RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/proto/ntlm/utils.rb CHANGED

@@ -8,754 +8,754 @@ module Proto
 module NTLM
 class Utils
-	CONST = Rex::Proto::NTLM::Constants
-	CRYPT = Rex::Proto::NTLM::Crypt
-	XCEPT = Rex::Proto::NTLM::Exceptions
+  CONST = Rex::Proto::NTLM::Constants
+  CRYPT = Rex::Proto::NTLM::Crypt
+  XCEPT = Rex::Proto::NTLM::Exceptions
   	#duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
-	# Convert a unix timestamp to a 64-bit signed server time
-	def self.time_unix_to_smb(unix_time)
-		t64 = (unix_time + 11644473600) * 10000000
-		thi = (t64 & 0xffffffff00000000) >> 32
-		tlo = (t64 & 0x00000000ffffffff)
-		return [thi, tlo]
-	end
-	# Determine whether the password is a known hash format
-	def self.is_pass_ntlm_hash?(str)
-		str.downcase =~ /^[0-9a-f]{32}:[0-9a-f]{32}$/
-	end
-	#
-	# Prepends an ASN1 formatted length field to a piece of data
-	#
-	def self.asn1encode(str = '')
-		res = ''
-		# If the high bit of the first byte is 1, it contains the number of
-		# length bytes that follow
-		case str.length
-			when 0 .. 0x7F
-				res = [str.length].pack('C') + str
-			when 0x80 .. 0xFF
-				res = [0x81, str.length].pack('CC') + str
-			when 0x100 .. 0xFFFF
-				res = [0x82, str.length].pack('Cn') + str
-			when  0x10000 .. 0xffffff
-				res = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
-			when  0x1000000 .. 0xffffffff
-				res = [0x84, str.length].pack('CN') + str
-			else
-				raise "ASN1 str too long"
-		end
-		return res
-	end
-	# GSS functions
-	# GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
-	# mechTypes: 2 items :
-	# 	-MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
-	# 	-MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
-	#
-	# this is the default on Win7
-	def self.make_simple_negotiate_secblob_resp
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
-	# mechTypes: 4 items :
-	# 	MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
-	# 	MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
-	# 	MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
-	# 	MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
-	# mechListMIC:
-	# 	principal: account@domain
-	def self.make_negotiate_secblob_resp(account, domain)
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					) +
-					"\xa3" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\xa0" + self.asn1encode(
-								"\x1b" + self.asn1encode(
-									account + '@' + domain
-								)
-							)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# BLOB without GSS usefull for ntlmssp type 1 message
-	def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
-		blob =	"NTLMSSP\x00" +
-			[1, flags].pack('VV') +
-			[
-				domain.length,  #length
-				domain.length,  #max length
-				32
-			].pack('vvV') +
-			[
-				name.length,	#length
-				name.length, 	#max length
-				domain.length + 32
-			].pack('vvV') +
-			domain + name
-		return blob
-	end
-	# GSS BLOB usefull for ntlmssp type 1 message
-	def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					) +
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-							make_ntlmssp_blob_init(domain, name, flags)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# BLOB without GSS usefull for ntlm type 2 message
-	def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-		addr_list  = ''
-		addr_list  << [2, win_domain.length].pack('vv') + win_domain
-		addr_list  << [1, win_name.length].pack('vv') + win_name
-		addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
-		addr_list  << [3, dns_name.length].pack('vv') + dns_name
-		addr_list  << [0, 0].pack('vv')
-		ptr  = 0
-		blob =	"NTLMSSP\x00" +
-				[2].pack('V') +
-				[
-					win_domain.length,  # length
-					win_domain.length,  # max length
-					(ptr += 48) # offset
-				].pack('vvV') +
-				[ flags ].pack('V') +
-				chall +
-				"\x00\x00\x00\x00\x00\x00\x00\x00" +
-				[
-					addr_list.length,  # length
-					addr_list.length,  # max length
-					(ptr += win_domain.length)
-				].pack('vvV') +
-				win_domain +
-				addr_list
-		return blob
-	end
-	# GSS BLOB usefull for ntlmssp type 2 message
