RubyGems - rex - Versions diffs - 2.0.5 → 2.0.7 - Mend

rex 2.0.5 → 2.0.7

Files changed (98) hide show

checksums.yaml +4 -4
data/lib/rex/exploitation/egghunter.rb +4 -6
data/lib/rex/exploitation/powershell/psh_methods.rb +9 -0
data/lib/rex/java/serialization.rb +2 -1
data/lib/rex/java/serialization/builder.rb +94 -0
data/lib/rex/java/serialization/model.rb +29 -18
data/lib/rex/java/serialization/model/annotation.rb +2 -2
data/lib/rex/java/serialization/model/field.rb +2 -2
data/lib/rex/java/serialization/model/new_array.rb +8 -3
data/lib/rex/java/serialization/model/new_class_desc.rb +3 -3
data/lib/rex/java/serialization/model/new_enum.rb +4 -4
data/lib/rex/java/serialization/model/new_object.rb +17 -10
data/lib/rex/ole/direntry.rb +1 -1
data/lib/rex/ole/samples/create_ole.rb +0 -0
data/lib/rex/ole/samples/dir.rb +0 -0
data/lib/rex/ole/samples/dump_stream.rb +0 -0
data/lib/rex/ole/samples/ole_info.rb +0 -0
data/lib/rex/parser/foundstone_nokogiri.rb +1 -1
data/lib/rex/parser/fs/ntfs.rb +252 -0
data/lib/rex/parser/openvas_nokogiri.rb +2 -0
data/lib/rex/payloads/win32/kernel.rb +3 -3
data/lib/rex/post/meterpreter/client_core.rb +172 -64
data/lib/rex/post/meterpreter/extensions/priv/priv.rb +3 -2
data/lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb +12 -10
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/api_constants.rb +64 -37
data/lib/rex/post/meterpreter/extensions/stdapi/railgun/dll.rb +8 -2
data/lib/rex/post/meterpreter/extensions/stdapi/ui.rb +15 -3
data/lib/rex/post/meterpreter/packet.rb +41 -38
data/lib/rex/post/meterpreter/packet_dispatcher.rb +7 -1
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/core.rb +17 -4
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb +11 -4
data/lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/ui.rb +1 -1
data/lib/rex/proto.rb +2 -0
data/lib/rex/proto/acpp.rb +17 -0
data/lib/rex/proto/acpp/client.rb +29 -0
data/lib/rex/proto/acpp/message.rb +183 -0
data/lib/rex/proto/http/client.rb +1 -2
data/lib/rex/proto/iax2/call.rb +22 -3
data/lib/rex/proto/iax2/client.rb +1 -0
data/lib/rex/proto/kerberos.rb +13 -0
data/lib/rex/proto/kerberos/client.rb +213 -0
data/lib/rex/proto/kerberos/credential_cache.rb +19 -0
data/lib/rex/proto/kerberos/credential_cache/cache.rb +81 -0
data/lib/rex/proto/kerberos/credential_cache/credential.rb +151 -0
data/lib/rex/proto/kerberos/credential_cache/element.rb +49 -0
data/lib/rex/proto/kerberos/credential_cache/key_block.rb +62 -0
data/lib/rex/proto/kerberos/credential_cache/principal.rb +70 -0
data/lib/rex/proto/kerberos/credential_cache/time.rb +69 -0
data/lib/rex/proto/kerberos/crypto.rb +21 -0
data/lib/rex/proto/kerberos/crypto/rc4_hmac.rb +65 -0
data/lib/rex/proto/kerberos/crypto/rsa_md5.rb +15 -0
data/lib/rex/proto/kerberos/model.rb +133 -0
data/lib/rex/proto/kerberos/model/ap_req.rb +98 -0
data/lib/rex/proto/kerberos/model/authenticator.rb +143 -0
data/lib/rex/proto/kerberos/model/authorization_data.rb +85 -0
data/lib/rex/proto/kerberos/model/checksum.rb +59 -0
data/lib/rex/proto/kerberos/model/element.rb +67 -0
data/lib/rex/proto/kerberos/model/enc_kdc_response.rb +215 -0
data/lib/rex/proto/kerberos/model/encrypted_data.rb +171 -0
data/lib/rex/proto/kerberos/model/encryption_key.rb +106 -0
data/lib/rex/proto/kerberos/model/kdc_request.rb +166 -0
data/lib/rex/proto/kerberos/model/kdc_request_body.rb +315 -0
data/lib/rex/proto/kerberos/model/kdc_response.rb +141 -0
data/lib/rex/proto/kerberos/model/krb_error.rb +219 -0
data/lib/rex/proto/kerberos/model/last_request.rb +82 -0
data/lib/rex/proto/kerberos/model/pre_auth_data.rb +104 -0
data/lib/rex/proto/kerberos/model/pre_auth_enc_time_stamp.rb +126 -0
data/lib/rex/proto/kerberos/model/pre_auth_pac_request.rb +81 -0
data/lib/rex/proto/kerberos/model/principal_name.rb +116 -0
data/lib/rex/proto/kerberos/model/ticket.rb +151 -0
data/lib/rex/proto/kerberos/pac.rb +36 -0
data/lib/rex/proto/kerberos/pac/client_info.rb +53 -0
data/lib/rex/proto/kerberos/pac/element.rb +52 -0
data/lib/rex/proto/kerberos/pac/logon_info.rb +566 -0
data/lib/rex/proto/kerberos/pac/priv_svr_checksum.rb +29 -0
data/lib/rex/proto/kerberos/pac/server_checksum.rb +30 -0
data/lib/rex/proto/kerberos/pac/type.rb +121 -0
data/lib/rex/proto/rmi.rb +7 -0
data/lib/rex/proto/rmi/model.rb +31 -0
data/lib/rex/proto/rmi/model/call.rb +60 -0
data/lib/rex/proto/rmi/model/continuation.rb +76 -0
data/lib/rex/proto/rmi/model/dgc_ack.rb +62 -0
data/lib/rex/proto/rmi/model/element.rb +143 -0
data/lib/rex/proto/rmi/model/output_header.rb +86 -0
data/lib/rex/proto/rmi/model/ping.rb +41 -0
data/lib/rex/proto/rmi/model/ping_ack.rb +41 -0
data/lib/rex/proto/rmi/model/protocol_ack.rb +100 -0
data/lib/rex/proto/rmi/model/return_data.rb +60 -0
data/lib/rex/socket.rb +9 -1
data/lib/rex/socket/tcp_server.rb +3 -0
data/lib/rex/ui/text/dispatcher_shell.rb +4 -4
data/lib/rex/ui/text/output/tee.rb +2 -0
data/lib/rex/zip/samples/comment.rb +0 -0
data/lib/rex/zip/samples/mkwar.rb +0 -0
data/lib/rex/zip/samples/mkzip.rb +0 -0
data/lib/rex/zip/samples/recursive.rb +0 -0
data/rex.gemspec +1 -1
metadata +56 -2

