librex 0.0.65 → 0.0.66
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +1 -1
- data/lib/rex/arch.rb +1 -0
- data/lib/rex/arch/sparc.rb +16 -15
- data/lib/rex/arch/sparc.rb.ut.rb +2 -1
- data/lib/rex/arch/x86.rb +1 -0
- data/lib/rex/arch/x86.rb.ut.rb +2 -1
- data/lib/rex/assembly/nasm.rb +1 -0
- data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
- data/lib/rex/compat.rb +13 -0
- data/lib/rex/constants.rb +5 -4
- data/lib/rex/elfparsey.rb +3 -2
- data/lib/rex/elfparsey/elf.rb +2 -1
- data/lib/rex/elfparsey/elfbase.rb +8 -7
- data/lib/rex/elfparsey/exceptions.rb +3 -2
- data/lib/rex/elfscan.rb +3 -2
- data/lib/rex/elfscan/scanner.rb +2 -1
- data/lib/rex/elfscan/search.rb +2 -1
- data/lib/rex/encoder/alpha2.rb +2 -1
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
- data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
- data/lib/rex/encoder/alpha2/generic.rb +37 -60
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
- data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
- data/lib/rex/encoder/ndr.rb +1 -0
- data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
- data/lib/rex/encoder/nonalpha.rb +1 -0
- data/lib/rex/encoder/nonupper.rb +1 -0
- data/lib/rex/encoder/xdr.rb +9 -8
- data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
- data/lib/rex/encoder/xor.rb +1 -0
- data/lib/rex/encoder/xor/dword.rb +2 -1
- data/lib/rex/encoder/xor/dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword.rb +1 -0
- data/lib/rex/encoders/xor_dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor.rb +2 -1
- data/lib/rex/encoding/xor.rb.ts.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword_additive.rb +1 -0
- data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/exceptions.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/qword.rb +2 -1
- data/lib/rex/encoding/xor/word.rb +2 -1
- data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
- data/lib/rex/exceptions.rb +1 -0
- data/lib/rex/exceptions.rb.ut.rb +2 -1
- data/lib/rex/exploitation/cmdstager.rb +2 -1
- data/lib/rex/exploitation/cmdstager/base.rb +1 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
- data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
- data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
- data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
- data/lib/rex/exploitation/egghunter.rb +12 -11
- data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
- data/lib/rex/exploitation/encryptjs.rb +1 -0
- data/lib/rex/exploitation/heaplib.rb +1 -0
- data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
- data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
- data/lib/rex/exploitation/jsobfu.rb +2 -1
- data/lib/rex/exploitation/obfuscatejs.rb +1 -0
- data/lib/rex/exploitation/omelet.rb +1 -0
- data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
- data/lib/rex/exploitation/opcodedb.rb +12 -11
- data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
- data/lib/rex/exploitation/seh.rb +3 -2
- data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
- data/lib/rex/file.rb +4 -3
- data/lib/rex/file.rb.ut.rb +2 -1
- data/lib/rex/image_source.rb +3 -2
- data/lib/rex/image_source/disk.rb +3 -2
- data/lib/rex/image_source/image_source.rb +3 -2
- data/lib/rex/image_source/memory.rb +3 -2
- data/lib/rex/io/bidirectional_pipe.rb +1 -0
- data/lib/rex/io/datagram_abstraction.rb +2 -1
- data/lib/rex/io/ring_buffer.rb +49 -44
- data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
- data/lib/rex/io/stream.rb +1 -0
- data/lib/rex/io/stream_abstraction.rb +1 -0
- data/lib/rex/io/stream_server.rb +1 -0
- data/lib/rex/job_container.rb +1 -0
- data/lib/rex/logging.rb +2 -1
- data/lib/rex/logging/log_dispatcher.rb +5 -4
- data/lib/rex/logging/log_sink.rb +2 -1
- data/lib/rex/logging/sinks/flatfile.rb +4 -3
- data/lib/rex/logging/sinks/stderr.rb +2 -1
- data/lib/rex/machparsey.rb +2 -1
- data/lib/rex/machparsey/exceptions.rb +2 -1
- data/lib/rex/machparsey/mach.rb +20 -19
- data/lib/rex/machparsey/machbase.rb +27 -26
- data/lib/rex/machscan.rb +2 -1
- data/lib/rex/machscan/scanner.rb +1 -0
- data/lib/rex/mime.rb +2 -1
- data/lib/rex/mime/header.rb +1 -0
- data/lib/rex/mime/message.rb +4 -1
- data/lib/rex/mime/part.rb +2 -1
- data/lib/rex/nop/opty2.rb +2 -1
- data/lib/rex/nop/opty2.rb.ut.rb +2 -1
- data/lib/rex/nop/opty2_tables.rb +1 -0
- data/lib/rex/ole.rb +3 -2
- data/lib/rex/ole/clsid.rb +3 -2
- data/lib/rex/ole/difat.rb +3 -2
- data/lib/rex/ole/directory.rb +3 -2
- data/lib/rex/ole/direntry.rb +3 -2
- data/lib/rex/ole/fat.rb +3 -2
- data/lib/rex/ole/header.rb +3 -2
- data/lib/rex/ole/minifat.rb +3 -2
- data/lib/rex/ole/propset.rb +4 -3
- data/lib/rex/ole/samples/create_ole.rb +1 -0
- data/lib/rex/ole/samples/dir.rb +1 -0
- data/lib/rex/ole/samples/dump_stream.rb +1 -0
- data/lib/rex/ole/samples/ole_info.rb +1 -0
- data/lib/rex/ole/storage.rb +3 -2
- data/lib/rex/ole/stream.rb +3 -2
- data/lib/rex/ole/substorage.rb +3 -2
- data/lib/rex/ole/util.rb +3 -2
- data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
- data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
- data/lib/rex/parser/appscan_nokogiri.rb +17 -16
- data/lib/rex/parser/arguments.rb +2 -1
- data/lib/rex/parser/arguments.rb.ut.rb +2 -1
