librex 0.0.65 → 0.0.66
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +1 -1
- data/lib/rex/arch.rb +1 -0
- data/lib/rex/arch/sparc.rb +16 -15
- data/lib/rex/arch/sparc.rb.ut.rb +2 -1
- data/lib/rex/arch/x86.rb +1 -0
- data/lib/rex/arch/x86.rb.ut.rb +2 -1
- data/lib/rex/assembly/nasm.rb +1 -0
- data/lib/rex/assembly/nasm.rb.ut.rb +2 -1
- data/lib/rex/compat.rb +13 -0
- data/lib/rex/constants.rb +5 -4
- data/lib/rex/elfparsey.rb +3 -2
- data/lib/rex/elfparsey/elf.rb +2 -1
- data/lib/rex/elfparsey/elfbase.rb +8 -7
- data/lib/rex/elfparsey/exceptions.rb +3 -2
- data/lib/rex/elfscan.rb +3 -2
- data/lib/rex/elfscan/scanner.rb +2 -1
- data/lib/rex/elfscan/search.rb +2 -1
- data/lib/rex/encoder/alpha2.rb +2 -1
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +3 -2
- data/lib/rex/encoder/alpha2/alpha_upper.rb +5 -4
- data/lib/rex/encoder/alpha2/generic.rb +37 -60
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +4 -9
- data/lib/rex/encoder/alpha2/unicode_upper.rb +4 -9
- data/lib/rex/encoder/ndr.rb +1 -0
- data/lib/rex/encoder/ndr.rb.ut.rb +2 -1
- data/lib/rex/encoder/nonalpha.rb +1 -0
- data/lib/rex/encoder/nonupper.rb +1 -0
- data/lib/rex/encoder/xdr.rb +9 -8
- data/lib/rex/encoder/xdr.rb.ut.rb +2 -1
- data/lib/rex/encoder/xor.rb +1 -0
- data/lib/rex/encoder/xor/dword.rb +2 -1
- data/lib/rex/encoder/xor/dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword.rb +1 -0
- data/lib/rex/encoders/xor_dword_additive.rb +2 -1
- data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor.rb +2 -1
- data/lib/rex/encoding/xor.rb.ts.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb +2 -1
- data/lib/rex/encoding/xor/byte.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb +2 -1
- data/lib/rex/encoding/xor/dword.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/dword_additive.rb +1 -0
- data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/exceptions.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb +1 -0
- data/lib/rex/encoding/xor/generic.rb.ut.rb +2 -1
- data/lib/rex/encoding/xor/qword.rb +2 -1
- data/lib/rex/encoding/xor/word.rb +2 -1
- data/lib/rex/encoding/xor/word.rb.ut.rb +2 -1
- data/lib/rex/exceptions.rb +1 -0
- data/lib/rex/exceptions.rb.ut.rb +2 -1
- data/lib/rex/exploitation/cmdstager.rb +2 -1
- data/lib/rex/exploitation/cmdstager/base.rb +1 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +2 -1
- data/lib/rex/exploitation/cmdstager/debug_write.rb +2 -1
- data/lib/rex/exploitation/cmdstager/tftp.rb +2 -1
- data/lib/rex/exploitation/cmdstager/vbs.rb +2 -1
- data/lib/rex/exploitation/egghunter.rb +12 -11
- data/lib/rex/exploitation/egghunter.rb.ut.rb +2 -1
- data/lib/rex/exploitation/encryptjs.rb +1 -0
- data/lib/rex/exploitation/heaplib.rb +1 -0
- data/lib/rex/exploitation/javascriptosdetect.js +1014 -0
- data/lib/rex/exploitation/javascriptosdetect.rb +4 -857
- data/lib/rex/exploitation/jsobfu.rb +2 -1
- data/lib/rex/exploitation/obfuscatejs.rb +1 -0
- data/lib/rex/exploitation/omelet.rb +1 -0
- data/lib/rex/exploitation/omelet.rb.ut.rb +1 -0
- data/lib/rex/exploitation/opcodedb.rb +12 -11
- data/lib/rex/exploitation/opcodedb.rb.ut.rb +2 -1
- data/lib/rex/exploitation/seh.rb +3 -2
- data/lib/rex/exploitation/seh.rb.ut.rb +2 -1
- data/lib/rex/file.rb +4 -3
- data/lib/rex/file.rb.ut.rb +2 -1
- data/lib/rex/image_source.rb +3 -2
- data/lib/rex/image_source/disk.rb +3 -2
- data/lib/rex/image_source/image_source.rb +3 -2
- data/lib/rex/image_source/memory.rb +3 -2
- data/lib/rex/io/bidirectional_pipe.rb +1 -0
- data/lib/rex/io/datagram_abstraction.rb +2 -1
- data/lib/rex/io/ring_buffer.rb +49 -44
- data/lib/rex/io/ring_buffer.rb.ut.rb +4 -3
- data/lib/rex/io/stream.rb +1 -0
- data/lib/rex/io/stream_abstraction.rb +1 -0
- data/lib/rex/io/stream_server.rb +1 -0
- data/lib/rex/job_container.rb +1 -0
- data/lib/rex/logging.rb +2 -1
- data/lib/rex/logging/log_dispatcher.rb +5 -4
- data/lib/rex/logging/log_sink.rb +2 -1
- data/lib/rex/logging/sinks/flatfile.rb +4 -3
- data/lib/rex/logging/sinks/stderr.rb +2 -1
- data/lib/rex/machparsey.rb +2 -1
- data/lib/rex/machparsey/exceptions.rb +2 -1
- data/lib/rex/machparsey/mach.rb +20 -19
- data/lib/rex/machparsey/machbase.rb +27 -26
- data/lib/rex/machscan.rb +2 -1
- data/lib/rex/machscan/scanner.rb +1 -0
- data/lib/rex/mime.rb +2 -1
- data/lib/rex/mime/header.rb +1 -0
- data/lib/rex/mime/message.rb +4 -1
- data/lib/rex/mime/part.rb +2 -1
- data/lib/rex/nop/opty2.rb +2 -1
- data/lib/rex/nop/opty2.rb.ut.rb +2 -1
- data/lib/rex/nop/opty2_tables.rb +1 -0
- data/lib/rex/ole.rb +3 -2
- data/lib/rex/ole/clsid.rb +3 -2
- data/lib/rex/ole/difat.rb +3 -2
- data/lib/rex/ole/directory.rb +3 -2
- data/lib/rex/ole/direntry.rb +3 -2
- data/lib/rex/ole/fat.rb +3 -2
- data/lib/rex/ole/header.rb +3 -2
- data/lib/rex/ole/minifat.rb +3 -2
- data/lib/rex/ole/propset.rb +4 -3
- data/lib/rex/ole/samples/create_ole.rb +1 -0
- data/lib/rex/ole/samples/dir.rb +1 -0
- data/lib/rex/ole/samples/dump_stream.rb +1 -0
- data/lib/rex/ole/samples/ole_info.rb +1 -0
- data/lib/rex/ole/storage.rb +3 -2
- data/lib/rex/ole/stream.rb +3 -2
- data/lib/rex/ole/substorage.rb +3 -2
- data/lib/rex/ole/util.rb +3 -2
- data/lib/rex/parser/acunetix_nokogiri.rb +13 -12
- data/lib/rex/parser/apple_backup_manifestdb.rb +20 -19
