librex 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (68) hide show
  1. data/README.md +1 -1
  2. data/Rakefile +13 -0
  3. data/lib/rex.rb +4 -1
  4. data/lib/rex/assembly/nasm.rb +4 -0
  5. data/lib/rex/compat.rb +31 -1
  6. data/lib/rex/encoder/alpha2/generic.rb +11 -10
  7. data/lib/rex/exceptions.rb +1 -1
  8. data/lib/rex/exploitation/egghunter.rb +27 -0
  9. data/lib/rex/file.rb +13 -0
  10. data/lib/rex/io/stream.rb +9 -1
  11. data/lib/rex/io/stream_abstraction.rb +18 -7
  12. data/lib/rex/io/stream_server.rb +2 -2
  13. data/lib/rex/job_container.rb +1 -1
  14. data/lib/rex/mime/message.rb +5 -4
  15. data/lib/rex/ole.rb +83 -6
  16. data/lib/rex/ole/propset.rb +144 -0
  17. data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
  18. data/lib/rex/parser/ip360_xml.rb +93 -0
  19. data/lib/rex/parser/nessus_xml.rb +118 -0
  20. data/lib/rex/parser/netsparker_xml.rb +94 -0
  21. data/lib/rex/parser/retina_xml.rb +109 -0
  22. data/lib/rex/post/meterpreter/channel.rb +15 -8
  23. data/lib/rex/post/meterpreter/client.rb +32 -3
  24. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
  25. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
  26. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
  27. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
  28. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
  29. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
  30. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
  31. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
  32. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
  33. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
  34. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
  35. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
  36. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
  37. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
  38. data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
  39. data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
  40. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
  41. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
  42. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
  43. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
  44. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
  45. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
  46. data/lib/rex/proto/dhcp/server.rb +8 -4
  47. data/lib/rex/proto/http/client.rb +19 -45
  48. data/lib/rex/proto/http/packet.rb +8 -5
  49. data/lib/rex/proto/http/response.rb +8 -3
  50. data/lib/rex/proto/http/server.rb +1 -1
  51. data/lib/rex/proto/proxy/socks4a.rb +4 -4
  52. data/lib/rex/proto/rfb.rb +19 -0
  53. data/lib/rex/proto/rfb.rb.ut.rb +37 -0
  54. data/lib/rex/proto/rfb/cipher.rb +78 -0
  55. data/lib/rex/proto/rfb/client.rb +207 -0
  56. data/lib/rex/proto/rfb/constants.rb +52 -0
  57. data/lib/rex/proto/tftp/server.rb +20 -17
  58. data/lib/rex/services/local_relay.rb +1 -1
  59. data/lib/rex/socket.rb +69 -10
  60. data/lib/rex/socket/comm/local.rb +7 -4
  61. data/lib/rex/socket/range_walker.rb +14 -1
  62. data/lib/rex/text.rb +28 -3
  63. data/lib/rex/text.rb.ut.rb +14 -0
  64. data/lib/rex/thread_factory.rb +42 -0
  65. data/lib/rex/ui/text/input/buffer.rb +1 -1
  66. data/lib/rex/zip/archive.rb +74 -9