data/lib/rex/proto/kerberos/credential_cache.rb ADDED

@@ -0,0 +1,19 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        VERSION = 0x0504
+        HEADER = "\x00\x08\xff\xff\xff\xff\x00\x00\x00\x00"
+      end
+    end
+  end
+end
+require 'rex/proto/kerberos/credential_cache/element'
+require 'rex/proto/kerberos/credential_cache/key_block'
+require 'rex/proto/kerberos/credential_cache/principal'
+require 'rex/proto/kerberos/credential_cache/time'
+require 'rex/proto/kerberos/credential_cache/credential'
+require 'rex/proto/kerberos/credential_cache/cache'

data/lib/rex/proto/kerberos/credential_cache/cache.rb ADDED

@@ -0,0 +1,81 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        # This class provides a representation of a Kerberos Credential Cache.
+        class Cache < Element
+          # @!attribute version
+          #   @return [Fixnum] The file format version
+          attr_accessor :version
+          # @!attribute headers
+          #   @return [Array<String>] The header tags
+          attr_accessor :headers
+          # @!attribute primary_principal
+          #   @return [Rex::Proto::Kerberos::CredentialCache::Principal] The principal cache's owner
+          attr_accessor :primary_principal
+          # @!attribute credentials
+          #   @return [Array<Rex::Proto::Kerberos::CredentialCache::Credential>] The primary principal credentials
+          attr_accessor :credentials
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::Cache into an String
+          #
+          # @return [String] encoded cache
+          def encode
+            encoded = ''
+            encoded << encode_version
+            encoded << encode_headers
+            encoded << encode_primary_principal
+            encoded << encode_credentials
+          end
+          private
+          # Encodes the version field
+          #
+          # @return [String]
+          def encode_version
+            [version].pack('n')
+          end
+          # Encodes the headers field
+          #
+          # @return [String]
+          def encode_headers
+            headers_encoded = ''
+            headers_encoded << [headers.length].pack('n')
+            headers.each do |h|
+              headers_encoded << h
+            end
+            encoded = ''
+            encoded << [headers_encoded.length].pack('n')
+            encoded << headers_encoded
+            encoded
+          end
+          # Encodes the primary_principal field
+          #
+          # @return [String]
+          def encode_primary_principal
+            primary_principal.encode
+          end
+          # Encodes the credentials field
+          #
+          # @return [String]
+          def encode_credentials
+            encoded = ''
+            credentials.each do |cred|
+              encoded << cred.encode
+            end
+            encoded
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/credential_cache/credential.rb ADDED