- data/lib/rex/parser/appscan_nokogiri.rb +17 -16
- data/lib/rex/parser/arguments.rb +2 -1
- data/lib/rex/parser/arguments.rb.ut.rb +2 -1
- data/lib/rex/parser/burp_session_nokogiri.rb +8 -7
- data/lib/rex/parser/ci_nokogiri.rb +4 -3
- data/lib/rex/parser/foundstone_nokogiri.rb +18 -17
- data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
- data/lib/rex/parser/ini.rb +1 -0
- data/lib/rex/parser/ini.rb.ut.rb +2 -1
- data/lib/rex/parser/ip360_aspl_xml.rb +1 -0
- data/lib/rex/parser/ip360_xml.rb +4 -3
- data/lib/rex/parser/mbsa_nokogiri.rb +8 -7
- data/lib/rex/parser/nessus_xml.rb +3 -2
- data/lib/rex/parser/netsparker_xml.rb +10 -9
- data/lib/rex/parser/nexpose_raw_nokogiri.rb +372 -52
- data/lib/rex/parser/nexpose_simple_nokogiri.rb +8 -7
- data/lib/rex/parser/nexpose_xml.rb +1 -0
- data/lib/rex/parser/nmap_nokogiri.rb +63 -33
- data/lib/rex/parser/nmap_xml.rb +1 -0
- data/lib/rex/parser/nokogiri_doc_mixin.rb +35 -15
- data/lib/rex/parser/openvas_nokogiri.rb +172 -0
- data/lib/rex/parser/retina_xml.rb +1 -0
- data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
- data/lib/rex/payloads.rb +2 -1
- data/lib/rex/payloads/win32.rb +2 -1
- data/lib/rex/payloads/win32/common.rb +2 -1
- data/lib/rex/payloads/win32/kernel.rb +2 -1
- data/lib/rex/payloads/win32/kernel/common.rb +4 -3
- data/lib/rex/payloads/win32/kernel/migration.rb +2 -1
- data/lib/rex/payloads/win32/kernel/recovery.rb +2 -1
- data/lib/rex/payloads/win32/kernel/stager.rb +21 -20
- data/lib/rex/peparsey.rb +3 -2
- data/lib/rex/peparsey/exceptions.rb +2 -1
- data/lib/rex/peparsey/pe.rb +3 -2
- data/lib/rex/peparsey/pe_memdump.rb +2 -1
- data/lib/rex/peparsey/pebase.rb +2 -1
- data/lib/rex/peparsey/section.rb +2 -1
- data/lib/rex/pescan.rb +3 -2
- data/lib/rex/pescan/analyze.rb +1 -0
- data/lib/rex/pescan/scanner.rb +1 -0
- data/lib/rex/pescan/search.rb +1 -0
- data/lib/rex/platforms.rb +2 -1
- data/lib/rex/platforms/windows.rb +2 -1
- data/lib/rex/poly.rb +2 -1
- data/lib/rex/poly/block.rb +16 -15
- data/lib/rex/poly/register.rb +2 -1
- data/lib/rex/poly/register/x86.rb +2 -1
- data/lib/rex/post.rb +2 -2
- data/lib/rex/post/dir.rb +2 -1
- data/lib/rex/post/file.rb +1 -0
- data/lib/rex/post/file_stat.rb +1 -0
- data/lib/rex/post/io.rb +2 -1
- data/lib/rex/post/meterpreter.rb +2 -1
- data/lib/rex/post/meterpreter/channel.rb +1 -0
- data/lib/rex/post/meterpreter/channel_container.rb +2 -1
- data/lib/rex/post/meterpreter/channels/pool.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +1 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +3 -2
- data/lib/rex/post/meterpreter/channels/stream.rb +1 -0
- data/lib/rex/post/meterpreter/client.rb +23 -1
- data/lib/rex/post/meterpreter/client_core.rb +10 -5
- data/lib/rex/post/meterpreter/dependencies.rb +2 -1
- data/lib/rex/post/meterpreter/extension.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +5 -4
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +7 -6
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +28 -11
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +6 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +3 -2
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +39 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +75 -18
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +18 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +4 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +12 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +29 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +10 -5
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +9 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +128 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +27 -6
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +21 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +43 -4
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +1 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +7 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +14 -13
- data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +1 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +2 -1
- data/lib/rex/post/meterpreter/object_aliases.rb +6 -5
- data/lib/rex/post/meterpreter/packet.rb +26 -6
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/packet_parser.rb +1 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +103 -28
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +1 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +12 -11
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +2 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +53 -36
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +3 -2
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +87 -44
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +80 -18
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +77 -48
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +72 -41
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +24 -5
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +2 -1
- data/lib/rex/post/permission.rb +2 -1
- data/lib/rex/post/process.rb +2 -1
- data/lib/rex/post/thread.rb +2 -1
- data/lib/rex/post/ui.rb +2 -1
- data/lib/rex/proto.rb +1 -0
- data/lib/rex/proto.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc.rb +2 -1
