RubyGems - librex - Versions diffs - 0.0.5 → 0.0.6 - Mend

librex 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (68) hide show

data/README.md +1 -1
data/Rakefile +13 -0
data/lib/rex.rb +4 -1
data/lib/rex/assembly/nasm.rb +4 -0
data/lib/rex/compat.rb +31 -1
data/lib/rex/encoder/alpha2/generic.rb +11 -10
data/lib/rex/exceptions.rb +1 -1
data/lib/rex/exploitation/egghunter.rb +27 -0
data/lib/rex/file.rb +13 -0
data/lib/rex/io/stream.rb +9 -1
data/lib/rex/io/stream_abstraction.rb +18 -7
data/lib/rex/io/stream_server.rb +2 -2
data/lib/rex/job_container.rb +1 -1
data/lib/rex/mime/message.rb +5 -4
data/lib/rex/ole.rb +83 -6
data/lib/rex/ole/propset.rb +144 -0
data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
data/lib/rex/parser/ip360_xml.rb +93 -0
data/lib/rex/parser/nessus_xml.rb +118 -0
data/lib/rex/parser/netsparker_xml.rb +94 -0
data/lib/rex/parser/retina_xml.rb +109 -0
data/lib/rex/post/meterpreter/channel.rb +15 -8
data/lib/rex/post/meterpreter/client.rb +32 -3
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
data/lib/rex/proto/dhcp/server.rb +8 -4
data/lib/rex/proto/http/client.rb +19 -45
data/lib/rex/proto/http/packet.rb +8 -5
data/lib/rex/proto/http/response.rb +8 -3
data/lib/rex/proto/http/server.rb +1 -1
data/lib/rex/proto/proxy/socks4a.rb +4 -4
data/lib/rex/proto/rfb.rb +19 -0
data/lib/rex/proto/rfb.rb.ut.rb +37 -0
data/lib/rex/proto/rfb/cipher.rb +78 -0
data/lib/rex/proto/rfb/client.rb +207 -0
data/lib/rex/proto/rfb/constants.rb +52 -0
data/lib/rex/proto/tftp/server.rb +20 -17
data/lib/rex/services/local_relay.rb +1 -1
data/lib/rex/socket.rb +69 -10
data/lib/rex/socket/comm/local.rb +7 -4
data/lib/rex/socket/range_walker.rb +14 -1
data/lib/rex/text.rb +28 -3
data/lib/rex/text.rb.ut.rb +14 -0
data/lib/rex/thread_factory.rb +42 -0
data/lib/rex/ui/text/input/buffer.rb +1 -1
data/lib/rex/zip/archive.rb +74 -9
data/lib/rex/zip/entry.rb +6 -1
metadata +22 -7

data/lib/rex/services/local_relay.rb CHANGED

@@ -141,7 +141,7 @@ class LocalRelay
 	#
 	def start
 		if (!self.relay_thread)
-			self.relay_thread = Thread.new {
+			self.relay_thread = Rex::ThreadFactory.spawn("LocalRelay", false) {
 				begin
 					monitor_relays
 				rescue ::Exception

