librex 0.0.5 → 0.0.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (68) hide show
  1. data/README.md +1 -1
  2. data/Rakefile +13 -0
  3. data/lib/rex.rb +4 -1
  4. data/lib/rex/assembly/nasm.rb +4 -0
  5. data/lib/rex/compat.rb +31 -1
  6. data/lib/rex/encoder/alpha2/generic.rb +11 -10
  7. data/lib/rex/exceptions.rb +1 -1
  8. data/lib/rex/exploitation/egghunter.rb +27 -0
  9. data/lib/rex/file.rb +13 -0
  10. data/lib/rex/io/stream.rb +9 -1
  11. data/lib/rex/io/stream_abstraction.rb +18 -7
  12. data/lib/rex/io/stream_server.rb +2 -2
  13. data/lib/rex/job_container.rb +1 -1
  14. data/lib/rex/mime/message.rb +5 -4
  15. data/lib/rex/ole.rb +83 -6
  16. data/lib/rex/ole/propset.rb +144 -0
  17. data/lib/rex/parser/ip360_aspl_xml.rb +102 -0
  18. data/lib/rex/parser/ip360_xml.rb +93 -0
  19. data/lib/rex/parser/nessus_xml.rb +118 -0
  20. data/lib/rex/parser/netsparker_xml.rb +94 -0
  21. data/lib/rex/parser/retina_xml.rb +109 -0
  22. data/lib/rex/post/meterpreter/channel.rb +15 -8
  23. data/lib/rex/post/meterpreter/client.rb +32 -3
  24. data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +1 -1
  25. data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +14 -5
  26. data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +1 -1
  27. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +3 -3
  28. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +1 -1
  29. data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +1 -1
  30. data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +5 -0
  31. data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +16 -8
  32. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +16 -7
  33. data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +1 -1
  34. data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +15 -4
  35. data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +13 -7
  36. data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +20 -0
  37. data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +63 -0
  38. data/lib/rex/post/meterpreter/packet_dispatcher.rb +18 -7
  39. data/lib/rex/post/meterpreter/packet_response_waiter.rb +10 -17
  40. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +1 -1
  41. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +16 -6
  42. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +4 -5
  43. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +2 -0
  44. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +4 -2
  45. data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +157 -0
  46. data/lib/rex/proto/dhcp/server.rb +8 -4
  47. data/lib/rex/proto/http/client.rb +19 -45
  48. data/lib/rex/proto/http/packet.rb +8 -5
  49. data/lib/rex/proto/http/response.rb +8 -3
  50. data/lib/rex/proto/http/server.rb +1 -1
  51. data/lib/rex/proto/proxy/socks4a.rb +4 -4
  52. data/lib/rex/proto/rfb.rb +19 -0
  53. data/lib/rex/proto/rfb.rb.ut.rb +37 -0
  54. data/lib/rex/proto/rfb/cipher.rb +78 -0
  55. data/lib/rex/proto/rfb/client.rb +207 -0
  56. data/lib/rex/proto/rfb/constants.rb +52 -0
  57. data/lib/rex/proto/tftp/server.rb +20 -17
  58. data/lib/rex/services/local_relay.rb +1 -1
  59. data/lib/rex/socket.rb +69 -10
  60. data/lib/rex/socket/comm/local.rb +7 -4
  61. data/lib/rex/socket/range_walker.rb +14 -1
  62. data/lib/rex/text.rb +28 -3
  63. data/lib/rex/text.rb.ut.rb +14 -0
  64. data/lib/rex/thread_factory.rb +42 -0
  65. data/lib/rex/ui/text/input/buffer.rb +1 -1
  66. data/lib/rex/zip/archive.rb +74 -9
  67. data/lib/rex/zip/entry.rb +6 -1
  68. metadata +22 -7
data/README.md CHANGED
@@ -4,7 +4,7 @@ REX
4
4
  A non-official re-packaging of the Rex library as a gem for easy of usage of the Metasploit REX framework in a non Metasploit application. I received permission from HDM to create this package.
5
5
 
