rex 2.0.8 → 2.0.9

data/lib/rex/proto/tftp/client.rb

@@ -295,6 +295,7 @@ class Client
     end
     sent_data = 0
     sent_blocks = 0
+    send_retries = 0
     expected_blocks = data_blocks.size
     expected_size = data_blocks.join.size
     if block_given?
@@ -302,24 +303,43 @@ class Client
       yield "Sending #{expected_size} bytes (#{expected_blocks} blocks)"
     end
     data_blocks.each_with_index do |data_block,idx|
-      req = [OpData, (idx + 1), data_block].pack("nnA*")
-      if self.server_sock.sendto(req, host, port) > 0
-        sent_data += data_block.size
-      end
-      res = self.server_sock.recvfrom(65535)
-      if res
-        code, type, msg = parse_tftp_response(res[0])
-        if code == 4
-          sent_blocks += 1
-          yield "Sent #{data_block.size} bytes in block #{sent_blocks}" if block_given?
-        else
-          if block_given?
-            yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
+      loop do
+        req = [OpData, (idx + 1), data_block].pack("nnA*")
+        if self.server_sock.sendto(req, host, port) <= 0
+          send_retries += 1
+          if send_retries > 100
+            break
+          else
+            next
+          end
+        end
+        send_retries = 0
+        res = self.server_sock.recvfrom(65535)
+        if res
+          code, type, msg = parse_tftp_response(res[0])
+          if code == 4
+            if type == idx + 1
+              sent_blocks += 1
+              sent_data += data_block.size
+              yield "Sent #{data_block.size} bytes in block #{idx+1}" if block_given?
+              break
+            else
+              next
+            end
+          else
+            if block_given?
+              yield "Got an unexpected response: Code:%d, Type:%d, Message:'%s'. Aborting." % [code, type, msg]
+            end
+            break
           end
-          break
         end
       end
     end
+
+    if send_retries > 100
+      yield "Too many send retries, aborted"
+    end
+
     if block_given?
       if(sent_data == expected_size)
         yield("Transferred #{sent_data} bytes in #{sent_blocks} blocks, upload complete!")
@@ -327,6 +347,7 @@ class Client
         yield "Upload complete, but with errors."
       end
     end
+
     if sent_data == expected_size
     self.status = {:success => [
         self.local_file,

data/lib/rex/random_identifier_generator.rb

@@ -1,5 +1,7 @@
 # -*- coding: binary -*-
 
+require 'rex/text'
+
 # A quick way to produce unique random strings that follow the rules of
 # identifiers, i.e., begin with a letter and contain only alphanumeric
 # characters and underscore.

data/lib/rex/ropbuilder.rb

@@ -3,6 +3,6 @@ module Rex
 module RopBuilder
 
 require 'rex/ropbuilder/rop'
-require 'metasm/metasm'
+require 'metasm'
 end
 end

data/lib/rex/socket/parameters.rb

@@ -56,6 +56,7 @@ class Rex::Socket::Parameters
   # @option hash [Bool] 'Bool' Create a bare socket
   # @option hash [Bool] 'Server' Whether or not this should be a server
   # @option hash [Bool] 'SSL' Whether or not SSL should be used
+  # @option hash [OpenSSL::SSL::SSLContext] 'SSLContext' Use a pregenerated SSL Context
   # @option hash [String] 'SSLVersion' Specify Auto, SSL2, SSL3, or TLS1 (Auto is
   #   default)
   # @option hash [String] 'SSLCert' A file containing an SSL certificate (for
@@ -117,6 +118,10 @@ class Rex::Socket::Parameters
       self.ssl = false
     end
 
+    if hash['SSLContext']
+      self.sslctx = hash['SSLContext']
+    end
+
     supported_ssl_versions = ['Auto', 'SSL2', 'SSL23', 'TLS1', 'SSL3', :Auto, :SSLv2, :SSLv3, :SSLv23, :TLSv1]
     if (hash['SSLVersion'] and supported_ssl_versions.include? hash['SSLVersion'])
       self.ssl_version = hash['SSLVersion']
@@ -324,6 +329,10 @@ class Rex::Socket::Parameters
   # @return [Bool]
   attr_accessor :ssl
 