-	def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x0a" + self.asn1encode(
-							"\x01"
-						)
-					) +
-					"\xa1" + self.asn1encode(
-						"\x06" + self.asn1encode(
-							"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-						)
-					) +
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-							make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-						)
-					)
-				)
-			)
-		return blob
-	end
-	# BLOB without GSS Usefull for ntlmssp type 3 message
-	def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
-		lm ||= "\x00" * 24
-		ntlm ||= "\x00" * 24
-		domain_uni = Rex::Text.to_unicode(domain)
-		user_uni   = Rex::Text.to_unicode(user)
-		name_uni   = Rex::Text.to_unicode(name)
-		session    = enc_session_key
-		ptr  = 64
-		blob = "NTLMSSP\x00" +
-			[ 3 ].pack('V') +
-			[	# Lan Manager Response
-				lm.length,
-				lm.length,
-				(ptr)
-			].pack('vvV') +
-			[	# NTLM Manager Response
-				ntlm.length,
-				ntlm.length,
-				(ptr += lm.length)
-			].pack('vvV') +
-			[	# Domain Name
-				domain_uni.length,
-				domain_uni.length,
-				(ptr += ntlm.length)
-			].pack('vvV') +
-			[	# Username
-				user_uni.length,
-				user_uni.length,
-				(ptr += domain_uni.length)
-			].pack('vvV') +
-			[	# Hostname
-				name_uni.length,
-				name_uni.length,
-				(ptr += user_uni.length)
-			].pack('vvV') +
-			[	# Session Key (none)
-				session.length,
-				session.length,
-				(ptr += name_uni.length)
-			].pack('vvV') +
-			[ flags ].pack('V') +
-			lm +
-			ntlm +
-			domain_uni +
-			user_uni +
-			name_uni +
-			session + "\x00"
-		return blob
-	end
-	# GSS BLOB Usefull for ntlmssp type 3 message
-	def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-						make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags )
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# GSS BLOB Usefull for SMB Success
-	def self.make_ntlmv2_secblob_success
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x0a" + self.asn1encode(
-							"\x00"
-						)
-					)
-				)
-			)
-		return blob
-	end
-	# Return the correct ntlmflags upon the configuration
-	def self.make_ntlm_flags(opt = {})
-		signing 		= opt[:signing] 		!= nil ? opt[:signing] : false
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
-		if signing
-			ntlmssp_flags = 0xe2088215
-		else
-			ntlmssp_flags = 0xa2080205
-		end
-		if usentlm2_session
-			if use_ntlmv2
-				#set Negotiate Target Info
-				ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
-			end
-		else
-			#remove the ntlm2_session flag
-			ntlmssp_flags &= 0xfff7ffff
-			#set lanmanflag only when lm and ntlm are sent
-			if send_lm
-				ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
-			end
-		end
-		#we can also downgrade ntlm2_session when we send only lmv1
-		ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
-		return ntlmssp_flags
-	end
-	# Parse an ntlm type 2 challenge blob and return usefull data
-	def self.parse_ntlm_type_2_blob(blob)
-		data = {}
-		# Extract the NTLM challenge key the lazy way
-		cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
-		if not cidx
-			raise XCEPT::NTLMMissingChallenge
-		end
-		data[:challenge_key] = blob[cidx + 24, 8]
-		data[:server_ntlmssp_flags] = blob[cidx + 20, 4].unpack("V")[0]
-		# Extract the address list from the blob
-		alist_len,alist_mlen,alist_off = blob[cidx + 40, 8].unpack("vvV")
-		alist_buf = blob[cidx + alist_off, alist_len]
-		while(alist_buf.length > 0)
-			atype, alen = alist_buf.slice!(0,4).unpack('vv')
-			break if atype == 0x00
-			addr = alist_buf.slice!(0, alen)
-			case atype
-			when 1
-				#netbios name
-				data[:default_name] =  addr.gsub("\x00", '')
-			when 2
-				#netbios domain
-				data[:default_domain] = addr.gsub("\x00", '')
-			when 3
-				#dns name
-				data[:dns_host_name] =  addr.gsub("\x00", '')
-			when 4
-				#dns domain
-				data[:dns_domain_name] =  addr.gsub("\x00", '')
-			when 5
-				#The FQDN of the forest.
-			when 6
-				#A 32-bit value indicating server or client configuration
-			when 7
-				#Client time
-				data[:chall_MsvAvTimestamp] = addr
-			when 8
-				#A Restriction_Encoding structure
-			when 9
-				#The SPN of the target server.
