librex 0.0.5 → 0.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.md +1 -1
- data/Rakefile +13 -0
- data/lib/rex.rb +4 -1
- data/lib/rex/assembly/nasm.rb +4 -0
- data/lib/rex/compat.rb +31 -1
- data/lib/rex/encoder/alpha2/generic.rb +11 -10
- data/lib/rex/exceptions.rb +1 -1
- data/lib/rex/exploitation/egghunter.rb +27 -0
- data/lib/rex/file.rb +13 -0
- data/lib/rex/io/stream.rb +9 -1
- data/lib/rex/io/stream_abstraction.rb +18 -7
- data/lib/rex/io/stream_server.rb +2 -2
- data/lib/rex/job_container.rb +1 -1
- data/lib/rex/mime/message.rb +5 -4
- data/lib/rex/ole.rb +83 -6
- data/lib/rex/ole/propset.rb +144 -0
- data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
- data/lib/rex/parser/ip360_xml.rb +93 -0
- data/lib/rex/parser/nessus_xml.rb +118 -0
- data/lib/rex/parser/netsparker_xml.rb +94 -0
- data/lib/rex/parser/retina_xml.rb +109 -0
- data/lib/rex/post/meterpreter/channel.rb +15 -8
- data/lib/rex/post/meterpreter/client.rb +32 -3
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
- data/lib/rex/proto/dhcp/server.rb +8 -4
- data/lib/rex/proto/http/client.rb +19 -45
- data/lib/rex/proto/http/packet.rb +8 -5
- data/lib/rex/proto/http/response.rb +8 -3
- data/lib/rex/proto/http/server.rb +1 -1
- data/lib/rex/proto/proxy/socks4a.rb +4 -4
- data/lib/rex/proto/rfb.rb +19 -0
- data/lib/rex/proto/rfb.rb.ut.rb +37 -0
- data/lib/rex/proto/rfb/cipher.rb +78 -0
- data/lib/rex/proto/rfb/client.rb +207 -0
- data/lib/rex/proto/rfb/constants.rb +52 -0
- data/lib/rex/proto/tftp/server.rb +20 -17
- data/lib/rex/services/local_relay.rb +1 -1
- data/lib/rex/socket.rb +69 -10
- data/lib/rex/socket/comm/local.rb +7 -4
- data/lib/rex/socket/range_walker.rb +14 -1
- data/lib/rex/text.rb +28 -3
- data/lib/rex/text.rb.ut.rb +14 -0
- data/lib/rex/thread_factory.rb +42 -0
- data/lib/rex/ui/text/input/buffer.rb +1 -1
- data/lib/rex/zip/archive.rb +74 -9
- data/lib/rex/zip/entry.rb +6 -1
- metadata +22 -7
@@ -0,0 +1,144 @@
|
|
1
|
+
##
|
2
|
+
# $Id: propset.rb 11444 2010-12-29 17:07:46Z jduck $
|
3
|
+
# Version: $Revision: 11444 $
|
4
|
+
##
|
5
|
+
|
6
|
+
##
|
7
|
+
# Rex::OLE - an OLE implementation
|
8
|
+
# written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
|
9
|
+
##
|
10
|
+
|
11
|
+
module Rex
|
12
|
+
module OLE
|
13
|
+
|
14
|
+
class Property
|
15
|
+
|
16
|
+
def initialize(id, type, data)
|
17
|
+
@id = id
|
18
|
+
@type = type
|
19
|
+
@data = data
|
20
|
+
end
|
21
|
+
|
22
|
+
def pack_pio(off = 0)
|
23
|
+
[ @id, off ].pack('V*')
|
24
|
+
end
|
25
|
+
|
26
|
+
def pack_data
|
27
|
+
buf = [ @type ].pack('V')
|
28
|
+
case @type
|
29
|
+
when VT_BLOB
|
30
|
+
buf << [ @data.length ].pack('V')
|
31
|
+
when VT_CF
|
32
|
+
buf << [ 4 + @data.length, -1 ].pack('V*')
