RubyGems - rex - Versions diffs - 1.0.2 → 2.0.2 - Mend

rex 1.0.2 → 2.0.2

Files changed (528) hide show

checksums.yaml +15 -0
data/README.markdown +22 -0
data/examples/smb_example.rb +35 -0
data/lib/rex.rb +108 -3
data/lib/rex/LICENSE +29 -0
data/lib/rex/arch.rb +104 -0
data/lib/rex/arch/sparc.rb +75 -0
data/lib/rex/arch/x86.rb +524 -0
data/lib/rex/assembly/nasm.rb +104 -0
data/lib/rex/codepage.map +104 -0
data/lib/rex/compat.rb +389 -0
data/lib/rex/constants.rb +124 -0
data/lib/rex/elfparsey.rb +9 -0
data/lib/rex/elfparsey/elf.rb +121 -0
data/lib/rex/elfparsey/elfbase.rb +256 -0
data/lib/rex/elfparsey/exceptions.rb +25 -0
data/lib/rex/elfscan.rb +10 -0
data/lib/rex/elfscan/scanner.rb +226 -0
data/lib/rex/elfscan/search.rb +44 -0
data/lib/rex/encoder/alpha2.rb +31 -0
data/lib/rex/encoder/alpha2/alpha_mixed.rb +68 -0
data/lib/rex/encoder/alpha2/alpha_upper.rb +79 -0
data/lib/rex/encoder/alpha2/generic.rb +90 -0
data/lib/rex/encoder/alpha2/unicode_mixed.rb +116 -0
data/lib/rex/encoder/alpha2/unicode_upper.rb +123 -0
data/lib/rex/encoder/bloxor/bloxor.rb +327 -0
data/lib/rex/encoder/ndr.rb +90 -0
data/lib/rex/encoder/nonalpha.rb +61 -0
data/lib/rex/encoder/nonupper.rb +64 -0
data/lib/rex/encoder/xdr.rb +107 -0
data/lib/rex/encoder/xor.rb +69 -0
data/lib/rex/encoder/xor/dword.rb +13 -0
data/lib/rex/encoder/xor/dword_additive.rb +13 -0
data/lib/rex/encoders/xor_dword.rb +35 -0
data/lib/rex/encoders/xor_dword_additive.rb +53 -0
data/lib/rex/encoding/xor.rb +20 -0
data/lib/rex/encoding/xor/byte.rb +15 -0
data/lib/rex/encoding/xor/dword.rb +21 -0
data/lib/rex/encoding/xor/dword_additive.rb +92 -0
data/lib/rex/encoding/xor/exceptions.rb +17 -0
data/lib/rex/encoding/xor/generic.rb +146 -0
data/lib/rex/encoding/xor/qword.rb +15 -0
data/lib/rex/encoding/xor/word.rb +21 -0
data/lib/rex/exceptions.rb +275 -0
data/lib/rex/exploitation/cmdstager.rb +10 -0
data/lib/rex/exploitation/cmdstager/base.rb +190 -0
data/lib/rex/exploitation/cmdstager/bourne.rb +105 -0
data/lib/rex/exploitation/cmdstager/debug_asm.rb +140 -0
data/lib/rex/exploitation/cmdstager/debug_write.rb +134 -0
data/lib/rex/exploitation/cmdstager/echo.rb +164 -0
data/lib/rex/exploitation/cmdstager/printf.rb +122 -0
data/lib/rex/exploitation/cmdstager/tftp.rb +71 -0
data/lib/rex/exploitation/cmdstager/vbs.rb +126 -0
data/lib/rex/exploitation/egghunter.rb +425 -0
data/lib/rex/exploitation/encryptjs.rb +78 -0
data/lib/rex/exploitation/heaplib.js.b64 +331 -0
data/lib/rex/exploitation/heaplib.rb +107 -0
data/lib/rex/exploitation/js.rb +6 -0
data/lib/rex/exploitation/js/detect.rb +69 -0
data/lib/rex/exploitation/js/memory.rb +81 -0
data/lib/rex/exploitation/js/network.rb +84 -0
data/lib/rex/exploitation/js/utils.rb +33 -0
data/lib/rex/exploitation/jsobfu.rb +513 -0
data/lib/rex/exploitation/obfuscatejs.rb +336 -0
data/lib/rex/exploitation/omelet.rb +321 -0
data/lib/rex/exploitation/opcodedb.rb +819 -0
data/lib/rex/exploitation/powershell.rb +62 -0
data/lib/rex/exploitation/powershell/function.rb +63 -0
data/lib/rex/exploitation/powershell/obfu.rb +98 -0
data/lib/rex/exploitation/powershell/output.rb +151 -0
data/lib/rex/exploitation/powershell/param.rb +23 -0
data/lib/rex/exploitation/powershell/parser.rb +183 -0
data/lib/rex/exploitation/powershell/psh_methods.rb +70 -0
data/lib/rex/exploitation/powershell/script.rb +99 -0
data/lib/rex/exploitation/ropdb.rb +190 -0
data/lib/rex/exploitation/seh.rb +93 -0
data/lib/rex/file.rb +160 -0
data/lib/rex/image_source.rb +10 -0
data/lib/rex/image_source/disk.rb +58 -0
data/lib/rex/image_source/image_source.rb +44 -0
data/lib/rex/image_source/memory.rb +35 -0
data/lib/rex/io/bidirectional_pipe.rb +161 -0
data/lib/rex/io/datagram_abstraction.rb +35 -0
data/lib/rex/io/ring_buffer.rb +369 -0
data/lib/rex/io/stream.rb +312 -0
data/lib/rex/io/stream_abstraction.rb +209 -0
data/lib/rex/io/stream_server.rb +221 -0
data/lib/rex/job_container.rb +200 -0
data/lib/rex/logging.rb +4 -0
data/lib/rex/logging/log_dispatcher.rb +180 -0
data/lib/rex/logging/log_sink.rb +43 -0
data/lib/rex/logging/sinks/flatfile.rb +56 -0
data/lib/rex/logging/sinks/stderr.rb +44 -0
data/lib/rex/mac_oui.rb +16581 -0
data/lib/rex/machparsey.rb +9 -0
data/lib/rex/machparsey/exceptions.rb +34 -0
data/lib/rex/machparsey/mach.rb +209 -0
data/lib/rex/machparsey/machbase.rb +408 -0
data/lib/rex/machscan.rb +9 -0
data/lib/rex/machscan/scanner.rb +217 -0
data/lib/rex/mime.rb +10 -0
data/lib/rex/mime/encoding.rb +17 -0
data/lib/rex/mime/header.rb +78 -0
data/lib/rex/mime/message.rb +150 -0
data/lib/rex/mime/part.rb +50 -0
data/lib/rex/nop/opty2.rb +109 -0
data/lib/rex/nop/opty2_tables.rb +301 -0
data/lib/rex/ole.rb +202 -0
data/lib/rex/ole/clsid.rb +44 -0
data/lib/rex/ole/difat.rb +138 -0
data/lib/rex/ole/directory.rb +228 -0
data/lib/rex/ole/direntry.rb +237 -0
data/lib/rex/ole/docs/dependencies.txt +8 -0
data/lib/rex/ole/docs/references.txt +1 -0
data/lib/rex/ole/fat.rb +96 -0
data/lib/rex/ole/header.rb +201 -0
data/lib/rex/ole/minifat.rb +74 -0
data/lib/rex/ole/propset.rb +141 -0
data/lib/rex/ole/samples/create_ole.rb +27 -0
data/lib/rex/ole/samples/dir.rb +35 -0
data/lib/rex/ole/samples/dump_stream.rb +34 -0
data/lib/rex/ole/samples/ole_info.rb +23 -0
data/lib/rex/ole/storage.rb +392 -0
data/lib/rex/ole/stream.rb +50 -0
data/lib/rex/ole/substorage.rb +46 -0
data/lib/rex/ole/util.rb +154 -0
data/lib/rex/parser/acunetix_nokogiri.rb +406 -0
data/lib/rex/parser/apple_backup_manifestdb.rb +132 -0
data/lib/rex/parser/appscan_nokogiri.rb +367 -0
data/lib/rex/parser/arguments.rb +108 -0
data/lib/rex/parser/burp_session_nokogiri.rb +291 -0
data/lib/rex/parser/ci_nokogiri.rb +193 -0
data/lib/rex/parser/foundstone_nokogiri.rb +342 -0
data/lib/rex/parser/fusionvm_nokogiri.rb +109 -0
data/lib/rex/parser/group_policy_preferences.rb +185 -0
data/lib/rex/parser/ini.rb +186 -0