+  # Pre configured SSL Context to use
+  # @return [OpenSSL::SSL::SSLContext]
+  attr_accessor :sslctx
+
   # What version of SSL to use (Auto, SSL2, SSL3, SSL23, TLS1)
   # @return [String,Symbol]
   attr_accessor :ssl_version

data/lib/rex/socket/ssl_tcp.rb

@@ -56,52 +56,39 @@ begin
   def initsock(params = nil)
     super
 
-    # The autonegotiation preference for SSL/TLS versions
-    versions = [:TLSv1, :SSLv3, :SSLv23, :SSLv2]
+    # Default to SSLv23 (automatically negotiate)
+    version = :SSLv23
 
-    # Limit this to a specific SSL/TLS version if specified
+    # Let the caller specify a particular SSL/TLS version
     if params
       case params.ssl_version
       when 'SSL2', :SSLv2
-        versions = [:SSLv2]
-      when 'SSL23', :SSLv23
-        versions = [:SSLv23]
+        version = :SSLv2
+      # 'TLS' will be the new name for autonegotation with newer versions of OpenSSL
+      when 'SSL23', :SSLv23, 'TLS'
+        version = :SSLv23
       when 'SSL3', :SSLv3
-        versions = [:SSLv3]
-      when 'TLS1', :TLSv1
-        versions = [:TLSv1]
-      else
-        # Leave the version list as-is (Auto)
+        version = :SSLv3
+      when 'TLS1','TLS1.0', :TLSv1
+        version = :TLSv1
+      when 'TLS1.1', :TLSv1_1
+        version = :TLSv1_1
+      when 'TLS1.2', :TLSv1_2
+        version = :TLSv1_2
       end
     end
 
-    # Limit our versions to those supported by the linked OpenSSL library
-    versions = versions.select {|v| OpenSSL::SSL::SSLContext::METHODS.include? v }
-
     # Raise an error if no selected versions are supported
-    if versions.length == 0
+    if ! OpenSSL::SSL::SSLContext::METHODS.include? version
       raise ArgumentError, 'The system OpenSSL does not support the requested SSL/TLS version'
     end
 
-    last_error = nil
-
-    # Iterate through SSL/TLS versions until we successfully negotiate
-    versions.each do |version|
-      begin
-        # Try intializing the socket with this SSL/TLS version
-        # This will throw an exception if it fails
-        initsock_with_ssl_version(params, version)
-
-        # Success! Record what method was used and return
-        self.ssl_negotiated_version = version
-        return
-      rescue OpenSSL::SSL::SSLError => e
-        last_error = e
-      end
-    end
+    # Try intializing the socket with this SSL/TLS version
+    # This will throw an exception if it fails
+    initsock_with_ssl_version(params, version)
 
-    # No SSL/TLS versions succeeded, raise the last error
-    raise last_error
+    # Track the SSL version
+    self.ssl_negotiated_version = version
   end
 
   def initsock_with_ssl_version(params, version)
@@ -137,9 +124,6 @@ begin
     # Tie the context to a socket
     self.sslsock = OpenSSL::SSL::SSLSocket.new(self, self.sslctx)
 
-    # XXX - enabling this causes infinite recursion, so disable for now
-    # self.sslsock.sync_close = true
-
     # Force a negotiation timeout
     begin
     Timeout.timeout(params.timeout) do
@@ -366,7 +350,11 @@ begin
 
   attr_reader :peer_verified # :nodoc:
   attr_reader :ssl_negotiated_version # :nodoc:
-  attr_accessor :sslsock, :sslctx # :nodoc:
+  attr_accessor :sslsock, :sslctx, :sslhash # :nodoc:
+
+  def type?
+    return 'tcp-ssl'
+  end
 
 protected
 
@@ -377,9 +365,5 @@ protected
 rescue LoadError
 end
 
-  def type?
-    return 'tcp-ssl'
-  end
-
 end
 

data/lib/rex/socket/ssl_tcp_server.rb

@@ -2,6 +2,7 @@
 require 'rex/socket'
 require 'rex/socket/tcp_server'
 require 'rex/io/stream_server'
+require 'rex/parser/x509_certificate'
 
 ###
 #
@@ -47,8 +48,14 @@ module Rex::Socket::SslTcpServer
   end
 
   def initsock(params = nil)
-    raise RuntimeError, "No OpenSSL support" if not @@loaded_openssl
-    self.sslctx  = makessl(params)
+    raise RuntimeError, 'No OpenSSL support' unless @@loaded_openssl
+
+    if params && params.sslctx && params.sslctx.kind_of?(OpenSSL::SSL::SSLContext)
+      self.sslctx = params.sslctx
+    else
+      self.sslctx  = makessl(params)
+    end
+
     super
   end
 
