librex 0.0.65 → 0.0.66

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -18,7 +19,7 @@ class Console::CommandDispatcher::Priv
 
 	Klass = Console::CommandDispatcher::Priv
 
-	Dispatchers = 
+	Dispatchers =
 		[
 			Klass::Elevate,
 			Klass::Passwd,
@@ -58,4 +59,4 @@ end
 end
 end
 end
-end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -15,7 +16,7 @@ class Console::CommandDispatcher::Priv::Elevate
 	Klass = Console::CommandDispatcher::Priv::Elevate
 
 	include Console::CommandDispatcher
-	
+
 	ELEVATE_TECHNIQUE_NONE					= -1
 	ELEVATE_TECHNIQUE_ANY					= 0
 	ELEVATE_TECHNIQUE_SERVICE_NAMEDPIPE		= 1
@@ -23,7 +24,7 @@ class Console::CommandDispatcher::Priv::Elevate
 	ELEVATE_TECHNIQUE_SERVICE_TOKENDUP		= 3
 	ELEVATE_TECHNIQUE_VULN_KITRAP0D			= 4
 
-	ELEVATE_TECHNIQUE_DESCRIPTION = [ 	"All techniques available", 
+	ELEVATE_TECHNIQUE_DESCRIPTION = [ 	"All techniques available",
 										"Service - Named Pipe Impersonation (In Memory/Admin)",
 										"Service - Named Pipe Impersonation (Dropper/Admin)",
 										"Service - Token Duplication (In Memory/Admin)",
@@ -44,23 +45,23 @@ class Console::CommandDispatcher::Priv::Elevate
 	def name
 		"Priv: Elevate"
 	end
-	
+
 
 	#
 	# Attempt to elevate the meterpreter to that of local system.
 	#
 	def cmd_getsystem( *args )
-	
+
 		technique = ELEVATE_TECHNIQUE_ANY
-		
+
 		desc = ""
 		ELEVATE_TECHNIQUE_DESCRIPTION.each_index { |i| desc += "\n\t\t#{i} : #{ELEVATE_TECHNIQUE_DESCRIPTION[i]}" }
-		
+
 		getsystem_opts = Rex::Parser::Arguments.new(
 			"-h" => [ false, "Help Banner." ],
 			"-t" => [ true, "The technique to use. (Default to \'#{technique}\')." + desc ]
 		)
-		
+
 		getsystem_opts.parse(args) { | opt, idx, val |
 			case opt
 				when "-h"
@@ -77,16 +78,16 @@ class Console::CommandDispatcher::Priv::Elevate
 			print_error( "Technique '#{technique}' is out of range." );
 			return false;
 		end
-			
+
 		result = client.priv.getsystem( technique )
-		
+
 		# got system?
 		if result[0]
 			print_line( "...got system (via technique #{result[1]})." );
 		else
 			print_line( "...failed to get system." );
 		end
-		
+
 		return result
 	end
 
@@ -95,4 +96,4 @@ end
 end
 end
 end
-end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -48,4 +49,4 @@ end
 end
 end
 end
-end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -104,7 +105,7 @@ class Console::CommandDispatcher::Priv::Timestomp
 		# If any one of the four times were specified, change them.
 		if (modified or accessed or creation or emodified)
 			print_status("Setting specific MACE attributes on #{file_path}")
-			client.priv.fs.set_file_mace(file_path, modified, accessed, 
+			client.priv.fs.set_file_mace(file_path, modified, accessed,
 				creation, emodified)
 		end
 	end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -33,28 +34,29 @@ class Console::CommandDispatcher::Sniffer
 			"sniffer_stop"  => "Stop packet capture on a specific interface",
 			"sniffer_stats" => "View statistics of an active capture",
 			"sniffer_dump"  => "Retrieve captured packet data to PCAP file",
+			"sniffer_release" => "Free captured packets on a specific interface instead of downloading them",
 		}
 	end
 
 
 	def cmd_sniffer_interfaces(*args)
-		
+
 		ifaces = client.sniffer.interfaces()
 
 		print_line()
 
 		ifaces.each do |i|
-			print_line(sprintf("%d - '%s' ( type:%d mtu:%d usable:%s dhcp:%s wifi:%s )", 
+			print_line(sprintf("%d - '%s' ( type:%d mtu:%d usable:%s dhcp:%s wifi:%s )",
 				i['idx'], i['description'],
 				i['type'], i['mtu'], i['usable'], i['dhcp'], i['wireless'])
 			)
 		end
-		
+
 		print_line()
 
