librex 0.0.32 → 0.0.33

data/lib/rex/zip/entry.rb

@@ -1,10 +1,13 @@
 ##
-# $Id: entry.rb 11173 2010-11-30 03:52:46Z egypt $
+# $Id: entry.rb 12718 2011-05-25 16:45:20Z egypt $
 ##
 
 module Rex
 module Zip
 
+# 
+# An Entry represents a logical file or directory to be stored in an Archive
+#
 class Entry
 
 	attr_accessor :name, :flags, :info, :xtra, :comment, :attrs
@@ -38,6 +41,10 @@ class Entry
 		compress
 	end
 
+	#
+	# Compress the #data and store it for later use.  If this entry's compression method
+	# produces a larger blob than the original data, the method is changed to CM_STORE.
+	#
 	def compress
 		@crc = Zlib.crc32(@data, 0)
 		case @flags.compmeth
@@ -73,6 +80,9 @@ class Entry
 	end
 
 
+	#
+	# Return the compressed data in a format suitable for adding to an Archive
+	#
 	def pack
 		ret = ''
 

data/lib/rex/zip/jar.rb

@@ -0,0 +1,224 @@
+
+require 'rex/zip/archive'
+
+module Rex
+module Zip
+
+#
+# A Jar is a zip archive containing Java class files and a MANIFEST.MF listing
+# those classes.  Several variations exist based on the same idea of class
+# files inside a zip, most notably:
+# - WAR files store XML files, Java classes, JSPs and other stuff for 
+#   servlet-based webservers (e.g.: Tomcat and Glassfish)
+# - APK files are Android Package files
+#
+class Jar < Archive
+	attr_accessor :manifest
+
+	#
+	# Create a MANIFEST.MF file based on the current Archive#entries.
+	#
+	# See http://download.oracle.com/javase/1.4.2/docs/guide/jar/jar.html for
+	# some explanation of the format.
+	#
+	# Example MANIFEST.MF
+	#   Manifest-Version: 1.0
+	#   Main-Class: metasploit.Payload
+	#
+	#   Name: metasploit.dat
+	#   SHA1-Digest: WJ7cUVYUryLKfQFmH80/ADfKmwM=
+	#
+	#   Name: metasploit/Payload.class
+	#   SHA1-Digest: KbAIMttBcLp1zCewA2ERYkcnRU8=
+	#
+	# The SHA1-Digest lines are optional unless the jar is signed (see #sign).
+	#
+	def build_manifest(opts={})
+		main_class = opts[:main_class] || nil
+		existing_manifest = nil
+
+		@manifest =  "Manifest-Version: 1.0\r\n"
+		@manifest << "Main-Class: #{main_class}\r\n" if main_class
+		@manifest << "\r\n"
+		@entries.each { |e|
+			next if e.name =~ %r|/$|
+			if e.name == "META-INF/MANIFEST.MF" 
+				existing_manifest = e
+				next
+			end
+			#next unless e.name =~ /\.class$/
+			@manifest << "Name: #{e.name}\r\n"
+			#@manifest << "SHA1-Digest: #{Digest::SHA1.base64digest(e.data)}\r\n"
+			@manifest << "\r\n"
+		}
+		if existing_manifest
+			existing_manifest.data = @manifest
+		else
+			add_file("META-INF/", '')
+			add_file("META-INF/MANIFEST.MF", @manifest)
+		end
+	end
+
+	def to_s
+		pack
+	end
+
+	#
+	# Length of the *compressed* blob
+	#
+	def length
+		pack.length
+	end
+
+	#
+	# Add multiple files from an array
+	#
+	# +files+ should be structured like so:
+	#   [
+	#     [ "path", "to", "file1" ],
+	#     [ "path", "to", "file2" ]
+	#   ]
+	# and +path+ should be the location on the file system to find the files to
+	# add.  +base_dir+ will be prepended to the path inside the jar.
+	#
+	# Example:
+	#   war = Rex::Zip::Jar.new
+	#   war.add_file("WEB-INF/", '')
+	#   war.add_file("WEB-INF/web.xml", web_xml)
+	#   war.add_file("WEB-INF/classes/", '')
+	#   files = [
+	#     [ "servlet", "examples", "HelloWorld.class" ],
+	#     [ "Foo.class" ],
+	#     [ "servlet", "Bar.class" ],
+	#   ]
+	#   war.add_files(files, "./class_files/", "WEB-INF/classes/")
+	#
+	# The above code would create a jar with the following structure from files
+	# found in ./class_files/ :
+	#
+	#   +- WEB-INF/
+	#     +- web.xml
+	#     +- classes/
+	#       +- Foo.class
+	#       +- servlet/
+	#         +- Bar.class
+	#         +- examples/
+	#           +- HelloWorld.class
+	#
+	def add_files(files, path, base_dir="")
+		files.each do |file|
+			# Add all of the subdirectories if they don't already exist
+			1.upto(file.length - 1) do |idx|
+				full = base_dir + file[0,idx].join("/") + "/"
+				if !(entries.map{|e|e.name}.include?(full))
