rex-socket 0.1.0

data/lib/rex/socket/comm.rb

@@ -0,0 +1,120 @@
+# -*- coding: binary -*-
+require 'rex/socket'
+
+module Rex
+module Socket
+
+###
+#
+# This mixin provides the basic interface that a derived class must implement
+# in order to be a compatible comm class.  The base comm class also supports
+# registering event handlers that can be notified when sockets are being
+# created and have been created.  This allows code to extend sockets on
+# creation from the single point that they are created.
+#
+###
+module Comm
+
+  ###
+  #
+  # This mixin provides stubs for event notification handlers that can be
+  # registered with a Comm factory to be called when various events occur,
+  # such as socket instantiation.
+  #
+  ###
+  module Events
+
+    #
+    # This callback is notified when a socket is being created and is passed
+    # the parameters that will be used to create it.
+    #
+    def on_before_socket_create(comm, param)
+    end
+
+    #
+    # This callback is notified when a new socket is created and the
+    # parameters that were used to create it.  This provides the callback
+    # with a chance to extend or otherwise modify the socket before it's
+    # passed on to the actual requestor.
+    #
+    def on_socket_created(comm, sock, param)
+    end
+
+  end
+
+  #
+  # Creates a compatible socket based on the supplied uniform parameters.
+  #
+  def self.create(param)
+    raise NotImplementedError
+  end
+
+  #
+  # Indicates whether or not this comm can be chained with other chainable
+  # comms.  This is particularly important for things like Proxy Comms that
+  # can be proxied through one another.  The semantics of this are currently
+  # undefined and will probably need some more thought.
+  #
+  def chainable?
+    false
+  end
+
+  #
+  # Registers an event handler that implements the Rex::Socket::Comm::Event
+  # interface in at least some fashion.  Event handlers are notified when
+  # sockets are created through the Comm instance that they register against.
+  #
+  def register_event_handler(handler)
+    if (handlers == nil)
+      self.handlers        = []
+    end
+
+    self.handlers << handler
+  end
+
+  #
+  # Deregisters a previously registered event handler.
+  #
+  def deregister_event_handler(handler)
+    if (handlers)
+      handlers.delete(handler)
+    end
+  end
+
+  #
+  # Enumerates each registered event handler so that they can be notified of
+  # an event.
+  #
+  def each_event_handler(&block)
+    if (handlers)
+      handlers.each(&block)
+    end
+  end
+
+  #
+  # Notifies handlers of the before socket create event.
+  #
+  def notify_before_socket_create(comm, param)
+    each_event_handler() { |handler|
+      handler.on_before_socket_create(comm, param)
+    }
+  end
+
+  #
+  # Notifies handlers of the socket created event.
+  #
+  def notify_socket_created(comm, sock, param)
+    each_event_handler() { |handler|
+      handler.on_socket_created(comm, sock, param)
+    }
+  end
+
+protected
+
+  attr_accessor :handlers # :nodoc:
+  attr_accessor :handlers_rwlock # :nodoc:
+
+end
+
+end
+end

data/lib/rex/socket/comm/local.rb

@@ -0,0 +1,529 @@
+# -*- coding: binary -*-
+require 'singleton'
+require 'rex/socket'
+require 'rex/socket/tcp'
+require 'rex/socket/ssl_tcp'
+require 'rex/socket/ssl_tcp_server'
+require 'rex/socket/udp'
+require 'rex/socket/ip'
+require 'timeout'
+
+###
+#
+# Local communication class factory.
+#
+###
+class Rex::Socket::Comm::Local
+
+  include Singleton
+  include Rex::Socket::Comm
+
+  #
+  # Creates an instance of a socket using the supplied parameters.
+  #
+  def self.create(param)
+
+    # Work around jRuby socket implementation issues
+    if(RUBY_PLATFORM == 'java')
+      return self.create_jruby(param)
+    end
+
+    case param.proto
+      when 'tcp'
+        return create_by_type(param, ::Socket::SOCK_STREAM, ::Socket::IPPROTO_TCP)
+      when 'udp'
+        return create_by_type(param, ::Socket::SOCK_DGRAM, ::Socket::IPPROTO_UDP)
+      when 'ip'
+        return create_ip(param)
+      else
+        raise Rex::UnsupportedProtocol.new(param.proto), caller
+    end
+  end
+
+  #
+  # Creates an instance of a socket using the supplied parameters.