  67. data/lib/rex/zip/entry.rb +6 -1
  68. metadata +22 -7
@@ -0,0 +1,144 @@
1
+ ##
2
+ # $Id: propset.rb 11444 2010-12-29 17:07:46Z jduck $
3
+ # Version: $Revision: 11444 $
4
+ ##
5
+
6
+ ##
7
+ # Rex::OLE - an OLE implementation
8
+ # written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>
9
+ ##
10
+
11
+ module Rex
12
+ module OLE
13
+
14
+ class Property
15
+
16
+ def initialize(id, type, data)
17
+ @id = id
18
+ @type = type
19
+ @data = data
20
+ end
21
+
22
+ def pack_pio(off = 0)
23
+ [ @id, off ].pack('V*')
24
+ end
25
+
26
+ def pack_data
27
+ buf = [ @type ].pack('V')
28
+ case @type
29
+ when VT_BLOB
30
+ buf << [ @data.length ].pack('V')
31
+ when VT_CF
32
+ buf << [ 4 + @data.length, -1 ].pack('V*')
33
+ end
34
+ buf << @data
35
+ buf
36
+ end
37
+
38
+ def to_s
39
+ "Rex::OLE::Property - to_s unimplemented"
40
+ end
41
+
42
+ end
43
+
44
+ class PropertySet
45
+
46
+ def initialize(fmtid = nil)
47
+ @fmtid = CLSID.new(fmtid)
48
+ @properties = []
49
+ end
50
+
51
+ def <<(val)
52
+ @properties << val
53
+ end
54
+
55
+ def pack_fno(off = 0)
56
+ @fmtid.pack + [ off ].pack('V')
57
+ end
58
+
59
+ def pack_data
60
+ # Pack all the property data
61
+ data = []
62
+ dlen = 0
63
+ @properties.each { |p|
64
+ dat = p.pack_data
65
+ dlen += dat.length
66
+ data << dat
67
+ }
68
+
69
+ buf = ''
70
+ # First the header
71
+ off = 8 + (@properties.length * 8)
72
+ buf << [ off + dlen, @properties.length ].pack('V*')
73
+ # Now, the Property Id and Offset for each
74
+ @properties.each_with_index { |p,x|
75
+ buf << p.pack_pio(off)
76
+ off += data[x].length
77
+ }
78
+ # Finally, all the data
79
+ buf << data.join
80
+ buf
81
+ end
82
+
83
+ def to_s
84
+ "Rex::OLE::PropertySet - to_s unimplemented"
85
+ end
86
+
87
+ end
88
+
89
+ class PropertySetStream
90
+
91
+ def initialize
92
+ @byte_order = 0xfffe
93
+ @ole_version = 0
94
+ @os_version = 1
95
+ @os_platform = 2
96
+ @clsid = CLSID.new
97
+
98
+ @propsets = []
99
+ end
100
+
101
+ def <<(ps)
102
+ @propsets << ps
103
+ end
104
+
105
+ def pack
106
+ buf = ''
107
+
108
+ # First, add the header
109
+ buf << [
110
+ @byte_order,
111
+ @ole_version,
112
+ @os_version,
113
+ @os_platform
114
+ ].pack('vvvv')
115
+ buf << @clsid.pack
116
+ buf << [@propsets.length].pack('V')
117
+
118
+ # Pack all the PropertySet children
119
+ data = []
120
+ @propsets.each { |p|
121
+ data << p.pack_data
122
+ }
123
+
124
+ # Next, add all the FMTID and Offset headers
125
+ off = buf.length + (20 * @propsets.length)
126
+ @propsets.each_with_index { |ps,x|
127
+ buf << ps.pack_fno(off)
128
+ off += data[x].length
129
+ }
130
+
131
+ # Finally, add all the data
132
+ buf << data.join
133
+ buf
134
+ end
135
+
136
+ def to_s
137
+ "Rex::OLE::PropertySetStream - to_s unimplemented"
138
+ end
139
+
140
+ end
141
+
142
+
143
+ end
144
+ end
@@ -0,0 +1,102 @@
1
+ require 'rexml/document'
2
+ require 'rex/ui'
3
+
4
+ module Rex
5
+ module Parser
6
+
7
+
8
+ class IP360ASPLXMLStreamParser
9
+
10
+ @vulnid = nil
11
+ @appid = nil
12
+ @location = nil
13
+
14
+ attr_accessor :on_found_aspl
15
+
16
+ def initialize(&block)
17
+ reset_state
18
+ on_found_aspl = block if block
19
+ end
20
+
21
+ def reset_state
22
+ @aspl = {'vulns' => {'name' => { }, 'cve' => { }, 'bid' => { } },
23
+ 'oses' => {'name' => { } } }
