librex 0.0.65 → 0.0.66

Sign up to get free protection for your applications and to get access to all the features.
Files changed (482) hide show
  1. data/README.markdown +1 -1
  2. data/lib/rex/arch.rb +1 -0
  3. data/lib/rex/arch/sparc.rb +16 -15
  4. data/lib/rex/arch/sparc.rb.ut.rb +2 -1
  5. data/lib/rex/arch/x86.rb +1 -0
  6. data/lib/rex/arch/x86.rb.ut.rb +2 -1
  7. data/lib/rex/assembly/nasm.rb +1 -0
  8. data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
  9. data/lib/rex/compat.rb +13 -0
  10. data/lib/rex/constants.rb +5 -4
  11. data/lib/rex/elfparsey.rb +3 -2
  12. data/lib/rex/elfparsey/elf.rb +2 -1
  13. data/lib/rex/elfparsey/elfbase.rb +8 -7
  14. data/lib/rex/elfparsey/exceptions.rb +3 -2
  15. data/lib/rex/elfscan.rb +3 -2
  16. data/lib/rex/elfscan/scanner.rb +2 -1
  17. data/lib/rex/elfscan/search.rb +2 -1
  18. data/lib/rex/encoder/alpha2.rb +2 -1
  19. data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
  20. data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
  21. data/lib/rex/encoder/alpha2/generic.rb +37 -60
  22. data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
  23. data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
  24. data/lib/rex/encoder/ndr.rb +1 -0
  25. data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
  26. data/lib/rex/encoder/nonalpha.rb +1 -0
  27. data/lib/rex/encoder/nonupper.rb +1 -0
  28. data/lib/rex/encoder/xdr.rb +9 -8
  29. data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
  30. data/lib/rex/encoder/xor.rb +1 -0
  31. data/lib/rex/encoder/xor/dword.rb +2 -1
  32. data/lib/rex/encoder/xor/dword_additive.rb +2 -1
  33. data/lib/rex/encoders/xor_dword.rb +1 -0
  34. data/lib/rex/encoders/xor_dword_additive.rb +2 -1
  35. data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
  36. data/lib/rex/encoding/xor.rb +2 -1
  37. data/lib/rex/encoding/xor.rb.ts.rb +2 -1
  38. data/lib/rex/encoding/xor/byte.rb +2 -1
  39. data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
  40. data/lib/rex/encoding/xor/dword.rb +2 -1
  41. data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
  42. data/lib/rex/encoding/xor/dword_additive.rb +1 -0
  43. data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
  44. data/lib/rex/encoding/xor/exceptions.rb +1 -0
  45. data/lib/rex/encoding/xor/generic.rb +1 -0
  46. data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
  47. data/lib/rex/encoding/xor/qword.rb +2 -1
  48. data/lib/rex/encoding/xor/word.rb +2 -1
  49. data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
  50. data/lib/rex/exceptions.rb +1 -0
  51. data/lib/rex/exceptions.rb.ut.rb +2 -1
  52. data/lib/rex/exploitation/cmdstager.rb +2 -1
  53. data/lib/rex/exploitation/cmdstager/base.rb +1 -0
  54. data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
  55. data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
  56. data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
  57. data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
  58. data/lib/rex/exploitation/egghunter.rb +12 -11
  59. data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
  60. data/lib/rex/exploitation/encryptjs.rb +1 -0
  61. data/lib/rex/exploitation/heaplib.rb +1 -0
  62. data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
  63. data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
  64. data/lib/rex/exploitation/jsobfu.rb +2 -1
  65. data/lib/rex/exploitation/obfuscatejs.rb +1 -0
  66. data/lib/rex/exploitation/omelet.rb +1 -0
  67. data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
  68. data/lib/rex/exploitation/opcodedb.rb +12 -11
  69. data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
  70. data/lib/rex/exploitation/seh.rb +3 -2
  71. data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
  72. data/lib/rex/file.rb +4 -3
  73. data/lib/rex/file.rb.ut.rb +2 -1
  74. data/lib/rex/image_source.rb +3 -2
  75. data/lib/rex/image_source/disk.rb +3 -2
  76. data/lib/rex/image_source/image_source.rb +3 -2
  77. data/lib/rex/image_source/memory.rb +3 -2
  78. data/lib/rex/io/bidirectional_pipe.rb +1 -0
  79. data/lib/rex/io/datagram_abstraction.rb +2 -1
  80. data/lib/rex/io/ring_buffer.rb +49 -44
  81. data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
  82. data/lib/rex/io/stream.rb +1 -0
  83. data/lib/rex/io/stream_abstraction.rb +1 -0
  84. data/lib/rex/io/stream_server.rb +1 -0
  85. data/lib/rex/job_container.rb +1 -0
  86. data/lib/rex/logging.rb +2 -1
  87. data/lib/rex/logging/log_dispatcher.rb +5 -4
  88. data/lib/rex/logging/log_sink.rb +2 -1
  89. data/lib/rex/logging/sinks/flatfile.rb +4 -3
  90. data/lib/rex/logging/sinks/stderr.rb +2 -1
  91. data/lib/rex/machparsey.rb +2 -1
  92. data/lib/rex/machparsey/exceptions.rb +2 -1
  93. data/lib/rex/machparsey/mach.rb +20 -19
  94. data/lib/rex/machparsey/machbase.rb +27 -26
  95. data/lib/rex/machscan.rb +2 -1
  96. data/lib/rex/machscan/scanner.rb +1 -0
  97. data/lib/rex/mime.rb +2 -1
  98. data/lib/rex/mime/header.rb +1 -0
  99. data/lib/rex/mime/message.rb +4 -1
  100. data/lib/rex/mime/part.rb +2 -1
  101. data/lib/rex/nop/opty2.rb +2 -1
  102. data/lib/rex/nop/opty2.rb.ut.rb +2 -1
  103. data/lib/rex/nop/opty2_tables.rb +1 -0
  104. data/lib/rex/ole.rb +3 -2
  105. data/lib/rex/ole/clsid.rb +3 -2
  106. data/lib/rex/ole/difat.rb +3 -2
  107. data/lib/rex/ole/directory.rb +3 -2
  108. data/lib/rex/ole/direntry.rb +3 -2
  109. data/lib/rex/ole/fat.rb +3 -2
  110. data/lib/rex/ole/header.rb +3 -2
  111. data/lib/rex/ole/minifat.rb +3 -2
  112. data/lib/rex/ole/propset.rb +4 -3
  113. data/lib/rex/ole/samples/create_ole.rb +1 -0
  114. data/lib/rex/ole/samples/dir.rb +1 -0
  115. data/lib/rex/ole/samples/dump_stream.rb +1 -0
  116. data/lib/rex/ole/samples/ole_info.rb +1 -0
  117. data/lib/rex/ole/storage.rb +3 -2
  118. data/lib/rex/ole/stream.rb +3 -2
  119. data/lib/rex/ole/substorage.rb +3 -2
  120. data/lib/rex/ole/util.rb +3 -2
  121. data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
  122. data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
  123. data/lib/rex/parser/appscan_nokogiri.rb +17 -16
  124. data/lib/rex/parser/arguments.rb +2 -1
  125. data/lib/rex/parser/arguments.rb.ut.rb +2 -1
  126. data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
  127. data/lib/rex/parser/ci_nokogiri.rb +4 -3
  128. data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
  129. data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
  130. data/lib/rex/parser/ini.rb +1 -0
  131. data/lib/rex/parser/ini.rb.ut.rb +2 -1
  132. data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
  133. data/lib/rex/parser/ip360_xml.rb +4 -3
  134. data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
  135. data/lib/rex/parser/nessus_xml.rb +3 -2
  136. data/lib/rex/parser/netsparker_xml.rb +10 -9
  137. data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
  138. data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
  139. data/lib/rex/parser/nexpose_xml.rb +1 -0
  140. data/lib/rex/parser/nmap_nokogiri.rb +63 -33
  141. data/lib/rex/parser/nmap_xml.rb +1 -0
  142. data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
  143. data/lib/rex/parser/openvas_nokogiri.rb +172 -0
  144. data/lib/rex/parser/retina_xml.rb +1 -0
  145. data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
  146. data/lib/rex/payloads.rb +2 -1
  147. data/lib/rex/payloads/win32.rb +2 -1
  148. data/lib/rex/payloads/win32/common.rb +2 -1
  149. data/lib/rex/payloads/win32/kernel.rb +2 -1
  150. data/lib/rex/payloads/win32/kernel/common.rb +4 -3
  151. data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
  152. data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
  153. data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
  154. data/lib/rex/peparsey.rb +3 -2
  155. data/lib/rex/peparsey/exceptions.rb +2 -1
  156. data/lib/rex/peparsey/pe.rb +3 -2
  157. data/lib/rex/peparsey/pe_memdump.rb +2 -1
  158. data/lib/rex/peparsey/pebase.rb +2 -1
  159. data/lib/rex/peparsey/section.rb +2 -1
  160. data/lib/rex/pescan.rb +3 -2
  161. data/lib/rex/pescan/analyze.rb +1 -0
  162. data/lib/rex/pescan/scanner.rb +1 -0
  163. data/lib/rex/pescan/search.rb +1 -0
  164. data/lib/rex/platforms.rb +2 -1
  165. data/lib/rex/platforms/windows.rb +2 -1
  166. data/lib/rex/poly.rb +2 -1
  167. data/lib/rex/poly/block.rb +16 -15
  168. data/lib/rex/poly/register.rb +2 -1
  169. data/lib/rex/poly/register/x86.rb +2 -1
