librex 0.0.5 → 0.0.6

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb

@@ -56,16 +56,15 @@ class Console::CommandDispatcher::Sniffer
 	end
 	
 	def cmd_sniffer_start(*args)
-		intf = args[0].to_i
+		intf = args.shift.to_i
 		if (intf == 0)
 			print_error("Usage: sniffer_start [interface-id] [packet-buffer (1-200000)] [bpf filter (posix meterpreter only)]")
 			return
 		end
-		maxp = args[1].to_i
-		maxp = 50000 if maxp == 0
-		filter = args[2..-1].join(" ")
+		maxp = (args.shift || 50000).to_i
+		bpf  = args.join(" ")
 		
-		client.sniffer.capture_start(intf, maxp, filter)
+		client.sniffer.capture_start(intf, maxp, bpf)
 		print_status("Capture started on interface #{intf} (#{maxp} packet buffer)")
 		return true
 	end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb

@@ -16,6 +16,7 @@ class Console::CommandDispatcher::Stdapi
 	require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net'
 	require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys'
 	require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui'
+	require 'rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam'
 
 	Klass = Console::CommandDispatcher::Stdapi
 
@@ -25,6 +26,7 @@ class Console::CommandDispatcher::Stdapi
 			Klass::Net,
 			Klass::Sys,
 			Klass::Ui,
+			Klass::Webcam,
 		]
 
 	include Console::CommandDispatcher

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb

@@ -223,7 +223,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 			stat = client.fs.file.stat(src)
 
 			if (stat.directory?)
-				client.fs.dir.download(dest, src, recursive) { |step, src, dst|
+				client.fs.dir.download(dest, src, recursive, true) { |step, src, dst|
 					print_status("#{step.ljust(11)}: #{src} -> #{dst}")
 				}
 			elsif (stat.file?)
@@ -247,7 +247,9 @@ class Console::CommandDispatcher::Stdapi::Fs
 		end
 
 		# Get a temporary file path
-		temp_path = Tempfile.new('meterp').path
+		meterp_temp = Tempfile.new('meterp')
+		meterp_temp.binmode
+		temp_path = meterp_temp.path
 
 		begin
 			# Download the remote file to the temporary file

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb

@@ -0,0 +1,157 @@
+require 'rex/post/meterpreter'
+
+module Rex
+module Post
+module Meterpreter
+module Ui
+
+###
+#
+# Webcam - Capture video from the remote system
+#
+###
+class Console::CommandDispatcher::Stdapi::Webcam
+
+	Klass = Console::CommandDispatcher::Stdapi::Webcam
+
+	include Console::CommandDispatcher
+
+	#
+	# List of supported commands.
+	#
+	def commands
+		{
+			"webcam_list"   => "List webcams",
+			"webcam_snap"   => "Take a snapshot from the specified webcam",
+			"record_mic"    => "Record audio from the default microphone for X seconds"
+		}
+	end
+
+	#
+	# Name for this dispatcher
+	#
+	def name
+		"Stdapi: Webcam"
+	end
+
+	def cmd_webcam_list
+		begin
+			client.webcam.webcam_list.each_with_index { |name, indx| 
+				print_line("#{indx + 1}: #{name}")
+			}
+			return true
+		rescue
+			print_error("No webcams were found")
+			return false
+		end
+	end
+
+	def cmd_webcam_snap(*args)
+		path    = Rex::Text.rand_text_alpha(8) + ".jpeg"
+		quality = 50
+		view    = true
+		index   = 1
+		wc_list = []		
+
+		webcam_snap_opts = Rex::Parser::Arguments.new(
+			"-h" => [ false, "Help Banner" ],
+			"-i" => [ true, "The index of the webcam to use (Default: 1)" ],
+			"-q" => [ true, "The JPEG image quality (Default: '#{quality}')" ],
+			"-p" => [ true, "The JPEG image path (Default: '#{path}')" ],
+			"-v" => [ true, "Automatically view the JPEG image (Default: '#{view}')" ]
+		)
+
+		webcam_snap_opts.parse( args ) { | opt, idx, val |
+			case opt
+				when "-h"
+					print_line( "Usage: webcam_snap [options]\n" )
+					print_line( "Grab a frame from the specified webcam." )
+					print_line( webcam_snap_opts.usage )
+					return
+				when "-i"
+					index = val.to_i
+				when "-q"
+					quality = val.to_i
+				when "-p"
+					path = val
+				when "-v"
+					view = false if ( val =~ /^(f|n|0)/i )
+			end
+		}
+		begin 
+			wc_list << client.webcam.webcam_list
+		rescue
+		end
+		if wc_list.length > 0
+			print_status("Starting...")
+			client.webcam.webcam_start(index)
+			data = client.webcam.webcam_get_frame(quality)
+			print_good("Got frame")
+			client.webcam.webcam_stop
+			print_status("Stopped")
+
+			if( data )
+				::File.open( path, 'wb' ) do |fd|
+					fd.write( data )
+				end
+				path = ::File.expand_path( path )
+				print_line( "Webcam shot saved to: #{path}" )
+				Rex::Compat.open_file( path ) if view
+			end
+			return true
+		else
+			print_error("No webcams where found")
+			return false
+		end
+	end
+
+	def cmd_record_mic(*args)
+		path    = Rex::Text.rand_text_alpha(8) + ".wav"
+		play    = true
+		duration   = 1	
+
+		record_mic_opts = Rex::Parser::Arguments.new(
+			"-h" => [ false, "Help Banner" ],
+			"-d" => [ true, "Number of seconds to record (Default: 1)" ],
+			"-f" => [ true, "The wav file path (Default: '#{::File.expand_path( "[randomname].wav" )}')" ],
+			"-p" => [ true, "Automatically play the captured audio (Default: '#{play}')" ]
+		)
+
+		record_mic_opts.parse( args ) { | opt, idx, val |
+			case opt
+				when "-h"
+					print_line( "Usage: record_mic [options]\n" )
+					print_line( "Records audio from the default microphone." )
+					print_line( record_mic_opts.usage )
+					return
+				when "-d"
+					duration = val.to_i
+				when "-f"
+					path = val
+				when "-p"
+					play = false if ( val =~ /^(f|n|0)/i )
+			end
+		}
+
+		print_status("Starting...")
+		data = client.webcam.record_mic(duration)
+		print_status("Stopped")
+
+		if( data )
+			::File.open( path, 'wb' ) do |fd|
+				fd.write( data )
+			end
+			path = ::File.expand_path( path )
+			print_line( "Audio saved to: #{path}" )
+			Rex::Compat.play_sound( path ) if play
+		end
+		return true
+	end
+
+end
+
+end
+end
+end
+end
+

