librex 0.0.53 → 0.0.54

data/README.markdown

@@ -3,7 +3,7 @@
 A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
 
 Currently based on:
-SVN Revision: 13810
+SVN Revision: 13882
 
 # Credits
 The Metasploit development team <http://www.metasploit.com>

data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb

@@ -7,9 +7,30 @@ module Railgun
 module Def
 
 class Def_advapi32
+	
+	CREDENTIAL = [
+		[:Flags, :DWORD],
+		[:Type, :DWORD],
+		[:TargetName, :LPTSTR],
+		[:Comment, :LPTSTR],
+		[:LastWritten, :FILETIME],
+		[:CredentialBlobSize, :DWORD],
+		[:CredentialBlob, :LPBYTE],
+		[:Persist, :DWORD],
+		[:AttributeCount, :LPTSTR],
+		[:Attributes, :PCREDENTIAL_ATTRIBUTE],
+		[:TargetAlias, :LPTSTR],
+		[:UserName, :LPTSTR]
+	]
 
 	def self.create_dll(dll_path = 'advapi32')
 		dll = DLL.new(dll_path, ApiConstants.manager)
+		
+		dll.add_function('CredEnumerateA', 'BOOL', [
+				['PCHAR', 'Filter', 'in'],
+				['DWORD', 'Flags', 'in'],
+				['PDWORD', 'Count', 'out'],
+				['PBLOB', 'Credentials', 'out']])
 
 		#Functions for Windows CryptoAPI
 		dll.add_function( 'CryptAcquireContextW', 'BOOL',[
@@ -181,7 +202,7 @@ class Def_advapi32
 				['LPVOID', 'hHash', 'in'],
 				['DWORD', 'dwParam', 'in'],
 				['PBLOB', 'pbData', 'out'],
-				['PDWORD', 'pdwDataLen', 'out'],
+				['PDWORD', 'pdwDataLen', 'inout'],
 				['DWORD', 'dwFlags', 'in']])
 
 		dll.add_function( 'CryptHashSessionKey', 'BOOL', [

data/lib/rex/socket.rb

@@ -179,6 +179,42 @@ module Socket
 		end
 	end
 
+	#
+	# Wrapper for Resolv.getaddress that takes special care to see if the
+	# supplied address is already a dotted quad, for instance.  This is
+	# necessary to prevent calls to gethostbyaddr (which occurs on windows).
+	# These calls can be quite slow. This also fixes an issue with the
+	# Resolv.getaddress() call being non-functional on Ruby 1.9.1 (Win32).
+	#
+	def self.getaddresses(addr, accept_ipv6 = true)
+		begin
+			if dotted_ip?(addr)
+				return addr
+			end
+
+			res = ::Socket.gethostbyname(addr)
+			return nil if not res
+
+			# Shift the first three elements out
+			rname  = res.shift
+			ralias = res.shift
+			rtype  = res.shift
+
+			# Reject IPv6 addresses if we don't accept them
+			if not accept_ipv6
+				res.reject!{|nbo| nbo.length != 4}
+			end
+
+			# Make sure we have at least one name
+			return nil if res.length == 0
+
+			# Return an array of all addresses
+			res.map{ |addr| self.addr_ntoa(addr) }
+		rescue ::ArgumentError # Win32 bug
+			nil
+		end
+	end
+	
 	#
 	# Wrapper for Socket.gethostbyname which takes into account whether or not
 	# an IP address is supplied.  If it is, then reverse DNS resolution does
@@ -228,6 +264,13 @@ module Socket
 		self.gethostbyname(Rex::Socket.getaddress(host))[3]
 	end
 
+	#
+	# Resolves a host to raw network-byte order.
+	#
+	def self.resolv_nbo_list(host)
+		Rex::Socket.getaddresses(host).map{|addr| self.gethostbyname(addr)[3] }
+	end
+
 	#
 	# Resolves a host to a network-byte order ruby integer.
 	#
@@ -235,6 +278,13 @@ module Socket
 		addr_ntoi(resolv_nbo(host))
 	end
 
+	#
+	# Resolves a host to a list of network-byte order ruby integers.
+	#
+	def self.resolv_nbo_i_list(host)
+		resolv_nbo_list(host).map{|addr| addr_ntoi(addr) }
+	end
+	
 	#
 	# Converts an ASCII IP address to a CIDR mask. Returns
 	# nil if it's not convertable.
@@ -274,6 +324,13 @@ module Socket
 		resolv_nbo_i(addr)
 	end
 
+	#
+	# Converts a ascii address into a list of addresses
+	#
+	def self.addr_atoi_list(addr)
+		resolv_nbo_i_list(addr)
+	end
+	
 	#
 	# Converts an integer address into ascii
 	#

data/lib/rex/socket/range_walker.rb

@@ -82,9 +82,8 @@ class RangeWalker
 			elsif arg =~ /[^-0-9,.*]/
 				# Then it's a domain name and we should send it on to addr_atoi
 				# unmolested to force a DNS lookup.
-				addr = Rex::Socket.addr_atoi(arg)
-				ranges.push [addr, addr]
-			elsif arg =~ /^([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)-([0-9]+\.[0-9]+\.[0-9]+\.[0-9]+)$/
+				Rex::Socket.addr_atoi_list(arg).each { |addr| ranges.push [addr, addr] }
+			elsif arg =~ /^([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})-([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})$/
 				# Then it's in the format of 1.2.3.4-5.6.7.8
 				# Note, this will /not/ deal with DNS names, or the fancy/obscure 10...1-10...2
 				begin 

data/lib/rex/text.rb

@@ -681,14 +681,14 @@ module Text
 	# Base64 encoder
 	#
 	def self.encode_base64(str, delim='')
-		[str].pack("m").gsub(/\s+/, delim)
+		[str.to_s].pack("m").gsub(/\s+/, delim)
 	end
 
 	#
 	# Base64 decoder
 	#
 	def self.decode_base64(str)
-		str.unpack("m")[0]
+		str.to_s.unpack("m")[0]
 	end
 
 	#

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: librex
 version: !ruby/object:Gem::Version
-  version: 0.0.53
+  version: 0.0.54
   prerelease: 
 platform: ruby
 authors:
@@ -10,10 +10,10 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2011-10-02 00:00:00.000000000Z
+date: 2011-10-11 00:00:00.000000000Z
 dependencies: []
 description: Rex provides a variety of classes useful for security testing and exploit
-  development. Based on SVN Revision 13810
+  development. Based on SVN Revision 13882
 email:
 - hdm@metasploit.com
 - jacob.hammack@hammackj.com