- data/lib/rex/proto/dcerpc.rb.ts.rb +2 -1
- data/lib/rex/proto/dcerpc/client.rb +1 -0
- data/lib/rex/proto/dcerpc/client.rb.ut.rb +1 -0
- data/lib/rex/proto/dcerpc/exceptions.rb +2 -1
- data/lib/rex/proto/dcerpc/handle.rb +1 -0
- data/lib/rex/proto/dcerpc/handle.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb +2 -1
- data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/packet.rb +52 -45
- data/lib/rex/proto/dcerpc/packet.rb.ut.rb +12 -11
- data/lib/rex/proto/dcerpc/response.rb +1 -0
- data/lib/rex/proto/dcerpc/response.rb.ut.rb +2 -1
- data/lib/rex/proto/dcerpc/uuid.rb +13 -12
- data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +2 -1
- data/lib/rex/proto/dhcp.rb +2 -1
- data/lib/rex/proto/dhcp/constants.rb +2 -1
- data/lib/rex/proto/dhcp/server.rb +4 -3
- data/lib/rex/proto/drda.rb +1 -0
- data/lib/rex/proto/drda.rb.ts.rb +1 -0
- data/lib/rex/proto/drda/constants.rb +1 -0
- data/lib/rex/proto/drda/constants.rb.ut.rb +1 -0
- data/lib/rex/proto/drda/packet.rb +11 -10
- data/lib/rex/proto/drda/packet.rb.ut.rb +5 -4
- data/lib/rex/proto/drda/utils.rb +4 -3
- data/lib/rex/proto/drda/utils.rb.ut.rb +3 -2
- data/lib/rex/proto/http.rb +2 -1
- data/lib/rex/proto/http.rb.ts.rb +2 -1
- data/lib/rex/proto/http/client.rb +29 -5
- data/lib/rex/proto/http/client.rb.ut.rb +1 -0
- data/lib/rex/proto/http/handler.rb +2 -1
- data/lib/rex/proto/http/handler/erb.rb +5 -4
- data/lib/rex/proto/http/handler/erb.rb.ut.rb +2 -1
- data/lib/rex/proto/http/handler/proc.rb +1 -0
- data/lib/rex/proto/http/handler/proc.rb.ut.rb +2 -1
- data/lib/rex/proto/http/header.rb +3 -3
- data/lib/rex/proto/http/header.rb.ut.rb +2 -1
- data/lib/rex/proto/http/packet.rb +1 -0
- data/lib/rex/proto/http/packet.rb.ut.rb +15 -14
- data/lib/rex/proto/http/request.rb +23 -22
- data/lib/rex/proto/http/request.rb.ut.rb +2 -1
- data/lib/rex/proto/http/response.rb +6 -5
- data/lib/rex/proto/http/response.rb.ut.rb +7 -6
- data/lib/rex/proto/http/server.rb +1 -0
- data/lib/rex/proto/http/server.rb.ut.rb +6 -5
- data/lib/rex/proto/iax2.rb +1 -0
- data/lib/rex/proto/iax2/call.rb +48 -47
- data/lib/rex/proto/iax2/client.rb +23 -22
- data/lib/rex/proto/iax2/codecs.rb +1 -0
- data/lib/rex/proto/iax2/codecs/alaw.rb +1 -0
- data/lib/rex/proto/iax2/codecs/g711.rb +4 -3
- data/lib/rex/proto/iax2/codecs/mulaw.rb +1 -0
- data/lib/rex/proto/iax2/constants.rb +1 -0
- data/lib/rex/proto/natpmp.rb +11 -0
- data/lib/rex/proto/natpmp/constants.rb +19 -0
- data/lib/rex/proto/natpmp/packet.rb +45 -0
- data/lib/rex/proto/ntlm.rb +1 -0
- data/lib/rex/proto/ntlm.rb.ut.rb +1 -0
- data/lib/rex/proto/ntlm/base.rb +38 -37
- data/lib/rex/proto/ntlm/constants.rb +1 -0
- data/lib/rex/proto/ntlm/crypt.rb +45 -44
- data/lib/rex/proto/ntlm/exceptions.rb +1 -0
- data/lib/rex/proto/ntlm/message.rb +30 -29
- data/lib/rex/proto/ntlm/utils.rb +116 -115
- data/lib/rex/proto/proxy/socks4a.rb +1 -0
- data/lib/rex/proto/rfb.rb +1 -0
- data/lib/rex/proto/rfb.rb.ut.rb +1 -0
- data/lib/rex/proto/rfb/cipher.rb +1 -0
- data/lib/rex/proto/rfb/client.rb +1 -0
- data/lib/rex/proto/rfb/constants.rb +1 -0
- data/lib/rex/proto/smb.rb +2 -1
- data/lib/rex/proto/smb.rb.ts.rb +2 -1
- data/lib/rex/proto/smb/client.rb +23 -22
- data/lib/rex/proto/smb/client.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/constants.rb +1 -0
- data/lib/rex/proto/smb/constants.rb.ut.rb +2 -1
- data/lib/rex/proto/smb/crypt.rb +3 -2
- data/lib/rex/proto/smb/evasions.rb +1 -0
- data/lib/rex/proto/smb/exceptions.rb +6 -5
- data/lib/rex/proto/smb/simpleclient.rb +1 -0
- data/lib/rex/proto/smb/simpleclient.rb.ut.rb +1 -0
- data/lib/rex/proto/smb/utils.rb +1 -0
- data/lib/rex/proto/smb/utils.rb.ut.rb +2 -1
- data/lib/rex/proto/sunrpc.rb +1 -0
- data/lib/rex/proto/sunrpc/client.rb +1 -0
- data/lib/rex/proto/tftp.rb +3 -1
- data/lib/rex/proto/tftp/client.rb +344 -0
- data/lib/rex/proto/tftp/constants.rb +2 -1
- data/lib/rex/proto/tftp/server.rb +2 -1
- data/lib/rex/proto/tftp/server.rb.ut.rb +3 -2
- data/lib/rex/registry.rb +14 -0
- data/lib/rex/registry/hive.rb +132 -0
- data/lib/rex/registry/lfkey.rb +51 -0
- data/lib/rex/registry/nodekey.rb +54 -0
- data/lib/rex/registry/regf.rb +25 -0
- data/lib/rex/registry/valuekey.rb +67 -0
- data/lib/rex/registry/valuelist.rb +29 -0
- data/lib/rex/ropbuilder.rb +2 -1
- data/lib/rex/ropbuilder/rop.rb +3 -2
- data/lib/rex/script.rb +1 -0
- data/lib/rex/script/base.rb +1 -0
- data/lib/rex/script/meterpreter.rb +1 -0
- data/lib/rex/script/shell.rb +1 -0
- data/lib/rex/service.rb +2 -1
- data/lib/rex/service_manager.rb +6 -5
- data/lib/rex/service_manager.rb.ut.rb +2 -1
- data/lib/rex/services/local_relay.rb +1 -0
- data/lib/rex/socket.rb +72 -36
- data/lib/rex/socket.rb.ut.rb +1 -0
- data/lib/rex/socket/comm.rb +1 -0
- data/lib/rex/socket/comm/local.rb +60 -13
- data/lib/rex/socket/comm/local.rb.ut.rb +2 -1
- data/lib/rex/socket/ip.rb +1 -0
- data/lib/rex/socket/parameters.rb +15 -14
- data/lib/rex/socket/parameters.rb.ut.rb +2 -1
- data/lib/rex/socket/range_walker.rb +71 -26
- data/lib/rex/socket/range_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp.rb +1 -0
- data/lib/rex/socket/ssl_tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/ssl_tcp_server.rb +1 -0