  170. data/lib/rex/post.rb +2 -2
  171. data/lib/rex/post/dir.rb +2 -1
  172. data/lib/rex/post/file.rb +1 -0
  173. data/lib/rex/post/file_stat.rb +1 -0
  174. data/lib/rex/post/io.rb +2 -1
  175. data/lib/rex/post/meterpreter.rb +2 -1
  176. data/lib/rex/post/meterpreter/channel.rb +1 -0
  177. data/lib/rex/post/meterpreter/channel_container.rb +2 -1
  178. data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
  179. data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
  180. data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
  181. data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
  182. data/lib/rex/post/meterpreter/client.rb +23 -1
  183. data/lib/rex/post/meterpreter/client_core.rb +10 -5
  184. data/lib/rex/post/meterpreter/dependencies.rb +2 -1
  185. data/lib/rex/post/meterpreter/extension.rb +2 -1
  186. data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
  187. data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
  188. data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
  189. data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
  190. data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
  191. data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
  192. data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
  193. data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
  194. data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
  195. data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
  196. data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
  197. data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
  198. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
  199. data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
  200. data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
  201. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
  202. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
  203. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
  204. data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
  205. data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
  206. data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
  207. data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
  208. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
  209. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
  210. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
  211. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
  212. data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
  213. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
  214. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
  215. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
  216. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
  217. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
  218. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
  219. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
  220. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
  221. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
  222. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
  223. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
  224. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
  225. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
  226. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
  227. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
  228. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
  229. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
  230. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
  231. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
  232. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
  233. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
  234. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
  235. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
  236. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
  237. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
  238. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
  239. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
  240. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
  241. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
  242. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
  243. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
  244. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
  245. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
  246. data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
  247. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
  248. data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
  249. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
  250. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
  251. data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
  252. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
  253. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
  254. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
  255. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
  256. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
  257. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
  258. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
  259. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
  260. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
  261. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
  262. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
  263. data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
  264. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
  265. data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
  266. data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
  267. data/lib/rex/post/meterpreter/packet.rb +26 -6
  268. data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
  269. data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
  270. data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
  271. data/lib/rex/post/meterpreter/ui/console.rb +1 -0
  272. data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
  273. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
  274. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
  275. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
  276. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
  277. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
  278. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
  279. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
  280. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
  281. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
  282. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
  283. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
  284. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
  285. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
  286. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
  287. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
  288. data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
  289. data/lib/rex/post/permission.rb +2 -1
  290. data/lib/rex/post/process.rb +2 -1
  291. data/lib/rex/post/thread.rb +2 -1
  292. data/lib/rex/post/ui.rb +2 -1
  293. data/lib/rex/proto.rb +1 -0
  294. data/lib/rex/proto.rb.ts.rb +2 -1
  295. data/lib/rex/proto/dcerpc.rb +2 -1
  296. data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
  297. data/lib/rex/proto/dcerpc/client.rb +1 -0
  298. data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
  299. data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
  300. data/lib/rex/proto/dcerpc/handle.rb +1 -0
  301. data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
  302. data/lib/rex/proto/dcerpc/ndr.rb +2 -1
  303. data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
  304. data/lib/rex/proto/dcerpc/packet.rb +52 -45
  305. data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
  306. data/lib/rex/proto/dcerpc/response.rb +1 -0
  307. data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
  308. data/lib/rex/proto/dcerpc/uuid.rb +13 -12
  309. data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
  310. data/lib/rex/proto/dhcp.rb +2 -1
  311. data/lib/rex/proto/dhcp/constants.rb +2 -1
  312. data/lib/rex/proto/dhcp/server.rb +4 -3
  313. data/lib/rex/proto/drda.rb +1 -0