data/lib/rex/parser/ip360_aspl_xml.rb +103 -0
data/lib/rex/parser/ip360_xml.rb +98 -0
data/lib/rex/parser/mbsa_nokogiri.rb +256 -0
data/lib/rex/parser/nessus_xml.rb +121 -0
data/lib/rex/parser/netsparker_xml.rb +109 -0
data/lib/rex/parser/nexpose_raw_nokogiri.rb +686 -0
data/lib/rex/parser/nexpose_simple_nokogiri.rb +330 -0
data/lib/rex/parser/nexpose_xml.rb +172 -0
data/lib/rex/parser/nmap_nokogiri.rb +394 -0
data/lib/rex/parser/nmap_xml.rb +166 -0
data/lib/rex/parser/nokogiri_doc_mixin.rb +233 -0
data/lib/rex/parser/openvas_nokogiri.rb +172 -0
data/lib/rex/parser/outpost24_nokogiri.rb +240 -0
data/lib/rex/parser/retina_xml.rb +110 -0
data/lib/rex/parser/unattend.rb +171 -0
data/lib/rex/parser/wapiti_nokogiri.rb +105 -0
data/lib/rex/payloads.rb +2 -0
data/lib/rex/payloads/win32.rb +3 -0
data/lib/rex/payloads/win32/common.rb +27 -0
data/lib/rex/payloads/win32/kernel.rb +54 -0
data/lib/rex/payloads/win32/kernel/common.rb +55 -0
data/lib/rex/payloads/win32/kernel/migration.rb +13 -0
data/lib/rex/payloads/win32/kernel/recovery.rb +51 -0
data/lib/rex/payloads/win32/kernel/stager.rb +195 -0
data/lib/rex/peparsey.rb +10 -0
data/lib/rex/peparsey/exceptions.rb +30 -0
data/lib/rex/peparsey/pe.rb +210 -0
data/lib/rex/peparsey/pe_memdump.rb +61 -0
data/lib/rex/peparsey/pebase.rb +1662 -0
data/lib/rex/peparsey/section.rb +128 -0
data/lib/rex/pescan.rb +11 -0
data/lib/rex/pescan/analyze.rb +366 -0
data/lib/rex/pescan/scanner.rb +230 -0
data/lib/rex/pescan/search.rb +68 -0
data/lib/rex/platforms.rb +2 -0
data/lib/rex/platforms/windows.rb +52 -0
data/lib/rex/poly.rb +134 -0
data/lib/rex/poly/block.rb +480 -0
data/lib/rex/poly/machine.rb +13 -0
data/lib/rex/poly/machine/machine.rb +830 -0
data/lib/rex/poly/machine/x86.rb +509 -0
data/lib/rex/poly/register.rb +101 -0
data/lib/rex/poly/register/x86.rb +41 -0
data/lib/rex/post.rb +7 -0
data/lib/rex/post/dir.rb +51 -0
data/lib/rex/post/file.rb +172 -0
data/lib/rex/post/file_stat.rb +220 -0
data/lib/rex/post/gen.pl +13 -0
data/lib/rex/post/io.rb +182 -0
data/lib/rex/post/meterpreter.rb +5 -0
data/lib/rex/post/meterpreter/channel.rb +446 -0
data/lib/rex/post/meterpreter/channel_container.rb +54 -0
data/lib/rex/post/meterpreter/channels/pool.rb +160 -0
data/lib/rex/post/meterpreter/channels/pools/file.rb +62 -0
data/lib/rex/post/meterpreter/channels/pools/stream_pool.rb +103 -0
data/lib/rex/post/meterpreter/channels/stream.rb +87 -0
data/lib/rex/post/meterpreter/client.rb +483 -0
data/lib/rex/post/meterpreter/client_core.rb +352 -0
data/lib/rex/post/meterpreter/dependencies.rb +3 -0
data/lib/rex/post/meterpreter/extension.rb +32 -0
data/lib/rex/post/meterpreter/extensions/android/android.rb +128 -0
data/lib/rex/post/meterpreter/extensions/android/tlv.rb +40 -0
data/lib/rex/post/meterpreter/extensions/espia/espia.rb +58 -0
data/lib/rex/post/meterpreter/extensions/espia/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb +71 -0
data/lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb +169 -0
data/lib/rex/post/meterpreter/extensions/extapi/extapi.rb +45 -0
data/lib/rex/post/meterpreter/extensions/extapi/service/service.rb +104 -0
data/lib/rex/post/meterpreter/extensions/extapi/tlv.rb +77 -0
data/lib/rex/post/meterpreter/extensions/extapi/window/window.rb +56 -0
data/lib/rex/post/meterpreter/extensions/extapi/wmi/wmi.rb +75 -0
data/lib/rex/post/meterpreter/extensions/incognito/incognito.rb +94 -0
data/lib/rex/post/meterpreter/extensions/incognito/tlv.rb +22 -0
data/lib/rex/post/meterpreter/extensions/kiwi/kiwi.rb +361 -0
data/lib/rex/post/meterpreter/extensions/kiwi/tlv.rb +76 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/dhcp/dhcp.rb +78 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/lanattacks.rb +43 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tftp/tftp.rb +49 -0
data/lib/rex/post/meterpreter/extensions/lanattacks/tlv.rb +17 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/mimikatz.rb +128 -0
data/lib/rex/post/meterpreter/extensions/mimikatz/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/networkpug/networkpug.rb +57 -0
data/lib/rex/post/meterpreter/extensions/networkpug/tlv.rb +16 -0
data/lib/rex/post/meterpreter/extensions/priv/fs.rb +118 -0
data/lib/rex/post/meterpreter/extensions/priv/passwd.rb +61 -0
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +109 -0
data/lib/rex/post/meterpreter/extensions/priv/tlv.rb +29 -0
data/lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb +117 -0
data/lib/rex/post/meterpreter/extensions/sniffer/tlv.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/constants.rb +396 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/dir.rb +284 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +399 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb +104 -0
data/lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb +59 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/config.rb +256 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/netstat.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/resolve.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/route.rb +67 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket.rb +139 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_client_channel.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/tcp_server_channel.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/net/socket_subsystem/udp_channel.rb +209 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +38146 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/buffer_item.rb +48 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_advapi32.rb +2102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_crypt32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_iphlpapi.rb +97 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_kernel32.rb +3852 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_netapi32.rb +100 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ntdll.rb +168 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_psapi.