librex 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -1
- data/Rakefile +13 -0
- data/lib/rex.rb +4 -1
- data/lib/rex/assembly/nasm.rb +4 -0
- data/lib/rex/compat.rb +31 -1
- data/lib/rex/encoder/alpha2/generic.rb +11 -10
- data/lib/rex/exceptions.rb +1 -1
- data/lib/rex/exploitation/egghunter.rb +27 -0
- data/lib/rex/file.rb +13 -0
- data/lib/rex/io/stream.rb +9 -1
- data/lib/rex/io/stream_abstraction.rb +18 -7
- data/lib/rex/io/stream_server.rb +2 -2
- data/lib/rex/job_container.rb +1 -1
- data/lib/rex/mime/message.rb +5 -4
- data/lib/rex/ole.rb +83 -6
- data/lib/rex/ole/propset.rb +144 -0
- data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
- data/lib/rex/parser/ip360_xml.rb +93 -0
- data/lib/rex/parser/nessus_xml.rb +118 -0
- data/lib/rex/parser/netsparker_xml.rb +94 -0
- data/lib/rex/parser/retina_xml.rb +109 -0
- data/lib/rex/post/meterpreter/channel.rb +15 -8
- data/lib/rex/post/meterpreter/client.rb +32 -3
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
- data/lib/rex/proto/dhcp/server.rb +8 -4
- data/lib/rex/proto/http/client.rb +19 -45
- data/lib/rex/proto/http/packet.rb +8 -5
- data/lib/rex/proto/http/response.rb +8 -3
- data/lib/rex/proto/http/server.rb +1 -1
- data/lib/rex/proto/proxy/socks4a.rb +4 -4
- data/lib/rex/proto/rfb.rb +19 -0
- data/lib/rex/proto/rfb.rb.ut.rb +37 -0
- data/lib/rex/proto/rfb/cipher.rb +78 -0
- data/lib/rex/proto/rfb/client.rb +207 -0
- data/lib/rex/proto/rfb/constants.rb +52 -0
- data/lib/rex/proto/tftp/server.rb +20 -17
- data/lib/rex/services/local_relay.rb +1 -1
- data/lib/rex/socket.rb +69 -10
- data/lib/rex/socket/comm/local.rb +7 -4
- data/lib/rex/socket/range_walker.rb +14 -1
- data/lib/rex/text.rb +28 -3
- data/lib/rex/text.rb.ut.rb +14 -0
- data/lib/rex/thread_factory.rb +42 -0
- data/lib/rex/ui/text/input/buffer.rb +1 -1
- data/lib/rex/zip/archive.rb +74 -9
- data/lib/rex/zip/entry.rb +6 -1
- metadata +22 -7
data/README.md
CHANGED
@@ -4,7 +4,7 @@ REX
|
|
4
4
|
A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
|
5
5
|
|
6
6
|
Currently based on:
|
7
|
-
SVN Revision:
|
7
|
+
SVN Revision: 11474
|
8
8
|
|
9
9
|
Credits
|
10
10
|
===
|
data/Rakefile
ADDED
data/lib/rex.rb
CHANGED
@@ -2,7 +2,7 @@
|
|
2
2
|
|
3
3
|
The Metasploit Rex library is provided under the 3-clause BSD license.
|
4
4
|
|
5
|
-
Copyright (c) 2005-
|
5
|
+
Copyright (c) 2005-2010, Rapid7 LLC
|
6
6
|
All rights reserved.