data/lib/rex/proto/dhcp/server.rb

@@ -1,4 +1,4 @@
-# $Id: server.rb 10261 2010-09-08 17:06:31Z jduck $
+# $Id: server.rb 11003 2010-11-12 06:19:49Z hdm $
 
 require 'rex/socket'
 require 'rex/proto/dhcp'
@@ -36,7 +36,9 @@ class Server
 		if ipstart
 			self.start_ip = Rex::Socket.addr_atoi(ipstart)
 		else
-			self.start_ip = "#{self.ipstring[0..2]}\x20" #default range x.x.x.32-254
+			# Use the first 3 octects of the server's IP to construct the
+			# default range of x.x.x.32-254
+			self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first
 		end
 		self.current_ip = start_ip
 
@@ -44,7 +46,9 @@ class Server
 		if ipend
 			self.end_ip = Rex::Socket.addr_atoi(ipend)
 		else
-			self.end_ip = "#{self.ipstring[0..2]}\xfe"
+			# Use the first 3 octects of the server's IP to construct the
+			# default range of x.x.x.32-254
+			self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first
 		end
 
 		# netmask
@@ -95,7 +99,7 @@ class Server
 			'Context'   => context
 		)
 
-		self.thread = Thread.new {
+		self.thread = Rex::ThreadFactory.spawn("DHCPServerMonitor", false) {
 			monitor_socket
 		}
 	end

data/lib/rex/proto/http/client.rb

@@ -328,7 +328,9 @@ class Client
 	def send_recv(req, t = -1, persist=false)
 		@pipeline = persist
 		send_request(req)
-		read_response(t)
+		res = read_response(t)
+		res.request = req.to_s if res
+		res
 	end
 
 	#
@@ -361,10 +363,12 @@ class Client
 			         rv != Packet::ParseCode::Completed and
 			         rv != Packet::ParseCode::Error
 		          )
+
 				begin
-					buff = conn.get_once(-1, 1)
-					rv   = resp.parse( buff || '')
 
+					buff = conn.get_once(-1, 1)
+					rv   = resp.parse( buff || '' )
+		
 				##########################################################################
 				# XXX: NOTE: BUG: get_once currently (as of r10042) rescues "Exception"
 				# As such, the following rescue block will ever be reached.  -jjd
@@ -390,7 +394,7 @@ class Client
 					rblob = rbody.to_s + rbufq.to_s
 					tries = 0
 					begin
-						# XXX This doesn't deal with chunked encoding or "Content-type: text/html; charset=..."
+						# XXX: This doesn't deal with chunked encoding or "Content-type: text/html; charset=..."
 						while tries < 1000 and resp.headers["Content-Type"]== "text/html" and rblob !~ /<\/html>/i
 							buff = conn.get_once(-1, 0.05)
 							break if not buff
@@ -405,50 +409,20 @@ class Client
 				end
 			end
 		end
-		resp
-	end
-
-	#
-	# Read a response from the server (starting with existing data)
-	#
-	def reread_response(resp, t = -1)
-
-		resp.max_data = config['read_max_data']
-		resp.reset_except_queue
-		resp.parse('')
-
-		# Wait at most t seconds for the full response to be read in.  We only
-		# do this if t was specified as a negative value indicating an infinite
-		# wait cycle.  If t were specified as nil it would indicate that no
-		# response parsing is required.
-
-		return resp if not t
-
-		Timeout.timeout((t < 0) ? nil : t) do
 