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_shell32.rb +32 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_user32.rb +3170 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_version.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wlanapi.rb +87 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_wldap32.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/def/def_ws2_32.rb +613 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +388 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_function.rb +111 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_helper.rb +149 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll_wrapper.rb +27 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/mock_magic.rb +515 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/multicall.rb +319 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/platform_util.rb +23 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/railgun.rb +301 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/tlv.rb +56 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/type/pointer_util.rb +106 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/util.rb +676 -0
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/win_const_manager.rb +96 -0
data/lib/rex/post/meterpreter/extensions/stdapi/stdapi.rb +151 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/config.rb +128 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log.rb +192 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/event_log_subsystem/event_record.rb +41 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/power.rb +60 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process.rb +408 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/image.rb +129 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/io.rb +55 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/memory.rb +336 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/process_subsystem/thread.rb +141 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry.rb +328 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_key.rb +193 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/registry_value.rb +102 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/registry_subsystem/remote_registry_key.rb +188 -0
data/lib/rex/post/meterpreter/extensions/stdapi/sys/thread.rb +180 -0
data/lib/rex/post/meterpreter/extensions/stdapi/tlv.rb +236 -0
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +259 -0
data/lib/rex/post/meterpreter/extensions/stdapi/webcam/webcam.rb +201 -0
data/lib/rex/post/meterpreter/inbound_packet_handler.rb +30 -0
data/lib/rex/post/meterpreter/object_aliases.rb +83 -0
data/lib/rex/post/meterpreter/packet.rb +709 -0
data/lib/rex/post/meterpreter/packet_dispatcher.rb +543 -0
data/lib/rex/post/meterpreter/packet_parser.rb +94 -0
data/lib/rex/post/meterpreter/packet_response_waiter.rb +83 -0
data/lib/rex/post/meterpreter/ui/console.rb +142 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher.rb +86 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/android.rb +383 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +939 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/espia.rb +109 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi.rb +65 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/adsi.rb +198 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/clipboard.rb +444 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/service.rb +199 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/window.rb +118 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/extapi/wmi.rb +108 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/incognito.rb +242 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/kiwi.rb +509 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks.rb +60 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/dhcp.rb +254 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/lanattacks/tftp.rb +159 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/mimikatz.rb +182 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/networkpug.rb +232 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv.rb +62 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb +97 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb +52 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb +133 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb +204 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb +66 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +527 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/net.rb +448 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/sys.rb +906 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +318 -0
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/webcam.rb +343 -0
data/lib/rex/post/meterpreter/ui/console/interactive_channel.rb +99 -0
data/lib/rex/post/permission.rb +26 -0
data/lib/rex/post/process.rb +57 -0
data/lib/rex/post/thread.rb +57 -0
data/lib/rex/post/ui.rb +52 -0
data/lib/rex/proto.rb +15 -0
data/lib/rex/proto/addp.rb +218 -0
data/lib/rex/proto/dcerpc.rb +7 -0
data/lib/rex/proto/dcerpc/client.rb +362 -0
data/lib/rex/proto/dcerpc/exceptions.rb +151 -0
data/lib/rex/proto/dcerpc/handle.rb +48 -0
data/lib/rex/proto/dcerpc/ndr.rb +73 -0
data/lib/rex/proto/dcerpc/packet.rb +264 -0
data/lib/rex/proto/dcerpc/response.rb +188 -0
data/lib/rex/proto/dcerpc/uuid.rb +85 -0
data/lib/rex/proto/dcerpc/wdscp.rb +3 -0
data/lib/rex/proto/dcerpc/wdscp/constants.rb +89 -0
data/lib/rex/proto/dcerpc/wdscp/packet.rb +94 -0
data/lib/rex/proto/dhcp.rb +7 -0