|
7
7
|
|
8
8
|
Redistribution and use in source and binary forms, with or without modification,
|
@@ -49,6 +49,9 @@ require 'rex/file'
|
|
49
49
|
# Thread safety and synchronization
|
50
50
|
require 'rex/sync'
|
51
51
|
|
52
|
+
# Thread factory
|
53
|
+
require 'rex/thread_factory'
|
54
|
+
|
52
55
|
# Encoding
|
53
56
|
require 'rex/encoder/xor'
|
54
57
|
require 'rex/encoding/xor'
|
data/lib/rex/assembly/nasm.rb
CHANGED
@@ -42,6 +42,8 @@ class Nasm
|
|
42
42
|
|
43
43
|
# Open the temporary file
|
44
44
|
tmp = Tempfile.new('nasmXXXX')
|
45
|
+
tmp.binmode
|
46
|
+
|
45
47
|
tpath = tmp.path
|
46
48
|
opath = tmp.path + '.out'
|
47
49
|
|
@@ -72,6 +74,8 @@ class Nasm
|
|
72
74
|
check
|
73
75
|
|
74
76
|
tmp = Tempfile.new('nasmout')
|
77
|
+
tmp.binmode
|
78
|
+
|
75
79
|
tfd = File.open(tmp.path, "wb")
|
76
80
|
|
77
81
|
tfd.write(raw)
|
data/lib/rex/compat.rb
CHANGED
@@ -37,7 +37,7 @@ ENABLE_PROCESSED_INPUT = 1
|
|
37
37
|
|
38
38
|
def self.is_windows
|
39
39
|
return @@is_windows if @@is_windows
|
40
|
-
@@is_windows = (RUBY_PLATFORM =~ /mswin32/) ? true : false
|
40
|
+
@@is_windows = (RUBY_PLATFORM =~ /mswin32|mingw32/) ? true : false
|
41
41
|
end
|
42
42
|
|
43
43
|
def self.is_cygwin
|
@@ -80,6 +80,18 @@ def self.is_java
|
|
80
80
|
@@is_java = (RUBY_PLATFORM =~ /java/) ? true : false
|
81
81
|
end
|
82
82
|
|
83
|
+
def self.is_wow64
|
84
|
+
return false if not is_windows
|
85
|
+
is64 = false
|
86
|
+
begin
|
87
|
+
buff = "\x00" * 4
|
88
|
+
Win32API.new("kernel32","IsWow64Process",['L','P'],'L').call(-1, buff)
|
89
|
+
is64 = (buff.unpack("V")[0]) == 1 ? true : false
|
90
|
+
rescue ::Exception
|
91
|
+
end
|
92
|
+
is64
|
93
|
+
end
|
94
|
+
|
83
95
|
def self.cygwin_to_win32(path)
|
84
96
|
if(path !~ /^\/cygdrive/)
|
85
97
|
return ::IO.popen("cygpath -w #{path}", "rb").read.strip
|
@@ -115,6 +127,23 @@ def self.open_browser(url='http://metasploit.com/')
|
|
115
127
|
when /darwin/
|
116
128
|
system("open #{url}")
|
117
129
|
else
|
130
|
+
# Search through the PATH variable (if it exists) and chose a browser
|
131
|
+
# We are making an assumption about the nature of "PATH" so tread lightly
|
132
|
+
if defined? ENV['PATH']
|
133
|
+
# "sensible-browser" opens the "default" browser in Ubuntu and others, so try that first
|
134
|
+
# but also provide fallbacks
|
135
|
+
['sensible-browser', 'firefox', 'opera', 'chromium-browser', 'konqueror'].each do |browser|
|
136
|
+
ENV['PATH'].split(':').each do |path|
|
137
|
+
# Does the browser exists?
|
138
|
+
if File.exists?("#{path}/#{browser}")
|
139
|
+
system("#{browser} #{url} &")
|
140
|
+
return
|
141
|
+
end
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
|
146
|
+
# If nothing else worked, default to firefox
|
118
147
|
system("firefox #{url} &")
|
119
148
|
end
|
120
149
|
end
|
@@ -231,6 +260,7 @@ def self.temp_copy(path)
|
|
231
260
|
raise RuntimeError,"missing Tempfile" if not @@loaded_tempfile
|
232
261
|
fd = File.open(path, "rb")
|
233
262
|
tp = Tempfile.new("msftemp")
|
263
|
+
tp.binmode
|
234
264
|
tp.write(fd.read(File.size(path)))
|
235
265
|
tp.close
|
236
266
|
fd.close
|
@@ -54,20 +54,21 @@ class Generic
|
|
54
54
|
gen_base_set(block).each do |randbase_|
|
55
55
|
second = gen_second(block, randbase_)
|
56
56
|
next if second < 0
|
57
|
-
if
|
57
|
+
if accepted_chars.include?([second].pack('C'))
|
58
58
|
found = second
|
59
59
|
randbase = randbase_
|
60
60
|
break
|
61
61
|
end
|
62
62
|
end
|
63
63
|
|
64
|
-
if