  314. data/lib/rex/proto/drda.rb.ts.rb +1 -0
  315. data/lib/rex/proto/drda/constants.rb +1 -0
  316. data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
  317. data/lib/rex/proto/drda/packet.rb +11 -10
  318. data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
  319. data/lib/rex/proto/drda/utils.rb +4 -3
  320. data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
  321. data/lib/rex/proto/http.rb +2 -1
  322. data/lib/rex/proto/http.rb.ts.rb +2 -1
  323. data/lib/rex/proto/http/client.rb +29 -5
  324. data/lib/rex/proto/http/client.rb.ut.rb +1 -0
  325. data/lib/rex/proto/http/handler.rb +2 -1
  326. data/lib/rex/proto/http/handler/erb.rb +5 -4
  327. data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
  328. data/lib/rex/proto/http/handler/proc.rb +1 -0
  329. data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
  330. data/lib/rex/proto/http/header.rb +3 -3
  331. data/lib/rex/proto/http/header.rb.ut.rb +2 -1
  332. data/lib/rex/proto/http/packet.rb +1 -0
  333. data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
  334. data/lib/rex/proto/http/request.rb +23 -22
  335. data/lib/rex/proto/http/request.rb.ut.rb +2 -1
  336. data/lib/rex/proto/http/response.rb +6 -5
  337. data/lib/rex/proto/http/response.rb.ut.rb +7 -6
  338. data/lib/rex/proto/http/server.rb +1 -0
  339. data/lib/rex/proto/http/server.rb.ut.rb +6 -5
  340. data/lib/rex/proto/iax2.rb +1 -0
  341. data/lib/rex/proto/iax2/call.rb +48 -47
  342. data/lib/rex/proto/iax2/client.rb +23 -22
  343. data/lib/rex/proto/iax2/codecs.rb +1 -0
  344. data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
  345. data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
  346. data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
  347. data/lib/rex/proto/iax2/constants.rb +1 -0
  348. data/lib/rex/proto/natpmp.rb +11 -0
  349. data/lib/rex/proto/natpmp/constants.rb +19 -0
  350. data/lib/rex/proto/natpmp/packet.rb +45 -0
  351. data/lib/rex/proto/ntlm.rb +1 -0
  352. data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
  353. data/lib/rex/proto/ntlm/base.rb +38 -37
  354. data/lib/rex/proto/ntlm/constants.rb +1 -0
  355. data/lib/rex/proto/ntlm/crypt.rb +45 -44
  356. data/lib/rex/proto/ntlm/exceptions.rb +1 -0
  357. data/lib/rex/proto/ntlm/message.rb +30 -29
  358. data/lib/rex/proto/ntlm/utils.rb +116 -115
  359. data/lib/rex/proto/proxy/socks4a.rb +1 -0
  360. data/lib/rex/proto/rfb.rb +1 -0
  361. data/lib/rex/proto/rfb.rb.ut.rb +1 -0
  362. data/lib/rex/proto/rfb/cipher.rb +1 -0
  363. data/lib/rex/proto/rfb/client.rb +1 -0
  364. data/lib/rex/proto/rfb/constants.rb +1 -0
  365. data/lib/rex/proto/smb.rb +2 -1
  366. data/lib/rex/proto/smb.rb.ts.rb +2 -1
  367. data/lib/rex/proto/smb/client.rb +23 -22
  368. data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
  369. data/lib/rex/proto/smb/constants.rb +1 -0
  370. data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
  371. data/lib/rex/proto/smb/crypt.rb +3 -2
  372. data/lib/rex/proto/smb/evasions.rb +1 -0
  373. data/lib/rex/proto/smb/exceptions.rb +6 -5
  374. data/lib/rex/proto/smb/simpleclient.rb +1 -0
  375. data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
  376. data/lib/rex/proto/smb/utils.rb +1 -0
  377. data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
  378. data/lib/rex/proto/sunrpc.rb +1 -0
  379. data/lib/rex/proto/sunrpc/client.rb +1 -0
  380. data/lib/rex/proto/tftp.rb +3 -1
  381. data/lib/rex/proto/tftp/client.rb +344 -0
  382. data/lib/rex/proto/tftp/constants.rb +2 -1
  383. data/lib/rex/proto/tftp/server.rb +2 -1
  384. data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
  385. data/lib/rex/registry.rb +14 -0
  386. data/lib/rex/registry/hive.rb +132 -0
  387. data/lib/rex/registry/lfkey.rb +51 -0
  388. data/lib/rex/registry/nodekey.rb +54 -0
  389. data/lib/rex/registry/regf.rb +25 -0
  390. data/lib/rex/registry/valuekey.rb +67 -0
  391. data/lib/rex/registry/valuelist.rb +29 -0
  392. data/lib/rex/ropbuilder.rb +2 -1
  393. data/lib/rex/ropbuilder/rop.rb +3 -2
  394. data/lib/rex/script.rb +1 -0
  395. data/lib/rex/script/base.rb +1 -0
  396. data/lib/rex/script/meterpreter.rb +1 -0
  397. data/lib/rex/script/shell.rb +1 -0
  398. data/lib/rex/service.rb +2 -1
  399. data/lib/rex/service_manager.rb +6 -5
  400. data/lib/rex/service_manager.rb.ut.rb +2 -1
  401. data/lib/rex/services/local_relay.rb +1 -0
  402. data/lib/rex/socket.rb +72 -36
  403. data/lib/rex/socket.rb.ut.rb +1 -0
  404. data/lib/rex/socket/comm.rb +1 -0
  405. data/lib/rex/socket/comm/local.rb +60 -13
  406. data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
  407. data/lib/rex/socket/ip.rb +1 -0
  408. data/lib/rex/socket/parameters.rb +15 -14
  409. data/lib/rex/socket/parameters.rb.ut.rb +2 -1
  410. data/lib/rex/socket/range_walker.rb +71 -26
  411. data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
  412. data/lib/rex/socket/ssl_tcp.rb +1 -0
  413. data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
  414. data/lib/rex/socket/ssl_tcp_server.rb +1 -0
  415. data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
  416. data/lib/rex/socket/subnet_walker.rb +1 -0
  417. data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
  418. data/lib/rex/socket/switch_board.rb +1 -0
  419. data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
  420. data/lib/rex/socket/tcp.rb +4 -3
  421. data/lib/rex/socket/tcp.rb.ut.rb +2 -1
  422. data/lib/rex/socket/tcp_server.rb +1 -0
  423. data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
  424. data/lib/rex/socket/udp.rb +2 -1
  425. data/lib/rex/socket/udp.rb.ut.rb +2 -1
  426. data/lib/rex/struct2.rb +2 -1
  427. data/lib/rex/struct2/c_struct.rb +2 -1
  428. data/lib/rex/struct2/c_struct_template.rb +2 -1
  429. data/lib/rex/struct2/constant.rb +2 -1
  430. data/lib/rex/struct2/element.rb +2 -1
  431. data/lib/rex/struct2/generic.rb +1 -0
  432. data/lib/rex/struct2/restraint.rb +2 -1
  433. data/lib/rex/struct2/s_string.rb +1 -0
  434. data/lib/rex/struct2/s_struct.rb +1 -0
  435. data/lib/rex/sync.rb +2 -1
  436. data/lib/rex/sync/event.rb +1 -0
  437. data/lib/rex/sync/read_write_lock.rb +1 -0
  438. data/lib/rex/sync/ref.rb +2 -1
  439. data/lib/rex/sync/thread_safe.rb +2 -1
  440. data/lib/rex/test.rb +2 -1
  441. data/lib/rex/text.rb +136 -19
  442. data/lib/rex/text.rb.ut.rb +1 -0
  443. data/lib/rex/thread_factory.rb +5 -4
  444. data/lib/rex/time.rb +2 -1
  445. data/lib/rex/transformer.rb +1 -0
  446. data/lib/rex/transformer.rb.ut.rb +2 -1
  447. data/lib/rex/ui.rb +2 -1
  448. data/lib/rex/ui/interactive.rb +10 -9
  449. data/lib/rex/ui/output.rb +1 -0
  450. data/lib/rex/ui/output/none.rb +2 -1
  451. data/lib/rex/ui/progress_tracker.rb +2 -1
  452. data/lib/rex/ui/subscriber.rb +9 -8
  453. data/lib/rex/ui/text/color.rb +1 -0
  454. data/lib/rex/ui/text/color.rb.ut.rb +1 -0
  455. data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
  456. data/lib/rex/ui/text/input.rb +1 -0
  457. data/lib/rex/ui/text/input/buffer.rb +7 -6
  458. data/lib/rex/ui/text/input/readline.rb +14 -13
  459. data/lib/rex/ui/text/input/socket.rb +1 -0
  460. data/lib/rex/ui/text/input/stdio.rb +2 -1
  461. data/lib/rex/ui/text/irb_shell.rb +1 -0
  462. data/lib/rex/ui/text/output.rb +1 -0
  463. data/lib/rex/ui/text/output/buffer.rb +1 -0
  464. data/lib/rex/ui/text/output/file.rb +1 -0
  465. data/lib/rex/ui/text/output/socket.rb +1 -0
  466. data/lib/rex/ui/text/output/stdio.rb +1 -0
  467. data/lib/rex/ui/text/output/tee.rb +1 -0
  468. data/lib/rex/ui/text/progress_tracker.rb +2 -1
  469. data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
  470. data/lib/rex/ui/text/shell.rb +1 -0
  471. data/lib/rex/ui/text/table.rb +20 -14
  472. data/lib/rex/ui/text/table.rb.ut.rb +3 -2
  473. data/lib/rex/zip.rb +1 -0
  474. data/lib/rex/zip/archive.rb +2 -1
  475. data/lib/rex/zip/blocks.rb +3 -2
  476. data/lib/rex/zip/entry.rb +6 -7
  477. data/lib/rex/zip/jar.rb +4 -3
  478. data/lib/rex/zip/samples/comment.rb +1 -0
  479. data/lib/rex/zip/samples/mkwar.rb +1 -0
  480. data/lib/rex/zip/samples/mkzip.rb +1 -0
  481. data/lib/rex/zip/samples/recursive.rb +1 -0
  482. metadata +433 -435
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  #
2
3
  # sf - Sept 2010
3
4
  #
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  ##
2
3
  # $Id: $
3
4
  ##
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  $:.unshift(File.join(File.dirname(__FILE__), '..', '..'))
4
5
 