data/lib/rex/proto/dhcp/constants.rb +34 -0
data/lib/rex/proto/dhcp/server.rb +334 -0
data/lib/rex/proto/drda.rb +6 -0
data/lib/rex/proto/drda/constants.rb +50 -0
data/lib/rex/proto/drda/packet.rb +253 -0
data/lib/rex/proto/drda/utils.rb +124 -0
data/lib/rex/proto/http.rb +7 -0
data/lib/rex/proto/http/client.rb +722 -0
data/lib/rex/proto/http/client_request.rb +472 -0
data/lib/rex/proto/http/handler.rb +47 -0
data/lib/rex/proto/http/handler/erb.rb +129 -0
data/lib/rex/proto/http/handler/proc.rb +61 -0
data/lib/rex/proto/http/header.rb +173 -0
data/lib/rex/proto/http/packet.rb +414 -0
data/lib/rex/proto/http/request.rb +354 -0
data/lib/rex/proto/http/response.rb +151 -0
data/lib/rex/proto/http/server.rb +385 -0
data/lib/rex/proto/iax2.rb +2 -0
data/lib/rex/proto/iax2/call.rb +321 -0
data/lib/rex/proto/iax2/client.rb +218 -0
data/lib/rex/proto/iax2/codecs.rb +5 -0
data/lib/rex/proto/iax2/codecs/alaw.rb +16 -0
data/lib/rex/proto/iax2/codecs/g711.rb +2176 -0
data/lib/rex/proto/iax2/codecs/mulaw.rb +17 -0
data/lib/rex/proto/iax2/constants.rb +262 -0
data/lib/rex/proto/ipmi.rb +57 -0
data/lib/rex/proto/ipmi/channel_auth_reply.rb +89 -0
data/lib/rex/proto/ipmi/open_session_reply.rb +36 -0
data/lib/rex/proto/ipmi/rakp2.rb +36 -0
data/lib/rex/proto/ipmi/utils.rb +125 -0
data/lib/rex/proto/natpmp.rb +7 -0
data/lib/rex/proto/natpmp/constants.rb +19 -0
data/lib/rex/proto/natpmp/packet.rb +45 -0
data/lib/rex/proto/ntlm.rb +8 -0
data/lib/rex/proto/ntlm/base.rb +327 -0
data/lib/rex/proto/ntlm/constants.rb +75 -0
data/lib/rex/proto/ntlm/crypt.rb +412 -0
data/lib/rex/proto/ntlm/exceptions.rb +17 -0
data/lib/rex/proto/ntlm/message.rb +534 -0
data/lib/rex/proto/ntlm/utils.rb +765 -0
data/lib/rex/proto/ntp.rb +3 -0
data/lib/rex/proto/ntp/constants.rb +12 -0
data/lib/rex/proto/ntp/modes.rb +130 -0
data/lib/rex/proto/pjl.rb +31 -0
data/lib/rex/proto/pjl/client.rb +163 -0
data/lib/rex/proto/proxy/socks4a.rb +441 -0
data/lib/rex/proto/rfb.rb +13 -0
data/lib/rex/proto/rfb/cipher.rb +82 -0
data/lib/rex/proto/rfb/client.rb +205 -0
data/lib/rex/proto/rfb/constants.rb +50 -0
data/lib/rex/proto/sip.rb +4 -0
data/lib/rex/proto/sip/response.rb +61 -0
data/lib/rex/proto/smb.rb +8 -0
data/lib/rex/proto/smb/client.rb +2064 -0
data/lib/rex/proto/smb/constants.rb +1064 -0
data/lib/rex/proto/smb/crypt.rb +37 -0
data/lib/rex/proto/smb/evasions.rb +67 -0
data/lib/rex/proto/smb/exceptions.rb +867 -0
data/lib/rex/proto/smb/simpleclient.rb +173 -0
data/lib/rex/proto/smb/simpleclient/open_file.rb +106 -0
data/lib/rex/proto/smb/simpleclient/open_pipe.rb +57 -0
data/lib/rex/proto/smb/utils.rb +104 -0
data/lib/rex/proto/sunrpc.rb +2 -0
data/lib/rex/proto/sunrpc/client.rb +196 -0
data/lib/rex/proto/tftp.rb +13 -0
data/lib/rex/proto/tftp/client.rb +344 -0
data/lib/rex/proto/tftp/constants.rb +39 -0
data/lib/rex/proto/tftp/server.rb +497 -0
data/lib/rex/random_identifier_generator.rb +177 -0
data/lib/rex/registry.rb +14 -0
data/lib/rex/registry/hive.rb +132 -0
data/lib/rex/registry/lfkey.rb +51 -0
data/lib/rex/registry/nodekey.rb +54 -0
data/lib/rex/registry/regf.rb +25 -0
data/lib/rex/registry/valuekey.rb +67 -0
data/lib/rex/registry/valuelist.rb +29 -0
data/lib/rex/ropbuilder.rb +8 -0
data/lib/rex/ropbuilder/rop.rb +271 -0
data/lib/rex/script.rb +42 -0
data/lib/rex/script/base.rb +61 -0
data/lib/rex/script/meterpreter.rb +16 -0
data/lib/rex/script/shell.rb +10 -0
data/lib/rex/service.rb +49 -0
data/lib/rex/service_manager.rb +154 -0
data/lib/rex/services/local_relay.rb +424 -0
data/lib/rex/socket.rb +788 -0
data/lib/rex/socket/comm.rb +120 -0
data/lib/rex/socket/comm/local.rb +526 -0
data/lib/rex/socket/ip.rb +132 -0
data/lib/rex/socket/parameters.rb +363 -0
data/lib/rex/socket/range_walker.rb +470 -0
data/lib/rex/socket/ssl_tcp.rb +345 -0
data/lib/rex/socket/ssl_tcp_server.rb +188 -0
data/lib/rex/socket/subnet_walker.rb +76 -0
data/lib/rex/socket/switch_board.rb +289 -0
data/lib/rex/socket/tcp.rb +79 -0
data/lib/rex/socket/tcp_server.rb +67 -0
data/lib/rex/socket/udp.rb +165 -0
data/lib/rex/sslscan/result.rb +201 -0
data/lib/rex/sslscan/scanner.rb +206 -0
data/lib/rex/struct2.rb +5 -0
data/lib/rex/struct2/c_struct.rb +181 -0
data/lib/rex/struct2/c_struct_template.rb +39 -0
data/lib/rex/struct2/constant.rb +26 -0
data/lib/rex/struct2/element.rb +44 -0
data/lib/rex/struct2/generic.rb +73 -0
data/lib/rex/struct2/restraint.rb +54 -0
data/lib/rex/struct2/s_string.rb +72 -0
data/lib/rex/struct2/s_struct.rb +111 -0
data/lib/rex/sync.rb +6 -0
data/lib/rex/sync/event.rb +85 -0
data/lib/rex/sync/read_write_lock.rb +177 -0
data/lib/rex/sync/ref.rb +58 -0
data/lib/rex/sync/thread_safe.rb +83 -0
data/lib/rex/text.rb +1813 -0
data/lib/rex/thread_factory.rb +43 -0
data/lib/rex/time.rb +66 -0
data/lib/rex/transformer.rb +116 -0
data/lib/rex/ui.rb +22 -0
data/lib/rex/ui/interactive.rb +304 -0
data/lib/rex/ui/output.rb +85 -0
data/lib/rex/ui/output/none.rb +19 -0
data/lib/rex/ui/progress_tracker.rb +97 -0
data/lib/rex/ui/subscriber.rb +160 -0
data/lib/rex/ui/text/color.rb +98 -0
data/lib/rex/ui/text/dispatcher_shell.rb +538 -0
data/lib/rex/ui/text/input.rb +119 -0
data/lib/rex/ui/text/input/buffer.rb +79 -0
data/lib/rex/ui/text/input/readline.rb +129 -0
data/lib/rex/ui/text/input/socket.rb +96 -0
data/lib/rex/ui/text/input/stdio.rb +46 -0
data/lib/rex/ui/text/irb_shell.rb +62 -0
data/lib/rex/ui/text/output.rb +86 -0
data/lib/rex/ui/text/output/buffer.rb +62 -0
data/lib/rex/ui/text/output/buffer/stdout.rb +26 -0
data/lib/rex/ui/text/output/file.rb +44 -0
data/lib/rex/ui/text/output/socket.rb +44 -0
data/lib/rex/ui/text/output/stdio.rb +53 -0
data/lib/rex/ui/text/output/tee.rb +56 -0
data/lib/rex/ui/text/progress_tracker.rb +57 -0
data/lib/rex/ui/text/shell.rb +403 -0
data/lib/rex/ui/text/table.rb +346 -0
data/lib/rex/zip.rb +96 -0
data/lib/rex/zip/archive.rb +130 -0