-			when 10
-				#A channel bindings hash.
-			end
-		end
-		return data
-	end
-	# This function return an ntlmv2 client challenge
-	# This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
-	def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
-						client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
-		client_challenge ||= Rex::Text.rand_text(8)
-		# We have to set the timestamps here to the one in the challenge message from server if present
-		# If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
-		timestamp = chall_MsvAvTimestamp != '' ? chall_MsvAvTimestamp : self.time_unix_to_smb(Time.now.to_i).reverse.pack("VV")
-		# Make those values unicode as requested
-		win_domain = Rex::Text.to_unicode(win_domain)
-		win_name = Rex::Text.to_unicode(win_name)
-		dns_domain = Rex::Text.to_unicode(dns_domain)
-		dns_name = Rex::Text.to_unicode(dns_name)
-		# Make the AV_PAIRs
-		addr_list  = ''
-		addr_list  << [2, win_domain.length].pack('vv') + win_domain
-		addr_list  << [1, win_name.length].pack('vv') + win_name
-		addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
-		addr_list  << [3, dns_name.length].pack('vv') + dns_name
-		addr_list  << [7, 8].pack('vv') + timestamp
-		# Windows Seven / 2008r2 Request this type if in local security policies,
-		# Microsoft network server : Server SPN target name validation level is set to <Required from client>
-		# otherwise it send an STATUS_ACCESS_DENIED packet
-		if spnopt[:use_spn]
-			spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
-			addr_list  << [9, spn.length].pack('vv') + spn
-		end
-		# MAY BE USEFUL FOR FUTURE
-		# Seven (client) add at least one more av that is of type MsAvRestrictions (8)
-		# maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
-		# restriction_encoding = 	[48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
-		# 			Rex::Text.rand_text(32)	 # MachineId generated on startup on win7 and above
-		# addr_list  << [8, restriction_encoding.length].pack('vv') + restriction_encoding
-		# Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
-		# addr_list  << [10, 16].pack('vv') + "\x00" * 16
-		addr_list  << [0, 0].pack('vv')
-		ntlm_clientchallenge = 	[1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
-					timestamp + #Timestamp
-					client_challenge + 	#clientchallenge
-					[0].pack("V")  +	#Reserved3
-					addr_list + "\x00" * 4
-	end
-	# create lm/ntlm responses
-	def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
-					dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		#calculate the lm/ntlm response
-		resp_lm = "\x00" * 24
-		resp_ntlm = "\x00" * 24
-		client_challenge = Rex::Text.rand_text(8)
-		ntlm_cli_challenge = ''
-		if send_ntlm  #should be default
-			if usentlm2_session
-				if use_ntlmv2
-					ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
-												dns_host_name,client_challenge ,
-												chall_MsvAvTimestamp, spnopt)
-					if self.is_pass_ntlm_hash?(pass)
-						argntlm = {
-							:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-												user,
-												[ pass.upcase()[33,65] ].pack('H32'),
-												domain,{:pass_is_hash => true}
-											),
-							:challenge   => challenge_key
-						}
-					else
-						argntlm = {
-							:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user, pass, domain),
-							:challenge   =>  challenge_key
-						}
-					end
-					optntlm = { :nt_client_challenge => ntlm_cli_challenge}
-					ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
-					resp_ntlm = ntlmv2_response
-					if send_lm
-						if self.is_pass_ntlm_hash?(pass)
-							arglm = {
-								:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-													user,
-													[ pass.upcase()[33,65] ].pack('H32'),
-													domain,{:pass_is_hash => true}
-												),
-								:challenge   => challenge_key
-							}
-						else
-							arglm = {
-								:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
-								:challenge   => challenge_key
-							}
-						end
-						optlm = { :client_challenge => client_challenge }
-						resp_lm = CRYPT::lmv2_response(arglm, optlm)
-					else
-						resp_lm = "\x00" * 24
-					end
-				else # ntlm2_session
-					if self.is_pass_ntlm_hash?(pass)
-						argntlm = {
-							:ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
-							:challenge => challenge_key
-						}
-					else
-						argntlm = {
-							:ntlm_hash =>  CRYPT::ntlm_hash(pass),
-							:challenge => challenge_key
-						}
-					end
-					optntlm = {	:client_challenge => client_challenge}
-					resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
