librex 0.0.65 → 0.0.66
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +1 -1
- data/lib/rex/arch.rb +1 -0
- data/lib/rex/arch/sparc.rb +16 -15
- data/lib/rex/arch/sparc.rb.ut.rb +2 -1
- data/lib/rex/arch/x86.rb +1 -0
- data/lib/rex/arch/x86.rb.ut.rb +2 -1
- data/lib/rex/assembly/nasm.rb +1 -0
- data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
- data/lib/rex/compat.rb +13 -0
- data/lib/rex/constants.rb +5 -4
- data/lib/rex/elfparsey.rb +3 -2
- data/lib/rex/elfparsey/elf.rb +2 -1
- data/lib/rex/elfparsey/elfbase.rb +8 -7
- data/lib/rex/elfparsey/exceptions.rb +3 -2
- data/lib/rex/elfscan.rb +3 -2
- data/lib/rex/elfscan/scanner.rb +2 -1
- data/lib/rex/elfscan/search.rb +2 -1
- data/lib/rex/encoder/alpha2.rb +2 -1
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
- data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
- data/lib/rex/encoder/alpha2/generic.rb +37 -60
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
- data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
- data/lib/rex/encoder/ndr.rb +1 -0
- data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
- data/lib/rex/encoder/nonalpha.rb +1 -0
- data/lib/rex/encoder/nonupper.rb +1 -0
- data/lib/rex/encoder/xdr.rb +9 -8
- data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
- data/lib/rex/encoder/xor.rb +1 -0
- data/lib/rex/encoder/xor/dword.rb +2 -1
- data/lib/rex/encoder/xor/dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword.rb +1 -0
- data/lib/rex/encoders/xor_dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor.rb +2 -1
- data/lib/rex/encoding/xor.rb.ts.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword_additive.rb +1 -0
- data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/exceptions.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/qword.rb +2 -1
- data/lib/rex/encoding/xor/word.rb +2 -1
- data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
- data/lib/rex/exceptions.rb +1 -0
- data/lib/rex/exceptions.rb.ut.rb +2 -1
- data/lib/rex/exploitation/cmdstager.rb +2 -1
- data/lib/rex/exploitation/cmdstager/base.rb +1 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
- data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
- data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
- data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
- data/lib/rex/exploitation/egghunter.rb +12 -11
- data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
- data/lib/rex/exploitation/encryptjs.rb +1 -0
- data/lib/rex/exploitation/heaplib.rb +1 -0
- data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
- data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
- data/lib/rex/exploitation/jsobfu.rb +2 -1
- data/lib/rex/exploitation/obfuscatejs.rb +1 -0
- data/lib/rex/exploitation/omelet.rb +1 -0
- data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
- data/lib/rex/exploitation/opcodedb.rb +12 -11
- data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
- data/lib/rex/exploitation/seh.rb +3 -2
- data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
- data/lib/rex/file.rb +4 -3
- data/lib/rex/file.rb.ut.rb +2 -1
- data/lib/rex/image_source.rb +3 -2
- data/lib/rex/image_source/disk.rb +3 -2
- data/lib/rex/image_source/image_source.rb +3 -2
- data/lib/rex/image_source/memory.rb +3 -2
- data/lib/rex/io/bidirectional_pipe.rb +1 -0
- data/lib/rex/io/datagram_abstraction.rb +2 -1
- data/lib/rex/io/ring_buffer.rb +49 -44
- data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
- data/lib/rex/io/stream.rb +1 -0
- data/lib/rex/io/stream_abstraction.rb +1 -0
- data/lib/rex/io/stream_server.rb +1 -0
- data/lib/rex/job_container.rb +1 -0
- data/lib/rex/logging.rb +2 -1
- data/lib/rex/logging/log_dispatcher.rb +5 -4
- data/lib/rex/logging/log_sink.rb +2 -1
- data/lib/rex/logging/sinks/flatfile.rb +4 -3
- data/lib/rex/logging/sinks/stderr.rb +2 -1
- data/lib/rex/machparsey.rb +2 -1
- data/lib/rex/machparsey/exceptions.rb +2 -1
- data/lib/rex/machparsey/mach.rb +20 -19
- data/lib/rex/machparsey/machbase.rb +27 -26
- data/lib/rex/machscan.rb +2 -1
- data/lib/rex/machscan/scanner.rb +1 -0
- data/lib/rex/mime.rb +2 -1
- data/lib/rex/mime/header.rb +1 -0
- data/lib/rex/mime/message.rb +4 -1
- data/lib/rex/mime/part.rb +2 -1
- data/lib/rex/nop/opty2.rb +2 -1
- data/lib/rex/nop/opty2.rb.ut.rb +2 -1
- data/lib/rex/nop/opty2_tables.rb +1 -0
- data/lib/rex/ole.rb +3 -2
- data/lib/rex/ole/clsid.rb +3 -2
- data/lib/rex/ole/difat.rb +3 -2
- data/lib/rex/ole/directory.rb +3 -2
- data/lib/rex/ole/direntry.rb +3 -2
- data/lib/rex/ole/fat.rb +3 -2
- data/lib/rex/ole/header.rb +3 -2
- data/lib/rex/ole/minifat.rb +3 -2
- data/lib/rex/ole/propset.rb +4 -3
- data/lib/rex/ole/samples/create_ole.rb +1 -0
- data/lib/rex/ole/samples/dir.rb +1 -0
- data/lib/rex/ole/samples/dump_stream.rb +1 -0
- data/lib/rex/ole/samples/ole_info.rb +1 -0
- data/lib/rex/ole/storage.rb +3 -2
- data/lib/rex/ole/stream.rb +3 -2
- data/lib/rex/ole/substorage.rb +3 -2
- data/lib/rex/ole/util.rb +3 -2
- data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
- data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
- data/lib/rex/parser/appscan_nokogiri.rb +17 -16
