librex 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. data/README.md +1 -1
  2. data/Rakefile +13 -0
  3. data/lib/rex.rb +4 -1
  4. data/lib/rex/assembly/nasm.rb +4 -0
  5. data/lib/rex/compat.rb +31 -1
  6. data/lib/rex/encoder/alpha2/generic.rb +11 -10
  7. data/lib/rex/exceptions.rb +1 -1
  8. data/lib/rex/exploitation/egghunter.rb +27 -0
  9. data/lib/rex/file.rb +13 -0
  10. data/lib/rex/io/stream.rb +9 -1
  11. data/lib/rex/io/stream_abstraction.rb +18 -7
  12. data/lib/rex/io/stream_server.rb +2 -2
  13. data/lib/rex/job_container.rb +1 -1
  14. data/lib/rex/mime/message.rb +5 -4
  15. data/lib/rex/ole.rb +83 -6
  16. data/lib/rex/ole/propset.rb +144 -0
  17. data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
  18. data/lib/rex/parser/ip360_xml.rb +93 -0
  19. data/lib/rex/parser/nessus_xml.rb +118 -0
  20. data/lib/rex/parser/netsparker_xml.rb +94 -0
  21. data/lib/rex/parser/retina_xml.rb +109 -0
  22. data/lib/rex/post/meterpreter/channel.rb +15 -8
  23. data/lib/rex/post/meterpreter/client.rb +32 -3
  24. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
  25. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
  26. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
  27. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
  28. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
  29. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
  30. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
  31. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
  32. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
  33. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
  34. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
  35. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
  36. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
  37. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
  38. data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
  39. data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
  40. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
  41. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
  42. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
  43. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
  44. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
  45. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
  46. data/lib/rex/proto/dhcp/server.rb +8 -4
  47. data/lib/rex/proto/http/client.rb +19 -45
  48. data/lib/rex/proto/http/packet.rb +8 -5
  49. data/lib/rex/proto/http/response.rb +8 -3
  50. data/lib/rex/proto/http/server.rb +1 -1
  51. data/lib/rex/proto/proxy/socks4a.rb +4 -4
  52. data/lib/rex/proto/rfb.rb +19 -0
  53. data/lib/rex/proto/rfb.rb.ut.rb +37 -0
  54. data/lib/rex/proto/rfb/cipher.rb +78 -0
  55. data/lib/rex/proto/rfb/client.rb +207 -0
  56. data/lib/rex/proto/rfb/constants.rb +52 -0
  57. data/lib/rex/proto/tftp/server.rb +20 -17
  58. data/lib/rex/services/local_relay.rb +1 -1
  59. data/lib/rex/socket.rb +69 -10
  60. data/lib/rex/socket/comm/local.rb +7 -4
  61. data/lib/rex/socket/range_walker.rb +14 -1
  62. data/lib/rex/text.rb +28 -3
  63. data/lib/rex/text.rb.ut.rb +14 -0
  64. data/lib/rex/thread_factory.rb +42 -0
  65. data/lib/rex/ui/text/input/buffer.rb +1 -1
  66. data/lib/rex/zip/archive.rb +74 -9
  67. data/lib/rex/zip/entry.rb +6 -1
  68. metadata +22 -7
data/README.md CHANGED
@@ -4,7 +4,7 @@ REX
4
4
  A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
5
5
 
6
6
  Currently based on:
7
- SVN Revision: 10547
7
+ SVN Revision: 11474
8
8
 
9
9
  Credits
10
10
  ===
@@ -0,0 +1,13 @@
1
+ $LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
2
+
3
+ task :build do
4
+ system "gem build librex.gemspec"
5
+ end
6
+
7
+ task :release => :build do
8
+ system "gem push librex-*.gem"
9
+ end
10
+
11
+ task :clean do
12
+ system "rm *.gem"
13
+ end
data/lib/rex.rb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  The Metasploit Rex library is provided under the 3-clause BSD license.
4
4
 
