RubyGems - librex - Versions diffs - 0.0.36 → 0.0.37 - Mend

librex 0.0.36 → 0.0.37

Files changed (4) hide show

data/README.markdown +1 -1
data/Rakefile +1 -1
data/lib/rex/proto/smb/simpleclient.rb +54 -44
metadata +3 -3

data/README.markdown CHANGED

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 Currently based on:
-SVN Revision: 12951
+SVN Revision: 12994
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/Rakefile CHANGED

@@ -90,5 +90,5 @@ task :update do
 	system "git push &> /dev/null"
 	#Twitter tweet for the update, I am that lazy yes.
-	puts "Updated librex to v#{version} based on SVN Revision: #{rev[1]} of the Metasploit rex library. Available in rubygems."
+	puts "Updated librex to v#{version} based on SVN Revision: #{rev[1]} of the #metasploit rex library. Available in rubygems."
 end

data/lib/rex/proto/smb/simpleclient.rb CHANGED

@@ -22,7 +22,7 @@ EVADE = Rex::Proto::SMB::Evasions
 	class OpenFile
 		attr_accessor	:name, :tree_id, :file_id, :mode, :client, :chunk_size
 		def initialize(client, name, tree_id, file_id)
 			self.client = client
 			self.name = name
@@ -30,7 +30,7 @@ EVADE = Rex::Proto::SMB::Evasions
 			self.file_id = file_id
 			self.chunk_size = 48000
 		end
 		def delete
 			begin
 				self.close
@@ -38,14 +38,14 @@ EVADE = Rex::Proto::SMB::Evasions
 			end
 			self.client.delete(self.name, self.tree_id)
 		end
 		# Close this open file
 		def close
 			self.client.close(self.file_id, self.tree_id)
 		end
 		# Read data from the file
-		def read(length = nil, offset = 0)
+		def read(length = nil, offset = 0)
 			if (length == nil)
 				data = ''
 				fptr = offset
@@ -60,11 +60,11 @@ EVADE = Rex::Proto::SMB::Evasions
 						break
 					end
 					fptr += ok['Payload'].v['DataLenLow']
 					begin
 						ok = self.client.read(self.file_id, fptr, self.chunk_size)
 					rescue XCEPT::ErrorCode => e
-						case e.error_code
+						case e.error_code
 						when 0x00050001
 							# Novell fires off an access denied error on EOF
 							ok = nil
@@ -90,49 +90,49 @@ EVADE = Rex::Proto::SMB::Evasions
 		end
 		# Write data to the file
-		def write(data, offset = 0)
+		def write(data, offset = 0)
 			# Track our offset into the remote file
 			fptr = offset
 			# Duplicate the data so we can use slice!
 			data = data.dup
 			# Take our first chunk of bytes
 			chunk = data.slice!(0, self.chunk_size)
 			# Keep writing data until we run out
 			while (chunk.length > 0)
 				ok = self.client.write(self.file_id, fptr, chunk)
 				cl = ok['Payload'].v['CountLow']
 				# Partial write, push the failed data back into the queue
 				if (cl != chunk.length)
 					data = chunk.slice(cl - 1, chunk.length - cl) + data
 				end
 				# Increment our painter and grab the next chunk
 				fptr += cl
 				chunk = data.slice!(0, self.chunk_size)
 			end
 		end
 	end
 	class OpenPipe < OpenFile
 		# Valid modes are: 'trans' and 'rw'
 		attr_accessor :mode
 		def initialize(*args)
 			super(*args)
 			self.mode = 'rw'
 			@buff = ''
 		end
 		def read_buffer(length, offset=0)
 			length ||= @buff.length
 			@buff.slice!(0, length)
 		end
 		def read(length = nil, offset = 0)
 			case self.mode
 			when 'trans'
@@ -143,10 +143,10 @@ EVADE = Rex::Proto::SMB::Evasions
 				raise ArgumentError
 			end
 		end
 		def write(data, offset = 0)
 			case self.mode
 			when 'trans'
 				write_trans(data, offset)
 			when 'rw'
@@ -155,7 +155,7 @@ EVADE = Rex::Proto::SMB::Evasions
 				raise ArgumentError
 			end
 		end
 		def write_trans(data, offset=0)
 			ack = self.client.trans_named_pipe(self.file_id, data)
 			doff = ack['Payload'].v['DataOffset']
@@ -163,7 +163,7 @@ EVADE = Rex::Proto::SMB::Evasions
 			@buff << ack.to_s[4+doff, dlen]
 		end
 	end
 # Public accessors
 attr_accessor	:last_error
@@ -178,26 +178,35 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 		self.client = Rex::Proto::SMB::Client.new(socket)
 		self.shares = { }
 	end
