RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/proto/pjl.rb ADDED

@@ -0,0 +1,30 @@
+# https://en.wikipedia.org/wiki/Printer_Job_Language
+# See external links for PJL spec
+module Rex::Proto::PJL
+  require "rex/proto/pjl/client"
+  DEFAULT_PORT = 9100
+  DEFAULT_TIMEOUT = 5
+  COUNT_MAX = 2_147_483_647
+  SIZE_MAX = 2_147_483_647
+  UEL = "\e%-12345X" # Universal Exit Language
+  PREFIX = "@PJL"
+  module Info
+    ID = "#{PREFIX} INFO ID"
+    STATUS = "#{PREFIX} INFO STATUS"
+    VARIABLES = "#{PREFIX} INFO VARIABLES"
+    FILESYS = "#{PREFIX} INFO FILESYS"
+  end
+  RDYMSG = "#{PREFIX} RDYMSG"
+  FSINIT = "#{PREFIX} FSINIT"
+  FSDIRLIST = "#{PREFIX} FSDIRLIST"
+  FSUPLOAD = "#{PREFIX} FSUPLOAD"
+end

data/lib/rex/proto/pjl/client.rb ADDED

@@ -0,0 +1,162 @@
+# https://en.wikipedia.org/wiki/Printer_Job_Language
+# See external links for PJL spec
+module Rex::Proto::PJL
+class Client
+  attr_reader :sock
+  def initialize(sock)
+    @sock = sock
+  end
+  # Begin a PJL job
+  #
+  # @return [void]
+  def begin_job
+    @sock.put("#{UEL}#{PREFIX}\n")
+  end
+  # End a PJL job
+  #
+  # @return [void]
+  def end_job
+    @sock.put(UEL)
+  end
+  # Send an INFO request and read the response
+  #
+  # @param category [String] INFO category
+  # @return [String] INFO response
+  def info(category)
+    categories = {
+      :id => Info::ID,
+      :status => Info::STATUS,
+      :variables => Info::VARIABLES,
+      :filesys => Info::FILESYS
+    }
+    unless categories.has_key?(category)
+      raise ArgumentError, "Unknown INFO category"
+    end
+    @sock.put("#{categories[category]}\n")
+    @sock.get(DEFAULT_TIMEOUT)
+  end
+  # Get version information
+  #
+  # @return [String] Version information
+  def info_id
+    id = nil
+    if info(:id) =~ /"(.*?)"/m
+      id = $1
+    end
+    id
+  end
+  # Get environment variables
+  #
+  # @return [String] Environment variables
+  def info_variables
+    env_vars = nil
+    if info(:variables) =~ /#{Info::VARIABLES}\r?\n(.*?)\f/m
+      env_vars = $1
+    end
+    env_vars
+  end
+  # List volumes
+  #
+  # @return [String] Volume listing
+  def info_filesys
+    filesys = nil
+    if info(:filesys) =~ /\[\d+ TABLE\]\r?\n(.*?)\f/m
+      filesys = $1
+    end
+    filesys
+  end
+  # Get the ready message
+  #
+  # @return [String] Ready message
+  def get_rdymsg
+    rdymsg = nil
+    if info(:status) =~ /DISPLAY="(.*?)"/m
+      rdymsg = $1
+    end
+    rdymsg
+  end
+  # Set the ready message
+  #
+  # @param message [String] Ready message
+  # @return [void]
+  def set_rdymsg(message)
+    @sock.put(%Q{#{RDYMSG} DISPLAY = "#{message}"\n})
+  end
+  # Initialize a volume
+  #
+  # @param volume [String] Volume
+  # @return [void]
+  def fsinit(volume)
+    if volume !~ /^[0-2]:$/
+      raise ArgumentError, "Volume must be 0:, 1:, or 2:"
+    end
+    @sock.put(%Q{#{FSINIT} VOLUME = "#{volume}"\n})
+  end
+  # List a directory
+  #
+  # @param pathname [String] Pathname
+  # @param count [Fixnum] Number of entries to list
+  # @return [String] Directory listing
+  def fsdirlist(pathname, count = COUNT_MAX)