5
- Copyright (c) 2005-2006, Rapid7 LLC
5
+ Copyright (c) 2005-2010, Rapid7 LLC
6
6
  All rights reserved.
7
7
 
8
8
  Redistribution and use in source and binary forms, with or without modification,
@@ -49,6 +49,9 @@ require 'rex/file'
49
49
  # Thread safety and synchronization
50
50
  require 'rex/sync'
51
51
 
52
+ # Thread factory
53
+ require 'rex/thread_factory'
54
+
52
55
  # Encoding
53
56
  require 'rex/encoder/xor'
54
57
  require 'rex/encoding/xor'
@@ -42,6 +42,8 @@ class Nasm
42
42
 
43
43
  # Open the temporary file
44
44
  tmp = Tempfile.new('nasmXXXX')
45
+ tmp.binmode
46
+
45
47
  tpath = tmp.path
46
48
  opath = tmp.path + '.out'
47
49
 
@@ -72,6 +74,8 @@ class Nasm
72
74
  check
73
75
 
74
76
  tmp = Tempfile.new('nasmout')
77
+ tmp.binmode
78
+
75
79
  tfd = File.open(tmp.path, "wb")
76
80
 
77
81
  tfd.write(raw)
@@ -37,7 +37,7 @@ ENABLE_PROCESSED_INPUT = 1
37
37
 
38
38
  def self.is_windows
39
39
  return @@is_windows if @@is_windows
40
- @@is_windows = (RUBY_PLATFORM =~ /mswin32/) ? true : false
40
+ @@is_windows = (RUBY_PLATFORM =~ /mswin32|mingw32/) ? true : false
41
41
  end
42
42
 
43
43
  def self.is_cygwin
@@ -80,6 +80,18 @@ def self.is_java
80
80
  @@is_java = (RUBY_PLATFORM =~ /java/) ? true : false
81
81
  end
82
82
 
83
+ def self.is_wow64
84
+ return false if not is_windows
85
+ is64 = false
86
+ begin
87
+ buff = "\x00" * 4
88
+ Win32API.new("kernel32","IsWow64Process",['L','P'],'L').call(-1, buff)
89
+ is64 = (buff.unpack("V")[0]) == 1 ? true : false
90
+ rescue ::Exception
91
+ end
92
+ is64
93
+ end
94
+
83
95
  def self.cygwin_to_win32(path)
84
96
  if(path !~ /^\/cygdrive/)
85
97
  return ::IO.popen("cygpath -w #{path}", "rb").read.strip
@@ -115,6 +127,23 @@ def self.open_browser(url='http://metasploit.com/')
115
127
  when /darwin/
116
128
  system("open #{url}")
117
129
  else
130
+ # Search through the PATH variable (if it exists) and chose a browser
131
+ # We are making an assumption about the nature of "PATH" so tread lightly
132
+ if defined? ENV['PATH']
133
+ # "sensible-browser" opens the "default" browser in Ubuntu and others, so try that first
134
+ # but also provide fallbacks
135
+ ['sensible-browser', 'firefox', 'opera', 'chromium-browser', 'konqueror'].each do |browser|
136
+ ENV['PATH'].split(':').each do |path|
137
+ # Does the browser exists?
138
+ if File.exists?("#{path}/#{browser}")
139
+ system("#{browser} #{url} &")
140
+ return
141
+ end
142
+ end
143
+ end
144
+ end
145
+
146
+ # If nothing else worked, default to firefox
118
147
  system("firefox #{url} &")
119
148
  end
120
149
  end
@@ -231,6 +260,7 @@ def self.temp_copy(path)
231
260
  raise RuntimeError,"missing Tempfile" if not @@loaded_tempfile
232
261
  fd = File.open(path, "rb")
233
262
  tp = Tempfile.new("msftemp")
263
+ tp.binmode
234
264
  tp.write(fd.read(File.size(path)))
235
265
  tp.close
236
266
  fd.close
@@ -54,20 +54,21 @@ class Generic
54
54
  gen_base_set(block).each do |randbase_|
55
55
  second = gen_second(block, randbase_)
56
56
  next if second < 0
57
- if(accepted_chars.include?([second].pack('C')))
57
+ if accepted_chars.include?([second].pack('C'))
58
58
  found = second
59
59
  randbase = randbase_
60
60
  break
61
61
  end
62
62
  end
63
63
 