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
64
|
+
if not found
|
65
|
+
msg = "No valid base found for #{"0x%.2x" % block}"
|
66
|
+
if not accepted_chars.include?([second].pack('C'))
|
67
|
+
msg << ": BadChar to #{second}"
|
68
|
+
elsif second < 1
|
69
|
+
msg << ": Negative"
|
70
|
+
end
|
71
|
+
raise RuntimeError, msg
|
71
72
|
end
|
72
73
|
|
73
74
|
if (randbase > 0xa0)
|
@@ -79,10 +80,10 @@ class Generic
|
|
79
80
|
else
|
80
81
|
# pick one at "random"
|
81
82
|
first = (randbase/0x10)
|
82
|
-
if (first % 2)
|
83
|
+
if (first % 2) > 0
|
83
84
|
first += 0x40
|
84
85
|
else
|
85
|
-
|
86
|
+
first += 0x50
|
86
87
|
end
|
87
88
|
end
|
88
89
|
|
data/lib/rex/exceptions.rb
CHANGED
@@ -18,6 +18,7 @@ module Exploitation
|
|
18
18
|
# Checksum checking implemented by dijital1/corelanc0d3r
|
19
19
|
# Checksum code merged to Egghunter by jduck
|
20
20
|
# Conversion to use Metasm by jduck
|
21
|
+
# Startreg code added by corelanc0d3r
|
21
22
|
#
|
22
23
|
###
|
23
24
|
class Egghunter
|
@@ -38,12 +39,25 @@ class Egghunter
|
|
38
39
|
#
|
39
40
|
def hunter_stub(payload, badchars = '', opts = {})
|
40
41
|
|
42
|
+
startreg = opts[:startreg]
|
43
|
+
|
41
44
|
raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
|
42
45
|
marker = "0x%x" % opts[:eggtag].unpack('V').first
|
43
46
|
|
44
47
|
checksum = checksum_stub(payload, badchars, opts)
|
45
48
|
|
49
|
+
startstub = ''
|
50
|
+
if startreg
|
51
|
+
if startreg.downcase != 'edx'
|
52
|
+
startstub = "\n\tmov edx,#{startreg}\n\tjmp next_addr"
|
53
|
+
else
|
54
|
+
startstub = "\n\tjmp next_addr"
|
55
|
+
end
|
56
|
+
end
|
57
|
+
startstub << "\n\t" if startstub.length > 0
|
58
|
+
|
46
59
|
assembly = <<EOS
|
60
|
+
#{startstub}
|
47
61
|
check_readable:
|
48
62
|
or dx,0xfff
|
49
63
|
next_addr:
|
@@ -97,13 +111,26 @@ EOS
|
|
97
111
|
#
|
98
112
|
def hunter_stub(payload, badchars = '', opts = {})
|
99
113
|
|
114
|
+
startreg = opts[:startreg]
|
115
|
+
|
100
116
|
raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
|
101
117
|
marker = "0x%x" % opts[:eggtag].unpack('V').first
|
102
118
|
|
103
119
|
checksum = checksum_stub(payload, badchars, opts)
|
104
120
|
|
121
|
+
startstub = ''
|
122
|
+
if startreg
|
123
|
+
if startreg.downcase != 'ecx'
|
124
|
+
startstub = "\n\tmov ecx,#{startreg}\n\tjmp next_addr"
|
125
|
+
else
|
126
|
+
startstub = "\n\tjmp next_addr"
|
127
|
+
end
|
128
|
+
end
|
129
|
+
startstub << "\n\t" if startstub.length > 0
|
130
|
+
|
105
131
|
assembly = <<EOS
|
106
132
|
cld
|
133
|
+
#{startstub}
|
107
134
|
check_readable:
|
108
135
|
or cx,0xfff
|
109
136
|
next_addr:
|
data/lib/rex/file.rb
CHANGED
@@ -1,5 +1,6 @@
|
|
1
1
|
require 'find'
|
2
2
|
require 'rex/compat'
|
3
|
+
require 'tempfile'
|
3
4
|
|
4
5
|
module Rex
|
5
6
|
|
@@ -26,6 +27,10 @@ module FileUtils
|
|
26
27
|
if (path)
|
27
28
|
path.split(::File::PATH_SEPARATOR).each { |base|
|
28
29
|
begin
|
30
|
+
# Deal with Windows paths surrounded by quotes. Prevents
|
31
|
+
# silliness like trying to look for
|
32
|
+
# '"C:\\framework\\nmap"\\nmap.exe' which will always fail.
|
33
|
+
base = $1 if base =~ /^"(.*)"$/
|
29
34
|
path = base + ::File::SEPARATOR + file_name
|
30
35
|
if (::File::Stat.new(path) and not ::File.directory?(path))
|
31
36
|
return path
|
@@ -39,6 +44,14 @@ module FileUtils
|
|
39
44
|
|
40
45
|
end
|
41
46
|
|
47
|
+
class Quickfile < ::Tempfile
|
48
|
+
def initialize(*args)
|
49
|
+
super(*args)
|
50
|
+
self.binmode
|
51
|
+
ObjectSpace.undefine_finalizer(self)