data/lib/rex/zip/blocks.rb +184 -0
data/lib/rex/zip/entry.rb +122 -0
data/lib/rex/zip/jar.rb +283 -0
data/lib/rex/zip/samples/comment.rb +32 -0
data/lib/rex/zip/samples/mkwar.rb +138 -0
data/lib/rex/zip/samples/mkzip.rb +19 -0
data/lib/rex/zip/samples/recursive.rb +58 -0
data/rex.gemspec +20 -0
metadata +528 -98
data/CHANGELOG.rdoc +0 -7
data/DOCUMENTATION.en.rdoc +0 -215
data/DOCUMENTATION.ja.rdoc +0 -205
data/Manifest.txt +0 -37
data/README.ja +0 -73
data/README.rdoc +0 -53
data/Rakefile +0 -28
data/bin/rex +0 -18
data/lib/rex/generator.rb +0 -523
data/lib/rex/info.rb +0 -16
data/lib/rex/rexcmd.rb +0 -136
data/sample/a.cmd +0 -1
data/sample/b.cmd +0 -1
data/sample/c.cmd +0 -4
data/sample/calc3.racc +0 -47
data/sample/calc3.rex +0 -15
data/sample/calc3.rex.rb +0 -94
data/sample/calc3.tab.rb +0 -188
data/sample/error1.rex +0 -15
data/sample/error2.rex +0 -15
data/sample/sample.html +0 -32
data/sample/sample.rex +0 -15
data/sample/sample.rex.rb +0 -100
data/sample/sample.xhtml +0 -32
data/sample/sample1.c +0 -9
data/sample/sample1.rex +0 -43
data/sample/sample2.bas +0 -4
data/sample/sample2.rex +0 -33
data/sample/simple.html +0 -7
data/sample/simple.xhtml +0 -10
data/sample/xhtmlparser.racc +0 -66
data/sample/xhtmlparser.rex +0 -72
data/test/assets/test.rex +0 -12
data/test/rex-20060125.rb +0 -152
data/test/rex-20060511.rb +0 -143
data/test/test_generator.rb +0 -184

data/lib/rex/proto/tftp.rb ADDED Viewed

@@ -0,0 +1,13 @@
+# -*- coding: binary -*-
+#
+# TFTP Server implementation according to:
+#
+# RFC1350, RFC2347, RFC2348, RFC2349
+#
+# written by jduck <jduck [at] metasploit.com>
+# thx to scriptjunkie for pointing out option extensions
+#
+require 'rex/proto/tftp/constants'
+require 'rex/proto/tftp/server'
+require 'rex/proto/tftp/client'

data/lib/rex/proto/tftp/client.rb ADDED Viewed

@@ -0,0 +1,344 @@
+# -*- coding: binary -*-
+require 'rex/socket'
+require 'rex/proto/tftp'
+require 'tempfile'
+module Rex
+module Proto
+module TFTP
+#
+# TFTP Client class
+#
+# Note that TFTP has blocks, and so does Ruby. Watch out with the variable names!
+#
+# The big gotcha right now is that setting the mode between octet, netascii, or
+# anything else doesn't actually do anything other than declare it to the
+# server.
+#
+# Also, since TFTP clients act as both clients and servers, we use two
+# threads to handle transfers, regardless of the direction. For this reason,
+# the transfer actions are nonblocking; if you need to see the
+# results of a transfer before doing something else, check the boolean complete
+# attribute and any return data in the :status attribute. It's a little
+# weird like that.
+#
+# Finally, most (all?) clients will alter the data in netascii mode in order
+# to try to conform to the RFC standard for what "netascii" means, but there are
+# ambiguities in implementations on things like if nulls are allowed, what
+# to do with Unicode, and all that. For this reason, "octet" is default, and
+# if you want to send "netascii" data, it's on you to fix up your source data
+# prior to sending it.
+#
+class Client
+  attr_accessor :local_host, :local_port, :peer_host, :peer_port
+  attr_accessor :threads, :context, :server_sock, :client_sock
+  attr_accessor :local_file, :remote_file, :mode, :action
+  attr_accessor :complete, :recv_tempfile, :status
+  attr_accessor :block_size # This definitely breaks spec, should only use for fuzz/sploit.
+  # Returns an array of [code, type, msg]. Data packets
+  # specifically will /not/ unpack, since that would drop any trailing spaces or nulls.
+  def parse_tftp_response(str)
+    return nil unless str.length >= 4
+    ret = str.unpack("nnA*")
+    ret[2] = str[4,str.size] if ret[0] == OpData
+    return ret
+  end
+  def initialize(params)
+    self.threads = []
+    self.local_host = params["LocalHost"] || "0.0.0.0"
+    self.local_port = params["LocalPort"] || (1025 + rand(0xffff-1025))
+    self.peer_host = params["PeerHost"] || (raise ArgumentError, "Need a peer host.")
+    self.peer_port = params["PeerPort"] || 69
+    self.context = params["Context"]
+    self.local_file = params["LocalFile"]
+    self.remote_file = params["RemoteFile"] || (::File.split(self.local_file).last if self.local_file)
+    self.mode = params["Mode"] || "octet"
+    self.action = params["Action"] || (raise ArgumentError, "Need an action.")
+    self.block_size = params["BlockSize"] || 512
+  end
+  #
+  # Methods for both upload and download
+  #
+  def start_server_socket
+    self.server_sock = Rex::Socket::Udp.create(
+      'LocalHost' => local_host,
+      'LocalPort' => local_port,
+      'Context'   => context
+    )
+    if self.server_sock and block_given?
+      yield "Started TFTP client listener on #{local_host}:#{local_port}"
+    end
+    self.threads << Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
+      if block_given?
+        monitor_server_sock {|msg| yield msg}
+      else
+        monitor_server_sock
+      end
+    }
+  end
+  def monitor_server_sock
+    yield "Listening for incoming ACKs" if block_given?
+    res = self.server_sock.recvfrom(65535)
+    if res and res[0]
+      code, type, data = parse_tftp_response(res[0])
+      if code == OpAck and self.action == :upload
+        if block_given?
+          yield "WRQ accepted, sending the file." if type == 0
+          send_data(res[1], res[2]) {|msg| yield msg}
+        else
+          send_data(res[1], res[2])
+        end
+      elsif code == OpData and self.action == :download
+        if block_given?
+          recv_data(res[1], res[2], data) {|msg| yield msg}
+        else
+          recv_data(res[1], res[2], data)
+        end
+      elsif code == OpError
+        yield("Aborting, got error type:%d, message:'%s'" % [type, data]) if block_given?
