librex 0.0.3 → 0.0.4

data/lib/rex/proto/dcerpc/client.rb

@@ -23,15 +23,15 @@ require 'rex/proto/smb/exceptions'
 			'read_timeout'    => 10,
 			'connect_timeout' => 5
 		}
-		
+
 		self.options.merge!(useroptions)
-		
+
 		# If the caller passed us a smb_client object, use it and
 		# and skip the connect/login/ipc$ stages of the setup
 		if (self.options['smb_client'])
 			self.smb = self.options['smb_client']
 		end
-	
+
 		# we must have a valid handle, regardless of everything else
 		raise ArgumentError, 'handle is not a Rex::Proto::DCERPC::Handle' if !self.handle.is_a?(Rex::Proto::DCERPC::Handle)
 
@@ -39,7 +39,7 @@ require 'rex/proto/smb/exceptions'
 		if !self.options['no_socketsetup']
 			self.socket_check()
 		end
-		
+
 		raise ArgumentError, 'socket can not read' if !self.socket.respond_to?(:read)
 		raise ArgumentError, 'socket can not write' if !self.socket.respond_to?(:write)
 
@@ -76,27 +76,27 @@ require 'rex/proto/smb/exceptions'
 	def socket_setup()
 		ctx = { 'Msf' => self.options['Msf'], 'MsfExploit' => self.options['MsfExploit'] }
 		self.socket = case self.handle.protocol
-			
+
 			when 'ncacn_ip_tcp'
 				Rex::Socket.create_tcp(
-					'PeerHost' => self.handle.address, 
-					'PeerPort' => self.handle.options[0], 
+					'PeerHost' => self.handle.address,
+					'PeerPort' => self.handle.options[0],
 					'Context' => ctx,
 					'Timeout' => self.options['connect_timeout']
 				)
-				
+
 			when 'ncacn_np'
 				begin
 					socket = Rex::Socket.create_tcp(
-						'PeerHost' => self.handle.address, 
-						'PeerPort' => 445, 
-						'Context' => ctx, 
+						'PeerHost' => self.handle.address,
+						'PeerPort' => 445,
+						'Context' => ctx,
 						'Timeout' => self.options['connect_timeout']
 					)
-				rescue Timeout::Error, Rex::ConnectionRefused
+				rescue ::Timeout::Error, Rex::ConnectionRefused
 					socket = Rex::Socket.create_tcp(
-						'PeerHost' => self.handle.address, 
-						'PeerPort' => 139, 
+						'PeerHost' => self.handle.address,
+						'PeerPort' => 139,
 						'Context' => ctx,
 						'Timeout' => self.options['connect_timeout']
 					)
@@ -124,27 +124,27 @@ require 'rex/proto/smb/exceptions'
 			self.smb = smb
 			self.smb.read_timeout = self.options['read_timeout']
 		end
-		
+
 		f = self.smb.create_pipe(self.handle.options[0])
 		f.mode = self.options['smb_pipeio']
 		self.socket = f
 	end
 
 	def read()
-	
+
 		max_read = self.options['pipe_read_max_size'] || 1024*1024
 		min_read = self.options['pipe_read_min_size'] || max_read
-		
+
 		raw_response = ''
-		
-		# Are we reading from a remote pipe over SMB?	
+
+		# Are we reading from a remote pipe over SMB?
 		if (self.socket.class == Rex::Proto::SMB::SimpleClient::OpenPipe)
 			begin
-	
+
 				# Max SMB read is 65535, cap it at 64000
 				max_read = [64000, max_read].min
 				min_read = [64000, min_read].min
-	
+
 				read_limit = nil
 