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  ##
2
3
  # $Id: $
3
4
  ##
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  ##
2
3
  # $Id: $
3
4
  ##
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  ##
2
3
  # $Id: $
3
4
  ##
@@ -1,7 +1,8 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/proto/smb/constants'
2
3
  require 'rex/proto/smb/exceptions'
3
4
  require 'rex/proto/smb/evasions'
4
5
  require 'rex/proto/smb/crypt'
5
6
  require 'rex/proto/smb/utils'
6
7
  require 'rex/proto/smb/client'
7
- require 'rex/proto/smb/simpleclient'
8
+ require 'rex/proto/smb/simpleclient'
@@ -1,8 +1,9 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  require 'rex/test'
4
5
  require 'rex/proto/smb/client.rb.ut.rb'
5
6
  require 'rex/proto/smb/constants.rb.ut.rb'
6
7
  require 'rex/proto/smb/crypt.rb.ut.rb'
7
8
  require 'rex/proto/smb/simpleclient.rb.ut.rb'
8
- require 'rex/proto/smb/utils.rb.ut.rb'
9
+ require 'rex/proto/smb/utils.rb.ut.rb'
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module SMB
@@ -57,10 +58,10 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
57
58
  self.sequence_counter = 0
58
59
  self.signing_key = ''
59
60
  self.require_signing = false
60
-
61
+
61
62
  #Misc
62
63
  self.spnopt = {}
63
-
64
+
64
65
  end
65
66
 
