librex 0.0.4 → 0.0.5

data/lib/rex/exploitation/omelet.rb.ut.rb

@@ -0,0 +1,13 @@
+# $Id$
+
+require 'omelet.rb'
+
+x = Rex::Exploitation::Omelet.new('win', ARCH_X86)
+x.generate("\xcc" * 1024, '', {
+	#:eggsize => 31336,       # default: 123
+	#:eggtag => "b00",        # default: 00w
+	#:searchforward => false, # default: true
+	#:reset => true,          # default: false
+	#:startreg => "EBP",      # default: none
+	:checksum => true        # default: false
+})

data/lib/rex/file.rb

@@ -27,7 +27,7 @@ module FileUtils
 			path.split(::File::PATH_SEPARATOR).each { |base|
 				begin
 					path = base + ::File::SEPARATOR + file_name
-					if (::File::Stat.new(path))
+					if (::File::Stat.new(path) and not ::File.directory?(path))
 						return path
 					end
 				rescue

data/lib/rex/io/stream.rb

@@ -41,7 +41,7 @@ module Stream
 					next
 				end
 				data = buf[0, 32768]
-				sent = fd.syswrite( data )
+				sent = fd.write_nonblock( data )
 				if sent > 0
 					total_sent += sent
 					buf[0, sent] = ""

data/lib/rex/job_container.rb

@@ -83,7 +83,6 @@ class Job
 
 protected
 
-	attr_writer   :info #:nodoc:
 	attr_writer   :name #:nodoc:
 	attr_writer   :jid #:nodoc:
 	attr_accessor :job_thread #:nodoc:

data/lib/rex/ole/docs/dependencies.txt

@@ -0,0 +1,8 @@
+Object              Dependencies
+------------------  ---------------------
+User Data           None
+Header              Fat, DIFat, Directory, MiniStream
+DIFat               Fat
+Fat                 Directory, *Fat, User Data, MiniStream
+Directory           User Data, MiniStream
+MiniFat             MiniStreams

data/lib/rex/ole/docs/references.txt

@@ -0,0 +1 @@
+[MS-CFB].pdf

data/lib/rex/ole/header.rb

@@ -1,6 +1,6 @@
 ##
-# $Id: header.rb 8457 2010-02-11 18:36:38Z jduck $
-# Version: $Revision: 8457 $
+# $Id: header.rb 10394 2010-09-20 08:06:27Z jduck $
+# Version: $Revision: 10394 $
 ##
 
 ##
@@ -91,7 +91,7 @@ class Header
 		ret << ",\n"
 
 		if (@_csectFat)
-	  		ret << "  _csectFat => 0x%08x" % @_csectFat
+			ret << "  _csectFat => 0x%08x" % @_csectFat
 		else
 			ret << "  _csectFat => UNALLOCATED"
 		end

data/lib/rex/ole/storage.rb

@@ -1,6 +1,6 @@
 ##
-# $Id: storage.rb 8457 2010-02-11 18:36:38Z jduck $
-# Version: $Revision: 8457 $
+# $Id: storage.rb 10394 2010-09-20 08:06:27Z jduck $
+# Version: $Revision: 10394 $
 ##
 
 ##
@@ -174,7 +174,7 @@ class Storage
 		@header.write @fd
 		write_user_data
 
-		# NOTE: we call write_stream here since we MUST write this to 
+		# NOTE: we call write_stream here since we MUST write this to
 		# the regular stream (regardless of size)
 		ms_start = write_stream(@ministream)
 		@directory.set_ministream_params(ms_start, @ministream.length)
@@ -249,7 +249,7 @@ class Storage
 		@directory.each_entry { |stm|
 			# only regular streams this pass
 			next if (stm.type != STGTY_STREAM)
-			
+
 			if (stm.length >= @header._ulMiniSectorCutoff)
 				stm.start_sector = write_stream(stm)
 			else

data/lib/rex/peparsey/pe.rb

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 
-# $Id: pe.rb 9272 2010-05-10 16:18:19Z jduck $
+# $Id: pe.rb 10036 2010-08-18 04:39:38Z jduck $
 
 require 'rex/image_source'
 require 'rex/peparsey/exceptions'
@@ -202,5 +202,11 @@ class Pe < PeBase
 		_isource.read(offset, len)
 	end
 
