
+
+end
+
+end
+end

data/lib/rex/exploitation/cmdstager.rb

@@ -0,0 +1,9 @@
+##
+# $Id: cmdstager.rb 9375 2010-05-26 22:39:56Z jduck $
+##
+
+require 'rex/exploitation/cmdstager/base'
+require 'rex/exploitation/cmdstager/vbs'
+require 'rex/exploitation/cmdstager/debug_write'
+require 'rex/exploitation/cmdstager/debug_asm'
+require 'rex/exploitation/cmdstager/tftp'

data/lib/rex/exploitation/cmdstager/base.rb

@@ -0,0 +1,175 @@
+require 'rex/text'
+require 'rex/arch'
+require 'msf/core/framework'
+
+module Rex
+module Exploitation
+
+###
+#
+# This class provides an interface to generating cmdstagers.
+#
+###
+
+class CmdStagerBase
+
+	def initialize(exe)
+		@linemax     = 2047 # covers most likely cases
+		@exe         = exe
+	end
+
+	#
+	# Generates the cmd payload including the h2bv2 decoder and encoded payload.
+	# The resulting commands also perform cleanup, removing any left over files
+	#
+	def generate(opts = {})
+		# Allow temporary directory override
+		@tempdir = opts[:temp]
+		@tempdir ||= "%TEMP%\\"
+		if (@tempdir == '.')
+			@tempdir = ''
+		end
+
+		opts[:linemax] ||= @linemax
+
+		generate_cmds(opts)
+	end
+
+
+	#
+	# This does the work of actually building an array of commands that
+	# when executed will create and run an executable payload.
+	#
+	def generate_cmds(opts)
+
+		# Initialize an arry of commands to execute
+		cmds = []
+
+		# Add the exe building commands
+		cmds += generate_cmds_payload(opts)
+
+		# Add the decoder script building commands
+		cmds += generate_cmds_decoder(opts)
+
+		compress_commands(cmds, opts)
+	end
+
+
+	#
+	# Generate the commands to create an encoded version of the
+	# payload file
+	#
+	def generate_cmds_payload(opts)
+
+		# First encode the payload
+		encoded = encode_payload(opts)
+
+		# Now split it up into usable pieces
+		parts = slice_up_payload(encoded, opts)
+
+		# Turn each part into a valid command
+		parts_to_commands(parts, opts)
+	end
+
+	#
+	# This method is intended to be override by the child class
+	#
+	def encode_payload(opts)
+		# Defaults to nothing
+		""
+	end
+
+	#
+	# We take a string of data and turn it into an array of parts.
+	#
+	# We save opts[:extra] bytes out of every opts[:linemax] for the parts
+	# appended and prepended to the resulting elements.
+	#
+	def slice_up_payload(encoded, opts)
+		tmp = encoded.dup
+
+		parts = []
+		xtra_len = opts[:extra]
+		xtra_len ||= 0
+		while (tmp.length > 0)
+			parts << tmp.slice!(0, (opts[:linemax] - xtra_len))
+		end
+
+		parts
+	end
+
+	#
+	# Combine the parts of the encoded file with the stuff that goes
+	# before / after it -- example "echo " and " >>file"
+	#
+	def parts_to_commands(parts, opts)
+		# Return as-is
+		parts
+	end
+
+
+
+	#
+	# Generate the commands that will decode the file we just created
+	#
+	def generate_cmds_decoder(opts)
+		# Defaults to no commands.
+		[]
+	end
+
+
+
+	#
+	# Compress commands into as few lines as possible. Minimizes the number of
+	# commands to execute while maximizing the number of commands per execution.
+	#
+	def compress_commands(cmds, opts)
+		new_cmds = []
+		line = ''
+		concat = cmd_concat_operator
+
+		# We cannot compress commands if there is no way to combine commands on
+		# a single line.
+		return cmds if not concat
+
+		cmds.each { |cmd|
+
+			# If this command will fit, concat it and move on.
+			if ((line.length + cmd.length + concat.length) < opts[:linemax])
+				line << concat if line.length > 0
+				line << cmd
+				next
+			end
+
+			# The command wont fit concat'd to this line, if we have something,
+			# we have to add it to the array now.
+			if (line.length > 0)
+				new_cmds << line
+				line = ''
+			end
+
+			# If it won't fit even after emptying the current line, error out..
+			if (cmd.length > opts[:linemax])
+				raise RuntimeError, 'Line too long - %u bytes, max %u' % [cmd.length, opts[:linemax]]
+			end
+
+			# It will indeed fit by itself, lets add it.
+			line << cmd
+
+		}
+		new_cmds << line if (line.length > 0)
+
+		# Return the final array.
+		new_cmds
+	end
+
+	#
+	# Can be overriden.  For exmaple, use for unix use ";" instead
+	#
+	def cmd_concat_operator
+		nil
+	end
+
+end
+end
+end