 	def login(	name = '', user = '', pass = '', domain = '',
-			verify_signature = false, usentlmv2 = false, usentlm2_session = true,
+			verify_signature = false, usentlmv2 = false, usentlm2_session = true,
 			send_lm = true, use_lanman_key = false, send_ntlm = true,
 			native_os = 'Windows 2000 2195', native_lm = 'Windows 2000 5.0', spnopt = {})
 		begin
 			if (self.direct != true)
 				self.client.session_request(name)
 			end
-			self.client.native_os = native_os
+			self.client.native_os = native_os
 			self.client.native_lm = native_lm
 			self.client.verify_signature = verify_signature
 			self.client.use_ntlmv2 = usentlmv2
 			self.client.usentlm2_session = usentlm2_session
 			self.client.send_lm = send_lm
 			self.client.use_lanman_key =  use_lanman_key
-			self.client.send_ntlm = send_ntlm
+			self.client.send_ntlm = send_ntlm
 			self.client.negotiate
+			# Disable NTLMv2 Session for Windows 2000 (breaks authentication on some systems)
+			# XXX: This in turn breaks SMB auth for Windows 2000 configured to enforce NTLMv2
+			# XXX: Tracked by ticket #4785#4785
+			if self.client.native_lm =~ /Windows 2000 5\.0/ and usentlm2_session
+			#	self.client.usentlm2_session = false
+			end
 			self.client.spnopt = spnopt
 			ok = self.client.session_setup(user, pass, domain)
@@ -212,7 +221,7 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 			end
 			raise n
 		end
 		return true
 	end
@@ -220,11 +229,11 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 	def login_split_start_ntlm1(name = '')
 		begin
 			if (self.direct != true)
 				self.client.session_request(name)
 			end
 			# Disable extended security
 			self.client.negotiate(false)
 		rescue ::Interrupt
@@ -238,11 +247,11 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 			end
 			raise n
 		end
 		return true
 	end
 	def login_split_next_ntlm1(user, domain, hash_lm, hash_nt)
 		begin
 			ok = self.client.session_setup_no_ntlmssp_prehash(user, domain, hash_lm, hash_nt)
@@ -257,34 +266,34 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 			end
 			raise n
 		end
-		return true
+		return true
 	end
 	def connect(share)
 		ok = self.client.tree_connect(share)
 		tree_id = ok['Payload']['SMB'].v['TreeID']
 		self.shares[share] = tree_id
 		self.last_share = share
 	end
 	def disconnect(share)
 		ok = self.client.tree_disconnect(self.shares[share])
 		self.shares.delete(share)
-	end
+	end
-	def open(path, perm, chunk_size = 48000)
+	def open(path, perm, chunk_size = 48000)
 		mode   = UTILS.open_mode_to_mode(perm)
 		access = UTILS.open_mode_to_access(perm)
 		ok = self.client.open(path, mode, access)
 		file_id = ok['Payload'].v['FileID']
 		fh = OpenFile.new(self.client, path, self.client.last_tree_id, file_id)
 		fh.chunk_size = chunk_size
 		fh
 	end
 	def delete(*args)
 		self.client.delete(*args)
 	end
@@ -292,15 +301,16 @@ attr_accessor	:socket, :client, :direct, :shares, :last_share
 	def create_pipe(path, perm = 'c')
 		disposition = UTILS.create_mode_to_disposition(perm)
 		ok = self.client.create_pipe(path, disposition)
-		file_id = ok['Payload'].v['FileID']
+		file_id = ok['Payload'].v['FileID']
 		fh = OpenPipe.new(self.client, path, self.client.last_tree_id, file_id)
 	end
 	def trans_pipe(fid, data, no_response = nil)
 		client.trans_named_pipe(fid, data, no_response)
 	end
 end
 end
 end
 end

metadata CHANGED

@@ -2,7 +2,7 @@
 name: librex
 version: !ruby/object:Gem::Version
   prerelease:
-  version: 0.0.36
+  version: 0.0.37
 platform: ruby
 authors:
 - Metasploit Development Team
@@ -11,11 +11,11 @@ autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-06-15 00:00:00 -05:00
+date: 2011-06-20 00:00:00 -05:00
 default_executable:
 dependencies: []
-description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12951
+description: Rex provides a variety of classes useful for security testing and exploit development. Based on SVN Revision 12994
 email:
 - hdm@metasploit.com
 - jacob.hammack@hammackj.com