- data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
- data/lib/rex/parser/ci_nokogiri.rb +4 -3
- data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/ini.rb +1 -0
- data/lib/rex/parser/ini.rb.ut.rb +2 -1
- data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
- data/lib/rex/parser/ip360_xml.rb +4 -3
- data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
- data/lib/rex/parser/nessus_xml.rb +3 -2
- data/lib/rex/parser/netsparker_xml.rb +10 -9
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
- data/lib/rex/parser/nexpose_xml.rb +1 -0
- data/lib/rex/parser/nmap_nokogiri.rb +63 -33
- data/lib/rex/parser/nmap_xml.rb +1 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/retina_xml.rb +1 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -1
- data/lib/rex/payloads/win32.rb +2 -1
- data/lib/rex/payloads/win32/common.rb +2 -1
- data/lib/rex/payloads/win32/kernel.rb +2 -1
- data/lib/rex/payloads/win32/kernel/common.rb +4 -3
- data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
- data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
- data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
- data/lib/rex/peparsey.rb +3 -2
- data/lib/rex/peparsey/exceptions.rb +2 -1
- data/lib/rex/peparsey/pe.rb +3 -2
- data/lib/rex/peparsey/pe_memdump.rb +2 -1
- data/lib/rex/peparsey/pebase.rb +2 -1
- data/lib/rex/peparsey/section.rb +2 -1
- data/lib/rex/pescan.rb +3 -2
- data/lib/rex/pescan/analyze.rb +1 -0
- data/lib/rex/pescan/scanner.rb +1 -0
- data/lib/rex/pescan/search.rb +1 -0
- data/lib/rex/platforms.rb +2 -1
- data/lib/rex/platforms/windows.rb +2 -1
- data/lib/rex/poly.rb +2 -1
- data/lib/rex/poly/block.rb +16 -15
- data/lib/rex/poly/register.rb +2 -1
- data/lib/rex/poly/register/x86.rb +2 -1
- data/lib/rex/post.rb +2 -2
- data/lib/rex/post/dir.rb +2 -1
- data/lib/rex/post/file.rb +1 -0
- data/lib/rex/post/file_stat.rb +1 -0
- data/lib/rex/post/io.rb +2 -1
- data/lib/rex/post/meterpreter.rb +2 -1
- data/lib/rex/post/meterpreter/channel.rb +1 -0
- data/lib/rex/post/meterpreter/channel_container.rb +2 -1
- data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
- data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
- data/lib/rex/post/meterpreter/client.rb +23 -1
- data/lib/rex/post/meterpreter/client_core.rb +10 -5
- data/lib/rex/post/meterpreter/dependencies.rb +2 -1
- data/lib/rex/post/meterpreter/extension.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
- data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
- data/lib/rex/post/meterpreter/packet.rb +26 -6
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
- data/lib/rex/post/permission.rb +2 -1
- data/lib/rex/post/process.rb +2 -1
- data/lib/rex/post/thread.rb +2 -1
- data/lib/rex/post/ui.rb +2 -1
- data/lib/rex/proto.rb +1 -0
- data/lib/rex/proto.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc.rb +2 -1
- data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc/client.rb +1 -0
- data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
- data/lib/rex/proto/dcerpc/handle.rb +1 -0
- data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/packet.rb +52 -45
- data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
- data/lib/rex/proto/dcerpc/response.rb +1 -0
- data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/uuid.rb +13 -12
- data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
- data/lib/rex/proto/dhcp.rb +2 -1
- data/lib/rex/proto/dhcp/constants.rb +2 -1
- data/lib/rex/proto/dhcp/server.rb +4 -3
- data/lib/rex/proto/drda.rb +1 -0
- data/lib/rex/proto/drda.rb.ts.rb +1 -0
- data/lib/rex/proto/drda/constants.rb +1 -0
- data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
- data/lib/rex/proto/drda/packet.rb +11 -10
- data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
- data/lib/rex/proto/drda/utils.rb +4 -3
- data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
- data/lib/rex/proto/http.rb +2 -1
- data/lib/rex/proto/http.rb.ts.rb +2 -1
- data/lib/rex/proto/http/client.rb +29 -5
- data/lib/rex/proto/http/client.rb.ut.rb +1 -0
- data/lib/rex/proto/http/handler.rb +2 -1
- data/lib/rex/proto/http/handler/erb.rb +5 -4
- data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
- data/lib/rex/proto/http/handler/proc.rb +1 -0
- data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
- data/lib/rex/proto/http/header.rb +3 -3
- data/lib/rex/proto/http/header.rb.ut.rb +2 -1
- data/lib/rex/proto/http/packet.rb +1 -0
- data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
- data/lib/rex/proto/http/request.rb +23 -22
- data/lib/rex/proto/http/request.rb.ut.rb +2 -1
- data/lib/rex/proto/http/response.rb +6 -5
- data/lib/rex/proto/http/response.rb.ut.rb +7 -6
- data/lib/rex/proto/http/server.rb +1 -0
- data/lib/rex/proto/http/server.rb.ut.rb +6 -5
- data/lib/rex/proto/iax2.rb +1 -0
- data/lib/rex/proto/iax2/call.rb +48 -47
- data/lib/rex/proto/iax2/client.rb +23 -22
- data/lib/rex/proto/iax2/codecs.rb +1 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
- data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
- data/lib/rex/proto/iax2/constants.rb +1 -0
- data/lib/rex/proto/natpmp.rb +11 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +1 -0