|
33
|
+
end
|
34
|
+
buf << @data
|
35
|
+
buf
|
36
|
+
end
|
37
|
+
|
38
|
+
def to_s
|
39
|
+
"Rex::OLE::Property - to_s unimplemented"
|
40
|
+
end
|
41
|
+
|
42
|
+
end
|
43
|
+
|
44
|
+
class PropertySet
|
45
|
+
|
46
|
+
def initialize(fmtid = nil)
|
47
|
+
@fmtid = CLSID.new(fmtid)
|
48
|
+
@properties = []
|
49
|
+
end
|
50
|
+
|
51
|
+
def <<(val)
|
52
|
+
@properties << val
|
53
|
+
end
|
54
|
+
|
55
|
+
def pack_fno(off = 0)
|
56
|
+
@fmtid.pack + [ off ].pack('V')
|
57
|
+
end
|
58
|
+
|
59
|
+
def pack_data
|
60
|
+
# Pack all the property data
|
61
|
+
data = []
|
62
|
+
dlen = 0
|
63
|
+
@properties.each { |p|
|
64
|
+
dat = p.pack_data
|
65
|
+
dlen += dat.length
|
66
|
+
data << dat
|
67
|
+
}
|
68
|
+
|
69
|
+
buf = ''
|
70
|
+
# First the header
|
71
|
+
off = 8 + (@properties.length * 8)
|
72
|
+
buf << [ off + dlen, @properties.length ].pack('V*')
|
73
|
+
# Now, the Property Id and Offset for each
|
74
|
+
@properties.each_with_index { |p,x|
|
75
|
+
buf << p.pack_pio(off)
|
76
|
+
off += data[x].length
|
77
|
+
}
|
78
|
+
# Finally, all the data
|
79
|
+
buf << data.join
|
80
|
+
buf
|
81
|
+
end
|
82
|
+
|
83
|
+
def to_s
|
84
|
+
"Rex::OLE::PropertySet - to_s unimplemented"
|
85
|
+
end
|
86
|
+
|
87
|
+
end
|
88
|
+
|
89
|
+
class PropertySetStream
|
90
|
+
|
91
|
+
def initialize
|
92
|
+
@byte_order = 0xfffe
|
93
|
+
@ole_version = 0
|
94
|
+
@os_version = 1
|
95
|
+
@os_platform = 2
|
96
|
+
@clsid = CLSID.new
|
97
|
+
|
98
|
+
@propsets = []
|
99
|
+
end
|
100
|
+
|
101
|
+
def <<(ps)
|
102
|
+
@propsets << ps
|
103
|
+
end
|
104
|
+
|
105
|
+
def pack
|
106
|
+
buf = ''
|
107
|
+
|
108
|
+
# First, add the header
|
109
|
+
buf << [
|
110
|
+
@byte_order,
|
111
|
+
@ole_version,
|
112
|
+
@os_version,
|
113
|
+
@os_platform
|
114
|
+
].pack('vvvv')
|
115
|
+
buf << @clsid.pack
|
116
|
+
buf << [@propsets.length].pack('V')
|
117
|
+
|
118
|
+
# Pack all the PropertySet children
|
119
|
+
data = []
|
120
|
+
@propsets.each { |p|
|
121
|
+
data << p.pack_data
|
122
|
+
}
|
123
|
+
|
124
|
+
# Next, add all the FMTID and Offset headers
|
125
|
+
off = buf.length + (20 * @propsets.length)
|
126
|
+
@propsets.each_with_index { |ps,x|
|
127
|
+
buf << ps.pack_fno(off)
|
128
|
+
off += data[x].length
|
129
|
+
}
|
130
|
+
|
131
|
+
# Finally, add all the data
|
132
|
+
buf << data.join
|
133
|
+
buf
|
134
|
+
end
|
135
|
+
|
136
|
+
def to_s
|
137
|
+
"Rex::OLE::PropertySetStream - to_s unimplemented"
|
138
|
+
end
|
139
|
+
|
140
|
+
end
|
141
|
+
|
142
|
+
|
143
|
+
end
|
144
|
+
end
|
@@ -0,0 +1,102 @@
|
|
1
|
+
require 'rexml/document'
|
2
|
+
require 'rex/ui'
|
3
|
+
|
4
|
+
module Rex
|
5
|
+
module Parser
|
6
|
+
|
7
|
+
|
8
|
+
class IP360ASPLXMLStreamParser