@@ -108,25 +115,7 @@ module Rex::Socket::SslTcpServer
   # @param [String] ssl_cert
   # @return [String, String, Array]
   def self.ssl_parse_pem(ssl_cert)
-    cert  = nil
-    key   = nil
-    chain = nil
-
-    certs = []
-    ssl_cert.scan(/-----BEGIN\s*[^\-]+-----+\r?\n[^\-]*-----END\s*[^\-]+-----\r?\n?/nm).each do |pem|
-      if pem =~ /PRIVATE KEY/
-        key = OpenSSL::PKey::RSA.new(pem)
-      elsif pem =~ /CERTIFICATE/
-        certs << OpenSSL::X509::Certificate.new(pem)
-      end
-    end
-
-    cert = certs.shift
-    if certs.length > 0
-      chain = certs
-    end
-
-    [key, cert, chain]
+    Rex::Parser::X509Certificate.parse_pem(ssl_cert)
   end
 
   #

data/lib/rex/sslscan/result.rb

@@ -15,6 +15,24 @@ class Result
     @cert = nil
     @ciphers = Set.new
     @supported_versions = [:SSLv2, :SSLv3, :TLSv1]
+    @deprecated_weak_ciphers = [
+      'ECDHE-RSA-DES-CBC3-SHA',
+      'ECDHE-ECDSA-DES-CBC3-SHA',
+      'SRP-DSS-3DES-EDE-CBC-SHA',
+      'SRP-RSA-3DES-EDE-CBC-SHA',
+      'SRP-3DES-EDE-CBC-SHA',
+      'EDH-RSA-DES-CBC3-SHA',
+      'EDH-DSS-DES-CBC3-SHA',
+      'ECDH-RSA-DES-CBC3-SHA',
+      'ECDH-ECDSA-DES-CBC3-SHA',
+      'DES-CBC3-SHA',
+      'PSK-3DES-EDE-CBC-SHA',
+      'EXP-EDH-RSA-DES-CBC-SHA',
+      'EXP-EDH-DSS-DES-CBC-SHA',
+      'EXP-DES-CBC-SHA',
+      'EXP-RC2-CBC-MD5',
+      'EXP-RC4-MD5'
+    ]
   end
 
   def cert
@@ -113,7 +131,8 @@ class Result
     unless @supported_versions.include? version
       raise ArgumentError, "Must be a supported SSL Version"
     end
-    unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include? cipher
+    unless OpenSSL::SSL::SSLContext.new(version).ciphers.flatten.include?(cipher) \
+        || @deprecated_weak_ciphers.include?(cipher)
       raise ArgumentError, "Must be a valid SSL Cipher for #{version}!"
     end
     unless key_length.kind_of? Fixnum

data/lib/rex/text.rb

@@ -3,18 +3,8 @@ require 'digest/md5'
 require 'digest/sha1'
 require 'stringio'
 require 'cgi'
-require 'rex/exploitation/powershell'
-
-%W{ iconv zlib }.each do |libname|
-  begin
-    old_verbose = $VERBOSE
-    $VERBOSE = nil
-    require libname
-  rescue ::LoadError
-  ensure
-    $VERBOSE = old_verbose
-  end
-end
+require 'rex/powershell'
+require 'zlib'
 
 module Rex
 
@@ -42,8 +32,10 @@ module Text
   UpperAlpha   = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
   LowerAlpha   = "abcdefghijklmnopqrstuvwxyz"
   Numerals     = "0123456789"
-  Base32	     = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
-  Alpha	     = UpperAlpha + LowerAlpha
+  Base32       = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
+  Base64       = UpperAlpha + LowerAlpha + Numerals + '+/'
+  Base64Url    = UpperAlpha + LowerAlpha + Numerals + '-_'
+  Alpha        = UpperAlpha + LowerAlpha
   AlphaNumeric = Alpha + Numerals
   HighAscii    = [*(0x80 .. 0xff)].pack("C*")
   LowAscii     = [*(0x00 .. 0x1f)].pack("C*")
@@ -53,7 +45,95 @@ module Text
 
   DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ]
 