@@ -0,0 +1,151 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        # This class provides a representation of a Credential stored in the Kerberos Credential Cache.
+        class Credential < Element
+          # @!attribute client
+          #   @return [Rex::Proto::Kerberos::CredentialCache::Principal]
+          attr_accessor :client
+          # @!attribute server
+          #   @return [Rex::Proto::Kerberos::CredentialCache::Principal]
+          attr_accessor :server
+          # @!attribute key
+          #   @return [Rex::Proto::Kerberos::CredentialCache::KeyBlock]
+          attr_accessor :key
+          # @!attribute time
+          #   @return [Rex::Proto::Kerberos::CredentialCache::Time]
+          attr_accessor :time
+          # @!attribute is_skey
+          #   @return [Fixnum]
+          attr_accessor :is_skey
+          # @!attribute tkt_flags
+          #   @return [Fixnum]
+          attr_accessor :tkt_flags
+          # @!attribute addrs
+          #   @return [Array]
+          attr_accessor :addrs
+          # @!attribute auth_data
+          #   @return [Array]
+          attr_accessor :auth_data
+          # @!attribute ticket
+          #   @return [String]
+          attr_accessor :ticket
+          # @!attribute second_ticket
+          #   @return [String]
+          attr_accessor :second_ticket
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::Credential into an String
+          #
+          # @return [String] encoded credential
+          def encode
+            encoded = ''
+            encoded << encode_client
+            encoded << encode_server
+            encoded << encode_key
+            encoded << encode_time
+            encoded << encode_is_skey
+            encoded << encode_tkt_flags
+            encoded << encode_addrs
+            encoded << encode_auth_data
+            encoded << encode_ticket
+            encoded << encode_second_ticket
+          end
+          private
+          # Encodes the client field
+          #
+          # @return [String]
+          def encode_client
+            client.encode
+          end
+          # Encodes the server field
+          #
+          # @return [String]
+          def encode_server
+            server.encode
+          end
+          # Encodes the key field
+          #
+          # @return [String]
+          def encode_key
+            key.encode
+          end
+          # Encodes the time field
+          #
+          # @return [String]
+          def encode_time
+            time.encode
+          end
+          # Encodes the is_skey field
+          #
+          # @return [String]
+          def encode_is_skey
+            [is_skey].pack('C')
+          end
+          # Encodes the tkt_flags field
+          #
+          # @return [String]
+          def encode_tkt_flags
+            [tkt_flags].pack('N')
+          end
+          # Encodes the addrs field
+          #
+          # @return [String]
+          # @raise [NotImplementedError] if there are addresses to encode
+          def encode_addrs
+            encoded = ''
+            if addrs.length > 0
+              raise ::NotImplementedError, 'CredentialCache: Credential addresses encoding not supported'
+            end
+            encoded << [addrs.length].pack('N')
+            encoded
+          end
+          # Encodes the auth_data field
+          #
+          # @return [String]
+          def encode_auth_data
+            encoded = ''
+            if auth_data.length > 0
+              raise ::RuntimeError, 'CredentialCache: Credential auth_data encoding not supported'
+            end
+            encoded << [auth_data.length].pack('N')
+            encoded
+          end
+          # Encodes the ticket field
+          #
+          # @return [String]
+          def encode_ticket
+            encoded = ''
+            encoded << [ticket.length].pack('N')
+            encoded << ticket
+            encoded
+          end
+          # Encodes the second_ticket field
+          #
+          # @return [String]
+          def encode_second_ticket
+            encoded = ''
+            encoded << [second_ticket.length].pack('N')
+            encoded << second_ticket
+            encoded
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/credential_cache/element.rb ADDED

@@ -0,0 +1,49 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        class Element
+          def self.attr_accessor(*vars)
+            @attributes ||= []
+            @attributes.concat vars
+            super(*vars)
+          end
+          # Retrieves the element class fields
+          #
+          # @return [Array]
+          def self.attributes
+            @attributes
+          end
+          def initialize(options = {})
+            self.class.attributes.each do |attr|
+              if options.has_key?(attr)
+                m = (attr.to_s + '=').to_sym
+                self.send(m, options[attr])
+              end
+            end
+          end
+          # Retrieves the element instance fields
+          #
+          # @return [Array]
+          def attributes
+            self.class.attributes
+          end
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::Element into an String. This
+          # method has been designed to be overridden by subclasses.
+          #
+          # @raise [NoMethodError]
+          def encode
+            raise ::NoMethodError, 'Method designed to be overridden'
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/credential_cache/key_block.rb ADDED