data/lib/rex/socket.rb CHANGED

@@ -138,9 +138,31 @@ module Socket
 	# These calls can be quite slow. This also fixes an issue with the
 	# Resolv.getaddress() call being non-functional on Ruby 1.9.1 (Win32).
 	#
-	def self.getaddress(addr)
+	def self.getaddress(addr, accept_ipv6 = true)
 		begin
-			dotted_ip?(addr) ? addr : self.addr_ntoa( ::Socket.gethostbyname(addr)[3] )
+			if dotted_ip?(addr)
+				return addr
+			end
+			res = ::Socket.gethostbyname(addr)
+			return nil if not res
+			# Shift the first three elements out
+			rname  = res.shift
+			ralias = res.shift
+			rtype  = res.shift
+			# Reject IPv6 addresses if we don't accept them
+			if not accept_ipv6
+				res.reject!{|nbo| nbo.length != 4}
+			end
+			# Make sure we have at least one name
+			return nil if res.length == 0
+			# Return the first address of the result
+			self.addr_ntoa( res[0] )
 		rescue ::ArgumentError # Win32 bug
 			nil
 		end
@@ -441,7 +463,14 @@ module Socket
 	#
 	##
-	def self.source_address(dest='50.50.50.50', comm = ::Rex::Socket::Comm::Local)
+	#
+	# This method does NOT send any traffic to the destination, instead, it uses a
+	# "bound" UDP socket to determine what source address we would use to
+	# communicate with the specified destination. The destination defaults to
+	# Google's DNS server to make the standard behavior determine which IP
+	# we would use to communicate with the internet.
+	#
+	def self.source_address(dest='8.8.8.8', comm = ::Rex::Socket::Comm::Local)
 		begin
 			s = self.create_udp(
 				'PeerHost' => dest,
@@ -450,11 +479,32 @@ module Socket
 			)
 			r = s.getsockname[1]
 			s.close
-			return r
+			# Trim off the trailing interface ID for link-local IPv6
+			return r.split('%').first
 		rescue ::Exception
 			return '127.0.0.1'
 		end
 	end
+	#
+	# Identifies the link-local address of a given interface (if IPv6 is enabled)
+	#
+	def self.ipv6_link_address(intf)
+		r = source_address("FF02::1%#{intf}")
+		return if not (r and r =~ /^fe80/i)
+		r
+	end
+	#
+	# Identifies the mac address of a given interface (if IPv6 is enabled)
+	#
+	def self.ipv6_mac(intf)
+		r = ipv6_link_address(intf)
+		return if not r
+		raw = addr_aton(r)[-8, 8]
+		(raw[0,3] + raw[5,3]).unpack("C*").map{|c| "%.2x" % c}.join(":")
+	end
 	#
 	# Create a TCP socket pair.
@@ -463,6 +513,8 @@ module Socket
 	# on Windows where ::Socket.pair is not implemented.
 	# Note: OpenSSL requires native ruby sockets for its io.
 	#
+	# Note: Even though sub-threads are smashing the parent threads local, there
+	#       is no concurrent use of the same locals and this is safe.
 	def self.tcp_socket_pair
 		lsock   = nil
 		rsock   = nil
@@ -471,18 +523,25 @@ module Socket
 		threads = []
 		mutex   = ::Mutex.new
-		threads << ::Thread.new {
+		threads << Rex::ThreadFactory.spawn('TcpSocketPair', false) {
 			server = nil
 			mutex.synchronize {
-				threads << ::Thread.new {
+				threads << Rex::ThreadFactory.spawn('TcpSocketPairClient', false) {
 					mutex.synchronize {
 						rsock = ::TCPSocket.new( laddr, lport )
 					}
 				}
-				server = ::Socket.new( ::Socket::AF_INET, ::Socket::SOCK_STREAM, 0 )
-				server.bind( ::Socket.sockaddr_in( 0, laddr ) )
-				lport, caddr = ::Socket.unpack_sockaddr_in( server.getsockname )
-				server.listen( 1 )
+				server = ::TCPServer.new(laddr, 0)
+				if (server.getsockname =~ /127\.0\.0\.1:/)
+					# JRuby ridiculousness
+					caddr, lport = server.getsockname.split(":")
+					caddr = caddr[1,caddr.length]
+					lport = lport.to_i
+				else
+					# Sane implementations where Socket#getsockname returns a
+					# sockaddr
+					lport, caddr = ::Socket.unpack_sockaddr_in( server.getsockname )
+				end
 			}
 			lsock, saddr = server.accept
 			server.close

data/lib/rex/socket/comm/local.rb CHANGED

@@ -193,7 +193,7 @@ class Rex::Socket::Comm::Local
 				sock.bind(Rex::Socket.to_sockaddr(param.localhost, param.localport))
-			rescue Errno::EADDRINUSE
+			rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
 				sock.close
 				raise Rex::AddressInUse.new(param.localhost, param.localport), caller
 			end
@@ -206,7 +206,7 @@ class Rex::Socket::Comm::Local
 		# If a server TCP instance is being created...
 		if (param.server?)
-			sock.listen(32)
+			sock.listen(128)
 			if (param.bare? == false)
 				klass = Rex::Socket::TcpServer
@@ -242,10 +242,14 @@ class Rex::Socket::Comm::Local
 						raise ::Errno::ETIMEDOUT
 					end
-				rescue ::Errno::EHOSTUNREACH,::Errno::ENETDOWN,::Errno::ENETUNREACH,::Errno::ENETRESET,::Errno::EHOSTDOWN,::Errno::EACCES,::Errno::EINVAL,::Errno::EADDRNOTAVAIL
+				rescue ::Errno::EHOSTUNREACH,::Errno::ENETDOWN,::Errno::ENETUNREACH,::Errno::ENETRESET,::Errno::EHOSTDOWN,::Errno::EACCES,::Errno::EINVAL
 					sock.close
 					raise Rex::HostUnreachable.new(param.peerhost, param.peerport), caller
+				rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
+					sock.close
+					raise Rex::AddressInUse.new(param.peerhost, param.peerport), caller
 				rescue Errno::ETIMEDOUT
 					sock.close
 					raise Rex::ConnectionTimeout.new(param.peerhost, param.peerport), caller
@@ -406,4 +410,3 @@ class Rex::Socket::Comm::Local
 	end
 end