- data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb +1 -0
- data/lib/rex/socket/subnet_walker.rb.ut.rb +2 -1
- data/lib/rex/socket/switch_board.rb +1 -0
- data/lib/rex/socket/switch_board.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp.rb +4 -3
- data/lib/rex/socket/tcp.rb.ut.rb +2 -1
- data/lib/rex/socket/tcp_server.rb +1 -0
- data/lib/rex/socket/tcp_server.rb.ut.rb +2 -1
- data/lib/rex/socket/udp.rb +2 -1
- data/lib/rex/socket/udp.rb.ut.rb +2 -1
- data/lib/rex/struct2.rb +2 -1
- data/lib/rex/struct2/c_struct.rb +2 -1
- data/lib/rex/struct2/c_struct_template.rb +2 -1
- data/lib/rex/struct2/constant.rb +2 -1
- data/lib/rex/struct2/element.rb +2 -1
- data/lib/rex/struct2/generic.rb +1 -0
- data/lib/rex/struct2/restraint.rb +2 -1
- data/lib/rex/struct2/s_string.rb +1 -0
- data/lib/rex/struct2/s_struct.rb +1 -0
- data/lib/rex/sync.rb +2 -1
- data/lib/rex/sync/event.rb +1 -0
- data/lib/rex/sync/read_write_lock.rb +1 -0
- data/lib/rex/sync/ref.rb +2 -1
- data/lib/rex/sync/thread_safe.rb +2 -1
- data/lib/rex/test.rb +2 -1
- data/lib/rex/text.rb +136 -19
- data/lib/rex/text.rb.ut.rb +1 -0
- data/lib/rex/thread_factory.rb +5 -4
- data/lib/rex/time.rb +2 -1
- data/lib/rex/transformer.rb +1 -0
- data/lib/rex/transformer.rb.ut.rb +2 -1
- data/lib/rex/ui.rb +2 -1
- data/lib/rex/ui/interactive.rb +10 -9
- data/lib/rex/ui/output.rb +1 -0
- data/lib/rex/ui/output/none.rb +2 -1
- data/lib/rex/ui/progress_tracker.rb +2 -1
- data/lib/rex/ui/subscriber.rb +9 -8
- data/lib/rex/ui/text/color.rb +1 -0
- data/lib/rex/ui/text/color.rb.ut.rb +1 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +63 -23
- data/lib/rex/ui/text/input.rb +1 -0
- data/lib/rex/ui/text/input/buffer.rb +7 -6
- data/lib/rex/ui/text/input/readline.rb +14 -13
- data/lib/rex/ui/text/input/socket.rb +1 -0
- data/lib/rex/ui/text/input/stdio.rb +2 -1
- data/lib/rex/ui/text/irb_shell.rb +1 -0
- data/lib/rex/ui/text/output.rb +1 -0
- data/lib/rex/ui/text/output/buffer.rb +1 -0
- data/lib/rex/ui/text/output/file.rb +1 -0
- data/lib/rex/ui/text/output/socket.rb +1 -0
- data/lib/rex/ui/text/output/stdio.rb +1 -0
- data/lib/rex/ui/text/output/tee.rb +1 -0
- data/lib/rex/ui/text/progress_tracker.rb +2 -1
- data/lib/rex/ui/text/progress_tracker.rb.ut.rb +2 -1
- data/lib/rex/ui/text/shell.rb +1 -0
- data/lib/rex/ui/text/table.rb +20 -14
- data/lib/rex/ui/text/table.rb.ut.rb +3 -2
- data/lib/rex/zip.rb +1 -0
- data/lib/rex/zip/archive.rb +2 -1
- data/lib/rex/zip/blocks.rb +3 -2
- data/lib/rex/zip/entry.rb +6 -7
- data/lib/rex/zip/jar.rb +4 -3
- data/lib/rex/zip/samples/comment.rb +1 -0
- data/lib/rex/zip/samples/mkwar.rb +1 -0
- data/lib/rex/zip/samples/mkzip.rb +1 -0
- data/lib/rex/zip/samples/recursive.rb +1 -0
- metadata +433 -435
data/lib/rex/proto/rfb.rb
CHANGED
data/lib/rex/proto/rfb.rb.ut.rb
CHANGED
data/lib/rex/proto/rfb/cipher.rb
CHANGED
data/lib/rex/proto/rfb/client.rb
CHANGED
data/lib/rex/proto/smb.rb
CHANGED
@@ -1,7 +1,8 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/proto/smb/constants'
|
2
3
|
require 'rex/proto/smb/exceptions'
|
3
4
|
require 'rex/proto/smb/evasions'
|
4
5
|
require 'rex/proto/smb/crypt'
|
5
6
|
require 'rex/proto/smb/utils'
|
6
7
|
require 'rex/proto/smb/client'
|
7
|
-
require 'rex/proto/smb/simpleclient'
|
8
|
+
require 'rex/proto/smb/simpleclient'
|
data/lib/rex/proto/smb.rb.ts.rb
CHANGED
@@ -1,8 +1,9 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
2
3
|
|
3
4
|
require 'rex/test'
|
4
5
|
require 'rex/proto/smb/client.rb.ut.rb'
|
5
6
|
require 'rex/proto/smb/constants.rb.ut.rb'
|
6
7
|
require 'rex/proto/smb/crypt.rb.ut.rb'
|
7
8
|
require 'rex/proto/smb/simpleclient.rb.ut.rb'
|
8
|
-
require 'rex/proto/smb/utils.rb.ut.rb'
|
9
|
+
require 'rex/proto/smb/utils.rb.ut.rb'
|
data/lib/rex/proto/smb/client.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
module Rex
|
2
3
|
module Proto
|
3
4
|
module SMB
|
@@ -57,10 +58,10 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
57
58
|
self.sequence_counter = 0
|
58
59
|
self.signing_key = ''
|
59
60
|
self.require_signing = false
|
60
|
-
|
61
|
+
|
61
62
|
#Misc
|
62
63
|
self.spnopt = {}
|
63
|
-
|
64
|
+
|
64
65
|
end
|
65
66
|
|
66
67
|
# Read a SMB packet from the socket
|
@@ -97,8 +98,8 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
97
98
|
|
98
99
|
#signing
|
99
100
|
if self.require_signing && self.signing_key != ''
|
100
|
-
if self.verify_signature
|
101
|
-
raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data)
|
101
|
+
if self.verify_signature
|
102
|
+
raise XCEPT::IncorrectSigningError if not CRYPT::is_signature_correct?(self.signing_key,self.sequence_counter,data)
|
102
103
|
end
|
103
104
|
self.sequence_counter += 1
|
104
105
|
end
|
@@ -159,7 +160,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
159
160
|
pkt = CONST::SMB_BASE_PKT.make_struct
|
160
161
|
pkt.from_s(data)
|
161
162
|
res = pkt
|
162
|
-
|
163
|
+
|
163
164
|
begin
|
164
165
|
case pkt['Payload']['SMB'].v['Command']
|
165
166
|
|
@@ -560,8 +561,8 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
560
561
|
self.system_time = UTILS.time_smb_to_unix(ack['Payload'].v['SystemTimeHigh'],ack['Payload'].v['SystemTimeLow'])
|
561
562
|
self.system_time = ::Time.at( self.system_time )
