rex 2.0.4 → 2.0.5

data/lib/rex/socket/comm/local.rb

@@ -195,7 +195,7 @@ class Rex::Socket::Comm::Local
 
       rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
         sock.close
-        raise Rex::AddressInUse.new(param.localhost, param.localport), caller
+        raise Rex::BindFailed.new(param.localhost, param.localport), caller
       end
     end
 
@@ -291,19 +291,22 @@ class Rex::Socket::Comm::Local
           end
 
           sock.close
-          raise Rex::HostUnreachable.new(param.peerhost, param.peerport), caller
+          raise Rex::HostUnreachable.new(ip, port), caller
 
         rescue ::Errno::EADDRNOTAVAIL,::Errno::EADDRINUSE
           sock.close
-          raise Rex::AddressInUse.new(param.peerhost, param.peerport), caller
+          raise Rex::InvalidDestination.new(ip, port), caller
 
         rescue Errno::ETIMEDOUT
           sock.close
-          raise Rex::ConnectionTimeout.new(param.peerhost, param.peerport), caller
+          raise Rex::ConnectionTimeout.new(ip, port), caller
 
         rescue ::Errno::ECONNRESET,::Errno::ECONNREFUSED,::Errno::ENOTCONN,::Errno::ECONNABORTED
           sock.close
-          raise Rex::ConnectionRefused.new(param.peerhost, param.peerport), caller
+          # Report the actual thing we were trying to connect to here, not
+          # param.peerhost, since that's the eventual target at the end of the
+          # proxy chain
+          raise Rex::ConnectionRefused.new(ip, port.to_i), caller
         end
       end
 
@@ -378,9 +381,9 @@ class Rex::Socket::Comm::Local
       ni_packet << [route_data.length - 4].pack('N') + route_data
       # Now that we've built the whole packet, prepend its length before writing it to the wire
       ni_packet = [ni_packet.length].pack('N') + ni_packet
-      
+
       size = sock.put(ni_packet)
-      
+
       if size != ni_packet.length
         raise Rex::ConnectionProxyError.new(host, port, type, "Failed to send the entire request to the proxy"), caller
       end

data/lib/rex/socket/ssl_tcp_server.rb

@@ -99,6 +99,80 @@ module Rex::Socket::SslTcpServer
     end
   end
 
+  #
+  # Parse a certificate in unified PEM format that contains a private key and
+  # one or more certificates. The first certificate is the primary, while any
+  # additional certificates are treated as intermediary certificates. This emulates
+  # the behavior of web servers like nginx.
+  #
+  # @param [String] ssl_cert
+  # @return [String, String, Array]
+  def self.ssl_parse_pem(ssl_cert)
+    cert  = nil
+    key   = nil
+    chain = nil
+
+    certs = []
+    ssl_cert.scan(/-----BEGIN\s*[^\-]+-----+\r?\n[^\-]*-----END\s*[^\-]+-----\r?\n?/nm).each do |pem|
+      if pem =~ /PRIVATE KEY/
+        key = OpenSSL::PKey::RSA.new(pem)
+      elsif pem =~ /CERTIFICATE/
+        certs << OpenSSL::X509::Certificate.new(pem)
+      end
+    end
+
+    cert = certs.shift
+    if certs.length > 0
+      chain = certs
+    end
+
+    [key, cert, chain]
+  end
+
+  #
+  # Shim for the ssl_parse_pem module method
+  #
+  def ssl_parse_pem(ssl_cert)
+    Rex::Socket::SslTcpServer.ssl_parse_pem(ssl_cert)
+  end
+
+  #
+  # Generate a realistic-looking but obstensibly fake SSL
+  # certificate. This matches a typical "snakeoil" cert.
+  #
+  # @return [String, String, Array]
+  def self.ssl_generate_certificate
+    yr   = 24*3600*365
+    vf   = Time.at(Time.now.to_i - rand(yr * 3) - yr)
+    vt   = Time.at(vf.to_i + (10 * yr))
+    cn   = Rex::Text.rand_text_alpha_lower(rand(8)+2)
+    key  = OpenSSL::PKey::RSA.new(2048){ }
+    cert = OpenSSL::X509::Certificate.new
+    cert.version    = 2
+    cert.serial     = (rand(0xFFFFFFFF) << 32) + rand(0xFFFFFFFF)
+    cert.subject    = OpenSSL::X509::Name.new([["CN", cn]])
+    cert.issuer     = OpenSSL::X509::Name.new([["CN", cn]])
+    cert.not_before = vf
+    cert.not_after  = vt
+    cert.public_key = key.public_key
+
+    ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
+    cert.extensions = [
+      ef.create_extension("basicConstraints","CA:FALSE")
+    ]
+    ef.issuer_certificate = cert
+
+    cert.sign(key, OpenSSL::Digest::SHA256.new)
+
+    [key, cert, nil]
+  end
+
+  #
+  # Shim for the ssl_generate_certificate module method
+  #
+  def ssl_generate_certificate
+    Rex::Socket::SslTcpServer.ssl_generate_certificate
+  end
 