64
- if(not found)
65
- raise RuntimeError, "No valid base found for #{"0x%.2x" % block}"
66
- end
67
-
68
- raise RuntimeError, "Negative" if second < 0
69
- if !(accepted_chars.include?([second].pack('C')))
70
- raise RuntimeError, "BadChar; #{block} to #{second}"
64
+ if not found
65
+ msg = "No valid base found for #{"0x%.2x" % block}"
66
+ if not accepted_chars.include?([second].pack('C'))
67
+ msg << ": BadChar to #{second}"
68
+ elsif second < 1
69
+ msg << ": Negative"
70
+ end
71
+ raise RuntimeError, msg
71
72
  end
72
73
 
73
74
  if (randbase > 0xa0)
@@ -79,10 +80,10 @@ class Generic
79
80
  else
80
81
  # pick one at "random"
81
82
  first = (randbase/0x10)
82
- if (first % 2)
83
+ if (first % 2) > 0
83
84
  first += 0x40
84
85
  else
85
- randbase += 0x50
86
+ first += 0x50
86
87
  end
87
88
  end
88
89
 
@@ -61,7 +61,7 @@ class ArgumentError < ::ArgumentError
61
61
  def to_s
62
62
  str = 'An invalid argument was specified.'
63
63
  if @message
64
- str += " #{@message}"
64
+ str << " #{@message}"
65
65
  end
66
66
  str
67
67
  end
@@ -18,6 +18,7 @@ module Exploitation
18
18
  # Checksum checking implemented by dijital1/corelanc0d3r
19
19
  # Checksum code merged to Egghunter by jduck
20
20
  # Conversion to use Metasm by jduck
21
+ # Startreg code added by corelanc0d3r
21
22
  #
22
23
  ###
23
24
  class Egghunter
@@ -38,12 +39,25 @@ class Egghunter
38
39
  #
39
40
  def hunter_stub(payload, badchars = '', opts = {})
40
41
 
42
+ startreg = opts[:startreg]
43
+
41
44
  raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
42
45
  marker = "0x%x" % opts[:eggtag].unpack('V').first
43
46
 
44
47
  checksum = checksum_stub(payload, badchars, opts)
45
48
 
49
+ startstub = ''
50
+ if startreg
51
+ if startreg.downcase != 'edx'
52
+ startstub = "\n\tmov edx,#{startreg}\n\tjmp next_addr"
53
+ else
54
+ startstub = "\n\tjmp next_addr"
55
+ end
56
+ end
57
+ startstub << "\n\t" if startstub.length > 0
58
+
46
59
  assembly = <<EOS
60
+ #{startstub}
47
61
  check_readable:
48
62
  or dx,0xfff
49
63
  next_addr:
@@ -97,13 +111,26 @@ EOS
97
111
  #
98
112
  def hunter_stub(payload, badchars = '', opts = {})
99
113
 
114
+ startreg = opts[:startreg]
115
+
100
116
  raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
101
117
  marker = "0x%x" % opts[:eggtag].unpack('V').first
102
118
 
103
119
  checksum = checksum_stub(payload, badchars, opts)
104
120
 
121
+ startstub = ''
122
+ if startreg
123
+ if startreg.downcase != 'ecx'
124
+ startstub = "\n\tmov ecx,#{startreg}\n\tjmp next_addr"
125
+ else
126
+ startstub = "\n\tjmp next_addr"
127
+ end
128
+ end
129
+ startstub << "\n\t" if startstub.length > 0
130
+
105
131
  assembly = <<EOS
106
132
  cld
133
+ #{startstub}
107
134
  check_readable:
108
135
  or cx,0xfff
109
136
  next_addr:
@@ -1,5 +1,6 @@
1
1
  require 'find'
2
2
  require 'rex/compat'
3
+ require 'tempfile'
3
4
 
