librex 0.0.65 → 0.0.66

Sign up to get free protection for your applications and to get access to all the features.
Files changed (482) hide show
  1. data/README.markdown +1 -1
  2. data/lib/rex/arch.rb +1 -0
  3. data/lib/rex/arch/sparc.rb +16 -15
  4. data/lib/rex/arch/sparc.rb.ut.rb +2 -1
  5. data/lib/rex/arch/x86.rb +1 -0
  6. data/lib/rex/arch/x86.rb.ut.rb +2 -1
  7. data/lib/rex/assembly/nasm.rb +1 -0
  8. data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
  9. data/lib/rex/compat.rb +13 -0
  10. data/lib/rex/constants.rb +5 -4
  11. data/lib/rex/elfparsey.rb +3 -2
  12. data/lib/rex/elfparsey/elf.rb +2 -1
  13. data/lib/rex/elfparsey/elfbase.rb +8 -7
  14. data/lib/rex/elfparsey/exceptions.rb +3 -2
  15. data/lib/rex/elfscan.rb +3 -2
  16. data/lib/rex/elfscan/scanner.rb +2 -1
  17. data/lib/rex/elfscan/search.rb +2 -1
  18. data/lib/rex/encoder/alpha2.rb +2 -1
  19. data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
  20. data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
  21. data/lib/rex/encoder/alpha2/generic.rb +37 -60
  22. data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
  23. data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
  24. data/lib/rex/encoder/ndr.rb +1 -0
  25. data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
  26. data/lib/rex/encoder/nonalpha.rb +1 -0
  27. data/lib/rex/encoder/nonupper.rb +1 -0
  28. data/lib/rex/encoder/xdr.rb +9 -8
  29. data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
  30. data/lib/rex/encoder/xor.rb +1 -0
  31. data/lib/rex/encoder/xor/dword.rb +2 -1
  32. data/lib/rex/encoder/xor/dword_additive.rb +2 -1
  33. data/lib/rex/encoders/xor_dword.rb +1 -0
  34. data/lib/rex/encoders/xor_dword_additive.rb +2 -1
  35. data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
  36. data/lib/rex/encoding/xor.rb +2 -1
  37. data/lib/rex/encoding/xor.rb.ts.rb +2 -1
  38. data/lib/rex/encoding/xor/byte.rb +2 -1
  39. data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
  40. data/lib/rex/encoding/xor/dword.rb +2 -1
  41. data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
  42. data/lib/rex/encoding/xor/dword_additive.rb +1 -0
  43. data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
  44. data/lib/rex/encoding/xor/exceptions.rb +1 -0
  45. data/lib/rex/encoding/xor/generic.rb +1 -0
  46. data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
  47. data/lib/rex/encoding/xor/qword.rb +2 -1
  48. data/lib/rex/encoding/xor/word.rb +2 -1
  49. data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
  50. data/lib/rex/exceptions.rb +1 -0
  51. data/lib/rex/exceptions.rb.ut.rb +2 -1
  52. data/lib/rex/exploitation/cmdstager.rb +2 -1
  53. data/lib/rex/exploitation/cmdstager/base.rb +1 -0
  54. data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
  55. data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
  56. data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
  57. data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
  58. data/lib/rex/exploitation/egghunter.rb +12 -11
  59. data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
  60. data/lib/rex/exploitation/encryptjs.rb +1 -0
  61. data/lib/rex/exploitation/heaplib.rb +1 -0
  62. data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
  63. data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
  64. data/lib/rex/exploitation/jsobfu.rb +2 -1
  65. data/lib/rex/exploitation/obfuscatejs.rb +1 -0
  66. data/lib/rex/exploitation/omelet.rb +1 -0
  67. data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
  68. data/lib/rex/exploitation/opcodedb.rb +12 -11
  69. data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
  70. data/lib/rex/exploitation/seh.rb +3 -2
  71. data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
  72. data/lib/rex/file.rb +4 -3
  73. data/lib/rex/file.rb.ut.rb +2 -1
  74. data/lib/rex/image_source.rb +3 -2
  75. data/lib/rex/image_source/disk.rb +3 -2
  76. data/lib/rex/image_source/image_source.rb +3 -2
  77. data/lib/rex/image_source/memory.rb +3 -2
  78. data/lib/rex/io/bidirectional_pipe.rb +1 -0
  79. data/lib/rex/io/datagram_abstraction.rb +2 -1
  80. data/lib/rex/io/ring_buffer.rb +49 -44
  81. data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
  82. data/lib/rex/io/stream.rb +1 -0
  83. data/lib/rex/io/stream_abstraction.rb +1 -0
  84. data/lib/rex/io/stream_server.rb +1 -0
  85. data/lib/rex/job_container.rb +1 -0
  86. data/lib/rex/logging.rb +2 -1
  87. data/lib/rex/logging/log_dispatcher.rb +5 -4
  88. data/lib/rex/logging/log_sink.rb +2 -1
  89. data/lib/rex/logging/sinks/flatfile.rb +4 -3
  90. data/lib/rex/logging/sinks/stderr.rb +2 -1
  91. data/lib/rex/machparsey.rb +2 -1
  92. data/lib/rex/machparsey/exceptions.rb +2 -1
  93. data/lib/rex/machparsey/mach.rb +20 -19
  94. data/lib/rex/machparsey/machbase.rb +27 -26
  95. data/lib/rex/machscan.rb +2 -1
  96. data/lib/rex/machscan/scanner.rb +1 -0
  97. data/lib/rex/mime.rb +2 -1
  98. data/lib/rex/mime/header.rb +1 -0
  99. data/lib/rex/mime/message.rb +4 -1
  100. data/lib/rex/mime/part.rb +2 -1
  101. data/lib/rex/nop/opty2.rb +2 -1
  102. data/lib/rex/nop/opty2.rb.ut.rb +2 -1
  103. data/lib/rex/nop/opty2_tables.rb +1 -0
  104. data/lib/rex/ole.rb +3 -2
  105. data/lib/rex/ole/clsid.rb +3 -2
  106. data/lib/rex/ole/difat.rb +3 -2
  107. data/lib/rex/ole/directory.rb +3 -2
  108. data/lib/rex/ole/direntry.rb +3 -2
  109. data/lib/rex/ole/fat.rb +3 -2
  110. data/lib/rex/ole/header.rb +3 -2
  111. data/lib/rex/ole/minifat.rb +3 -2
  112. data/lib/rex/ole/propset.rb +4 -3
  113. data/lib/rex/ole/samples/create_ole.rb +1 -0
  114. data/lib/rex/ole/samples/dir.rb +1 -0
  115. data/lib/rex/ole/samples/dump_stream.rb +1 -0
  116. data/lib/rex/ole/samples/ole_info.rb +1 -0
  117. data/lib/rex/ole/storage.rb +3 -2
  118. data/lib/rex/ole/stream.rb +3 -2
  119. data/lib/rex/ole/substorage.rb +3 -2
  120. data/lib/rex/ole/util.rb +3 -2
  121. data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
  122. data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
  123. data/lib/rex/parser/appscan_nokogiri.rb +17 -16
  124. data/lib/rex/parser/arguments.rb +2 -1
  125. data/lib/rex/parser/arguments.rb.ut.rb +2 -1
  126. data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
  127. data/lib/rex/parser/ci_nokogiri.rb +4 -3
  128. data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
  129. data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
  130. data/lib/rex/parser/ini.rb +1 -0
  131. data/lib/rex/parser/ini.rb.ut.rb +2 -1
  132. data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
  133. data/lib/rex/parser/ip360_xml.rb +4 -3
  134. data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
  135. data/lib/rex/parser/nessus_xml.rb +3 -2
  136. data/lib/rex/parser/netsparker_xml.rb +10 -9
  137. data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