-					# Generate the fake LANMAN hash
-					resp_lm = client_challenge + ("\x00" * 16)
-				end
-			else # we use lmv1/ntlmv1
-				if self.is_pass_ntlm_hash?(pass)
-					argntlm = {
-						:ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
-						:challenge =>  challenge_key
-					}
-				else
-					argntlm = {
-						:ntlm_hash =>  CRYPT::ntlm_hash(pass),
-						:challenge =>  challenge_key
-					}
-				end
-				resp_ntlm = CRYPT::ntlm_response(argntlm)
-				if send_lm
-					if self.is_pass_ntlm_hash?(pass)
-						arglm = {
-							:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
-							:challenge =>  challenge_key
-						}
-					else
-						arglm = {
-							:lm_hash => CRYPT::lm_hash(pass),
-							:challenge =>  challenge_key
-						}
-					end
-					resp_lm = CRYPT::lm_response(arglm)
-				else
-					#when windows does not send lm in ntlmv1 type response,
-					# it gives lm response the same value as ntlm response
-					resp_lm  = resp_ntlm
-				end
-			end
-		else #send_ntlm = false
-			#lmv2
-			if usentlm2_session && use_ntlmv2
-				if self.is_pass_ntlm_hash?(pass)
-					arglm = {
-						:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-											user,
-											[ pass.upcase()[33,65] ].pack('H32'),
-											domain,{:pass_is_hash => true}
-										),
-						:challenge => challenge_key
-					}
-				else
-					arglm = {
-						:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
-						:challenge => challenge_key
-					}
-				end
-				optlm = { :client_challenge => client_challenge }
-				resp_lm = CRYPT::lmv2_response(arglm, optlm)
-			else
-				if self.is_pass_ntlm_hash?(pass)
-					arglm = {
-						:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
-						:challenge =>  challenge_key
-					}
-				else
-					arglm = {
-						:lm_hash => CRYPT::lm_hash(pass),
-						:challenge =>  challenge_key
-					}
-				end
-				resp_lm = CRYPT::lm_response(arglm)
-			end
-			resp_ntlm = ""
-		end
-		return resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge
-	end
-	# create the session key
-	def self.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, challenge_key,
-					client_challenge = '', ntlm_cli_challenge = '' , opt = {} )
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
-		# Create the sessionkey (aka signing key, aka mackey) and encrypted session key
-		# Server will decide for key_size and key_exchange
-		enc_session_key = ''
-		signing_key = ''
-		# Set default key size and key exchange values
-		key_size = 40
-		key_exchange = false
-		# Remove ntlmssp.negotiate56
-		ntlmssp_flags &= 0x7fffffff
-		# Remove ntlmssp.negotiatekeyexch
-		ntlmssp_flags &= 0xbfffffff
-		# Remove ntlmssp.negotiate128
-		ntlmssp_flags &= 0xdfffffff
-		# Check the keyexchange
-		if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
-			key_exchange = true
-			ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
-		end
-		# Check 128bits
-		if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
-			key_size = 128
-			ntlmssp_flags |= CONST::NEGOTIATE_128
-			ntlmssp_flags |= CONST::NEGOTIATE_56
-		# Check 56bits
-		else
-			if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
-				key_size = 56
-				ntlmssp_flags |= CONST::NEGOTIATE_56
-			end
-		end
-		# Generate the user session key
-		lanman_weak = false
-		if send_ntlm  # Should be default
-			if usentlm2_session
-				if use_ntlmv2
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlmv2_user_session_key(user,
-												[ pass.upcase()[33,65] ].pack('H32'),
-												domain,
-												challenge_key, ntlm_cli_challenge,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
-											challenge_key, ntlm_cli_challenge)
-					end
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
-														challenge_key,
-														client_challenge,
-														{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
-														client_challenge)
-					end
-				end
-			else # lmv1/ntlmv1
-				# lanman_key may also be used without ntlm response but it is not so much used
-				# so we don't care about this feature
-				if send_lm && use_lanman_key
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
-												challenge_key,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
-					end
-					lanman_weak = true
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
-													{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlmv1_user_session_key(pass)
-					end
-				end
-			end
-		else
-				if usentlm2_session && use_ntlmv2
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
-												domain,