|
9
|
+
|
10
|
+
@vulnid = nil
|
11
|
+
@appid = nil
|
12
|
+
@location = nil
|
13
|
+
|
14
|
+
attr_accessor :on_found_aspl
|
15
|
+
|
16
|
+
def initialize(&block)
|
17
|
+
reset_state
|
18
|
+
on_found_aspl = block if block
|
19
|
+
end
|
20
|
+
|
21
|
+
def reset_state
|
22
|
+
@aspl = {'vulns' => {'name' => { }, 'cve' => { }, 'bid' => { } },
|
23
|
+
'oses' => {'name' => { } } }
|
24
|
+
@state = :generic_state
|
25
|
+
end
|
26
|
+
|
27
|
+
def tag_start(name, attributes)
|
28
|
+
case name
|
29
|
+
when "vulns"
|
30
|
+
@location = "vulns"
|
31
|
+
when "vuln"
|
32
|
+
@vulnid = attributes['id'].strip
|
33
|
+
when "name"
|
34
|
+
@state = :is_name
|
35
|
+
when "advisories"
|
36
|
+
@c = ""
|
37
|
+
@cfirst = 1
|
38
|
+
@b = ""
|
39
|
+
@bfirst = 1
|
40
|
+
@x = Hash.new
|
41
|
+
when "publisher"
|
42
|
+
@state = :is_pub
|
43
|
+
when "id"
|
44
|
+
@state = :is_refid
|
45
|
+
when "operatingSystems"
|
46
|
+
@location = "os"
|
47
|
+
when "operatingSystem"
|
48
|
+
@osid = attributes['id'].strip
|
49
|
+
end
|
50
|
+
end
|
51
|
+
|
52
|
+
def text(str)
|
53
|
+
case @state
|
54
|
+
when :is_name
|
55
|
+
@aspl['vulns']['name'][@vulnid] = str if @location == "vulns"
|
56
|
+
@aspl['oses'][@osid] = str if @location == "os"
|
57
|
+
when :is_pub
|
58
|
+
@x['pub'] = str
|
59
|
+
when :is_refid
|
60
|
+
@x['refid'] = str
|
61
|
+
end
|
62
|
+
end
|
63
|
+
|
64
|
+
def tag_end(name)
|
65
|
+
case name
|
66
|
+
when "ontology"
|
67
|
+
on_found_aspl.call(@aspl) if on_found_aspl
|
68
|
+
reset_state
|
69
|
+
when "advisory"
|
70
|
+
if (@x['pub'] =~ /CVE/)
|
71
|
+
if (@cfirst == 0)
|
72
|
+
@c += ","
|
73
|
+
end
|
74
|
+
@c += @x['refid']
|
75
|
+
@cfirst = 0
|
76
|
+
elsif (@x['pub'] =~ /BugTraq/)
|
77
|
+
if (@bfirst == 0)
|
78
|
+
@b += ","
|
79
|
+
end
|
80
|
+
@b += @x['refid']
|
81
|
+
@bfirst = 0
|
82
|
+
end
|
83
|
+
when "advisories"
|
84
|
+
@aspl['vulns']['cve'][@vulnid] = @c
|
85
|
+
@aspl['vulns']['bid'][@vulnid] = @b
|
86
|
+
@c = ""
|
87
|
+
@b = ""
|
88
|
+
end
|
89
|
+
@state = :generic_state
|
90
|
+
end
|
91
|
+
|
92
|
+
# We don't need these methods, but they're necessary to keep REXML happy
|
93
|
+
#
|
94
|
+
def xmldecl(version, encoding, standalone); end
|
95
|
+
def cdata; end
|
96
|
+
def comment(str); end
|
97
|
+
def instruction(name, instruction); end
|
98
|
+
def attlist; end
|
99
|
+
end
|
100
|
+
|
101
|
+
end
|
102
|
+
end
|
@@ -0,0 +1,93 @@
|
|
1
|
+
require 'rexml/document'
|
2
|
+
require 'rex/ui'
|
3
|
+
|
4
|
+
module Rex
|
5
|
+
module Parser
|
6
|
+
|
7
|
+
|
8
|
+
class IP360XMLStreamParser
|
9
|
+
|
10
|
+
attr_accessor :on_found_host
|
11
|
+
|
12
|
+
def initialize(&block)
|
13
|
+
reset_state
|
14
|
+
on_found_host = block if block