+  # Use various hacks to make this work with jRuby
+  #
+  def self.create_jruby(param)
+    sock = nil
+
+    # Notify handlers of the before socket create event.
+    self.instance.notify_before_socket_create(self, param)
+
+    case param.proto
+      when 'tcp'
+        if (param.server?)
+          sock  = TCPServer.new(param.localport, param.localhost)
+          klass = Rex::Socket::TcpServer
+          if (param.ssl)
+            klass = Rex::Socket::SslTcpServer
+          end
+          sock.extend(klass)
+
+        else
+          sock = TCPSocket.new(param.peerhost, param.peerport)
+          klass = Rex::Socket::Tcp
+          if (param.ssl)
+            klass = Rex::Socket::SslTcp
+          end
+          sock.extend(klass)
+        end
+      when 'udp'
+        if (param.server?)
+          sock = UDPServer.new(param.localport, param.localhost)
+          klass = Rex::Socket::UdpServer
+          sock.extend(klass)
+        else
+          sock = UDPSocket.new(param.peerhost, param.peerport)
+          klass = Rex::Socket::Udp
+          sock.extend(klass)
+        end
+      else
+        raise Rex::UnsupportedProtocol.new(param.proto), caller
+    end
+
+    sock.initsock(param)
+    self.instance.notify_socket_created(self, sock, param)
+    return sock
+  end
+
+
+  #
+  # Creates a raw IP socket using the supplied Parameter instance.
+  # Special-cased because of how different it is from UDP/TCP
+  #
+  def self.create_ip(param)
+    self.instance.notify_before_socket_create(self, param)
+
+    sock = ::Socket.open(::Socket::PF_INET, ::Socket::SOCK_RAW, ::Socket::IPPROTO_RAW)
+    sock.setsockopt(::Socket::IPPROTO_IP, ::Socket::IP_HDRINCL, 1)
+
+    # Configure broadcast support
+    sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_BROADCAST, true)
+
+    if (param.bare? == false)
+      sock.extend(::Rex::Socket::Ip)
+      sock.initsock(param)
+    end
+
+    self.instance.notify_socket_created(self, sock, param)
+
+    sock
+  end
+
+
+  #
+  # Creates a socket using the supplied Parameter instance.
+  #
+  def self.create_by_type(param, type, proto = 0)
+
+    # Whether to use IPv6 addressing
+    usev6 = false
+
+    # Detect IPv6 addresses and enable IPv6 accordingly
+    if ( Rex::Socket.support_ipv6?())
+
+      # Allow the caller to force IPv6
+      if (param.v6)
+        usev6 = true
+      end
+
+      # Force IPv6 mode for non-connected UDP sockets
+      if (type == ::Socket::SOCK_DGRAM and not param.peerhost)
+        # FreeBSD allows IPv6 socket creation, but throws an error on sendto()
+        # Windows 7 SP1 and newer also fail to sendto with IPv6 udp sockets
+        unless Rex::Compat.is_freebsd or Rex::Compat.is_windows
+          usev6 = true
+        end
+      end
+
+      local = Rex::Socket.resolv_nbo(param.localhost) if param.localhost
+      peer  = Rex::Socket.resolv_nbo(param.peerhost) if param.peerhost
+
+      if (local and local.length == 16)
+        usev6 = true
+      end
+
+      if (peer and peer.length == 16)
+        usev6 = true
+      end
+
+      if (usev6)
+        if (local and local.length == 4)
+          if (local == "\x00\x00\x00\x00")
+            param.localhost = '::'
+          elsif (local == "\x7f\x00\x00\x01")
+            param.localhost = '::1'
+          else
+            param.localhost = '::ffff:' + Rex::Socket.getaddress(param.localhost, true)
+          end
+        end
+
+        if (peer and peer.length == 4)
+          if (peer == "\x00\x00\x00\x00")
+            param.peerhost = '::'
+          elsif (peer == "\x7f\x00\x00\x01")
+            param.peerhost = '::1'
+          else
+            param.peerhost = '::ffff:' + Rex::Socket.getaddress(param.peerhost, true)
+          end
+        end
+
+        param.v6 = true
+      end
+    else
+      # No IPv6 support
+      param.v6 = false
+    end
+
+    # Notify handlers of the before socket create event.