+    if pathname !~ /^[0-2]:/
+      raise ArgumentError, "Pathname must begin with 0:, 1:, or 2:"
+    end
+    listing = nil
+    @sock.put(%Q{#{FSDIRLIST} NAME = "#{pathname}" ENTRY=1 COUNT=#{count}\n})
+    if @sock.get(DEFAULT_TIMEOUT) =~ /ENTRY=1\r?\n(.*?)\f/m
+      listing = $1
+    end
+    listing
+  end
+  # Download a file
+  #
+  # @param pathname [String] Pathname
+  # @param size [Fixnum] Size of file
+  # @return [String] File as a string
+  def fsupload(pathname, size = SIZE_MAX)
+    if pathname !~ /^[0-2]:/
+      raise ArgumentError, "Pathname must begin with 0:, 1:, or 2:"
+    end
+    file = nil
+    @sock.put(%Q{#{FSUPLOAD} NAME = "#{pathname}" OFFSET=0 SIZE=#{size}\n})
+    if @sock.get(DEFAULT_TIMEOUT) =~ /SIZE=\d+\r?\n(.*)\f/m
+      file = $1
+    end
+    file
+  end
+end
+end

data/lib/rex/proto/proxy/socks4a.rb CHANGED

@@ -1,441 +1,441 @@
 # -*- coding: binary -*-
-#
-# sf - Sept 2010
-#
-require 'thread'
-require 'rex/logging'
-require 'rex/socket'
-module Rex
-module Proto
-module Proxy
-#
-# A Socks4a proxy server.
-#
-class Socks4a
-	#
-	# A client connected to the Socks4a server.
-	#
-	class Client
-		REQUEST_VERSION                 = 4
-		REPLY_VERSION                   = 0
-		COMMAND_CONNECT                 = 1
-		COMMAND_BIND                    = 2
-		REQUEST_GRANTED                 = 90
-		REQUEST_REJECT_FAILED           = 91
-		REQUEST_REJECT_CONNECT          = 92
-		REQUEST_REJECT_USERID           = 93
-		HOST                            = 1
-		PORT                            = 2
-		#
-		# A Socks4a packet.
-		#
-		class Packet
-			def initialize
-				@version   = REQUEST_VERSION
-				@command   = 0
-				@dest_port = 0
-				@dest_ip   = '0.0.0.0'
-				@userid    = ''
-			end
-			#
-			# A helper function to recv in a Socks4a packet byte by byte.
-			#
-			# sf: we could just call raw = sock.get_once but some clients
-			#     seem to need reading this byte by byte instead.
-			#
-			def Packet.recv( sock, timeout=30 )
-				raw = ''
-				# read in the 8 byte header
-				while( raw.length < 8 )
-					raw << sock.read( 1 )
-				end
-				# if its a request there will be more data
-				if( raw[0..0].unpack( 'C' ).first == REQUEST_VERSION )
-					# read in the userid
-					while( raw[8..raw.length].index( "\x00" ) == nil )
-						raw << sock.read( 1 )
-					end
-					# if a hostname is going to be present, read it in
-					ip = raw[4..7].unpack( 'N' ).first
-					if( ( ip & 0xFFFFFF00 ) == 0x00000000 and ( ip & 0x000000FF ) != 0x00 )
-						hostname = ''
-						while( hostname.index( "\x00" ) == nil )
-							hostname += sock.read( 1 )
-						end
-						raw << hostname
-					end
-				end
-				# create a packet from this raw data...
-				packet = Packet.new
-				packet.from_r( raw ) ? packet : nil
-			end
-			#
-			# Pack a packet into raw bytes for transmitting on the wire.
-			#
-			def to_r
-				raw = [ @version, @command, @dest_port, Rex::Socket.addr_atoi( @dest_ip ) ].pack( 'CCnN' )
-				return raw if( @userid.empty? )
-				return raw + [ @userid ].pack( 'Z*' )
-			end
-			#
-			# Unpack a raw packet into its components.