66
67
  # Read a SMB packet from the socket
@@ -97,8 +98,8 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
97
98
 
98
99
  #signing
99
100
  if self.require_signing && self.signing_key != ''
100
- if self.verify_signature
101
- raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data)
101
+ if self.verify_signature
102
+ raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data)
102
103
  end
103
104
  self.sequence_counter += 1
104
105
  end
@@ -159,7 +160,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
159
160
  pkt = CONST::SMB_BASE_PKT.make_struct
160
161
  pkt.from_s(data)
161
162
  res = pkt
162
-
163
+
163
164
  begin
164
165
  case pkt['Payload']['SMB'].v['Command']
165
166
 
@@ -560,8 +561,8 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
560
561
  self.system_time = UTILS.time_smb_to_unix(ack['Payload'].v['SystemTimeHigh'],ack['Payload'].v['SystemTimeLow'])
561
562
  self.system_time = ::Time.at( self.system_time )
562
563
 
563
- # A signed 16-bit signed integer that represents the server's time zone, in minutes,
564
- # from UTC. The time zone of the server MUST be expressed in minutes, plus or minus,
564
+ # A signed 16-bit signed integer that represents the server's time zone, in minutes,
565
+ # from UTC. The time zone of the server MUST be expressed in minutes, plus or minus,
565
566
  # from UTC.
566
567
  # NOTE: althought the spec says +/- it doesn't say that it should be inverted :-/
567
568
  system_zone = ack['Payload'].v['ServerTimeZone']
@@ -581,7 +582,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
581
582
  def session_setup(*args)
582
583
 
583
584
  if (self.dialect =~ /^(NT LANMAN 1.0|NT LM 0.12)$/)
584
-
585
+
585
586
  if (self.challenge_key)
586
587
  return self.session_setup_no_ntlmssp(*args)
587
588
  end
@@ -656,17 +657,17 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
656
657
  #raise XCEPT::SigningError if self.require_signing
657
658
  self.require_signing = false if self.require_signing
658
659
 
659
-
660
+
660
661
  if NTLM_UTILS.is_pass_ntlm_hash?(pass)
661
662
  arglm = {
662
663
  :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
663
- :challenge => self.challenge_key
664
+ :challenge => self.challenge_key
664
665
  }
665
666
  hash_lm = NTLM_CRYPT::lm_response(arglm)
666
667
 
667
668
  argntlm = {
668
- :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
669
- :challenge => self.challenge_key
669
+ :ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
670
+ :challenge => self.challenge_key
670
671
  }
671
672
  hash_nt = NTLM_CRYPT::ntlm_response(argntlm)
672
673
  else
@@ -768,7 +769,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
768
769
  return ack
769
770
  end
770
771
 
771
- # Authenticate using extended security negotiation
772
+ # Authenticate using extended security negotiation
772
773
  def session_setup_with_ntlmssp(user = '', pass = '', domain = '', name = nil, do_recv = true)
773
774
 
774
775
  ntlm_options = {
@@ -865,17 +866,17 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
865
866
 
866
867
  resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, self.challenge_key, domain,
867
868
  default_name, default_domain, dns_host_name,
868
- dns_domain_name, chall_MsvAvTimestamp ,
869
+ dns_domain_name, chall_MsvAvTimestamp ,
869
870
  self.spnopt, ntlm_options)
870
871
  enc_session_key = ''
871
872
  self.sequence_counter = 0
872
873
 
873
874
  if self.require_signing
874
- self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain,
875
- self.challenge_key, client_challenge, ntlm_cli_challenge,
875
+ self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain,
876
+ self.challenge_key, client_challenge, ntlm_cli_challenge,
876
877
  ntlm_options)
877
878
  end
878
-
879
+
879
880
  # Create the security blob data
880
881
  blob = NTLM_UTILS.make_ntlmssp_secblob_auth(domain, name, user, resp_lm, resp_ntlm, enc_session_key, ntlmssp_flags)
881
882
 
@@ -909,11 +910,11 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
909
910
 
910
911
  # Make sure that authentication succeeded
911
912
  if (ack['Payload']['SMB'].v['ErrorClass'] != 0)
912
-
913
+
913
914
  if (user.length == 0)
914
915
  # Ensure that signing is disabled when we hit this corner case
915
916
  self.require_signing = false
916
-
917
+
917
918
  # Fall back to the non-ntlmssp authentication method
918
919
  return self.session_setup_no_ntlmssp(user, pass, domain)
919
920
  end
@@ -1920,7 +1921,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
1920
1921
 
