librex 0.0.36 → 0.0.37

Sign up to get free protection for your applications and to get access to all the features.
@@ -3,7 +3,7 @@
3
3
  A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
4
4
 
5
5
  Currently based on:
6
- SVN Revision: 12951
6
+ SVN Revision: 12994
7
7
 
8
8
  # Credits
9
9
  The Metasploit development team <http://www.metasploit.com>
data/Rakefile CHANGED
@@ -90,5 +90,5 @@ task :update do
90
90
  system "git push &> /dev/null"
91
91
 
92
92
  #Twitter tweet for the update, I am that lazy yes.
93
- puts "Updated librex to v#{version} based on SVN Revision: #{rev[1]} of the Metasploit rex library. Available in rubygems."
93
+ puts "Updated librex to v#{version} based on SVN Revision: #{rev[1]} of the #metasploit rex library. Available in rubygems."
94
94
  end
@@ -22,7 +22,7 @@ EVADE = Rex::Proto::SMB::Evasions
22
22
 
23
23
  class OpenFile
24
24
  attr_accessor :name, :tree_id, :file_id, :mode, :client, :chunk_size
25
-
25
+
26
26
  def initialize(client, name, tree_id, file_id)
27
27
  self.client = client
28
28
  self.name = name
@@ -30,7 +30,7 @@ EVADE = Rex::Proto::SMB::Evasions
30
30
  self.file_id = file_id
31
31
  self.chunk_size = 48000
32
32
  end
33
-
33
+
34
34
  def delete
35
35
  begin
36
36
  self.close
@@ -38,14 +38,14 @@ EVADE = Rex::Proto::SMB::Evasions
38
38
  end
39
39
  self.client.delete(self.name, self.tree_id)
40
40
  end
41
-
41
+
42
42
  # Close this open file
43
43
  def close
44
44
  self.client.close(self.file_id, self.tree_id)
45
45
  end
46
-
46
+
47
47
  # Read data from the file
48
- def read(length = nil, offset = 0)
48
+ def read(length = nil, offset = 0)
49
49
  if (length == nil)
50
50
  data = ''
51
51
  fptr = offset
@@ -60,11 +60,11 @@ EVADE = Rex::Proto::SMB::Evasions
60
60
  break
61
61
  end
62
62
  fptr += ok['Payload'].v['DataLenLow']
63
-
63
+
64
64
  begin
65
65
  ok = self.client.read(self.file_id, fptr, self.chunk_size)
66
66
  rescue XCEPT::ErrorCode => e
67
- case e.error_code
67
+ case e.error_code
68
68
  when 0x00050001
69
69
  # Novell fires off an access denied error on EOF
70
70
  ok = nil
@@ -90,49 +90,49 @@ EVADE = Rex::Proto::SMB::Evasions
90
90
  end
91
91
 
92
92
  # Write data to the file
93
- def write(data, offset = 0)
93
+ def write(data, offset = 0)
94
94
  # Track our offset into the remote file
95
95
  fptr = offset
96
-
96
+
97
97
  # Duplicate the data so we can use slice!
98
98
  data = data.dup
99
-
99
+
100
100
  # Take our first chunk of bytes
101
101
  chunk = data.slice!(0, self.chunk_size)
102
-
102
+
103
103
  # Keep writing data until we run out
104
104
  while (chunk.length > 0)
105
105
  ok = self.client.write(self.file_id, fptr, chunk)
106
106
  cl = ok['Payload'].v['CountLow']
107
-
107
+
108
108
  # Partial write, push the failed data back into the queue
109
109
  if (cl != chunk.length)
110
110
  data = chunk.slice(cl - 1, chunk.length - cl) + data
111
111
  end
112
-
112
+
113
113
  # Increment our painter and grab the next chunk
114
114
  fptr += cl
115
115
  chunk = data.slice!(0, self.chunk_size)
116
116
  end
117
117
  end
118
118
  end
119
-
119
+
120
120
  class OpenPipe < OpenFile
121
-
121
+
122
122
  # Valid modes are: 'trans' and 'rw'
123
123
  attr_accessor :mode
124
-
124
+
125
125
  def initialize(*args)
126
126
  super(*args)
127
127
  self.mode = 'rw'
128
128
  @buff = ''
129
129
  end
130
-
130
+
131
131
  def read_buffer(length, offset=0)
132
132
  length ||= @buff.length
133
133
  @buff.slice!(0, length)
134
134
  end
135
-
135
+
136
136
  def read(length = nil, offset = 0)
137
137
  case self.mode
138
138
  when 'trans'
@@ -143,10 +143,10 @@ EVADE = Rex::Proto::SMB::Evasions
143
143
  raise ArgumentError
144
144
  end
145
145
  end
146
-
146
+
147
147
  def write(data, offset = 0)
148
148
  case self.mode
149
-
149
+
150
150
  when 'trans'
151
151
  write_trans(data, offset)
152
152
  when 'rw'
@@ -155,7 +155,7 @@ EVADE = Rex::Proto::SMB::Evasions
155
155
  raise ArgumentError
156
156
  end
157
157
  end
158
-
158
+
159
159
  def write_trans(data, offset=0)
160
160
  ack = self.client.trans_named_pipe(self.file_id, data)
161
161
  doff = ack['Payload'].v['DataOffset']
@@ -163,7 +163,7 @@ EVADE = Rex::Proto::SMB::Evasions
163
163
  @buff << ack.to_s[4+doff, dlen]
164
164
  end
165
165
  end
166
-
166
+
167
167
 
