librex 0.0.53 → 0.0.54
Sign up to get free protection for your applications and to get access to all the features.
data/README.markdown
CHANGED
@@ -3,7 +3,7 @@
|
|
3
3
|
A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
|
4
4
|
|
5
5
|
Currently based on:
|
6
|
-
SVN Revision:
|
6
|
+
SVN Revision: 13882
|
7
7
|
|
8
8
|
# Credits
|
9
9
|
The Metasploit development team <http://www.metasploit.com>
|
@@ -7,9 +7,30 @@ module Railgun
|
|
7
7
|
module Def
|
8
8
|
|
9
9
|
class Def_advapi32
|
10
|
+
|
11
|
+
CREDENTIAL = [
|
12
|
+
[:Flags, :DWORD],
|
13
|
+
[:Type, :DWORD],
|
14
|
+
[:TargetName, :LPTSTR],
|
15
|
+
[:Comment, :LPTSTR],
|
16
|
+
[:LastWritten, :FILETIME],
|
17
|
+
[:CredentialBlobSize, :DWORD],
|
18
|
+
[:CredentialBlob, :LPBYTE],
|
19
|
+
[:Persist, :DWORD],
|
20
|
+
[:AttributeCount, :LPTSTR],
|
21
|
+
[:Attributes, :PCREDENTIAL_ATTRIBUTE],
|
22
|
+
[:TargetAlias, :LPTSTR],
|
23
|
+
[:UserName, :LPTSTR]
|
24
|
+
]
|
10
25
|
|
11
26
|
def self.create_dll(dll_path = 'advapi32')
|
12
27
|
dll = DLL.new(dll_path, ApiConstants.manager)
|
28
|
+
|
29
|
+
dll.add_function('CredEnumerateA', 'BOOL', [
|
30
|
+
['PCHAR', 'Filter', 'in'],
|
31
|
+
['DWORD', 'Flags', 'in'],
|
32
|
+
['PDWORD', 'Count', 'out'],
|
33
|
+
['PBLOB', 'Credentials', 'out']])
|
13
34
|
|
14
35
|
#Functions for Windows CryptoAPI
|
15
36
|
dll.add_function( 'CryptAcquireContextW', 'BOOL',[
|
@@ -181,7 +202,7 @@ class Def_advapi32
|
|
181
202
|
['LPVOID', 'hHash', 'in'],
|
182
203
|
['DWORD', 'dwParam', 'in'],
|
183
204
|
['PBLOB', 'pbData', 'out'],
|
184
|
-
['PDWORD', 'pdwDataLen', '
|
205
|
+
['PDWORD', 'pdwDataLen', 'inout'],
|
185
206
|
['DWORD', 'dwFlags', 'in']])
|
186
207
|
|
187
208
|
dll.add_function( 'CryptHashSessionKey', 'BOOL', [
|
data/lib/rex/socket.rb
CHANGED
@@ -179,6 +179,42 @@ module Socket
|
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
182
|
+
#
|
183
|
+
# Wrapper for Resolv.getaddress that takes special care to see if the
|
184
|
+
# supplied address is already a dotted quad, for instance. This is
|
185
|
+
# necessary to prevent calls to gethostbyaddr (which occurs on windows).
|
186
|
+
# These calls can be quite slow. This also fixes an issue with the
|
187
|
+
# Resolv.getaddress() call being non-functional on Ruby 1.9.1 (Win32).
|
188
|
+
#
|
189
|
+
def self.getaddresses(addr, accept_ipv6 = true)
|
190
|
+
begin
|
191
|
+
if dotted_ip?(addr)
|
192
|
+
return addr
|
193
|
+
end
|
194
|
+
|
195
|
+
res = ::Socket.gethostbyname(addr)
|
196
|
+
return nil if not res
|
197
|
+
|
198
|
+
# Shift the first three elements out
|
199
|
+
rname = res.shift
|
200
|
+
ralias = res.shift
|
201
|
+
rtype = res.shift
|
202
|
+
|
203
|
+
# Reject IPv6 addresses if we don't accept them
|
204
|
+
if not accept_ipv6
|
205
|
+
res.reject!{|nbo| nbo.length != 4}
|
206
|
+
end
|
207
|
+
|
208
|
+
# Make sure we have at least one name
|
209
|
+
return nil if res.length == 0
|
210
|
+
|
211
|
+
# Return an array of all addresses
|
212
|
+
res.map{ |addr| self.addr_ntoa(addr) }
|
213
|
+
rescue ::ArgumentError # Win32 bug
|
214
|
+
nil
|
215
|
+
end
|
216
|
+
end
|
217
|
+
|
182
218
|
#
|
183
219
|
# Wrapper for Socket.gethostbyname which takes into account whether or not
|
184
220
|
# an IP address is supplied. If it is, then reverse DNS resolution does
|
@@ -228,6 +264,13 @@ module Socket
|
|
228
264
|
self.gethostbyname(Rex::Socket.getaddress(host))[3]