1921
1922
  # public read/write methods
1922
1923
  attr_accessor :native_os, :native_lm, :encrypt_passwords, :extended_security, :read_timeout, :evasion_opts
1923
- attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm
1924
+ attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm
1924
1925
  attr_accessor :system_time, :system_zone
1925
1926
  #misc
1926
1927
  attr_accessor :spnopt # used for SPN
@@ -1931,7 +1932,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
1931
1932
  attr_reader :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id
1932
1933
  attr_reader :dns_host_name, :dns_domain_name
1933
1934
  attr_reader :security_mode, :server_guid
1934
- #signing related
1935
+ #signing related
1935
1936
  attr_reader :sequence_counter,:signing_key, :require_signing
1936
1937
 
1937
1938
  # private methods
@@ -1940,7 +1941,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
1940
1941
  attr_writer :dns_host_name, :dns_domain_name
1941
1942
  attr_writer :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id
1942
1943
  attr_writer :security_mode, :server_guid
1943
- #signing related
1944
+ #signing related
1944
1945
  attr_writer :sequence_counter,:signing_key, :require_signing
1945
1946
 
1946
1947
  attr_accessor :socket
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  $:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
4
5
 
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module SMB
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  $:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
4
5
 
@@ -15,4 +16,4 @@ class Rex::Proto::SMB::Constants::UnitTest < Test::Unit::TestCase
15
16
  assert_equal(Klass::NT_TRANSACT_QUERY_SECURITY_DESC, 0x06)
16
17
  end
17
18
 
18
- end
19
+ end
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/text'
2
3
 
3
4
  module Rex
@@ -6,7 +7,7 @@ module SMB
6
7
  class Crypt
7
8
 
8
9
  @@loaded_openssl = false
9
-
10
+
10
11
  begin
11
12
  require 'openssl'
12
13
  @@loaded_openssl = true
@@ -18,7 +19,7 @@ class Crypt
18
19
  raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
19
20
  seq = Rex::Text::pack_int64le(sequence_counter)
20
21
  netbios_hdr = data.slice!(0,4)
21
- data[14,8] = seq
22
+ data[14,8] = seq
22
23
  signature = OpenSSL::Digest::MD5.digest(mackey + data)[0,8]
23
24
  data[14,8] = signature
24
25
  netbios_hdr + data
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module SMB
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module SMB
@@ -730,7 +731,7 @@ class Error < ::RuntimeError
730
731
  0xC003005E => "RPC_NT_WRONG_PIPE_VERSION",
731
732
  0x400200AF => "RPC_NT_SEND_INCOMPLETE"
732
733
  }
733
-
734
+
734
735
  def initialize(*args)
735
736
  super(*args)
736
737
  end
@@ -784,28 +785,28 @@ end
784
785
 
785
786
  class InvalidWordCount < InvalidPacket
786
787
  def to_s
787
- "The server responded with unimplemented WordCount " +
788
+ "The server responded with unimplemented WordCount " +
788
789
  self.word_count.to_s + ' for command ' + self.command.to_s
789
790
  end
790
791
  end
791
792
 
792
793
  class InvalidCommand < InvalidPacket
793
794
  def to_s
794
- "The server responded with unimplemented command " +
795
+ "The server responded with unimplemented command " +
795
796
  self.command.to_s + ' with WordCount ' + self.word_count.to_s
796
797
  end
797
798
  end
798
799
 
799
800
  class InvalidType < InvalidPacket
800
801
  def to_s
801
- "The server responded with unexpected packet (Command=" +
802
+ "The server responded with unexpected packet (Command=" +
802
803
  self.command.to_s + ' WordCount=' + self.word_count.to_s + ")"
803
804
  end
804
805
  end
805
806
 
806
807
  class ErrorCode < InvalidPacket
807
808
  def to_s
808
- 'The server responded with error: ' +
809
+ 'The server responded with error: ' +
809
810
  self.get_error(self.error_code) +
810
811
  " (Command=#{self.command} WordCount=#{self.word_count})"
811
812
  end
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  module Rex
2
3
  module Proto
3
4
  module SMB
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  $:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
4
5
 
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/text'
2
3
  require 'rex/proto/smb/constants'
3
4
 
@@ -1,4 +1,5 @@
1
1
  #!/usr/bin/env ruby
2
+ # -*- coding: binary -*-
2
3
 
3
4
  $:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
4
5
 
@@ -17,4 +18,4 @@ class Rex::Proto::SMB::Utils::UnitTest < Test::Unit::TestCase
17
18
  assert_equal(Klass.nbname_encode(nbdecoded), nbencoded )
18
19
  assert_equal(Klass.nbname_decode(nbencoded), nbdecoded )
19
20
  end
20
- end
21
+ end
@@ -1 +1,2 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/proto/sunrpc/client'
@@ -1,3 +1,4 @@
1
+ # -*- coding: binary -*-
1
2
  require 'rex/socket'
2
3
  require 'rex/encoder/xdr'
3
4
 
@@ -1,4 +1,5 @@
1
- # $Id: tftp.rb 9962 2010-08-06 17:21:22Z jduck $
1
+ # -*- coding: binary -*-
2
+ # $Id: tftp.rb 15548 2012-06-29 06:08:20Z rapid7 $
2
3
  #
3
4
  # TFTP Server implementation according to:
4
5
  #
@@ -10,3 +11,4 @@
10
11
 
