RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/proto/ntlm/utils.rb CHANGED

@@ -8,754 +8,754 @@ module Proto
 module NTLM
 class Utils
-	CONST = Rex::Proto::NTLM::Constants
-	CRYPT = Rex::Proto::NTLM::Crypt
-	XCEPT = Rex::Proto::NTLM::Exceptions
+  CONST = Rex::Proto::NTLM::Constants
+  CRYPT = Rex::Proto::NTLM::Crypt
+  XCEPT = Rex::Proto::NTLM::Exceptions
   	#duplicate from lib/rex/proto/smb/utils cause we only need this fonction from Rex::Proto::SMB::Utils
-	# Convert a unix timestamp to a 64-bit signed server time
-	def self.time_unix_to_smb(unix_time)
-		t64 = (unix_time + 11644473600) * 10000000
-		thi = (t64 & 0xffffffff00000000) >> 32
-		tlo = (t64 & 0x00000000ffffffff)
-		return [thi, tlo]
-	end
-	# Determine whether the password is a known hash format
-	def self.is_pass_ntlm_hash?(str)
-		str.downcase =~ /^[0-9a-f]{32}:[0-9a-f]{32}$/
-	end
-	#
-	# Prepends an ASN1 formatted length field to a piece of data
-	#
-	def self.asn1encode(str = '')
-		res = ''
-		# If the high bit of the first byte is 1, it contains the number of
-		# length bytes that follow
-		case str.length
-			when 0 .. 0x7F
-				res = [str.length].pack('C') + str
-			when 0x80 .. 0xFF
-				res = [0x81, str.length].pack('CC') + str
-			when 0x100 .. 0xFFFF
-				res = [0x82, str.length].pack('Cn') + str
-			when  0x10000 .. 0xffffff
-				res = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
-			when  0x1000000 .. 0xffffffff
-				res = [0x84, str.length].pack('CN') + str
-			else
-				raise "ASN1 str too long"
-		end
-		return res
-	end
-	# GSS functions
-	# GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
-	# mechTypes: 2 items :
-	# 	-MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
-	# 	-MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
-	#
-	# this is the default on Win7
-	def self.make_simple_negotiate_secblob_resp
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
-	# mechTypes: 4 items :
-	# 	MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
-	# 	MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
-	# 	MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
-	# 	MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
-	# mechListMIC:
-	# 	principal: account@domain
-	def self.make_negotiate_secblob_resp(account, domain)
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
-							) +
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					) +
-					"\xa3" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\xa0" + self.asn1encode(
-								"\x1b" + self.asn1encode(
-									account + '@' + domain
-								)
-							)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# BLOB without GSS usefull for ntlmssp type 1 message
-	def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
-		blob =	"NTLMSSP\x00" +
-			[1, flags].pack('VV') +
-			[
-				domain.length,  #length
-				domain.length,  #max length
-				32
-			].pack('vvV') +
-			[
-				name.length,	#length
-				name.length, 	#max length
-				domain.length + 32
-			].pack('vvV') +
-			domain + name
-		return blob
-	end
-	# GSS BLOB usefull for ntlmssp type 1 message
-	def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
-		blob =
-		"\x60" + self.asn1encode(
-			"\x06" + self.asn1encode(
-				"\x2b\x06\x01\x05\x05\x02"
-			) +
-			"\xa0" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x30" + self.asn1encode(
-							"\x06" + self.asn1encode(
-								"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-							)
-						)
-					) +
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-							make_ntlmssp_blob_init(domain, name, flags)
-						)
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# BLOB without GSS usefull for ntlm type 2 message
-	def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-		addr_list  = ''
-		addr_list  << [2, win_domain.length].pack('vv') + win_domain
-		addr_list  << [1, win_name.length].pack('vv') + win_name
-		addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
-		addr_list  << [3, dns_name.length].pack('vv') + dns_name
-		addr_list  << [0, 0].pack('vv')
-		ptr  = 0
-		blob =	"NTLMSSP\x00" +
-				[2].pack('V') +
-				[
-					win_domain.length,  # length
-					win_domain.length,  # max length
-					(ptr += 48) # offset
-				].pack('vvV') +
-				[ flags ].pack('V') +
-				chall +
-				"\x00\x00\x00\x00\x00\x00\x00\x00" +
-				[
-					addr_list.length,  # length
-					addr_list.length,  # max length
-					(ptr += win_domain.length)
-				].pack('vvV') +