  138. data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
  139. data/lib/rex/parser/nexpose_xml.rb +1 -0
  140. data/lib/rex/parser/nmap_nokogiri.rb +63 -33
  141. data/lib/rex/parser/nmap_xml.rb +1 -0
  142. data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
  143. data/lib/rex/parser/openvas_nokogiri.rb +172 -0
  144. data/lib/rex/parser/retina_xml.rb +1 -0
  145. data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
  146. data/lib/rex/payloads.rb +2 -1
  147. data/lib/rex/payloads/win32.rb +2 -1
  148. data/lib/rex/payloads/win32/common.rb +2 -1
  149. data/lib/rex/payloads/win32/kernel.rb +2 -1
  150. data/lib/rex/payloads/win32/kernel/common.rb +4 -3
  151. data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
  152. data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
  153. data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
  154. data/lib/rex/peparsey.rb +3 -2
  155. data/lib/rex/peparsey/exceptions.rb +2 -1
  156. data/lib/rex/peparsey/pe.rb +3 -2
  157. data/lib/rex/peparsey/pe_memdump.rb +2 -1
  158. data/lib/rex/peparsey/pebase.rb +2 -1
  159. data/lib/rex/peparsey/section.rb +2 -1
  160. data/lib/rex/pescan.rb +3 -2
  161. data/lib/rex/pescan/analyze.rb +1 -0
  162. data/lib/rex/pescan/scanner.rb +1 -0
  163. data/lib/rex/pescan/search.rb +1 -0
  164. data/lib/rex/platforms.rb +2 -1
  165. data/lib/rex/platforms/windows.rb +2 -1
  166. data/lib/rex/poly.rb +2 -1
  167. data/lib/rex/poly/block.rb +16 -15
  168. data/lib/rex/poly/register.rb +2 -1
  169. data/lib/rex/poly/register/x86.rb +2 -1
  170. data/lib/rex/post.rb +2 -2
  171. data/lib/rex/post/dir.rb +2 -1
  172. data/lib/rex/post/file.rb +1 -0
  173. data/lib/rex/post/file_stat.rb +1 -0
  174. data/lib/rex/post/io.rb +2 -1
  175. data/lib/rex/post/meterpreter.rb +2 -1
  176. data/lib/rex/post/meterpreter/channel.rb +1 -0
  177. data/lib/rex/post/meterpreter/channel_container.rb +2 -1
  178. data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
  179. data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
  180. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
  181. data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
  182. data/lib/rex/post/meterpreter/client.rb +23 -1
  183. data/lib/rex/post/meterpreter/client_core.rb +10 -5
  184. data/lib/rex/post/meterpreter/dependencies.rb +2 -1
  185. data/lib/rex/post/meterpreter/extension.rb +2 -1
  186. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
  187. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
  188. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
  189. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
  190. data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
  191. data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
  192. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
  193. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
  194. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
  195. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
  196. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
  197. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
  198. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
  199. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
  200. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
  201. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
  202. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
  203. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
  204. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
  205. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
  206. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
  207. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
  208. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
  209. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
  210. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
  211. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
  212. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
  213. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
  214. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
  215. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
  216. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
  217. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
  218. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
  219. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
  220. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
  221. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
  222. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
  223. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
  224. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
  225. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
  226. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
  227. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
  228. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
  229. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
  230. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
  231. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
  232. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
  233. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
  234. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
  235. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
  236. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
  237. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
  238. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
  239. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
  240. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
  241. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
  242. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
  243. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
  244. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
  245. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
  246. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
  247. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
  248. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
  249. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
  250. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
  251. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
  252. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
  253. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
  254. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
  255. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
  256. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
  257. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
  258. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
  259. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