- data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
- data/lib/rex/proto/ntlm/base.rb +38 -37
- data/lib/rex/proto/ntlm/constants.rb +1 -0
- data/lib/rex/proto/ntlm/crypt.rb +45 -44
- data/lib/rex/proto/ntlm/exceptions.rb +1 -0
- data/lib/rex/proto/ntlm/message.rb +30 -29
- data/lib/rex/proto/ntlm/utils.rb +116 -115
- data/lib/rex/proto/proxy/socks4a.rb +1 -0
- data/lib/rex/proto/rfb.rb +1 -0
- data/lib/rex/proto/rfb.rb.ut.rb +1 -0
- data/lib/rex/proto/rfb/cipher.rb +1 -0
- data/lib/rex/proto/rfb/client.rb +1 -0
- data/lib/rex/proto/rfb/constants.rb +1 -0
- data/lib/rex/proto/smb.rb +2 -1
- data/lib/rex/proto/smb.rb.ts.rb +2 -1
- data/lib/rex/proto/smb/client.rb +23 -22
- data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/constants.rb +1 -0
- data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
- data/lib/rex/proto/smb/crypt.rb +3 -2
- data/lib/rex/proto/smb/evasions.rb +1 -0
- data/lib/rex/proto/smb/exceptions.rb +6 -5
- data/lib/rex/proto/smb/simpleclient.rb +1 -0
- data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/utils.rb +1 -0
- data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
- data/lib/rex/proto/sunrpc.rb +1 -0
- data/lib/rex/proto/sunrpc/client.rb +1 -0
- data/lib/rex/proto/tftp.rb +3 -1
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +2 -1
- data/lib/rex/proto/tftp/server.rb +2 -1
- data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +2 -1
- data/lib/rex/ropbuilder/rop.rb +3 -2
- data/lib/rex/script.rb +1 -0
- data/lib/rex/script/base.rb +1 -0
- data/lib/rex/script/meterpreter.rb +1 -0
- data/lib/rex/script/shell.rb +1 -0
- data/lib/rex/service.rb +2 -1
- data/lib/rex/service_manager.rb +6 -5
- data/lib/rex/service_manager.rb.ut.rb +2 -1
- data/lib/rex/services/local_relay.rb +1 -0
- data/lib/rex/socket.rb +72 -36
- data/lib/rex/socket.rb.ut.rb +1 -0
- data/lib/rex/socket/comm.rb +1 -0
- data/lib/rex/socket/comm/local.rb +60 -13
- data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
- data/lib/rex/socket/ip.rb +1 -0
- data/lib/rex/socket/parameters.rb +15 -14
- data/lib/rex/socket/parameters.rb.ut.rb +2 -1
- data/lib/rex/socket/range_walker.rb +71 -26
- data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp.rb +1 -0
- data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp_server.rb +1 -0
- data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/switch_board.rb +1 -0
- data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp.rb +4 -3
- data/lib/rex/socket/tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp_server.rb +1 -0
- data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
- data/lib/rex/socket/udp.rb +2 -1
- data/lib/rex/socket/udp.rb.ut.rb +2 -1
- data/lib/rex/struct2.rb +2 -1
- data/lib/rex/struct2/c_struct.rb +2 -1
- data/lib/rex/struct2/c_struct_template.rb +2 -1
- data/lib/rex/struct2/constant.rb +2 -1
- data/lib/rex/struct2/element.rb +2 -1
- data/lib/rex/struct2/generic.rb +1 -0
- data/lib/rex/struct2/restraint.rb +2 -1
- data/lib/rex/struct2/s_string.rb +1 -0
- data/lib/rex/struct2/s_struct.rb +1 -0
- data/lib/rex/sync.rb +2 -1
- data/lib/rex/sync/event.rb +1 -0
- data/lib/rex/sync/read_write_lock.rb +1 -0
- data/lib/rex/sync/ref.rb +2 -1
- data/lib/rex/sync/thread_safe.rb +2 -1
- data/lib/rex/test.rb +2 -1
- data/lib/rex/text.rb +136 -19
- data/lib/rex/text.rb.ut.rb +1 -0
- data/lib/rex/thread_factory.rb +5 -4
- data/lib/rex/time.rb +2 -1
- data/lib/rex/transformer.rb +1 -0
- data/lib/rex/transformer.rb.ut.rb +2 -1
- data/lib/rex/ui.rb +2 -1
- data/lib/rex/ui/interactive.rb +10 -9
- data/lib/rex/ui/output.rb +1 -0
- data/lib/rex/ui/output/none.rb +2 -1
- data/lib/rex/ui/progress_tracker.rb +2 -1
- data/lib/rex/ui/subscriber.rb +9 -8
- data/lib/rex/ui/text/color.rb +1 -0
- data/lib/rex/ui/text/color.rb.ut.rb +1 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
- data/lib/rex/ui/text/input.rb +1 -0
- data/lib/rex/ui/text/input/buffer.rb +7 -6
- data/lib/rex/ui/text/input/readline.rb +14 -13
- data/lib/rex/ui/text/input/socket.rb +1 -0
- data/lib/rex/ui/text/input/stdio.rb +2 -1
- data/lib/rex/ui/text/irb_shell.rb +1 -0
- data/lib/rex/ui/text/output.rb +1 -0
- data/lib/rex/ui/text/output/buffer.rb +1 -0
- data/lib/rex/ui/text/output/file.rb +1 -0
- data/lib/rex/ui/text/output/socket.rb +1 -0
- data/lib/rex/ui/text/output/stdio.rb +1 -0
- data/lib/rex/ui/text/output/tee.rb +1 -0
- data/lib/rex/ui/text/progress_tracker.rb +2 -1
- data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
- data/lib/rex/ui/text/shell.rb +1 -0
- data/lib/rex/ui/text/table.rb +20 -14
- data/lib/rex/ui/text/table.rb.ut.rb +3 -2
- data/lib/rex/zip.rb +1 -0
- data/lib/rex/zip/archive.rb +2 -1
- data/lib/rex/zip/blocks.rb +3 -2
- data/lib/rex/zip/entry.rb +6 -7
- data/lib/rex/zip/jar.rb +4 -3
- data/lib/rex/zip/samples/comment.rb +1 -0
- data/lib/rex/zip/samples/mkwar.rb +1 -0
- data/lib/rex/zip/samples/mkzip.rb +1 -0
- data/lib/rex/zip/samples/recursive.rb +1 -0
- metadata +433 -435
@@ -1,8 +1,9 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
module Rex
|
2
3
|
module Proto
|
3
4
|
module IAX2
|
4
5
|
module Codecs
|
5
|
-
class G711
|
6
|
+
class G711
|
6
7
|
|
7
8
|
=begin
|
8
9
|
|
@@ -31,7 +32,7 @@ class G711
|
|
31
32
|
* implied warranty.