168
168
  # Public accessors
169
169
  attr_accessor :last_error
@@ -178,26 +178,35 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
178
178
  self.client = Rex::Proto::SMB::Client.new(socket)
179
179
  self.shares = { }
180
180
  end
181
-
181
+
182
182
  def login( name = '', user = '', pass = '', domain = '',
183
- verify_signature = false, usentlmv2 = false, usentlm2_session = true,
183
+ verify_signature = false, usentlmv2 = false, usentlm2_session = true,
184
184
  send_lm = true, use_lanman_key = false, send_ntlm = true,
185
185
  native_os = 'Windows 2000 2195', native_lm = 'Windows 2000 5.0', spnopt = {})
186
186
 
187
187
  begin
188
-
188
+
189
189
  if (self.direct != true)
190
190
  self.client.session_request(name)
191
191
  end
192
- self.client.native_os = native_os
192
+ self.client.native_os = native_os
193
193
  self.client.native_lm = native_lm
194
194
  self.client.verify_signature = verify_signature
195
195
  self.client.use_ntlmv2 = usentlmv2
196
196
  self.client.usentlm2_session = usentlm2_session
197
197
  self.client.send_lm = send_lm
198
198
  self.client.use_lanman_key = use_lanman_key
199
- self.client.send_ntlm = send_ntlm
199
+ self.client.send_ntlm = send_ntlm
200
+
200
201
  self.client.negotiate
202
+
203
+ # Disable NTLMv2 Session for Windows 2000 (breaks authentication on some systems)
204
+ # XXX: This in turn breaks SMB auth for Windows 2000 configured to enforce NTLMv2
205
+ # XXX: Tracked by ticket #4785#4785
206
+ if self.client.native_lm =~ /Windows 2000 5\.0/ and usentlm2_session
207
+ # self.client.usentlm2_session = false
208
+ end
209
+
201
210
  self.client.spnopt = spnopt
202
211
 
203
212
  ok = self.client.session_setup(user, pass, domain)
@@ -212,7 +221,7 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
212
221
  end
213
222
  raise n
214
223
  end
215
-
224
+
216
225
  return true
217
226
  end
218
227
 
@@ -220,11 +229,11 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
220
229
  def login_split_start_ntlm1(name = '')
221
230
 
222
231
  begin
223
-
232
+
224
233
  if (self.direct != true)
225
234
  self.client.session_request(name)
226
235
  end
227
-
236
+
228
237
  # Disable extended security
229
238
  self.client.negotiate(false)
230
239
  rescue ::Interrupt
@@ -238,11 +247,11 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
238
247
  end
239
248
  raise n
240
249
  end
241
-
250
+
242
251
  return true
243
252
  end
244
-
245
-
253
+
254
+
246
255
  def login_split_next_ntlm1(user, domain, hash_lm, hash_nt)
247
256
  begin
248
257
  ok = self.client.session_setup_no_ntlmssp_prehash(user, domain, hash_lm, hash_nt)
@@ -257,34 +266,34 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
257
266
  end
258
267
  raise n
259
268
  end
260
-
261
- return true
269
+
270
+ return true
262
271
  end
263
-
272
+
264
273
  def connect(share)
265
274
  ok = self.client.tree_connect(share)
266
275
  tree_id = ok['Payload']['SMB'].v['TreeID']
267
276
  self.shares[share] = tree_id
268
277
  self.last_share = share
269
278
  end
270
-
279
+
271
280
  def disconnect(share)
272
281
  ok = self.client.tree_disconnect(self.shares[share])
273
282
  self.shares.delete(share)
274
- end
275
-
283
+ end
284
+
276
285
 
277
- def open(path, perm, chunk_size = 48000)
286
+ def open(path, perm, chunk_size = 48000)
278
287
  mode = UTILS.open_mode_to_mode(perm)
279
288
  access = UTILS.open_mode_to_access(perm)
280
-
289
+
281
290
  ok = self.client.open(path, mode, access)
282
291
  file_id = ok['Payload'].v['FileID']
283
292
  fh = OpenFile.new(self.client, path, self.client.last_tree_id, file_id)
284
293
  fh.chunk_size = chunk_size
285
294
  fh
286
295
  end
287
-
296
+
288
297
  def delete(*args)
289
298
  self.client.delete(*args)
290
299
  end
@@ -292,15 +301,16 @@ attr_accessor :socket, :client, :direct, :shares, :last_share
292
301
  def create_pipe(path, perm = 'c')
293
302
  disposition = UTILS.create_mode_to_disposition(perm)
294
303
  ok = self.client.create_pipe(path, disposition)
295
- file_id = ok['Payload'].v['FileID']
304
+ file_id = ok['Payload'].v['FileID']
296
305
  fh = OpenPipe.new(self.client, path, self.client.last_tree_id, file_id)
297
306
  end
298
307
 
299
308
  def trans_pipe(fid, data, no_response = nil)
300
309
  client.trans_named_pipe(fid, data, no_response)
301
310
  end
302
-
311
+
303
312
  end
304
313
  end
305
314
  end
306
315
  end
316
+
metadata CHANGED
@@ -2,7 +2,7 @@
2
2
  name: librex
3
3
  version: !ruby/object:Gem::Version
4
4
  prerelease:
5
- version: 0.0.36
5
+ version: 0.0.37
6
6
  platform: ruby
7
7
  authors:
8
8
  - Metasploit Development Team
@@ -11,11 +11,11 @@ autorequire:
11
11
  bindir: bin
12
12
  cert_chain: []
13
13
 
14
- date: 2011-06-15 00:00:00 -05:00
14
+ date: 2011-06-20 00:00:00 -05:00
15
15
  default_executable:
16
16
  dependencies: []
17
17
 
18
- description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12951
18
+ description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12994
19
19
  email:
20
20
  - hdm@metasploit.com
21
21
  - jacob.hammack@hammackj.com