|
229
265
|
end
|
230
266
|
|
267
|
+
#
|
268
|
+
# Resolves a host to raw network-byte order.
|
269
|
+
#
|
270
|
+
def self.resolv_nbo_list(host)
|
271
|
+
Rex::Socket.getaddresses(host).map{|addr| self.gethostbyname(addr)[3] }
|
272
|
+
end
|
273
|
+
|
231
274
|
#
|
232
275
|
# Resolves a host to a network-byte order ruby integer.
|
233
276
|
#
|
@@ -235,6 +278,13 @@ module Socket
|
|
235
278
|
addr_ntoi(resolv_nbo(host))
|
236
279
|
end
|
237
280
|
|
281
|
+
#
|
282
|
+
# Resolves a host to a list of network-byte order ruby integers.
|
283
|
+
#
|
284
|
+
def self.resolv_nbo_i_list(host)
|
285
|
+
resolv_nbo_list(host).map{|addr| addr_ntoi(addr) }
|
286
|
+
end
|
287
|
+
|
238
288
|
#
|
239
289
|
# Converts an ASCII IP address to a CIDR mask. Returns
|
240
290
|
# nil if it's not convertable.
|
@@ -274,6 +324,13 @@ module Socket
|
|
274
324
|
resolv_nbo_i(addr)
|
275
325
|
end
|
276
326
|
|
327
|
+
#
|
328
|
+
# Converts a ascii address into a list of addresses
|
329
|
+
#
|
330
|
+
def self.addr_atoi_list(addr)
|
331
|
+
resolv_nbo_i_list(addr)
|
332
|
+
end
|
333
|
+
|
277
334
|
#
|
278
335
|
# Converts an integer address into ascii
|
279
336
|
#
|
@@ -82,9 +82,8 @@ class RangeWalker
|
|
82
82
|
elsif arg =~ /[^-0-9,.*]/
|
83
83
|
# Then it's a domain name and we should send it on to addr_atoi
|
84
84
|
# unmolested to force a DNS lookup.
|
85
|
-
|
86
|
-
|
87
|
-
elsif arg =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/
|
85
|
+
Rex::Socket.addr_atoi_list(arg).each { |addr| ranges.push [addr, addr] }
|
86
|
+
elsif arg =~ /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
|
88
87
|
# Then it's in the format of 1.2.3.4-5.6.7.8
|
89
88
|
# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
|
90
89
|
begin
|
data/lib/rex/text.rb
CHANGED
@@ -681,14 +681,14 @@ module Text
|
|
681
681
|
# Base64 encoder
|
682
682
|
#
|
683
683
|
def self.encode_base64(str, delim='')
|
684
|
-
[str].pack("m").gsub(/\s+/, delim)
|
684
|
+
[str.to_s].pack("m").gsub(/\s+/, delim)
|
685
685
|
end
|
686
686
|
|
687
687
|
#
|
688
688
|
# Base64 decoder
|
689
689
|
#
|
690
690
|
def self.decode_base64(str)
|
691
|
-
str.unpack("m")[0]
|
691
|
+
str.to_s.unpack("m")[0]
|
692
692
|
end
|
693
693
|
|
694
694
|
#
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: librex
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.0.
|
4
|
+
version: 0.0.54
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -10,10 +10,10 @@ authors:
|
|
10
10
|
autorequire:
|
11
11
|
bindir: bin
|
12
12
|
cert_chain: []
|
13
|
-
date: 2011-10-
|
13
|
+
date: 2011-10-11 00:00:00.000000000Z
|
14
14
|
dependencies: []
|
15
15
|
description: Rex provides a variety of classes useful for security testing and exploit
|
16
|
-
development. Based on SVN Revision
|
16
|
+
development. Based on SVN Revision 13882
|
17
17
|
email:
|
18
18
|
- hdm@metasploit.com
|
19
19
|
- jacob.hammack@hammackj.com
|