rex 2.0.5 → 2.0.7

data/lib/rex/proto/kerberos/pac/priv_svr_checksum.rb

@@ -0,0 +1,29 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Pac
+        # This class provides a representation of a PAC_PRIVSVR_CHECKSUM structure, which contains the
+        # checksum using the key of the KDC.
+        class PrivSvrChecksum < Element
+
+          # @!attribute version
+          #   @return [Fixnum] The checksum type
+          attr_accessor :checksum
+
+          # Encodes the Rex::Proto::Kerberos::Pac::PacPrivSvrChecksum
+          #
+          # @return [String]
+          def encode
+            encoded = ''
+            encoded << [checksum].pack('V')
+            encoded << "\x00" * 16
+
+            encoded
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/pac/server_checksum.rb

@@ -0,0 +1,30 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Pac
+        # This class provides a representation of a PAC_SERVER_CHECKSUM structure, which contains the
+        # checksum using the key of the server.
+        class ServerChecksum < Element
+
+          # @!attribute version
+          #   @return [Fixnum] The checksum type
+          attr_accessor :checksum
+
+          # Encodes the Rex::Proto::Kerberos::Pac::ServerChecksum
+          #
+          # @return [String]
+          def encode
+            encoded = ''
+            encoded << [checksum].pack('V')
+            encoded << "\x00" * 16
+
+            encoded
+          end
+        end
+
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/pac/type.rb

@@ -0,0 +1,121 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Kerberos
+      module Pac
+        # This class provides a representation of a PAC_TYPE structure, the topmost structure
+        # of the PAC.
+        class Type < Element
+
+          # @!attribute buffers
+          #   @return [Array<Rex::Proto::Kerberos::Pac::Element>] The array of PAC_INFO_BUFFER structures
+          attr_accessor :buffers
+          # @!attribute checksum
+          #   @return [Fixnum] The type of checksum to use when encoding PAC-TYPE
+          attr_accessor :checksum
+
+          # Encodes the Rex::Proto::Kerberos::Pac::Type
+          #
+          # @return [String]
+          def encode
+            offset_one = 0
+            offset_two = 0
+
+            draft = ''
+            draft << encode_buffers_length
+            draft << encode_version
+            draft << encode_pac_info_buffers
+
+            # Encode buffers
+            buffers.each do |buffer|
+              if buffer.class == ServerChecksum
+                offset_one = draft.length + 4
+              elsif buffer.class == PrivSvrChecksum
+                offset_two = draft.length + 4
+              end
+
+              buffer_encoded = buffer.encode
+              draft << buffer_encoded
+              draft << "\x00" * ((buffer_encoded.length + 7) / 8 * 8 - buffer_encoded.length)
+            end
+
+            checksum_draft = make_checksum(draft)
+            double_checksum = make_checksum(checksum_draft)
+
+            encoded = ''
+            encoded << draft[0..(offset_one - 1)]
+            encoded << checksum_draft
+            encoded << draft[(offset_one + checksum_draft.length)..(offset_two - 1)]
+            encoded << double_checksum
+            encoded << draft[(offset_two + double_checksum.length)..(draft.length - 1)]
+
+            encoded
+          end
+
+          private
+
+          # Encodes the number of buffers contained in the PAC
+          #
+          # @return [String]
+          def encode_buffers_length
+            [buffers.length].pack('V')
+          end
+
+          # Encodes the PAC version
+          #
+          # @return [String]
+          def encode_version
+            [VERSION].pack('V')
+          end
+
+          # Encodes the PAC_INFO_BUFFER data
+          #
+          # @return [String]
+          def encode_pac_info_buffers
+            offset = 8 + buffers.length * 16
+            encoded = ''
+            buffers.each do |buffer|
+              case buffer
+              when ClientInfo
+                encoded << [PAC_CLIENT_INFO].pack('V')
+              when LogonInfo
+                encoded << [PAC_LOGON_INFO].pack('V')
+              when PrivSvrChecksum
+                encoded << [PAC_PRIVSVR_CHECKSUM].pack('V')
+              when ServerChecksum
+                encoded << [PAC_SERVER_CHECKSUM].pack('V')
+              end
+
+              buffer_length = buffer.encode.length
+
+              encoded << [buffer_length].pack('V')
+              encoded << [offset].pack('Q<')
+
+              offset = (offset + buffer_length + 7) / 8 * 8
+            end
+
+            encoded
+          end
+
+          # Calculates the checksum for the PAC data
+          #
+          # @param data [String] the data to checksum
+          # @return [String] the checksum result
+          # @raise [NotImplementedError] if checksum schema isn't supported
+          def make_checksum(data)
+            res = ''
+            case checksum
+            when RSA_MD5
+              res = checksum_rsa_md5(data)
+            else
+              raise ::NotImplementedError, 'PAC-TYPE checksum not supported'
+            end
+
+            res
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/rmi.rb