- data/lib/rex/parser/arguments.rb +2 -1
- data/lib/rex/parser/arguments.rb.ut.rb +2 -1
- data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
- data/lib/rex/parser/ci_nokogiri.rb +4 -3
- data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/ini.rb +1 -0
- data/lib/rex/parser/ini.rb.ut.rb +2 -1
- data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
- data/lib/rex/parser/ip360_xml.rb +4 -3
- data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
- data/lib/rex/parser/nessus_xml.rb +3 -2
- data/lib/rex/parser/netsparker_xml.rb +10 -9
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
- data/lib/rex/parser/nexpose_xml.rb +1 -0
- data/lib/rex/parser/nmap_nokogiri.rb +63 -33
- data/lib/rex/parser/nmap_xml.rb +1 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/retina_xml.rb +1 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -1
- data/lib/rex/payloads/win32.rb +2 -1
- data/lib/rex/payloads/win32/common.rb +2 -1
- data/lib/rex/payloads/win32/kernel.rb +2 -1
- data/lib/rex/payloads/win32/kernel/common.rb +4 -3
- data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
- data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
- data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
- data/lib/rex/peparsey.rb +3 -2
- data/lib/rex/peparsey/exceptions.rb +2 -1
- data/lib/rex/peparsey/pe.rb +3 -2
- data/lib/rex/peparsey/pe_memdump.rb +2 -1
- data/lib/rex/peparsey/pebase.rb +2 -1
- data/lib/rex/peparsey/section.rb +2 -1
- data/lib/rex/pescan.rb +3 -2
- data/lib/rex/pescan/analyze.rb +1 -0
- data/lib/rex/pescan/scanner.rb +1 -0
- data/lib/rex/pescan/search.rb +1 -0
- data/lib/rex/platforms.rb +2 -1
- data/lib/rex/platforms/windows.rb +2 -1
- data/lib/rex/poly.rb +2 -1
- data/lib/rex/poly/block.rb +16 -15
- data/lib/rex/poly/register.rb +2 -1
- data/lib/rex/poly/register/x86.rb +2 -1
- data/lib/rex/post.rb +2 -2
- data/lib/rex/post/dir.rb +2 -1
- data/lib/rex/post/file.rb +1 -0
- data/lib/rex/post/file_stat.rb +1 -0
- data/lib/rex/post/io.rb +2 -1
- data/lib/rex/post/meterpreter.rb +2 -1
- data/lib/rex/post/meterpreter/channel.rb +1 -0
- data/lib/rex/post/meterpreter/channel_container.rb +2 -1
- data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
- data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
- data/lib/rex/post/meterpreter/client.rb +23 -1
- data/lib/rex/post/meterpreter/client_core.rb +10 -5
- data/lib/rex/post/meterpreter/dependencies.rb +2 -1
- data/lib/rex/post/meterpreter/extension.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
- data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
- data/lib/rex/post/meterpreter/packet.rb +26 -6
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
- data/lib/rex/post/permission.rb +2 -1
- data/lib/rex/post/process.rb +2 -1
- data/lib/rex/post/thread.rb +2 -1
- data/lib/rex/post/ui.rb +2 -1
- data/lib/rex/proto.rb +1 -0
- data/lib/rex/proto.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc.rb +2 -1
- data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc/client.rb +1 -0
- data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
- data/lib/rex/proto/dcerpc/handle.rb +1 -0
- data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/packet.rb +52 -45
- data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
- data/lib/rex/proto/dcerpc/response.rb +1 -0
- data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/uuid.rb +13 -12
- data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
- data/lib/rex/proto/dhcp.rb +2 -1
- data/lib/rex/proto/dhcp/constants.rb +2 -1
- data/lib/rex/proto/dhcp/server.rb +4 -3
- data/lib/rex/proto/drda.rb +1 -0
- data/lib/rex/proto/drda.rb.ts.rb +1 -0
- data/lib/rex/proto/drda/constants.rb +1 -0
- data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
- data/lib/rex/proto/drda/packet.rb +11 -10
- data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
- data/lib/rex/proto/drda/utils.rb +4 -3
- data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
- data/lib/rex/proto/http.rb +2 -1
- data/lib/rex/proto/http.rb.ts.rb +2 -1
- data/lib/rex/proto/http/client.rb +29 -5
- data/lib/rex/proto/http/client.rb.ut.rb +1 -0
- data/lib/rex/proto/http/handler.rb +2 -1
- data/lib/rex/proto/http/handler/erb.rb +5 -4
- data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
- data/lib/rex/proto/http/handler/proc.rb +1 -0
- data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
- data/lib/rex/proto/http/header.rb +3 -3
- data/lib/rex/proto/http/header.rb.ut.rb +2 -1
- data/lib/rex/proto/http/packet.rb +1 -0
- data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
- data/lib/rex/proto/http/request.rb +23 -22
- data/lib/rex/proto/http/request.rb.ut.rb +2 -1
- data/lib/rex/proto/http/response.rb +6 -5
- data/lib/rex/proto/http/response.rb.ut.rb +7 -6
- data/lib/rex/proto/http/server.rb +1 -0
- data/lib/rex/proto/http/server.rb.ut.rb +6 -5
- data/lib/rex/proto/iax2.rb +1 -0
- data/lib/rex/proto/iax2/call.rb +48 -47
- data/lib/rex/proto/iax2/client.rb +23 -22
- data/lib/rex/proto/iax2/codecs.rb +1 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
- data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
- data/lib/rex/proto/iax2/constants.rb +1 -0