|
32
33
|
*/
|
33
34
|
|
34
|
-
=end
|
35
|
+
=end
|
35
36
|
|
36
37
|
LOOKUP_ALAW2LIN16 = [
|
37
38
|
-5504, -5248, -6016, -5760, -4480, -4224, -4992,
|
@@ -2167,7 +2168,7 @@ LOOKUP_LIN2ULAW = [
|
|
2167
2168
|
0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
|
2168
2169
|
0x80, 0x80, 0x80, 0x80
|
2169
2170
|
]
|
2170
|
-
|
2171
|
+
|
2171
2172
|
end
|
2172
2173
|
end
|
2173
2174
|
end
|
@@ -0,0 +1,45 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
##
|
3
|
+
#
|
4
|
+
# NAT-PMP protocol support
|
5
|
+
#
|
6
|
+
# by Jon Hart <jhart@spoofed.org>
|
7
|
+
#
|
8
|
+
##
|
9
|
+
|
10
|
+
module Rex
|
11
|
+
module Proto
|
12
|
+
module NATPMP
|
13
|
+
|
14
|
+
# Return a NAT-PMP request to get the external address.
|
15
|
+
def self.external_address_request
|
16
|
+
[ 0, 0 ].pack('nn')
|
17
|
+
end
|
18
|
+
|
19
|
+
# Parse a NAT-PMP external address response +resp+.
|
20
|
+
# Returns the decoded parts of the response as an array.
|
21
|
+
def self.parse_external_address_response(resp)
|
22
|
+
(ver, op, result, epoch, addr) = resp.unpack("CCSLN")
|
23
|
+
[ ver, op, result, epoch, Rex::Socket::addr_itoa(addr) ]
|
24
|
+
end
|
25
|
+
|
26
|
+
# Return a NAT-PMP request to map remote port +rport+/+protocol+ to local port +lport+ for +lifetime+ ms
|
27
|
+
def self.map_port_request(lport, rport, protocol, lifetime)
|
28
|
+
[ Rex::Proto::NATPMP::Version, # version
|
29
|
+
protocol, # opcode, which is now the protocol we are asking to forward
|
30
|
+
0, # reserved
|
31
|
+
lport,
|
32
|
+
rport,
|
33
|
+
lifetime
|
34
|
+
].pack("ccnnnN")
|
35
|
+
end
|
36
|
+
|
37
|
+
# Parse a NAT-PMP mapping response +resp+.
|
38
|
+
# Returns the decoded parts as an array.
|
39
|
+
def self.parse_map_port_response(resp)
|
40
|
+
resp.unpack("CCSLnnN")
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
end
|
45
|
+
end
|
data/lib/rex/proto/ntlm.rb
CHANGED
data/lib/rex/proto/ntlm.rb.ut.rb
CHANGED
data/lib/rex/proto/ntlm/base.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
