librex 0.0.68 → 0.0.70

data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb

@@ -12,84 +12,84 @@ module Ui
 ###
 module Console::InteractiveChannel
 
-	include Rex::Ui::Interactive
-
-	#
-	# Interacts with self.
-	#
-	def _interact
-		# If the channel has a left-side socket, then we can interact with it.
-		if (self.lsock)
-			self.interactive(true)
-
-			interact_stream(self)
-
-			self.interactive(false)
-		else
-			print_error("Channel #{self.cid} does not support interaction.")
-
-			self.interacting = false
-		end
-	end
-
-	#
-	# Called when an interrupt is sent.
-	#
-	def _interrupt
-		prompt_yesno("Terminate channel #{self.cid}?")
-	end
-
-	#
-	# Suspends interaction with the channel.
-	#
-	def _suspend
-		# Ask the user if they would like to background the session
-		if (prompt_yesno("Background channel #{self.cid}?") == true)
-			self.interactive(false)
-
-			self.interacting = false
-		end
-	end
-
-	#
-	# Closes the channel like it aint no thang.
-	#
-	def _interact_complete
-		begin
-			self.interactive(false)
-
-			self.close
-		rescue IOError
-		end
-	end
-
-	#
-	# Reads data from local input and writes it remotely.
-	#
-	def _stream_read_local_write_remote(channel)
-		data = user_input.gets
-		return if not data
-
-		self.on_command_proc.call(data.strip) if self.on_command_proc
-		self.write(data)
-	end
-
-	#
-	# Reads from the channel and writes locally.
-	#
-	def _stream_read_remote_write_local(channel)
-		data = self.lsock.sysread(16384)
-
-		self.on_print_proc.call(data.strip) if self.on_print_proc
-		user_output.print(data)
-	end
-
-	#
-	# Returns the remote file descriptor to select on
-	#
-	def _remote_fd(stream)
-		self.lsock
-	end
+  include Rex::Ui::Interactive
+
+  #
+  # Interacts with self.
+  #
+  def _interact
+    # If the channel has a left-side socket, then we can interact with it.
+    if (self.lsock)
+      self.interactive(true)
+
+      interact_stream(self)
+
+      self.interactive(false)
+    else
+      print_error("Channel #{self.cid} does not support interaction.")
+
+      self.interacting = false
+    end
+  end
+
+  #
+  # Called when an interrupt is sent.
+  #
+  def _interrupt
+    prompt_yesno("Terminate channel #{self.cid}?")
+  end
+
+  #
+  # Suspends interaction with the channel.
+  #
+  def _suspend
+    # Ask the user if they would like to background the session
+    if (prompt_yesno("Background channel #{self.cid}?") == true)
+      self.interactive(false)
+
+      self.interacting = false
+    end
+  end
+
+  #
+  # Closes the channel like it aint no thang.
+  #
+  def _interact_complete
+    begin
+      self.interactive(false)
+
+      self.close
+    rescue IOError
+    end
+  end
+
+  #
+  # Reads data from local input and writes it remotely.
+  #
+  def _stream_read_local_write_remote(channel)
+    data = user_input.gets
+    return if not data
+
+    self.on_command_proc.call(data.strip) if self.on_command_proc
+    self.write(data)
+  end
+
+  #
+  # Reads from the channel and writes locally.
+  #
+  def _stream_read_remote_write_local(channel)
+    data = self.lsock.sysread(16384)
+
+    self.on_print_proc.call(data.strip) if self.on_print_proc
+    user_output.print(data)
+  end
+
+  #
+  # Returns the remote file descriptor to select on
+  #
+  def _remote_fd(stream)
+    self.lsock
+  end
 
 end
 

data/lib/rex/post/permission.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 # Generic page protection flags

data/lib/rex/post/process.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex
@@ -13,45 +12,45 @@ module Post
 ###
 class Process
 