  260. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
  261. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
  262. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
  263. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
  264. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
  265. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
  266. data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
  267. data/lib/rex/post/meterpreter/packet.rb +26 -6
  268. data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
  269. data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
  270. data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
  271. data/lib/rex/post/meterpreter/ui/console.rb +1 -0
  272. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
  273. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
  274. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
  275. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
  276. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
  277. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
  278. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
  279. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
  280. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
  281. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
  282. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
  283. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
  284. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
  285. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
  286. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
  287. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
  288. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
  289. data/lib/rex/post/permission.rb +2 -1
  290. data/lib/rex/post/process.rb +2 -1
  291. data/lib/rex/post/thread.rb +2 -1
  292. data/lib/rex/post/ui.rb +2 -1
  293. data/lib/rex/proto.rb +1 -0
  294. data/lib/rex/proto.rb.ts.rb +2 -1
  295. data/lib/rex/proto/dcerpc.rb +2 -1
  296. data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
  297. data/lib/rex/proto/dcerpc/client.rb +1 -0
  298. data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
  299. data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
  300. data/lib/rex/proto/dcerpc/handle.rb +1 -0
  301. data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
  302. data/lib/rex/proto/dcerpc/ndr.rb +2 -1
  303. data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
  304. data/lib/rex/proto/dcerpc/packet.rb +52 -45
  305. data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
  306. data/lib/rex/proto/dcerpc/response.rb +1 -0
  307. data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
  308. data/lib/rex/proto/dcerpc/uuid.rb +13 -12
  309. data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
  310. data/lib/rex/proto/dhcp.rb +2 -1
  311. data/lib/rex/proto/dhcp/constants.rb +2 -1
  312. data/lib/rex/proto/dhcp/server.rb +4 -3
  313. data/lib/rex/proto/drda.rb +1 -0
  314. data/lib/rex/proto/drda.rb.ts.rb +1 -0
  315. data/lib/rex/proto/drda/constants.rb +1 -0
  316. data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
  317. data/lib/rex/proto/drda/packet.rb +11 -10
  318. data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
  319. data/lib/rex/proto/drda/utils.rb +4 -3
  320. data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
  321. data/lib/rex/proto/http.rb +2 -1
  322. data/lib/rex/proto/http.rb.ts.rb +2 -1
  323. data/lib/rex/proto/http/client.rb +29 -5
  324. data/lib/rex/proto/http/client.rb.ut.rb +1 -0
  325. data/lib/rex/proto/http/handler.rb +2 -1
  326. data/lib/rex/proto/http/handler/erb.rb +5 -4
  327. data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
  328. data/lib/rex/proto/http/handler/proc.rb +1 -0
  329. data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
  330. data/lib/rex/proto/http/header.rb +3 -3
  331. data/lib/rex/proto/http/header.rb.ut.rb +2 -1
  332. data/lib/rex/proto/http/packet.rb +1 -0
  333. data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
  334. data/lib/rex/proto/http/request.rb +23 -22
  335. data/lib/rex/proto/http/request.rb.ut.rb +2 -1
  336. data/lib/rex/proto/http/response.rb +6 -5
  337. data/lib/rex/proto/http/response.rb.ut.rb +7 -6
  338. data/lib/rex/proto/http/server.rb +1 -0
  339. data/lib/rex/proto/http/server.rb.ut.rb +6 -5
  340. data/lib/rex/proto/iax2.rb +1 -0
  341. data/lib/rex/proto/iax2/call.rb +48 -47
  342. data/lib/rex/proto/iax2/client.rb +23 -22
  343. data/lib/rex/proto/iax2/codecs.rb +1 -0
  344. data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
  345. data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
  346. data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
  347. data/lib/rex/proto/iax2/constants.rb +1 -0
  348. data/lib/rex/proto/natpmp.rb +11 -0
  349. data/lib/rex/proto/natpmp/constants.rb +19 -0
  350. data/lib/rex/proto/natpmp/packet.rb +45 -0
  351. data/lib/rex/proto/ntlm.rb +1 -0
  352. data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
  353. data/lib/rex/proto/ntlm/base.rb +38 -37
  354. data/lib/rex/proto/ntlm/constants.rb +1 -0
  355. data/lib/rex/proto/ntlm/crypt.rb +45 -44
  356. data/lib/rex/proto/ntlm/exceptions.rb +1 -0
  357. data/lib/rex/proto/ntlm/message.rb +30 -29
  358. data/lib/rex/proto/ntlm/utils.rb +116 -115
  359. data/lib/rex/proto/proxy/socks4a.rb +1 -0
  360. data/lib/rex/proto/rfb.rb +1 -0
  361. data/lib/rex/proto/rfb.rb.ut.rb +1 -0
  362. data/lib/rex/proto/rfb/cipher.rb +1 -0
  363. data/lib/rex/proto/rfb/client.rb +1 -0
  364. data/lib/rex/proto/rfb/constants.rb +1 -0
  365. data/lib/rex/proto/smb.rb +2 -1
  366. data/lib/rex/proto/smb.rb.ts.rb +2 -1
  367. data/lib/rex/proto/smb/client.rb +23 -22
  368. data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
  369. data/lib/rex/proto/smb/constants.rb +1 -0
  370. data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
  371. data/lib/rex/proto/smb/crypt.rb +3 -2
  372. data/lib/rex/proto/smb/evasions.rb +1 -0
  373. data/lib/rex/proto/smb/exceptions.rb +6 -5
  374. data/lib/rex/proto/smb/simpleclient.rb +1 -0
  375. data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
  376. data/lib/rex/proto/smb/utils.rb +1 -0
  377. data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
  378. data/lib/rex/proto/sunrpc.rb +1 -0
  379. data/lib/rex/proto/sunrpc/client.rb +1 -0
  380. data/lib/rex/proto/tftp.rb +3 -1
  381. data/lib/rex/proto/tftp/client.rb +344 -0
  382. data/lib/rex/proto/tftp/constants.rb +2 -1
  383. data/lib/rex/proto/tftp/server.rb +2 -1
  384. data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
  385. data/lib/rex/registry.rb +14 -0
  386. data/lib/rex/registry/hive.rb +132 -0
  387. data/lib/rex/registry/lfkey.rb +51 -0
  388. data/lib/rex/registry/nodekey.rb +54 -0