4
5
  module Rex
5
6
 
@@ -26,6 +27,10 @@ module FileUtils
26
27
  if (path)
27
28
  path.split(::File::PATH_SEPARATOR).each { |base|
28
29
  begin
30
+ # Deal with Windows paths surrounded by quotes. Prevents
31
+ # silliness like trying to look for
32
+ # '"C:\\framework\\nmap"\\nmap.exe' which will always fail.
33
+ base = $1 if base =~ /^"(.*)"$/
29
34
  path = base + ::File::SEPARATOR + file_name
30
35
  if (::File::Stat.new(path) and not ::File.directory?(path))
31
36
  return path
@@ -39,6 +44,14 @@ module FileUtils
39
44
 
40
45
  end
41
46
 
47
+ class Quickfile < ::Tempfile
48
+ def initialize(*args)
49
+ super(*args)
50
+ self.binmode
51
+ ObjectSpace.undefine_finalizer(self)
52
+ end
53
+ end
54
+
42
55
  module Find
43
56
  #
44
57
  # Identical to Find.find from Ruby, but follows symlinks to directories.
@@ -34,19 +34,27 @@ module Stream
34
34
  def write(buf, opts = {})
35
35
  total_sent = 0
36
36
  total_length = buf.length
37
+ block_size = 32768
37
38
  begin
38
39
  while( total_sent < total_length )
39
40
  s = Rex::ThreadSafe.select( nil, [ fd ], nil, 0.2 )
40
41
  if( s == nil || s[0] == nil )
41
42
  next
42
43
  end
43
- data = buf[0, 32768]
44
+ data = buf[0, block_size]
44
45
  sent = fd.write_nonblock( data )
45
46
  if sent > 0
46
47
  total_sent += sent
47
48
  buf[0, sent] = ""
48
49
  end
49
50
  end
51
+ rescue ::Errno::EAGAIN
52
+ # Sleep for a half a second, or until we can write again
53
+ Rex::ThreadSafe.select( nil, [ fd ], nil, 0.5 )
54
+ # Decrement the block size to handle full sendQs better
55
+ block_size = 1024
56
+ # Try to write the data again
57
+ retry
50
58
  rescue ::IOError, ::Errno::EPIPE
51
59
  return nil if (fd.abortive_close == true)
52
60
  raise $!
@@ -53,8 +53,7 @@ module StreamAbstraction
53
53
  self.lsock.extend(Ext)
54
54
  self.rsock.extend(Rex::IO::Stream)
55
55
 
56
- self.monitor_rsock
57
-
56
+ self.monitor_rsock
58
57
  end
59
58
 
60
59
  #
@@ -122,26 +121,37 @@ module StreamAbstraction
122
121
  protected
123
122
 
124
123
  def monitor_rsock
125
- self.monitor_thread = ::Thread.new {
124
+ self.monitor_thread = Rex::ThreadFactory.spawn("StreamMonitorRemote", false) {
126
125
  loop do
127
126
  closed = false
128
127
  buf = nil
129
128
 
129
+ if not self.rsock
130
+ wlog("monitor_rsock: the remote socket is nil, exiting loop")
131
+ break
132
+ end
133
+
130
134
  begin
131
135
  s = Rex::ThreadSafe.select( [ self.rsock ], nil, nil, 0.2 )
132
136
  if( s == nil || s[0] == nil )
133
137
  next
134
138
  end
135
139
  rescue Exception => e
140
+ wlog("monitor_rsock: exception during select: #{e.class} #{e}")
136
141
  closed = true
137
142
  end
138
143
 
139
144
  if( closed == false )
140
145
  begin
141
146
  buf = self.rsock.sysread( 32768 )
142
- closed = true if( buf == nil )
143
- rescue
147
+ if buf == nil
148
+ closed = true
149
+ wlog("monitor_rsock: closed remote socket due to nil read")
150
+ end
151
+
152
+ rescue ::Exception
144
153
  closed = true
154
+ wlog("monitor_rsock: exception during read: #{e.class} #{e}")
145
155
  end
146
156
  end
147
157
 