#
|
2
3
|
# An NTLM Authentication Library for Ruby
|
3
4
|
#
|
@@ -6,7 +7,7 @@
|
|
6
7
|
# http://jp.rubyist.net/magazine/?0013-CodeReview
|
7
8
|
# -------------------------------------------------------------
|
8
9
|
# Copyright (c) 2005,2006 yrock
|
9
|
-
#
|
10
|
+
#
|
10
11
|
# This program is free software.
|
11
12
|
# You can distribute/modify this program under the terms of the
|
12
13
|
# Ruby License.
|
@@ -18,8 +19,8 @@
|
|
18
19
|
# -------------------------------------------------------------
|
19
20
|
#
|
20
21
|
# All protocol information used to write this code stems from
|
21
|
-
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
22
|
-
# would thank to him for this tremendous work and making it
|
22
|
+
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
23
|
+
# would thank to him for this tremendous work and making it
|
23
24
|
# available on the net.
|
24
25
|
# http://davenport.sourceforge.net/ntlm.html
|
25
26
|
# -------------------------------------------------------------
|
@@ -28,7 +29,7 @@
|
|
28
29
|
# Permission to use, copy, modify, and distribute this document
|
29
30
|
# for any purpose and without any fee is hereby granted,
|
30
31
|
# provided that the above copyright notice and this list of
|
31
|
-
# conditions appear in all copies.
|
32
|
+
# conditions appear in all copies.
|
32
33
|
# -------------------------------------------------------------
|
33
34
|
#
|
34
35
|
# The author also looked Mozilla-Firefox-1.0.7 source code,
|
@@ -37,7 +38,7 @@
|
|
37
38
|
# "http://x2a.org/websvn/filedetails.php?
|
38
39
|
# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
|
39
40
|
# The latter has a minor bug in its separate_keys function.
|
40
|
-
# The third key has to begin from the 14th character of the
|
41
|
+
# The third key has to begin from the 14th character of the
|
41
42
|
# input string instead of 13th:)
|
42
43
|
#--
|
43
44
|
# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
|
@@ -54,26 +55,26 @@ class Base
|
|
54
55
|
|
55
56
|
CONST = Rex::Proto::NTLM::Constants
|
56
57
|
|
57
|
-
|
58
|
-
|
59
|
-
|
58
|
+
# base classes for primitives
|
59
|
+
class Field
|
60
|
+
attr_accessor :active, :value
|
60
61
|
|
61
62
|
def initialize(opts)
|
62
63
|
@value = opts[:value]
|
63
64
|
@active = opts[:active].nil? ? true : opts[:active]
|
64
65
|
end
|
65
|
-
|
66
|
+
|
66
67
|
def size
|
67
68
|
@active ? @size : 0
|
68
69
|
end
|
69
70
|
end
|
70
|
-
|
71
|
+
|
71
72
|
class String < Field
|
72
73
|
def initialize(opts)
|
73
74
|
super(opts)
|
74
75
|
@size = opts[:size]
|
75
76
|
end
|
76
|
-
|
77
|
+
|
77
78
|
def parse(str, offset=0)
|
78
79
|
if @active and str.size >= offset + @size
|
79
80
|
@value = str[offset, @size]
|
@@ -82,7 +83,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
82
83
|
0
|
83
84
|
end
|
84
85
|
end
|
85
|
-
|
86
|
+
|
86
87
|
def serialize
|
87
88
|
if @active
|
88
89
|
@value
|
@@ -90,7 +91,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
90
91
|
""
|
91
92
|
end
|
92
93
|
end
|
93
|
-
|
94
|
+
|
94
95
|
def value=(val)
|
95
96
|
@value = val
|
96
97
|
@size = @value.nil? ? 0 : @value.size
|
@@ -109,10 +110,10 @@ CONST = Rex::Proto::NTLM::Constants
|
|
109
110
|
@value = str[offset, @size].unpack("v")[0]
|
110
111
|
@size
|
111
112
|
else
|
112
|
-
|
113
|
+
0
|
113
114
|
end
|
114
115
|
end
|
115
|
-
|
116
|
+
|
116
117
|
def serialize
|
117
118
|
[@value].pack("v")
|
118
119
|
end
|
@@ -153,7 +154,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
153
154
|
0
|
154
155
|
end
|
155
156
|
end
|
156
|
-
|
157
|
+
|
157
158
|
def serialize
|
158
159
|
[@value & 0x00000000ffffffff, @value >> 32].pack("V2") if @active
|
159
160
|
end
|
@@ -173,11 +174,11 @@ CONST = Rex::Proto::NTLM::Constants
|
|
173
174
|
c.module_eval(&block)
|
174
175
|
c
|
175
176
|
end
|
176
|
-
|
177
|
+
|
177
178
|
def string(name, opts)
|
178
179
|
add_field(name, String, opts)
|
179
180
|
end
|
180
|
-
|
181
|
+
|
181
182
|
def int16LE(name, opts)
|
182
183
|
add_field(name, Int16LE, opts)
|
183
184
|
end
|
@@ -189,7 +190,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
189
190
|
def int64LE(name, opts)
|
190
191
|
add_field(name, Int64LE, opts)
|
191
192
|
end
|
192
|
-
|
193
|
+
|
193
194
|
def security_buffer(name, opts)
|
194
195
|
add_field(name, SecurityBuffer, opts)
|
195
196
|
end
|
@@ -197,7 +198,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
197
198
|
def prototypes
|
198
199
|
@proto
|
199
200
|
end
|
200
|
-
|
201
|
+
|
201
202
|
def names
|
202
203
|
@proto.map{|n, t, o| n}
|
203
204
|
end
|
@@ -205,39 +206,39 @@ CONST = Rex::Proto::NTLM::Constants
|
|
205
206
|
def types
|
206
207
|
@proto.map{|n, t, o| t}
|
207
208
|
end
|
208
|
-
|
209
|
+
|
209
210
|
def opts
|
210
211
|
@proto.map{|n, t, o| o}
|
211
212
|
end
|
212
|
-
|
213
|
+
|
213
214
|
private
|
214
|
-
|
215
|
+
|
215
216
|
def add_field(name, type, opts)
|
216