-												challenge_key, client_challenge,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
-												challenge_key, client_challenge)
-					end
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
-													{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lmv1_user_session_key(pass)
-					end
-				end
-		end
-		user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
-		# Sessionkey and encrypted session key
-		if key_exchange
-			signing_key = Rex::Text.rand_text(16)
-			enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
-		else
-			signing_key = user_session_key
-		end
-		return signing_key, enc_session_key, ntlmssp_flags
-	end
+  # Convert a unix timestamp to a 64-bit signed server time
+  def self.time_unix_to_smb(unix_time)
+    t64 = (unix_time + 11644473600) * 10000000
+    thi = (t64 & 0xffffffff00000000) >> 32
+    tlo = (t64 & 0x00000000ffffffff)
+    return [thi, tlo]
+  end
+  # Determine whether the password is a known hash format
+  def self.is_pass_ntlm_hash?(str)
+    str.downcase =~ /^[0-9a-f]{32}:[0-9a-f]{32}$/
+  end
+  #
+  # Prepends an ASN1 formatted length field to a piece of data
+  #
+  def self.asn1encode(str = '')
+    res = ''
+    # If the high bit of the first byte is 1, it contains the number of
+    # length bytes that follow
+    case str.length
+      when 0 .. 0x7F
+        res = [str.length].pack('C') + str
+      when 0x80 .. 0xFF
+        res = [0x81, str.length].pack('CC') + str
+      when 0x100 .. 0xFFFF
+        res = [0x82, str.length].pack('Cn') + str
+      when  0x10000 .. 0xffffff
+        res = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
+      when  0x1000000 .. 0xffffffff
+        res = [0x84, str.length].pack('CN') + str
+      else
+        raise "ASN1 str too long"
+    end
+    return res
+  end
+  # GSS functions
+  # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
+  # mechTypes: 2 items :
+  # 	-MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
+  # 	-MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
+  #
+  # this is the default on Win7
+  def self.make_simple_negotiate_secblob_resp
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
+  # mechTypes: 4 items :
+  # 	MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
+  # 	MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
+  # 	MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
+  # 	MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
+  # mechListMIC:
+  # 	principal: account@domain
+  def self.make_negotiate_secblob_resp(account, domain)
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          ) +
+          "\xa3" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\xa0" + self.asn1encode(
+                "\x1b" + self.asn1encode(
+                  account + '@' + domain
+                )
+              )
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # BLOB without GSS usefull for ntlmssp type 1 message
+  def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
+    blob =	"NTLMSSP\x00" +
+      [1, flags].pack('VV') +
+      [
+        domain.length,  #length
+        domain.length,  #max length
+        32
+      ].pack('vvV') +
+      [
+        name.length,	#length
+        name.length, 	#max length
+        domain.length + 32
+      ].pack('vvV') +
+      domain + name
+    return blob
+  end
+  # GSS BLOB usefull for ntlmssp type 1 message
+  def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          ) +
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+              make_ntlmssp_blob_init(domain, name, flags)
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # BLOB without GSS usefull for ntlm type 2 message
+  def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+    addr_list  = ''
+    addr_list  << [2, win_domain.length].pack('vv') + win_domain
+    addr_list  << [1, win_name.length].pack('vv') + win_name
+    addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
+    addr_list  << [3, dns_name.length].pack('vv') + dns_name
+    addr_list  << [0, 0].pack('vv')
+    ptr  = 0
+    blob =	"NTLMSSP\x00" +
+        [2].pack('V') +
+        [
+          win_domain.length,  # length
+          win_domain.length,  # max length
+          (ptr += 48) # offset
+        ].pack('vvV') +
+        [ flags ].pack('V') +
+        chall +
+        "\x00\x00\x00\x00\x00\x00\x00\x00" +
+        [
+          addr_list.length,  # length
+          addr_list.length,  # max length
+          (ptr += win_domain.length)
+        ].pack('vvV') +
+        win_domain +
+        addr_list
+    return blob
+  end
+  # GSS BLOB usefull for ntlmssp type 2 message