- data/lib/rex/proto/natpmp.rb +11 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +1 -0
- data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
- data/lib/rex/proto/ntlm/base.rb +38 -37
- data/lib/rex/proto/ntlm/constants.rb +1 -0
- data/lib/rex/proto/ntlm/crypt.rb +45 -44
- data/lib/rex/proto/ntlm/exceptions.rb +1 -0
- data/lib/rex/proto/ntlm/message.rb +30 -29
- data/lib/rex/proto/ntlm/utils.rb +116 -115
- data/lib/rex/proto/proxy/socks4a.rb +1 -0
- data/lib/rex/proto/rfb.rb +1 -0
- data/lib/rex/proto/rfb.rb.ut.rb +1 -0
- data/lib/rex/proto/rfb/cipher.rb +1 -0
- data/lib/rex/proto/rfb/client.rb +1 -0
- data/lib/rex/proto/rfb/constants.rb +1 -0
- data/lib/rex/proto/smb.rb +2 -1
- data/lib/rex/proto/smb.rb.ts.rb +2 -1
- data/lib/rex/proto/smb/client.rb +23 -22
- data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/constants.rb +1 -0
- data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
- data/lib/rex/proto/smb/crypt.rb +3 -2
- data/lib/rex/proto/smb/evasions.rb +1 -0
- data/lib/rex/proto/smb/exceptions.rb +6 -5
- data/lib/rex/proto/smb/simpleclient.rb +1 -0
- data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/utils.rb +1 -0
- data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
- data/lib/rex/proto/sunrpc.rb +1 -0
- data/lib/rex/proto/sunrpc/client.rb +1 -0
- data/lib/rex/proto/tftp.rb +3 -1
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +2 -1
- data/lib/rex/proto/tftp/server.rb +2 -1
- data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +2 -1
- data/lib/rex/ropbuilder/rop.rb +3 -2
- data/lib/rex/script.rb +1 -0
- data/lib/rex/script/base.rb +1 -0
- data/lib/rex/script/meterpreter.rb +1 -0
- data/lib/rex/script/shell.rb +1 -0
- data/lib/rex/service.rb +2 -1
- data/lib/rex/service_manager.rb +6 -5
- data/lib/rex/service_manager.rb.ut.rb +2 -1
- data/lib/rex/services/local_relay.rb +1 -0
- data/lib/rex/socket.rb +72 -36
- data/lib/rex/socket.rb.ut.rb +1 -0
- data/lib/rex/socket/comm.rb +1 -0
- data/lib/rex/socket/comm/local.rb +60 -13
- data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
- data/lib/rex/socket/ip.rb +1 -0
- data/lib/rex/socket/parameters.rb +15 -14
- data/lib/rex/socket/parameters.rb.ut.rb +2 -1
- data/lib/rex/socket/range_walker.rb +71 -26
- data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp.rb +1 -0
- data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp_server.rb +1 -0
- data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/switch_board.rb +1 -0
- data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp.rb +4 -3
- data/lib/rex/socket/tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp_server.rb +1 -0
- data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
- data/lib/rex/socket/udp.rb +2 -1
- data/lib/rex/socket/udp.rb.ut.rb +2 -1
- data/lib/rex/struct2.rb +2 -1
- data/lib/rex/struct2/c_struct.rb +2 -1
- data/lib/rex/struct2/c_struct_template.rb +2 -1
- data/lib/rex/struct2/constant.rb +2 -1
- data/lib/rex/struct2/element.rb +2 -1
- data/lib/rex/struct2/generic.rb +1 -0
- data/lib/rex/struct2/restraint.rb +2 -1
- data/lib/rex/struct2/s_string.rb +1 -0
- data/lib/rex/struct2/s_struct.rb +1 -0
- data/lib/rex/sync.rb +2 -1
- data/lib/rex/sync/event.rb +1 -0
- data/lib/rex/sync/read_write_lock.rb +1 -0
- data/lib/rex/sync/ref.rb +2 -1
- data/lib/rex/sync/thread_safe.rb +2 -1
- data/lib/rex/test.rb +2 -1
- data/lib/rex/text.rb +136 -19
- data/lib/rex/text.rb.ut.rb +1 -0
- data/lib/rex/thread_factory.rb +5 -4
- data/lib/rex/time.rb +2 -1
- data/lib/rex/transformer.rb +1 -0
- data/lib/rex/transformer.rb.ut.rb +2 -1
- data/lib/rex/ui.rb +2 -1
- data/lib/rex/ui/interactive.rb +10 -9
- data/lib/rex/ui/output.rb +1 -0
- data/lib/rex/ui/output/none.rb +2 -1
- data/lib/rex/ui/progress_tracker.rb +2 -1
- data/lib/rex/ui/subscriber.rb +9 -8
- data/lib/rex/ui/text/color.rb +1 -0
- data/lib/rex/ui/text/color.rb.ut.rb +1 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
- data/lib/rex/ui/text/input.rb +1 -0
- data/lib/rex/ui/text/input/buffer.rb +7 -6
- data/lib/rex/ui/text/input/readline.rb +14 -13
- data/lib/rex/ui/text/input/socket.rb +1 -0
- data/lib/rex/ui/text/input/stdio.rb +2 -1
- data/lib/rex/ui/text/irb_shell.rb +1 -0
- data/lib/rex/ui/text/output.rb +1 -0
- data/lib/rex/ui/text/output/buffer.rb +1 -0
- data/lib/rex/ui/text/output/file.rb +1 -0
- data/lib/rex/ui/text/output/socket.rb +1 -0
- data/lib/rex/ui/text/output/stdio.rb +1 -0
- data/lib/rex/ui/text/output/tee.rb +1 -0
- data/lib/rex/ui/text/progress_tracker.rb +2 -1
- data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
- data/lib/rex/ui/text/shell.rb +1 -0
- data/lib/rex/ui/text/table.rb +20 -14
- data/lib/rex/ui/text/table.rb.ut.rb +3 -2
- data/lib/rex/zip.rb +1 -0
- data/lib/rex/zip/archive.rb +2 -1
- data/lib/rex/zip/blocks.rb +3 -2
- data/lib/rex/zip/entry.rb +6 -7
- data/lib/rex/zip/jar.rb +4 -3
- data/lib/rex/zip/samples/comment.rb +1 -0
- data/lib/rex/zip/samples/mkwar.rb +1 -0
- data/lib/rex/zip/samples/mkzip.rb +1 -0
- data/lib/rex/zip/samples/recursive.rb +1 -0
- metadata +433 -435
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/post/meterpreter'
|
2
3
|
require 'rex/service_manager'