-  # In case Iconv isn't loaded
+  # The Iconv translation table for IBM's mainframe / System Z
+  # (z/os, s390, mvs, etc) - This is a different implementation
+  # of EBCDIC than the Iconv_EBCDIC below.
+  # It is technically referred to as Code Page IBM1047.
+  # This will be net new (until Ruby supports 1047 code page)
+  # for all Mainframe / SystemZ based modules
+  # that need to convert ASCII to EBCDIC
+  #
+  # The bytes are indexed by ASCII conversion number
+  # e.g.  Iconv_IBM1047[0x41] == \xc1 for letter "A"
+  #
+  # Note the characters CANNOT be assumed to be in any logical
+  # order. Nor are the tables reversible.  Lookups must be for each byte
+  # https://gist.github.com/bigendiansmalls/b08483ecedff52cc8fa3
+  #
+  Iconv_IBM1047 = [
+    "\x00","\x01","\x02","\x03","\x37","\x2d","\x2e","\x2f",
+    "\x16","\x05","\x15","\x0b","\x0c","\x0d","\x0e","\x0f","\x10",
+    "\x11","\x12","\x13","\x3c","\x3d","\x32","\x26","\x18","\x19",
+    "\x3f","\x27","\x1c","\x1d","\x1e","\x1f","\x40","\x5a","\x7f",
+    "\x7b","\x5b","\x6c","\x50","\x7d","\x4d","\x5d","\x5c","\x4e",
+    "\x6b","\x60","\x4b","\x61","\xf0","\xf1","\xf2","\xf3","\xf4",
+    "\xf5","\xf6","\xf7","\xf8","\xf9","\x7a","\x5e","\x4c","\x7e",
+    "\x6e","\x6f","\x7c","\xc1","\xc2","\xc3","\xc4","\xc5","\xc6",
+    "\xc7","\xc8","\xc9","\xd1","\xd2","\xd3","\xd4","\xd5","\xd6",
+    "\xd7","\xd8","\xd9","\xe2","\xe3","\xe4","\xe5","\xe6","\xe7",
+    "\xe8","\xe9","\xad","\xe0","\xbd","\x5f","\x6d","\x79","\x81",
+    "\x82","\x83","\x84","\x85","\x86","\x87","\x88","\x89","\x91",
+    "\x92","\x93","\x94","\x95","\x96","\x97","\x98","\x99","\xa2",
+    "\xa3","\xa4","\xa5","\xa6","\xa7","\xa8","\xa9","\xc0","\x4f",
+    "\xd0","\xa1","\x07","\x20","\x21","\x22","\x23","\x24","\x25",
+    "\x06","\x17","\x28","\x29","\x2a","\x2b","\x2c","\x09","\x0a",
+    "\x1b","\x30","\x31","\x1a","\x33","\x34","\x35","\x36","\x08",
+    "\x38","\x39","\x3a","\x3b","\x04","\x14","\x3e","\xff","\x41",
+    "\xaa","\x4a","\xb1","\x9f","\xb2","\x6a","\xb5","\xbb","\xb4",
+    "\x9a","\x8a","\xb0","\xca","\xaf","\xbc","\x90","\x8f","\xea",
+    "\xfa","\xbe","\xa0","\xb6","\xb3","\x9d","\xda","\x9b","\x8b",
+    "\xb7","\xb8","\xb9","\xab","\x64","\x65","\x62","\x66","\x63",
+    "\x67","\x9e","\x68","\x74","\x71","\x72","\x73","\x78","\x75",
+    "\x76","\x77","\xac","\x69","\xed","\xee","\xeb","\xef","\xec",
+    "\xbf","\x80","\xfd","\xfe","\xfb","\xfc","\xba","\xae","\x59",
+    "\x44","\x45","\x42","\x46","\x43","\x47","\x9c","\x48","\x54",
+    "\x51","\x52","\x53","\x58","\x55","\x56","\x57","\x8c","\x49",
+    "\xcd","\xce","\xcb","\xcf","\xcc","\xe1","\x70","\xdd","\xde",
+    "\xdb","\xdc","\x8d","\x8e","\xdf"
+  ]
+
+  #
+  # This is the reverse of the above, converts EBCDIC -> ASCII