+    self.instance.notify_before_socket_create(self, param)
+
+    # Create the socket
+    sock = nil
+    if (param.v6)
+      sock = ::Socket.new(::Socket::AF_INET6, type, proto)
+    else
+      sock = ::Socket.new(::Socket::AF_INET, type, proto)
+    end
+
+    # Bind to a given local address and/or port if they are supplied
+    if param.localport or param.localhost
+      begin
+        sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_REUSEADDR, true)
+        sock.bind(Rex::Socket.to_sockaddr(param.localhost, param.localport))
+
+      rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
+        sock.close
+        raise Rex::BindFailed.new(param.localhost, param.localport), caller
+      end
+    end
+
+    # Configure broadcast support for all datagram sockets
+    if (type == ::Socket::SOCK_DGRAM)
+      sock.setsockopt(::Socket::SOL_SOCKET, ::Socket::SO_BROADCAST, true)
+    end
+
+    # If a server TCP instance is being created...
+    if (param.server?)
+      sock.listen(256)
+
+      if (param.bare? == false)
+        klass = Rex::Socket::TcpServer
+        if (param.ssl)
+          klass = Rex::Socket::SslTcpServer
+        end
+        sock.extend(klass)
+
+        sock.initsock(param)
+      end
+    # Otherwise, if we're creating a client...
+    else
+      chain = []
+
+      # If we were supplied with host information
+      if (param.peerhost)
+
+        # A flag that indicates whether we need to try multiple scopes
+        retry_scopes = false
+
+        # Always retry with link-local IPv6 addresses
+        if Rex::Socket.is_ipv6?( param.peerhost ) and param.peerhost =~ /^fe80::/
+          retry_scopes = true
+        end
+
+        # Prepare a list of scope IDs to try when connecting to
+        # link-level addresses. Read from /proc if it is available,
+        # otherwise increment through the first 255 IDs.
+        @@ip6_lla_scopes ||= []
+
+        if @@ip6_lla_scopes.length == 0 and retry_scopes
+
+          # Linux specific interface lookup code
+          if ::File.exist?( "/proc/self/net/igmp6" )
+            ::File.open("/proc/self/net/igmp6") do |fd|
+              fd.each_line do |line|
+                line = line.strip
+                tscope, tint, junk = line.split(/\s+/, 3)
+                next if not tint
+
+                # Specifying lo in any connect call results in the socket
+                # being unusable, even if the correct interface is set.