|
15
|
+
end
|
16
|
+
|
17
|
+
def reset_state
|
18
|
+
@host = {'hname' => nil, 'hid' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil,
|
19
|
+
'vulns' => ['vuln' => {'vulnid' => nil, 'port' => nil, 'proto' => nil} ],
|
20
|
+
'apps' => ['app' => {'appid' => nil, 'svcid' => nil, 'port' => nil, 'proto' => nil } ],
|
21
|
+
}
|
22
|
+
@state = :generic_state
|
23
|
+
end
|
24
|
+
|
25
|
+
def tag_start(name, attributes)
|
26
|
+
case name
|
27
|
+
when "host"
|
28
|
+
@host['hid'] = attributes['persistent_id']
|
29
|
+
when "ip"
|
30
|
+
@state = :is_ip
|
31
|
+
when "dnsName"
|
32
|
+
@state = :is_fqdn
|
33
|
+
when "macAddress"
|
34
|
+
@state = :is_mac
|
35
|
+
when "os"
|
36
|
+
@host['os'] = attributes['id']
|
37
|
+
when "vulnerability"
|
38
|
+
@x = Hash.new
|
39
|
+
@x['vulnid'] = attributes['id']
|
40
|
+
when "port"
|
41
|
+
@state = :is_port
|
42
|
+
when "protocol"
|
43
|
+
@state = :is_proto
|
44
|
+
when "application"
|
45
|
+
@y = Hash.new
|
46
|
+
@y['appid'] = attributes['application_id']
|
47
|
+
@y['svcid'] = attributes['svcid']
|
48
|
+
@y['port'] = attributes['port']
|
49
|
+
@y['proto'] = attributes['protocol']
|
50
|
+
@host['apps'].push @y
|
51
|
+
end
|
52
|
+
end
|
53
|
+
|
54
|
+
def text(str)
|
55
|
+
case @state
|
56
|
+
when :is_fqdn
|
57
|
+
@host['hname'] = str
|
58
|
+
when :is_ip
|
59
|
+
@host['addr'] = str
|
60
|
+
when :is_mac
|
61
|
+
@host['mac'] = str
|
62
|
+
when :is_port
|
63
|
+
@x['port'] = str
|
64
|
+
when :is_proto
|
65
|
+
@x['proto'] = str
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def tag_end(name)
|
70
|
+
case name
|
71
|
+
when "host"
|
72
|
+
on_found_host.call(@host) if on_found_host
|
73
|
+
reset_state
|
74
|
+
when "vulnerability"
|
75
|
+
@host['vulns'].push @x
|
76
|
+
end
|
77
|
+
@state = :generic_state
|
78
|
+
end
|
79
|
+
|
80
|
+
def cdata(d)
|
81
|
+
#do nothing
|
82
|
+
end
|
83
|
+
|
84
|
+
# We don't need these methods, but they're necessary to keep REXML happy
|
85
|
+
#
|
86
|
+
def xmldecl(version, encoding, standalone); end
|
87
|
+
def comment(str); end
|
88
|
+
def instruction(name, instruction); end
|
89
|
+
def attlist; end
|
90
|
+
end
|
91
|
+
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,118 @@
|
|
1
|
+
require 'rexml/document'
|
2
|
+
require 'rex/ui'
|
3
|
+
|
4
|
+
module Rex
|
5
|
+
module Parser
|
6
|
+
|
7
|
+
|
8
|
+
class NessusXMLStreamParser
|
9
|
+
|
10
|
+
attr_accessor :on_found_host
|
11
|
+
|
12
|
+
def initialize(&block)
|
13
|
+
reset_state
|
14
|
+
on_found_host = block if block
|
15
|
+
end
|
16
|
+
|
17
|
+
def reset_state
|
18
|
+
@host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
|
19
|
+
'port' => {'port' => nil, 'svc_name' => nil, 'proto' => nil, 'severity' => nil,