+        self.status = {:error => [code, type, data]}
+      else
+        yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
+        self.status = {:error => [code, type, data]}
+      end
+    end
+    stop
+  end
+  def monitor_client_sock
+    res = self.client_sock.recvfrom(65535)
+    if res[1] # Got a response back, so that's never good; Acks come back on server_sock.
+      code, type, data = parse_tftp_response(res[0])
+      yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, data]) if block_given?
+      self.status = {:error => [code, type, data]}
+      stop
+    end
+  end
+  def stop
+    self.complete = true
+    begin
+      self.server_sock.close
+      self.client_sock.close
+      self.server_sock = nil
+      self.client_sock = nil
+      self.threads.each {|t| t.kill}
+    rescue
+      nil
+    end
+  end
+  #
+  # Methods for download
+  #
+  def rrq_packet
+    req = [OpRead, self.remote_file, self.mode]
+    packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
+    req.pack(packstr)
+  end
+  def ack_packet(blocknum=0)
+    req = [OpAck, blocknum].pack("nn")
+  end
+  def send_read_request(&block)
+    self.status = nil
+    self.complete = false
+    if block_given?
+      start_server_socket {|msg| yield msg}
+    else
+      start_server_socket
+    end
+    self.client_sock = Rex::Socket::Udp.create(
+      'PeerHost'  => peer_host,
+      'PeerPort'  => peer_port,
+      'LocalHost' => local_host,
+      'LocalPort' => local_port,
+      'Context'   => context
+    )
+    self.client_sock.sendto(rrq_packet, peer_host, peer_port)
+    self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
+      if block_given?
+        monitor_client_sock {|msg| yield msg}
+      else
+        monitor_client_sock
+      end
+    }
+    until self.complete
+      return self.status
+    end
+  end
+  def recv_data(host, port, first_block)
+    self.recv_tempfile = Rex::Quickfile.new('msf-tftp')
+    recvd_blocks = 1
+    if block_given?
+      yield "Source file: #{self.remote_file}, destination file: #{self.local_file}"
+      yield "Received and acknowledged #{first_block.size} in block #{recvd_blocks}"
+    end
+    if block_given?
+      write_and_ack_data(first_block,1,host,port) {|msg| yield msg}
+    else
+      write_and_ack_data(first_block,1,host,port)
+    end
+    current_block = first_block
+    while current_block.size == 512
+      res = self.server_sock.recvfrom(65535)
+      if res and res[0]
+        code, block_num, current_block = parse_tftp_response(res[0])
+        if code == 3
+          if block_given?
+            write_and_ack_data(current_block,block_num,host,port) {|msg| yield msg}
+          else
+            write_and_ack_data(current_block,block_num,host,port)
+          end
+          recvd_blocks += 1
+        else
+          yield("Aborting, got code:%d, type:%d, message:'%s'" % [code, type, msg]) if block_given?
+          stop
+        end
+      end
+    end
+    if block_given?
+      yield("Transferred #{self.recv_tempfile.size} bytes in #{recvd_blocks} blocks, download complete!")
+    end
+    self.status = {:success => [
+      self.local_file,
+      self.remote_file,
+      self.recv_tempfile.size,
+      recvd_blocks.size]
+    }
+    self.recv_tempfile.close
+    stop
+  end
+  def write_and_ack_data(data,blocknum,host,port)
+    self.recv_tempfile.write(data)
+    self.recv_tempfile.flush
+    req = ack_packet(blocknum)
+    self.server_sock.sendto(req, host, port)
+    yield "Received and acknowledged #{data.size} in block #{blocknum}" if block_given?
+  end
+  #
+  # Methods for upload
+  #
+  def wrq_packet
+    req = [OpWrite, self.remote_file, self.mode]
+    packstr = "na#{self.remote_file.length+1}a#{self.mode.length+1}"
+    req.pack(packstr)
+  end
+  # Note that the local filename for uploading need not be a real filename --
+  # if it begins with DATA: it can be any old string of bytes. If it's missing
+  # completely, then just quit.
+  def blockify_file_or_data
+    if self.local_file =~ /^DATA:(.*)/m
+      data = $1
+    elsif ::File.file?(self.local_file) and ::File.readable?(self.local_file)
+      data = ::File.open(self.local_file, "rb") {|f| f.read f.stat.size} rescue []
+    else
+      return []
+    end
+    data_blocks = data.scan(/.{1,#{block_size}}/m)
+    # Drop any trailing empty blocks
+    if data_blocks.size > 1 and data_blocks.last.empty?
+      data_blocks.pop
+    end
+    return data_blocks
+  end
+  def send_write_request(&block)
+    self.status = nil
+    self.complete = false
+    if block_given?
+      start_server_socket {|msg| yield msg}
+    else
+      start_server_socket
+    end
+    self.client_sock = Rex::Socket::Udp.create(
+      'PeerHost'  => peer_host,
+      'PeerPort'  => peer_port,
+      'LocalHost' => local_host,
+      'LocalPort' => local_port,
+      'Context'   => context
+    )
+    self.client_sock.sendto(wrq_packet, peer_host, peer_port)
+    self.threads << Rex::ThreadFactory.spawn("TFTPClientMonitor", false) {
+      if block_given?
+        monitor_client_sock {|msg| yield msg}
+      else
+        monitor_client_sock
+      end
+    }
+    until self.complete
+      return self.status
+    end
+  end
+  def send_data(host,port)
+    self.status = {:write_allowed => true}
+    data_blocks = blockify_file_or_data()
+    if data_blocks.empty?
+      yield "Closing down since there is no data to send." if block_given?
+      self.status = {:success => [self.local_file, self.local_file, 0, 0]}
+      return nil
+    end
+    sent_data = 0
+    sent_blocks = 0
+    expected_blocks = data_blocks.size
+    expected_size = data_blocks.join.size
+    if block_given?
+      yield "Source file: #{self.local_file =~ /^DATA:/ ? "(Data)" : self.remote_file}, destination file: #{self.remote_file}"
+      yield "Sending #{expected_size} bytes (#{expected_blocks} blocks)"
+    end
+    data_blocks.each_with_index do |data_block,idx|
+      req = [OpData, (idx + 1), data_block].pack("nnA*")
+      if self.server_sock.sendto(req, host, port) > 0
+        sent_data += data_block.size
+      end
+      res = self.server_sock.recvfrom(65535)
+      if res
+        code, type, msg = parse_tftp_response(res[0])
+        if code == 4
+          sent_blocks += 1
+          yield "Sent #{data_block.size} bytes in block #{sent_blocks}" if block_given?
+        else
+          if block_given?
+            yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
+          end
+          break
+        end
+      end
+    end
+    if block_given?
+      if(sent_data == expected_size)
+        yield("Transferred #{sent_data} bytes in #{sent_blocks} blocks, upload complete!")
+      else
+        yield "Upload complete, but with errors."