24
+ @state = :generic_state
25
+ end
26
+
27
+ def tag_start(name, attributes)
28
+ case name
29
+ when "vulns"
30
+ @location = "vulns"
31
+ when "vuln"
32
+ @vulnid = attributes['id'].strip
33
+ when "name"
34
+ @state = :is_name
35
+ when "advisories"
36
+ @c = ""
37
+ @cfirst = 1
38
+ @b = ""
39
+ @bfirst = 1
40
+ @x = Hash.new
41
+ when "publisher"
42
+ @state = :is_pub
43
+ when "id"
44
+ @state = :is_refid
45
+ when "operatingSystems"
46
+ @location = "os"
47
+ when "operatingSystem"
48
+ @osid = attributes['id'].strip
49
+ end
50
+ end
51
+
52
+ def text(str)
53
+ case @state
54
+ when :is_name
55
+ @aspl['vulns']['name'][@vulnid] = str if @location == "vulns"
56
+ @aspl['oses'][@osid] = str if @location == "os"
57
+ when :is_pub
58
+ @x['pub'] = str
59
+ when :is_refid
60
+ @x['refid'] = str
61
+ end
62
+ end
63
+
64
+ def tag_end(name)
65
+ case name
66
+ when "ontology"
67
+ on_found_aspl.call(@aspl) if on_found_aspl
68
+ reset_state
69
+ when "advisory"
70
+ if (@x['pub'] =~ /CVE/)
71
+ if (@cfirst == 0)
72
+ @c += ","
73
+ end
74
+ @c += @x['refid']
75
+ @cfirst = 0
76
+ elsif (@x['pub'] =~ /BugTraq/)
77
+ if (@bfirst == 0)
78
+ @b += ","
79
+ end
80
+ @b += @x['refid']
81
+ @bfirst = 0
82
+ end
83
+ when "advisories"
84
+ @aspl['vulns']['cve'][@vulnid] = @c
85
+ @aspl['vulns']['bid'][@vulnid] = @b
86
+ @c = ""
87
+ @b = ""
88
+ end
89
+ @state = :generic_state
90
+ end
91
+
92
+ # We don't need these methods, but they're necessary to keep REXML happy
93
+ #
94
+ def xmldecl(version, encoding, standalone); end
95
+ def cdata; end
96
+ def comment(str); end
97
+ def instruction(name, instruction); end
98
+ def attlist; end
99
+ end
100
+
101
+ end
102
+ end
@@ -0,0 +1,93 @@
1
+ require 'rexml/document'
2
+ require 'rex/ui'
3
+
4
+ module Rex
5
+ module Parser
6
+
7
+
8
+ class IP360XMLStreamParser
9
+
10
+ attr_accessor :on_found_host
11
+
12
+ def initialize(&block)
13
+ reset_state
14
+ on_found_host = block if block
15
+ end
16
+
17
+ def reset_state
18
+ @host = {'hname' => nil, 'hid' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil,
19
+ 'vulns' => ['vuln' => {'vulnid' => nil, 'port' => nil, 'proto' => nil} ],
20
+ 'apps' => ['app' => {'appid' => nil, 'svcid' => nil, 'port' => nil, 'proto' => nil } ],
21
+ }
22
+ @state = :generic_state
23
+ end
24
+
25
+ def tag_start(name, attributes)
26
+ case name
27
+ when "host"
28
+ @host['hid'] = attributes['persistent_id']
29
+ when "ip"
30
+ @state = :is_ip
31
+ when "dnsName"
32
+ @state = :is_fqdn
33
+ when "macAddress"
34
+ @state = :is_mac
35
+ when "os"
36
+ @host['os'] = attributes['id']
37
+ when "vulnerability"
38
+ @x = Hash.new
39
+ @x['vulnid'] = attributes['id']
40
+ when "port"
41
+ @state = :is_port
42
+ when "protocol"
43
+ @state = :is_proto
44
+ when "application"
45
+ @y = Hash.new
46
+ @y['appid'] = attributes['application_id']
47
+ @y['svcid'] = attributes['svcid']
48
+ @y['port'] = attributes['port']
49
+ @y['proto'] = attributes['protocol']
50
+ @host['apps'].push @y
51
+ end
52
+ end
53
+
54
+ def text(str)
55
+ case @state
56
+ when :is_fqdn
57
+ @host['hname'] = str
58
+ when :is_ip
59
+ @host['addr'] = str
60
+ when :is_mac
61
+ @host['mac'] = str
62
+ when :is_port
63
+ @x['port'] = str
64
+ when :is_proto
65
+ @x['proto'] = str
66
+ end
67