-			#
-			def from_r( raw )
-				return false if( raw.length < 8 )
-				@version   = raw[0..0].unpack( 'C' ).first
-				return false if( @version != REQUEST_VERSION and @version != REPLY_VERSION )
-				@command   = raw[1..1].unpack( 'C' ).first
-				@dest_port = raw[2..3].unpack( 'n' ).first
-				@dest_ip   = Rex::Socket.addr_itoa( raw[4..7].unpack( 'N' ).first )
-				if( raw.length > 8 )
-					@userid = raw[8..raw.length].unpack( 'Z*' ).first
-					# if this is a socks4a request we can resolve the provided hostname
-					if( self.is_hostname? )
-						hostname = raw[(8+@userid.length+1)..raw.length].unpack( 'Z*' ).first
-						@dest_ip = self.resolve( hostname )
-						# fail if we couldnt resolve the hostname
-						return false if( not @dest_ip )
-					end
-				else
-					@userid  = ''
-				end
-				return true
-			end
-			def is_connect?
-				@command == COMMAND_CONNECT ? true : false
-			end
-			def is_bind?
-				@command == COMMAND_BIND ? true : false
-			end
-			attr_accessor :version, :command, :dest_port, :dest_ip, :userid
-			protected
-			#
-			# Resolve the given hostname into a dotted IP address.
-			#
-			def resolve( hostname )
-				if( not hostname.empty? )
-					begin
-						return Rex::Socket.addr_itoa( Rex::Socket.gethostbyname( hostname )[3].unpack( 'N' ).first )
-					rescue ::SocketError
-						return nil
-					end
-				end
-				return nil
-			end
-			#
-			# As per the Socks4a spec, check to see if the provided dest_ip is 0.0.0.XX
-			# which indicates after the @userid field contains a hostname to resolve.
-			#
-			def is_hostname?
-				ip = Rex::Socket.addr_atoi( @dest_ip )
-				if( ip & 0xFFFFFF00 == 0x00000000 )
-					return true if( ip & 0x000000FF != 0x00 )
-				end
-				return false
-			end
-		end
-		#
-		# A mixin for a socket to perform a relay to another socket.
-		#
-		module Relay
-			#
-			# Relay data coming in from relay_sock to this socket.
-			#
-			def relay( relay_client, relay_sock )
-				@relay_client = relay_client
-				@relay_sock   = relay_sock
-				# start the relay thread (modified from Rex::IO::StreamAbstraction)
-				@relay_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServerRelay", false) do
-					loop do
-						closed = false
-						buf    = nil
-						begin
-							s = Rex::ThreadSafe.select( [ @relay_sock ], nil, nil, 0.2 )
-							if( s == nil || s[0] == nil )
-								next
-							end
-						rescue
-							closed = true
-						end
-						if( closed == false )
-							begin
-								buf = @relay_sock.sysread( 32768 )
-								closed = true if( buf == nil )
-							rescue
-								closed = true
-							end
-						end
-						if( closed == false )
-							total_sent   = 0
-							total_length = buf.length
-							while( total_sent < total_length )
-								begin
-									data = buf[total_sent, buf.length]
-									sent = self.write( data )
-									if( sent > 0 )
-										total_sent += sent
-									end
-								rescue
-									closed = true
-									break
-								end
-							end
-						end
-						if( closed )
-							@relay_client.stop
-							::Thread.exit
-						end
-					end
-				end
-			end
-		end
-		#
-		# Create a new client connected to the server.
-		#
-		def initialize( server, sock )
-			@server        = server
-			@lsock         = sock
-			@rsock         = nil
-			@client_thread = nil
-			@mutex         = ::Mutex.new
-		end
-		#
-		# Start handling the client connection.
-		#
-		def start
-			# create a thread to handle this client request so as to not block the socks4a server
-			@client_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyClient", false) do
-				begin
-					@server.add_client( self )
-					# get the initial client request packet
-					request = Packet.recv( @lsock )
-					raise "Invalid Socks4 request packet received." if not request
-					# handle the request
-					begin
-						# handle socks4a conenct requests
-						if( request.is_connect? )
-							# perform the connection request
-							params = {
-								'PeerHost' => request.dest_ip,
-								'PeerPort' => request.dest_port,
-							}
-							params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
-							@rsock = Rex::Socket::Tcp.create( params )
-							# and send back success to the client
-							response         = Packet.new
-							response.version = REPLY_VERSION
-							response.command = REQUEST_GRANTED
-							@lsock.put( response.to_r )
-						# handle socks4a bind requests
-						elsif( request.is_bind? )
-							# create a server socket for this request
-							params = {
-								'LocalHost' => '0.0.0.0',
-								'LocalPort' => 0,
-							}
-							params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
-							bsock = Rex::Socket::TcpServer.create( params )
-							# send back the bind success to the client
-							response           = Packet.new
-							response.version   = REPLY_VERSION
-							response.command   = REQUEST_GRANTED
-							response.dest_ip   = '0.0.0.0'
-							response.dest_port = bsock.getlocalname()[PORT]
-							@lsock.put( response.to_r )
-							# accept a client connection (2 minute timeout as per spec)
-							begin
-								::Timeout.timeout( 120 ) do
-									@rsock = bsock.accept
-								end
-							rescue ::Timeout::Error
-								raise "Timeout reached on accept request."