+					add_file(full, '')
+				end
+			end
+			# Now add the actual file, grabbing data from the filesystem
+			fd = File.open(File.join( path, file ), "rb")
+			data = fd.read(fd.stat.size)
+			fd.close
+			add_file(base_dir + file.join("/"), data)
+		end
+	end
+
+	#
+	# Add a signature to this jar given a +key+ and a +cert+.  +cert+ should be
+	# an instance of OpenSSL::X509::Certificate and +key+ is expected to be an
+	# instance of one of OpenSSL::PKey::DSA or OpenSSL::PKey::RSA.
+	#
+	# This method aims to create signature files compatible with the jarsigner
+	# tool destributed with the JDK and any JVM should accept the resulting
+	# jar.
+	#
+	# === Signature contents
+	# Modifies the META-INF/MANIFEST.MF entry adding SHA1-Digest attributes in
+	# each Name section.  The signature consists of two files, a .SF and a .DSA
+	# (or .RSA if signing with an RSA key).  The .SF file is similar to the
+	# manifest with Name sections but the SHA1-Digest is not optional.  The
+	# difference is in what gets hashed for the SHA1-Digest line -- in the
+	# manifest, it is the file's contents, in the .SF, it is the file's section
+	# in the manifest (including trailing newline!).  The .DSA/.RSA file is a
+	# PKCS7 signature of the .SF file contents.
+	#
+	# === Links
+	# A short description of the format:
+	# http://download.oracle.com/javase/1.4.2/docs/guide/jar/jar.html#Signed%20JAR%20File
+	#
+	# Some info on importing a private key into a keystore which is not
+	# directly supported by keytool for some unfathomable reason
+	# http://www.agentbob.info/agentbob/79-AB.html
+	#
+	def sign(key, cert)
+		m = self.entries.find { |e| e.name == "META-INF/MANIFEST.MF" }
+		raise RuntimeError.new("Jar has no manifest") unless m
+		new_manifest = ''
+		sigdata =  "Signature-Version: 1.0\r\n"
+		sigdata << "Created-By: 1.6.0_18 (Sun Microsystems Inc.)\r\n"
+		sigdata << "\r\n"
+
+		# Grab the sections of the manifest
+		files = m.data.split(/\r?\n\r?\n/)
+		if files[0] =~ /Manifest-Version/
+			# keep the header as is
+			new_manifest << files[0]
+			new_manifest << "\r\n\r\n"
+			files = files[1,files.length]
+		end
+
+		# The file sections should now look like this:
+		#  "Name: metasploit/Payload.class\r\nSHA1-Digest: KbAIMttBcLp1zCewA2ERYkcnRU8=\r\n\r\n"
+		files.each do |f|
+			next unless f =~ /Name: (.*)/
+			name = $1
+			e = self.entries.find { |e| e.name == name }
+			if e
+				digest = OpenSSL::Digest::SHA1.digest(e.data)
+				manifest_section =  "Name: #{name}\r\n"
+				manifest_section << "SHA1-Digest: #{[digest].pack('m').strip}\r\n"
+				manifest_section << "\r\n"
+
+				manifest_digest = OpenSSL::Digest::SHA1.digest(manifest_section)
+
+				sigdata << "Name: #{name}\r\n"
+				sigdata << "SHA1-Digest: #{[manifest_digest].pack('m')}\r\n"
+				new_manifest << manifest_section
+			end
+		end
+
+		# Now overwrite with the new manifest 
+		m.data = new_manifest
+
+		flags = 0
+		flags |= OpenSSL::PKCS7::BINARY
+		flags |= OpenSSL::PKCS7::DETACHED
+		# SMIME and ATTRs are technically valid in the signature but they both
+		# screw up the java verifier, so don't include them.
+		flags |= OpenSSL::PKCS7::NOSMIMECAP
+		flags |= OpenSSL::PKCS7::NOATTR
+
+		signature = OpenSSL::PKCS7.sign(cert, key, sigdata, [cert], flags)
+		sigalg = case key
+			when OpenSSL::PKey::RSA; "RSA"
+			when OpenSSL::PKey::DSA; "DSA"
+			# Don't really know what to do if it's not DSA or RSA.  Can
+			# OpenSSL::PKCS7 actually sign stuff with it in that case?
+			# Regardless, the java spec says signatures can only be RSA, DSA,
+			# or PGP, so just assume it's PGP and hope for the best
+			else; "PGP"
+			end
+
+		# SIGNFILE is the default name in documentation.  MYKEY is probably
+		# more common, though because that's what keytool defaults to.  We can
+		# probably randomize this with no ill effects.
+		add_file("META-INF/SIGNFILE.SF", sigdata)
+		add_file("META-INF/SIGNFILE.#{sigalg}", signature.to_der)
+
+		return true
+	end
+
+end
+
+end
+end
+

