librex 0.0.32 → 0.0.33

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb

@@ -0,0 +1,63 @@
+#!/usr/bin/env rubyj
+
+$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..','..','..','..','..', 'lib')) 
+
+require 'rex/post/meterpreter/extensions/stdapi/railgun/railgun'
+require 'rex/post/meterpreter/extensions/stdapi/railgun/mock_magic'
+require 'test/unit'
+require 'benchmark'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+class Railgun::UnitTest < Test::Unit::TestCase
+
+	include MockMagic
+
+	def test_add_dll
+		railgun = Railgun.new(make_mock_client())
+
+		target_dll_name = 'discordia'
+		target_windows_name = 'C:\look\behind\you'
+
+		railgun.add_dll(target_dll_name, target_windows_name)
+
+		actual_dll = railgun.get_dll(target_dll_name);
+
+		assert_not_nil(actual_dll,
+			"add_dll should make a DLL accessible via get_dll")
+
+		assert_equal(actual_dll.dll_path, target_windows_name,
+			"add_dll should set a dll path when specified")
+
+# 
+#		wrapper = railgun.send(target_dll_name.to_sym)
+#
+#		assert_same(wrapper._dll, actual_dll,
+#			"railgun instance responds with dll wrapper as expected")
+	end
+
+	def test_add_function
+		mock_function_descriptions.each do |func|
+			railgun = Railgun.new(make_mock_client(func[:platform]))
+
+			dll_name = func[:dll_name]
+			function_name = func[:name]
+			
+			railgun.add_dll(dll_name)
+			railgun.add_function(dll_name, function_name, func[:return_type], func[:params])
+
+			assert(railgun.get_dll(dll_name).functions.has_key?(function_name),
+				"add_function should add a function to the DLL specified")
+		end
+	end
+end
+end
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/packet_dispatcher.rb

@@ -60,11 +60,17 @@ module PacketDispatcher
 
 		bytes = 0
 		raw   = packet.to_r
+		err   = nil
 
 		if (raw)
+		
 			begin
 				bytes = self.sock.write(raw)
 			rescue ::Exception => e
+				err = e	
+			end
+			
+			if bytes.to_i == 0
 				# Mark the session itself as dead
 				self.alive = false
 				
@@ -72,7 +78,7 @@ module PacketDispatcher
 				@finish = true
 				
 				# Reraise the error to the top-level caller
-				raise e		
+				raise err if err		
 			end
 		end
 
@@ -113,7 +119,7 @@ module PacketDispatcher
 		waiter = add_response_waiter(packet)
 
 		# Transmit the packet
-		if (send_packet(packet) <= 0)
+		if (send_packet(packet).to_i <= 0)
 			# Remove the waiter if we failed to send the packet.
 			remove_response_waiter(waiter)
 			return nil

data/lib/rex/proto/http/handler/proc.rb

@@ -38,7 +38,7 @@ class Handler::Proc < Handler
 		rescue Errno::EPIPE
 			elog("Proc::on_request: Client closed connection prematurely", LogSource)
 		rescue
-			elog("Proc::on_request: #{$!}\n\n#{$@.join("\n")}", LogSource)
+			elog("Proc::on_request: #{$!.class}: #{$!}\n\n#{$@.join("\n")}", LogSource)
 			if self.server and self.server.context
 				exploit = self.server.context['MsfExploit']
 				if exploit

data/lib/rex/proto/http/server.rb

@@ -99,15 +99,17 @@ class Server
 	# Initializes an HTTP server as listening on the provided port and
 	# hostname.
 	#
-	def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {}, comm = nil)
+	def initialize(port = 80, listen_host = '0.0.0.0', ssl = false, context = {}, comm = nil, ssl_cert = nil)
 		self.listen_host = listen_host
 		self.listen_port = port
+		self.ssl         = ssl
 		self.context     = context
+		self.comm        = comm
+		self.ssl_cert    = ssl_cert
+
 		self.listener    = nil
 		self.resources   = {}
 		self.server_name = DefaultServer
-		self.ssl         = ssl
-		self.comm        = comm
 	end
 
 	#
@@ -134,6 +136,7 @@ class Server
 			'LocalPort' => self.listen_port,
 			'Context'   => self.context,
 			'SSL'		=> self.ssl,
+			'SSLCert'	=> self.ssl_cert,
 			'Comm'      => self.comm
 		)
 
@@ -219,7 +222,7 @@ class Server
 	# Adds Server headers and stuff.
 	#
 	def add_response_headers(resp)
-		resp['Server'] = self.server_name
+		resp['Server'] = self.server_name if not resp['Server']
 	end
 