|
3
4
|
|
@@ -54,11 +55,39 @@ class Console::CommandDispatcher::Stdapi::Net
|
|
54
55
|
# List of supported commands.
|
55
56
|
#
|
56
57
|
def commands
|
57
|
-
{
|
58
|
+
all = {
|
58
59
|
"ipconfig" => "Display interfaces",
|
60
|
+
"ifconfig" => "Display interfaces",
|
59
61
|
"route" => "View and modify the routing table",
|
60
62
|
"portfwd" => "Forward a local port to a remote service",
|
61
63
|
}
|
64
|
+
reqs = {
|
65
|
+
"ipconfig" => [ "stdapi_net_config_get_interfaces" ],
|
66
|
+
"ifconfig" => [ "stdapi_net_config_get_interfaces" ],
|
67
|
+
"route" => [
|
68
|
+
# Also uses these, but we don't want to be unable to list them
|
69
|
+
# just because we can't alter them.
|
70
|
+
#"stdapi_net_config_add_route",
|
71
|
+
#"stdapi_net_config_remove_route",
|
72
|
+
"stdapi_net_config_get_routes"
|
73
|
+
],
|
74
|
+
# Only creates tcp channels, which is something whose availability
|
75
|
+
# we can't check directly at the moment.
|
76
|
+
"portfwd" => [ ],
|
77
|
+
}
|
78
|
+
|
79
|
+
all.delete_if do |cmd, desc|
|
80
|
+
del = false
|
81
|
+
reqs[cmd].each do |req|
|
82
|
+
next if client.commands.include? req
|
83
|
+
del = true
|
84
|
+
break
|
85
|
+
end
|
86
|
+
|
87
|
+
del
|
88
|
+
end
|
89
|
+
|
90
|
+
all
|
62
91
|
end
|
63
92
|
|
64
93
|
#
|
@@ -77,12 +106,14 @@ class Console::CommandDispatcher::Stdapi::Net
|
|
77
106
|
if (ifaces.length == 0)
|
78
107
|
print_line("No interfaces were found.")
|
79
108
|
else
|
80
|
-
|
109
|
+
ifaces.sort{|a,b| a.index <=> b.index}.each do |iface|
|
81
110
|
print("\n" + iface.pretty + "\n")
|
82
|
-
|
111
|
+
end
|
83
112
|
end
|
84
113
|
end
|
85
114
|
|
115
|
+
alias :cmd_ifconfig :cmd_ipconfig
|
116
|
+
|
86
117
|
#
|
87
118
|
# Displays or modifies the routing table on the remote machine.
|
88
119
|
#
|
@@ -114,25 +145,56 @@ class Console::CommandDispatcher::Stdapi::Net
|
|
114
145
|
when "list"
|
115
146
|
routes = client.net.config.routes
|
116
147
|
|
117
|
-
|
118
|
-
|
148
|
+
# IPv4
|
149
|
+
tbl = Rex::Ui::Text::Table.new(
|
150
|
+
'Header' => "IPv4 network routes",
|
151
|
+
'Indent' => 4,
|
152
|
+
'Columns' =>
|
153
|
+
[
|
154
|
+
"Subnet",
|
155
|
+
"Netmask",
|
156
|
+
"Gateway",
|
157
|
+
"Metric",
|
158
|
+
"Interface"
|
159
|
+
])
|
160
|
+
|
161
|
+
routes.select {|route|
|
162
|
+
Rex::Socket.is_ipv4?(route.netmask)
|
163
|
+
}.each { |route|
|
164
|
+
tbl << [ route.subnet, route.netmask, route.gateway, route.metric, route.interface ]
|
165
|
+
}
|
166
|
+
|
167
|
+
if tbl.rows.length > 0
|
168
|
+
print("\n" + tbl.to_s + "\n")
|
119
169
|
else
|
120
|
-
|
121
|
-
|
122
|
-
'Indent' => 4,
|
123
|
-
'Columns' =>
|
124
|
-
[
|
125
|
-
"Subnet",
|
126
|
-
"Netmask",
|
127
|
-
"Gateway"
|
128
|
-
])
|
129
|
-
|
130
|
-
routes.each { |route|
|
131
|
-
tbl << [ route.subnet, route.netmask, route.gateway ]
|
132
|
-
}
|
170
|
+
print_line("No IPv4 routes were found.")