+                next if tint == "lo"
+
+                @@ip6_lla_scopes << tscope
+              end
+            end
+          else
+          # Other Unix-like platforms should support a raw scope ID
+            [*(1 .. 255)].map{ |x| @@ip6_lla_scopes << x.to_s }
+          end
+        end
+
+        ip6_scope_idx = 0
+        ip   = param.peerhost
+        port = param.peerport
+
+        if param.proxies
+          chain = param.proxies.dup
+          chain.push(['host',param.peerhost,param.peerport])
+          ip = chain[0][1]
+          port = chain[0][2].to_i
+        end
+
+        begin
+
+          begin
+            Timeout.timeout(param.timeout) do
+              sock.connect(Rex::Socket.to_sockaddr(ip, port))
+            end
+          rescue ::Timeout::Error
+            raise ::Errno::ETIMEDOUT
+          end
+
+        rescue ::Errno::EHOSTUNREACH,::Errno::ENETDOWN,::Errno::ENETUNREACH,::Errno::ENETRESET,::Errno::EHOSTDOWN,::Errno::EACCES,::Errno::EINVAL,::Errno::ENOPROTOOPT
+
+          # Rescue errors caused by a bad Scope ID for a link-local address
+          if retry_scopes and @@ip6_lla_scopes[ ip6_scope_idx ]
+            ip = param.peerhost + "%" + @@ip6_lla_scopes[ ip6_scope_idx ]
+            ip6_scope_idx += 1
+            retry
+          end
+
+          sock.close
+          raise Rex::HostUnreachable.new(ip, port), caller
+
+        rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
+          sock.close
+          raise Rex::InvalidDestination.new(ip, port), caller
+
+        rescue Errno::ETIMEDOUT
+          sock.close
+          raise Rex::ConnectionTimeout.new(ip, port), caller
+
+        rescue ::Errno::ECONNRESET,::Errno::ECONNREFUSED,::Errno::ENOTCONN,::Errno::ECONNABORTED
+          sock.close
+          # Report the actual thing we were trying to connect to here, not
+          # param.peerhost, since that's the eventual target at the end of the
+          # proxy chain
+          raise Rex::ConnectionRefused.new(ip, port.to_i), caller
+        end
+      end
+
+      if (param.bare? == false)
+        case param.proto
+          when 'tcp'
+            klass = Rex::Socket::Tcp
+            sock.extend(klass)
+            sock.initsock(param)
+          when 'udp'
+            sock.extend(Rex::Socket::Udp)
+            sock.initsock(param)
+        end
+      end
+
+      if chain.size > 1
+        chain.each_with_index {
+          |proxy, i|
+          next_hop = chain[i + 1]
+          if next_hop
+            proxy(sock, proxy[0], next_hop[1], next_hop[2])
+          end
+        }
+      end
+
+      # Now extend the socket with SSL and perform the handshake
+      if(param.bare? == false and param.ssl)
+        klass = Rex::Socket::SslTcp
+        sock.extend(klass)
+        sock.initsock(param)
+      end
+
+
+    end
+
+    # Notify handlers that a socket has been created.
+    self.instance.notify_socket_created(self, sock, param)
+
+    sock
+  end
+
+  def self.proxy(sock, type, host, port)
+    case type.downcase
+    when 'sapni'
+      packet_type = 'NI_ROUTE'
+      route_info_version = 2
+      ni_version = 39
+      num_of_entries = 2
+      talk_mode = 1 # ref: http://help.sap.com/saphelp_dimp50/helpdata/En/f8/bb960899d743378ccb8372215bb767/content.htm
+      num_rest_nodes = 1
+
+      _af, shost, sport = sock.getpeername_as_array
+      first_route_item = [shost, 0, sport, 0, 0].pack("A*CA*cc")
+      route_data = [first_route_item.length, first_route_item].pack("NA*")
+      route_data << [host, 0, port.to_s, 0, 0].pack("A*CA*cc")
+
+      ni_packet = [
+        packet_type,
+        0,
+        route_info_version,
+        ni_version,
+        num_of_entries,
+        talk_mode,
+        0,
+        0,
+        num_rest_nodes
+      ].pack("A8c8")
+      # Add the data block, according to sap documentation:
+      # A 4-byte header precedes each data block. These 4 bytes give the
+      # length of the data block (length without leading 4 bytes)
+      # The data block (the route data)
+      ni_packet << [route_data.length - 4].pack('N') + route_data
+      # Now that we've built the whole packet, prepend its length before writing it to the wire
+      ni_packet = [ni_packet.length].pack('N') + ni_packet
+
+      size = sock.put(ni_packet)
+
+      if size != ni_packet.length
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+      end
+
+      begin
+        ret_len = sock.get_once(4, 30).unpack('N')[0]
+        if ret_len and ret_len != 0
+          ret = sock.get_once(ret_len, 30)
+        end
+      rescue IOError
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+      end
+
+      if ret and ret.length < 4
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
+      end
+
+      if ret =~ /NI_RTERR/
+        case ret
+        when /timed out/
+          raise Rex::ConnectionProxyError.new(host, port, type, "Connection to remote host #{host} timed out")
+        when /refused/
+          raise Rex::ConnectionProxyError.new(host, port, type, "Connection to remote port #{port} closed")
+        when /denied/
+          raise Rex::ConnectionProxyError.new(host, port, type, "Connection to #{host}:#{port} blocked by ACL")
+        else
+          raise Rex::ConnectionProxyError.new(host, port, type, "Connection to #{host}:#{port} failed (Unknown fail)")
+        end
+      elsif ret =~ /NI_PONG/
+        # success case
+        # would like to print this "[*] remote native connection to #{host}:#{port} established\n"
+      else
+        raise Rex::ConnectionProxyError.new(host, port, type, "Connection to #{host}:#{port} failed (Unknown fail)")
+      end
+
+    when 'http'
+      setup = "CONNECT #{host}:#{port} HTTP/1.0\r\n\r\n"
+      size = sock.put(setup)
+      if (size != setup.length)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+      end
+
+      begin
+        ret = sock.get_once(39,30)
+      rescue IOError
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+      end
+
+      if ret.nil?