|
562
563
|
|
563
|
-
# A signed 16-bit signed integer that represents the server's time zone, in minutes,
|
564
|
-
# from UTC. The time zone of the server MUST be expressed in minutes, plus or minus,
|
564
|
+
# A signed 16-bit signed integer that represents the server's time zone, in minutes,
|
565
|
+
# from UTC. The time zone of the server MUST be expressed in minutes, plus or minus,
|
565
566
|
# from UTC.
|
566
567
|
# NOTE: althought the spec says +/- it doesn't say that it should be inverted :-/
|
567
568
|
system_zone = ack['Payload'].v['ServerTimeZone']
|
@@ -581,7 +582,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
581
582
|
def session_setup(*args)
|
582
583
|
|
583
584
|
if (self.dialect =~ /^(NT LANMAN 1.0|NT LM 0.12)$/)
|
584
|
-
|
585
|
+
|
585
586
|
if (self.challenge_key)
|
586
587
|
return self.session_setup_no_ntlmssp(*args)
|
587
588
|
end
|
@@ -656,17 +657,17 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
656
657
|
#raise XCEPT::SigningError if self.require_signing
|
657
658
|
self.require_signing = false if self.require_signing
|
658
659
|
|
659
|
-
|
660
|
+
|
660
661
|
if NTLM_UTILS.is_pass_ntlm_hash?(pass)
|
661
662
|
arglm = {
|
662
663
|
:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
|
663
|
-
:challenge => self.challenge_key
|
664
|
+
:challenge => self.challenge_key
|
664
665
|
}
|
665
666
|
hash_lm = NTLM_CRYPT::lm_response(arglm)
|
666
667
|
|
667
668
|
argntlm = {
|
668
|
-
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
669
|
-
:challenge => self.challenge_key
|
669
|
+
:ntlm_hash => [ pass.upcase()[33,65] ].pack('H32'),
|
670
|
+
:challenge => self.challenge_key
|
670
671
|
}
|
671
672
|
hash_nt = NTLM_CRYPT::ntlm_response(argntlm)
|
672
673
|
else
|
@@ -768,7 +769,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
768
769
|
return ack
|
769
770
|
end
|
770
771
|
|
771
|
-
# Authenticate using extended security negotiation
|
772
|
+
# Authenticate using extended security negotiation
|
772
773
|
def session_setup_with_ntlmssp(user = '', pass = '', domain = '', name = nil, do_recv = true)
|
773
774
|
|
774
775
|
ntlm_options = {
|
@@ -865,17 +866,17 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
865
866
|
|
866
867
|
resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge = NTLM_UTILS.create_lm_ntlm_responses(user, pass, self.challenge_key, domain,
|
867
868
|
default_name, default_domain, dns_host_name,
|
868
|
-
dns_domain_name, chall_MsvAvTimestamp ,
|
869
|
+
dns_domain_name, chall_MsvAvTimestamp ,
|
869
870
|
self.spnopt, ntlm_options)
|
870
871
|
enc_session_key = ''
|
871
872
|
self.sequence_counter = 0
|
872
873
|
|
873
874
|
if self.require_signing
|
874
|
-
self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain,
|
875
|
-
self.challenge_key, client_challenge, ntlm_cli_challenge,
|
875
|
+
self.signing_key, enc_session_key, ntlmssp_flags = NTLM_UTILS.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain,
|
876
|
+
self.challenge_key, client_challenge, ntlm_cli_challenge,
|
876
877
|
ntlm_options)
|
877
878
|
end
|
878
|
-
|
879
|
+
|
879
880
|
# Create the security blob data
|
880
881
|
blob = NTLM_UTILS.make_ntlmssp_secblob_auth(domain, name, user, resp_lm, resp_ntlm, enc_session_key, ntlmssp_flags)
|
881
882
|
|
@@ -909,11 +910,11 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
909
910
|
|
910
911
|
# Make sure that authentication succeeded
|
911
912
|
if (ack['Payload']['SMB'].v['ErrorClass'] != 0)
|
912
|
-
|
913
|
+
|
913
914
|
if (user.length == 0)
|
914
915
|
# Ensure that signing is disabled when we hit this corner case
|
915
916
|
self.require_signing = false
|
916
|
-
|
917
|
+
|
917
918
|
# Fall back to the non-ntlmssp authentication method
|
918
919
|
return self.session_setup_no_ntlmssp(user, pass, domain)
|
919
920
|
end
|
@@ -1920,7 +1921,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
1920
1921
|
|
1921
1922
|
# public read/write methods
|
1922
1923
|
attr_accessor :native_os, :native_lm, :encrypt_passwords, :extended_security, :read_timeout, :evasion_opts
|
1923
|
-
attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm
|
1924
|
+
attr_accessor :verify_signature, :use_ntlmv2, :usentlm2_session, :send_lm, :use_lanman_key, :send_ntlm
|
1924
1925
|
attr_accessor :system_time, :system_zone
|
1925
1926
|
#misc
|
1926
1927
|
attr_accessor :spnopt # used for SPN
|
@@ -1931,7 +1932,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
1931
1932
|
attr_reader :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id
|
1932
1933
|
attr_reader :dns_host_name, :dns_domain_name
|
1933
1934
|
attr_reader :security_mode, :server_guid
|
1934
|
-
#signing related
|
1935
|
+
#signing related
|
1935
1936
|
attr_reader :sequence_counter,:signing_key, :require_signing
|
1936
1937
|
|
1937
1938
|
# private methods
|
@@ -1940,7 +1941,7 @@ NTLM_UTILS = Rex::Proto::NTLM::Utils
|
|
1940
1941
|
attr_writer :dns_host_name, :dns_domain_name
|
1941
1942
|
attr_writer :multiplex_id, :last_tree_id, :last_file_id, :process_id, :last_search_id
|
1942
1943
|
attr_writer :security_mode, :server_guid
|
1943
|
-
#signing related
|
1944
|
+
#signing related
|
1944
1945
|
attr_writer :sequence_counter,:signing_key, :require_signing
|
1945
1946
|
|
1946
1947
|
attr_accessor :socket
|
@@ -1,4 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
2
3
|
|
3
4
|
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