 		return true
 	end
-	
+
 	def cmd_sniffer_start(*args)
 		intf = args.shift.to_i
 		if (intf == 0)
@@ -63,87 +65,102 @@ class Console::CommandDispatcher::Sniffer
 		end
 		maxp = (args.shift || 50000).to_i
 		bpf  = args.join(" ")
-		
+
 		client.sniffer.capture_start(intf, maxp, bpf)
 		print_status("Capture started on interface #{intf} (#{maxp} packet buffer)")
 		return true
 	end
-	
+
 	def cmd_sniffer_stop(*args)
-	   intf = args[0].to_i
+		intf = args[0].to_i
 		if (intf == 0)
 			print_error("Usage: sniffer_stop [interface-id]")
 			return
 		end
-		
-		client.sniffer.capture_stop(intf)
+
+		res = client.sniffer.capture_stop(intf)
 		print_status("Capture stopped on interface #{intf}")
+		print_status("There are #{res[:packets]} packets (#{res[:bytes]} bytes) remaining")
+		print_status("Download or release them using 'sniffer_dump' or 'sniffer_release'")
 		return true
 	end
-	
+
 	def cmd_sniffer_stats(*args)
-	   intf = args[0].to_i
+		intf = args[0].to_i
 		if (intf == 0)
 			print_error("Usage: sniffer_stats [interface-id]")
 			return
 		end
-		
+
 		stats = client.sniffer.capture_stats(intf)
 		print_status("Capture statistics for interface #{intf}")
 		stats.each_key do |k|
 			print_line("\t#{k}: #{stats[k]}")
 		end
-		
-		return true		
+
+		return true
+	end
+
+	def cmd_sniffer_release(*args)
+		intf = args[0].to_i
+		if (intf == 0)
+			print_error("Usage: sniffer_release [interface-id]")
+			return
+		end
+
+		res = client.sniffer.capture_release(intf)
+		print_status("Flushed #{res[:packets]} packets (#{res[:bytes]} bytes) from interface #{intf}")
+
+		return true
 	end
-	
+
 	def cmd_sniffer_dump(*args)
-	   intf = args[0].to_i
+		intf = args[0].to_i
 		if (intf == 0 or not args[1])
 			print_error("Usage: sniffer_dump [interface-id] [pcap-file]")
 			return
 		end
-		
+
 		path_cap = args[1]
 		path_raw = args[1] + '.raw'
-		
+
 		fd = ::File.new(path_raw, 'wb+')
-		
+
 		print_status("Flushing packet capture buffer for interface #{intf}...")
 		res = client.sniffer.capture_dump(intf)
 		print_status("Flushed #{res[:packets]} packets (#{res[:bytes]} bytes)")
-		
+
 		bytes_all = res[:bytes] || 0
 		bytes_got = 0
 		bytes_pct = 0
-
+		linktype = res[:linktype]
 		while (bytes_all > 0)
 			res = client.sniffer.capture_dump_read(intf,1024*512)
-			
+
 			bytes_got += res[:bytes]
 
 			pct = ((bytes_got.to_f / bytes_all.to_f) * 100).to_i
 			if(pct > bytes_pct)
 				print_status("Downloaded #{"%.3d" % pct}% (#{bytes_got}/#{bytes_all})...")
 				bytes_pct = pct
-			end		
+			end
 			break if res[:bytes] == 0
 			fd.write(res[:data])
 		end
-		
+
 		fd.close
-		
+
 		print_status("Download completed, converting to PCAP...")
-		
+
 		fd = nil
 		if(::File.exist?(path_cap))
 			fd = ::File.new(path_cap, 'ab+')
 		else
 			fd = ::File.new(path_cap, 'wb+')
-			fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, 1].pack('NnnNNNN'))
-		end	
+			fd.write([0xa1b2c3d4, 2, 4, 0, 0, 65536, linktype].pack('NnnNNNN'))
+		end
 
-		pkts = {}		
+		pkts = {}
 		od = ::File.new(path_raw, 'rb')
 