+	def size
+		_isource.size
+	end
+	def length
+		_isource.size
+	end
 
 end end end

data/lib/rex/peparsey/pebase.rb

@@ -1,6 +1,6 @@
 #!/usr/bin/env ruby
 
-# $Id: pebase.rb 7730 2009-12-07 12:56:54Z sf $
+# $Id: pebase.rb 10036 2010-08-18 04:39:38Z jduck $
 
 require 'rex/peparsey/exceptions'
 require 'rex/struct2'
@@ -1650,6 +1650,31 @@ class PeBase
 
 		rname.to_s
 	end
+	
+	def update_checksum
+		off = _dos_header.e_lfanew + IMAGE_FILE_HEADER_SIZE + 0x40
+		_isource.rawdata[off, 4] = [0].pack('V')
+
+		rem = _isource.size % 4
+		sum_me = ''
+		sum_me << _isource.rawdata
+		sum_me << "\x00" * (4 - rem) if rem > 0
+
+		cksum = 0
+		sum_me.unpack('V*').each { |el|
+			cksum = (cksum & 0xffffffff) + (cksum >> 32) + el
+			if cksum > 2**32
+				cksum = (cksum & 0xffffffff) + (cksum >> 32)
+			end
+		}
 
-end end end
+		cksum = (cksum & 0xffff) + (cksum >> 16)
+		cksum += (cksum >> 16)
+		cksum &= 0xffff
+
+		cksum += _isource.size
 
+		_isource.rawdata[off, 4] = [cksum].pack('V')
+	end
+
+end end end

data/lib/rex/post/meterpreter/client.rb

@@ -68,6 +68,9 @@ class Client
 	# Cleans up the meterpreter instance, terminating the dispatcher thread.
 	#
 	def cleanup_meterpreter
+		ext.aliases.each_value do | extension |
+			extension.cleanup if extension.respond_to?( 'cleanup' )
+		end
 		dispatcher_thread.kill if dispatcher_thread
 	end
 

data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb

@@ -0,0 +1,57 @@
+#!/usr/bin/env ruby
+
+require 'rex/post/meterpreter/extensions/networkpug/tlv'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module NetworkPug
+
+# NetworkPug implements a remote packet recieve/send on a network interface
+# on the remote machine
+
+class NetworkPug < Extension
+
+	def initialize(client)
+		super(client, 'networkpug')
+
+		client.register_extension_aliases(
+			[
+				{ 
+					'name' => 'networkpug',
+					'ext'  => self
+				},
+			])
+	end
+
+	def networkpug_start(interface, filter)
+		request = Packet.create_request('networkpug_start')
+		request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
+		request.add_tlv(TLV_TYPE_NETWORKPUG_FILTER, filter) if(filter and filter != "")
+		response = client.send_request(request)
+
+		channel = nil
+		channel_id = response.get_tlv_value(TLV_TYPE_CHANNEL_ID)
+		
+		if(channel_id)
+			channel = Rex::Post::Meterpreter::Channels::Pools::StreamPool.new(
+				client,
+				channel_id,
+				"networkpug_interface",
+				CHANNEL_FLAG_SYNCHRONOUS
+			)
+		end
+		
+		return response, channel
+	end
+	
+	def networkpug_stop(interface)
+		request = Packet.create_request('networkpug_stop')
+		request.add_tlv(TLV_TYPE_NETWORKPUG_INTERFACE, interface)
+		response = client.send_request(request)	
+	end
+		
+end
+
+end; end; end; end; end

data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb

@@ -0,0 +1,15 @@
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module NetworkPug
+
+TLV_TYPE_EXTENSION_NETWORKPUG	= 0
+TLV_TYPE_NETWORKPUG_INTERFACE	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 1) 
+TLV_TYPE_NETWORKPUG_FILTER	= TLV_META_TYPE_STRING | (TLV_TYPE_EXTENSION_NETWORKPUG + TLV_EXTENSIONS + 2)
+
+end
+end
+end
+end
+end

data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb

@@ -47,10 +47,11 @@ class Sniffer < Extension
 	end
 	
 	# Start a packet capture on an opened interface
-	def capture_start(intf,maxp=200000)
+	def capture_start(intf,maxp=200000,filter="")
 		request = Packet.create_request('sniffer_capture_start')
 		request.add_tlv(TLV_TYPE_SNIFFER_INTERFACE_ID, intf.to_i)
 		request.add_tlv(TLV_TYPE_SNIFFER_PACKET_COUNT, maxp.to_i)
+		request.add_tlv(TLV_TYPE_SNIFFER_ADDITIONAL_FILTER, filter) if filter.length
 		response = client.send_request(request)	
 	end