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
42
55
|
module Find
|
43
56
|
#
|
44
57
|
# Identical to Find.find from Ruby, but follows symlinks to directories.
|
data/lib/rex/io/stream.rb
CHANGED
@@ -34,19 +34,27 @@ module Stream
|
|
34
34
|
def write(buf, opts = {})
|
35
35
|
total_sent = 0
|
36
36
|
total_length = buf.length
|
37
|
+
block_size = 32768
|
37
38
|
begin
|
38
39
|
while( total_sent < total_length )
|
39
40
|
s = Rex::ThreadSafe.select( nil, [ fd ], nil, 0.2 )
|
40
41
|
if( s == nil || s[0] == nil )
|
41
42
|
next
|
42
43
|
end
|
43
|
-
data = buf[0,
|
44
|
+
data = buf[0, block_size]
|
44
45
|
sent = fd.write_nonblock( data )
|
45
46
|
if sent > 0
|
46
47
|
total_sent += sent
|
47
48
|
buf[0, sent] = ""
|
48
49
|
end
|
49
50
|
end
|
51
|
+
rescue ::Errno::EAGAIN
|
52
|
+
# Sleep for a half a second, or until we can write again
|
53
|
+
Rex::ThreadSafe.select( nil, [ fd ], nil, 0.5 )
|
54
|
+
# Decrement the block size to handle full sendQs better
|
55
|
+
block_size = 1024
|
56
|
+
# Try to write the data again
|
57
|
+
retry
|
50
58
|
rescue ::IOError, ::Errno::EPIPE
|
51
59
|
return nil if (fd.abortive_close == true)
|
52
60
|
raise $!
|
@@ -53,8 +53,7 @@ module StreamAbstraction
|
|
53
53
|
self.lsock.extend(Ext)
|
54
54
|
self.rsock.extend(Rex::IO::Stream)
|
55
55
|
|
56
|
-
|
57
|
-
|
56
|
+
self.monitor_rsock
|
58
57
|
end
|
59
58
|
|
60
59
|
#
|
@@ -122,26 +121,37 @@ module StreamAbstraction
|
|
122
121
|
protected
|
123
122
|
|
124
123
|
def monitor_rsock
|
125
|
-
self.monitor_thread = ::
|
124
|
+
self.monitor_thread = Rex::ThreadFactory.spawn("StreamMonitorRemote", false) {
|
126
125
|
loop do
|
127
126
|
closed = false
|
128
127
|
buf = nil
|
129
128
|
|
129
|
+
if not self.rsock
|
130
|
+
wlog("monitor_rsock: the remote socket is nil, exiting loop")
|
131
|
+
break
|
132
|
+
end
|
133
|
+
|
130
134
|
begin
|
131
135
|
s = Rex::ThreadSafe.select( [ self.rsock ], nil, nil, 0.2 )
|
132
136
|
if( s == nil || s[0] == nil )
|
133
137
|
next
|
134
138
|
end
|
135
139
|
rescue Exception => e
|
140
|
+
wlog("monitor_rsock: exception during select: #{e.class} #{e}")
|
136
141
|
closed = true
|
137
142
|
end
|
138
143
|
|
139
144
|
if( closed == false )
|
140
145
|
begin
|
141
146
|
buf = self.rsock.sysread( 32768 )
|
142
|
-
|
143
|
-
|
147
|
+
if buf == nil
|
148
|
+
closed = true
|
149
|
+
wlog("monitor_rsock: closed remote socket due to nil read")
|
150
|
+
end
|
151
|
+
|
152
|
+
rescue ::Exception
|
144
153
|
closed = true
|
154
|
+
wlog("monitor_rsock: exception during read: #{e.class} #{e}")
|
145
155
|
end
|
146
156
|
end
|
147
157
|
|
@@ -162,14 +172,15 @@ protected
|
|
162
172
|
end
|
163
173
|
rescue ::IOError => e
|
164
174
|
closed = true
|
175
|
+
wlog("monitor_rsock: exception during write: #{e.class} #{e}")
|
165
176
|
break
|
166
177
|
end
|
167
178
|
end
|
168
179
|
end
|
169
180
|
|
170
181
|
if( closed )
|
171
|
-
self.close_write
|
172
|
-
|
182
|
+
self.close_write if self.respond_to?('close_write')
|
183
|
+
break
|
173
184
|
end
|
174
185
|
end
|
175
186
|
}
|
data/lib/rex/io/stream_server.rb
CHANGED
@@ -62,10 +62,10 @@ module StreamServer
|
|
62
62
|
def start
|
63
63
|
self.clients = []
|
64
64
|
|
65
|
-
self.listener_thread =
|
65
|
+
self.listener_thread = Rex::ThreadFactory.spawn("StreamServerListener", false) {
|
66
66
|
monitor_listener
|
67
67
|
}
|
68
|
-
self.clients_thread =
|
68
|
+
self.clients_thread = Rex::ThreadFactory.spawn("StreamServerClientMonitor", false) {
|
69
69
|
monitor_clients
|
70
70
|
}
|
71
71
|
end
|
data/lib/rex/job_container.rb
CHANGED
@@ -28,7 +28,7 @@ class Job
|
|
28
28
|
def start(async = false)
|
29
29
|
self.start_time = Time.now
|
30
30
|
if (async)
|
31
|
-
self.job_thread =
|
31
|
+
self.job_thread = Rex::ThreadFactory.spawn("JobID(#{jid})-#{name}", false) {
|
32
32
|
# Deschedule our thread momentarily
|
33
33
|
::IO.select(nil, nil, nil, 0.01)
|
34
34
|
|
data/lib/rex/mime/message.rb
CHANGED
@@ -83,16 +83,17 @@ class Message
|
|
83
83
|
|
84
84
|
def add_part(data='', content_type='text/plain', transfer_encoding="8bit", content_disposition=nil)
|
85
85
|
part = Rex::MIME::Part.new
|
86
|
+
|
87
|
+
if (content_disposition)
|
88
|
+
part.header.set("Content-Disposition", content_disposition)
|
89
|
+
end
|
90
|
+
|
86
91
|
part.header.set("Content-Type", content_type)
|
87
92
|
|
88
93
|
if (transfer_encoding)
|
89
94
|
part.header.set("Content-Transfer-Encoding", transfer_encoding)
|
90
95
|
end
|
91
96
|
|
92
|
-
if (content_disposition)
|
93
|
-
part.header.set("Content-Disposition", content_disposition)