  389. data/lib/rex/registry/regf.rb +25 -0
  390. data/lib/rex/registry/valuekey.rb +67 -0
  391. data/lib/rex/registry/valuelist.rb +29 -0
  392. data/lib/rex/ropbuilder.rb +2 -1
  393. data/lib/rex/ropbuilder/rop.rb +3 -2
  394. data/lib/rex/script.rb +1 -0
  395. data/lib/rex/script/base.rb +1 -0
  396. data/lib/rex/script/meterpreter.rb +1 -0
  397. data/lib/rex/script/shell.rb +1 -0
  398. data/lib/rex/service.rb +2 -1
  399. data/lib/rex/service_manager.rb +6 -5
  400. data/lib/rex/service_manager.rb.ut.rb +2 -1
  401. data/lib/rex/services/local_relay.rb +1 -0
  402. data/lib/rex/socket.rb +72 -36
  403. data/lib/rex/socket.rb.ut.rb +1 -0
  404. data/lib/rex/socket/comm.rb +1 -0
  405. data/lib/rex/socket/comm/local.rb +60 -13
  406. data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
  407. data/lib/rex/socket/ip.rb +1 -0
  408. data/lib/rex/socket/parameters.rb +15 -14
  409. data/lib/rex/socket/parameters.rb.ut.rb +2 -1
  410. data/lib/rex/socket/range_walker.rb +71 -26
  411. data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
  412. data/lib/rex/socket/ssl_tcp.rb +1 -0
  413. data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
  414. data/lib/rex/socket/ssl_tcp_server.rb +1 -0
  415. data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
  416. data/lib/rex/socket/subnet_walker.rb +1 -0
  417. data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
  418. data/lib/rex/socket/switch_board.rb +1 -0
  419. data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
  420. data/lib/rex/socket/tcp.rb +4 -3
  421. data/lib/rex/socket/tcp.rb.ut.rb +2 -1
  422. data/lib/rex/socket/tcp_server.rb +1 -0
  423. data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
  424. data/lib/rex/socket/udp.rb +2 -1
  425. data/lib/rex/socket/udp.rb.ut.rb +2 -1
  426. data/lib/rex/struct2.rb +2 -1
  427. data/lib/rex/struct2/c_struct.rb +2 -1
  428. data/lib/rex/struct2/c_struct_template.rb +2 -1
  429. data/lib/rex/struct2/constant.rb +2 -1
  430. data/lib/rex/struct2/element.rb +2 -1
  431. data/lib/rex/struct2/generic.rb +1 -0
  432. data/lib/rex/struct2/restraint.rb +2 -1
  433. data/lib/rex/struct2/s_string.rb +1 -0
  434. data/lib/rex/struct2/s_struct.rb +1 -0
  435. data/lib/rex/sync.rb +2 -1
  436. data/lib/rex/sync/event.rb +1 -0
  437. data/lib/rex/sync/read_write_lock.rb +1 -0
  438. data/lib/rex/sync/ref.rb +2 -1
  439. data/lib/rex/sync/thread_safe.rb +2 -1
  440. data/lib/rex/test.rb +2 -1
  441. data/lib/rex/text.rb +136 -19
  442. data/lib/rex/text.rb.ut.rb +1 -0
  443. data/lib/rex/thread_factory.rb +5 -4
  444. data/lib/rex/time.rb +2 -1
  445. data/lib/rex/transformer.rb +1 -0
  446. data/lib/rex/transformer.rb.ut.rb +2 -1
  447. data/lib/rex/ui.rb +2 -1
  448. data/lib/rex/ui/interactive.rb +10 -9
  449. data/lib/rex/ui/output.rb +1 -0
  450. data/lib/rex/ui/output/none.rb +2 -1
  451. data/lib/rex/ui/progress_tracker.rb +2 -1
  452. data/lib/rex/ui/subscriber.rb +9 -8
  453. data/lib/rex/ui/text/color.rb +1 -0
  454. data/lib/rex/ui/text/color.rb.ut.rb +1 -0
  455. data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
  456. data/lib/rex/ui/text/input.rb +1 -0
  457. data/lib/rex/ui/text/input/buffer.rb +7 -6
  458. data/lib/rex/ui/text/input/readline.rb +14 -13
  459. data/lib/rex/ui/text/input/socket.rb +1 -0
  460. data/lib/rex/ui/text/input/stdio.rb +2 -1
  461. data/lib/rex/ui/text/irb_shell.rb +1 -0
  462. data/lib/rex/ui/text/output.rb +1 -0
  463. data/lib/rex/ui/text/output/buffer.rb +1 -0
  464. data/lib/rex/ui/text/output/file.rb +1 -0
  465. data/lib/rex/ui/text/output/socket.rb +1 -0
  466. data/lib/rex/ui/text/output/stdio.rb +1 -0
  467. data/lib/rex/ui/text/output/tee.rb +1 -0
  468. data/lib/rex/ui/text/progress_tracker.rb +2 -1
  469. data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
  470. data/lib/rex/ui/text/shell.rb +1 -0
  471. data/lib/rex/ui/text/table.rb +20 -14
  472. data/lib/rex/ui/text/table.rb.ut.rb +3 -2
  473. data/lib/rex/zip.rb +1 -0
  474. data/lib/rex/zip/archive.rb +2 -1
  475. data/lib/rex/zip/blocks.rb +3 -2
  476. data/lib/rex/zip/entry.rb +6 -7
  477. data/lib/rex/zip/jar.rb +4 -3
  478. data/lib/rex/zip/samples/comment.rb +1 -0
  479. data/lib/rex/zip/samples/mkwar.rb +1 -0
  480. data/lib/rex/zip/samples/mkzip.rb +1 -0
  481. data/lib/rex/zip/samples/recursive.rb +1 -0
  482. metadata +433 -435
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module NTLM
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  #
2
3
  # An NTLM Authentication Library for Ruby
3
4
  #
@@ -6,7 +7,7 @@
6
7
  # http://jp.rubyist.net/magazine/?0013-CodeReview
7
8
  # -------------------------------------------------------------
8
9
  # Copyright (c) 2005,2006 yrock
9
- #
10
+ #
10
11
  # This program is free software.
11
12
  # You can distribute/modify this program under the terms of the
12
13
  # Ruby License.
@@ -18,8 +19,8 @@
18
19
  # -------------------------------------------------------------
19
20
  #
20
21
  # All protocol information used to write this code stems from
21
- # "The NTLM Authentication Protocol" by Eric Glass. The author
22
- # would thank to him for this tremendous work and making it
22
+ # "The NTLM Authentication Protocol" by Eric Glass. The author
23
+ # would thank to him for this tremendous work and making it
23
24
  # available on the net.
24
25
  # http://davenport.sourceforge.net/ntlm.html
25
26
  # -------------------------------------------------------------
@@ -28,7 +29,7 @@
28
29
  # Permission to use, copy, modify, and distribute this document
29
30
  # for any purpose and without any fee is hereby granted,
30
31
  # provided that the above copyright notice and this list of
31
- # conditions appear in all copies.
32
+ # conditions appear in all copies.
32
33
  # -------------------------------------------------------------
33
34
  #
34
35
  # The author also looked Mozilla-Firefox-1.0.7 source code,
@@ -37,7 +38,7 @@
37
38
  # "http://x2a.org/websvn/filedetails.php?
38
39
  # repname=libntlm-ruby&path=%2Ftrunk%2Fntlm.rb&sc=1"
39
40
  # The latter has a minor bug in its separate_keys function.
40
- # The third key has to begin from the 14th character of the
41
+ # The third key has to begin from the 14th character of the
41
42
  # input string instead of 13th:)
42
43
  #--
43
44
  # $Id: ntlm.rb 11678 2011-01-30 19:26:35Z hdm $
@@ -212,13 +213,13 @@ CRYPT = Rex::Proto::NTLM::Crypt
212
213
  if usr.nil? or pwd.nil?
213
214
  raise ArgumentError, "user and password have to be supplied"
214
215
  end
215
-
216
+
216
217
  if opt[:workstation]
217
218
  ws = opt[:workstation]
218
219
  else
219
220
  ws = ""
220
221
  end
221
-
222
+
222
223
  if opt[:client_challenge]
223
224
  cc = opt[:client_challenge]
224
225
  else
@@ -245,9 +246,9 @@ CRYPT = Rex::Proto::NTLM::Crypt
245
246
  ti = self.target_info
246
247
 