data/lib/rex/socket/range_walker.rb CHANGED

@@ -150,13 +150,26 @@ class RangeWalker
 			addr = Rex::Socket.addr_atoi(addr)
 		end
 		@ranges.map { |r|
-			if r.start <= addr and addr <= r.stop
+			if r[0] <= addr and addr <= r[1]
 				return true
 			end
 		}
 		return false
 	end
+	#
+	# Returns true if this RangeWalker includes all of the addresses in the
+	# given RangeWalker
+	#
+	def include_range?(range_walker)
+		range_walker.ranges.all? do |start, stop|
+			ranges.any? do |self_start, self_stop|
+				r = (self_start..self_stop)
+				r.include?(start) and r.include?(stop)
+			end
+		end
+	end
 	#
 	# Calls the given block with each address
 	#

data/lib/rex/text.rb CHANGED

@@ -760,13 +760,15 @@ module Text
 		# Make sure there's something in sets even if we were given an explicit nil
 		sets ||= [ UpperAlpha, LowerAlpha, Numerals ]
+		# Return stupid uses
+		return "" if length.to_i < 1
+		return sets[0][0] * length if sets.size == 1 and sets[0].size == 1
 		sets.length.times { offsets << 0 }
 		until buf.length >= length
 			begin
 				buf << converge_sets(sets, 0, offsets, length)
-			rescue RuntimeError
-				break
 			end
 		end
@@ -778,6 +780,28 @@ module Text
 		buf[0,length]
 	end
+	# Step through an arbitrary number of sets of bytes to build up a findable pattern.
+	# This is mostly useful for experimentially determining offset lengths into memory
+	# structures. Note that the supplied sets should never contain duplicate bytes, or
+	# else it can become impossible to measure the offset accurately.
+	def self.patt2(len, sets = nil)
+		buf = ""
+		counter = []
+		sets ||= [ UpperAlpha, LowerAlpha, Numerals ]
+		len ||= len.to_i
+		return "" if len.zero?
+		sets = sets.map {|a| a.split(//)}
+		sets.size.times { counter << 0}
+		0.upto(len-1) do |i|
+			setnum = i % sets.size
+			puts counter.inspect
+		end
+		return buf
+	end
 	#
 	# Calculate the offset to a pattern
 	#
@@ -1029,8 +1053,9 @@ protected
 			# If we reached the point where the idx fell below zero, then that
 			# means we've reached the maximum threshold for permutations.
 			if (idx < 0)
-				raise RuntimeError, "Maximum permutations reached"
+				return buf
 			end
 		end
 		buf

data/lib/rex/text.rb.ut.rb CHANGED

@@ -7,6 +7,20 @@ require 'rex/text'
 require 'rex/exceptions'
 class Rex::Text::UnitTest < Test::Unit::TestCase
+	def test_pattern_create
+		set1 = %w{AB ab 12}
+		assert_equal 'Aa1Aa2', Rex::Text.pattern_create(6,set1)
+		set2 = %w{ABC abc 123}
+		assert_equal 'Aa1Aa2Aa3Ab1Ab2Ab3', Rex::Text.pattern_create(18,set2)
+		assert_equal 'Zz8Zz9', Rex::Text.pattern_create(20280)[-6,6] # Bug #2952
+	end
+	def test_pattern_create_silly
+		assert_equal "", Rex::Text.pattern_create(nil)
+		assert_equal "", Rex::Text.pattern_create(0)
+		assert_equal 'AAAAAAAAA', Rex::Text.pattern_create(9,['A'])
+	end
 	def test_uri_encode
 		srand(0)
 		assert_equal('A1%21', Rex::Text.uri_encode('A1!'), 'uri encode')

data/lib/rex/thread_factory.rb ADDED

@@ -0,0 +1,42 @@
+module Rex
+###
+#
+# This class provides a wrapper around Thread.new that can provide
+# additional features if a corresponding thread provider is set.
+#
+###
+class ThreadFactory
+	@@provider = nil
+	def self.provider=(val)
+		@@provider = val
+	end
+	def self.spawn(name, crit, *args, &block)
+		if @@provider
+			if block
+				return @@provider.spawn(name, crit, *args){ |*args_copy| block.call(*args_copy) }
+			else
+				return @@provider.spawn(name, crit, *args)
+			end
+		else
+			t = nil
+			if block
+				t = ::Thread.new(*args){ |*args_copy| block.call(*args_copy) }
+			else
+				t = ::Thread.new(*args)
+			end
+			t[:tm_name] = name
+			t[:tm_crit] = crit
+			t[:tm_time] = Time.now
+			t[:tm_call] = caller
+			return t
+		end
+	end
+end
+end