+      end
+    end
+    if sent_data == expected_size
+    self.status = {:success => [
+        self.local_file,
+        self.remote_file,
+        sent_data,
+        sent_blocks
+      ] }
+    end
+  end
+end
+end
+end
+end

data/lib/rex/proto/tftp/constants.rb ADDED Viewed

@@ -0,0 +1,39 @@
+# -*- coding: binary -*-
+require 'rex/proto/tftp'
+module Rex
+module Proto
+module TFTP
+OPCODES = %w{ Unknown RRQ WRQ DATA ACK ERROR }
+OpRead = 1
+OpWrite = 2
+OpData = 3
+OpAck = 4
+OpError = 5
+OpOptAck = 6
+ERRCODES = [
+  "Undefined",
+  "File not found",
+  "Access violation",
+  "Disk full or allocation exceeded",
+  "Illegal TFTP operation",
+  "Unknown transfer ID",
+  "File already exists",
+  "No such user",
+  "Failed option negotiation"
+]
+ErrFileNotFound = 1
+ErrAccessViolation = 2
+ErrDiskFull = 3
+ErrIllegalOperation = 4
+ErrUnknownTransferId = 5
+ErrFileExists = 6
+ErrNoSuchUser = 7
+ErrFailedOptNegotiation = 8
+end
+end
+end

data/lib/rex/proto/tftp/server.rb ADDED Viewed

@@ -0,0 +1,497 @@
+# -*- coding: binary -*-
+require 'rex/socket'
+require 'rex/proto/tftp'
+module Rex
+module Proto
+module TFTP
+#
+# Little util function
+#
+def self.get_string(data)
+  idx = data.index("\x00")
+  return nil if not idx
+  ret = data.slice!(0, idx)
+  # Slice off the nul byte.
+  data.slice!(0,1)
+  ret
+end
+##
+#
+# TFTP Server class
+#
+##
+class Server
+  def initialize(port = 69, listen_host = '0.0.0.0', context = {})
+    self.listen_host = listen_host
+    self.listen_port = port
+    self.context = context
+    self.sock = nil
+    @shutting_down = false
+    @output_dir = nil
+    @tftproot = nil
+    self.files = []
+    self.uploaded = []
+    self.transfers = []
+  end
+  #
+  # Start the TFTP server
+  #
+  def start
+    self.sock = Rex::Socket::Udp.create(
+      'LocalHost' => listen_host,
+      'LocalPort' => listen_port,
+      'Context'   => context
+      )
+    self.thread = Rex::ThreadFactory.spawn("TFTPServerMonitor", false) {
+      monitor_socket
+    }
+  end
+  #
+  # Stop the TFTP server
+  #
+  def stop
+    @shutting_down = true
+    # Wait a maximum of 30 seconds for all transfers to finish.
+    start = ::Time.now
+    while (self.transfers.length > 0)
+      ::IO.select(nil, nil, nil, 0.5)
+      dur = ::Time.now - start
+      break if (dur > 30)
+    end
+    self.files.clear
+    self.thread.kill
+    self.sock.close rescue nil # might be closed already
+  end
+  #
+  # Register a filename and content for a client to request
+  #
+  def register_file(fn, content, once = false)
+    self.files << {
+      :name => fn,
+      :data => content,
+      :once => once
+    }
+  end
+  #
+  # Register an entire directory to serve files from
+  #
+  def set_tftproot(rootdir)
+    @tftproot = rootdir if ::File.directory?(rootdir)
+  end
+  #
+  # Register a directory to write uploaded files to
+  #
+  def set_output_dir(outdir)
+    @output_dir = outdir if ::File.directory?(outdir)
+  end
+  #
+  # Send an error packet w/the specified code and string
+  #
+  def send_error(from, num)
+    if (num < 1 or num >= ERRCODES.length)
+      # ignore..
+      return
+    end
+    pkt = [OpError, num].pack('nn')
+    pkt << ERRCODES[num]
+    pkt << "\x00"
+    send_packet(from, pkt)
+  end
+  #
+  # Send a single packet to the specified host
+  #
+  def send_packet(from, pkt)
+    self.sock.sendto(pkt, from[0], from[1])
+  end
+  #
+  # Find the hash entry for a file that may be offered
+  #
+  def find_file(fname)
+    # Files served via register_file() take precedence.
+    self.files.each do |f|
+      if (fname == f[:name])
+        return f
+      end
+    end
+    # Now, if we have a tftproot, see if it can serve from it
+    if @tftproot
+      return find_file_in_root(fname)
+    end
+    nil
+  end
+  #
+  # Find the file in the specified tftp root and add a temporary
+  # entry to the files hash.
+  #
+  def find_file_in_root(fname)
+    fn = ::File.expand_path(::File.join(@tftproot, fname))
+    # Don't allow directory traversal
+    return nil if fn.index(@tftproot) != 0
+    return nil if not ::File.file?(fn) or not ::File.readable?(fn)
+    # Read the file contents, and register it as being served once
+    data = data = ::File.open(fn, "rb") { |fd| fd.read(fd.stat.size) }
+    register_file(fname, data)
+    # Return the last file in the array
+    return self.files[-1]
+  end
+  attr_accessor :listen_host, :listen_port, :context
+  attr_accessor :sock, :files, :transfers, :uploaded
+  attr_accessor :thread
+  attr_accessor :incoming_file_hook
+protected
+  def find_transfer(type, from, block)
+    self.transfers.each do |tr|
+      if (tr[:type] == type and tr[:from] == from and tr[:block] == block)
+        return tr
+      end
+    end
+    nil
+  end
+  def save_output(tr)
+    self.uploaded << tr[:file]
+    return incoming_file_hook.call(tr) if incoming_file_hook
+    if @output_dir
+      fn = tr[:file][:name].split(File::SEPARATOR)[-1]
+      if fn
+        fn = ::File.join(@output_dir, Rex::FileUtils.clean_path(fn))
+        ::File.open(fn, "wb") { |fd|
+          fd.write(tr[:file][:data])
+        }
+      end
+    end
+  end
+  def check_retransmission(tr)
+    elapsed = ::Time.now - tr[:last_sent]
+    if (elapsed >= tr[:timeout])
+      # max retries reached?
+      if (tr[:retries] < 3)
+        #if (tr[:type] == OpRead)
+        #	puts "[-] ack timed out, resending block"
+        #else
+        #	puts "[-] block timed out, resending ack"
+        #end
+        tr[:last_sent] = nil
+        tr[:retries] += 1
+      else
+        #puts "[-] maximum tries reached, terminating transfer"
+        self.transfers.delete(tr)
+      end
+    end
+  end
+  #
+  # See if there is anything to do.. If so, dispatch it.