|
20
|
+
'nasl' => nil, 'description' => nil, 'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
|
21
|
+
@state = :generic_state
|
22
|
+
end
|
23
|
+
|
24
|
+
def tag_start(name, attributes)
|
25
|
+
case name
|
26
|
+
when "tag"
|
27
|
+
if attributes['name'] == "mac-address"
|
28
|
+
@state = :is_mac
|
29
|
+
end
|
30
|
+
if attributes['name'] == "host-fqdn"
|
31
|
+
@state = :is_fqdn
|
32
|
+
end
|
33
|
+
if attributes['name'] == "ip-addr"
|
34
|
+
@state = :is_ip
|
35
|
+
end
|
36
|
+
if attributes['name'] == "host-ip"
|
37
|
+
@state = :is_ip
|
38
|
+
end
|
39
|
+
if attributes['name'] == "operating-system"
|
40
|
+
@state = :is_os
|
41
|
+
end
|
42
|
+
when "ReportHost"
|
43
|
+
@host['hname'] = attributes['name']
|
44
|
+
when "ReportItem"
|
45
|
+
@cve = Array.new
|
46
|
+
@bid = Array.new
|
47
|
+
@xref = Array.new
|
48
|
+
@x = Hash.new
|
49
|
+
@x['nasl'] = attributes['pluginID']
|
50
|
+
@x['port'] = attributes['port']
|
51
|
+
@x['proto'] = attributes['protocol']
|
52
|
+
@x['svc_name'] = attributes['svc_name']
|
53
|
+
@x['severity'] = attributes['severity']
|
54
|
+
when "description"
|
55
|
+
@state = :is_desc
|
56
|
+
when "cve"
|
57
|
+
@state = :is_cve
|
58
|
+
when "bid"
|
59
|
+
@state = :is_bid
|
60
|
+
when "xref"
|
61
|
+
@state = :is_xref
|
62
|
+
when "solution"
|
63
|
+
@state = :is_solution
|
64
|
+
when "metasploit_name"
|
65
|
+
@state = :msf
|
66
|
+
end
|
67
|
+
end
|
68
|
+
|
69
|
+
def text(str)
|
70
|
+
case @state
|
71
|
+
when :is_fqdn
|
72
|
+
@host['hname'] = str
|
73
|
+
when :is_ip
|
74
|
+
@host['addr'] = str
|
75
|
+
when :is_os
|
76
|
+
@host['os'] = str
|
77
|
+
when :is_mac
|
78
|
+
@host['mac'] = str
|
79
|
+
when :is_desc
|
80
|
+
@x['description'] = str
|
81
|
+
when :is_cve
|
82
|
+
@cve.push str
|
83
|
+
when :is_bid
|
84
|
+
@bid.push str
|
85
|
+
when :is_xref
|
86
|
+
@xref.push str
|
87
|
+
when :msf
|
88
|
+
#p str
|
89
|
+
@x['msf'] = str
|
90
|
+
end
|
91
|
+
end
|
92
|
+
|
93
|
+
def tag_end(name)
|
94
|
+
case name
|
95
|
+
when "ReportHost"
|
96
|
+
on_found_host.call(@host) if on_found_host
|
97
|
+
reset_state
|
98
|
+
when "ReportItem"
|
99
|
+
@x['cve'] = @cve
|
100
|
+
@x['bid'] = @bid
|
101
|
+
@x['xref'] = @xref
|
102
|
+
@host['ports'].push @x
|
103
|
+
end
|
104
|
+
@state = :generic_state
|
105
|
+
end
|
106
|
+
|
107
|
+
# We don't need these methods, but they're necessary to keep REXML happy
|
108
|
+
#
|
109
|
+
def xmldecl(version, encoding, standalone); end
|
110
|
+
def cdata; end
|
111
|
+
def comment(str); end
|
112
|
+
def instruction(name, instruction); end
|
113
|
+
def attlist; end
|
114
|
+
end
|
115
|
+
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|