-				win_domain +
-				addr_list
-		return blob
-	end
-	# GSS BLOB usefull for ntlmssp type 2 message
-	def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x0a" + self.asn1encode(
-							"\x01"
-						)
-					) +
-					"\xa1" + self.asn1encode(
-						"\x06" + self.asn1encode(
-							"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
-						)
-					) +
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-							make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
-						)
-					)
-				)
-			)
-		return blob
-	end
-	# BLOB without GSS Usefull for ntlmssp type 3 message
-	def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
-		lm ||= "\x00" * 24
-		ntlm ||= "\x00" * 24
-		domain_uni = Rex::Text.to_unicode(domain)
-		user_uni   = Rex::Text.to_unicode(user)
-		name_uni   = Rex::Text.to_unicode(name)
-		session    = enc_session_key
-		ptr  = 64
-		blob = "NTLMSSP\x00" +
-			[ 3 ].pack('V') +
-			[	# Lan Manager Response
-				lm.length,
-				lm.length,
-				(ptr)
-			].pack('vvV') +
-			[	# NTLM Manager Response
-				ntlm.length,
-				ntlm.length,
-				(ptr += lm.length)
-			].pack('vvV') +
-			[	# Domain Name
-				domain_uni.length,
-				domain_uni.length,
-				(ptr += ntlm.length)
-			].pack('vvV') +
-			[	# Username
-				user_uni.length,
-				user_uni.length,
-				(ptr += domain_uni.length)
-			].pack('vvV') +
-			[	# Hostname
-				name_uni.length,
-				name_uni.length,
-				(ptr += user_uni.length)
-			].pack('vvV') +
-			[	# Session Key (none)
-				session.length,
-				session.length,
-				(ptr += name_uni.length)
-			].pack('vvV') +
-			[ flags ].pack('V') +
-			lm +
-			ntlm +
-			domain_uni +
-			user_uni +
-			name_uni +
-			session + "\x00"
-		return blob
-	end
-	# GSS BLOB Usefull for ntlmssp type 3 message
-	def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa2" + self.asn1encode(
-						"\x04" + self.asn1encode(
-						make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags )
-					)
-				)
-			)
-		)
-		return blob
-	end
-	# GSS BLOB Usefull for SMB Success
-	def self.make_ntlmv2_secblob_success
-		blob =
-			"\xa1" + self.asn1encode(
-				"\x30" + self.asn1encode(
-					"\xa0" + self.asn1encode(
-						"\x0a" + self.asn1encode(
-							"\x00"
-						)
-					)
-				)
-			)
-		return blob
-	end
-	# Return the correct ntlmflags upon the configuration
-	def self.make_ntlm_flags(opt = {})
-		signing 		= opt[:signing] 		!= nil ? opt[:signing] : false
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
-		if signing
-			ntlmssp_flags = 0xe2088215
-		else
-			ntlmssp_flags = 0xa2080205
-		end
-		if usentlm2_session
-			if use_ntlmv2
-				#set Negotiate Target Info
-				ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
-			end
-		else
-			#remove the ntlm2_session flag
-			ntlmssp_flags &= 0xfff7ffff
-			#set lanmanflag only when lm and ntlm are sent
-			if send_lm
-				ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
-			end
-		end
-		#we can also downgrade ntlm2_session when we send only lmv1
-		ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
-		return ntlmssp_flags
-	end
-	# Parse an ntlm type 2 challenge blob and return usefull data
-	def self.parse_ntlm_type_2_blob(blob)
-		data = {}
-		# Extract the NTLM challenge key the lazy way
-		cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
-		if not cidx
-			raise XCEPT::NTLMMissingChallenge
-		end
-		data[:challenge_key] = blob[cidx + 24, 8]
-		data[:server_ntlmssp_flags] = blob[cidx + 20, 4].unpack("V")[0]
-		# Extract the address list from the blob
-		alist_len,alist_mlen,alist_off = blob[cidx + 40, 8].unpack("vvV")
-		alist_buf = blob[cidx + alist_off, alist_len]
-		while(alist_buf.length > 0)
-			atype, alen = alist_buf.slice!(0,4).unpack('vv')
-			break if atype == 0x00
-			addr = alist_buf.slice!(0, alen)
-			case atype
-			when 1
-				#netbios name
-				data[:default_name] =  addr.gsub("\x00", '')
-			when 2
-				#netbios domain
-				data[:default_domain] = addr.gsub("\x00", '')
-			when 3
-				#dns name
-				data[:dns_host_name] =  addr.gsub("\x00", '')
-			when 4
-				#dns domain
-				data[:dns_domain_name] =  addr.gsub("\x00", '')
-			when 5
-				#The FQDN of the forest.
-			when 6
-				#A 32-bit value indicating server or client configuration
-			when 7
-				#Client time
-				data[:chall_MsvAvTimestamp] = addr
-			when 8
-				#A Restriction_Encoding structure
-			when 9
-				#The SPN of the target server.
-			when 10
-				#A channel bindings hash.