 
@@ -151,27 +168,27 @@ class Console::CommandDispatcher::Sniffer
 		while(true)
 			buf = od.read(20)
 			break if not buf
-		
+
 			idh,idl,thi,tlo,len = buf.unpack('N5')
 			break if not len
-			if(len > 10000) 
+			if(len > 10000)
 				print_error("Corrupted packet data (length:#{len})")
 				break
 			end
-			
+
 			pkt_id = (idh << 32) +idl
 			pkt_ts = Rex::Proto::SMB::Utils.time_smb_to_unix(thi,tlo)
 			pkt    = od.read(len)
-			
+
 			fd.write([pkt_ts,0,len,len].pack('NNNN')+pkt)
 		end
 		od.close
 		fd.close
-		
+
 		::File.unlink(path_raw)
 		print_status("PCAP file written to #{path_cap}")
-	end	
-	
+	end
+
 	#
 	# Name for this dispatcher
 	# sni

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'rex/post/meterpreter'
 
 module Rex
@@ -20,7 +21,7 @@ class Console::CommandDispatcher::Stdapi
 
 	Klass = Console::CommandDispatcher::Stdapi
 
-	Dispatchers = 
+	Dispatchers =
 		[
 			Klass::Fs,
 			Klass::Net,
@@ -62,4 +63,4 @@ end
 end
 end
 end
-end
+end

data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb

@@ -1,3 +1,4 @@
+# -*- coding: binary -*-
 require 'tempfile'
 require 'rex/post/meterpreter'
 
@@ -34,24 +35,56 @@ class Console::CommandDispatcher::Stdapi::Fs
 	# List of supported commands.
 	#
 	def commands
-		{
+		all = {
 			"cat"      => "Read the contents of a file to the screen",
 			"cd"       => "Change directory",
+			"del"      => "Delete the specified file",
 			"download" => "Download a file or directory",
 			"edit"     => "Edit a file",
+			"getlwd"   => "Print local working directory",
 			"getwd"    => "Print working directory",
+			"lcd"      => "Change local working directory",
+			"lpwd"     => "Print local working directory",
 			"ls"       => "List files",
 			"mkdir"    => "Make directory",
 			"pwd"      => "Print working directory",
+			"rm"       => "Delete the specified file",
 			"rmdir"    => "Remove directory",
+			"search"   => "Search for files",
 			"upload"   => "Upload a file or directory",
-			"lcd"      => "Change local working directory",
-			"getlwd"   => "Print local working directory",
-			"lpwd"     => "Print local working directory",
-			"rm"       => "Delete the specified file",
-			"del"      => "Delete the specified file",
-			"search"   => "Search for files"
 		}
+
+		reqs = {
+			"cat"      => [ ],
+			"cd"       => [ "stdapi_fs_chdir" ],
+			"del"      => [ "stdapi_fs_rm" ],
+			"download" => [ ],
+			"edit"     => [ ],
+			"getlwd"   => [ ],
+			"getwd"    => [ "stdapi_fs_getwd" ],
+			"lcd"      => [ ],
+			"lpwd"     => [ ],
+			"ls"       => [ "stdapi_fs_stat", "stdapi_fs_ls" ],
+			"mkdir"    => [ "stdapi_fs_mkdir" ],
+			"pwd"      => [ "stdapi_fs_getwd" ],
+			"rmdir"    => [ "stdapi_fs_delete_dir" ],
+			"rm"       => [ "stdapi_fs_delete_file" ],
+			"search"   => [ "stdapi_fs_search" ],
+			"upload"   => [ ],
+		}
+
+		all.delete_if do |cmd, desc|
+			del = false
+			reqs[cmd].each do |req|
+				next if client.commands.include? req
+				del = true
+				break
+			end
+
+			del
+		end
+
+		all
 	end
 