+  # The bytes are indexed by IBM1047(EBCDIC) conversion number
+  # e.g. Iconv_ISO8859_1[0xc1] = \x41 for letter "A"
+  #
+  # Note the characters CANNOT be assumed to be in any logical (e.g. sequential)
+  # order. Nor are the tables reversible.  Lookups must be done byte by byte
+  #
+  Iconv_ISO8859_1 = [
+    "\x00","\x01","\x02","\x03","\x9c","\x09","\x86","\x7f",
+    "\x97","\x8d","\x8e","\x0b","\x0c","\x0d","\x0e","\x0f","\x10",
+    "\x11","\x12","\x13","\x9d","\x0a","\x08","\x87","\x18","\x19",
+    "\x92","\x8f","\x1c","\x1d","\x1e","\x1f","\x80","\x81","\x82",
+    "\x83","\x84","\x85","\x17","\x1b","\x88","\x89","\x8a","\x8b",
+    "\x8c","\x05","\x06","\x07","\x90","\x91","\x16","\x93","\x94",
+    "\x95","\x96","\x04","\x98","\x99","\x9a","\x9b","\x14","\x15",
+    "\x9e","\x1a","\x20","\xa0","\xe2","\xe4","\xe0","\xe1","\xe3",
+    "\xe5","\xe7","\xf1","\xa2","\x2e","\x3c","\x28","\x2b","\x7c",
+    "\x26","\xe9","\xea","\xeb","\xe8","\xed","\xee","\xef","\xec",
+    "\xdf","\x21","\x24","\x2a","\x29","\x3b","\x5e","\x2d","\x2f",
+    "\xc2","\xc4","\xc0","\xc1","\xc3","\xc5","\xc7","\xd1","\xa6",
+    "\x2c","\x25","\x5f","\x3e","\x3f","\xf8","\xc9","\xca","\xcb",
+    "\xc8","\xcd","\xce","\xcf","\xcc","\x60","\x3a","\x23","\x40",
+    "\x27","\x3d","\x22","\xd8","\x61","\x62","\x63","\x64","\x65",
+    "\x66","\x67","\x68","\x69","\xab","\xbb","\xf0","\xfd","\xfe",
+    "\xb1","\xb0","\x6a","\x6b","\x6c","\x6d","\x6e","\x6f","\x70",
+    "\x71","\x72","\xaa","\xba","\xe6","\xb8","\xc6","\xa4","\xb5",
+    "\x7e","\x73","\x74","\x75","\x76","\x77","\x78","\x79","\x7a",
+    "\xa1","\xbf","\xd0","\x5b","\xde","\xae","\xac","\xa3","\xa5",
+    "\xb7","\xa9","\xa7","\xb6","\xbc","\xbd","\xbe","\xdd","\xa8",
+    "\xaf","\x5d","\xb4","\xd7","\x7b","\x41","\x42","\x43","\x44",
+    "\x45","\x46","\x47","\x48","\x49","\xad","\xf4","\xf6","\xf2",
+    "\xf3","\xf5","\x7d","\x4a","\x4b","\x4c","\x4d","\x4e","\x4f",
+    "\x50","\x51","\x52","\xb9","\xfb","\xfc","\xf9","\xfa","\xff",
+    "\x5c","\xf7","\x53","\x54","\x55","\x56","\x57","\x58","\x59",
+    "\x5a","\xb2","\xd4","\xd6","\xd2","\xd3","\xd5","\x30","\x31",
+    "\x32","\x33","\x34","\x35","\x36","\x37","\x38","\x39","\xb3",
+    "\xdb","\xdc","\xd9","\xda","\x9f"
+  ]
+
+  # The Iconv translation table. The Iconv gem is deprecated in favor of
+  # String#encode, yet there is no encoding for EBCDIC. See #4525
   Iconv_EBCDIC = [
     "\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05",
     "%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13",
@@ -306,7 +386,7 @@ module Text
   # Converts a raw string to a powershell byte array
   #
   def self.to_powershell(str, name = "buf")
-    return Rex::Exploitation::Powershell::Script.to_byte_array(str, name)
+    return Rex::Powershell::Script.to_byte_array(str, name)
   end
 