-			end
-		end
-		return data
-	end
-	# This function return an ntlmv2 client challenge
-	# This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
-	def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
-						client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
-		client_challenge ||= Rex::Text.rand_text(8)
-		# We have to set the timestamps here to the one in the challenge message from server if present
-		# If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
-		timestamp = chall_MsvAvTimestamp != '' ? chall_MsvAvTimestamp : self.time_unix_to_smb(Time.now.to_i).reverse.pack("VV")
-		# Make those values unicode as requested
-		win_domain = Rex::Text.to_unicode(win_domain)
-		win_name = Rex::Text.to_unicode(win_name)
-		dns_domain = Rex::Text.to_unicode(dns_domain)
-		dns_name = Rex::Text.to_unicode(dns_name)
-		# Make the AV_PAIRs
-		addr_list  = ''
-		addr_list  << [2, win_domain.length].pack('vv') + win_domain
-		addr_list  << [1, win_name.length].pack('vv') + win_name
-		addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
-		addr_list  << [3, dns_name.length].pack('vv') + dns_name
-		addr_list  << [7, 8].pack('vv') + timestamp
-		# Windows Seven / 2008r2 Request this type if in local security policies,
-		# Microsoft network server : Server SPN target name validation level is set to <Required from client>
-		# otherwise it send an STATUS_ACCESS_DENIED packet
-		if spnopt[:use_spn]
-			spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
-			addr_list  << [9, spn.length].pack('vv') + spn
-		end
-		# MAY BE USEFUL FOR FUTURE
-		# Seven (client) add at least one more av that is of type MsAvRestrictions (8)
-		# maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
-		# restriction_encoding = 	[48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
-		# 			Rex::Text.rand_text(32)	 # MachineId generated on startup on win7 and above
-		# addr_list  << [8, restriction_encoding.length].pack('vv') + restriction_encoding
-		# Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
-		# addr_list  << [10, 16].pack('vv') + "\x00" * 16
-		addr_list  << [0, 0].pack('vv')
-		ntlm_clientchallenge = 	[1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
-					timestamp + #Timestamp
-					client_challenge + 	#clientchallenge
-					[0].pack("V")  +	#Reserved3
-					addr_list + "\x00" * 4
-	end
-	# create lm/ntlm responses
-	def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
-					dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		#calculate the lm/ntlm response
-		resp_lm = "\x00" * 24
-		resp_ntlm = "\x00" * 24
-		client_challenge = Rex::Text.rand_text(8)
-		ntlm_cli_challenge = ''
-		if send_ntlm  #should be default
-			if usentlm2_session
-				if use_ntlmv2
-					ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
-												dns_host_name,client_challenge ,
-												chall_MsvAvTimestamp, spnopt)
-					if self.is_pass_ntlm_hash?(pass)
-						argntlm = {
-							:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-												user,
-												[ pass.upcase()[33,65] ].pack('H32'),
-												domain,{:pass_is_hash => true}
-											),
-							:challenge   => challenge_key
-						}
-					else
-						argntlm = {
-							:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user, pass, domain),
-							:challenge   =>  challenge_key
-						}
-					end
-					optntlm = { :nt_client_challenge => ntlm_cli_challenge}
-					ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
-					resp_ntlm = ntlmv2_response
-					if send_lm
-						if self.is_pass_ntlm_hash?(pass)
-							arglm = {
-								:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-													user,
-													[ pass.upcase()[33,65] ].pack('H32'),
-													domain,{:pass_is_hash => true}
-												),
-								:challenge   => challenge_key
-							}
-						else
-							arglm = {
-								:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
-								:challenge   => challenge_key
-							}
-						end
-						optlm = { :client_challenge => client_challenge }
-						resp_lm = CRYPT::lmv2_response(arglm, optlm)
-					else
-						resp_lm = "\x00" * 24
-					end
-				else # ntlm2_session
-					if self.is_pass_ntlm_hash?(pass)
-						argntlm = {
-							:ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
-							:challenge => challenge_key
-						}
-					else
-						argntlm = {
-							:ntlm_hash =>  CRYPT::ntlm_hash(pass),
-							:challenge => challenge_key
-						}
-					end
-					optntlm = {	:client_challenge => client_challenge}
-					resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
-					# Generate the fake LANMAN hash
-					resp_lm = client_challenge + ("\x00" * 16)
-				end
-			else # we use lmv1/ntlmv1
-				if self.is_pass_ntlm_hash?(pass)
-					argntlm = {
-						:ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
-						:challenge =>  challenge_key
-					}
-				else
-					argntlm = {
-						:ntlm_hash =>  CRYPT::ntlm_hash(pass),
-						:challenge =>  challenge_key
-					}
-				end
-				resp_ntlm = CRYPT::ntlm_response(argntlm)
-				if send_lm
-					if self.is_pass_ntlm_hash?(pass)
-						arglm = {
-							:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
-							:challenge =>  challenge_key
-						}
-					else
-						arglm = {
-							:lm_hash => CRYPT::lm_hash(pass),
-							:challenge =>  challenge_key
-						}
-					end
-					resp_lm = CRYPT::lm_response(arglm)