+  def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x0a" + self.asn1encode(
+              "\x01"
+            )
+          ) +
+          "\xa1" + self.asn1encode(
+            "\x06" + self.asn1encode(
+              "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+            )
+          ) +
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+              make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+            )
+          )
+        )
+      )
+    return blob
+  end
+  # BLOB without GSS Usefull for ntlmssp type 3 message
+  def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
+    lm ||= "\x00" * 24
+    ntlm ||= "\x00" * 24
+    domain_uni = Rex::Text.to_unicode(domain)
+    user_uni   = Rex::Text.to_unicode(user)
+    name_uni   = Rex::Text.to_unicode(name)
+    session    = enc_session_key
+    ptr  = 64
+    blob = "NTLMSSP\x00" +
+      [ 3 ].pack('V') +
+      [	# Lan Manager Response
+        lm.length,
+        lm.length,
+        (ptr)
+      ].pack('vvV') +
+      [	# NTLM Manager Response
+        ntlm.length,
+        ntlm.length,
+        (ptr += lm.length)
+      ].pack('vvV') +
+      [	# Domain Name
+        domain_uni.length,
+        domain_uni.length,
+        (ptr += ntlm.length)
+      ].pack('vvV') +
+      [	# Username
+        user_uni.length,
+        user_uni.length,
+        (ptr += domain_uni.length)
+      ].pack('vvV') +
+      [	# Hostname
+        name_uni.length,
+        name_uni.length,
+        (ptr += user_uni.length)
+      ].pack('vvV') +
+      [	# Session Key (none)
+        session.length,
+        session.length,
+        (ptr += name_uni.length)
+      ].pack('vvV') +
+      [ flags ].pack('V') +
+      lm +
+      ntlm +
+      domain_uni +
+      user_uni +
+      name_uni +
+      session + "\x00"
+    return blob
+  end
+  # GSS BLOB Usefull for ntlmssp type 3 message
+  def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+            make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # GSS BLOB Usefull for SMB Success
+  def self.make_ntlmv2_secblob_success
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x0a" + self.asn1encode(
+              "\x00"
+            )
+          )
+        )
+      )
+    return blob
+  end
+  # Return the correct ntlmflags upon the configuration
+  def self.make_ntlm_flags(opt = {})
+    signing 		= opt[:signing] 		!= nil ? opt[:signing] : false
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
+    if signing
+      ntlmssp_flags = 0xe2088215
+    else
+      ntlmssp_flags = 0xa2080205
+    end
+    if usentlm2_session
+      if use_ntlmv2
+        #set Negotiate Target Info
+        ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
+      end
+    else
+      #remove the ntlm2_session flag
+      ntlmssp_flags &= 0xfff7ffff
+      #set lanmanflag only when lm and ntlm are sent
+      if send_lm
+        ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
+      end
+    end
+    #we can also downgrade ntlm2_session when we send only lmv1
+    ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
+    return ntlmssp_flags
+  end
+  # Parse an ntlm type 2 challenge blob and return usefull data
+  def self.parse_ntlm_type_2_blob(blob)
+    data = {}
+    # Extract the NTLM challenge key the lazy way
+    cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
+    if not cidx
+      raise XCEPT::NTLMMissingChallenge
+    end
+    data[:challenge_key] = blob[cidx + 24, 8]
+    data[:server_ntlmssp_flags] = blob[cidx + 20, 4].unpack("V")[0]
+    # Extract the address list from the blob
+    alist_len,alist_mlen,alist_off = blob[cidx + 40, 8].unpack("vvV")
+    alist_buf = blob[cidx + alist_off, alist_len]
+    while(alist_buf.length > 0)
+      atype, alen = alist_buf.slice!(0,4).unpack('vv')
+      break if atype == 0x00
+      addr = alist_buf.slice!(0, alen)
+      case atype
+      when 1
+        #netbios name
+        data[:default_name] =  addr.gsub("\x00", '')
+      when 2
+        #netbios domain
+        data[:default_domain] = addr.gsub("\x00", '')
+      when 3
+        #dns name
+        data[:dns_host_name] =  addr.gsub("\x00", '')
+      when 4
+        #dns domain
+        data[:dns_domain_name] =  addr.gsub("\x00", '')
+      when 5
+        #The FQDN of the forest.
+      when 6
+        #A 32-bit value indicating server or client configuration
+      when 7
+        #Client time
+        data[:chall_MsvAvTimestamp] = addr
+      when 8
+        #A Restriction_Encoding structure
+      when 9
+        #The SPN of the target server.
+      when 10
+        #A channel bindings hash.