 	#
@@ -256,7 +259,7 @@ class Server
 		cli.send_response(resp)
 	end
 
-	attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl, :comm
+	attr_accessor :listen_port, :listen_host, :server_name, :context, :ssl, :comm, :ssl_cert
 	attr_accessor :listener, :resources
 
 protected
@@ -275,10 +278,7 @@ protected
 	#
 	def on_client_data(cli)
 		begin
-			#
-			# XXX: Handle ParseCode::Partial
-			#
-			data = cli.get
+			data = cli.read(65535)
 
 			raise ::EOFError if not data
 			raise ::EOFError if data.empty?
@@ -286,8 +286,13 @@ protected
 			case cli.request.parse(data)
 				when Packet::ParseCode::Completed
 					dispatch_request(cli, cli.request)
-
 					cli.reset_cli
+					
+				when Packet::ParseCode::Partial
+					# Return and wait for the on_client_data handler to be called again
+					# The Request object tracks the state of the request for us
+					return
+
 				when Packet::ParseCode::Error
 					close_client(cli)
 			end

data/lib/rex/socket/parameters.rb

@@ -63,6 +63,10 @@ class Rex::Socket::Parameters
 	#
 	# 	Specify SSL2, SSL3, or TLS1 (SSL3 is default)
 	#	
+	# SSLCert
+	#
+	# 	A file containing an SSL certificate (for server sockets)
+	#
 	# Proxies
 	#
 	#	List of proxies to use.
@@ -139,6 +143,14 @@ class Rex::Socket::Parameters
 			self.ssl_version = hash['SSLVersion']
 		end
 		
+		if (hash['SSLCert'] and ::File.file?(hash['SSLCert']))
+			begin
+				self.ssl_cert = ::File.read(hash['SSLCert'])
+			rescue ::Exception => e
+				elog("Failed to read cert: #{e.class}: #{e}", LogSource)
+			end
+		end
+		
 		if hash['Proxies']	
 			self.proxies = hash['Proxies'].split('-').map{|a| a.strip}.map{|a| a.split(':').map{|b| b.strip}}
 		end
@@ -325,6 +337,10 @@ class Rex::Socket::Parameters
 	#
 	attr_accessor :ssl_version
 	#
+	# The SSL certificate, in pem format, stored as a string.  See +SslTcpServer#make_ssl+
+	#
+	attr_accessor :ssl_cert
+	#
 	# Whether we should use IPv6
 	#
 	attr_accessor :v6

data/lib/rex/socket/ssl_tcp_server.rb

@@ -47,7 +47,7 @@ module Rex::Socket::SslTcpServer
 
 	def initsock(params = nil)
 		raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
-		self.sslctx  = makessl()
+		self.sslctx  = makessl(params.ssl_cert)
 		super
 	end
 
@@ -99,43 +99,52 @@ module Rex::Socket::SslTcpServer
 	end
 
 
-	def makessl
-		key = OpenSSL::PKey::RSA.new(1024){ }
-
-		cert = OpenSSL::X509::Certificate.new
-		cert.version = 2
-		cert.serial = rand(0xFFFFFFFF)
-		# name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
-		subject = OpenSSL::X509::Name.new([
-				["C","US"],
-				['ST', Rex::Text.rand_state()],
-				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["CN", Rex::Text.rand_hostname],
-			])
-		issuer = OpenSSL::X509::Name.new([
-				["C","US"],
-				['ST', Rex::Text.rand_state()],
-				["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-				["CN", Rex::Text.rand_hostname],
-			])
-
-		cert.subject = subject
-		cert.issuer = issuer
-		cert.not_before = Time.now - (3600 * 365)
-		cert.not_after = Time.now + (3600 * 365)
-		cert.public_key = key.public_key
-		ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
-		cert.extensions = [
-			ef.create_extension("basicConstraints","CA:FALSE"),
-			ef.create_extension("subjectKeyIdentifier","hash"),
-			ef.create_extension("extendedKeyUsage","serverAuth"),
-			ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
-		]
-		ef.issuer_certificate = cert
-		cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
-		cert.sign(key, OpenSSL::Digest::SHA1.new)
+	# 
+	# Create a new ssl context.  If +ssl_cert+ is not given, generates a new
+	# key and a leaf certificate with random values.
+	#
+	def makessl(ssl_cert=nil)
+
+		if ssl_cert
+			cert = OpenSSL::X509::Certificate.new(ssl_cert)
+			key = OpenSSL::PKey::RSA.new(ssl_cert)
+		else
+			key = OpenSSL::PKey::RSA.new(1024){ }
+			cert = OpenSSL::X509::Certificate.new
+			cert.version = 2
+			cert.serial = rand(0xFFFFFFFF)
+			# name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
+			subject = OpenSSL::X509::Name.new([
+					["C","US"],
+					['ST', Rex::Text.rand_state()],
+					["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
+					["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
+					["CN", Rex::Text.rand_hostname],
+				])
+			issuer = OpenSSL::X509::Name.new([
+					["C","US"],
+					['ST', Rex::Text.rand_state()],
+					["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
+					["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
+					["CN", Rex::Text.rand_hostname],
+				])
+
+			cert.subject = subject
+			cert.issuer = issuer
+			cert.not_before = Time.now - (3600 * 365)
+			cert.not_after = Time.now + (3600 * 365)
+			cert.public_key = key.public_key
+			ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+			cert.extensions = [
+				ef.create_extension("basicConstraints","CA:FALSE"),
+				ef.create_extension("subjectKeyIdentifier","hash"),
+				ef.create_extension("extendedKeyUsage","serverAuth"),
+				ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
+			]
+			ef.issuer_certificate = cert
+			cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
+			cert.sign(key, OpenSSL::Digest::SHA1.new)
+		end
 