-				else
-					#when windows does not send lm in ntlmv1 type response,
-					# it gives lm response the same value as ntlm response
-					resp_lm  = resp_ntlm
-				end
-			end
-		else #send_ntlm = false
-			#lmv2
-			if usentlm2_session && use_ntlmv2
-				if self.is_pass_ntlm_hash?(pass)
-					arglm = {
-						:ntlmv2_hash =>  CRYPT::ntlmv2_hash(
-											user,
-											[ pass.upcase()[33,65] ].pack('H32'),
-											domain,{:pass_is_hash => true}
-										),
-						:challenge => challenge_key
-					}
-				else
-					arglm = {
-						:ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
-						:challenge => challenge_key
-					}
-				end
-				optlm = { :client_challenge => client_challenge }
-				resp_lm = CRYPT::lmv2_response(arglm, optlm)
-			else
-				if self.is_pass_ntlm_hash?(pass)
-					arglm = {
-						:lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
-						:challenge =>  challenge_key
-					}
-				else
-					arglm = {
-						:lm_hash => CRYPT::lm_hash(pass),
-						:challenge =>  challenge_key
-					}
-				end
-				resp_lm = CRYPT::lm_response(arglm)
-			end
-			resp_ntlm = ""
-		end
-		return resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge
-	end
-	# create the session key
-	def self.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, challenge_key,
-					client_challenge = '', ntlm_cli_challenge = '' , opt = {} )
-		usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
-		use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
-		send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
-		send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
-		use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
-		# Create the sessionkey (aka signing key, aka mackey) and encrypted session key
-		# Server will decide for key_size and key_exchange
-		enc_session_key = ''
-		signing_key = ''
-		# Set default key size and key exchange values
-		key_size = 40
-		key_exchange = false
-		# Remove ntlmssp.negotiate56
-		ntlmssp_flags &= 0x7fffffff
-		# Remove ntlmssp.negotiatekeyexch
-		ntlmssp_flags &= 0xbfffffff
-		# Remove ntlmssp.negotiate128
-		ntlmssp_flags &= 0xdfffffff
-		# Check the keyexchange
-		if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
-			key_exchange = true
-			ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
-		end
-		# Check 128bits
-		if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
-			key_size = 128
-			ntlmssp_flags |= CONST::NEGOTIATE_128
-			ntlmssp_flags |= CONST::NEGOTIATE_56
-		# Check 56bits
-		else
-			if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
-				key_size = 56
-				ntlmssp_flags |= CONST::NEGOTIATE_56
-			end
-		end
-		# Generate the user session key
-		lanman_weak = false
-		if send_ntlm  # Should be default
-			if usentlm2_session
-				if use_ntlmv2
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlmv2_user_session_key(user,
-												[ pass.upcase()[33,65] ].pack('H32'),
-												domain,
-												challenge_key, ntlm_cli_challenge,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
-											challenge_key, ntlm_cli_challenge)
-					end
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
-														challenge_key,
-														client_challenge,
-														{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
-														client_challenge)
-					end
-				end
-			else # lmv1/ntlmv1
-				# lanman_key may also be used without ntlm response but it is not so much used
-				# so we don't care about this feature
-				if send_lm && use_lanman_key
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
-												challenge_key,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
-					end
-					lanman_weak = true
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
-													{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::ntlmv1_user_session_key(pass)
-					end
-				end
-			end
-		else
-				if usentlm2_session && use_ntlmv2
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
-												domain,
-												challenge_key, client_challenge,
-												{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
-												challenge_key, client_challenge)
-					end
-				else
-					if self.is_pass_ntlm_hash?(pass)
-						user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
-													{:pass_is_hash => true})
-					else
-						user_session_key = CRYPT::lmv1_user_session_key(pass)
-					end
-				end
-		end
-		user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
-		# Sessionkey and encrypted session key
-		if key_exchange
-			signing_key = Rex::Text.rand_text(16)
-			enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
-		else
-			signing_key = user_session_key
-		end
-		return signing_key, enc_session_key, ntlmssp_flags
-	end
+  # Convert a unix timestamp to a 64-bit signed server time
+  def self.time_unix_to_smb(unix_time)
+    t64 = (unix_time + 11644473600) * 10000000
+    thi = (t64 & 0xffffffff00000000) >> 32
+    tlo = (t64 & 0x00000000ffffffff)
+    return [thi, tlo]
+  end
+  # Determine whether the password is a known hash format
+  def self.is_pass_ntlm_hash?(str)
+    str.downcase =~ /^[0-9a-f]{32}:[0-9a-f]{32}$/
+  end
+  #
+  # Prepends an ASN1 formatted length field to a piece of data
+  #
+  def self.asn1encode(str = '')
+    res = ''
+    # If the high bit of the first byte is 1, it contains the number of
+    # length bytes that follow