-	def Process.getresuid
-		raise NotImplementedError
-	end
-	def Process.setresuid(a, b, c)
-		raise NotImplementedError
-	end
-
-	def Process.euid
-		getresuid()[1]
-	end
-	def Process.euid=(id)
-		setresuid(-1, id, -1)
-	end
-	def Process.uid
-		getresuid()[0]
-	end
-	def Process.uid=(id)
-		setresuid(id, -1, -1)
-	end
-
-	def Process.egid
-		getresgid()[1]
-	end
-	def Process.egid=(id)
-		setresgid(-1, id, -1)
-	end
-	def Process.gid
-		getresgid()[0]
-	end
-	def Process.gid=(id)
-		setresgid(id, -1, -1)
-	end
-
-	def Process.pid
-		raise NotImplementedError
-	end
-	def Process.ppid
-		raise NotImplementedError
-	end
+  def Process.getresuid
+    raise NotImplementedError
+  end
+  def Process.setresuid(a, b, c)
+    raise NotImplementedError
+  end
+
+  def Process.euid
+    getresuid()[1]
+  end
+  def Process.euid=(id)
+    setresuid(-1, id, -1)
+  end
+  def Process.uid
+    getresuid()[0]
+  end
+  def Process.uid=(id)
+    setresuid(id, -1, -1)
+  end
+
+  def Process.egid
+    getresgid()[1]
+  end
+  def Process.egid=(id)
+    setresgid(-1, id, -1)
+  end
+  def Process.gid
+    getresgid()[0]
+  end
+  def Process.gid=(id)
+    setresgid(id, -1, -1)
+  end
+
+  def Process.pid
+    raise NotImplementedError
+  end
+  def Process.ppid
+    raise NotImplementedError
+  end
 
 end
 

data/lib/rex/post/thread.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex
@@ -12,47 +11,47 @@ module Post
 ###
 class Thread
 
-	#
-	# Suspend the remote thread.
-	#
-	def suspend
-		raise NotImplementedError
-	end
-
-	#
-	# Resume execution of the remote thread.
-	#
-	def resume
-		raise NotImplementedError
-	end
-
-	#
-	# Terminate the remote thread.
-	#
-	def terminate
-		raise NotImplementedError
-	end
-
-	#
-	# Query architecture-specific register state.
-	#
-	def query_regs
-		raise NotImplementedError
-	end
-
-	#
-	# Set architecture-specific register state.
-	#
-	def set_regs
-		raise NotImplementedError
-	end
-
-	#
-	# Close resources associated with the thread.
-	#
-	def close
-		raise NotImplementedError
-	end
+  #
+  # Suspend the remote thread.
+  #
+  def suspend
+    raise NotImplementedError
+  end
+
+  #
+  # Resume execution of the remote thread.
+  #
+  def resume
+    raise NotImplementedError
+  end
+
+  #
+  # Terminate the remote thread.
+  #
+  def terminate
+    raise NotImplementedError
+  end
+
+  #
+  # Query architecture-specific register state.
+  #
+  def query_regs
+    raise NotImplementedError
+  end
+
+  #
+  # Set architecture-specific register state.
+  #
+  def set_regs
+    raise NotImplementedError
+  end
+
+  #
+  # Close resources associated with the thread.
+  #
+  def close
+    raise NotImplementedError
+  end
 end
 
 end; end

data/lib/rex/post/ui.rb

@@ -1,4 +1,3 @@
-#!/usr/bin/env ruby
 # -*- coding: binary -*-
 
 module Rex
@@ -12,41 +11,41 @@ module Post
 ###
 class UI
 
-	#
-	# This method disables the keyboard on the remote machine.
-	#
-	def disable_keyboard
-		raise NotImplementedError
-	end
-
-	#
-	# This method enables the keyboard on the remote machine.
-	#
-	def enable_keyboard
-		raise NotImplementedError
-	end
-
-	#
-	# This method disables the mouse on the remote machine.
-	#
-	def disable_mouse
-		raise NotImplementedError
-	end
-
-	#
-	# This method enables the mouse on the remote machine.
-	#
-	def enable_mouse
-		raise NotImplementedError
-	end
-
-	#
-	# This method gets the number of seconds the user has been idle from input
-	# on the remote machine.
-	#
-	def idle_time
-		raise NotImplementedError
-	end
+  #
+  # This method disables the keyboard on the remote machine.
+  #
+  def disable_keyboard
+    raise NotImplementedError
+  end
+
+  #
+  # This method enables the keyboard on the remote machine.
+  #
+  def enable_keyboard
+    raise NotImplementedError
+  end
+
+  #
+  # This method disables the mouse on the remote machine.
+  #
+  def disable_mouse
+    raise NotImplementedError
+  end
+
+  #
+  # This method enables the mouse on the remote machine.
+  #
+  def enable_mouse
+    raise NotImplementedError
+  end
+
+  #
+  # This method gets the number of seconds the user has been idle from input
+  # on the remote machine.
+  #
+  def idle_time
+    raise NotImplementedError
+  end
 