+      end
+    end
+    return data
+  end
+  # This function return an ntlmv2 client challenge
+  # This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
+  def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
+            client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
+    client_challenge ||= Rex::Text.rand_text(8)
+    # We have to set the timestamps here to the one in the challenge message from server if present
+    # If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
+    timestamp = chall_MsvAvTimestamp != '' ? chall_MsvAvTimestamp : self.time_unix_to_smb(Time.now.to_i).reverse.pack("VV")
+    # Make those values unicode as requested
+    win_domain = Rex::Text.to_unicode(win_domain)
+    win_name = Rex::Text.to_unicode(win_name)
+    dns_domain = Rex::Text.to_unicode(dns_domain)
+    dns_name = Rex::Text.to_unicode(dns_name)
+    # Make the AV_PAIRs
+    addr_list  = ''
+    addr_list  << [2, win_domain.length].pack('vv') + win_domain
+    addr_list  << [1, win_name.length].pack('vv') + win_name
+    addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
+    addr_list  << [3, dns_name.length].pack('vv') + dns_name
+    addr_list  << [7, 8].pack('vv') + timestamp
+    # Windows Seven / 2008r2 Request this type if in local security policies,
+    # Microsoft network server : Server SPN target name validation level is set to <Required from client>
+    # otherwise it send an STATUS_ACCESS_DENIED packet
+    if spnopt[:use_spn]
+      spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
+      addr_list  << [9, spn.length].pack('vv') + spn
+    end
+    # MAY BE USEFUL FOR FUTURE
+    # Seven (client) add at least one more av that is of type MsAvRestrictions (8)
+    # maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
+    # restriction_encoding = 	[48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
+    # 			Rex::Text.rand_text(32)	 # MachineId generated on startup on win7 and above
+    # addr_list  << [8, restriction_encoding.length].pack('vv') + restriction_encoding
+    # Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
+    # addr_list  << [10, 16].pack('vv') + "\x00" * 16
+    addr_list  << [0, 0].pack('vv')
+    ntlm_clientchallenge = 	[1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
+          timestamp + #Timestamp
+          client_challenge + 	#clientchallenge
+          [0].pack("V")  +	#Reserved3
+          addr_list + "\x00" * 4
+  end
+  # create lm/ntlm responses
+  def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
+          dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    #calculate the lm/ntlm response
+    resp_lm = "\x00" * 24
+    resp_ntlm = "\x00" * 24
+    client_challenge = Rex::Text.rand_text(8)
+    ntlm_cli_challenge = ''
+    if send_ntlm  #should be default
+      if usentlm2_session
+        if use_ntlmv2
+          ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
+                        dns_host_name,client_challenge ,
+                        chall_MsvAvTimestamp, spnopt)
+          if self.is_pass_ntlm_hash?(pass)
+            argntlm = {
+              :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                        user,
+                        [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,{:pass_is_hash => true}
+                      ),
+              :challenge   => challenge_key
+            }
+          else
+            argntlm = {
+              :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user, pass, domain),
+              :challenge   =>  challenge_key
+            }
+          end
+          optntlm = { :nt_client_challenge => ntlm_cli_challenge}
+          ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
+          resp_ntlm = ntlmv2_response
+          if send_lm
+            if self.is_pass_ntlm_hash?(pass)
+              arglm = {
+                :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                          user,
+                          [ pass.upcase()[33,65] ].pack('H32'),
+                          domain,{:pass_is_hash => true}
+                        ),
+                :challenge   => challenge_key
+              }
+            else
+              arglm = {
+                :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
+                :challenge   => challenge_key
+              }
+            end
+            optlm = { :client_challenge => client_challenge }
+            resp_lm = CRYPT::lmv2_response(arglm, optlm)
+          else
+            resp_lm = "\x00" * 24
+          end
+        else # ntlm2_session
+          if self.is_pass_ntlm_hash?(pass)
+            argntlm = {
+              :ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
+              :challenge => challenge_key
+            }
+          else
+            argntlm = {
+              :ntlm_hash =>  CRYPT::ntlm_hash(pass),
+              :challenge => challenge_key
+            }
+          end
+          optntlm = {	:client_challenge => client_challenge}
+          resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
+          # Generate the fake LANMAN hash
+          resp_lm = client_challenge + ("\x00" * 16)
+        end
+      else # we use lmv1/ntlmv1
+        if self.is_pass_ntlm_hash?(pass)
+          argntlm = {
+            :ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
+            :challenge =>  challenge_key
+          }
+        else
+          argntlm = {
+            :ntlm_hash =>  CRYPT::ntlm_hash(pass),