|
171
|
+
end
|
133
172
|
|
173
|
+
# IPv6
|
174
|
+
tbl = Rex::Ui::Text::Table.new(
|
175
|
+
'Header' => "IPv6 network routes",
|
176
|
+
'Indent' => 4,
|
177
|
+
'Columns' =>
|
178
|
+
[
|
179
|
+
"Subnet",
|
180
|
+
"Netmask",
|
181
|
+
"Gateway",
|
182
|
+
"Metric",
|
183
|
+
"Interface"
|
184
|
+
])
|
185
|
+
|
186
|
+
routes.select {|route|
|
187
|
+
Rex::Socket.is_ipv6?(route.netmask)
|
188
|
+
}.each { |route|
|
189
|
+
tbl << [ route.subnet, route.netmask, route.gateway, route.metric, route.interface ]
|
190
|
+
}
|
191
|
+
|
192
|
+
if tbl.rows.length > 0
|
134
193
|
print("\n" + tbl.to_s + "\n")
|
194
|
+
else
|
195
|
+
print_line("No IPv6 routes were found.")
|
135
196
|
end
|
197
|
+
|
136
198
|
when "add"
|
137
199
|
# Satisfy check to see that formatting is correct
|
138
200
|
unless Rex::Socket::RangeWalker.new(args[0]).length == 1
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/post/meterpreter'
|
2
3
|
|
3
4
|
module Rex
|
@@ -48,23 +49,67 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
48
49
|
# List of supported commands.
|
49
50
|
#
|
50
51
|
def commands
|
51
|
-
{
|
52
|
-
"clearev"
|
53
|
-
"execute" => "Execute a command",
|
54
|
-
"getpid" => "Get the current process identifier",
|
55
|
-
"getuid" => "Get the user that the server is running as",
|
56
|
-
"getprivs" => "Attempt to enable all privileges available to the current process",
|
57
|
-
"kill" => "Terminate a process",
|
58
|
-
"ps" => "List running processes",
|
59
|
-
"reboot" => "Reboots the remote computer",
|
60
|
-
"reg" => "Modify and interact with the remote registry",
|
61
|
-
"rev2self" => "Calls RevertToSelf() on the remote machine",
|
62
|
-
"sysinfo" => "Gets information about the remote system, such as OS",
|
63
|
-
"shell" => "Drop into a system command shell",
|
64
|
-
"shutdown" => "Shuts down the remote computer",
|
65
|
-
"steal_token" => "Attempts to steal an impersonation token from the target process",
|
52
|
+
all = {
|
53
|
+
"clearev" => "Clear the event log",
|
66
54
|
"drop_token" => "Relinquishes any active impersonation token.",
|
55
|
+
"execute" => "Execute a command",
|
56
|
+
"getpid" => "Get the current process identifier",
|
57
|
+
"getprivs" => "Attempt to enable all privileges available to the current process",
|
58
|
+
"getuid" => "Get the user that the server is running as",
|
59
|
+
"kill" => "Terminate a process",
|
60
|
+
"ps" => "List running processes",
|
61
|
+
"reboot" => "Reboots the remote computer",
|
62
|
+
"reg" => "Modify and interact with the remote registry",
|
63
|
+
"rev2self" => "Calls RevertToSelf() on the remote machine",
|
64
|
+
"shell" => "Drop into a system command shell",
|
65
|
+
"shutdown" => "Shuts down the remote computer",
|
66
|
+
"steal_token" => "Attempts to steal an impersonation token from the target process",