247
248
  chal = self[:challenge].serialize
248
-
249
+
249
250
  if opt[:ntlmv2]
250
- ar = { :ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
251
+ ar = { :ntlmv2_hash => CRYPT::ntlmv2_hash(usr, pwd, tgt, opt),
251
252
  :challenge => chal, :target_info => ti}
252
253
  lm_res = CRYPT::lmv2_response(ar, opt)
253
254
  ntlm_res = CRYPT::ntlmv2_response(ar, opt)
@@ -258,7 +259,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
258
259
  lm_res = CRYPT::lm_response(pwd, chal)
259
260
  ntlm_res = CRYPT::ntlm_response(pwd, chal)
260
261
  end
261
-
262
+
262
263
  Type3.create({
263
264
  :lm_response => lm_res,
264
265
  :ntlm_response => ntlm_res,
@@ -270,7 +271,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
270
271
  end
271
272
  end
272
273
 
273
-
274
+
274
275
  Type3 = Message.define{
275
276
  string :sign, {:size => 8, :value => CONST::SSP_SIGN}
276
277
  int32LE :type, {:value => 3}
@@ -298,7 +299,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
298
299
  t.domain = arg[:domain]
299
300
  t.user = arg[:user]
300
301
  t.workstation = arg[:workstation]
301
-
302
+
302
303
  if arg[:session_key]
303
304
  t.enable(:session_key)
304
305
  t.session_key = arg[session_key]
@@ -387,7 +388,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
387
388
  host_len = decode[44,2].unpack("v").first
388
389
  host_offset = decode[48,2].unpack("v").first
389
390
  host = decode[host_offset, host_len]
390
-
391
+
391
392
  return domain, user, host, lm, nt
392
393
  else
393
394
  return "", "", "", "", ""
@@ -395,11 +396,11 @@ CRYPT = Rex::Proto::NTLM::Crypt
395
396
  end
396
397
 
397
398
 
398
-
399
- #
399
+
400
+ #
400
401
  # Process Type 1 NTLM Messages, return a Base64 Type 2 Message
401
402
  #
402
- def self.process_type1_message(message, nonce = "\x11\x22\x33\x44\x55\x66\x77\x88", win_domain = 'DOMAIN',
403
+ def self.process_type1_message(message, nonce = "\x11\x22\x33\x44\x55\x66\x77\x88", win_domain = 'DOMAIN',
403
404
  win_name = 'SERVER', dns_name = 'server', dns_domain = 'example.com', downgrade = true)
404
405
 
405
406
  dns_name = Rex::Text.to_unicode(dns_name + "." + dns_domain)
@@ -425,14 +426,14 @@ CRYPT = Rex::Proto::NTLM::Crypt
425
426
  end
426
427
  if (reqflags & CONST::NEGOTIATE_ALWAYS_SIGN) == CONST::NEGOTIATE_ALWAYS_SIGN
427
428
  reqflags = reqflags - CONST::NEGOTIATE_ALWAYS_SIGN
428
- end
429
+ end
429
430
  end
430
431
 
431
- flags = reqflags + CONST::TARGET_TYPE_DOMAIN + CONST::TARGET_TYPE_SERVER
432
+ flags = reqflags + CONST::TARGET_TYPE_DOMAIN + CONST::TARGET_TYPE_SERVER
432
433
  tid = true
433
434
 
434
435
  tidoffset = 48 + win_domain.length
435
- tidbuff =
436
+ tidbuff =
436
437
  [2].pack('v') + # tid type, win domain
437
438
  [win_domain.length].pack('v') +
438
439
  win_domain +
@@ -460,9 +461,9 @@ CRYPT = Rex::Proto::NTLM::Crypt
460
461
  end
461
462
 
462
463
  type2msg +="\x30\x00\x00\x00" + # Offset, 4 bytes
463
- [flags].pack('V') + # flags, 4 bytes
464
- nonce + # the nonce, 8 bytes
465
- "\x00" * 8 # Context (all 0s), 8 bytes
464
+ [flags].pack('V') + # flags, 4 bytes
465
+ nonce + # the nonce, 8 bytes
466
+ "\x00" * 8 # Context (all 0s), 8 bytes
466
467
 
467
468
  if (tid)
468
469
  type2msg += # Target information security buffer. Filled if REQUEST_TARGET
@@ -485,7 +486,7 @@ CRYPT = Rex::Proto::NTLM::Crypt
485
486
 
486
487
  return type2msg
487
488
  end
488
-
489
+
489
490
  #
490
491
  # Downgrading Type messages to LMv1/NTLMv1 and removing signing
491
492
  #
@@ -506,8 +507,8 @@ CRYPT = Rex::Proto::NTLM::Crypt
506
507
  end
507
508
  if (reqflags & CONST::NEGOTIATE_ALWAYS_SIGN) == CONST::NEGOTIATE_ALWAYS_SIGN
508
509
  reqflags = reqflags - CONST::NEGOTIATE_ALWAYS_SIGN
509
- end
510
-
510
+ end
511
+
511
512
  # Return the flags back to the decode so we can base64 it again
512
513
  flags = reqflags.to_s(16)
513
514
  0.upto(8) do |idx|
@@ -525,12 +526,12 @@ CRYPT = Rex::Proto::NTLM::Crypt
525
526
  end
526
527
  idx += 2
527
528
  end
528
-
529
+
529
530
  end
530
- return Rex::Text.encode_base64(decode).delete("\n") # base64 encode and remove the returns
531
+ return Rex::Text.encode_base64(decode).delete("\n") # base64 encode and remove the returns
531
532
  end
532
-
533
- end
533
+
534
+ end
534
535
  end
535
536
  end
536
537
  end
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/proto/ntlm/constants'
2
3
  require 'rex/proto/ntlm/crypt'
3
4
  require 'rex/proto/ntlm/exceptions'
@@ -57,29 +58,29 @@ class Utils
57
58
  # mechTypes: 2 items :
58
59
  # -MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
59
60
  # -MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
60
- #
61
+ #
61
62
  # this is the default on Win7
62
63
  def self.make_simple_negotiate_secblob_resp
63
- blob =
64
- "\x60" + self.asn1encode(
64
+ blob =
65
+ "\x60" + self.asn1encode(
65
66
  "\x06" + self.asn1encode(
66
67
  "\x2b\x06\x01\x05\x05\x02"
67
- ) +
68
+ ) +
68
69
  "\xa0" + self.asn1encode(
69
70
  "\x30" + self.asn1encode(
70
71
  "\xa0" + self.asn1encode(
71
- "\x30" + self.asn1encode(
72
+ "\x30" + self.asn1encode(
72
73
  "\x06" + self.asn1encode(
73
74
  "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
74
- )
75
+ )
75
76
  )
76
- )
77
+ )
77
78
  )
78
79
  )
79
80
  )
80
81
 