+            :challenge =>  challenge_key
+          }
+        end
+        resp_ntlm = CRYPT::ntlm_response(argntlm)
+        if send_lm
+          if self.is_pass_ntlm_hash?(pass)
+            arglm = {
+              :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
+              :challenge =>  challenge_key
+            }
+          else
+            arglm = {
+              :lm_hash => CRYPT::lm_hash(pass),
+              :challenge =>  challenge_key
+            }
+          end
+          resp_lm = CRYPT::lm_response(arglm)
+        else
+          #when windows does not send lm in ntlmv1 type response,
+          # it gives lm response the same value as ntlm response
+          resp_lm  = resp_ntlm
+        end
+      end
+    else #send_ntlm = false
+      #lmv2
+      if usentlm2_session && use_ntlmv2
+        if self.is_pass_ntlm_hash?(pass)
+          arglm = {
+            :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                      user,
+                      [ pass.upcase()[33,65] ].pack('H32'),
+                      domain,{:pass_is_hash => true}
+                    ),
+            :challenge => challenge_key
+          }
+        else
+          arglm = {
+            :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
+            :challenge => challenge_key
+          }
+        end
+        optlm = { :client_challenge => client_challenge }
+        resp_lm = CRYPT::lmv2_response(arglm, optlm)
+      else
+        if self.is_pass_ntlm_hash?(pass)
+          arglm = {
+            :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
+            :challenge =>  challenge_key
+          }
+        else
+          arglm = {
+            :lm_hash => CRYPT::lm_hash(pass),
+            :challenge =>  challenge_key
+          }
+        end
+        resp_lm = CRYPT::lm_response(arglm)
+      end
+      resp_ntlm = ""
+    end
+    return resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge
+  end
+  # create the session key
+  def self.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, challenge_key,
+          client_challenge = '', ntlm_cli_challenge = '' , opt = {} )
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
+    # Create the sessionkey (aka signing key, aka mackey) and encrypted session key
+    # Server will decide for key_size and key_exchange
+    enc_session_key = ''
+    signing_key = ''
+    # Set default key size and key exchange values
+    key_size = 40
+    key_exchange = false
+    # Remove ntlmssp.negotiate56
+    ntlmssp_flags &= 0x7fffffff
+    # Remove ntlmssp.negotiatekeyexch
+    ntlmssp_flags &= 0xbfffffff
+    # Remove ntlmssp.negotiate128
+    ntlmssp_flags &= 0xdfffffff
+    # Check the keyexchange
+    if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
+      key_exchange = true
+      ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
+    end
+    # Check 128bits
+    if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
+      key_size = 128
+      ntlmssp_flags |= CONST::NEGOTIATE_128
+      ntlmssp_flags |= CONST::NEGOTIATE_56
+    # Check 56bits
+    else
+      if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
+        key_size = 56
+        ntlmssp_flags |= CONST::NEGOTIATE_56
+      end
+    end
+    # Generate the user session key
+    lanman_weak = false
+    if send_ntlm  # Should be default
+      if usentlm2_session
+        if use_ntlmv2
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlmv2_user_session_key(user,
+                        [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,
+                        challenge_key, ntlm_cli_challenge,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
+                      challenge_key, ntlm_cli_challenge)
+          end
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
+                            challenge_key,
+                            client_challenge,
+                            {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
+                            client_challenge)
+          end
+        end
+      else # lmv1/ntlmv1
+        # lanman_key may also be used without ntlm response but it is not so much used
+        # so we don't care about this feature
+        if send_lm && use_lanman_key
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
+                        challenge_key,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
+          end
+          lanman_weak = true
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
+                          {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlmv1_user_session_key(pass)
+          end
+        end
+      end
+    else
+        if usentlm2_session && use_ntlmv2
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,
+                        challenge_key, client_challenge,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
+                        challenge_key, client_challenge)
+          end
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
+                          {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lmv1_user_session_key(pass)
+          end
+        end
+    end
+    user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
+    # Sessionkey and encrypted session key
+    if key_exchange
+      signing_key = Rex::Text.rand_text(16)
+      enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
+    else
+      signing_key = user_session_key
+    end
+    return signing_key, enc_session_key, ntlmssp_flags
+  end