|
67
|
+
"sysinfo" => "Gets information about the remote system, such as OS",
|
68
|
+
}
|
69
|
+
reqs = {
|
70
|
+
"clearev" => [ "stdapi_sys_eventlog_open", "stdapi_sys_eventlog_clear" ],
|
71
|
+
"drop_token" => [ "stdapi_sys_config_drop_token" ],
|
72
|
+
"execute" => [ "stdapi_sys_process_execute" ],
|
73
|
+
"getpid" => [ "stdapi_sys_process_getpid" ],
|
74
|
+
"getprivs" => [ "stdapi_sys_config_getprivs" ],
|
75
|
+
"getuid" => [ "stdapi_sys_config_getuid" ],
|
76
|
+
"kill" => [ "stdapi_sys_process_kill" ],
|
77
|
+
"ps" => [ "stdapi_sys_process_get_processes" ],
|
78
|
+
"reboot" => [ "stdapi_sys_power_exitwindows" ],
|
79
|
+
"reg" => [
|
80
|
+
"stdapi_registry_load_key",
|
81
|
+
"stdapi_registry_unload_key",
|
82
|
+
"stdapi_registry_open_key",
|
83
|
+
"stdapi_registry_open_remote_key",
|
84
|
+
"stdapi_registry_create_key",
|
85
|
+
"stdapi_registry_delete_key",
|
86
|
+
"stdapi_registry_close_key",
|
87
|
+
"stdapi_registry_enum_key",
|
88
|
+
"stdapi_registry_set_value",
|
89
|
+
"stdapi_registry_query_value",
|
90
|
+
"stdapi_registry_delete_value",
|
91
|
+
"stdapi_registry_query_class",
|
92
|
+
"stdapi_registry_enum_value",
|
93
|
+
],
|
94
|
+
"rev2self" => [ "stdapi_sys_config_rev2self" ],
|
95
|
+
"shell" => [ "stdapi_sys_process_execute" ],
|
96
|
+
"shutdown" => [ "stdapi_sys_power_exitwindows" ],
|
97
|
+
"steal_token" => [ "stdapi_sys_config_steal_token" ],
|
98
|
+
"sysinfo" => [ "stdapi_sys_config_sysinfo" ],
|
67
99
|
}
|
100
|
+
|
101
|
+
all.delete_if do |cmd, desc|
|
102
|
+
del = false
|
103
|
+
reqs[cmd].each do |req|
|
104
|
+
next if client.commands.include? req
|
105
|
+
del = true
|
106
|
+
break
|
107
|
+
end
|
108
|
+
|
109
|
+
del
|
110
|
+
end
|
111
|
+
|
112
|
+
all
|
68
113
|
end
|
69
114
|
|
70
115
|
#
|
@@ -153,12 +198,21 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
153
198
|
# Drop into a system shell as specified by %COMSPEC% or
|
154
199
|
# as appropriate for the host.
|
155
200
|
def cmd_shell(*args)
|
156
|
-
|
201
|
+
case client.platform
|
202
|
+
when /win/
|
157
203
|
path = client.fs.file.expand_path("%COMSPEC%")
|
158
204
|
path = (path and not path.empty?) ? path : "cmd.exe"
|
159
205
|
cmd_execute("-f", path, "-c", "-H", "-i", "-t")
|
206
|
+
when /linux/
|
207
|
+
# Don't expand_path() this because it's literal anyway
|
208
|
+
path = "/bin/sh"
|
209
|
+
cmd_execute("-f", path, "-c", "-i")
|
160
210
|
else
|
161
|
-
|
211
|
+
# Then this is a multi-platform meterpreter (php or java), which
|
212
|
+
# must special-case COMSPEC to return the system-specific shell.
|
213
|
+
path = client.fs.file.expand_path("%COMSPEC%")
|
214
|
+
# If that failed for whatever reason, guess it's unix
|
215
|
+
path = (path and not path.empty?) ? path : "/bin/sh"
|
162
216
|
cmd_execute("-f", path, "-c", "-i")
|
163
217
|
end
|
164
218
|
end
|
@@ -220,38 +274,13 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
220
274
|
#
|
221
275
|
def cmd_ps(*args)
|
222
276
|
processes = client.sys.process.get_processes
|
223
|
-
tbl = Rex::Ui::Text::Table.new(
|
224
|
-
'Header' => "Process list",
|
225
|
-
'Indent' => 1,
|
226
|
-
'Columns' =>
|
227
|
-
[
|
228
|
-
"PID",
|
229
|
-
"Name",
|
230
|
-
"Arch",
|
231
|
-
"Session",
|
232
|
-
"User",
|
233
|
-
"Path"
|
234
|
-
])
|
235
|
-
|
236
|
-
processes.each { |ent|
|
237
|
-
|
238
|
-
session = ent['session'] == 0xFFFFFFFF ? '' : ent['session'].to_s
|
239
|
-
arch = ent['arch']
|
240
|
-
|
241
|
-
# for display and consistency with payload naming we switch the internal 'x86_64' value to display 'x64'
|
242
|
-
if( arch == ARCH_X86_64 )
|
243
|
-
arch = "x64"
|
244
|
-
end
|
245
|
-
|
246
|
-
tbl << [ ent['pid'].to_s, ent['name'], arch, session, ent['user'], ent['path'] ]
|
247
|
-
}
|
248
|
-
|
249
277
|
if (processes.length == 0)
|
250
278
|
print_line("No running processes were found.")
|
251
279
|
else
|
252
|
-
|
280
|
+
print_line
|
281
|
+
print_line(processes.to_table("Indent" => 1).to_s)
|
282
|
+
print_line
|
253
283
|
end
|
254
|
-
|
255
284
|
return true
|
256
285
|
end
|
257
286
|
|
@@ -299,7 +328,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
299
328
|
" queryclass Queries the class of the supplied key [-k <key>]\n" +
|
300
329
|
" setval Set a registry value [-k <key> -v <val> -d <data>]\n" +
|
301
330
|
" deleteval Delete the supplied registry value [-k <key> -v <val>]\n" +
|
302
|
-
" queryval Queries the data contents of a value [-k <key> -v <val>]\n\n")
|
331
|
+
" queryval Queries the data contents of a value [-k <key> -v <val>]\n\n")
|
303
332
|
return false
|
304
333
|
when "-k"
|
305
334
|
key = val
|
@@ -333,7 +362,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
333
362
|
# Rock it
|
334
363
|
case cmd
|
335
364
|
when "enumkey"
|
336
|
-
|
365
|
+
|
337
366
|
open_key = nil
|
338
367
|
if not rem
|
339
368
|
open_key = client.sys.registry.open_key(root_key, base_key, KEY_READ + wowflag)
|
@@ -383,7 +412,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|
383
412
|
if remote_key
|
384
413
|
open_key = remote_key.create_key(base_key, KEY_WRITE + wowflag)
|
385
414
|
end
|
386
|
-
end
|
415
|
+
end
|
387
416
|
|
388
417
|
print_line("Successfully created key: #{key}")
|
389
418
|
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/post/meterpreter'