   #
   # Create a new ssl context.  If +ssl_cert+ is not given, generates a new
@@ -107,54 +181,19 @@ module Rex::Socket::SslTcpServer
   # @param [Rex::Socket::Parameters] params
   # @return [::OpenSSL::SSL::SSLContext]
   def makessl(params)
-    ssl_cert = params.ssl_cert
-    if ssl_cert
-      cert = OpenSSL::X509::Certificate.new(ssl_cert)
-      key = OpenSSL::PKey::RSA.new(ssl_cert)
+
+    if params.ssl_cert
+      key, cert, chain = ssl_parse_pem(params.ssl_cert)
     else
-      key = OpenSSL::PKey::RSA.new(1024){ }
-      cert = OpenSSL::X509::Certificate.new
-      cert.version = 2
-      cert.serial = rand(0xFFFFFFFF)
-      # name = OpenSSL::X509::Name.new([["C","JP"],["O","TEST"],["CN","localhost"]])
-      subject = OpenSSL::X509::Name.new([
-          ["C","US"],
-          ['ST', Rex::Text.rand_state()],
-          ["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
-          ["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-          ["CN", Rex::Text.rand_hostname],
-        ])
-      issuer = OpenSSL::X509::Name.new([
-          ["C","US"],
-          ['ST', Rex::Text.rand_state()],
-          ["L", Rex::Text.rand_text_alpha(rand(20) + 10)],
-          ["O", Rex::Text.rand_text_alpha(rand(20) + 10)],
-          ["CN", Rex::Text.rand_hostname],
-        ])
-
-      cert.subject = subject
-      cert.issuer = issuer
-      cert.not_before = Time.now - (3600 * 365)
-      cert.not_after = Time.now + (3600 * 365)
-      cert.public_key = key.public_key
-      ef = OpenSSL::X509::ExtensionFactory.new(nil,cert)
-      cert.extensions = [
-        ef.create_extension("basicConstraints","CA:FALSE"),
-        ef.create_extension("subjectKeyIdentifier","hash"),
-        ef.create_extension("extendedKeyUsage","serverAuth"),
-        ef.create_extension("keyUsage","keyEncipherment,dataEncipherment,digitalSignature")
-      ]
-      ef.issuer_certificate = cert
-      cert.add_extension ef.create_extension("authorityKeyIdentifier", "keyid:always,issuer:always")
-      cert.sign(key, OpenSSL::Digest::SHA1.new)
+      key, cert, chain = ssl_generate_certificate
     end
 
     ctx = OpenSSL::SSL::SSLContext.new()
     ctx.key = key
     ctx.cert = cert
+    ctx.extra_chain_cert = chain
     ctx.options = 0
 
-
     # Older versions of OpenSSL do not export the OP_NO_COMPRESSION symbol
     if defined?(OpenSSL::SSL::OP_NO_COMPRESSION)
       # enable/disable the SSL/TLS-level compression

data/lib/rex/ui/text/input/readline.rb

@@ -20,11 +20,7 @@ begin
     #
     def initialize(tab_complete_proc = nil)
       if(not Object.const_defined?('Readline'))
-        begin
-          require 'readline'
-        rescue ::LoadError
-          require 'readline_compatible'
-        end
+        require 'readline'
       end
 
       self.extend(::Readline)
@@ -87,7 +83,7 @@ begin
         Thread.current.priority = -20
 
         output.prompting
-        line = ::Readline.readline(prompt, true)
+        line = readline_with_output(prompt, true)
         ::Readline::HISTORY.pop if (line and line.empty?)
       ensure
         Thread.current.priority = orig || 0
@@ -120,6 +116,37 @@ begin
     #
     attr_accessor :output
 