@@ -0,0 +1,62 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        # This class provides a representation of a credential keys stored in the Kerberos Credential Cache.
+        class KeyBlock < Element
+          # @!attribute key_type
+          #   @return [Fixnum]
+          attr_accessor :key_type
+          # @!attribute e_type
+          #   @return [Fixnum]
+          attr_accessor :e_type
+          # @!attribute key_value
+          #   @return [String]
+          attr_accessor :key_value
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::KeyBlock into an String
+          #
+          # @return [String] encoded key
+          def encode
+            encoded = ''
+            encoded << encode_key_type
+            encoded << encode_e_type
+            encoded << encode_key_value
+            encoded
+          end
+          private
+          # Encodes the key_type field
+          #
+          # @return [String]
+          def encode_key_type
+            [key_type].pack('n')
+          end
+          # Encodes the e_type field
+          #
+          # @return [String]
+          def encode_e_type
+            [e_type].pack('n')
+          end
+          # Encodes the key_value field
+          #
+          # @return [String]
+          def encode_key_value
+            encoded = ''
+            encoded << [key_value.length].pack('n')
+            encoded << key_value
+            encoded
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/credential_cache/principal.rb ADDED

@@ -0,0 +1,70 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        # This class provides a representation of a Principal stored in the Kerberos Credential Cache.
+        class Principal < Element
+          # @!attribute name_type
+          #   @return [Fixnum]
+          attr_accessor :name_type
+          # @!attribute realm
+          #   @return [String]
+          attr_accessor :realm
+          # @!attribute components
+          #   @return [Array<String>]
+          attr_accessor :components
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::Principal into an String
+          #
+          # @return [String] encoded principal
+          def encode
+            encoded = ''
+            encoded << encode_name_type
+            encoded << [components.length].pack('N')
+            encoded << encode_realm
+            encoded << encode_components
+            encoded
+          end
+          private
+          # Encodes the name_type field
+          #
+          # @return [String]
+          def encode_name_type
+            [name_type].pack('N')
+          end
+          # Encodes the realm field
+          #
+          # @return [String]
+          def encode_realm
+            encoded = ''
+            encoded << [realm.length].pack('N')
+            encoded << realm
+            encoded
+          end
+          # Encodes the components field
+          #
+          # @return [String]
+          def encode_components
+            encoded = ''
+            components.each do |c|
+              encoded << [c.length].pack('N')
+              encoded << c
+            end
+            encoded
+          end
+        end
+      end
+    end
+  end
+end

data/lib/rex/proto/kerberos/credential_cache/time.rb ADDED

@@ -0,0 +1,69 @@
+# -*- coding: binary -*-
+module Rex
+  module Proto
+    module Kerberos
+      module CredentialCache
+        # This class provides a representation of credential times stored in the Kerberos Credential Cache.
+        class Time < Element
+          # @!attribute auth_time
+          #   @return [Fixnum]
+          attr_accessor :auth_time
+          # @!attribute start_time
+          #   @return [Fixnum]
+          attr_accessor :start_time
+          # @!attribute end_time
+          #   @return [Fixnum]
+          attr_accessor :end_time
+          # @!attribute renew_till
+          #   @return [Fixnum]
+          attr_accessor :renew_till
+          # Encodes the Rex::Proto::Kerberos::CredentialCache::Time into an String
+          #
+          # @return [String] encoded time
+          def encode
+            encoded = ''
+            encoded << encode_auth_time
+            encoded << encode_start_time
+            encoded << encode_end_time
+            encoded << encode_renew_time
+            encoded
+          end
+          private
+          # Encodes the auth_time field
+          #
+          # @return [String]
+          def encode_auth_time
+            [auth_time].pack('N')
+          end
+          # Encodes the start_time field
+          #
+          # @return [String]
+          def encode_start_time
+            [start_time].pack('N')
+          end
+          # Encodes the end_time field
+          #
+          # @return [String]
+          def encode_end_time
+            [end_time].pack('N')
+          end
+          # Encodes the renew_time field
+          #
+          # @return [String]
+          def encode_renew_time
+            [renew_till].pack('N')
+          end
+        end
+      end
+    end
+  end
+end