metadata

@@ -2,7 +2,7 @@
 name: librex
 version: !ruby/object:Gem::Version 
   prerelease: 
-  version: 0.0.32
+  version: 0.0.33
 platform: ruby
 authors: 
 - Metasploit Development Team
@@ -11,11 +11,11 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2011-05-13 00:00:00 -05:00
+date: 2011-05-25 00:00:00 -05:00
 default_executable: 
 dependencies: []
 
-description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12612
+description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12724
 email: 
 - hdm@metasploit.com
 - jacob.hammack@hammackj.com
@@ -107,6 +107,7 @@ files:
 - lib/rex/io/bidirectional_pipe.rb
 - lib/rex/io/datagram_abstraction.rb
 - lib/rex/io/ring_buffer.rb
+- lib/rex/io/ring_buffer.rb.ut.rb
 - lib/rex/io/stream.rb
 - lib/rex/io/stream_abstraction.rb
 - lib/rex/io/stream_server.rb
@@ -159,7 +160,9 @@ files:
 - lib/rex/parser/nessus_xml.rb
 - lib/rex/parser/netsparker_xml.rb
 - lib/rex/parser/nexpose_xml.rb
+- lib/rex/parser/nmap_nokogiri.rb
 - lib/rex/parser/nmap_xml.rb
+- lib/rex/parser/nokogiri_doc_mixin.rb
 - lib/rex/parser/retina_xml.rb
 - lib/rex/payloads/win32/common.rb
 - lib/rex/payloads/win32/kernel/common.rb
@@ -242,8 +245,10 @@ files:
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb
+- lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb
+- lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb
 - lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb
@@ -458,6 +463,7 @@ files:
 - lib/rex/zip/archive.rb
 - lib/rex/zip/blocks.rb
 - lib/rex/zip/entry.rb
+- lib/rex/zip/jar.rb
 - lib/rex/zip/samples/comment.rb
 - lib/rex/zip/samples/mkwar.rb
 - lib/rex/zip/samples/mkzip.rb