-			rv = resp.state
+		return resp if not resp
 
-			while (
-			         rv != Packet::ParseCode::Completed and
-			         rv != Packet::ParseCode::Error
-		          )
-				begin
-					buff = conn.get
-					rv   = resp.parse( buff || '')
-
-				# Handle unexpected disconnects
-				rescue ::Errno::EPIPE, ::EOFError, ::IOError
-					case resp.state
-					when Packet::ParseState::ProcessingHeader
-						resp = nil
-					when Packet::ParseState::ProcessingBody
-						# truncated request, good enough
-						resp.error = :truncated
-					end
-					break
-				end
-			end
+		# As a last minute hack, we check to see if we're dealing with a 100 Continue here.
+		if resp.proto == '1.1' and resp.code == 100
+			# If so, our real response becaome the body, so we re-parse it.
+			body = resp.body
+			resp = Response.new
+			resp.max_data = config['read_max_data']
+			rv = resp.parse(body)
+			# XXX: At some point, this may benefit from processing post-completion code
+			# as seen above.
 		end
+
 		resp
 	end
 

data/lib/rex/proto/http/packet.rb

@@ -85,7 +85,8 @@ class Packet
 
 			# Continue on to the body if the header was processed
 			if(self.state == ParseState::ProcessingBody)
-				if (self.body_bytes_left == 0)
+				# Chunked encoding sets the parsing state on its own
+				if (self.body_bytes_left == 0 and not self.transfer_chunked)
 					self.state = ParseState::Completed
 				else
 					parse_body
@@ -165,7 +166,9 @@ class Packet
 	# Converts the packet to a string.
 	#
 	def to_s
-		content = self.body.dup
+		# Duplicate and make sure this is 8BIT safe for Ruby 1.9
+		content = self.body.unpack("C*").pack("C*")
+		
 		# Update the content length field in the header with the body length.
 		if (content)
 			if !self.compress.nil?
@@ -264,6 +267,7 @@ protected
 	def parse_header
 
 		head,data = self.bufq.split(/\r?\n\r?\n/, 2)
+		
 		return if not data
 
 		self.headers.from_s(head)
@@ -346,7 +350,7 @@ protected
 			clen = self.bufq.slice!(/^[a-fA-F0-9]+\r?\n/)
 
 			clen.rstrip! if (clen)
-
+			
 			# if we happen to fall upon the end of the buffer for the next chunk len and have no data left, go get some more...
 			if clen.nil? and self.bufq.length == 0
 				return
@@ -358,7 +362,7 @@ protected
 				return
 			end
 
-			self.body_bytes_left = clen.hex
+			self.body_bytes_left = clen.to_i(16)
 
 			if (self.body_bytes_left == 0)
 				self.bufq.sub!(/^\r?\n/s,'')
@@ -373,7 +377,6 @@ protected
 		# to our body state.
 		if (self.body_bytes_left > 0)
 			part = self.bufq.slice!(0, self.body_bytes_left)
-
 			self.body += part
 			self.body_bytes_left -= part.length
 		# Otherwise, just read it all.

data/lib/rex/proto/http/response.rb

@@ -74,12 +74,17 @@ class Response < Packet
 		"HTTP\/#{proto} #{code}#{(message and message.length > 0) ? ' ' + message : ''}\r\n"
 	end
 
-	attr_accessor :code
+	#
+	# Used to store a copy of the original request
+	#
+	attr_accessor :request 
+	
+	
+	attr_accessor :code 
 	attr_accessor :message
 	attr_accessor :proto
-
 end
 
 end
 end
-end
+end

data/lib/rex/proto/http/server.rb

@@ -342,7 +342,7 @@ protected
 			# If we found the resource handler for this resource, call its
 			# procedure.
 			if (p[1] == true)
-				Thread.new {
+				Rex::ThreadFactory.spawn("HTTPServerRequestHandler", false) {
 					handler.on_request(cli, request)
 				}
 			else

data/lib/rex/proto/proxy/socks4a.rb

@@ -165,7 +165,7 @@ class Socks4a
 				@relay_client = relay_client
 				@relay_sock   = relay_sock
 				# start the relay thread (modified from Rex::IO::StreamAbstraction)
-				@relay_thread = ::Thread.new do
+				@relay_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServerRelay", false) do
 					loop do
 						closed = false
 						buf    = nil
@@ -234,7 +234,7 @@ class Socks4a
 		#
 		def start
 			# create a thread to handle this client request so as to not block the socks4a server
-			@client_thread = ::Thread.new do
+			@client_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyClient", false) do
 				begin
 					@server.add_client( self )
 					# get the initial client request packet
@@ -378,7 +378,7 @@ class Socks4a
 				# signal we are now running
 				@running = true
 				# start the servers main thread to pick up new clients
-				@server_thread = ::Thread.new do
+				@server_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServer", false) do
 					while( @running ) do
 						begin
 							# accept the client connection
@@ -437,4 +437,4 @@ class Socks4a
 	
 end
 
-end; end; end
+end; end; end