|
94
|
-
end
|
95
|
-
|
96
97
|
part.content = data
|
97
98
|
self.parts << part
|
98
99
|
part
|
data/lib/rex/ole.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
##
|
2
|
-
# $Id: ole.rb
|
3
|
-
# Version: $Revision:
|
2
|
+
# $Id: ole.rb 11444 2010-12-29 17:07:46Z jduck $
|
3
|
+
# Version: $Revision: 11444 $
|
4
4
|
##
|
5
5
|
|
6
6
|
##
|
@@ -30,6 +30,7 @@
|
|
30
30
|
# 8. R/W substorages (including nesting)
|
31
31
|
# 9. full directory support (hierarchal and flattened access)
|
32
32
|
# 10. big and little endian files (although only little endian was tested)
|
33
|
+
# 11. PropertySet streams (except .to_s)
|
33
34
|
#
|
34
35
|
#
|
35
36
|
# TODO (in order of priority):
|
@@ -40,10 +41,9 @@
|
|
40
41
|
# - may lead to allocating more fat sectors :-/
|
41
42
|
# 4. properly support mode params for open_stream/open_storage/etc
|
42
43
|
# 5. optimize to prevent unecessary loading/writing
|
43
|
-
# 6. support
|
44
|
-
# 7. support
|
45
|
-
# 8.
|
46
|
-
# 9. provide interface to change paramters (endian, etc)
|
44
|
+
# 6. support non-committal editing (open, change, close w/o save)
|
45
|
+
# 7. support timestamps
|
46
|
+
# 8. provide interface to change paramters (endian, etc)
|
47
47
|
#
|
48
48
|
#
|
49
49
|
# TO INVESTIGATE:
|
@@ -124,5 +124,82 @@ require 'rex/ole/substorage'
|
|
124
124
|
require 'rex/ole/stream'
|
125
125
|
|
126
126
|
|
127
|
+
# constants for property sets
|
128
|
+
# PropertyIds
|
129
|
+
PID_DICTIONARY = 0x00000000
|
130
|
+
PID_CODEPAGE = 0x00000001
|
131
|
+
PID_LOCALE = 0x80000000
|
132
|
+
PID_BEHAVIOR = 0x80000003
|
133
|
+
# Well-known PropertyIds
|
134
|
+
PIDSI_TITLE = 0x02
|
135
|
+
PIDSI_SUBJECT = 0x03
|
136
|
+
PIDSI_AUTHOR = 0x04
|
137
|
+
PIDSI_KEYWORDS = 0x05
|
138
|
+
PIDSI_COMMENTS = 0x06
|
139
|
+
PIDSI_TEMPLATE = 0x07
|
140
|
+
PIDSI_LASTAUTHOR = 0x08
|
141
|
+
PIDSI_REVNUMBER = 0x09
|
142
|
+
PIDSI_EDITTIME = 0x0a
|
143
|
+
PIDSI_LASTPRINTED = 0x0b
|
144
|
+
PIDSI_CREATE_DTM = 0x0c
|
145
|
+
PIDSI_LASTSAVE_DTM = 0x0d
|
146
|
+
PIDSI_PAGECOUNT = 0x0e
|
147
|
+