+  #
+  def monitor_socket
+    while true
+      rds = [@sock]
+      wds = []
+      self.transfers.each do |tr|
+        if (not tr[:last_sent])
+          wds << @sock
+          break
+        end
+      end
+      eds = [@sock]
+      r,w,e = ::IO.select(rds,wds,eds,1)
+      if (r != nil and r[0] == self.sock)
+        buf,host,port = self.sock.recvfrom(65535)
+        # Lame compatabilitiy :-/
+        from = [host, port]
+        dispatch_request(from, buf)
+      end
+      #
+      # Check to see if transfers need maintenance
+      #
+      self.transfers.each do |tr|
+        # We handle RRQ and WRQ separately
+        #
+        if (tr[:type] == OpRead)
+          # Are we awaiting an ack?
+          if (tr[:last_sent])
+            check_retransmission(tr)
+          elsif (w != nil and w[0] == self.sock)
+            # No ack waiting, send next block..
+            chunk = tr[:file][:data].slice(tr[:offset], tr[:blksize])
+            if (chunk and chunk.length >= 0)
+              pkt = [OpData, tr[:block]].pack('nn')
+              pkt << chunk
+              send_packet(tr[:from], pkt)
+              tr[:last_sent] = ::Time.now
+              # If the file is a one-serve, mark it as started
+              tr[:file][:started] = true if (tr[:file][:once])
+            else
+              # No more chunks.. transfer is most likely done.
+              # However, we can only delete it once the last chunk has been
+              # acked.
+            end
+          end
+        else
+          # Are we awaiting data?
+          if (tr[:last_sent])
+            check_retransmission(tr)
+          elsif (w != nil and w[0] == self.sock)
+            # Not waiting for data, send an ack..
+            #puts "[*] sending ack for block %d" % [tr[:block]]
+            pkt = [OpAck, tr[:block]].pack('nn')
+            send_packet(tr[:from], pkt)
+            tr[:last_sent] = ::Time.now
+            # If we had a 0-511 byte chunk, we're done.
+            if (tr[:last_size] and tr[:last_size] < tr[:blksize])
+              #puts "[*] Transfer complete, saving output"
+              save_output(tr)
+              self.transfers.delete(tr)
+            end
+          end
+        end
+      end
+    end
+  end
+  def next_block(tr)
+    tr[:block] += 1
+    tr[:last_sent] = nil
+    tr[:retries] = 0
+  end
+  #
+  # Dispatch a packet that we received
+  #
+  def dispatch_request(from, buf)
+    op = buf.unpack('n')[0]
+    buf.slice!(0,2)
+    #XXX: todo - create call backs for status
+    #start = "[*] TFTP - %s:%u - %s" % [from[0], from[1], OPCODES[op]]
+    case op
+    when OpRead
+      # Process RRQ packets
+      fn = TFTP::get_string(buf)
+      mode = TFTP::get_string(buf).downcase
+      #puts "%s %s %s" % [start, fn, mode]
+      if (not @shutting_down) and (file = self.find_file(fn))
+        if (file[:once] and file[:started])
+          send_error(from, ErrFileNotFound)
+        else
+          transfer = {
+            :type => OpRead,
+            :from => from,
+            :file => file,
+            :block => 1,
+            :blksize => 512,
+            :offset => 0,
+            :timeout => 3,
+            :last_sent => nil,
+            :retries => 0
+          }
+          process_options(from, buf, transfer)
+          self.transfers << transfer
+        end
+      else
+        #puts "[-] file not found!"
+        send_error(from, ErrFileNotFound)
+      end
+    when OpWrite
+      # Process WRQ packets
+      fn = TFTP::get_string(buf)
+      mode = TFTP::get_string(buf).downcase
+      #puts "%s %s %s" % [start, fn, mode]
+      if not @shutting_down
+        transfer = {
+          :type => OpWrite,
+          :from => from,
+          :file => { :name => fn, :data => '' },
+          :block => 0, # WRQ starts at 0
+          :blksize => 512,
+          :timeout => 3,
+          :last_sent => nil,
+          :retries => 0
+        }
+        process_options(from, buf, transfer)
+        self.transfers << transfer
+      else
+        send_error(from, ErrIllegalOperation)
+      end
+    when OpAck
+      # Process ACK packets
+      block = buf.unpack('n')[0]
+      #puts "%s %d" % [start, block]
+      tr = find_transfer(OpRead, from, block)
+      if not tr
+        # NOTE: some clients, such as pxelinux, send an ack for block 0.
+        # To deal with this, we simply ignore it as we start with block 1.
+        return if block == 0
+        # If we didn't find it, send an error.
+        send_error(from, ErrUnknownTransferId)
+      else
+        # acked! send the next block
+        tr[:offset] += tr[:blksize]
+        next_block(tr)
+        # If the transfer is finished, delete it
+        if (tr[:offset] > tr[:file][:data].length)
+          #puts "[*] Transfer complete"
+          self.transfers.delete(tr)
+          # if the file is a one-serve, delete it from the files array
+          if tr[:file][:once]
+            #puts "[*] Removed one-serve file: #{tr[:file][:name]}"
+            self.files.delete(tr[:file])
+          end
+        end
+      end
+    when OpData
+      # Process Data packets
+      block = buf.unpack('n')[0]
+      data = buf.slice(2, buf.length)
+      #puts "%s %d %d bytes" % [start, block, data.length]
+      tr = find_transfer(OpWrite, from, (block-1))
+      if not tr
+        # If we didn't find it, send an error.
+        send_error(from, ErrUnknownTransferId)
+      else
+        tr[:file][:data] << data
+        tr[:last_size] = data.length
+        next_block(tr)
+        # Similar to RRQ transfers, we cannot detect that the
+        # transfer finished here. We must do so after transmitting
+        # the final ACK.
+      end
+    else
+      # Other packets are unsupported
+      #puts start
+      send_error(from, ErrAccessViolation)
+    end
+  end
+  def process_options(from, buf, tr)
+    found = 0
+    to_ack = []
+    while buf.length >= 4
+      opt = TFTP::get_string(buf)
+      break if not opt
+      val = TFTP::get_string(buf)
+      break if not val
+      found += 1
+      # Is it one we support?
+      opt.downcase!
+      case opt
+      when "blksize"
+        val = val.to_i
+        if val > 0
+          tr[:blksize] = val
+          to_ack << [ opt, val.to_s ]
+        end
+      when "timeout"
+        val = val.to_i
+        if val >= 1 and val <= 255
+          tr[:timeout] = val
+          to_ack << [ opt, val.to_s ]
+        end
+      when "tsize"
+        if tr[:type] == OpRead
+          len = tr[:file][:data].length
+        else
+          val = val.to_i
+          len = val
+        end
+        to_ack << [ opt, len.to_s ]
+      end
+    end
+    return if to_ack.length < 1
+    # if we have anything to ack, do it
+    data = [OpOptAck].pack('n')
+    to_ack.each { |el|
+      data << el[0] << "\x00" << el[1] << "\x00"
+    }
+    send_packet(from, data)
+  end
+end
+end
+end
+end