217
|
(@proto ||= []).push [name, type, opts]
|
217
218
|
define_accessor name
|
218
219
|
end
|
219
|
-
|
220
|
+
|
220
221
|
def define_accessor(name)
|
221
222
|
module_eval(<<-End, __FILE__, __LINE__ + 1)
|
222
223
|
def #{name}
|
223
224
|
self['#{name}'].value
|
224
225
|
end
|
225
|
-
|
226
|
+
|
226
227
|
def #{name}=(val)
|
227
228
|
self['#{name}'].value = val
|
228
229
|
end
|
229
230
|
End
|
230
|
-
end
|
231
|
+
end
|
231
232
|
end #self
|
232
|
-
|
233
|
+
|
233
234
|
def initialize
|
234
235
|
@alist = self.class.prototypes.map{ |n, t, o| [n, t.new(o)] }
|
235
236
|
end
|
236
|
-
|
237
|
+
|
237
238
|
def serialize
|
238
239
|
@alist.map{|n, f| f.serialize }.join
|
239
240
|
end
|
240
|
-
|
241
|
+
|
241
242
|
def parse(str, offset=0)
|
242
243
|
@alist.inject(offset){|cur, a| cur += a[1].parse(str, cur)}
|
243
244
|
end
|
@@ -251,17 +252,17 @@ CONST = Rex::Proto::NTLM::Constants
|
|
251
252
|
raise ArgumentError, "no such field: #{name}" unless a
|
252
253
|
a[1]
|
253
254
|
end
|
254
|
-
|
255
|
+
|
255
256
|
def []=(name, val)
|
256
257
|
a = @alist.assoc(name.to_s.intern)
|
257
258
|
raise ArgumentError, "no such field: #{name}" unless a
|
258
259
|
a[1] = val
|
259
260
|
end
|
260
|
-
|
261
|
+
|
261
262
|
def enable(name)
|
262
263
|
self[name].active = true
|
263
264
|
end
|
264
|
-
|
265
|
+
|
265
266
|
def disable(name)
|
266
267
|
self[name].active = false
|
267
268
|
end
|
@@ -292,7 +293,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
292
293
|
@active = opts[:active].nil? ? true : opts[:active]
|
293
294
|
@size = 8
|
294
295
|
end
|
295
|
-
|
296
|
+
|
296
297
|
def parse(str, offset=0)
|
297
298
|
if @active and str.size >= offset + @size
|
298
299
|
super(str, offset)
|
@@ -302,20 +303,20 @@ CONST = Rex::Proto::NTLM::Constants
|
|
302
303
|
0
|
303
304
|
end
|
304
305
|
end
|
305
|
-
|
306
|
+
|
306
307
|
def serialize
|
307
308
|
super if @active
|
308
309
|
end
|
309
|
-
|
310
|
+
|
310
311
|
def value
|
311
312
|
@value
|
312
313
|
end
|
313
|
-
|
314
|
+
|
314
315
|
def value=(val)
|
315
316
|
@value = val
|
316
317
|
self.length = self.allocated = val.size
|
317
318
|
end
|
318
|
-
|
319
|
+
|
319
320
|
def data_size
|
320
321
|
@active ? @value.size : 0
|
321
322
|
end
|
data/lib/rex/proto/ntlm/crypt.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
#
|
2
3
|
# An NTLM Authentication Library for Ruby
|
3
4
|
#
|
@@ -6,7 +7,7 @@
|
|
6
7
|
# http://jp.rubyist.net/magazine/?0013-CodeReview
|
7
8
|
# -------------------------------------------------------------
|
8
9
|
# Copyright (c) 2005,2006 yrock
|
9
|
-
#
|
10
|
+
#
|
10
11
|
# This program is free software.
|
11
12
|
# You can distribute/modify this program under the terms of the
|
12
13
|
# Ruby License.
|
@@ -21,8 +22,8 @@
|
|
21
22
|
# -------------------------------------------------------------
|
22
23
|
#
|
23
24
|
# All protocol information used to write this code stems from
|
24
|
-
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
25
|
-
# would thank to him for this tremendous work and making it
|
25
|
+
# "The NTLM Authentication Protocol" by Eric Glass. The author
|
26
|
+
# would thank to him for this tremendous work and making it
|
26
27
|
# available on the net.
|
27
28
|
# http://davenport.sourceforge.net/ntlm.html
|
28
29
|
# -------------------------------------------------------------
|
@@ -31,7 +32,7 @@
|
|
31
32
|
# Permission to use, copy, modify, and distribute this document
|
32
33
|
# for any purpose and without any fee is hereby granted,
|
33
34
|
# provided that the above copyright notice and this list of
|
34
|
-
# conditions appear in all copies.
|
35
|
+
# conditions appear in all copies.
|
35
36
|
# -------------------------------------------------------------
|
36
37
|
#
|
37
38
|
# The author also looked Mozilla-Firefox-1.0.7 source code,
|
@@ -40,7 +41,7 @@
|
|
40
41
|
# "http://x2a.org/websvn/filedetails.php?
|
41
42
|
# repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
|
42
43
|
# The latter has a minor bug in its separate_keys function.
|
43
|
-
# The third key has to begin from the 14th character of the
|
44
|
+
# The third key has to begin from the 14th character of the
|
44
45
|
# input string instead of 13th:)
|
45
46
|
#--
|
46
47
|
# $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
|
@@ -59,7 +60,7 @@ CONST = Rex::Proto::NTLM::Constants
|
|
59
60
|
BASE = Rex::Proto::NTLM::Base
|
60
61
|
|
61
62
|
@@loaded_openssl = false
|
62
|
-
|
63
|
+
|
63
64
|
begin
|
64
65
|
require 'openssl'
|
65
66
|
require 'openssl/digest'
|
@@ -70,7 +71,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
70
71
|
def self.gen_keys(str)
|
71
72
|
str.scan(/.{7}/).map{ |key| des_56_to_64(key) }
|
72
73
|
end
|
73
|
-
|
74
|
+
|
74
75
|
def self.des_56_to_64(ckey56s)
|
75
76
|
ckey64 = []
|
76
77
|
ckey56 = ckey56s.unpack('C*')
|
@@ -84,7 +85,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