|
4
5
|
|
@@ -15,4 +16,4 @@ class Rex::Proto::SMB::Constants::UnitTest < Test::Unit::TestCase
|
|
15
16
|
assert_equal(Klass::NT_TRANSACT_QUERY_SECURITY_DESC, 0x06)
|
16
17
|
end
|
17
18
|
|
18
|
-
end
|
19
|
+
end
|
data/lib/rex/proto/smb/crypt.rb
CHANGED
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
require 'rex/text'
|
2
3
|
|
3
4
|
module Rex
|
@@ -6,7 +7,7 @@ module SMB
|
|
6
7
|
class Crypt
|
7
8
|
|
8
9
|
@@loaded_openssl = false
|
9
|
-
|
10
|
+
|
10
11
|
begin
|
11
12
|
require 'openssl'
|
12
13
|
@@loaded_openssl = true
|
@@ -18,7 +19,7 @@ class Crypt
|
|
18
19
|
raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
|
19
20
|
seq = Rex::Text::pack_int64le(sequence_counter)
|
20
21
|
netbios_hdr = data.slice!(0,4)
|
21
|
-
data[14,8] = seq
|
22
|
+
data[14,8] = seq
|
22
23
|
signature = OpenSSL::Digest::MD5.digest(mackey + data)[0,8]
|
23
24
|
data[14,8] = signature
|
24
25
|
netbios_hdr + data
|
@@ -1,3 +1,4 @@
|
|
1
|
+
# -*- coding: binary -*-
|
1
2
|
module Rex
|
2
3
|
module Proto
|
3
4
|
module SMB
|
@@ -730,7 +731,7 @@ class Error < ::RuntimeError
|
|
730
731
|
0xC003005E => "RPC_NT_WRONG_PIPE_VERSION",
|
731
732
|
0x400200AF => "RPC_NT_SEND_INCOMPLETE"
|
732
733
|
}
|
733
|
-
|
734
|
+
|
734
735
|
def initialize(*args)
|
735
736
|
super(*args)
|
736
737
|
end
|
@@ -784,28 +785,28 @@ end
|
|
784
785
|
|
785
786
|
class InvalidWordCount < InvalidPacket
|
786
787
|
def to_s
|
787
|
-
"The server responded with unimplemented WordCount " +
|
788
|
+
"The server responded with unimplemented WordCount " +
|
788
789
|
self.word_count.to_s + ' for command ' + self.command.to_s
|
789
790
|
end
|
790
791
|
end
|
791
792
|
|
792
793
|
class InvalidCommand < InvalidPacket
|
793
794
|
def to_s
|
794
|
-
"The server responded with unimplemented command " +
|
795
|
+
"The server responded with unimplemented command " +
|
795
796
|
self.command.to_s + ' with WordCount ' + self.word_count.to_s
|
796
797
|
end
|
797
798
|
end
|
798
799
|
|
799
800
|
class InvalidType < InvalidPacket
|
800
801
|
def to_s
|
801
|
-
"The server responded with unexpected packet (Command=" +
|
802
|
+
"The server responded with unexpected packet (Command=" +
|
802
803
|
self.command.to_s + ' WordCount=' + self.word_count.to_s + ")"
|
803
804
|
end
|
804
805
|
end
|
805
806
|
|
806
807
|
class ErrorCode < InvalidPacket
|
807
808
|
def to_s
|
808
|
-
'The server responded with error: ' +
|
809
|
+
'The server responded with error: ' +
|
809
810
|
self.get_error(self.error_code) +
|
810
811
|
" (Command=#{self.command} WordCount=#{self.word_count})"
|
811
812
|
end
|
data/lib/rex/proto/smb/utils.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
|
+
# -*- coding: binary -*-
|
2
3
|
|
3
4
|
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..'))
|
4
5
|
|
@@ -17,4 +18,4 @@ class Rex::Proto::SMB::Utils::UnitTest < Test::Unit::TestCase
|
|
17
18
|
assert_equal(Klass.nbname_encode(nbdecoded), nbencoded )
|
18
19
|
assert_equal(Klass.nbname_decode(nbencoded), nbdecoded )
|
19
20
|
end
|
20
|
-
end
|
21
|
+
end
|
data/lib/rex/proto/sunrpc.rb
CHANGED
data/lib/rex/proto/tftp.rb
CHANGED
@@ -1,4 +1,5 @@
|
|
1
|
-
#
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
# $Id: tftp.rb 15548 2012-06-29 06:08:20Z rapid7 $
|
2
3
|
#
|
3
4
|
# TFTP Server implementation according to:
|
4
5
|
#
|
@@ -10,3 +11,4 @@
|
|
10
11
|
|
11
12
|
require 'rex/proto/tftp/constants'
|
12
13
|
require 'rex/proto/tftp/server'
|
14
|
+
require 'rex/proto/tftp/client'
|
@@ -0,0 +1,344 @@
|
|
1
|
+
# -*- coding: binary -*-
|
2
|
+
require 'rex/socket'
|
3
|
+
require 'rex/proto/tftp'
|
4
|
+
require 'tempfile'
|
5
|
+
|
6
|
+
module Rex
|
7
|
+
module Proto
|
8
|
+
module TFTP
|
9
|
+
|
10
|
+
#
|
11
|
+
# TFTP Client class
|
12
|
+
#
|
13
|
+
# Note that TFTP has blocks, and so does Ruby. Watch out with the variable names!
|
14
|
+
#
|
15
|
+
# The big gotcha right now is that setting the mode between octet, netascii, or
|
16
|
+
# anything else doesn't actually do anything other than declare it to the
|
17
|
+
# server.
|
18
|
+
#
|
19
|
+
# Also, since TFTP clients act as both clients and servers, we use two
|
20
|
+
# threads to handle transfers, regardless of the direction. For this reason,
|
21
|
+
# the transfer actions are nonblocking; if you need to see the
|
22
|
+
# results of a transfer before doing something else, check the boolean complete
|
23
|
+
# attribute and any return data in the :status attribute. It's a little
|
24
|
+
# weird like that.
|
25
|
+
#
|
26
|
+
# Finally, most (all?) clients will alter the data in netascii mode in order
|
27
|
+
# to try to conform to the RFC standard for what "netascii" means, but there are
|
28
|
+
# ambiguities in implementations on things like if nulls are allowed, what
|
29
|
+
# to do with Unicode, and all that. For this reason, "octet" is default, and
|
30
|
+
# if you want to send "netascii" data, it's on you to fix up your source data
|
31
|
+
# prior to sending it.
|
32
|
+
#
|
33
|
+
class Client
|
34
|
+
|
35
|
+
attr_accessor :local_host, :local_port, :peer_host, :peer_port
|
36
|
+
attr_accessor :threads, :context, :server_sock, :client_sock
|
37
|
+
attr_accessor :local_file, :remote_file, :mode, :action
|
38
|
+
attr_accessor :complete, :recv_tempfile, :status
|
39
|
+
attr_accessor :block_size # This definitely breaks spec, should only use for fuzz/sploit.