   #
@@ -372,31 +452,26 @@ module Text
     return str
   end
 
+  # Converts US-ASCII to UTF-8, skipping over any characters which don't
+  # convert cleanly. This is a convenience method that wraps
+  # String#encode with non-raising default paramaters.
   #
-  # Converts ISO-8859-1 to UTF-8
-  #
+  # @param str [String] An encodable ASCII string
+  # @return [String] a UTF-8 equivalent
+  # @note This method will discard invalid characters
   def self.to_utf8(str)
-
-    if str.respond_to?(:encode)
-      # Skip over any bytes that fail to convert to UTF-8
-      return str.encode('utf-8', { :invalid => :replace, :undef => :replace, :replace => '' })
-    end
-
-    begin
-      Iconv.iconv("utf-8","iso-8859-1", str).join(" ")
-    rescue
-      raise ::RuntimeError, "Your installation does not support iconv (needed for utf8 conversion)"
-    end
+      str.encode('utf-8', { :invalid => :replace, :undef => :replace, :replace => '' })
   end
 
-  #
-  # Converts ASCII to EBCDIC
-  #
   class IllegalSequence < ArgumentError; end
 
-  # A native implementation of the ASCII->EBCDIC table, used to fall back from using
-  # Iconv
-  def self.to_ebcdic_rex(str)
+  # A native implementation of the ASCII to EBCDIC conversion table, since
+  # EBCDIC isn't available to String#encode as of Ruby 2.1
+  #
+  # @param str [String] An encodable ASCII string
+  # @return [String] an EBCDIC encoded string
+  # @note This method will raise in the event of invalid characters
+  def self.to_ebcdic(str)
     new_str = []
     str.each_byte do |x|
       if Iconv_ASCII.index(x.chr)
@@ -408,9 +483,13 @@ module Text
     new_str.join
   end
 
-  # A native implementation of the EBCDIC->ASCII table, used to fall back from using
-  # Iconv
-  def self.from_ebcdic_rex(str)
+  # A native implementation of the EBCDIC to ASCII conversion table, since
+  # EBCDIC isn't available to String#encode as of Ruby 2.1
+  #
+  # @param str [String] an EBCDIC encoded string
+  # @return [String] An encodable ASCII string
+  # @note This method will raise in the event of invalid characters
+  def self.from_ebcdic(str)
     new_str = []
     str.each_byte do |x|
       if Iconv_EBCDIC.index(x.chr)
@@ -422,27 +501,37 @@ module Text
     new_str.join
   end
 
-  def self.to_ebcdic(str)
-    begin
-      Iconv.iconv("EBCDIC-US", "ASCII", str).first
-    rescue ::Iconv::IllegalSequence => e
-      raise e
-    rescue
-      self.to_ebcdic_rex(str)
+  #
+  # The next two are the same as the above, except strictly for z/os
+  # conversions
+  #  strictly for IBM1047 -> ISO8859-1
+  # A native implementation of the IBM1047(EBCDIC) -> ISO8859-1(ASCII)
+  # conversion table, since EBCDIC isn't available to String#encode as of Ruby 2.1
+  # all 256 bytes are defined
+  #
+  def self.to_ibm1047(str)
+    return str if str.nil?
+    new_str = []
+    str.each_byte do |x|
+        new_str << Iconv_IBM1047[x.ord]
     end
+    new_str.join
   end
 
   #
-  # Converts EBCIDC to ASCII
+  # The next two are the same as the above, except strictly for z/os
+  # conversions
+  #  strictly for ISO8859-1 -> IBM1047
+  # A native implementation of the ISO8859-1(ASCII) -> IBM1047(EBCDIC)
+  # conversion table, since EBCDIC isn't available to String#encode as of Ruby 2.1
   #
-  def self.from_ebcdic(str)
-    begin
-      Iconv.iconv("ASCII", "EBCDIC-US", str).first
-    rescue ::Iconv::IllegalSequence => e
-      raise e
-    rescue
-      self.from_ebcdic_rex(str)
+  def self.from_ibm1047(str)
+    return str if str.nil?
+    new_str = []
+    str.each_byte do |x|
+      new_str << Iconv_ISO8859_1[x.ord]
     end
+    new_str.join
   end
 