data/lib/rex/ui/text/input/buffer.rb CHANGED

@@ -72,4 +72,4 @@ end
 end
 end
-end
+end

data/lib/rex/zip/archive.rb CHANGED

@@ -1,5 +1,5 @@
 ##
-# $Id: archive.rb 10073 2010-08-20 07:01:23Z egypt $
+# $Id: archive.rb 11175 2010-11-30 07:10:57Z egypt $
 ##
 module Rex
@@ -86,6 +86,10 @@ class Archive
 		ret
 	end
+	def inspect
+		"#<#{self.class} entries = [#{@entries.map{|e| e.name}.join(",")}]>"
+	end
 end
 class Jar < Archive
@@ -93,17 +97,24 @@ class Jar < Archive
 	def build_manifest(opts={})
 		main_class = opts[:main_class] || nil
-		skip = opts[:skip] || /^$/
+		existing_manifest = nil
-		@manifest = ''
-		@manifest = "Main-Class: #{main_class}\n\n" if main_class
+		@manifest =  "Manifest-Version: 1.0\r\n"
+		@manifest << "Main-Class: #{main_class}\r\n" if main_class
+		@manifest << "\r\n"
 		@entries.each { |e|
-			next if e.name =~ skip
-			@manifest << "Name: #{e.name}\n\n"
+			existing_manifest = e if e.name == "META-INF/MANIFEST.MF"
+			next unless e.name =~ /\.class$/
+			@manifest << "Name: #{e.name}\r\n"
+			#@manifest << "SHA1-Digest: #{Digest::SHA1.base64digest(e.data)}\r\n"
+			@manifest << "\r\n"
 		}
-		add_file("META-INF/", '')
-		add_file("META-INF/MANIFEST.MF", @manifest)
+		if existing_manifest
+			existing_manifest.data = @manifest
+		else
+			add_file("META-INF/", '')
+			add_file("META-INF/MANIFEST.MF", @manifest)
+		end
 	end
 	def to_s
@@ -113,6 +124,60 @@ class Jar < Archive
 	def length
 		pack.length
 	end
+	#
+	# Add multiple files from an array
+	#
+	# +files+ should be structured like so:
+	#   [
+	#     [ "path", "to", "file1" ],
+	#     [ "path", "to", "file2" ]
+	#   ]
+	# and +path+ should be the location on the file system to find the files to
+	# add.  +base_dir+ will be prepended to the path inside the jar.
+	#
+	# Example:
+	# <code>
+	# war = Rex::Zip::Jar.new
+	# war.add_file("WEB-INF/", '')
+	# war.add_file("WEB-INF/", "web.xml", web_xml)
+	# war.add_file("WEB-INF/classes/", '')
+	# files = [
+	#	[ "servlet", "examples", "HelloWorld.class" ],
+	#	[ "Foo.class" ],
+	#	[ "servlet", "Bar.class" ],
+	# ]
+	# war.add_files(files, "./class_files/", "WEB-INF/classes/")
+	# </code>
+	#
+	# The above code would create a jar with the following structure from files
+	# found in ./class_files/ :
+	#
+	# +- WEB-INF/
+	#   +- web.xml
+	#   +- classes/
+	#     +- Foo.class
+	#     +- servlet/
+	#       +- Bar.class
+	#       +- examples/
+	#         +- HelloWorld.class
+	#
+	def add_files(files, path, base_dir="")
+		files.each do |file|
+			# Add all of the subdirectories if they don't already exist
+			1.upto(file.length - 1) do |idx|
+				full = base_dir + file[0,idx].join("/") + "/"
+				if !(entries.map{|e|e.name}.include?(full))
+					add_file(full, '')
+				end
+			end
+			# Now add the actual file, grabbing data from the filesystem
+			fd = File.open(File.join( path, file ), "rb")
+			data = fd.read(fd.stat.size)
+			fd.close
+			add_file(base_dir + file.join("/"), data)
+		end
+	end
 end
 end

data/lib/rex/zip/entry.rb CHANGED

@@ -1,5 +1,5 @@
 ##
-# $Id: entry.rb 10056 2010-08-19 17:04:42Z egypt $
+# $Id: entry.rb 11173 2010-11-30 03:52:46Z egypt $
 ##
 module Rex
@@ -8,6 +8,7 @@ module Zip
 class Entry
 	attr_accessor :name, :flags, :info, :xtra, :comment, :attrs
+	attr_reader :data
 	def initialize(fname, data, compmeth, timestamp=nil, attrs=nil, xtra=nil, comment=nil)
 		@name = fname
@@ -32,6 +33,10 @@ class Entry
 		@compdata ||= ''
 	end
+	def data=(val)
+		@data = val
+		compress
+	end
 	def compress
 		@crc = Zlib.crc32(@data, 0)