 		ctx = OpenSSL::SSL::SSLContext.new()
 		ctx.key = key

data/lib/rex/ui/text/dispatcher_shell.rb

@@ -35,6 +35,8 @@ module DispatcherShell
 		#
 		# Returns nil for an empty set of commands.
 		#
+		# This method should be overridden
+		#
 		def commands
 		end
 	
@@ -84,7 +86,9 @@ module DispatcherShell
 		# Displays the help banner.  With no arguments, this is just a list of
 		# all commands grouped by dispatcher.  Otherwise, tries to use a method
 		# named cmd_#{+cmd+}_help for the first dispatcher that has a command
-		# named +cmd+.
+		# named +cmd+.  If no such method exists, uses +cmd+ as a regex to
+		# compare against each enstacked dispatcher's name and dumps commands
+		# of any that match.
 		#
 		def cmd_help(cmd=nil, *ignored)
 			if cmd
@@ -103,6 +107,16 @@ module DispatcherShell
 						break
 					end
 				end
+
+				unless cmd_found
+					# We didn't find a cmd, try it as a dispatcher name
+					shell.dispatcher_stack.each do |dispatcher|
+						if dispatcher.name =~ /#{cmd}/i
+							print_line(dispatcher.help_to_s)
+							cmd_found = help_found = true
+						end
+					end
+				end
 				print_error("No help for #{cmd}, try -h") if cmd_found and not help_found
 				print_error("No such command") if not cmd_found
 			else
@@ -127,6 +141,37 @@ module DispatcherShell
 
 		alias cmd_? cmd_help
 
+		#
+		# Return a pretty, user-readable table of commands provided by this
+		# dispatcher.
+		#
+		def help_to_s(opts={})
+			# If this dispatcher has no commands, we can't do anything useful.
+			return "" if commands.nil? or commands.length == 0
+
+			# Display the commands
+			tbl = Table.new(
+				'Header'  => "#{self.name} Commands",
+				'Indent'  => opts['Indent'] || 4,
+				'Columns' => 
+					[
+						'Command',
+						'Description'
+					],
+				'ColProps' =>
+					{
+						'Command' =>
+							{
+								'MaxWidth' => 12
+							}
+					})
+
+			commands.sort.each { |c|
+				tbl << c
+			}
+
+			return "\n" + tbl.to_s + "\n"
+		end
 
 		#
 		# No tab completion items by default
@@ -391,45 +436,20 @@ module DispatcherShell
 	#
 	# Return a readable version of a help banner for all of the enstacked
 	# dispatchers.
+	# 
+	# See +CommandDispatcher#help_to_s+
 	#
 	def help_to_s(opts = {})
 		str = ''
 
 		dispatcher_stack.reverse.each { |dispatcher|
-			# No commands?  Suckage.
-			next if ((dispatcher.respond_to?('commands') == false) or
-			         (dispatcher.commands == nil) or
-			         (dispatcher.commands.length == 0))
-
-			# Display the commands
-			tbl = Table.new(
-				'Header'  => "#{dispatcher.name} Commands",
-				'Indent'  => opts['Indent'] || 4,
-				'Columns' => 
-					[
-						'Command',
-						'Description'
-					],
-				'ColProps' =>
-					{
-						'Command' =>
-							{
-								'MaxWidth' => 12
-							}
-					})
-
-			dispatcher.commands.sort.each { |c|
-				tbl << c
-			}
-
-			str << "\n" + tbl.to_s + "\n"
+			str << dispatcher.help_to_s
 		}
 
 		return str
 	end
 
 
-		
 	#
 	# Returns nil for an empty set of blocked commands.
 	#

data/lib/rex/zip.rb

@@ -89,5 +89,8 @@ require 'rex/zip/entry'
 # the archive class
 require 'rex/zip/archive'
 