 				while(true)
@@ -156,7 +156,7 @@ require 'rex/proto/smb/exceptions'
 							read_cnt = raw_response.length - read_limit
 						end
 					end
-					
+
 					data = self.socket.read( read_cnt, rand(1024)+1)
 					break if !(data and data.length > 0)
 					raw_response += data
@@ -168,25 +168,24 @@ require 'rex/proto/smb/exceptions'
 					# if we have read enough data. Once we have the length value, we need to make sure
 					# that we don't read beyond this amount, or it can screw up the SMB state
 					if (not read_limit)
-						begin 
+						begin
 							check = Rex::Proto::DCERPC::Response.new(raw_response)
 							read_limit = check.frag_len
 						rescue ::Rex::Proto::DCERPC::Exceptions::InvalidPacket
 						end
 					end
-
-					break if (read_limit and read_limit == raw_response.length)
+					break if (read_limit and read_limit <= raw_response.length)
 				end
-				
+
 			rescue Rex::Proto::SMB::Exceptions::NoReply
 				# I don't care if I didn't get a reply...
 			rescue Rex::Proto::SMB::Exceptions::ErrorCode => exception
-				if exception.error_code != 0xC000014B 
+				if exception.error_code != 0xC000014B
 					raise exception
 				end
 			end
 		# This must be a regular TCP or UDP socket
-		else 
+		else
 			if (self.socket.type? == 'tcp')
 				if (false and max_read)
 					while (true)
@@ -195,7 +194,7 @@ require 'rex/proto/smb/exceptions'
 						break if not data.length
 						raw_response << data
 					end
-				else 
+				else
 					# Just read the entire response in one go
 					raw_response = self.socket.get_once(-1, self.options['read_timeout'])
 				end
@@ -211,14 +210,14 @@ require 'rex/proto/smb/exceptions'
 	# Write data to the underlying socket, limiting the sizes of the writes based on
 	# the pipe_write_min / pipe_write_max options.
 	def write(data)
-	
+
 		max_write = self.options['pipe_write_max_size'] || data.length
 		min_write = self.options['pipe_write_min_size'] || max_write
-		
+
 		if(min_write > max_write)
 			max_write = min_write
 		end
-		
+
 		idx = 0
 
 		if (self.socket.class == Rex::Proto::SMB::SimpleClient::OpenPipe)
@@ -239,16 +238,16 @@ require 'rex/proto/smb/exceptions'
 		bind = ''
 		context = ''
 		if self.options['fake_multi_bind']
-			
+
 			args = [ self.handle.uuid[0], self.handle.uuid[1] ]
-			
+
 			if (self.options['fake_multi_bind_prepend'])
 				args << self.options['fake_multi_bind_prepend']
 			end
-			
+
 			if (self.options['fake_multi_bind_append'])
 				args << self.options['fake_multi_bind_append']
-			end			
+			end
 
 			bind, context = Rex::Proto::DCERPC::Packet.make_bind_fake_multi(*args)
 		else
@@ -259,6 +258,7 @@ require 'rex/proto/smb/exceptions'
 
 		self.write(bind)
 		raw_response = self.read()
+
 		response = Rex::Proto::DCERPC::Response.new(raw_response)
 		self.last_response = response
 		if response.type == 12 or response.type == 15
@@ -266,7 +266,7 @@ require 'rex/proto/smb/exceptions'
 				raise "Could not bind to #{self.handle}"
 			end
 			self.context = context
-		else 
+		else
 			raise "Could not bind to #{self.handle}"
 		end
 	end
@@ -294,15 +294,15 @@ require 'rex/proto/smb/exceptions'
 		raw_response = ''
 
 		begin
-			raw_response = self.read()		
+			raw_response = self.read()
 		rescue ::EOFError
 			raise Rex::Proto::DCERPC::Exceptions::NoResponse
 		end
 
 		if (raw_response == nil or raw_response.length == 0)
 			raise Rex::Proto::DCERPC::Exceptions::NoResponse
-		end			
-		
+		end
+
 
 		self.last_response = Rex::Proto::DCERPC::Response.new(raw_response)
 
@@ -311,7 +311,7 @@ require 'rex/proto/smb/exceptions'
 			e.fault = self.last_response.status
 			raise e
 		end
-			
+
 		self.last_response.stub_data
 	end
 
@@ -324,10 +324,10 @@ require 'rex/proto/smb/exceptions'
 		if (! data or data.length() < 10)
 			return
 		end
-	
+
 		# Pass the first 10 bytes to the constructor
 		resp = Rex::Proto::DCERPC::Response.new(data.slice!(0, 10))
-		
+
 		# Something went wrong in the parser...
 		if (! resp.frag_len)
 			return resp
@@ -351,8 +351,9 @@ require 'rex/proto/smb/exceptions'
 		resp.parse(data)
 		return resp
 	end
-	
+
 end
 end
 end
 end
+