11
12
  require 'rex/proto/tftp/constants'
12
13
  require 'rex/proto/tftp/server'
14
+ require 'rex/proto/tftp/client'
@@ -0,0 +1,344 @@
1
+ # -*- coding: binary -*-
2
+ require 'rex/socket'
3
+ require 'rex/proto/tftp'
4
+ require 'tempfile'
5
+
6
+ module Rex
7
+ module Proto
8
+ module TFTP
9
+
10
+ #
11
+ # TFTP Client class
12
+ #
13
+ # Note that TFTP has blocks, and so does Ruby. Watch out with the variable names!
14
+ #
15
+ # The big gotcha right now is that setting the mode between octet, netascii, or
16
+ # anything else doesn't actually do anything other than declare it to the
17
+ # server.
18
+ #
19
+ # Also, since TFTP clients act as both clients and servers, we use two
20
+ # threads to handle transfers, regardless of the direction. For this reason,
21
+ # the transfer actions are nonblocking; if you need to see the
22
+ # results of a transfer before doing something else, check the boolean complete
23
+ # attribute and any return data in the :status attribute. It's a little
24
+ # weird like that.
25
+ #
26
+ # Finally, most (all?) clients will alter the data in netascii mode in order
27
+ # to try to conform to the RFC standard for what "netascii" means, but there are
28
+ # ambiguities in implementations on things like if nulls are allowed, what
29
+ # to do with Unicode, and all that. For this reason, "octet" is default, and
30
+ # if you want to send "netascii" data, it's on you to fix up your source data
31
+ # prior to sending it.
32
+ #
33
+ class Client
34
+
35
+ attr_accessor :local_host, :local_port, :peer_host, :peer_port
36
+ attr_accessor :threads, :context, :server_sock, :client_sock
37
+ attr_accessor :local_file, :remote_file, :mode, :action
38
+ attr_accessor :complete, :recv_tempfile, :status
39
+ attr_accessor :block_size # This definitely breaks spec, should only use for fuzz/sploit.
40
+
41
+ # Returns an array of [code, type, msg]. Data packets
42
+ # specifically will /not/ unpack, since that would drop any trailing spaces or nulls.
43
+ def parse_tftp_response(str)
44
+ return nil unless str.length >= 4
45
+ ret = str.unpack("nnA*")
46
+ ret[2] = str[4,str.size] if ret[0] == OpData
47
+ return ret
48
+ end
49
+
50
+ def initialize(params)
51
+ self.threads = []
52
+ self.local_host = params["LocalHost"] || "0.0.0.0"
53
+ self.local_port = params["LocalPort"] || (1025 + rand(0xffff-1025))
54
+ self.peer_host = params["PeerHost"] || (raise ArgumentError, "Need a peer host.")
55
+ self.peer_port = params["PeerPort"] || 69
56
+ self.context = params["Context"]
57
+ self.local_file = params["LocalFile"]
58
+ self.remote_file = params["RemoteFile"] || (::File.split(self.local_file).last if self.local_file)
59
+ self.mode = params["Mode"] || "octet"
60
+ self.action = params["Action"] || (raise ArgumentError, "Need an action.")
61
+ self.block_size = params["BlockSize"] || 512
62
+ end
63
+
64
+ #
65
+ # Methods for both upload and download
66
+ #
67
+
68
+ def start_server_socket
69
+ self.server_sock = Rex::Socket::Udp.create(
70
+ 'LocalHost' => local_host,
71
+ 'LocalPort' => local_port,
72
+ 'Context' => context
73
+ )
74
+ if self.server_sock and block_given?
75
+ yield "Started TFTP client listener on #{local_host}:#{local_port}"
76
+ end
77
+ self.threads << Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
78
+ if block_given?
79
+ monitor_server_sock {|msg| yield msg}
80
+ else
81
+ monitor_server_sock
82
+ end
83
+ }
84
+ end
85
+
86
+ def monitor_server_sock
87
+ yield "Listening for incoming ACKs" if block_given?
88
+ res = self.server_sock.recvfrom(65535)
89
+ if res and res[0]
90
+ code, type, data = parse_tftp_response(res[0])
91
+ if code == OpAck and self.action == :upload
92
+ if block_given?
93
+ yield "WRQ accepted, sending the file." if type == 0
94
+ send_data(res[1], res[2]) {|msg| yield msg}
95
+ else
96
+ send_data(res[1], res[2])
97
+ end
98
+ elsif code == OpData and self.action == :download
99
+ if block_given?
100
+ recv_data(res[1], res[2], data) {|msg| yield msg}
101
+ else
102
+ recv_data(res[1], res[2], data)
103
+ end
104
+ elsif code == OpError
105
+ yield("Aborting, got error type:%d, message:'%s'" % [type, data]) if block_given?
106
+ self.status = {:error => [code, type, data]}
107
+ else
108
+ yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
109
+ self.status = {:error => [code, type, data]}
110
+ end
111
+ end
112
+ stop
113
+ end
114
+
115
+ def monitor_client_sock
116
+ res = self.client_sock.recvfrom(65535)
117
+ if res[1] # Got a response back, so that's never good; Acks come back on server_sock.
118
+ code, type, data = parse_tftp_response(res[0])
119
+ yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
120
+ self.status = {:error => [code, type, data]}
121
+ stop
122
+ end
123
+ end
124
+
125
+ def stop
126
+ self.complete = true
127
+ begin
128
+ self.server_sock.close
129
+ self.client_sock.close
130
+ self.server_sock = nil
131
+ self.client_sock = nil
132
+ self.threads.each {|t| t.kill}
133
+ rescue
134
+ nil
135
+ end
136
+ end
137
+
138
+ #
139
+ # Methods for download
140
+ #
141
+
142
+ def rrq_packet
143
+ req = [OpRead, self.remote_file, self.mode]
144
+ packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
145
+ req.pack(packstr)
146
+ end
147
+
148
+ def ack_packet(blocknum=0)
149
+ req = [OpAck, blocknum].pack("nn")
150
+ end
151
+
152
+ def send_read_request(&block)
153
+ self.status = nil
154
+ self.complete = false
155
+ if block_given?
156
+ start_server_socket {|msg| yield msg}
157
+ else
158
+ start_server_socket
159
+ end
160
+ self.client_sock = Rex::Socket::Udp.create(
161