|
2
3
|
|
3
4
|
module Rex
|
@@ -20,20 +21,50 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
20
21
|
# List of supported commands.
|
21
22
|
#
|
22
23
|
def commands
|
23
|
-
{
|
24
|
-
"idletime" => "Returns the number of seconds the remote user has been idle",
|
25
|
-
"uictl" => "Control some of the user interface components",
|
24
|
+
all = {
|
26
25
|
"enumdesktops" => "List all accessible desktops and window stations",
|
27
26
|
"getdesktop" => "Get the current meterpreter desktop",
|
28
|
-
"
|
27
|
+
"idletime" => "Returns the number of seconds the remote user has been idle",
|
28
|
+
"keyscan_dump" => "Dump the keystroke buffer",
|
29
29
|
"keyscan_start" => "Start capturing keystrokes",
|
30
30
|
"keyscan_stop" => "Stop capturing keystrokes",
|
31
|
-
"keyscan_dump" => "Dump the keystroke buffer",
|
32
31
|
"screenshot" => "Grab a screenshot of the interactive desktop",
|
32
|
+
"setdesktop" => "Change the meterpreters current desktop",
|
33
|
+
"uictl" => "Control some of the user interface components",
|
33
34
|
|
34
35
|
# not working yet
|
35
36
|
# "unlockdesktop" => "Unlock or lock the workstation (must be inside winlogon.exe)",
|
36
37
|
}
|
38
|
+
|
39
|
+
reqs = {
|
40
|
+
"enumdesktops" => [ "stdapi_ui_desktop_enum" ],
|
41
|
+
"getdesktop" => [ "stdapi_ui_desktop_get" ],
|
42
|
+
"idletime" => [ "stdapi_ui_get_idle_time" ],
|
43
|
+
"keyscan_dump" => [ "stdapi_ui_get_keys" ],
|
44
|
+
"keyscan_start" => [ "stdapi_ui_start_keyscan" ],
|
45
|
+
"keyscan_stop" => [ "stdapi_ui_stop_keyscan" ],
|
46
|
+
"screenshot" => [ "stdapi_ui_desktop_screenshot" ],
|
47
|
+
"setdesktop" => [ "stdapi_ui_desktop_set" ],
|
48
|
+
"uictl" => [
|
49
|
+
"stdapi_ui_enable_mouse",
|
50
|
+
"stdapi_ui_disable_mouse",
|
51
|
+
"stdapi_ui_enable_keyboard",
|
52
|
+
"stdapi_ui_disable_keyboard",
|
53
|
+
],
|
54
|
+
}
|
55
|
+
|
56
|
+
all.delete_if do |cmd, desc|
|
57
|
+
del = false
|
58
|
+
reqs[cmd].each do |req|
|
59
|
+
next if client.commands.include? req
|
60
|
+
del = true
|
61
|
+
break
|
62
|
+
end
|
63
|
+
|
64
|
+
del
|
65
|
+
end
|
66
|
+
|
67
|
+
all
|
37
68
|
end
|
38
69
|
|
39
70
|
#
|
@@ -51,7 +82,7 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
51
82
|
|
52
83
|
print_line(
|
53
84
|
"User has been idle for: #{Rex::ExtTime.sec_to_s(seconds)}")
|
54
|
-
|
85
|
+
|
55
86
|
return true
|
56
87
|
end
|
57
88
|
|
@@ -94,7 +125,7 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
94
125
|
|
95
126
|
return true
|
96
127
|
end
|
97
|
-
|
128
|
+
|
98
129
|
#
|
99
130
|
# Grab a screenshot of the current interactive desktop.
|
100
131
|
#
|
@@ -102,14 +133,14 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
102
133
|
path = Rex::Text.rand_text_alpha(8) + ".jpeg"
|
103
134
|
quality = 50
|
104
135
|
view = true
|
105
|
-
|
136
|
+
|
106
137
|
screenshot_opts = Rex::Parser::Arguments.new(
|
107
138
|
"-h" => [ false, "Help Banner." ],
|
108
139
|
"-q" => [ true, "The JPEG image quality (Default: '#{quality}')" ],
|
109
140
|
"-p" => [ true, "The JPEG image path (Default: '#{path}')" ],
|
110
141
|
"-v" => [ true, "Automatically view the JPEG image (Default: '#{view}')" ]
|
111
142
|
)
|
112
|
-
|
143
|
+
|
113
144
|
screenshot_opts.parse( args ) { | opt, idx, val |
|
114
145
|
case opt
|
115
146
|
when "-h"
|
@@ -125,32 +156,32 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
125
156
|
view = false if ( val =~ /^(f|n|0)/i )
|
126
157
|
end
|
127
158
|
}
|
128
|
-
|
159
|
+
|
129
160
|
data = client.ui.screenshot( quality )
|
130
|
-
|
161
|
+
|
131
162
|
if( data )
|
132
163
|
::File.open( path, 'wb' ) do |fd|
|
133
164
|
fd.write( data )
|
134
165
|
end
|
135
|
-
|
166
|
+
|
136
167
|
path = ::File.expand_path( path )
|
137
|
-
|
168
|
+
|
138
169
|
print_line( "Screenshot saved to: #{path}" )
|
139
|
-
|
170
|
+
|
140
171
|
Rex::Compat.open_file( path ) if view
|
141
172
|
end
|
142
|
-
|
173
|
+
|
143
174
|
return true
|
144
175
|
end
|
145
|
-
|
176
|
+
|
146
177
|
#
|
147
178
|
# Enumerate desktops
|
148
179
|
#
|
149
180
|
def cmd_enumdesktops(*args)
|
150
181
|
print_line( "Enumerating all accessible desktops" )
|
151
|
-
|
182
|
+
|
152
183
|
desktops = client.ui.enum_desktops
|
153
|
-
|
184
|
+
|
154
185
|
desktopstable = Rex::Ui::Text::Table.new(
|
155
186
|
'Header' => "Desktops",
|
156
187
|
'Indent' => 4,
|
@@ -159,18 +190,18 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
159
190
|
"Name"
|
160
191
|
]
|
161
192
|
)
|
162
|
-
|
193
|
+
|
163
194
|
desktops.each { | desktop |
|
164
195
|
session = desktop['session'] == 0xFFFFFFFF ? '' : desktop['session'].to_s
|
165
196
|
desktopstable << [ session, desktop['station'], desktop['name'] ]
|
166
197
|
}
|
167
|
-
|
198
|
+
|
168
199
|
if( desktops.length == 0 )
|
169
200
|
print_line( "No accessible desktops were found." )
|
170
201
|
else
|
171
202
|
print( "\n" + desktopstable.to_s + "\n" )