6
6
  Currently based on:
7
- SVN Revision: 10547
7
+ SVN Revision: 11474
8
8
 
9
9
  Credits
10
10
  ===
@@ -0,0 +1,13 @@
1
+ $LOAD_PATH.unshift File.expand_path("../lib", __FILE__)
2
+
3
+ task :build do
4
+ system "gem build librex.gemspec"
5
+ end
6
+
7
+ task :release => :build do
8
+ system "gem push librex-*.gem"
9
+ end
10
+
11
+ task :clean do
12
+ system "rm *.gem"
13
+ end
data/lib/rex.rb CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  The Metasploit Rex library is provided under the 3-clause BSD license.
4
4
 
5
- Copyright (c) 2005-2006, Rapid7 LLC
5
+ Copyright (c) 2005-2010, Rapid7 LLC
6
6
  All rights reserved.
7
7
 
8
8
  Redistribution and use in source and binary forms, with or without modification,
@@ -49,6 +49,9 @@ require 'rex/file'
49
49
  # Thread safety and synchronization
50
50
  require 'rex/sync'
51
51
 
52
+ # Thread factory
53
+ require 'rex/thread_factory'
54
+
52
55
  # Encoding
53
56
  require 'rex/encoder/xor'
54
57
  require 'rex/encoding/xor'
@@ -42,6 +42,8 @@ class Nasm
42
42
 
43
43
  # Open the temporary file
44
44
  tmp = Tempfile.new('nasmXXXX')
45
+ tmp.binmode
46
+
45
47
  tpath = tmp.path
46
48
  opath = tmp.path + '.out'
47
49
 
@@ -72,6 +74,8 @@ class Nasm
72
74
  check
73
75
 
74
76
  tmp = Tempfile.new('nasmout')
77
+ tmp.binmode
78
+
75
79
  tfd = File.open(tmp.path, "wb")
76
80
 
77
81
  tfd.write(raw)
@@ -37,7 +37,7 @@ ENABLE_PROCESSED_INPUT = 1
37
37
 
38
38
  def self.is_windows
39
39
  return @@is_windows if @@is_windows
40
- @@is_windows = (RUBY_PLATFORM =~ /mswin32/) ? true : false
40
+ @@is_windows = (RUBY_PLATFORM =~ /mswin32|mingw32/) ? true : false
41
41
  end
42
42
 
43
43
  def self.is_cygwin
@@ -80,6 +80,18 @@ def self.is_java
80
80
  @@is_java = (RUBY_PLATFORM =~ /java/) ? true : false
81
81
  end
82
82
 
83
+ def self.is_wow64
84
+ return false if not is_windows
85
+ is64 = false
86
+ begin
87
+ buff = "\x00" * 4
88
+ Win32API.new("kernel32","IsWow64Process",['L','P'],'L').call(-1, buff)
89
+ is64 = (buff.unpack("V")[0]) == 1 ? true : false
90
+ rescue ::Exception
91
+ end
92
+ is64
93
+ end
94
+
83
95
  def self.cygwin_to_win32(path)
84
96
  if(path !~ /^\/cygdrive/)
85
97
  return ::IO.popen("cygpath -w #{path}", "rb").read.strip
@@ -115,6 +127,23 @@ def self.open_browser(url='http://metasploit.com/')
115
127
  when /darwin/
116
128
  system("open #{url}")
117
129
  else
130
+ # Search through the PATH variable (if it exists) and chose a browser
131
+ # We are making an assumption about the nature of "PATH" so tread lightly
132
+ if defined? ENV['PATH']
133
+ # "sensible-browser" opens the "default" browser in Ubuntu and others, so try that first
134
+ # but also provide fallbacks
135
+ ['sensible-browser', 'firefox', 'opera', 'chromium-browser', 'konqueror'].each do |browser|
136
+ ENV['PATH'].split(':').each do |path|
137
+ # Does the browser exists?
138
+ if File.exists?("#{path}/#{browser}")
139
+ system("#{browser} #{url} &")
140
+ return
141
+ end
142
+ end
143
+ end
144
+ end
145
+
146
+ # If nothing else worked, default to firefox
118
147
  system("firefox #{url} &")
119
148
  end
120
149
  end
@@ -231,6 +260,7 @@ def self.temp_copy(path)
231
260
  raise RuntimeError,"missing Tempfile" if not @@loaded_tempfile
232
261
  fd = File.open(path, "rb")
233
262
  tp = Tempfile.new("msftemp")
263
+ tp.binmode
234
264
  tp.write(fd.read(File.size(path)))
235
265
  tp.close
236
266
  fd.close
@@ -54,20 +54,21 @@ class Generic
54
54
  gen_base_set(block).each do |randbase_|
55
55
  second = gen_second(block, randbase_)
56
56
  next if second < 0
57
- if(accepted_chars.include?([second].pack('C')))
57
+ if accepted_chars.include?([second].pack('C'))
58
58
  found = second
59
59
  randbase = randbase_
60
60
  break
61
61
  end
62
62
  end
63
63
 