@@ -0,0 +1,7 @@
+# -*- coding: binary -*-
+
+# JAVA RMI Wire protocol implementation
+# http://docs.oracle.com/javase/7/docs/platform/rmi/spec/rmi-protocol.html
+
+require 'rex/proto/rmi/model'
+

data/lib/rex/proto/rmi/model.rb

@@ -0,0 +1,31 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Rmi
+      module Model
+        SIGNATURE              = 'JRMI'
+        STREAM_PROTOCOL        = 0x4b
+        SINGLE_OP_PROTOCOL     = 0x4c
+        MULTIPLEX_PROTOCOL     = 0x4d
+        CALL_MESSAGE           = 0x50
+        PING_MESSAGE           = 0x52
+        DGC_ACK_MESSAGE        = 0x54
+        PROTOCOL_ACK           = 0x4e
+        PROTOCOL_NOT_SUPPORTED = 0x4f
+        RETURN_DATA            = 0x51
+        PING_ACK               = 0x53
+      end
+    end
+  end
+end
+
+require 'rex/proto/rmi/model/element'
+require 'rex/proto/rmi/model/output_header'
+require 'rex/proto/rmi/model/protocol_ack'
+require 'rex/proto/rmi/model/continuation'
+require 'rex/proto/rmi/model/call'
+require 'rex/proto/rmi/model/return_data'
+require 'rex/proto/rmi/model/dgc_ack'
+require 'rex/proto/rmi/model/ping'
+require 'rex/proto/rmi/model/ping_ack'

data/lib/rex/proto/rmi/model/call.rb

@@ -0,0 +1,60 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Rmi
+      module Model
+        # This class provides a representation of an RMI call message
+        class Call < Element
+
+          # @!attribute message_id
+          #   @return [Fixnum] the message id
+          attr_accessor :message_id
+          # @!attribute call_data
+          #   @return [Rex::Java::Serialization::Model::Stream] the serialized call data
+          attr_accessor :call_data
+
+          private
+
+          # Reads the message id from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [String]
+          # @raise [RuntimeError] if fails to decode the message id
+          def decode_message_id(io)
+            message_id = read_byte(io)
+            unless message_id == CALL_MESSAGE
+              raise ::RuntimeError, 'Failed to decode Call message id'
+            end
+
+            message_id
+          end
+
+          # Reads and deserializes the call data from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Rex::Java::Serialization::Model::Stream]
+          def decode_call_data(io)
+            call_data = Rex::Java::Serialization::Model::Stream.decode(io)
+
+            call_data
+          end
+
+          # Encodes the message_id field
+          #
+          # @return [String]
+          def encode_message_id
+            [message_id].pack('C')
+          end
+
+          # Encodes the address field
+          #
+          # @return [String]
+          def encode_call_data
+            call_data.encode
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/rmi/model/continuation.rb

@@ -0,0 +1,76 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Rmi
+      module Model
+        # This class provides a representation of an RMI continuation stream
+        class Continuation < Element
+
+          # @!attribute length
+          #   @return [Fixnum] the end point address length
+          attr_accessor :length
+          # @!attribute address
+          #   @return [String] the end point address
+          attr_accessor :address
+          # @!attribute port
+          #   @return [Fixnum] the end point port
+          attr_accessor :port
+
+          private
+
+          # Reads the end point identifier address length from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Fixnum]
+          def decode_length(io)
+            length = read_short(io)
+
+            length
+          end
+
+          # Reads the end point address from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [String]
+          def decode_address(io)
+            version = read_string(io, length)
+
+            version
+          end
+
+          # Reads the end point port from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Fixnum]
+          def decode_port(io)
+            port = read_int(io)
+
+            port
+          end
+
+          # Encodes the length field
+          #
+          # @return [String]
+          def encode_length
+            [length].pack('n')
+          end
+
+          # Encodes the address field
+          #
+          # @return [String]
+          def encode_address
+            address
+          end
+
+          # Encodes the port field
+          #
+          # @return [String]
+          def encode_port
+            [port].pack('N')
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/rmi/model/dgc_ack.rb