+    case str.length
+      when 0 .. 0x7F
+        res = [str.length].pack('C') + str
+      when 0x80 .. 0xFF
+        res = [0x81, str.length].pack('CC') + str
+      when 0x100 .. 0xFFFF
+        res = [0x82, str.length].pack('Cn') + str
+      when  0x10000 .. 0xffffff
+        res = [0x83, str.length >> 16, str.length & 0xFFFF].pack('CCn') + str
+      when  0x1000000 .. 0xffffffff
+        res = [0x84, str.length].pack('CN') + str
+      else
+        raise "ASN1 str too long"
+    end
+    return res
+  end
+  # GSS functions
+  # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
+  # mechTypes: 2 items :
+  # 	-MechType: 1.3.6.1.4.1.311.2.2.30 (SNMPv2-SMI::enterprises.311.2.2.30)
+  # 	-MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
+  #
+  # this is the default on Win7
+  def self.make_simple_negotiate_secblob_resp
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # GSS BLOB usefull for SMB_NEGOCIATE_RESPONSE message
+  # mechTypes: 4 items :
+  # 	MechType: 1.2.840.48018.1.2.2 (MS KRB5 - Microsoft Kerberos 5)
+  # 	MechType: 1.2.840.113554.1.2.2 (KRB5 - Kerberos 5)
+  # 	MechType: 1.2.840.113554.1.2.2.3 (KRB5 - Kerberos 5 - User to User)
+  # 	MechType: 1.3.6.1.4.1.311.2.2.10 (NTLMSSP - Microsoft NTLM Security Support Provider)
+  # mechListMIC:
+  # 	principal: account@domain
+  def self.make_negotiate_secblob_resp(account, domain)
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x82\xf7\x12\x01\x02\x02"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03"
+              ) +
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          ) +
+          "\xa3" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\xa0" + self.asn1encode(
+                "\x1b" + self.asn1encode(
+                  account + '@' + domain
+                )
+              )
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # BLOB without GSS usefull for ntlmssp type 1 message
+  def self.make_ntlmssp_blob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
+    blob =	"NTLMSSP\x00" +
+      [1, flags].pack('VV') +
+      [
+        domain.length,  #length
+        domain.length,  #max length
+        32
+      ].pack('vvV') +
+      [
+        name.length,	#length
+        name.length, 	#max length
+        domain.length + 32
+      ].pack('vvV') +
+      domain + name
+    return blob
+  end
+  # GSS BLOB usefull for ntlmssp type 1 message
+  def self.make_ntlmssp_secblob_init(domain = 'WORKGROUP', name = 'WORKSTATION', flags=0x80201)
+    blob =
+    "\x60" + self.asn1encode(
+      "\x06" + self.asn1encode(
+        "\x2b\x06\x01\x05\x05\x02"
+      ) +
+      "\xa0" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x30" + self.asn1encode(
+              "\x06" + self.asn1encode(
+                "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+              )
+            )
+          ) +
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+              make_ntlmssp_blob_init(domain, name, flags)
+            )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # BLOB without GSS usefull for ntlm type 2 message
+  def self.make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+    addr_list  = ''
+    addr_list  << [2, win_domain.length].pack('vv') + win_domain
+    addr_list  << [1, win_name.length].pack('vv') + win_name
+    addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
+    addr_list  << [3, dns_name.length].pack('vv') + dns_name
+    addr_list  << [0, 0].pack('vv')
+    ptr  = 0
+    blob =	"NTLMSSP\x00" +
+        [2].pack('V') +
+        [
+          win_domain.length,  # length
+          win_domain.length,  # max length
+          (ptr += 48) # offset
+        ].pack('vvV') +
+        [ flags ].pack('V') +
+        chall +
+        "\x00\x00\x00\x00\x00\x00\x00\x00" +
+        [
+          addr_list.length,  # length
+          addr_list.length,  # max length
+          (ptr += win_domain.length)
+        ].pack('vvV') +
+        win_domain +
+        addr_list
+    return blob
+  end
+  # GSS BLOB usefull for ntlmssp type 2 message
+  def self.make_ntlmssp_secblob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x0a" + self.asn1encode(
+              "\x01"
+            )
+          ) +
+          "\xa1" + self.asn1encode(
+            "\x06" + self.asn1encode(
+              "\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a"
+            )
+          ) +
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+              make_ntlmssp_blob_chall(win_domain, win_name, dns_domain, dns_name, chall, flags)
+            )
+          )
+        )
+      )
+    return blob
+  end
+  # BLOB without GSS Usefull for ntlmssp type 3 message
+  def self.make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
+    lm ||= "\x00" * 24
+    ntlm ||= "\x00" * 24
+    domain_uni = Rex::Text.to_unicode(domain)
+    user_uni   = Rex::Text.to_unicode(user)
+    name_uni   = Rex::Text.to_unicode(name)
+    session    = enc_session_key
+    ptr  = 64
+    blob = "NTLMSSP\x00" +
+      [ 3 ].pack('V') +
+      [	# Lan Manager Response
+        lm.length,
+        lm.length,
+        (ptr)
+      ].pack('vvV') +
+      [	# NTLM Manager Response
+        ntlm.length,
+        ntlm.length,
+        (ptr += lm.length)
+      ].pack('vvV') +
+      [	# Domain Name
+        domain_uni.length,
+        domain_uni.length,
+        (ptr += ntlm.length)