@@ -162,14 +172,15 @@ protected
162
172
  end
163
173
  rescue ::IOError => e
164
174
  closed = true
175
+ wlog("monitor_rsock: exception during write: #{e.class} #{e}")
165
176
  break
166
177
  end
167
178
  end
168
179
  end
169
180
 
170
181
  if( closed )
171
- self.close_write
172
- ::Thread.exit
182
+ self.close_write if self.respond_to?('close_write')
183
+ break
173
184
  end
174
185
  end
175
186
  }
@@ -62,10 +62,10 @@ module StreamServer
62
62
  def start
63
63
  self.clients = []
64
64
 
65
- self.listener_thread = Thread.new {
65
+ self.listener_thread = Rex::ThreadFactory.spawn("StreamServerListener", false) {
66
66
  monitor_listener
67
67
  }
68
- self.clients_thread = Thread.new {
68
+ self.clients_thread = Rex::ThreadFactory.spawn("StreamServerClientMonitor", false) {
69
69
  monitor_clients
70
70
  }
71
71
  end
@@ -28,7 +28,7 @@ class Job
28
28
  def start(async = false)
29
29
  self.start_time = Time.now
30
30
  if (async)
31
- self.job_thread = Thread.new {
31
+ self.job_thread = Rex::ThreadFactory.spawn("JobID(#{jid})-#{name}", false) {
32
32
  # Deschedule our thread momentarily
33
33
  ::IO.select(nil, nil, nil, 0.01)
34
34
 
@@ -83,16 +83,17 @@ class Message
83
83
 
84
84
  def add_part(data='', content_type='text/plain', transfer_encoding="8bit", content_disposition=nil)
85
85
  part = Rex::MIME::Part.new
86
+
87
+ if (content_disposition)
88
+ part.header.set("Content-Disposition", content_disposition)
89
+ end
90
+
86
91
  part.header.set("Content-Type", content_type)
87
92
 
88
93
  if (transfer_encoding)
89
94
  part.header.set("Content-Transfer-Encoding", transfer_encoding)
90
95
  end
91
96
 
92
- if (content_disposition)
93
- part.header.set("Content-Disposition", content_disposition)
94
- end
95
-
96
97
  part.content = data
97
98
  self.parts << part
98
99
  part
@@ -1,6 +1,6 @@
1
1
  ##
2
- # $Id: ole.rb 8457 2010-02-11 18:36:38Z jduck $
3
- # Version: $Revision: 8457 $
2
+ # $Id: ole.rb 11444 2010-12-29 17:07:46Z jduck $
3
+ # Version: $Revision: 11444 $
4
4
  ##
5
5
 
6
6
  ##
@@ -30,6 +30,7 @@
30
30
  # 8. R/W substorages (including nesting)
31
31
  # 9. full directory support (hierarchal and flattened access)
32
32
  # 10. big and little endian files (although only little endian was tested)
33
+ # 11. PropertySet streams (except .to_s)
33
34
  #
34
35
  #
35
36
  # TODO (in order of priority):
@@ -40,10 +41,9 @@
40
41
  # - may lead to allocating more fat sectors :-/
41
42
  # 4. properly support mode params for open_stream/open_storage/etc
42
43
  # 5. optimize to prevent unecessary loading/writing
43
- # 6. support for auxillary streams (DocumentSummaryInformation and SummaryInformation)
44
- # 7. support non-committal editing (open, change, close w/o save)
45
- # 8. support timestamps
46
- # 9. provide interface to change paramters (endian, etc)
44
+ # 6. support non-committal editing (open, change, close w/o save)
45
+ # 7. support timestamps
46
+ # 8. provide interface to change paramters (endian, etc)
47
47
  #
48
48
  #
49
49
  # TO INVESTIGATE:
@@ -124,5 +124,82 @@ require 'rex/ole/substorage'
124
124
  require 'rex/ole/stream'
125
125
 