+ end
68
+
69
+ def tag_end(name)
70
+ case name
71
+ when "host"
72
+ on_found_host.call(@host) if on_found_host
73
+ reset_state
74
+ when "vulnerability"
75
+ @host['vulns'].push @x
76
+ end
77
+ @state = :generic_state
78
+ end
79
+
80
+ def cdata(d)
81
+ #do nothing
82
+ end
83
+
84
+ # We don't need these methods, but they're necessary to keep REXML happy
85
+ #
86
+ def xmldecl(version, encoding, standalone); end
87
+ def comment(str); end
88
+ def instruction(name, instruction); end
89
+ def attlist; end
90
+ end
91
+
92
+ end
93
+ end
@@ -0,0 +1,118 @@
1
+ require 'rexml/document'
2
+ require 'rex/ui'
3
+
4
+ module Rex
5
+ module Parser
6
+
7
+
8
+ class NessusXMLStreamParser
9
+
10
+ attr_accessor :on_found_host
11
+
12
+ def initialize(&block)
13
+ reset_state
14
+ on_found_host = block if block
15
+ end
16
+
17
+ def reset_state
18
+ @host = {'hname' => nil, 'addr' => nil, 'mac' => nil, 'os' => nil, 'ports' => [
19
+ 'port' => {'port' => nil, 'svc_name' => nil, 'proto' => nil, 'severity' => nil,
20
+ 'nasl' => nil, 'description' => nil, 'cve' => [], 'bid' => [], 'xref' => [], 'msf' => nil } ] }
21
+ @state = :generic_state
22
+ end
23
+
24
+ def tag_start(name, attributes)
25
+ case name
26
+ when "tag"
27
+ if attributes['name'] == "mac-address"
28
+ @state = :is_mac
29
+ end
30
+ if attributes['name'] == "host-fqdn"
31
+ @state = :is_fqdn
32
+ end
33
+ if attributes['name'] == "ip-addr"
34
+ @state = :is_ip
35
+ end
36
+ if attributes['name'] == "host-ip"
37
+ @state = :is_ip
38
+ end
39
+ if attributes['name'] == "operating-system"
40
+ @state = :is_os
41
+ end
42
+ when "ReportHost"
43
+ @host['hname'] = attributes['name']
44
+ when "ReportItem"
45
+ @cve = Array.new
46
+ @bid = Array.new
47
+ @xref = Array.new
48
+ @x = Hash.new
49
+ @x['nasl'] = attributes['pluginID']
50
+ @x['port'] = attributes['port']
51
+ @x['proto'] = attributes['protocol']
52
+ @x['svc_name'] = attributes['svc_name']
53
+ @x['severity'] = attributes['severity']
54
+ when "description"
55
+ @state = :is_desc
56
+ when "cve"
57
+ @state = :is_cve
58
+ when "bid"
59
+ @state = :is_bid
60
+ when "xref"
61
+ @state = :is_xref
62
+ when "solution"
63
+ @state = :is_solution
64
+ when "metasploit_name"
65
+ @state = :msf
66
+ end
67
+ end
68
+
69
+ def text(str)
70
+ case @state
71
+ when :is_fqdn
72
+ @host['hname'] = str
73
+ when :is_ip
74
+ @host['addr'] = str
75
+ when :is_os
76
+ @host['os'] = str
77
+ when :is_mac
78
+ @host['mac'] = str
79
+ when :is_desc
80
+ @x['description'] = str
81
+ when :is_cve
82
+ @cve.push str
83
+ when :is_bid
84
+ @bid.push str
85
+ when :is_xref
86
+ @xref.push str
87
+ when :msf
88
+ #p str
89
+ @x['msf'] = str
90
+ end
91
+ end
92
+
93
+ def tag_end(name)
94
+ case name
95
+ when "ReportHost"
96
+ on_found_host.call(@host) if on_found_host
97
+ reset_state
98
+ when "ReportItem"
99
+ @x['cve'] = @cve
100
+ @x['bid'] = @bid
101
+ @x['xref'] = @xref
102
+ @host['ports'].push @x
103
+ end
104
+ @state = :generic_state
105
+ end
106
+
107
+ # We don't need these methods, but they're necessary to keep REXML happy
108
+ #
109
+ def xmldecl(version, encoding, standalone); end
110
+ def cdata; end
111
+ def comment(str); end
112
+ def instruction(name, instruction); end
113
+ def attlist; end
114
+ end
115
+
116
+ end
117
+ end
118
+