81
- return blob
82
- end
82
+ return blob
83
+ end
83
84
 
84
85
  # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
85
86
  # mechTypes: 4 items :
@@ -87,14 +88,14 @@ class Utils
87
88
  # MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
88
89
  # MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
89
90
  # MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
90
- # mechListMIC:
91
+ # mechListMIC:
91
92
  # principal: account@domain
92
93
  def self.make_negotiate_secblob_resp(account, domain)
93
- blob =
94
- "\x60" + self.asn1encode(
94
+ blob =
95
+ "\x60" + self.asn1encode(
95
96
  "\x06" + self.asn1encode(
96
97
  "\x2b\x06\x01\x05\x05\x02"
97
- ) +
98
+ ) +
98
99
  "\xa0" + self.asn1encode(
99
100
  "\x30" + self.asn1encode(
100
101
  "\xa0" + self.asn1encode(
@@ -107,10 +108,10 @@ class Utils
107
108
  ) +
108
109
  "\x06" + self.asn1encode(
109
110
  "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
110
- ) +
111
+ ) +
111
112
  "\x06" + self.asn1encode(
112
113
  "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
113
- )
114
+ )
114
115
  )
115
116
  ) +
116
117
  "\xa3" + self.asn1encode(
@@ -126,8 +127,8 @@ class Utils
126
127
  )
127
128
  )
128
129
 
129
- return blob
130
- end
130
+ return blob
131
+ end
131
132
 
132
133
  # BLOB without GSS usefull for ntlmssp type 1 message
133
134
  def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
@@ -144,7 +145,7 @@ class Utils
144
145
  name.length, #length
145
146
  name.length, #max length
146
147
  domain.length + 32
147
- ].pack('vvV') +
148
+ ].pack('vvV') +
148
149
 
149
150
  domain + name
150
151
  return blob
@@ -152,11 +153,11 @@ class Utils
152
153
 
153
154
  # GSS BLOB usefull for ntlmssp type 1 message
154
155
  def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
155
- blob =
156
- "\x60" + self.asn1encode(
156
+ blob =
157
+ "\x60" + self.asn1encode(
157
158
  "\x06" + self.asn1encode(
158
159
  "\x2b\x06\x01\x05\x05\x02"
159
- ) +
160
+ ) +
160
161
  "\xa0" + self.asn1encode(
161
162
  "\x30" + self.asn1encode(
162
163
  "\xa0" + self.asn1encode(
@@ -175,11 +176,11 @@ class Utils
175
176
  )
176
177
  )
177
178
 
178
- return blob
179
+ return blob
179
180
  end
180
181
 
181
182
 
182
- # BLOB without GSS usefull for ntlm type 2 message
183
+ # BLOB without GSS usefull for ntlm type 2 message
183
184
  def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
184
185
 
185
186
  addr_list = ''
@@ -189,7 +190,7 @@ class Utils
189
190
  addr_list << [3, dns_name.length].pack('vv') + dns_name
190
191
  addr_list << [0, 0].pack('vv')
191
192
 
192
- ptr = 0
193
+ ptr = 0
193
194
  blob = "NTLMSSP\x00" +
194
195
  [2].pack('V') +
195
196
  [
@@ -198,21 +199,21 @@ class Utils
198
199
  (ptr += 48) # offset
199
200
  ].pack('vvV') +
200
201
  [ flags ].pack('V') +
201
- chall +
202
+ chall +
202
203
  "\x00\x00\x00\x00\x00\x00\x00\x00" +
203
204
  [
204
205
  addr_list.length, # length
205
206
  addr_list.length, # max length
206
- (ptr += win_domain.length)
207
+ (ptr += win_domain.length)
207
208
  ].pack('vvV') +
208
- win_domain +
209
+ win_domain +
209
210
  addr_list
210
211
  return blob
211
212
  end
212
213
 
213
214
  # GSS BLOB usefull for ntlmssp type 2 message
214
215
  def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
215
-
216
+
216
217
  blob =
217
218
  "\xa1" + self.asn1encode(
218
219
  "\x30" + self.asn1encode(
@@ -231,7 +232,7 @@ class Utils
231
232
  make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
232
233
  )
233
234
  )
234
- )
235
+ )
235
236
  )
236
237
 
237
238
  return blob
@@ -240,53 +241,53 @@ class Utils
240
241
  # BLOB without GSS Usefull for ntlmssp type 3 message
241
242
  def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
242
243
  lm ||= "\x00" * 24
243
- ntlm ||= "\x00" * 24
244
-
244
+ ntlm ||= "\x00" * 24
245
+
245
246
  domain_uni = Rex::Text.to_unicode(domain)
246
247
  user_uni = Rex::Text.to_unicode(user)
247
248
  name_uni = Rex::Text.to_unicode(name)
248
249
  session = enc_session_key
249
250
 
250
- ptr = 64
251
+ ptr = 64
251
252
 
252
253
  blob = "NTLMSSP\x00" +
253
254
  [ 3 ].pack('V') +
254
-
255
+
255
256
  [ # Lan Manager Response
256
257
  lm.length,
257
258
  lm.length,
258
259
  (ptr)
259
260
  ].pack('vvV') +
260
-
261
+
261
262
  [ # NTLM Manager Response
262
263
  ntlm.length,
263
264
  ntlm.length,
264
265
  (ptr += lm.length)
265
- ].pack('vvV') +
266
-
266
+ ].pack('vvV') +
267
+
267
268
  [ # Domain Name
268
269
  domain_uni.length,
269
270
  domain_uni.length,
270
271
  (ptr += ntlm.length)
271
- ].pack('vvV') +
272
+ ].pack('vvV') +
272
273
 
273
274
  [ # Username
274
275
  user_uni.length,
275
276
  user_uni.length,
276
277
  (ptr += domain_uni.length)
277
- ].pack('vvV') +
278
+ ].pack('vvV') +
278
279
 
279
280
  [ # Hostname
280
281
  name_uni.length,
281
282
  name_uni.length,
282
283
  (ptr += user_uni.length)
283
- ].pack('vvV') +
284
-
284
+ ].pack('vvV') +
285
+
285
286
  [ # Session Key (none)
286
287
  session.length,
287
288
  session.length,
288
289
  (ptr += name_uni.length)
289
- ].pack('vvV') +
290
+ ].pack('vvV') +
290
291
 