 end
 

data/lib/rex/proto/addp.rb

@@ -0,0 +1,218 @@
+# -*- coding: binary -*-
+module Rex
+module Proto
+
+  #
+  # This provides constants, encoding, and decoding routines for Digi International's ADDP protocol
+  #
+  class ADDP
+
+    require "rex/socket"
+
+    #
+    # See the following URLs for more information:
+    # - http://qbeukes.blogspot.com/2009/11/advanced-digi-discovery-protocol_21.html
+    # - http://www.digi.com/wiki/developer/index.php/Advanced_Device_Discovery_Protocol_%28ADDP%29
+    #
+
+
+    MAGICS          = %W{ DIGI DVKT DGDP }
+    ERRORS          = %W{ no_response unknown success authenticaton_failed unit_has_address invalid_value invalid_data unsupported_command }
+    WLAN_ENC_MODES  = %W{ unknown none wep40 wep128 }
+    WLAN_AUTH_MODES = %W{ unknown open shared_key open_shared_key }
+    HWTYPES         = %W{
+      unknown ps3_desk8 ps3_desk16 ps3_desk32 ps3_rack16 ps2_desk16 ps2_rack16
+      lets_desk1 lets_desk2 lets_desk4 dorpia_dinrail1 nubox01 nubox02 nubox04
+      digione_sp digione_ia digione_em
+    }
+
+    CMD_CONF_REQ             = 1
+    CMD_CONF_REP             = 2
+    CMD_SET_ADDR_REQ         = 3
+    CMD_SET_ADDR_REP         = 4
+    CMD_REBOOT_REQ           = 5
+    CMD_REBOOT_REP           = 6
+    CMD_SET_DHCP_REQ         = 7
+    CMD_SET_DHCP_REP         = 8
+    CMD_SET_WL_REQ           = 9
+    CMD_SET_WL_REP           = 10
+    CMD_SET_WL_COUNTRIES_REQ = 11
+    CMD_SET_WL_COUNTRIES_REP = 12
+    CMD_EDP                  = 13
+    CMD_CNT                  = 14
+
+
+    def self.encode_password(pwd="dbps")
+      [pwd.length].pack("C") + pwd
+    end
+
+    def self.request_config(magic, dmac="\xff\xff\xff\xff\xff\xff")
+      mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac)
+      req = magic + [ CMD_CONF_REQ, 6].pack("nn") + mac
+      return req
+    end
+
+    def self.request_config_all(dmac="\xff\xff\xff\xff\xff\xff")
+      mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac)
+      res = []
+      MAGICS.each { |m| res << self.request_config(m, dmac) }
+      return res
+    end
+
+    def self.request_static_ip(magic, dmac, ip, mask, gw, pwd="dbps")
+      mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac)
+      buf =
+        Rex::Socket.addr_aton(ip) +
+        Rex::Socket.addr_aton(mask) +
+        Rex::Socket.addr_aton(gw) +
+        mac +
+        self.encode_password(pwd)
+
+      req = magic + [CMD_SET_ADDR_REQ, buf.length].pack("nn") + buf
+      return req
+    end
+
+    def self.request_dhcp(magic, dmac, enabled, pwd="dbps")
+      mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac)
+      buf =
+        [ enabled ? 1 : 0 ].pack("C") +
+        mac +
+        self.encode_password(pwd)
+
+      req = magic + [CMD_SET_DHCP_REQ, buf.length].pack("nn") + buf
+      return req
+    end
+
+    def self.request_reboot(magic, dmac, pwd="dbps")
+      mac = (dmac.length == 6) ? dmac : Rex::Socket.eth_aton(dmac)
+      buf =
+        mac +
+        self.encode_password(pwd)
+
+      req = magic + [CMD_REBOOT_REQ, buf.length].pack("nn") + buf
+      return req
+    end
+
+    def self.decode_reply(data)
+      res = {}
+      r_magic = data[0,4]
+      r_ptype = data[4,2].unpack("n").first
+      r_plen  = data[6,2].unpack("n").first
+      buff    = data[8, r_plen]
+      bidx    = 0
+
+      res[:magic] = data[0,4]
+      res[:cmd]   = r_ptype
+
+      while bidx < (buff.length - 2)
+        i_type, i_len = buff[bidx, 2].unpack("CC")
+        i_data        = buff[bidx + 2, i_len]
+