@@ -0,0 +1,62 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Rmi
+      module Model
+        # This class provides a representation of an RMI DbgACK stream. It is an acknowledgement
+        # directed to a server's distributed garbage collector that indicates that remote objects
+        # in a return value from a server have been received by the client.
+        class DgcAck < Element
+
+          # @!attribute stream_id
+          #   @return [Fixnum] the input stream id
+          attr_accessor :stream_id
+          # @!attribute unique_identifier
+          #   @return [String] the unique identifier
+          attr_accessor :unique_identifier
+
+          private
+
+          # Reads the stream id from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [String]
+          # @raise [RuntimeError] if fails to decode stream id
+          def decode_stream_id(io)
+            stream_id = read_byte(io)
+            unless stream_id == DGC_ACK_MESSAGE
+              raise ::RuntimeError, 'Failed to decode DgcAck stream id'
+            end
+
+            stream_id
+          end
+
+          # Reads the unique identifier from the IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [String]
+          def decode_unique_identifier(io)
+            unique_identifier = read_string(io, 14)
+
+            unique_identifier
+          end
+
+          # Encodes the stream_id field
+          #
+          # @return [String]
+          def encode_stream_id
+            [stream_id].pack('C')
+          end
+
+          # Encodes the unique_identifier field
+          #
+          # @return [String]
+          def encode_unique_identifier
+            unique_identifier
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/rmi/model/element.rb

@@ -0,0 +1,143 @@
+# -*- coding: binary -*-
+
+module Rex
+  module Proto
+    module Rmi
+      module Model
+        class Element
+
+          include Rex::Proto::Rmi::Model
+
+          def self.attr_accessor(*vars)
+            @attributes ||= []
+            @attributes.concat vars
+            super(*vars)
+          end
+
+          # Retrieves the element class fields
+          #
+          # @return [Array]
+          def self.attributes
+            @attributes
+          end
+
+          # Creates a Rex::Proto::Rmi::Model::Element with data from the IO.
+          #
+          # @param io [IO] the IO to read data from
+          # @return [Rex::Proto::Rmi::Model::Element]
+          def self.decode(io)
+            elem = self.new
+            elem.decode(io)
+
+            elem
+          end
+
+          def initialize(options = {})
+            self.class.attributes.each do |attr|
+              if options.has_key?(attr)
+                m = (attr.to_s + '=').to_sym
+                self.send(m, options[attr])
+              end
+            end
+          end
+
+          # Retrieves the element instance fields
+          #
+          # @return [Array]
+          def attributes
+            self.class.attributes
+          end
+
+          # Decodes the Rex::Proto::Rmi::Model::Element from the input.
+          #
+          # @raise [NoMethodError]
+          # @return [Rex::Proto::Rmi::Model::Element]
+          def decode(io)
+            self.class.attributes.each do |attr|
+              dec_method = ("decode_#{attr}").to_sym
+              decoded = self.send(dec_method, io)
+              assign_method = (attr.to_s + '=').to_sym
+              self.send(assign_method, decoded)
+            end
+
+            self
+          end
+
+          # Encodes the Rex::Proto::Rmi::Model::Element into an String.
+          #
+          # @raise [NoMethodError]
+          # @return [String]
+          def encode
+            encoded = ''
+            self.class.attributes.each do |attr|
+              m = ("encode_#{attr}").to_sym
+              encoded << self.send(m) if self.send(attr)
+            end
+
+            encoded
+          end
+
+          private
+
+          # Reads a byte from an IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Fixnum]
+          # @raise [RuntimeError] if the byte can't be read from io
+          def read_byte(io)
+            raw = io.read(1)
+            raise ::RuntimeError, 'Failed to read byte' unless raw
+
+            raw.unpack('C')[0]
+          end
+
+          # Reads a two bytes short from an IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Fixnum]
+          # @raise [RuntimeError] if the short can't be read from io
+          def read_short(io)
+            raw = io.read(2)
+
+            unless raw && raw.length == 2
+              raise ::RuntimeError, 'Failed to read short'
+            end
+
+            raw.unpack('n')[0]
+          end
+
+          # Reads a four bytes int from an IO
+          #
+          # @param io [IO] the IO to read from
+          # @return [Fixnum]
+          # @raise [RuntimeError] if the int can't be read from io
+          def read_int(io)
+            raw = io.read(4)
+
+            unless raw && raw.length == 4
+              raise ::RuntimeError, 'Failed to read short'
+            end
+
+            raw.unpack('N')[0]
+          end
+
+          # Reads an string from an IO
+          #
+          # @param io [IO] the IO to read from
+          # @param length [Fixnum] the string length
+          # @return [String]
+          # @raise [RuntimeError] if the string can't be read from io
+          def read_string(io, length)
+            raw = io.read(length)
+
+            unless raw && raw.length == length
+              raise ::RuntimeError, 'Failed to read string'
+            end
+
+            raw
+          end
+        end
+      end
+    end
+  end
+end