|
172
203
|
end
|
173
|
-
|
204
|
+
|
174
205
|
return true
|
175
206
|
end
|
176
207
|
|
@@ -178,26 +209,26 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
178
209
|
# Get the current meterpreter desktop.
|
179
210
|
#
|
180
211
|
def cmd_getdesktop(*args)
|
181
|
-
|
212
|
+
|
182
213
|
desktop = client.ui.get_desktop
|
183
|
-
|
214
|
+
|
184
215
|
session = desktop['session'] == 0xFFFFFFFF ? '' : "Session #{desktop['session'].to_s}\\"
|
185
|
-
|
216
|
+
|
186
217
|
print_line( "#{session}#{desktop['station']}\\#{desktop['name']}" )
|
187
|
-
|
218
|
+
|
188
219
|
return true
|
189
220
|
end
|
190
|
-
|
221
|
+
|
191
222
|
#
|
192
223
|
# Change the meterpreters current desktop.
|
193
224
|
#
|
194
225
|
def cmd_setdesktop( *args )
|
195
|
-
|
226
|
+
|
196
227
|
switch = false
|
197
228
|
dsession = -1
|
198
229
|
dstation = 'WinSta0'
|
199
230
|
dname = 'Default'
|
200
|
-
|
231
|
+
|
201
232
|
setdesktop_opts = Rex::Parser::Arguments.new(
|
202
233
|
"-h" => [ false, "Help Banner." ],
|
203
234
|
#"-s" => [ true, "The session (Default: '#{dsession}')" ],
|
@@ -205,7 +236,7 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
205
236
|
"-n" => [ true, "The desktop name (Default: '#{dname}')" ],
|
206
237
|
"-i" => [ true, "Set this desktop as the interactive desktop (Default: '#{switch}')" ]
|
207
238
|
)
|
208
|
-
|
239
|
+
|
209
240
|
setdesktop_opts.parse( args ) { | opt, idx, val |
|
210
241
|
case opt
|
211
242
|
when "-h"
|
@@ -223,15 +254,15 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
223
254
|
switch = true if ( val =~ /^(t|y|1)/i )
|
224
255
|
end
|
225
256
|
}
|
226
|
-
|
257
|
+
|
227
258
|
if( client.ui.set_desktop( dsession, dstation, dname, switch ) )
|
228
259
|
print_line( "#{ switch ? 'Switched' : 'Changed' } to desktop #{dstation}\\#{dname}" )
|
229
260
|
else
|
230
261
|
print_line( "Failed to #{ switch ? 'switch' : 'change' } to desktop #{dstation}\\#{dname}" )
|
231
262
|
end
|
232
|
-
|
263
|
+
|
233
264
|
return true
|
234
|
-
end
|
265
|
+
end
|
235
266
|
|
236
267
|
#
|
237
268
|
# Unlock or lock the desktop
|
@@ -241,18 +272,18 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
241
272
|
if(args.length > 0)
|
242
273
|
mode = args[0].to_i
|
243
274
|
end
|
244
|
-
|
275
|
+
|
245
276
|
if(mode == 0)
|
246
277
|
print_line("Unlocking the workstation...")
|
247
278
|
client.ui.unlock_desktop(true)
|
248
279
|
else
|
249
280
|
print_line("Locking the workstation...")
|
250
|
-
client.ui.unlock_desktop(false)
|
281
|
+
client.ui.unlock_desktop(false)
|
251
282
|
end
|
252
283
|
|
253
284
|
return true
|
254
|
-
end
|
255
|
-
|
285
|
+
end
|
286
|
+
|
256
287
|
#
|
257
288
|
# Start the keyboard sniffer
|
258
289
|
#
|
@@ -260,8 +291,8 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
260
291
|
print_line("Starting the keystroke sniffer...")
|
261
292
|
client.ui.keyscan_start
|
262
293
|
return true
|
263
|
-
end
|
264
|
-
|
294
|
+
end
|
295
|
+
|
265
296
|
#
|
266
297
|
# Stop the keyboard sniffer
|
267
298
|
#
|
@@ -269,7 +300,7 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
269
300
|
print_line("Stopping the keystroke sniffer...")
|
270
301
|
client.ui.keyscan_stop
|
271
302
|
return true
|
272
|
-
end
|
303
|
+
end
|
273
304
|
|
274
305
|
#
|
275
306
|
# Dump captured keystrokes
|
@@ -278,9 +309,9 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|
278
309
|
print_line("Dumping captured keystrokes...")
|
279
310
|
data = client.ui.keyscan_dump
|
280
311
|
print_line(client.ui.keyscan_extract(data))
|
281
|
-
|
312
|
+
|
282
313
|
return true
|
283
|
-
end
|
314
|
+
end
|
284
315
|
|
285
316
|
end
|
286
317
|
|