+    private
+
+    def readline_with_output(prompt, add_history=false)
+      # rb-readlines's Readline.readline hardcodes the input and output to $stdin and $stdout, which means setting
+      # `Readline.input` or `Readline.ouput` has no effect when running `Readline.readline` with rb-readline, so need
+      # to reimplement []`Readline.readline`](https://github.com/luislavena/rb-readline/blob/ce4908dae45dbcae90a6e42e3710b8c3a1f2cd64/lib/readline.rb#L36-L58)
+      # for rb-readline to support setting input and output.  Output needs to be set so that colorization works for the
+      # prompt on Windows.
+      if defined? RbReadline
+        RbReadline.rl_instream = fd
+        RbReadline.rl_outstream = output
+
+        begin
+          line = RbReadline.readline(prompt)
+        rescue ::Exception => exception
+          RbReadline.rl_cleanup_after_signal()
+          RbReadline.rl_deprep_terminal()
+
+          raise exception
+        end
+
+        if add_history && line
+          RbReadline.add_history(line)
+        end
+
+        line.try(:dup)
+      else
+        ::Readline.readline(prompt, true)
+      end
+    end
+
   end
 rescue LoadError
 end

data/lib/rex/ui/text/output/file.rb

@@ -14,8 +14,8 @@ class Output::File < Rex::Ui::Text::Output
 
   attr_accessor :fd
 
-  def initialize(path)
-    self.fd = ::File.open(path, "wb")
+  def initialize(path, mode='wb')
+    self.fd = ::File.open(path, mode)
   end
 
   def supports_color?

data/lib/rex/ui/text/output/stdio.rb

@@ -16,6 +16,76 @@ module Text
 #
 ###
 class Output::Stdio < Rex::Ui::Text::Output
+  #
+  # Attributes
+  #
+
+  # @!attribute io
+  #   The raw `IO` backing this Text output.  Defaults to `$stdout`
+  #
+  #   @return [#flush, #puts, #write]
+  attr_writer :io
+
+  #
+  # Constructor
+  #
+
+  # @param options [Hash{Symbol => IO}]
+  # @option options [IO]
+  def initialize(options={})
+    options.assert_valid_keys(:io)
+
+    super()
+
+    self.io = options[:io]
+  end
+
+  #
+  # Methods
+  #
+
+  def flush
+    io.flush
+  end
+
+  # IO to write to.
+  #
+  # @return [IO] Default to `$stdout`
+  def io
+    @io ||= $stdout
+  end
+
+  #
+  # Prints the supplied message to standard output.
+  #
+  def print_raw(msg = '')
+    if (Rex::Compat.is_windows and supports_color?)
+      WindowsConsoleColorSupport.new(io).write(msg)
+    else
+      io.print(msg)
+    end
+
+    io.flush
+
+    msg
+  end
+  alias_method :write, :print_raw
+
+  def puts(*args)
+    args.each do |argument|
+      line = argument.to_s
+      write(line)
+
+      unless line.ends_with? "\n"
+        # yes, this is output, but `IO#puts` uses `rb_default_rs`, which is
+        # [`$/`](https://github.com/ruby/ruby/blob/3af8e150aded9d162bfd41426aaaae0279e5a653/io.c#L12168-L12172),
+        # which is [`$INPUT_RECORD_SEPARATOR`](https://github.com/ruby/ruby/blob/3af8e150aded9d162bfd41426aaaae0279e5a653/lib/English.rb#L83)
+        write($INPUT_RECORD_SEPARATOR)
+      end
+    end
+
+    nil
+  end
 
   def supports_color?
     case config[:color]
@@ -31,20 +101,6 @@ class Output::Stdio < Rex::Ui::Text::Output
       return (term and term.match(/(?:vt10[03]|xterm(?:-color)?|linux|screen|rxvt)/i) != nil)
     end
   end
-
-  #
-  # Prints the supplied message to standard output.
-  #
-  def print_raw(msg = '')
-    if (Rex::Compat.is_windows and supports_color?)
-      WindowsConsoleColorSupport.new($stdout).write(msg)
-    else
-      $stdout.print(msg)
-    end
-    $stdout.flush
-
-    msg
-  end
 end
 
 end

data/rex.gemspec

@@ -1,7 +1,7 @@
 # encoding: utf-8
 
 APP_NAME = "rex"
-VERSION  = "2.0.4"
+VERSION  = "2.0.5"
 