+        break if i_data.length != i_len
+
+        case i_type
+        when 0x01
+          res[:mac]  = Rex::Socket.eth_ntoa(i_data)
+        when 0x02
+          res[:ip]   = Rex::Socket.addr_ntoa(i_data)
+        when 0x03
+          res[:mask] = Rex::Socket.addr_ntoa(i_data)
+        when 0x04
+          res[:hostname] = i_data
+        when 0x05
+          res[:domain] = i_data
+        when 0x06
+          res[:hwtype] = HWTYPES[ i_data.unpack("C").first ] || HWTYPES[ 0 ]
+        when 0x07
+          res[:hwrev] = i_data.unpack("C").first
+        when 0x08
+          res[:fwrev] = i_data
+        when 0x09
+          res[:msg] = i_data
+        when 0x0a
+          res[:result] = i_data.unpack("C").first
+        when 0x0b
+          res[:gw]   = Rex::Socket.addr_ntoa(i_data)
+        when 0x0c
+          res[:advisory]  = i_data.unpack("n").first
+        when 0x0d
+          res[:hwname] = i_data
+        when 0x0e
+          res[:realport] = i_data.unpack("N").first
+        when 0x0f
+          res[:dns] = Rex::Socket.addr_ntoa(i_data)
+        when 0x10
+          res[:dhcp] = (i_data.unpack("C").first == 0) ? false : true
+        when 0x11
+          res[:error] = ERRORS[ i_data.unpack("C").first ] || ERRORS[0]
+        when 0x12
+          res[:ports] = i_data.unpack("C").first
+        when 0x13
+          res[:realport_enc] = (i_data.unpack("C").first == 0) ? false : true
+        when 0x14
+          res[:version] = i_data.unpack("n").first
+        when 0x15
+          res[:vendor_guid] = i_data.unpack("H*") # GUID
+        when 0x16
+          res[:iftype] = i_data.unpack("C").first
+        when 0x17
+          res[:challenge] = i_data # Unknown format
+        when 0x18
+          res[:cap_port] = i_data.unpack("n").first
+        when 0x19
+          res[:edp_devid] = i_data.unpack("H*").first # Unknown format
+        when 0x1a
+          res[:edp_enabled] = (i_data.unpack("C").first == 0) ? false : true
+        when 0x1b
+          res[:edp_url] = i_data
+        when 0x1c
+          res[:wl_ssid] = i_data
+        when 0x1d
+          res[:wl_auto_ssid] = (i_data.unpack("n").first == 0) ? false : true
+        when 0x1e
+          res[:wl_tx_enh_power] = i_data.unpack("n").first
+        when 0x1f
+          res[:wl_auth_mode] = WLAN_AUTH_MODES[ i_data.unpack("n").first ] || WLAN_AUTH_MODES[ 0 ]
+        when 0x20
+          res[:wl_enc_mode] = WLAN_ENC_MODES[ i_data.unpack("n").first ] || WLAN_ENC_MODES[ 0 ]
+        when 0x21
+          res[:wl_enc_key] = i_data
+        when 0x22
+          res[:wl_cur_country] = i_data
+        when 0x23
+          res[:wl_country_list] = i_data
+        else
+          # Store unknown responses
+          res["unknown_0x#{"%.2x" % i_type}".to_sym] = i_data
+        end
+
+        bidx = bidx + 2 + i_len
+      end
+      return res
+    end
+
+    def self.reply_to_string(res)
+      str = ""
+
+      fields = [
+        :hwname, :hwtype, :hwrev, :fwrev,
+        :mac, :ip, :mask, :gw, :hostname, :domain, :dns, :dhcp,
+        :msg, :result, :error,
+        :advisory, :ports, :realport, :realport_enc,
+        :version, :vendor_guid, :iftype, :challenge, :cap_port, :edp_devid, :edp_enabled,
+        :edp_url, :wl_ssid, :wl_auto_ssid, :wl_tx_enh_power, :wl_auth_mode, :wl_enc_mode,
+        :wl_enc_key, :wl_cur_country, :wl_country_list, :magic
+      ]
+
+      fields.each do |fname|
+        next unless res.has_key?(fname)
+        str << "#{fname}:#{res[fname]} "
+      end
+      return str
+    end
+
+  end
+
+end
+end
+