64
- if(not found)
65
- raise RuntimeError, "No valid base found for #{"0x%.2x" % block}"
66
- end
67
-
68
- raise RuntimeError, "Negative" if second < 0
69
- if !(accepted_chars.include?([second].pack('C')))
70
- raise RuntimeError, "BadChar; #{block} to #{second}"
64
+ if not found
65
+ msg = "No valid base found for #{"0x%.2x" % block}"
66
+ if not accepted_chars.include?([second].pack('C'))
67
+ msg << ": BadChar to #{second}"
68
+ elsif second < 1
69
+ msg << ": Negative"
70
+ end
71
+ raise RuntimeError, msg
71
72
  end
72
73
 
73
74
  if (randbase > 0xa0)
@@ -79,10 +80,10 @@ class Generic
79
80
  else
80
81
  # pick one at "random"
81
82
  first = (randbase/0x10)
82
- if (first % 2)
83
+ if (first % 2) > 0
83
84
  first += 0x40
84
85
  else
85
- randbase += 0x50
86
+ first += 0x50
86
87
  end
87
88
  end
88
89
 
@@ -61,7 +61,7 @@ class ArgumentError < ::ArgumentError
61
61
  def to_s
62
62
  str = 'An invalid argument was specified.'
63
63
  if @message
64
- str += " #{@message}"
64
+ str << " #{@message}"
65
65
  end
66
66
  str
67
67
  end
@@ -18,6 +18,7 @@ module Exploitation
18
18
  # Checksum checking implemented by dijital1/corelanc0d3r
19
19
  # Checksum code merged to Egghunter by jduck
20
20
  # Conversion to use Metasm by jduck
21
+ # Startreg code added by corelanc0d3r
21
22
  #
22
23
  ###
23
24
  class Egghunter
@@ -38,12 +39,25 @@ class Egghunter
38
39
  #
39
40
  def hunter_stub(payload, badchars = '', opts = {})
40
41
 
42
+ startreg = opts[:startreg]
43
+
41
44
  raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
42
45
  marker = "0x%x" % opts[:eggtag].unpack('V').first
43
46
 
44
47
  checksum = checksum_stub(payload, badchars, opts)
45
48
 
49
+ startstub = ''
50
+ if startreg
51
+ if startreg.downcase != 'edx'
52
+ startstub = "\n\tmov edx,#{startreg}\n\tjmp next_addr"
53
+ else
54
+ startstub = "\n\tjmp next_addr"
55
+ end
56
+ end
57
+ startstub << "\n\t" if startstub.length > 0
58
+
46
59
  assembly = <<EOS
60
+ #{startstub}
47
61
  check_readable:
48
62
  or dx,0xfff
49
63
  next_addr:
@@ -97,13 +111,26 @@ EOS
97
111
  #
98
112
  def hunter_stub(payload, badchars = '', opts = {})
99
113
 
114
+ startreg = opts[:startreg]
115
+
100
116
  raise RuntimeError, "Invalid egg string! Need #{esize} bytes." if opts[:eggtag].length != 4
101
117
  marker = "0x%x" % opts[:eggtag].unpack('V').first
102
118
 
103
119
  checksum = checksum_stub(payload, badchars, opts)
104
120
 
121
+ startstub = ''
122
+ if startreg
123
+ if startreg.downcase != 'ecx'
124
+ startstub = "\n\tmov ecx,#{startreg}\n\tjmp next_addr"
125
+ else
126
+ startstub = "\n\tjmp next_addr"
127
+ end
128
+ end
129
+ startstub << "\n\t" if startstub.length > 0
130
+
105
131
  assembly = <<EOS
106
132
  cld
133
+ #{startstub}
107
134
  check_readable:
108
135
  or cx,0xfff
109
136
  next_addr:
@@ -1,5 +1,6 @@
1
1
  require 'find'
2
2
  require 'rex/compat'
3
+ require 'tempfile'
3
4
 
