RubyGems - librex - Versions diffs - 0.0.53 → 0.0.54 - Mend

librex 0.0.53 → 0.0.54

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

data/README.markdown +1 -1
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +22 -1
data/lib/rex/socket.rb +57 -0
data/lib/rex/socket/range_walker.rb +2 -3
data/lib/rex/text.rb +2 -2
metadata +3 -3

data/README.markdown CHANGED

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 Currently based on:
-SVN Revision: 13810
+SVN Revision: 13882
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb CHANGED

@@ -7,9 +7,30 @@ module Railgun
 module Def
 class Def_advapi32
+	CREDENTIAL = [
+		[:Flags, :DWORD],
+		[:Type, :DWORD],
+		[:TargetName, :LPTSTR],
+		[:Comment, :LPTSTR],
+		[:LastWritten, :FILETIME],
+		[:CredentialBlobSize, :DWORD],
+		[:CredentialBlob, :LPBYTE],
+		[:Persist, :DWORD],
+		[:AttributeCount, :LPTSTR],
+		[:Attributes, :PCREDENTIAL_ATTRIBUTE],
+		[:TargetAlias, :LPTSTR],
+		[:UserName, :LPTSTR]
+	]
 	def self.create_dll(dll_path = 'advapi32')
 		dll = DLL.new(dll_path, ApiConstants.manager)
+		dll.add_function('CredEnumerateA', 'BOOL', [
+				['PCHAR', 'Filter', 'in'],
+				['DWORD', 'Flags', 'in'],
+				['PDWORD', 'Count', 'out'],
+				['PBLOB', 'Credentials', 'out']])
 		#Functions for Windows CryptoAPI
 		dll.add_function( 'CryptAcquireContextW', 'BOOL',[
@@ -181,7 +202,7 @@ class Def_advapi32
 				['LPVOID', 'hHash', 'in'],
 				['DWORD', 'dwParam', 'in'],
 				['PBLOB', 'pbData', 'out'],
-				['PDWORD', 'pdwDataLen', 'out'],
+				['PDWORD', 'pdwDataLen', 'inout'],
 				['DWORD', 'dwFlags', 'in']])
 		dll.add_function( 'CryptHashSessionKey', 'BOOL', [

data/lib/rex/socket.rb CHANGED

@@ -179,6 +179,42 @@ module Socket
 		end
 	end
+	#
+	# Wrapper for Resolv.getaddress that takes special care to see if the
+	# supplied address is already a dotted quad, for instance.  This is
+	# necessary to prevent calls to gethostbyaddr (which occurs on windows).
+	# These calls can be quite slow. This also fixes an issue with the
+	# Resolv.getaddress() call being non-functional on Ruby 1.9.1 (Win32).
+	#
+	def self.getaddresses(addr, accept_ipv6 = true)
+		begin
+			if dotted_ip?(addr)
+				return addr
+			end
+			res = ::Socket.gethostbyname(addr)
+			return nil if not res
+			# Shift the first three elements out
+			rname  = res.shift
+			ralias = res.shift
+			rtype  = res.shift
+			# Reject IPv6 addresses if we don't accept them
+			if not accept_ipv6
+				res.reject!{|nbo| nbo.length != 4}
+			end
+			# Make sure we have at least one name
+			return nil if res.length == 0
+			# Return an array of all addresses
+			res.map{ |addr| self.addr_ntoa(addr) }
+		rescue ::ArgumentError # Win32 bug
+			nil
+		end
+	end
 	#
 	# Wrapper for Socket.gethostbyname which takes into account whether or not
 	# an IP address is supplied.  If it is, then reverse DNS resolution does
@@ -228,6 +264,13 @@ module Socket
 		self.gethostbyname(Rex::Socket.getaddress(host))[3]
 	end
+	#
+	# Resolves a host to raw network-byte order.
+	#
+	def self.resolv_nbo_list(host)
+		Rex::Socket.getaddresses(host).map{|addr| self.gethostbyname(addr)[3] }
+	end
 	#
 	# Resolves a host to a network-byte order ruby integer.
 	#
@@ -235,6 +278,13 @@ module Socket
 		addr_ntoi(resolv_nbo(host))
 	end
+	#
+	# Resolves a host to a list of network-byte order ruby integers.
+	#
+	def self.resolv_nbo_i_list(host)
+		resolv_nbo_list(host).map{|addr| addr_ntoi(addr) }
+	end
 	#
 	# Converts an ASCII IP address to a CIDR mask. Returns
 	# nil if it's not convertable.
@@ -274,6 +324,13 @@ module Socket
 		resolv_nbo_i(addr)
 	end
+	#
+	# Converts a ascii address into a list of addresses
+	#
+	def self.addr_atoi_list(addr)
+		resolv_nbo_i_list(addr)
+	end
 	#
 	# Converts an integer address into ascii
 	#

data/lib/rex/socket/range_walker.rb CHANGED

@@ -82,9 +82,8 @@ class RangeWalker
 			elsif arg =~ /[^-0-9,.*]/
 				# Then it's a domain name and we should send it on to addr_atoi
 				# unmolested to force a DNS lookup.
-				addr = Rex::Socket.addr_atoi(arg)
-				ranges.push [addr, addr]
-			elsif arg =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/
+				Rex::Socket.addr_atoi_list(arg).each { |addr| ranges.push [addr, addr] }
+			elsif arg =~ /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
 				# Then it's in the format of 1.2.3.4-5.6.7.8
 				# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
 				begin

data/lib/rex/text.rb CHANGED

@@ -681,14 +681,14 @@ module Text
 	# Base64 encoder
 	#
 	def self.encode_base64(str, delim='')
-		[str].pack("m").gsub(/\s+/, delim)
+		[str.to_s].pack("m").gsub(/\s+/, delim)
 	end
 	#
 	# Base64 decoder
 	#
 	def self.decode_base64(str)
-		str.unpack("m")[0]
+		str.to_s.unpack("m")[0]
 	end
 	#

metadata CHANGED

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: librex
 version: !ruby/object:Gem::Version
-  version: 0.0.53
+  version: 0.0.54
   prerelease:
 platform: ruby
 authors:
@@ -10,10 +10,10 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2011-10-02 00:00:00.000000000Z
+date: 2011-10-11 00:00:00.000000000Z
 dependencies: []
 description: Rex provides a variety of classes useful for security testing and exploit
-  development. Based on SVN Revision 13810
+  development. Based on SVN Revision 13882
 email:
 - hdm@metasploit.com
 - jacob.hammack@hammackj.com