126
126
 
127
+ # constants for property sets
128
+ # PropertyIds
129
+ PID_DICTIONARY = 0x00000000
130
+ PID_CODEPAGE = 0x00000001
131
+ PID_LOCALE = 0x80000000
132
+ PID_BEHAVIOR = 0x80000003
133
+ # Well-known PropertyIds
134
+ PIDSI_TITLE = 0x02
135
+ PIDSI_SUBJECT = 0x03
136
+ PIDSI_AUTHOR = 0x04
137
+ PIDSI_KEYWORDS = 0x05
138
+ PIDSI_COMMENTS = 0x06
139
+ PIDSI_TEMPLATE = 0x07
140
+ PIDSI_LASTAUTHOR = 0x08
141
+ PIDSI_REVNUMBER = 0x09
142
+ PIDSI_EDITTIME = 0x0a
143
+ PIDSI_LASTPRINTED = 0x0b
144
+ PIDSI_CREATE_DTM = 0x0c
145
+ PIDSI_LASTSAVE_DTM = 0x0d
146
+ PIDSI_PAGECOUNT = 0x0e
147
+ PIDSI_WORDCOUNT = 0x0f
148
+ PIDSI_CHARCOUNT = 0x10
149
+ PIDSI_THUMBNAIL = 0x11
150
+ PIDSI_APPNAME = 0x12
151
+ PIDSI_DOC_SECURITY = 0x13
152
+ # PropertyTypes
153
+ VT_EMPTY = 0x00
154
+ VT_NULL = 0x01
155
+ VT_I2 = 0x02
156
+ VT_I4 = 0x03
157
+ VT_R4 = 0x04
158
+ VT_R8 = 0x05
159
+ VT_CY = 0x06
160
+ VT_DATE = 0x07
161
+ VT_BSTR = 0x08
162
+ VT_ERROR = 0x0a
163
+ VT_BOOL = 0x0b
164
+ VT_VARIANT = 0x0c # used with VT_VECTOR
165
+ # 0xd
166
+ VT_DECIMAL = 0x0e
167
+ # 0xf
168
+ VT_I1 = 0x10
169
+ VT_UI1 = 0x11
170
+ VT_UI2 = 0x12
171
+ VT_UI4 = 0x13
172
+ VT_I8 = 0x14
173
+ VT_UI8 = 0x15
174
+ VT_INT = 0x16
175
+ VT_UINT = 0x17
176
+ VT_LPSTR = 0x1e
177
+ VT_LPWSTR = 0x1f
178
+ # 0x20-0x3f
179
+ VT_FILETIME = 0x40
180
+ VT_BLOB = 0x41
181
+ VT_STREAM = 0x42
182
+ VT_STORAGE = 0x43
183
+ VT_STREAMED_OBJ = 0x44
184
+ VT_STORED_OBJ = 0x45
185
+ VT_BLOB_OBJ = 0x46
186
+ VT_CF = 0x47 # Clipboard Format
187
+ VT_CLSID = 0x48
188
+ VT_VERSIONED_STREAM = 0x49
189
+ # Flags
190
+ VT_VECTOR = 0x1000
191
+ VT_ARRAY = 0x2000 # Requires OLE version >= 1
192
+ # Format IDs
193
+ FMTID_SummaryInformation = "\xe0\x85\x9f\xf2\xf9\x4f\x68\x10\xab\x91\x08\x00\x2b\x27\xb3\xd9"
194
+ FMTID_DocSummaryInformation = "\x02\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
195
+ FMTID_UserDefinedProperties = "\x05\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
196
+ FMTID_GlobalInfo = "\x00\x6f\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
197
+ FMTID_ImageContents = "\x00\x64\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
198
+ FMTID_ImageInfo = "\x00\x65\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
199
+ FMTID_PropertyBag = "\x01\x18\x00\x20\xe6\x5d\xd1\x11\x8e\x38\x00\xc0\x4f\xb9\x38\x6d"
200
+ # defines PropertySet class
201
+ require 'rex/ole/propset'
202
+
203
+
127
204
  end
128
205
  end