4
5
  module Rex
5
6
 
@@ -26,6 +27,10 @@ module FileUtils
26
27
  if (path)
27
28
  path.split(::File::PATH_SEPARATOR).each { |base|
28
29
  begin
30
+ # Deal with Windows paths surrounded by quotes. Prevents
31
+ # silliness like trying to look for
32
+ # '"C:\\framework\\nmap"\\nmap.exe' which will always fail.
33
+ base = $1 if base =~ /^"(.*)"$/
29
34
  path = base + ::File::SEPARATOR + file_name
30
35
  if (::File::Stat.new(path) and not ::File.directory?(path))
31
36
  return path
@@ -39,6 +44,14 @@ module FileUtils
39
44
 
40
45
  end
41
46
 
47
+ class Quickfile < ::Tempfile
48
+ def initialize(*args)
49
+ super(*args)
50
+ self.binmode
51
+ ObjectSpace.undefine_finalizer(self)
52
+ end
53
+ end
54
+
42
55
  module Find
43
56
  #
44
57
  # Identical to Find.find from Ruby, but follows symlinks to directories.
@@ -34,19 +34,27 @@ module Stream
34
34
  def write(buf, opts = {})
35
35
  total_sent = 0
36
36
  total_length = buf.length
37
+ block_size = 32768
37
38
  begin
38
39
  while( total_sent < total_length )
39
40
  s = Rex::ThreadSafe.select( nil, [ fd ], nil, 0.2 )
40
41
  if( s == nil || s[0] == nil )
41
42
  next
42
43
  end
43
- data = buf[0, 32768]
44
+ data = buf[0, block_size]
44
45
  sent = fd.write_nonblock( data )
45
46
  if sent > 0
46
47
  total_sent += sent
47
48
  buf[0, sent] = ""
48
49
  end
49
50
  end
51
+ rescue ::Errno::EAGAIN
52
+ # Sleep for a half a second, or until we can write again
53
+ Rex::ThreadSafe.select( nil, [ fd ], nil, 0.5 )
54
+ # Decrement the block size to handle full sendQs better
55
+ block_size = 1024
56
+ # Try to write the data again
57
+ retry
50
58
  rescue ::IOError, ::Errno::EPIPE
51
59
  return nil if (fd.abortive_close == true)
52
60
  raise $!
@@ -53,8 +53,7 @@ module StreamAbstraction
53
53
  self.lsock.extend(Ext)
54
54
  self.rsock.extend(Rex::IO::Stream)
55
55
 
56
- self.monitor_rsock
57
-
56
+ self.monitor_rsock
58
57
  end
59
58
 
60
59
  #
@@ -122,26 +121,37 @@ module StreamAbstraction
122
121
  protected
123
122
 
124
123
  def monitor_rsock
125
- self.monitor_thread = ::Thread.new {
124
+ self.monitor_thread = Rex::ThreadFactory.spawn("StreamMonitorRemote", false) {
126
125
  loop do
127
126
  closed = false
128
127
  buf = nil
129
128
 
129
+ if not self.rsock
130
+ wlog("monitor_rsock: the remote socket is nil, exiting loop")
131
+ break
132
+ end
133
+
130
134
  begin
131
135
  s = Rex::ThreadSafe.select( [ self.rsock ], nil, nil, 0.2 )
132
136
  if( s == nil || s[0] == nil )
133
137
  next
134
138
  end
135
139
  rescue Exception => e
140
+ wlog("monitor_rsock: exception during select: #{e.class} #{e}")
136
141
  closed = true
137
142
  end
138
143
 
139
144
  if( closed == false )
140
145
  begin
141
146
  buf = self.rsock.sysread( 32768 )
142
- closed = true if( buf == nil )
143
- rescue
147
+ if buf == nil
148
+ closed = true
149
+ wlog("monitor_rsock: closed remote socket due to nil read")
150
+ end
151
+
152
+ rescue ::Exception
144
153
  closed = true
154
+ wlog("monitor_rsock: exception during read: #{e.class} #{e}")
145
155
  end
146
156
  end
147
157
 