PIDSI_WORDCOUNT = 0x0f
|
148
|
+
PIDSI_CHARCOUNT = 0x10
|
149
|
+
PIDSI_THUMBNAIL = 0x11
|
150
|
+
PIDSI_APPNAME = 0x12
|
151
|
+
PIDSI_DOC_SECURITY = 0x13
|
152
|
+
# PropertyTypes
|
153
|
+
VT_EMPTY = 0x00
|
154
|
+
VT_NULL = 0x01
|
155
|
+
VT_I2 = 0x02
|
156
|
+
VT_I4 = 0x03
|
157
|
+
VT_R4 = 0x04
|
158
|
+
VT_R8 = 0x05
|
159
|
+
VT_CY = 0x06
|
160
|
+
VT_DATE = 0x07
|
161
|
+
VT_BSTR = 0x08
|
162
|
+
VT_ERROR = 0x0a
|
163
|
+
VT_BOOL = 0x0b
|
164
|
+
VT_VARIANT = 0x0c # used with VT_VECTOR
|
165
|
+
# 0xd
|
166
|
+
VT_DECIMAL = 0x0e
|
167
|
+
# 0xf
|
168
|
+
VT_I1 = 0x10
|
169
|
+
VT_UI1 = 0x11
|
170
|
+
VT_UI2 = 0x12
|
171
|
+
VT_UI4 = 0x13
|
172
|
+
VT_I8 = 0x14
|
173
|
+
VT_UI8 = 0x15
|
174
|
+
VT_INT = 0x16
|
175
|
+
VT_UINT = 0x17
|
176
|
+
VT_LPSTR = 0x1e
|
177
|
+
VT_LPWSTR = 0x1f
|
178
|
+
# 0x20-0x3f
|
179
|
+
VT_FILETIME = 0x40
|
180
|
+
VT_BLOB = 0x41
|
181
|
+
VT_STREAM = 0x42
|
182
|
+
VT_STORAGE = 0x43
|
183
|
+
VT_STREAMED_OBJ = 0x44
|
184
|
+
VT_STORED_OBJ = 0x45
|
185
|
+
VT_BLOB_OBJ = 0x46
|
186
|
+
VT_CF = 0x47 # Clipboard Format
|
187
|
+
VT_CLSID = 0x48
|
188
|
+
VT_VERSIONED_STREAM = 0x49
|
189
|
+
# Flags
|
190
|
+
VT_VECTOR = 0x1000
|
191
|
+
VT_ARRAY = 0x2000 # Requires OLE version >= 1
|
192
|
+
# Format IDs
|
193
|
+
FMTID_SummaryInformation = "\xe0\x85\x9f\xf2\xf9\x4f\x68\x10\xab\x91\x08\x00\x2b\x27\xb3\xd9"
|
194
|
+
FMTID_DocSummaryInformation = "\x02\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
|
195
|
+
FMTID_UserDefinedProperties = "\x05\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
|
196
|
+
FMTID_GlobalInfo = "\x00\x6f\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
|
197
|
+
FMTID_ImageContents = "\x00\x64\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
|
198
|
+
FMTID_ImageInfo = "\x00\x65\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
|
199
|
+
FMTID_PropertyBag = "\x01\x18\x00\x20\xe6\x5d\xd1\x11\x8e\x38\x00\xc0\x4f\xb9\x38\x6d"
|
200
|
+
# defines PropertySet class
|
201
|
+
require 'rex/ole/propset'
|
202
|
+
|
203
|
+
|
127
204
|
end
|
128
205
|
end
|