84
85
|
ckey64[7] = (ckey56[6] << 1) & 0xFF
|
85
86
|
ckey64.pack('C*')
|
86
87
|
end
|
87
|
-
|
88
|
+
|
88
89
|
def self.apply_des(plain, keys)
|
89
90
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
90
91
|
dec = OpenSSL::Cipher::DES.new
|
@@ -93,13 +94,13 @@ BASE = Rex::Proto::NTLM::Base
|
|
93
94
|
dec.encrypt.update(plain)
|
94
95
|
end
|
95
96
|
end
|
96
|
-
|
97
|
+
|
97
98
|
def self.lm_hash(password, half = false)
|
98
99
|
size = half ? 7 : 14
|
99
100
|
keys = gen_keys(password.upcase.ljust(size, "\0"))
|
100
101
|
apply_des(CONST::LM_MAGIC, keys).join
|
101
|
-
end
|
102
|
-
|
102
|
+
end
|
103
|
+
|
103
104
|
def self.ntlm_hash(password, opt = {})
|
104
105
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
105
106
|
pwd = password.dup
|
@@ -108,16 +109,16 @@ BASE = Rex::Proto::NTLM::Base
|
|
108
109
|
end
|
109
110
|
OpenSSL::Digest::MD4.digest(pwd)
|
110
111
|
end
|
111
|
-
|
112
|
+
|
112
113
|
# This hash is used for lmv2/ntlmv2 response calculation
|
113
114
|
def self.ntlmv2_hash(user, password, domain, opt={})
|
114
115
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
115
|
-
|
116
|
+
|
116
117
|
if opt[:pass_is_hash]
|
117
118
|
ntlmhash = password
|
118
119
|
else
|
119
120
|
ntlmhash = ntlm_hash(password, opt)
|
120
|
-
end
|
121
|
+
end
|
121
122
|
# With Win 7 and maybe other OSs we sometimes get the domain not uppercased
|
122
123
|
userdomain = user.upcase + domain
|
123
124
|
unless opt[:unicode]
|
@@ -141,13 +142,13 @@ BASE = Rex::Proto::NTLM::Base
|
|
141
142
|
end
|
142
143
|
|
143
144
|
# Synonym of lm_response for old compatibility with lib/rex/proto/smb/crypt
|
144
|
-
def self.lanman_des(password, challenge)
|
145
|
+
def self.lanman_des(password, challenge)
|
145
146
|
lm_response({
|
146
147
|
:lm_hash => self.lm_hash(password),
|
147
148
|
:challenge => challenge
|
148
149
|
})
|
149
150
|
end
|
150
|
-
|
151
|
+
|
151
152
|
def self.ntlm_response(arg)
|
152
153
|
hash = arg[:ntlm_hash]
|
153
154
|
chal = arg[:challenge]
|
@@ -159,14 +160,14 @@ BASE = Rex::Proto::NTLM::Base
|
|
159
160
|
#synonym of ntlm_response for old compatibility with lib/rex/proto/smb/crypt
|
160
161
|
def self.ntlm_md4(password, challenge)
|
161
162
|
ntlm_response({
|
162
|
-
:ntlm_hash => self.ntlm_hash(password),
|
163
|
+
:ntlm_hash => self.ntlm_hash(password),
|
163
164
|
:challenge => challenge
|
164
165
|
})
|
165
166
|
end
|
166
167
|
|
167
168
|
def self.ntlmv2_response(arg, opt = {})
|
168
169
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
169
|
-
|
170
|
+
|
170
171
|
key, chal = arg[:ntlmv2_hash], arg[:challenge]
|
171
172
|
if not (key and chal)
|
172
173
|
raise ArgumentError , 'ntlmv2_hash and challenge are mandatory'
|
@@ -174,10 +175,10 @@ BASE = Rex::Proto::NTLM::Base
|
|
174
175
|
|
175
176
|
chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
|
176
177
|
bb = nil
|
177
|
-
|
178
|
+
|
178
179
|
if opt[:nt_client_challenge]
|
179
180
|
if opt[:nt_client_challenge].to_s.length <= 8
|
180
|
-
raise ArgumentError,"nt_client_challenge is not in a correct format "
|
181
|
+
raise ArgumentError,"nt_client_challenge is not in a correct format "
|
181
182
|
end
|
182
183
|
bb = opt[:nt_client_challenge]
|
183
184
|
else
|
@@ -199,25 +200,25 @@ BASE = Rex::Proto::NTLM::Base
|
|
199
200
|
blob.timestamp = ts
|
200
201
|
blob.challenge = cc
|
201
202
|
blob.target_info = ti
|
202
|
-
|
203
|
+
|
203
204
|
bb = blob.serialize
|
204
205
|
end
|
205
206
|
|
206
207
|
OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + bb) + bb
|
207
208
|
end
|
208
|
-
|
209
|
+
|
209
210
|
def self.lmv2_response(arg, opt = {})
|
210
211
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
211
212
|
key = arg[:ntlmv2_hash]
|
212
213
|
chal = arg[:challenge]
|
213
|
-
|
214
|
+
|
214
215
|
chal = BASE::pack_int64le(chal) if chal.is_a?(::Integer)
|
215
216
|
cc = opt[:client_challenge] || rand(CONST::MAX64)
|
216
217
|
cc = BASE::pack_int64le(cc) if cc.is_a?(::Integer)
|
217
218
|
|
218
219
|
OpenSSL::HMAC.digest(OpenSSL::Digest::MD5.new, key, chal + cc) + cc
|
219
220
|
end
|
220
|
-
|
221
|
+
|
221
222
|
def self.ntlm2_session(arg, opt = {})
|
222
223
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
223
224
|
passwd_hash,chal = arg[:ntlm_hash],arg[:challenge]
|
@@ -234,43 +235,43 @@ BASE = Rex::Proto::NTLM::Base
|
|
234
235
|
[cc.ljust(24, "\0"), response]
|
235
236
|
end
|
236
237
|
|
237
|
-
#this function will check if the net lm response provided correspond to en empty password
|
238
|
+
#this function will check if the net lm response provided correspond to en empty password
|
238
239
|
def self.is_hash_from_empty_pwd?(arg)
|
239
240
|
hash_type = arg[:type]
|
240
|
-
raise ArgumentError,"arg[:type] is mandatory" if not hash_type
|
241
|
+
raise ArgumentError,"arg[:type] is mandatory" if not hash_type
|
241
242
|