@@ -162,14 +172,15 @@ protected
162
172
  end
163
173
  rescue ::IOError => e
164
174
  closed = true
175
+ wlog("monitor_rsock: exception during write: #{e.class} #{e}")
165
176
  break
166
177
  end
167
178
  end
168
179
  end
169
180
 
170
181
  if( closed )
171
- self.close_write
172
- ::Thread.exit
182
+ self.close_write if self.respond_to?('close_write')
183
+ break
173
184
  end
174
185
  end
175
186
  }
@@ -62,10 +62,10 @@ module StreamServer
62
62
  def start
63
63
  self.clients = []
64
64
 
65
- self.listener_thread = Thread.new {
65
+ self.listener_thread = Rex::ThreadFactory.spawn("StreamServerListener", false) {
66
66
  monitor_listener
67
67
  }
68
- self.clients_thread = Thread.new {
68
+ self.clients_thread = Rex::ThreadFactory.spawn("StreamServerClientMonitor", false) {
69
69
  monitor_clients
70
70
  }
71
71
  end
@@ -28,7 +28,7 @@ class Job
28
28
  def start(async = false)
29
29
  self.start_time = Time.now
30
30
  if (async)
31
- self.job_thread = Thread.new {
31
+ self.job_thread = Rex::ThreadFactory.spawn("JobID(#{jid})-#{name}", false) {
32
32
  # Deschedule our thread momentarily
33
33
  ::IO.select(nil, nil, nil, 0.01)
34
34
 
@@ -83,16 +83,17 @@ class Message
83
83
 
84
84
  def add_part(data='', content_type='text/plain', transfer_encoding="8bit", content_disposition=nil)
85
85
  part = Rex::MIME::Part.new
86
+
87
+ if (content_disposition)
88
+ part.header.set("Content-Disposition", content_disposition)
89
+ end
90
+
86
91
  part.header.set("Content-Type", content_type)
87
92
 
88
93
  if (transfer_encoding)
89
94
  part.header.set("Content-Transfer-Encoding", transfer_encoding)
90
95
  end
91
96
 
92
- if (content_disposition)
93
- part.header.set("Content-Disposition", content_disposition)
94
- end
95
-
96
97
  part.content = data
97
98
  self.parts << part
98
99
  part
@@ -1,6 +1,6 @@
1
1
  ##
2
- # $Id: ole.rb 8457 2010-02-11 18:36:38Z jduck $
3
- # Version: $Revision: 8457 $
2
+ # $Id: ole.rb 11444 2010-12-29 17:07:46Z jduck $
3
+ # Version: $Revision: 11444 $
4
4
  ##
5
5
 
6
6
  ##
@@ -30,6 +30,7 @@
30
30
  # 8. R/W substorages (including nesting)
31
31
  # 9. full directory support (hierarchal and flattened access)
32
32
  # 10. big and little endian files (although only little endian was tested)
33
+ # 11. PropertySet streams (except .to_s)
33
34
  #
34
35
  #
35
36
  # TODO (in order of priority):
@@ -40,10 +41,9 @@
40
41
  # - may lead to allocating more fat sectors :-/
41
42
  # 4. properly support mode params for open_stream/open_storage/etc
42
43
  # 5. optimize to prevent unecessary loading/writing
43
- # 6. support for auxillary streams (DocumentSummaryInformation and SummaryInformation)
44
- # 7. support non-committal editing (open, change, close w/o save)
45
- # 8. support timestamps
46
- # 9. provide interface to change paramters (endian, etc)
44
+ # 6. support non-committal editing (open, change, close w/o save)
45
+ # 7. support timestamps
46
+ # 8. provide interface to change paramters (endian, etc)
47
47
  #
48
48
  #
49
49
  # TO INVESTIGATE:
@@ -124,5 +124,82 @@ require 'rex/ole/substorage'
124
124
  require 'rex/ole/stream'
125
125
 