   #
@@ -1037,6 +1126,56 @@ module Text
     return output
   end
 
+  #
+  # Converts a string to one similar to what would be used by cowsay(1), a UNIX utility for
+  # displaying text as if it was coming from an ASCII-cow's mouth:
+  #
+  #       __________________
+  #      < the cow says moo >
+  #       ------------------
+  #              \   ^__^
+  #               \  (oo)\_______
+  #                  (__)\       )\/\
+  #                      ||----w |
+  #                      ||     ||
+  #
+  # @param text [String] The string to cowsay
+  # @param width [Fixnum] Width of the cow's cloud.  Default's to cowsay(1)'s default, 39.
+  def self.cowsay(text, width=39)
+    # cowsay(1) chunks a message up into 39-byte chunks and wraps it in '| ' and ' |'
+    # Rex::Text.wordwrap(text, 0, 39, ' |', '| ') almost does this, but won't
+    # split a word that has > 39 characters in it which results in oddly formed
+    # text in the cowsay banner, so just do it by hand.  This big mess wraps
+    # the provided text in an ASCII-cloud and then makes it look like the cloud
+    # is a thought/word coming from the ASCII-cow.  Each line in the
+    # ASCII-cloud is no more than the specified number-characters long, and the
+    # cloud corners are made to look rounded
+    text_lines = text.scan(Regexp.new(".{1,#{width-4}}"))
+    max_length = text_lines.map(&:size).sort.last
+    cloud_parts = []
+    cloud_parts << " #{'_' * (max_length + 2)}"
+    if text_lines.size == 1
+      cloud_parts << "< #{text} >"
+    else
+      cloud_parts << "/ #{text_lines.first.ljust(max_length, ' ')} \\"
+      if text_lines.size > 2
+        text_lines[1, text_lines.length - 2].each do |line|
+          cloud_parts << "| #{line.ljust(max_length, ' ')} |"
+        end
+      end
+      cloud_parts << "\\ #{text_lines.last.ljust(max_length, ' ')} /"
+    end
+    cloud_parts << " #{'-' * (max_length + 2)}"
+    cloud_parts << <<EOS
+       \\   ,__,
+        \\  (oo)____
+           (__)    )\\
+              ||--|| *
+EOS
+    cloud_parts.join("\n")
+  end
+
+
   ##
   #
   # Transforms
@@ -1134,6 +1273,24 @@ module Text
     str.to_s.unpack("m")[0]
   end
 
+  #
+  # Base64 encoder (URL-safe RFC6920)
+  #
+  def self.encode_base64url(str, delim='')
+    encode_base64(str, delim).
+      tr('+/', '-_').
+      gsub('=', '')
+  end
+
+  #
+  # Base64 decoder (URL-safe RFC6920, ignores invalid characters)
+  #
+  def self.decode_base64url(str)
+    decode_base64(
+      str.gsub(/[^a-zA-Z0-9_\-]/, '').
+      tr('-_', '+/'))
+  end
+
   #
   # Raw MD5 digest of the supplied string
   #
@@ -1274,6 +1431,18 @@ module Text
     rand_base(len, bad, *foo )
   end
 
+  # Generate random bytes of base64 data
+  def self.rand_text_base64(len, bad='')
+    foo = Base64.unpack('C*').map{ |c| c.chr }
+    rand_base(len, bad, *foo )
+  end
+
+  # Generate random bytes of base64url data
+  def self.rand_text_base64url(len, bad='')
+    foo = Base64Url.unpack('C*').map{ |c| c.chr }
+    rand_base(len, bad, *foo )
+  end
+
   # Generate a random GUID
   #
   # @example
@@ -1523,7 +1692,10 @@ module Text
   # @param data [#delete]
   # @param badchars [String] A list of characters considered to be bad
   def self.remove_badchars(data, badchars = '')
-    data.delete(badchars)
+    return data if badchars.length == 0
+    badchars_pat = badchars.unpack("C*").map{|c| "\\x%.2x" % c}.join
+    data.gsub!(/[#{badchars_pat}]/n, '')
+    data
   end
 
   #
@@ -1532,7 +1704,8 @@ module Text
   # @param keepers [String]
   # @return [String] All characters not contained in +keepers+
   def self.charset_exclude(keepers)
-    [*(0..255)].pack('C*').delete(keepers)
+    excluded_bytes = [*(0..255)] - keepers.unpack("C*")
+    excluded_bytes.pack("C*")
   end
 
   #
@@ -1643,6 +1816,19 @@ module Text
     mail_address << Rex::Text.rand_hostname
   end
 
+  #
+  # Calculate the block API hash for the given module/function
+  #
+  # @param mod [String] The name of the module containing the target function.
+  # @param fun [String] The name of the function.
+  #
+  # @return [String] The hash of the mod/fun pair in string format
+  def self.block_api_hash(mod, fun)
+    unicode_mod = (mod.upcase + "\x00").unpack('C*').pack('v*')
+    mod_hash = self.ror13_hash(unicode_mod)
+    fun_hash = self.ror13_hash(fun + "\x00")
+    "0x#{(mod_hash + fun_hash & 0xFFFFFFFF).to_s(16)}"
+  end
 
   #
   # Calculate the ROR13 hash of a given string