291
292
  [ flags ].pack('V') +
292
293
 
@@ -294,8 +295,8 @@ class Utils
294
295
  ntlm +
295
296
  domain_uni +
296
297
  user_uni +
297
- name_uni +
298
- session + "\x00"
298
+ name_uni +
299
+ session + "\x00"
299
300
  return blob
300
301
 
301
302
  end
@@ -327,7 +328,7 @@ class Utils
327
328
  "\x00"
328
329
  )
329
330
  )
330
- )
331
+ )
331
332
  )
332
333
  return blob
333
334
  end
@@ -342,7 +343,7 @@ class Utils
342
343
  send_ntlm = opt[:send_ntlm] != nil ? opt[:send_ntlm] : true
343
344
  use_lanman_key = opt[:use_lanman_key] != nil ? opt[:use_lanman_key] : false
344
345
 
345
- if signing
346
+ if signing
346
347
  ntlmssp_flags = 0xe2088215
347
348
  else
348
349
 
@@ -352,7 +353,7 @@ class Utils
352
353
  if usentlm2_session
353
354
  if use_ntlmv2
354
355
  #set Negotiate Target Info
355
- ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
356
+ ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
356
357
  end
357
358
 
358
359
  else
@@ -363,7 +364,7 @@ class Utils
363
364
  ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
364
365
  end
365
366
  end
366
-
367
+
367
368
  #we can also downgrade ntlm2_session when we send only lmv1
368
369
  ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
369
370
 
@@ -414,9 +415,9 @@ class Utils
414
415
  #Client time
415
416
  data[:chall_MsvAvTimestamp] = addr
416
417
  when 8
417
- #A Restriction_Encoding structure
418
+ #A Restriction_Encoding structure
418
419
  when 9
419
- #The SPN of the target server.
420
+ #The SPN of the target server.
420
421
  when 10
421
422
  #A channel bindings hash.
422
423
  end
@@ -426,9 +427,9 @@ class Utils
426
427
 
427
428
  # This function return an ntlmv2 client challenge
428
429
  # This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
429
- def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
430
+ def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
430
431
  client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
431
-
432
+
432
433
  client_challenge ||= Rex::Text.rand_text(8)
433
434
  # We have to set the timestamps here to the one in the challenge message from server if present
434
435
  # If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
@@ -448,28 +449,28 @@ class Utils
448
449
 
449
450
  # Windows Seven / 2008r2 Request this type if in local security policies,
450
451
  # Microsoft network server : Server SPN target name validation level is set to <Required from client>
451
- # otherwise it send an STATUS_ACCESS_DENIED packet
452
+ # otherwise it send an STATUS_ACCESS_DENIED packet
452
453
  if spnopt[:use_spn]
453
454
  spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
454
455
  addr_list << [9, spn.length].pack('vv') + spn
455
456
  end
456
-
457
+
457
458
  # MAY BE USEFUL FOR FUTURE
458
- # Seven (client) add at least one more av that is of type MsAvRestrictions (8)
459
- # maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
459
+ # Seven (client) add at least one more av that is of type MsAvRestrictions (8)
460
+ # maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
460
461
  # restriction_encoding = [48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
461
462
  # Rex::Text.rand_text(32) # MachineId generated on startup on win7 and above
462
463
  # addr_list << [8, restriction_encoding.length].pack('vv') + restriction_encoding
463
-
464
+
464
465
  # Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
465
466
  # addr_list << [10, 16].pack('vv') + "\x00" * 16
466
-
467
+
467
468
 
468
469
  addr_list << [0, 0].pack('vv')
469
470
  ntlm_clientchallenge = [1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
470
471
  timestamp + #Timestamp
471
472
  client_challenge + #clientchallenge
472
- [0].pack("V") + #Reserved3
473
+ [0].pack("V") + #Reserved3
473
474
  addr_list + "\x00" * 4
474
475
 
475
476
  end
@@ -492,46 +493,46 @@ class Utils
492
493
  if send_ntlm #should be default
493
494
  if usentlm2_session
494
495
  if use_ntlmv2
495
- ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
496
- dns_host_name,client_challenge ,
496
+ ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
497
+ dns_host_name,client_challenge ,
497
498
  chall_MsvAvTimestamp, spnopt)
498
499
  if self.is_pass_ntlm_hash?(pass)
499
- argntlm = {
500
+ argntlm = {
500
501
  :ntlmv2_hash => CRYPT::ntlmv2_hash(
501
- user,
502
- [ pass.upcase()[33,65] ].pack('H32'),
502
+ user,
503
+ [ pass.upcase()[33,65] ].pack('H32'),
503
504
  domain,{:pass_is_hash => true}
504
505
  ),
505
- :challenge => challenge_key
506
+ :challenge => challenge_key
506
507
  }
507
508
  else
508
509
  argntlm = {
509
510
  :ntlmv2_hash => CRYPT::ntlmv2_hash(user, pass, domain),
510
- :challenge => challenge_key
511
+ :challenge => challenge_key
511
512
  }
512
513
  end
513
514
 
514
515
  optntlm = { :nt_client_challenge => ntlm_cli_challenge}
515
516
  ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
516
- resp_ntlm = ntlmv2_response
517
-
517
+ resp_ntlm = ntlmv2_response
518
+
518
519
  if send_lm
519
520
  if self.is_pass_ntlm_hash?(pass)
520
521
  arglm = {
521
522
  :ntlmv2_hash => CRYPT::ntlmv2_hash(
522
- user,
523
- [ pass.upcase()[33,65] ].pack('H32'),
523
+ user,
524
+ [ pass.upcase()[33,65] ].pack('H32'),
524
525
  domain,{:pass_is_hash => true}
525
526
  ),
526
- :challenge => challenge_key
527
+ :challenge => challenge_key
527
528
  }
528
529
  else
529
530
  arglm = {
530
531
  :ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
531
- :challenge => challenge_key
532
+ :challenge => challenge_key
532
533
  }
533
534
  end
534
-
535
+
535
536
  optlm = { :client_challenge => client_challenge }
536
537
  resp_lm = CRYPT::lmv2_response(arglm, optlm)
537
538
  else
@@ -540,20 +541,20 @@ class Utils
540
541
 