-							end
-							# close the listening socket
-							bsock.close
-							# verify the connection is from the dest_ip origionally specified by the client
-							rpeer = @rsock.getpeername
-							raise "Got connection from an invalid peer." if( rpeer[HOST] != request.dest_ip )
-							# send back the client connect success to the client
-							#
-							# sf: according to the spec we send this response back to the client, however
-							#     I have seen some clients who bawk if they get this second response.
-							#
-							response           = Packet.new
-							response.version   = REPLY_VERSION
-							response.command   = REQUEST_GRANTED
-							response.dest_ip   = rpeer[HOST]
-							response.dest_port = rpeer[PORT]
-							@lsock.put( response.to_r )
-						else
-							raise "Unknown request command received #{request.command} received."
-						end
-					rescue
-						# send back failure to the client
-						response         = Packet.new
-						response.version = REPLY_VERSION
-						response.command = REQUEST_REJECT_FAILED
-						@lsock.put( response.to_r )
-						# raise an exception to close this client connection
-						raise "Failed to handle the clients request."
-					end
-					# setup the two way relay for full duplex io
-					@lsock.extend( Relay )
-					@rsock.extend( Relay )
-					# start the socket relays...
-					@lsock.relay( self, @rsock )
-					@rsock.relay( self, @lsock )
-				rescue
-					wlog( "Client.start - #{$!}" )
-					self.stop
-				end
-			end
-		end
-		#
-		# Stop handling the client connection.
-		#
-		def stop
-			@mutex.synchronize do
-				if( not @closed )
-					begin
-						@lsock.close if @lsock
-					rescue
-					end
-					begin
-						@rsock.close if @rsock
-					rescue
-					end
-					@client_thread.kill if( @client_thread and @client_thread.alive? )
-					@server.remove_client( self )
-					@closed = true
-				end
-			end
-		end
-	end
-	#
-	# Create a new Socks4a server.
-	#
-	def initialize( opts={} )
-		@opts          = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080 }
-		@opts          = @opts.merge( opts )
-		@server        = nil
-		@clients       = ::Array.new
-		@running       = false
-		@server_thread = nil
-	end
-	#
-	# Check if the server is running.
-	#
-	def is_running?
-		return @running
-	end
-	#
-	# Start the Socks4a server.
-	#
-	def start
-			begin
-				# create the servers main socket (ignore the context here because we don't want a remote bind)
-				@server = Rex::Socket::TcpServer.create( 'LocalHost' => @opts['ServerHost'], 'LocalPort' => @opts['ServerPort'] )
-				# signal we are now running
-				@running = true
-				# start the servers main thread to pick up new clients
-				@server_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServer", false) do
-					while( @running ) do
-						begin
-							# accept the client connection
-							sock = @server.accept
-							# and fire off a new client instance to handle it
-							Client.new( self, sock ).start
-						rescue
-							wlog( "Socks4a.start - server_thread - #{$!}" )
-						end
-					end
-				end
-			rescue
-				wlog( "Socks4a.start - #{$!}" )
-				return false
-			end
-			return true
-	end
-	#
-	# Block while the server is running.
-	#
-	def join
-		@server_thread.join if @server_thread
-	end
-	#
-	# Stop the Socks4a server.