+      ].pack('vvV') +
+      [	# Username
+        user_uni.length,
+        user_uni.length,
+        (ptr += domain_uni.length)
+      ].pack('vvV') +
+      [	# Hostname
+        name_uni.length,
+        name_uni.length,
+        (ptr += user_uni.length)
+      ].pack('vvV') +
+      [	# Session Key (none)
+        session.length,
+        session.length,
+        (ptr += name_uni.length)
+      ].pack('vvV') +
+      [ flags ].pack('V') +
+      lm +
+      ntlm +
+      domain_uni +
+      user_uni +
+      name_uni +
+      session + "\x00"
+    return blob
+  end
+  # GSS BLOB Usefull for ntlmssp type 3 message
+  def self.make_ntlmssp_secblob_auth(domain, name, user, lm, ntlm, enc_session_key, flags = 0x080201)
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa2" + self.asn1encode(
+            "\x04" + self.asn1encode(
+            make_ntlmssp_blob_auth(domain, name, user, lm, ntlm, enc_session_key, flags )
+          )
+        )
+      )
+    )
+    return blob
+  end
+  # GSS BLOB Usefull for SMB Success
+  def self.make_ntlmv2_secblob_success
+    blob =
+      "\xa1" + self.asn1encode(
+        "\x30" + self.asn1encode(
+          "\xa0" + self.asn1encode(
+            "\x0a" + self.asn1encode(
+              "\x00"
+            )
+          )
+        )
+      )
+    return blob
+  end
+  # Return the correct ntlmflags upon the configuration
+  def self.make_ntlm_flags(opt = {})
+    signing 		= opt[:signing] 		!= nil ? opt[:signing] : false
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
+    if signing
+      ntlmssp_flags = 0xe2088215
+    else
+      ntlmssp_flags = 0xa2080205
+    end
+    if usentlm2_session
+      if use_ntlmv2
+        #set Negotiate Target Info
+        ntlmssp_flags |= CONST::NEGOTIATE_TARGET_INFO
+      end
+    else
+      #remove the ntlm2_session flag
+      ntlmssp_flags &= 0xfff7ffff
+      #set lanmanflag only when lm and ntlm are sent
+      if send_lm
+        ntlmssp_flags |= CONST::NEGOTIATE_LMKEY if use_lanman_key
+      end
+    end
+    #we can also downgrade ntlm2_session when we send only lmv1
+    ntlmssp_flags &= 0xfff7ffff if usentlm2_session && (not use_ntlmv2) && (not send_ntlm)
+    return ntlmssp_flags
+  end
+  # Parse an ntlm type 2 challenge blob and return usefull data
+  def self.parse_ntlm_type_2_blob(blob)
+    data = {}
+    # Extract the NTLM challenge key the lazy way
+    cidx = blob.index("NTLMSSP\x00\x02\x00\x00\x00")
+    if not cidx
+      raise XCEPT::NTLMMissingChallenge
+    end
+    data[:challenge_key] = blob[cidx + 24, 8]
+    data[:server_ntlmssp_flags] = blob[cidx + 20, 4].unpack("V")[0]
+    # Extract the address list from the blob
+    alist_len,alist_mlen,alist_off = blob[cidx + 40, 8].unpack("vvV")
+    alist_buf = blob[cidx + alist_off, alist_len]
+    while(alist_buf.length > 0)
+      atype, alen = alist_buf.slice!(0,4).unpack('vv')
+      break if atype == 0x00
+      addr = alist_buf.slice!(0, alen)
+      case atype
+      when 1
+        #netbios name
+        data[:default_name] =  addr.gsub("\x00", '')
+      when 2
+        #netbios domain
+        data[:default_domain] = addr.gsub("\x00", '')
+      when 3
+        #dns name
+        data[:dns_host_name] =  addr.gsub("\x00", '')
+      when 4
+        #dns domain
+        data[:dns_domain_name] =  addr.gsub("\x00", '')
+      when 5
+        #The FQDN of the forest.
+      when 6
+        #A 32-bit value indicating server or client configuration
+      when 7
+        #Client time
+        data[:chall_MsvAvTimestamp] = addr
+      when 8
+        #A Restriction_Encoding structure
+      when 9
+        #The SPN of the target server.
+      when 10
+        #A channel bindings hash.
+      end
+    end
+    return data
+  end
+  # This function return an ntlmv2 client challenge
+  # This is a partial implementation, full description is in [MS-NLMP].pdf around 3.1.5.2.1 :-/
+  def self.make_ntlmv2_clientchallenge(win_domain, win_name, dns_domain, dns_name,
+            client_challenge = nil, chall_MsvAvTimestamp = nil, spnopt = {})
+    client_challenge ||= Rex::Text.rand_text(8)
+    # We have to set the timestamps here to the one in the challenge message from server if present
+    # If we don't do that, recent server like Seven/2008 will send a STATUS_INVALID_PARAMETER error packet
+    timestamp = chall_MsvAvTimestamp != '' ? chall_MsvAvTimestamp : self.time_unix_to_smb(Time.now.to_i).reverse.pack("VV")
+    # Make those values unicode as requested
+    win_domain = Rex::Text.to_unicode(win_domain)
+    win_name = Rex::Text.to_unicode(win_name)
+    dns_domain = Rex::Text.to_unicode(dns_domain)
+    dns_name = Rex::Text.to_unicode(dns_name)
+    # Make the AV_PAIRs
+    addr_list  = ''
+    addr_list  << [2, win_domain.length].pack('vv') + win_domain
+    addr_list  << [1, win_name.length].pack('vv') + win_name
+    addr_list  << [4, dns_domain.length].pack('vv') + dns_domain
+    addr_list  << [3, dns_name.length].pack('vv') + dns_name
+    addr_list  << [7, 8].pack('vv') + timestamp
+    # Windows Seven / 2008r2 Request this type if in local security policies,
+    # Microsoft network server : Server SPN target name validation level is set to <Required from client>
+    # otherwise it send an STATUS_ACCESS_DENIED packet
+    if spnopt[:use_spn]
+      spn= Rex::Text.to_unicode("cifs/#{spnopt[:name] || 'unknow'}")