 Gem::Specification.new do |s|
   s.name                  = APP_NAME

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex
 version: !ruby/object:Gem::Version
-  version: 2.0.4
+  version: 2.0.5
 platform: ruby
 authors:
 - HD Moore
@@ -9,7 +9,7 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-10-15 00:00:00.000000000 Z
+date: 2014-12-22 00:00:00.000000000 Z
 dependencies: []
 description: Rex provides a variety of classes useful for security testing and exploit
   development.
@@ -32,6 +32,7 @@ files:
 - lib/rex/codepage.map
 - lib/rex/compat.rb
 - lib/rex/constants.rb
+- lib/rex/constants/windows.rb
 - lib/rex/elfparsey.rb
 - lib/rex/elfparsey/elf.rb
 - lib/rex/elfparsey/elfbase.rb
@@ -107,6 +108,27 @@ files:
 - lib/rex/io/stream.rb
 - lib/rex/io/stream_abstraction.rb
 - lib/rex/io/stream_server.rb
+- lib/rex/java.rb
+- lib/rex/java/serialization.rb
+- lib/rex/java/serialization/model.rb
+- lib/rex/java/serialization/model/annotation.rb
+- lib/rex/java/serialization/model/block_data.rb
+- lib/rex/java/serialization/model/block_data_long.rb
+- lib/rex/java/serialization/model/class_desc.rb
+- lib/rex/java/serialization/model/contents.rb
+- lib/rex/java/serialization/model/element.rb
+- lib/rex/java/serialization/model/end_block_data.rb
+- lib/rex/java/serialization/model/field.rb
+- lib/rex/java/serialization/model/long_utf.rb
+- lib/rex/java/serialization/model/new_array.rb
+- lib/rex/java/serialization/model/new_class_desc.rb
+- lib/rex/java/serialization/model/new_enum.rb
+- lib/rex/java/serialization/model/new_object.rb
+- lib/rex/java/serialization/model/null_reference.rb
+- lib/rex/java/serialization/model/reference.rb
+- lib/rex/java/serialization/model/reset.rb
+- lib/rex/java/serialization/model/stream.rb
+- lib/rex/java/serialization/model/utf.rb
 - lib/rex/job_container.rb
 - lib/rex/logging.rb
 - lib/rex/logging/log_dispatcher.rb
@@ -173,6 +195,8 @@ files:
 - lib/rex/parser/unattend.rb
 - lib/rex/parser/wapiti_nokogiri.rb
 - lib/rex/payloads.rb
+- lib/rex/payloads/meterpreter.rb
+- lib/rex/payloads/meterpreter/patch.rb
 - lib/rex/payloads/win32.rb
 - lib/rex/payloads/win32/common.rb
 - lib/rex/payloads/win32/kernel.rb
@@ -354,6 +378,8 @@ files:
 - lib/rex/proto/dcerpc/ndr.rb
 - lib/rex/proto/dcerpc/packet.rb
 - lib/rex/proto/dcerpc/response.rb
+- lib/rex/proto/dcerpc/svcctl.rb
+- lib/rex/proto/dcerpc/svcctl/packet.rb
 - lib/rex/proto/dcerpc/uuid.rb
 - lib/rex/proto/dcerpc/wdscp.rb
 - lib/rex/proto/dcerpc/wdscp/constants.rb
@@ -389,6 +415,13 @@ files:
 - lib/rex/proto/ipmi/open_session_reply.rb
 - lib/rex/proto/ipmi/rakp2.rb
 - lib/rex/proto/ipmi/utils.rb
+- lib/rex/proto/kademlia.rb
+- lib/rex/proto/kademlia/bootstrap_request.rb
+- lib/rex/proto/kademlia/bootstrap_response.rb
+- lib/rex/proto/kademlia/message.rb
+- lib/rex/proto/kademlia/ping.rb
+- lib/rex/proto/kademlia/pong.rb
+- lib/rex/proto/kademlia/util.rb
 - lib/rex/proto/natpmp.rb
 - lib/rex/proto/natpmp/constants.rb
 - lib/rex/proto/natpmp/packet.rb
@@ -405,6 +438,8 @@ files:
 - lib/rex/proto/pjl.rb
 - lib/rex/proto/pjl/client.rb
 - lib/rex/proto/proxy/socks4a.rb
+- lib/rex/proto/quake.rb
+- lib/rex/proto/quake/message.rb
 - lib/rex/proto/rfb.rb
 - lib/rex/proto/rfb/cipher.rb
 - lib/rex/proto/rfb/client.rb
@@ -531,7 +566,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.2.2
+rubygems_version: 2.4.3
 signing_key: 
 specification_version: 4
 summary: Ruby Exploitation Library