-	#
-	def stop
-		if( @running )
-			# signal we are no longer running
-			@running = false
-			# stop any clients we have (create a new client array as client.stop will delete from @clients)
-			clients = []
-			clients.concat( @clients )
-			clients.each do | client |
-				client.stop
-			end
-			# close the server socket
-			@server.close if @server
-			# if the server thread did not terminate gracefully, kill it.
-			@server_thread.kill if( @server_thread and @server_thread.alive? )
-		end
-		return !@running
-	end
-	def add_client( client )
-		@clients << client
-	end
-	def remove_client( client )
-		@clients.delete( client )
-	end
-	attr_reader :opts
-end
-end; end; end
+#
+# sf - Sept 2010
+#
+require 'thread'
+require 'rex/logging'
+require 'rex/socket'
+module Rex
+module Proto
+module Proxy
+#
+# A Socks4a proxy server.
+#
+class Socks4a
+  #
+  # A client connected to the Socks4a server.
+  #
+  class Client
+    REQUEST_VERSION                 = 4
+    REPLY_VERSION                   = 0
+    COMMAND_CONNECT                 = 1
+    COMMAND_BIND                    = 2
+    REQUEST_GRANTED                 = 90
+    REQUEST_REJECT_FAILED           = 91
+    REQUEST_REJECT_CONNECT          = 92
+    REQUEST_REJECT_USERID           = 93
+    HOST                            = 1
+    PORT                            = 2
+    #
+    # A Socks4a packet.
+    #
+    class Packet
+      def initialize
+        @version   = REQUEST_VERSION
+        @command   = 0
+        @dest_port = 0
+        @dest_ip   = '0.0.0.0'
+        @userid    = ''
+      end
+      #
+      # A helper function to recv in a Socks4a packet byte by byte.
+      #
+      # sf: we could just call raw = sock.get_once but some clients
+      #     seem to need reading this byte by byte instead.
+      #
+      def Packet.recv( sock, timeout=30 )
+        raw = ''
+        # read in the 8 byte header
+        while( raw.length < 8 )
+          raw << sock.read( 1 )
+        end
+        # if its a request there will be more data
+        if( raw[0..0].unpack( 'C' ).first == REQUEST_VERSION )
+          # read in the userid
+          while( raw[8..raw.length].index( "\x00" ) == nil )
+            raw << sock.read( 1 )
+          end
+          # if a hostname is going to be present, read it in
+          ip = raw[4..7].unpack( 'N' ).first
+          if( ( ip & 0xFFFFFF00 ) == 0x00000000 and ( ip & 0x000000FF ) != 0x00 )
+            hostname = ''
+            while( hostname.index( "\x00" ) == nil )
+              hostname += sock.read( 1 )
+            end
+            raw << hostname
+          end
+        end
+        # create a packet from this raw data...
+        packet = Packet.new
+        packet.from_r( raw ) ? packet : nil
+      end
+      #
+      # Pack a packet into raw bytes for transmitting on the wire.
+      #
+      def to_r
+        raw = [ @version, @command, @dest_port, Rex::Socket.addr_atoi( @dest_ip ) ].pack( 'CCnN' )
+        return raw if( @userid.empty? )
+        return raw + [ @userid ].pack( 'Z*' )
+      end
+      #
+      # Unpack a raw packet into its components.
+      #
+      def from_r( raw )
+        return false if( raw.length < 8 )
+        @version   = raw[0..0].unpack( 'C' ).first
+        return false if( @version != REQUEST_VERSION and @version != REPLY_VERSION )
+        @command   = raw[1..1].unpack( 'C' ).first
+        @dest_port = raw[2..3].unpack( 'n' ).first
+        @dest_ip   = Rex::Socket.addr_itoa( raw[4..7].unpack( 'N' ).first )
+        if( raw.length > 8 )
+          @userid = raw[8..raw.length].unpack( 'Z*' ).first
+          # if this is a socks4a request we can resolve the provided hostname
+          if( self.is_hostname? )
+            hostname = raw[(8+@userid.length+1)..raw.length].unpack( 'Z*' ).first
+            @dest_ip = self.resolve( hostname )
+            # fail if we couldnt resolve the hostname
+            return false if( not @dest_ip )
+          end
+        else
+          @userid  = ''
+        end
+        return true
+      end
+      def is_connect?
+        @command == COMMAND_CONNECT ? true : false
+      end
+      def is_bind?