126
126
 
127
+ # constants for property sets
128
+ # PropertyIds
129
+ PID_DICTIONARY = 0x00000000
130
+ PID_CODEPAGE = 0x00000001
131
+ PID_LOCALE = 0x80000000
132
+ PID_BEHAVIOR = 0x80000003
133
+ # Well-known PropertyIds
134
+ PIDSI_TITLE = 0x02
135
+ PIDSI_SUBJECT = 0x03
136
+ PIDSI_AUTHOR = 0x04
137
+ PIDSI_KEYWORDS = 0x05
138
+ PIDSI_COMMENTS = 0x06
139
+ PIDSI_TEMPLATE = 0x07
140
+ PIDSI_LASTAUTHOR = 0x08
141
+ PIDSI_REVNUMBER = 0x09
142
+ PIDSI_EDITTIME = 0x0a
143
+ PIDSI_LASTPRINTED = 0x0b
144
+ PIDSI_CREATE_DTM = 0x0c
145
+ PIDSI_LASTSAVE_DTM = 0x0d
146
+ PIDSI_PAGECOUNT = 0x0e
147
+ PIDSI_WORDCOUNT = 0x0f
148
+ PIDSI_CHARCOUNT = 0x10
149
+ PIDSI_THUMBNAIL = 0x11
150
+ PIDSI_APPNAME = 0x12
151
+ PIDSI_DOC_SECURITY = 0x13
152
+ # PropertyTypes
153
+ VT_EMPTY = 0x00
154
+ VT_NULL = 0x01
155
+ VT_I2 = 0x02
156
+ VT_I4 = 0x03
157
+ VT_R4 = 0x04
158
+ VT_R8 = 0x05
159
+ VT_CY = 0x06
160
+ VT_DATE = 0x07
161
+ VT_BSTR = 0x08
162
+ VT_ERROR = 0x0a
163
+ VT_BOOL = 0x0b
164
+ VT_VARIANT = 0x0c # used with VT_VECTOR
165
+ # 0xd
166
+ VT_DECIMAL = 0x0e
167
+ # 0xf
168
+ VT_I1 = 0x10
169
+ VT_UI1 = 0x11
170
+ VT_UI2 = 0x12
171
+ VT_UI4 = 0x13
172
+ VT_I8 = 0x14
173
+ VT_UI8 = 0x15
174
+ VT_INT = 0x16
175
+ VT_UINT = 0x17
176
+ VT_LPSTR = 0x1e
177
+ VT_LPWSTR = 0x1f
178
+ # 0x20-0x3f
179
+ VT_FILETIME = 0x40
180
+ VT_BLOB = 0x41
181
+ VT_STREAM = 0x42
182
+ VT_STORAGE = 0x43
183
+ VT_STREAMED_OBJ = 0x44
184
+ VT_STORED_OBJ = 0x45
185
+ VT_BLOB_OBJ = 0x46
186
+ VT_CF = 0x47 # Clipboard Format
187
+ VT_CLSID = 0x48
188
+ VT_VERSIONED_STREAM = 0x49
189
+ # Flags
190
+ VT_VECTOR = 0x1000
191
+ VT_ARRAY = 0x2000 # Requires OLE version >= 1
192
+ # Format IDs
193
+ FMTID_SummaryInformation = "\xe0\x85\x9f\xf2\xf9\x4f\x68\x10\xab\x91\x08\x00\x2b\x27\xb3\xd9"
194
+ FMTID_DocSummaryInformation = "\x02\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
195
+ FMTID_UserDefinedProperties = "\x05\xd5\xcd\xd5\x9c\x2e\x1b\x10\x93\x97\x08\x00\x2b\x2c\xf9\xae"
196
+ FMTID_GlobalInfo = "\x00\x6f\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
197
+ FMTID_ImageContents = "\x00\x64\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
198
+ FMTID_ImageInfo = "\x00\x65\x61\x56\x54\xc1\xce\x11\x85\x53\x00\xaa\x00\xa1\xf9\x5b"
199
+ FMTID_PropertyBag = "\x01\x18\x00\x20\xe6\x5d\xd1\x11\x8e\x38\x00\xc0\x4f\xb9\x38\x6d"
200
+ # defines PropertySet class
201
+ require 'rex/ole/propset'
202
+
203
+
127
204
  end
128
205
  end