|
40
|
+
|
41
|
+
# Returns an array of [code, type, msg]. Data packets
|
42
|
+
# specifically will /not/ unpack, since that would drop any trailing spaces or nulls.
|
43
|
+
def parse_tftp_response(str)
|
44
|
+
return nil unless str.length >= 4
|
45
|
+
ret = str.unpack("nnA*")
|
46
|
+
ret[2] = str[4,str.size] if ret[0] == OpData
|
47
|
+
return ret
|
48
|
+
end
|
49
|
+
|
50
|
+
def initialize(params)
|
51
|
+
self.threads = []
|
52
|
+
self.local_host = params["LocalHost"] || "0.0.0.0"
|
53
|
+
self.local_port = params["LocalPort"] || (1025 + rand(0xffff-1025))
|
54
|
+
self.peer_host = params["PeerHost"] || (raise ArgumentError, "Need a peer host.")
|
55
|
+
self.peer_port = params["PeerPort"] || 69
|
56
|
+
self.context = params["Context"]
|
57
|
+
self.local_file = params["LocalFile"]
|
58
|
+
self.remote_file = params["RemoteFile"] || (::File.split(self.local_file).last if self.local_file)
|
59
|
+
self.mode = params["Mode"] || "octet"
|
60
|
+
self.action = params["Action"] || (raise ArgumentError, "Need an action.")
|
61
|
+
self.block_size = params["BlockSize"] || 512
|
62
|
+
end
|
63
|
+
|
64
|
+
#
|
65
|
+
# Methods for both upload and download
|
66
|
+
#
|
67
|
+
|
68
|
+
def start_server_socket
|
69
|
+
self.server_sock = Rex::Socket::Udp.create(
|
70
|
+
'LocalHost' => local_host,
|
71
|
+
'LocalPort' => local_port,
|
72
|
+
'Context' => context
|
73
|
+
)
|
74
|
+
if self.server_sock and block_given?
|
75
|
+
yield "Started TFTP client listener on #{local_host}:#{local_port}"
|
76
|
+
end
|
77
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
|
78
|
+
if block_given?
|
79
|
+
monitor_server_sock {|msg| yield msg}
|
80
|
+
else
|
81
|
+
monitor_server_sock
|
82
|
+
end
|
83
|
+
}
|
84
|
+
end
|
85
|
+
|
86
|
+
def monitor_server_sock
|
87
|
+
yield "Listening for incoming ACKs" if block_given?
|
88
|
+
res = self.server_sock.recvfrom(65535)
|
89
|
+
if res and res[0]
|
90
|
+
code, type, data = parse_tftp_response(res[0])
|
91
|
+
if code == OpAck and self.action == :upload
|
92
|
+
if block_given?
|
93
|
+
yield "WRQ accepted, sending the file." if type == 0
|
94
|
+
send_data(res[1], res[2]) {|msg| yield msg}
|
95
|
+
else
|
96
|
+
send_data(res[1], res[2])
|
97
|
+
end
|
98
|
+
elsif code == OpData and self.action == :download
|
99
|
+
if block_given?
|
100
|
+
recv_data(res[1], res[2], data) {|msg| yield msg}
|
101
|
+
else
|
102
|
+
recv_data(res[1], res[2], data)
|
103
|
+
end
|
104
|
+
elsif code == OpError
|
105
|
+
yield("Aborting, got error type:%d, message:'%s'" % [type, data]) if block_given?
|
106
|
+
self.status = {:error => [code, type, data]}
|
107
|
+
else
|
108
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
|
109
|
+
self.status = {:error => [code, type, data]}
|
110
|
+
end
|
111
|
+
end
|
112
|
+
stop
|
113
|
+
end
|
114
|
+
|
115
|
+
def monitor_client_sock
|
116
|
+
res = self.client_sock.recvfrom(65535)
|
117
|
+
if res[1] # Got a response back, so that's never good; Acks come back on server_sock.
|
118
|
+
code, type, data = parse_tftp_response(res[0])
|
119
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
|
120
|
+
self.status = {:error => [code, type, data]}
|
121
|
+
stop
|
122
|
+
end
|
123
|
+
end
|
124
|
+
|
125
|
+
def stop
|
126
|
+
self.complete = true
|
127
|
+
begin
|
128
|
+
self.server_sock.close
|
129
|
+
self.client_sock.close
|
130
|
+
self.server_sock = nil
|
131
|
+
self.client_sock = nil
|
132
|
+
self.threads.each {|t| t.kill}
|
133
|
+
rescue
|
134
|
+
nil
|
135
|
+
end
|
136
|
+
end
|
137
|
+
|
138
|
+
#
|
139
|
+
# Methods for download
|
140
|
+
#
|
141
|
+
|
142
|
+
def rrq_packet
|
143
|
+
req = [OpRead, self.remote_file, self.mode]
|
144
|
+
packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
|
145
|
+
req.pack(packstr)
|
146
|
+
end
|
147
|
+
|
148
|
+
def ack_packet(blocknum=0)
|
149
|
+
req = [OpAck, blocknum].pack("nn")
|
150
|
+
end
|
151
|
+
|
152
|
+
def send_read_request(&block)
|
153
|
+
self.status = nil
|
154
|
+
self.complete = false
|
155
|
+
if block_given?
|
156
|
+
start_server_socket {|msg| yield msg}
|
157
|
+
else
|
158
|
+
start_server_socket
|
159
|
+
end
|
160
|
+
self.client_sock = Rex::Socket::Udp.create(
|
161
|
+
'PeerHost' => peer_host,
|
162
|
+
'PeerPort' => peer_port,
|
163
|
+
'LocalHost' => local_host,
|
164
|
+
'LocalPort' => local_port,
|
165
|
+
'Context' => context
|
166
|
+
)
|
167
|
+
self.client_sock.sendto(rrq_packet, peer_host, peer_port)
|
168
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
|
169
|
+
if block_given?
|
170
|
+
monitor_client_sock {|msg| yield msg}
|
171
|
+
else
|
172
|
+
monitor_client_sock
|
173
|
+
end
|
174
|
+
}
|
175
|
+
until self.complete
|
176
|
+
return self.status
|
177
|
+
end
|
178
|
+
end
|
179
|
+
|
180
|
+
def recv_data(host, port, first_block)
|
181
|
+
self.recv_tempfile = Rex::Quickfile.new('msf-tftp')
|
182
|
+
recvd_blocks = 1
|
183
|
+
if block_given?
|
184
|
+
yield "Source file: #{self.remote_file}, destination file: #{self.local_file}"
|
185
|
+
yield "Received and acknowledged #{first_block.size} in block #{recvd_blocks}"
|
186
|
+
end
|
187
|
+
if block_given?
|
188
|
+
write_and_ack_data(first_block,1,host,port) {|msg| yield msg}
|
189
|
+
else
|
190
|
+
write_and_ack_data(first_block,1,host,port)
|
191
|
+
end
|
192
|
+
current_block = first_block
|
193
|
+
while current_block.size == 512
|
194
|
+
res = self.server_sock.recvfrom(65535)
|
195
|
+
if res and res[0]
|
196
|
+
code, block_num, current_block = parse_tftp_response(res[0])
|
197
|
+
if code == 3
|
198
|
+
if block_given?