+# a child of Archive, implements Java ARchives for creating java applications
+require 'rex/zip/jar'
+
 end
 end

data/lib/rex/zip/archive.rb

@@ -1,5 +1,5 @@
 ##
-# $Id: archive.rb 11175 2010-11-30 07:10:57Z egypt $
+# $Id: archive.rb 12718 2011-05-25 16:45:20Z egypt $
 ##
 
 module Rex
@@ -9,14 +9,20 @@ module Zip
 # This represents an entire archive.
 #
 class Archive
+
+	# An array of the Entry objects stored in this Archive.
 	attr_reader :entries
 
+
 	def initialize(compmeth=CM_DEFLATE)
 		@compmeth = compmeth
 		@entries = []
 	end
 
 
+	#
+	# Create a new Entry and add it to the archive.
+	#
 	def add_file(fname, fdata=nil, xtra=nil, comment=nil)
 		if (not fdata)
 			begin
@@ -45,6 +51,9 @@ class Archive
 	end
 
 
+	#
+	# Write the compressed file to +fname+.
+	#
 	def save_to(fname)
 		f = File.open(fname, 'wb')
 		f.write(pack)
@@ -52,6 +61,9 @@ class Archive
 	end
 
 
+	#
+	# Compress this archive and return the resulting zip file as a String.
+	#
 	def pack
 		ret = ''
 
@@ -92,93 +104,5 @@ class Archive
 
 end
 
-class Jar < Archive
-	attr_accessor :manifest
-
-	def build_manifest(opts={})
-		main_class = opts[:main_class] || nil
-		existing_manifest = nil
-
-		@manifest =  "Manifest-Version: 1.0\r\n"
-		@manifest << "Main-Class: #{main_class}\r\n" if main_class
-		@manifest << "\r\n"
-		@entries.each { |e|
-			existing_manifest = e if e.name == "META-INF/MANIFEST.MF" 
-			next unless e.name =~ /\.class$/
-			@manifest << "Name: #{e.name}\r\n"
-			#@manifest << "SHA1-Digest: #{Digest::SHA1.base64digest(e.data)}\r\n"
-			@manifest << "\r\n"
-		}
-		if existing_manifest
-			existing_manifest.data = @manifest
-		else
-			add_file("META-INF/", '')
-			add_file("META-INF/MANIFEST.MF", @manifest)
-		end
-	end
-
-	def to_s
-		pack
-	end
-
-	def length
-		pack.length
-	end
-
-	#
-	# Add multiple files from an array
-	#
-	# +files+ should be structured like so:
-	#   [
-	#     [ "path", "to", "file1" ],
-	#     [ "path", "to", "file2" ]
-	#   ]
-	# and +path+ should be the location on the file system to find the files to
-	# add.  +base_dir+ will be prepended to the path inside the jar.
-	#
-	# Example:
-	# <code>
-	# war = Rex::Zip::Jar.new
-	# war.add_file("WEB-INF/", '')
-	# war.add_file("WEB-INF/", "web.xml", web_xml)
-	# war.add_file("WEB-INF/classes/", '')
-	# files = [
-	#	[ "servlet", "examples", "HelloWorld.class" ],
-	#	[ "Foo.class" ],
-	#	[ "servlet", "Bar.class" ],
-	# ]
-	# war.add_files(files, "./class_files/", "WEB-INF/classes/")
-	# </code>
-	#
-	# The above code would create a jar with the following structure from files
-	# found in ./class_files/ :
-	#
-	# +- WEB-INF/
-	#   +- web.xml
-	#   +- classes/
-	#     +- Foo.class
-	#     +- servlet/
-	#       +- Bar.class
-	#       +- examples/
-	#         +- HelloWorld.class
-	#
-	def add_files(files, path, base_dir="")
-		files.each do |file|
-			# Add all of the subdirectories if they don't already exist
-			1.upto(file.length - 1) do |idx|
-				full = base_dir + file[0,idx].join("/") + "/"
-				if !(entries.map{|e|e.name}.include?(full))
-					add_file(full, '')
-				end
-			end
-			# Now add the actual file, grabbing data from the filesystem
-			fd = File.open(File.join( path, file ), "rb")
-			data = fd.read(fd.stat.size)
-			fd.close
-			add_file(base_dir + file.join("/"), data)
-		end
-	end
-end
-
 end
 end