+      addr_list  << [9, spn.length].pack('vv') + spn
+    end
+    # MAY BE USEFUL FOR FUTURE
+    # Seven (client) add at least one more av that is of type MsAvRestrictions (8)
+    # maybe this will be usefull with future windows OSs but has no use at all for the moment afaik
+    # restriction_encoding = 	[48,0,0,0].pack("VVV") + # Size, Z4, IntegrityLevel, SubjectIntegrityLevel
+    # 			Rex::Text.rand_text(32)	 # MachineId generated on startup on win7 and above
+    # addr_list  << [8, restriction_encoding.length].pack('vv') + restriction_encoding
+    # Seven (client) and maybe others versions also add an av of type MsvChannelBindings (10) but the hash is "\x00" * 16
+    # addr_list  << [10, 16].pack('vv') + "\x00" * 16
+    addr_list  << [0, 0].pack('vv')
+    ntlm_clientchallenge = 	[1,1,0,0].pack("CCvV") + #RespType, HiRespType, Reserved1, Reserved2
+          timestamp + #Timestamp
+          client_challenge + 	#clientchallenge
+          [0].pack("V")  +	#Reserved3
+          addr_list + "\x00" * 4
+  end
+  # create lm/ntlm responses
+  def self.create_lm_ntlm_responses(user, pass, challenge_key, domain = '', default_name = '', default_domain = '',
+          dns_host_name = '', dns_domain_name = '', chall_MsvAvTimestamp = nil, spnopt = {}, opt = {} )
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    #calculate the lm/ntlm response
+    resp_lm = "\x00" * 24
+    resp_ntlm = "\x00" * 24
+    client_challenge = Rex::Text.rand_text(8)
+    ntlm_cli_challenge = ''
+    if send_ntlm  #should be default
+      if usentlm2_session
+        if use_ntlmv2
+          ntlm_cli_challenge = self.make_ntlmv2_clientchallenge(default_domain, default_name, dns_domain_name,
+                        dns_host_name,client_challenge ,
+                        chall_MsvAvTimestamp, spnopt)
+          if self.is_pass_ntlm_hash?(pass)
+            argntlm = {
+              :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                        user,
+                        [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,{:pass_is_hash => true}
+                      ),
+              :challenge   => challenge_key
+            }
+          else
+            argntlm = {
+              :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user, pass, domain),
+              :challenge   =>  challenge_key
+            }
+          end
+          optntlm = { :nt_client_challenge => ntlm_cli_challenge}
+          ntlmv2_response = CRYPT::ntlmv2_response(argntlm,optntlm)
+          resp_ntlm = ntlmv2_response
+          if send_lm
+            if self.is_pass_ntlm_hash?(pass)
+              arglm = {
+                :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                          user,
+                          [ pass.upcase()[33,65] ].pack('H32'),
+                          domain,{:pass_is_hash => true}
+                        ),
+                :challenge   => challenge_key
+              }
+            else
+              arglm = {
+                :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
+                :challenge   => challenge_key
+              }
+            end
+            optlm = { :client_challenge => client_challenge }
+            resp_lm = CRYPT::lmv2_response(arglm, optlm)
+          else
+            resp_lm = "\x00" * 24
+          end
+        else # ntlm2_session
+          if self.is_pass_ntlm_hash?(pass)
+            argntlm = {
+              :ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
+              :challenge => challenge_key
+            }
+          else
+            argntlm = {
+              :ntlm_hash =>  CRYPT::ntlm_hash(pass),
+              :challenge => challenge_key
+            }
+          end
+          optntlm = {	:client_challenge => client_challenge}
+          resp_ntlm = CRYPT::ntlm2_session(argntlm,optntlm).join[24,24]
+          # Generate the fake LANMAN hash
+          resp_lm = client_challenge + ("\x00" * 16)
+        end
+      else # we use lmv1/ntlmv1
+        if self.is_pass_ntlm_hash?(pass)
+          argntlm = {
+            :ntlm_hash =>  [ pass.upcase()[33,65] ].pack('H32'),
+            :challenge =>  challenge_key
+          }
+        else
+          argntlm = {
+            :ntlm_hash =>  CRYPT::ntlm_hash(pass),
+            :challenge =>  challenge_key
+          }
+        end
+        resp_ntlm = CRYPT::ntlm_response(argntlm)
+        if send_lm
+          if self.is_pass_ntlm_hash?(pass)
+            arglm = {
+              :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
+              :challenge =>  challenge_key
+            }
+          else
+            arglm = {
+              :lm_hash => CRYPT::lm_hash(pass),
+              :challenge =>  challenge_key
+            }
+          end
+          resp_lm = CRYPT::lm_response(arglm)
+        else
+          #when windows does not send lm in ntlmv1 type response,
+          # it gives lm response the same value as ntlm response
+          resp_lm  = resp_ntlm
+        end
+      end
+    else #send_ntlm = false
+      #lmv2
+      if usentlm2_session && use_ntlmv2
+        if self.is_pass_ntlm_hash?(pass)
+          arglm = {
+            :ntlmv2_hash =>  CRYPT::ntlmv2_hash(
+                      user,
+                      [ pass.upcase()[33,65] ].pack('H32'),
+                      domain,{:pass_is_hash => true}