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+      end
+
+      resp = Rex::Proto::Http::Response.new
+      resp.update_cmd_parts(ret.split(/\r?\n/)[0])
+
+      if resp.code != 200
+        raise Rex::ConnectionProxyError.new(host, port, type, "The proxy returned a non-OK response"), caller
+      end
+    when 'socks4'
+      setup = [4,1,port.to_i].pack('CCn') + Socket.gethostbyname(host)[3] + Rex::Text.rand_text_alpha(rand(8)+1) + "\x00"
+      size = sock.put(setup)
+      if (size != setup.length)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+      end
+
+      begin
+        ret = sock.get_once(8, 30)
+      rescue IOError
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+      end
+
+      if (ret.nil? or ret.length < 8)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
+      end
+      if ret[1,1] != "\x5a"
+        raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{ret[0,1].unpack("C")[0]}"), caller
+      end
+    when 'socks5'
+      auth_methods = [5,1,0].pack('CCC')
+      size = sock.put(auth_methods)
+      if (size != auth_methods.length)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+      end
+      ret = sock.get_once(2,30)
+      if (ret[1,1] == "\xff")
+        raise Rex::ConnectionProxyError.new(host, port, type, "The proxy requires authentication"), caller
+      end
+
+      if (Rex::Socket.is_ipv4?(host))
+        addr = Rex::Socket.gethostbyname(host)[3]
+        setup = [5,1,0,1].pack('C4') + addr + [port.to_i].pack('n')
+      elsif (Rex::Socket.support_ipv6? and Rex::Socket.is_ipv6?(host))
+        # IPv6 stuff all untested
+        addr = Rex::Socket.gethostbyname(host)[3]
+        setup = [5,1,0,4].pack('C4') + addr + [port.to_i].pack('n')
+      else
+        # Then it must be a domain name.
+        # Unfortunately, it looks like the host has always been
+        # resolved by the time it gets here, so this code never runs.
+        setup = [5,1,0,3].pack('C4') + [host.length].pack('C') + host + [port.to_i].pack('n')
+      end
+
+      size = sock.put(setup)
+      if (size != setup.length)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
+      end
+
+      begin
+        response = sock.get_once(10, 30)
+      rescue IOError
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a response from the proxy"), caller
+      end
+
+      if (response.nil? or response.length < 10)
+        raise Rex::ConnectionProxyError.new(host, port, type, "Failed to receive a complete response from the proxy"), caller
+      end
+      if response[1,1] != "\x00"
+        raise Rex::ConnectionProxyError.new(host, port, type, "Proxy responded with error code #{response[1,1].unpack("C")[0]}"), caller
+      end
+    else
+      raise RuntimeError, "The proxy type specified is not valid", caller
+    end
+  end
+
+  ##
+  #
+  # Registration
+  #
+  ##
+
+  def self.register_event_handler(handler) # :nodoc:
+    self.instance.register_event_handler(handler)
+  end
+
+  def self.deregister_event_handler(handler) # :nodoc:
+    self.instance.deregister_event_handler(handler)
+  end
+
+  def self.each_event_handler(handler) # :nodoc:
+    self.instance.each_event_handler(handler)
+  end
+
+end