+ 'PeerHost' => peer_host,
162
+ 'PeerPort' => peer_port,
163
+ 'LocalHost' => local_host,
164
+ 'LocalPort' => local_port,
165
+ 'Context' => context
166
+ )
167
+ self.client_sock.sendto(rrq_packet, peer_host, peer_port)
168
+ self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
169
+ if block_given?
170
+ monitor_client_sock {|msg| yield msg}
171
+ else
172
+ monitor_client_sock
173
+ end
174
+ }
175
+ until self.complete
176
+ return self.status
177
+ end
178
+ end
179
+
180
+ def recv_data(host, port, first_block)
181
+ self.recv_tempfile = Rex::Quickfile.new('msf-tftp')
182
+ recvd_blocks = 1
183
+ if block_given?
184
+ yield "Source file: #{self.remote_file}, destination file: #{self.local_file}"
185
+ yield "Received and acknowledged #{first_block.size} in block #{recvd_blocks}"
186
+ end
187
+ if block_given?
188
+ write_and_ack_data(first_block,1,host,port) {|msg| yield msg}
189
+ else
190
+ write_and_ack_data(first_block,1,host,port)
191
+ end
192
+ current_block = first_block
193
+ while current_block.size == 512
194
+ res = self.server_sock.recvfrom(65535)
195
+ if res and res[0]
196
+ code, block_num, current_block = parse_tftp_response(res[0])
197
+ if code == 3
198
+ if block_given?
199
+ write_and_ack_data(current_block,block_num,host,port) {|msg| yield msg}
200
+ else
201
+ write_and_ack_data(current_block,block_num,host,port)
202
+ end
203
+ recvd_blocks += 1
204
+ else
205
+ yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, msg]) if block_given?
206
+ stop
207
+ end
208
+ end
209
+ end
210
+ if block_given?
211
+ yield("Transferred #{self.recv_tempfile.size} bytes in #{recvd_blocks} blocks, download complete!")
212
+ end
213
+ self.status = {:success => [
214
+ self.local_file,
215
+ self.remote_file,
216
+ self.recv_tempfile.size,
217
+ recvd_blocks.size]
218
+ }
219
+ self.recv_tempfile.close
220
+ stop
221
+ end
222
+
223
+ def write_and_ack_data(data,blocknum,host,port)
224
+ self.recv_tempfile.write(data)
225
+ self.recv_tempfile.flush
226
+ req = ack_packet(blocknum)
227
+ self.server_sock.sendto(req, host, port)
228
+ yield "Received and acknowledged #{data.size} in block #{blocknum}" if block_given?
229
+ end
230
+
231
+ #
232
+ # Methods for upload
233
+ #
234
+
235
+ def wrq_packet
236
+ req = [OpWrite, self.remote_file, self.mode]
237
+ packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
238
+ req.pack(packstr)
239
+ end
240
+
241
+ # Note that the local filename for uploading need not be a real filename --
242
+ # if it begins with DATA: it can be any old string of bytes. If it's missing
243
+ # completely, then just quit.
244
+ def blockify_file_or_data
245
+ if self.local_file =~ /^DATA:(.*)/m
246
+ data = $1
247
+ elsif ::File.file?(self.local_file) and ::File.readable?(self.local_file)
248
+ data = ::File.open(self.local_file, "rb") {|f| f.read f.stat.size} rescue []
249
+ else
250
+ return []
251
+ end
252
+ data_blocks = data.scan(/.{1,#{block_size}}/m)
253
+ # Drop any trailing empty blocks
254
+ if data_blocks.size > 1 and data_blocks.last.empty?
255
+ data_blocks.pop
256
+ end
257
+ return data_blocks
258
+ end
259
+
260
+ def send_write_request(&block)
261
+ self.status = nil
262
+ self.complete = false
263
+ if block_given?
264
+ start_server_socket {|msg| yield msg}
265
+ else
266
+ start_server_socket
267
+ end
268
+ self.client_sock = Rex::Socket::Udp.create(
269
+ 'PeerHost' => peer_host,
270
+ 'PeerPort' => peer_port,
271
+ 'LocalHost' => local_host,
272
+ 'LocalPort' => local_port,
273
+ 'Context' => context
274
+ )
275
+ self.client_sock.sendto(wrq_packet, peer_host, peer_port)
276
+ self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
277
+ if block_given?
278
+ monitor_client_sock {|msg| yield msg}
279
+ else
280
+ monitor_client_sock
281
+ end
282
+ }
283
+ until self.complete
284
+ return self.status
285
+ end
286
+ end
287
+
288
+ def send_data(host,port)
289
+ self.status = {:write_allowed => true}
290
+ data_blocks = blockify_file_or_data()
291
+ if data_blocks.empty?
292
+ yield "Closing down since there is no data to send." if block_given?
293
+ self.status = {:success => [self.local_file, self.local_file, 0, 0]}
294
+ return nil
295
+ end
296
+ sent_data = 0
297
+ sent_blocks = 0
298
+ expected_blocks = data_blocks.size
299
+ expected_size = data_blocks.join.size
300
+ if block_given?
301
+ yield "Source file: #{self.local_file =~ /^DATA:/ ? "(Data)" : self.remote_file}, destination file: #{self.remote_file}"
302
+ yield "Sending #{expected_size} bytes (#{expected_blocks} blocks)"
303
+ end
304
+ data_blocks.each_with_index do |data_block,idx|
305
+ req = [OpData, (idx + 1), data_block].pack("nnA*")
306
+ if self.server_sock.sendto(req, host, port) > 0
307
+ sent_data += data_block.size
308
+ end
309
+ res = self.server_sock.recvfrom(65535)
310
+ if res
311
+ code, type, msg = parse_tftp_response(res[0])
312
+ if code == 4
313
+ sent_blocks += 1
314
+ yield "Sent #{data_block.size} bytes in block #{sent_blocks}" if block_given?
315
+ else
316
+ if block_given?
317
+ yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
318
+ end
319
+ break
320
+ end
321
+ end
322
+ end
323
+ if block_given?
324
+ if(sent_data == expected_size)
325
+ yield("Transferred #{sent_data} bytes in #{sent_blocks} blocks, upload complete!")
326
+ else
327
+ yield "Upload complete, but with errors."
328
+ end
329
+ end
330
+ if sent_data == expected_size
331
+ self.status = {:success => [
332
+ self.local_file,
333
+ self.remote_file,
334
+ sent_data,
335
+ sent_blocks
336
+ ] }
337
+ end
338
+ end
339
+
340
+ end
341
+
342
+ end
343
+ end
344
+ end