 	#
@@ -65,18 +98,18 @@ class Console::CommandDispatcher::Stdapi::Fs
 	# Search for files.
 	#
 	def cmd_search( *args )
-	
+
 		root    = nil
 		glob    = nil
 		recurse = true
-		
+
 		opts = Rex::Parser::Arguments.new(
 			"-h" => [ false, "Help Banner." ],
 			"-d" => [ true,  "The directory/drive to begin searching from. Leave empty to search all drives. (Default: #{root})" ],
 			"-f" => [ true,  "The file pattern glob to search for. (e.g. *secret*.doc?)" ],
 			"-r" => [ true,  "Recursivly search sub directories. (Default: #{recurse})" ]
 		)
-		
+
 		opts.parse(args) { | opt, idx, val |
 			case opt
 				when "-h"
@@ -92,14 +125,14 @@ class Console::CommandDispatcher::Stdapi::Fs
 					recurse = false if( val =~ /^(f|n|0)/i )
 			end
 		}
-		
+
 		if( not glob )
 			print_error( "You must specify a valid file glob to search for, e.g. >search -f *.doc" )
 			return
 		end
-		
+
 		files = client.fs.file.search( root, glob, recurse )
-		
+
 		if( not files.empty? )
 			print_line( "Found #{files.length} result#{ files.length > 1 ? 's' : '' }..." )
 			files.each do | file |
@@ -112,9 +145,9 @@ class Console::CommandDispatcher::Stdapi::Fs
 		else
 			print_line( "No files matching your search were found." )
 		end
-		
+
 	end
-	
+
 	#
 	# Reads the contents of a file and prints them to the screen.
 	#
@@ -124,13 +157,17 @@ class Console::CommandDispatcher::Stdapi::Fs
 			return true
 		end
 
-		fd = client.fs.file.new(args[0], "rb")
+		if (client.fs.file.stat(args[0]).directory?)
+			print_error("#{args[0]} is a directory")
+		else
+			fd = client.fs.file.new(args[0], "rb")
 
-		until fd.eof?
-			print(fd.read)
-		end
+			until fd.eof?
+				print(fd.read)
+			end
 
-		fd.close
+			fd.close
+		end
 
 		true
 	end
@@ -165,7 +202,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 
 		return true
 	end
-	
+
 	#
 	# Delete the specified file.
 	#
@@ -179,7 +216,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 
 		return true
 	end
-	
+
 	alias :cmd_del :cmd_rm
 
 	def cmd_download_help
@@ -188,7 +225,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 		print_line "Downloads remote files and directories to the local machine."
 		print_line @@download_opts.usage
 	end
-	
+
 	#
 	# Downloads a file or directory from the remote machine to the local
 	# machine.
@@ -246,7 +283,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 				}
 			end
 		}
-		
+
 		return true
 	end
 
@@ -307,6 +344,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 		path = args[0] || client.fs.dir.getwd
 		tbl  = Rex::Ui::Text::Table.new(
 			'Header'  => "Listing: #{path}",
+			'SortIndex' => 4,
 			'Columns' =>
 				[
 					'Mode',
@@ -317,26 +355,31 @@ class Console::CommandDispatcher::Stdapi::Fs
 				])
 
 		items = 0
-
-		# Enumerate each item...
-		client.fs.dir.entries_with_info(path).sort { |a,b| a['FileName'] <=> b['FileName'] }.each { |p|
-
-			tbl <<
-				[
-					p['StatBuf'] ? p['StatBuf'].prettymode : '',
-					p['StatBuf'] ? p['StatBuf'].size       : '',
-					p['StatBuf'] ? p['StatBuf'].ftype[0,3] : '',
-					p['StatBuf'] ? p['StatBuf'].mtime      : '',
-					p['FileName'] || 'unknown'
-				]
-
-			items += 1
-		}
-
-		if (items > 0)
-			print("\n" + tbl.to_s + "\n")
+		stat = client.fs.file.stat(path)
+		if stat.directory?
+			# Enumerate each item...
+			# No need to sort as Table will do it for us
+			client.fs.dir.entries_with_info(path).each { |p|
+
+				tbl <<
+					[
+						p['StatBuf'] ? p['StatBuf'].prettymode : '',
+						p['StatBuf'] ? p['StatBuf'].size       : '',
+						p['StatBuf'] ? p['StatBuf'].ftype[0,3] : '',
+						p['StatBuf'] ? p['StatBuf'].mtime      : '',
+						p['FileName'] || 'unknown'
+					]
+
+				items += 1
+			}
+
+			if (items > 0)
+				print("\n" + tbl.to_s + "\n")
+			else
+				print_line("No entries exist in #{path}")
+			end
 		else
-			print_line("No entries exist in #{path}")
+			print_line("#{stat.prettymode}  #{stat.size}  #{stat.ftype[0,3]}  #{stat.mtime}  #{path}")
 		end
 
 		return true
@@ -444,7 +487,7 @@ class Console::CommandDispatcher::Stdapi::Fs
 				}
 			end
 		}
-		
+
 		return true
 	end