541
542
  else # ntlm2_session
542
543
  if self.is_pass_ntlm_hash?(pass)
543
- argntlm = {
544
- :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
545
- :challenge => challenge_key
544
+ argntlm = {
545
+ :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
546
+ :challenge => challenge_key
546
547
  }
547
548
  else
548
549
  argntlm = {
549
- :ntlm_hash => CRYPT::ntlm_hash(pass),
550
- :challenge => challenge_key
550
+ :ntlm_hash => CRYPT::ntlm_hash(pass),
551
+ :challenge => challenge_key
551
552
  }
552
553
  end
553
-
554
+
554
555
  optntlm = { :client_challenge => client_challenge}
555
556
  resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
556
-
557
+
557
558
  # Generate the fake LANMAN hash
558
559
  resp_lm = client_challenge + ("\x00" * 16)
559
560
  end
@@ -561,27 +562,27 @@ class Utils
561
562
  else # we use lmv1/ntlmv1
562
563
  if self.is_pass_ntlm_hash?(pass)
563
564
  argntlm = {
564
- :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
565
- :challenge => challenge_key
565
+ :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
566
+ :challenge => challenge_key
566
567
  }
567
568
  else
568
569
  argntlm = {
569
- :ntlm_hash => CRYPT::ntlm_hash(pass),
570
- :challenge => challenge_key
570
+ :ntlm_hash => CRYPT::ntlm_hash(pass),
571
+ :challenge => challenge_key
571
572
  }
572
573
  end
573
-
574
+
574
575
  resp_ntlm = CRYPT::ntlm_response(argntlm)
575
576
  if send_lm
576
577
  if self.is_pass_ntlm_hash?(pass)
577
578
  arglm = {
578
579
  :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
579
- :challenge => challenge_key
580
+ :challenge => challenge_key
580
581
  }
581
582
  else
582
583
  arglm = {
583
584
  :lm_hash => CRYPT::lm_hash(pass),
584
- :challenge => challenge_key
585
+ :challenge => challenge_key
585
586
  }
586
587
  end
587
588
  resp_lm = CRYPT::lm_response(arglm)
@@ -591,22 +592,22 @@ class Utils
591
592
  resp_lm = resp_ntlm
592
593
  end
593
594
  end
594
- else #send_ntlm = false
595
+ else #send_ntlm = false
595
596
  #lmv2
596
597
  if usentlm2_session && use_ntlmv2
597
598
  if self.is_pass_ntlm_hash?(pass)
598
599
  arglm = {
599
600
  :ntlmv2_hash => CRYPT::ntlmv2_hash(
600
- user,
601
- [ pass.upcase()[33,65] ].pack('H32'),
601
+ user,
602
+ [ pass.upcase()[33,65] ].pack('H32'),
602
603
  domain,{:pass_is_hash => true}
603
604
  ),
604
- :challenge => challenge_key
605
+ :challenge => challenge_key
605
606
  }
606
607
  else
607
608
  arglm = {
608
609
  :ntlmv2_hash => CRYPT::ntlmv2_hash(user,pass, domain),
609
- :challenge => challenge_key
610
+ :challenge => challenge_key
610
611
  }
611
612
  end
612
613
  optlm = { :client_challenge => client_challenge }
@@ -615,12 +616,12 @@ class Utils
615
616
  if self.is_pass_ntlm_hash?(pass)
616
617
  arglm = {
617
618
  :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
618
- :challenge => challenge_key
619
+ :challenge => challenge_key
619
620
  }
620
621
  else
621
622
  arglm = {
622
623
  :lm_hash => CRYPT::lm_hash(pass),
623
- :challenge => challenge_key
624
+ :challenge => challenge_key
624
625
  }
625
626
  end
626
627
  resp_lm = CRYPT::lm_response(arglm)
@@ -677,39 +678,39 @@ class Utils
677
678
  if usentlm2_session
678
679
  if use_ntlmv2
679
680
  if self.is_pass_ntlm_hash?(pass)
680
- user_session_key = CRYPT::ntlmv2_user_session_key(user,
681
+ user_session_key = CRYPT::ntlmv2_user_session_key(user,
681
682
  [ pass.upcase()[33,65] ].pack('H32'),
682
- domain,
683
- challenge_key, ntlm_cli_challenge,
683
+ domain,
684
+ challenge_key, ntlm_cli_challenge,
684
685
  {:pass_is_hash => true})
685
686
  else
686
- user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
687
+ user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
687
688
  challenge_key, ntlm_cli_challenge)
688
689
  end
689
690
  else
690
691
  if self.is_pass_ntlm_hash?(pass)
691
- user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
692
- challenge_key,
693
- client_challenge,
692
+ user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
693
+ challenge_key,
694
+ client_challenge,
694
695
  {:pass_is_hash => true})
695
696
  else
696
- user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
697
+ user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
697
698
  client_challenge)
698
699
  end
699
700
  end
700
701
  else # lmv1/ntlmv1
701
702
  # lanman_key may also be used without ntlm response but it is not so much used
702
- # so we don't care about this feature
703
+ # so we don't care about this feature
703
704
  if send_lm && use_lanman_key
704
705
  if self.is_pass_ntlm_hash?(pass)
705
- user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
706
- challenge_key,
706
+ user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
707
+ challenge_key,
707
708
  {:pass_is_hash => true})
708
709
  else
709
710
  user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
710
711
  end
711
712
  lanman_weak = true
712
-
713
+
713
714
 
714
715
  else
715
716
  if self.is_pass_ntlm_hash?(pass)
@@ -723,17 +724,17 @@ class Utils
723
724
  else
724
725
  if usentlm2_session && use_ntlmv2
725
726
  if self.is_pass_ntlm_hash?(pass)
726
- user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
727
- domain,
728
- challenge_key, client_challenge,
727
+ user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
728
+ domain,
729
+ challenge_key, client_challenge,
729
730
  {:pass_is_hash => true})
730
731
  else
731
- user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
732
+ user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
732
733
  challenge_key, client_challenge)
733
734
  end
734
735
  else
735
736
  if self.is_pass_ntlm_hash?(pass)
736
- user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
737
+ user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
737
738
  {:pass_is_hash => true})
738
739
  else
739
740
  user_session_key = CRYPT::lmv1_user_session_key(pass)
@@ -741,7 +742,7 @@ class Utils
741
742
  end
742
743
  end
743
744
 
744
- user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
745
+ user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
745
746
 
746
747
  # Sessionkey and encrypted session key
747
748
  if key_exchange
@@ -750,12 +751,12 @@ class Utils
750
751
  else
751
752
  signing_key = user_session_key
752
753
  end
753
-
754
+
754
755
  return signing_key, enc_session_key, ntlmssp_flags
755
-
756
-
756
+
757
+
757
758
  end
758
-
759
+
759
760
 
760
761
 
761
762
  end