+        @command == COMMAND_BIND ? true : false
+      end
+      attr_accessor :version, :command, :dest_port, :dest_ip, :userid
+      protected
+      #
+      # Resolve the given hostname into a dotted IP address.
+      #
+      def resolve( hostname )
+        if( not hostname.empty? )
+          begin
+            return Rex::Socket.addr_itoa( Rex::Socket.gethostbyname( hostname )[3].unpack( 'N' ).first )
+          rescue ::SocketError
+            return nil
+          end
+        end
+        return nil
+      end
+      #
+      # As per the Socks4a spec, check to see if the provided dest_ip is 0.0.0.XX
+      # which indicates after the @userid field contains a hostname to resolve.
+      #
+      def is_hostname?
+        ip = Rex::Socket.addr_atoi( @dest_ip )
+        if( ip & 0xFFFFFF00 == 0x00000000 )
+          return true if( ip & 0x000000FF != 0x00 )
+        end
+        return false
+      end
+    end
+    #
+    # A mixin for a socket to perform a relay to another socket.
+    #
+    module Relay
+      #
+      # Relay data coming in from relay_sock to this socket.
+      #
+      def relay( relay_client, relay_sock )
+        @relay_client = relay_client
+        @relay_sock   = relay_sock
+        # start the relay thread (modified from Rex::IO::StreamAbstraction)
+        @relay_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServerRelay", false) do
+          loop do
+            closed = false
+            buf    = nil
+            begin
+              s = Rex::ThreadSafe.select( [ @relay_sock ], nil, nil, 0.2 )
+              if( s == nil || s[0] == nil )
+                next
+              end
+            rescue
+              closed = true
+            end
+            if( closed == false )
+              begin
+                buf = @relay_sock.sysread( 32768 )
+                closed = true if( buf == nil )
+              rescue
+                closed = true
+              end
+            end
+            if( closed == false )
+              total_sent   = 0
+              total_length = buf.length
+              while( total_sent < total_length )
+                begin
+                  data = buf[total_sent, buf.length]
+                  sent = self.write( data )
+                  if( sent > 0 )
+                    total_sent += sent
+                  end
+                rescue
+                  closed = true
+                  break
+                end
+              end
+            end
+            if( closed )
+              @relay_client.stop
+              ::Thread.exit
+            end
+          end
+        end
+      end
+    end
+    #
+    # Create a new client connected to the server.
+    #
+    def initialize( server, sock )
+      @server        = server
+      @lsock         = sock
+      @rsock         = nil
+      @client_thread = nil
+      @mutex         = ::Mutex.new
+    end
+    #
+    # Start handling the client connection.
+    #
+    def start
+      # create a thread to handle this client request so as to not block the socks4a server
+      @client_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyClient", false) do
+        begin
+          @server.add_client( self )
+          # get the initial client request packet
+          request = Packet.recv( @lsock )
+          raise "Invalid Socks4 request packet received." if not request
+          # handle the request
+          begin
+            # handle socks4a conenct requests
+            if( request.is_connect? )
+              # perform the connection request
+              params = {
+                'PeerHost' => request.dest_ip,
+                'PeerPort' => request.dest_port,
+              }
+              params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
+              @rsock = Rex::Socket::Tcp.create( params )
+              # and send back success to the client
+              response         = Packet.new
+              response.version = REPLY_VERSION
+              response.command = REQUEST_GRANTED
+              @lsock.put( response.to_r )
+            # handle socks4a bind requests
+            elsif( request.is_bind? )
+              # create a server socket for this request
+              params = {
+                'LocalHost' => '0.0.0.0',
+                'LocalPort' => 0,
+              }
+              params['Context'] = @server.opts['Context'] if @server.opts.has_key?('Context')
+              bsock = Rex::Socket::TcpServer.create( params )
+              # send back the bind success to the client
+              response           = Packet.new
+              response.version   = REPLY_VERSION
+              response.command   = REQUEST_GRANTED
+              response.dest_ip   = '0.0.0.0'
+              response.dest_port = bsock.getlocalname()[PORT]
+              @lsock.put( response.to_r )
+              # accept a client connection (2 minute timeout as per spec)
+              begin
+                ::Timeout.timeout( 120 ) do
+                  @rsock = bsock.accept
+                end
+              rescue ::Timeout::Error
+                raise "Timeout reached on accept request."