|
199
|
+
write_and_ack_data(current_block,block_num,host,port) {|msg| yield msg}
|
200
|
+
else
|
201
|
+
write_and_ack_data(current_block,block_num,host,port)
|
202
|
+
end
|
203
|
+
recvd_blocks += 1
|
204
|
+
else
|
205
|
+
yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, msg]) if block_given?
|
206
|
+
stop
|
207
|
+
end
|
208
|
+
end
|
209
|
+
end
|
210
|
+
if block_given?
|
211
|
+
yield("Transferred #{self.recv_tempfile.size} bytes in #{recvd_blocks} blocks, download complete!")
|
212
|
+
end
|
213
|
+
self.status = {:success => [
|
214
|
+
self.local_file,
|
215
|
+
self.remote_file,
|
216
|
+
self.recv_tempfile.size,
|
217
|
+
recvd_blocks.size]
|
218
|
+
}
|
219
|
+
self.recv_tempfile.close
|
220
|
+
stop
|
221
|
+
end
|
222
|
+
|
223
|
+
def write_and_ack_data(data,blocknum,host,port)
|
224
|
+
self.recv_tempfile.write(data)
|
225
|
+
self.recv_tempfile.flush
|
226
|
+
req = ack_packet(blocknum)
|
227
|
+
self.server_sock.sendto(req, host, port)
|
228
|
+
yield "Received and acknowledged #{data.size} in block #{blocknum}" if block_given?
|
229
|
+
end
|
230
|
+
|
231
|
+
#
|
232
|
+
# Methods for upload
|
233
|
+
#
|
234
|
+
|
235
|
+
def wrq_packet
|
236
|
+
req = [OpWrite, self.remote_file, self.mode]
|
237
|
+
packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
|
238
|
+
req.pack(packstr)
|
239
|
+
end
|
240
|
+
|
241
|
+
# Note that the local filename for uploading need not be a real filename --
|
242
|
+
# if it begins with DATA: it can be any old string of bytes. If it's missing
|
243
|
+
# completely, then just quit.
|
244
|
+
def blockify_file_or_data
|
245
|
+
if self.local_file =~ /^DATA:(.*)/m
|
246
|
+
data = $1
|
247
|
+
elsif ::File.file?(self.local_file) and ::File.readable?(self.local_file)
|
248
|
+
data = ::File.open(self.local_file, "rb") {|f| f.read f.stat.size} rescue []
|
249
|
+
else
|
250
|
+
return []
|
251
|
+
end
|
252
|
+
data_blocks = data.scan(/.{1,#{block_size}}/m)
|
253
|
+
# Drop any trailing empty blocks
|
254
|
+
if data_blocks.size > 1 and data_blocks.last.empty?
|
255
|
+
data_blocks.pop
|
256
|
+
end
|
257
|
+
return data_blocks
|
258
|
+
end
|
259
|
+
|
260
|
+
def send_write_request(&block)
|
261
|
+
self.status = nil
|
262
|
+
self.complete = false
|
263
|
+
if block_given?
|
264
|
+
start_server_socket {|msg| yield msg}
|
265
|
+
else
|
266
|
+
start_server_socket
|
267
|
+
end
|
268
|
+
self.client_sock = Rex::Socket::Udp.create(
|
269
|
+
'PeerHost' => peer_host,
|
270
|
+
'PeerPort' => peer_port,
|
271
|
+
'LocalHost' => local_host,
|
272
|
+
'LocalPort' => local_port,
|
273
|
+
'Context' => context
|
274
|
+
)
|
275
|
+
self.client_sock.sendto(wrq_packet, peer_host, peer_port)
|
276
|
+
self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
|
277
|
+
if block_given?
|
278
|
+
monitor_client_sock {|msg| yield msg}
|
279
|
+
else
|
280
|
+
monitor_client_sock
|
281
|
+
end
|
282
|
+
}
|
283
|
+
until self.complete
|
284
|
+
return self.status
|
285
|
+
end
|
286
|
+
end
|
287
|
+
|
288
|
+
def send_data(host,port)
|
289
|
+
self.status = {:write_allowed => true}
|
290
|
+
data_blocks = blockify_file_or_data()
|
291
|
+
if data_blocks.empty?
|
292
|
+
yield "Closing down since there is no data to send." if block_given?
|
293
|
+
self.status = {:success => [self.local_file, self.local_file, 0, 0]}
|
294
|
+
return nil
|
295
|
+
end
|
296
|
+
sent_data = 0
|
297
|
+
sent_blocks = 0
|
298
|
+
expected_blocks = data_blocks.size
|
299
|
+
expected_size = data_blocks.join.size
|
300
|
+
if block_given?
|
301
|
+
yield "Source file: #{self.local_file =~ /^DATA:/ ? "(Data)" : self.remote_file}, destination file: #{self.remote_file}"
|
302
|
+
yield "Sending #{expected_size} bytes (#{expected_blocks} blocks)"
|
303
|
+
end
|
304
|
+
data_blocks.each_with_index do |data_block,idx|
|
305
|
+
req = [OpData, (idx + 1), data_block].pack("nnA*")
|
306
|
+
if self.server_sock.sendto(req, host, port) > 0
|
307
|
+
sent_data += data_block.size
|
308
|
+
end
|
309
|
+
res = self.server_sock.recvfrom(65535)
|
310
|
+
if res
|
311
|
+
code, type, msg = parse_tftp_response(res[0])
|
312
|
+
if code == 4
|
313
|
+
sent_blocks += 1
|
314
|
+
yield "Sent #{data_block.size} bytes in block #{sent_blocks}" if block_given?
|
315
|
+
else
|
316
|
+
if block_given?
|
317
|
+
yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
|
318
|
+
end
|
319
|
+
break
|
320
|
+
end
|
321
|
+
end
|
322
|
+
end
|
323
|
+
if block_given?
|
324
|
+
if(sent_data == expected_size)
|
325
|
+
yield("Transferred #{sent_data} bytes in #{sent_blocks} blocks, upload complete!")
|
326
|
+
else
|
327
|
+
yield "Upload complete, but with errors."
|
328
|
+
end
|
329
|
+
end
|
330
|
+
if sent_data == expected_size
|
331
|
+
self.status = {:success => [
|
332
|
+
self.local_file,
|
333
|
+
self.remote_file,
|
334
|
+
sent_data,
|
335
|
+
sent_blocks
|
336
|
+
] }
|
337
|
+
end
|
338
|
+
end
|
339
|
+
|
340
|
+
end
|
341
|
+
|
342
|
+
end
|
343
|
+
end
|
344
|
+
end
|