+                    ),
+            :challenge => challenge_key
+          }
+        else
+          arglm = {
+            :ntlmv2_hash =>  CRYPT::ntlmv2_hash(user,pass, domain),
+            :challenge => challenge_key
+          }
+        end
+        optlm = { :client_challenge => client_challenge }
+        resp_lm = CRYPT::lmv2_response(arglm, optlm)
+      else
+        if self.is_pass_ntlm_hash?(pass)
+          arglm = {
+            :lm_hash => [ pass.upcase()[0,32] ].pack('H32'),
+            :challenge =>  challenge_key
+          }
+        else
+          arglm = {
+            :lm_hash => CRYPT::lm_hash(pass),
+            :challenge =>  challenge_key
+          }
+        end
+        resp_lm = CRYPT::lm_response(arglm)
+      end
+      resp_ntlm = ""
+    end
+    return resp_lm, resp_ntlm, client_challenge, ntlm_cli_challenge
+  end
+  # create the session key
+  def self.create_session_key(ntlmssp_flags, server_ntlmssp_flags, user, pass, domain, challenge_key,
+          client_challenge = '', ntlm_cli_challenge = '' , opt = {} )
+    usentlm2_session 	= opt[:usentlm2_session]	!= nil ? opt[:usentlm2_session] : true
+    use_ntlmv2 		= opt[:use_ntlmv2] 		!= nil ? opt[:use_ntlmv2] : false
+    send_lm 		= opt[:send_lm] 		!= nil ? opt[:send_lm] : true
+    send_ntlm 		= opt[:send_ntlm] 		!= nil ? opt[:send_ntlm] : true
+    use_lanman_key 		= opt[:use_lanman_key] 		!= nil ? opt[:use_lanman_key] : false
+    # Create the sessionkey (aka signing key, aka mackey) and encrypted session key
+    # Server will decide for key_size and key_exchange
+    enc_session_key = ''
+    signing_key = ''
+    # Set default key size and key exchange values
+    key_size = 40
+    key_exchange = false
+    # Remove ntlmssp.negotiate56
+    ntlmssp_flags &= 0x7fffffff
+    # Remove ntlmssp.negotiatekeyexch
+    ntlmssp_flags &= 0xbfffffff
+    # Remove ntlmssp.negotiate128
+    ntlmssp_flags &= 0xdfffffff
+    # Check the keyexchange
+    if server_ntlmssp_flags & CONST::NEGOTIATE_KEY_EXCH != 0 then
+      key_exchange = true
+      ntlmssp_flags |= CONST::NEGOTIATE_KEY_EXCH
+    end
+    # Check 128bits
+    if server_ntlmssp_flags & CONST::NEGOTIATE_128 != 0 then
+      key_size = 128
+      ntlmssp_flags |= CONST::NEGOTIATE_128
+      ntlmssp_flags |= CONST::NEGOTIATE_56
+    # Check 56bits
+    else
+      if server_ntlmssp_flags & CONST::NEGOTIATE_56 != 0 then
+        key_size = 56
+        ntlmssp_flags |= CONST::NEGOTIATE_56
+      end
+    end
+    # Generate the user session key
+    lanman_weak = false
+    if send_ntlm  # Should be default
+      if usentlm2_session
+        if use_ntlmv2
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlmv2_user_session_key(user,
+                        [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,
+                        challenge_key, ntlm_cli_challenge,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlmv2_user_session_key(user, pass, domain,
+                      challenge_key, ntlm_cli_challenge)
+          end
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlm2_session_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
+                            challenge_key,
+                            client_challenge,
+                            {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlm2_session_user_session_key(pass, challenge_key,
+                            client_challenge)
+          end
+        end
+      else # lmv1/ntlmv1
+        # lanman_key may also be used without ntlm response but it is not so much used
+        # so we don't care about this feature
+        if send_lm && use_lanman_key
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lanman_session_key([ pass.upcase()[0,32] ].pack('H32'),
+                        challenge_key,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lanman_session_key(pass, challenge_key)
+          end
+          lanman_weak = true
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::ntlmv1_user_session_key([ pass.upcase()[33,65] ].pack('H32'),
+                          {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::ntlmv1_user_session_key(pass)
+          end
+        end
+      end
+    else
+        if usentlm2_session && use_ntlmv2
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lmv2_user_session_key(user, [ pass.upcase()[33,65] ].pack('H32'),
+                        domain,
+                        challenge_key, client_challenge,
+                        {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lmv2_user_session_key(user, pass, domain,
+                        challenge_key, client_challenge)
+          end
+        else
+          if self.is_pass_ntlm_hash?(pass)
+            user_session_key = CRYPT::lmv1_user_session_key([ pass.upcase()[0,32] ].pack('H32'),
+                          {:pass_is_hash => true})
+          else
+            user_session_key = CRYPT::lmv1_user_session_key(pass)
+          end
+        end
+    end
+    user_session_key = CRYPT::make_weak_sessionkey(user_session_key,key_size, lanman_weak)
+    # Sessionkey and encrypted session key
+    if key_exchange
+      signing_key = Rex::Text.rand_text(16)
+      enc_session_key = CRYPT::encrypt_sessionkey(signing_key, user_session_key)
+    else
+      signing_key = user_session_key
+    end
+    return signing_key, enc_session_key, ntlmssp_flags
+  end