+              end
+              # close the listening socket
+              bsock.close
+              # verify the connection is from the dest_ip origionally specified by the client
+              rpeer = @rsock.getpeername
+              raise "Got connection from an invalid peer." if( rpeer[HOST] != request.dest_ip )
+              # send back the client connect success to the client
+              #
+              # sf: according to the spec we send this response back to the client, however
+              #     I have seen some clients who bawk if they get this second response.
+              #
+              response           = Packet.new
+              response.version   = REPLY_VERSION
+              response.command   = REQUEST_GRANTED
+              response.dest_ip   = rpeer[HOST]
+              response.dest_port = rpeer[PORT]
+              @lsock.put( response.to_r )
+            else
+              raise "Unknown request command received #{request.command} received."
+            end
+          rescue
+            # send back failure to the client
+            response         = Packet.new
+            response.version = REPLY_VERSION
+            response.command = REQUEST_REJECT_FAILED
+            @lsock.put( response.to_r )
+            # raise an exception to close this client connection
+            raise "Failed to handle the clients request."
+          end
+          # setup the two way relay for full duplex io
+          @lsock.extend( Relay )
+          @rsock.extend( Relay )
+          # start the socket relays...
+          @lsock.relay( self, @rsock )
+          @rsock.relay( self, @lsock )
+        rescue
+          wlog( "Client.start - #{$!}" )
+          self.stop
+        end
+      end
+    end
+    #
+    # Stop handling the client connection.
+    #
+    def stop
+      @mutex.synchronize do
+        if( not @closed )
+          begin
+            @lsock.close if @lsock
+          rescue
+          end
+          begin
+            @rsock.close if @rsock
+          rescue
+          end
+          @client_thread.kill if( @client_thread and @client_thread.alive? )
+          @server.remove_client( self )
+          @closed = true
+        end
+      end
+    end
+  end
+  #
+  # Create a new Socks4a server.
+  #
+  def initialize( opts={} )
+    @opts          = { 'ServerHost' => '0.0.0.0', 'ServerPort' => 1080 }
+    @opts          = @opts.merge( opts )
+    @server        = nil
+    @clients       = ::Array.new
+    @running       = false
+    @server_thread = nil
+  end
+  #
+  # Check if the server is running.
+  #
+  def is_running?
+    return @running
+  end
+  #
+  # Start the Socks4a server.
+  #
+  def start
+      begin
+        # create the servers main socket (ignore the context here because we don't want a remote bind)
+        @server = Rex::Socket::TcpServer.create( 'LocalHost' => @opts['ServerHost'], 'LocalPort' => @opts['ServerPort'] )
+        # signal we are now running
+        @running = true
+        # start the servers main thread to pick up new clients
+        @server_thread = Rex::ThreadFactory.spawn("SOCKS4AProxyServer", false) do
+          while( @running ) do
+            begin
+              # accept the client connection
+              sock = @server.accept
+              # and fire off a new client instance to handle it
+              Client.new( self, sock ).start
+            rescue
+              wlog( "Socks4a.start - server_thread - #{$!}" )
+            end
+          end
+        end
+      rescue
+        wlog( "Socks4a.start - #{$!}" )
+        return false
+      end
+      return true
+  end
+  #
+  # Block while the server is running.
+  #
+  def join
+    @server_thread.join if @server_thread
+  end
+  #
+  # Stop the Socks4a server.
+  #
+  def stop
+    if( @running )
+      # signal we are no longer running
+      @running = false
+      # stop any clients we have (create a new client array as client.stop will delete from @clients)
+      clients = []
+      clients.concat( @clients )
+      clients.each do | client |
+        client.stop
+      end
+      # close the server socket
+      @server.close if @server
+      # if the server thread did not terminate gracefully, kill it.
+      @server_thread.kill if( @server_thread and @server_thread.alive? )
+    end
+    return !@running
+  end
+  def add_client( client )
+    @clients << client
+  end
+  def remove_client( client )
+    @clients.delete( client )
+  end
+  attr_reader :opts
+end
+end; end; end