data/lib/rex/proto/dcerpc/response.rb

@@ -10,10 +10,10 @@ class Response
 	attr_accessor :flags, :data_rep, :call_id, :max_frag_xmit, :max_frag_recv
 	attr_accessor :assoc_group, :sec_addr_len, :sec_addr, :num_results
 	attr_accessor :nack_reason, :xfer_syntax_uuid, :xfer_syntax_vers
-	attr_accessor :ack_reason, :ack_result, :ack_xfer_syntax_uuid, :ack_xfer_syntax_vers 	
+	attr_accessor :ack_reason, :ack_result, :ack_xfer_syntax_uuid, :ack_xfer_syntax_vers
 	attr_accessor :alloc_hint, :context_id, :cancel_cnt, :status, :stub_data
 	attr_accessor :raw
-	
+
 	# Create a new DCERPC::Response object
 	# This can be initialized in two ways:
 	# 1) Call .new() with the first 10 bytes of packet, then call parse on the rest
@@ -23,39 +23,39 @@ class Response
 		self.ack_result = []
 		self.ack_reason = []
 		self.ack_xfer_syntax_uuid = []
-		self.ack_xfer_syntax_vers = []		
-		
+		self.ack_xfer_syntax_vers = []
+
 		if (! data or data.length < 10)
 			raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
 		end
-		
+
 		if (data.length == 10)
 			self.frag_len = data[8,2].unpack('v')[0]
 			self.raw = data
 		end
-		
+
 		if (data.length > 10)
 			self.raw = data
 			self.parse
 		end
 	end
-	
+
 	# Parse the contents of a DCERPC response packet and fill out all the fields
 	def parse(body = '')
 		self.raw = self.raw + body
 		self.type = self.raw[2,1].unpack('C')[0]
-		
+
 		uuid = Rex::Proto::DCERPC::UUID
 		data = self.raw
-		
-		
+
+
 		if(not data)
 			raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
 		end
-		
+
 		# BIND_ACK == 12, ALTER_CONTEXT_RESP == 15
 		if (self.type == 12 or self.type == 15)
-			
+
 			# Decode most of the DCERPC header
 			self.vers_major,
 			self.vers_minor,
@@ -74,16 +74,16 @@ class Response
 			if(not self.frag_len or data.length < self.frag_len)
 				raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
 			end
-					
+
 			# Keep an offset into the packet handy
 			x = 0
-			
+
 			# XXX This is still somewhat broken (4 digit ports)
 			self.sec_addr = data[26, self.sec_addr_len]
-			
+
 			# Move the pointer into the packet forward
 			x += 26 + self.sec_addr_len
-			
+
 			# Align the pointer on a dword boundary
 			while (x % 4 != 0)
 				x += 1
@@ -91,13 +91,13 @@ class Response
 
 			# Figure out how many results we have (multiple-context binds)
 			self.num_results = data[ x, 4 ].unpack('V')[0]
-			
+
 			# Move the pointer to the ack_result[0] offset
 			x += 4
 
 			# Initialize the ack_result index
 			ack = 0
-			
+
 			# Scan through all results and add them to the result arrays
 			while ack < self.num_results
 				self.ack_result[ack] = data[ x + 0, 2 ].unpack('v')[0]
@@ -107,13 +107,13 @@ class Response
 				x += 24
 				ack += 1
 			end
-			
+
 			# End of BIND_ACK || ALTER_CONTEXT_RESP
 		end
 
 		# BIND_NACK == 13
 		if (self.type == 13)
-			
+
 			# Decode most of the DCERPC header
 			self.vers_major,
 			self.vers_minor,
@@ -124,11 +124,11 @@ class Response
 			self.auth_len,
 			self.call_id,
 			self.nack_reason = data.unpack('CCCCNvvVv')
-		end		
-	
+		end
+
 		# RESPONSE == 2
 		if (self.type == 2)
-		
+
 			# Decode the DCERPC response header
 			self.vers_major,
 			self.vers_minor,
@@ -141,7 +141,7 @@ class Response
 			self.alloc_hint,
 			self.context_id,
 			self.cancel_cnt = data.unpack('CCCCNvvVVvC')
-			
+
 			# Error out if the whole header was not read
 			if !(self.alloc_hint and self.context_id and self.cancel_cnt)
 				raise Rex::Proto::DCERPC::Exceptions::InvalidPacket, 'DCERPC response packet is incomplete'
@@ -150,11 +150,11 @@ class Response
 			# Put the application data into self.stub_data
 			self.stub_data = data[data.length - self.alloc_hint, 0xffff]
 			# End of RESPONSE
-		end		
+		end
 
 		# FAULT == 3
 		if (self.type == 3)
-		
+
 			# Decode the DCERPC response header
 			self.vers_major,
 			self.vers_minor,
@@ -169,14 +169,14 @@ class Response
 			self.cancel_cnt,
 			trash,
 			self.status = data.unpack('CCCCNvvVVvCCV')
-			
+
 			# Put the application data into self.stub_data
-			self.stub_data = data[data.length - self.alloc_hint, 0xffff]			
+			self.stub_data = data[data.length - self.alloc_hint, 0xffff]
 			# End of FAULT
-		end	
-		
+		end
+
 	end
-	
+
 protected
 #	attr_accessor :raw
 
@@ -184,3 +184,4 @@ end
 end
 end
 end
+