raise ArgumentError,"arg[:type] must be lm or ntlm" if not hash_type =~ /^((lm)|(ntlm))$/
|
242
243
|
|
243
244
|
ntlm_ver = arg[:ntlm_ver]
|
244
245
|
raise ArgumentError,"arg[:ntlm_ver] is mandatory" if not ntlm_ver
|
245
|
-
|
246
|
+
|
246
247
|
hash = arg[:hash]
|
247
248
|
raise ArgumentError,"arg[:hash] is mandatory" if not hash
|
248
249
|
|
249
|
-
srv_chall = arg[:srv_challenge]
|
250
|
-
raise ArgumentError,"arg[:srv_challenge] is mandatory" if not srv_chall
|
250
|
+
srv_chall = arg[:srv_challenge]
|
251
|
+
raise ArgumentError,"arg[:srv_challenge] is mandatory" if not srv_chall
|
251
252
|
raise ArgumentError,"Server challenge length must be exactly 8 bytes" if srv_chall.length != 8
|
252
253
|
|
253
254
|
#calculate responses for empty pwd
|
254
255
|
case ntlm_ver
|
255
|
-
when CONST::NTLM_V1_RESPONSE
|
256
|
+
when CONST::NTLM_V1_RESPONSE
|
256
257
|
if hash.length != 24
|
257
258
|
raise ArgumentError,"hash length must be exactly 24 bytes "
|
258
259
|
end
|
259
260
|
case hash_type
|
260
|
-
when 'lm'
|
261
|
+
when 'lm'
|
261
262
|
arglm = { :lm_hash => self.lm_hash(''),
|
262
263
|
:challenge => srv_chall}
|
263
264
|
calculatedhash = self.lm_response(arglm)
|
264
265
|
when 'ntlm'
|
265
|
-
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
266
|
+
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
266
267
|
:challenge => srv_chall }
|
267
268
|
calculatedhash = self.ntlm_response(argntlm)
|
268
269
|
end
|
269
270
|
when CONST::NTLM_V2_RESPONSE
|
270
271
|
raise ArgumentError,"hash length must be exactly 16 bytes " if hash.length != 16
|
271
|
-
cli_chall = arg[:cli_challenge]
|
272
|
+
cli_chall = arg[:cli_challenge]
|
272
273
|
raise ArgumentError,"arg[:cli_challenge] is mandatory in this case" if not cli_chall
|
273
|
-
user = arg[:user]
|
274
|
+
user = arg[:user]
|
274
275
|
raise ArgumentError,"arg[:user] is mandatory in this case" if not user
|
275
276
|
domain = arg[:domain]
|
276
277
|
raise ArgumentError,"arg[:domain] is mandatory in this case" if not domain
|
@@ -291,14 +292,14 @@ BASE = Rex::Proto::NTLM::Base
|
|
291
292
|
end
|
292
293
|
when CONST::NTLM_2_SESSION_RESPONSE
|
293
294
|
raise ArgumentError,"hash length must be exactly 16 bytes " if hash.length != 24
|
294
|
-
cli_chall = arg[:cli_challenge]
|
295
|
+
cli_chall = arg[:cli_challenge]
|
295
296
|
raise ArgumentError,"arg[:cli_challenge] is mandatory in this case" if not cli_chall
|
296
297
|
raise ArgumentError,"Client challenge length must be exactly 8 bytes " if cli_chall.length != 8
|
297
298
|
case hash_type
|
298
299
|
when 'lm'
|
299
300
|
raise ArgumentError, "ntlm2_session is incompatible with lm"
|
300
301
|
when 'ntlm'
|
301
|
-
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
302
|
+
argntlm = { :ntlm_hash => self.ntlm_hash(''),
|
302
303
|
:challenge => srv_chall }
|
303
304
|
optntlm = { :client_challenge => cli_chall}
|
304
305
|
end
|
@@ -314,7 +315,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
314
315
|
#
|
315
316
|
# Signing method added for metasploit project
|
316
317
|
#
|
317
|
-
|
318
|
+
|
318
319
|
# Used when only the LMv1 response is provided (i.e., with Win9x clients)
|
319
320
|
def self.lmv1_user_session_key(pass, opt = {})
|
320
321
|
if opt[:pass_is_hash]
|
@@ -324,7 +325,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
324
325
|
end
|
325
326
|
usk.ljust(16,"\x00")
|
326
327
|
end
|
327
|
-
|
328
|
+
|
328
329
|
# This variant is used when the client sends the NTLMv1 response
|
329
330
|
def self.ntlmv1_user_session_key(pass, opt = {})
|
330
331
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
@@ -379,7 +380,7 @@ BASE = Rex::Proto::NTLM::Base
|
|
379
380
|
cipher = OpenSSL::Cipher::Cipher.new('rc4')
|
380
381
|
cipher.encrypt
|
381
382
|
cipher.key = user_session_key
|
382
|
-
cipher.update(session_key)
|
383
|
+
cipher.update(session_key)
|
383
384
|
end
|
384
385
|
|
385
386
|
def self.decrypt_sessionkey(encrypted_session_key, user_session_key)
|
@@ -387,24 +388,24 @@ BASE = Rex::Proto::NTLM::Base
|
|
387
388
|
cipher = OpenSSL::Cipher::Cipher.new('rc4')
|
388
389
|
cipher.decrypt
|
389
390
|
cipher.key = user_session_key
|
390
|
-
cipher.update(encrypted_session_key)
|
391
|
+
cipher.update(encrypted_session_key)
|
391
392
|
end
|
392
393
|
|
393
394
|
def self.make_weak_sessionkey(session_key,key_size,lanman_key = false)
|
394
395
|
case key_size
|
395
396
|
when 40
|
396
397
|
if lanman_key
|
397
|
-
return session_key[0,5] + "\xe5\x38\xb0"
|
398
|
+
return session_key[0,5] + "\xe5\x38\xb0"
|
398
399
|
else
|
399
|
-
return session_key[0,5]
|
400
|
+
return session_key[0,5]
|
400
401
|
end
|
401
402
|
when 56
|
402
403
|
if lanman_key
|
403
404
|
return session_key[0,7] + "\xa0"
|
404
405
|
else
|
405
|
-
return session_key[0,7]
|
406
|
+
return session_key[0,7]
|
406
407
|
end
|
407
|
-
else #128
|
408
|
+
else #128
|
408
409
|
return session_key[0,16]
|
409
410
|
end
|
410
411
|
end
|