rex 2.0.8 → 2.0.9

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rex
 version: !ruby/object:Gem::Version
-  version: 2.0.8
+  version: 2.0.9
 platform: ruby
 authors:
 - HD Moore
@@ -9,12 +9,12 @@ authors:
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2015-03-05 00:00:00.000000000 Z
+date: 2015-11-22 00:00:00.000000000 Z
 dependencies: []
 description: Rex provides a variety of classes useful for security testing and exploit
   development.
 email:
-- hd_moore@rapid7.com
+- x@hdm.io
 - jacob.hammack@hammackj.com
 executables: []
 extensions: []
@@ -28,6 +28,7 @@ files:
 - lib/rex/arch.rb
 - lib/rex/arch/sparc.rb
 - lib/rex/arch/x86.rb
+- lib/rex/arch/zarch.rb
 - lib/rex/assembly/nasm.rb
 - lib/rex/codepage.map
 - lib/rex/compat.rb
@@ -68,6 +69,7 @@ files:
 - lib/rex/exploitation/cmdstager.rb
 - lib/rex/exploitation/cmdstager/base.rb
 - lib/rex/exploitation/cmdstager/bourne.rb
+- lib/rex/exploitation/cmdstager/certutil.rb
 - lib/rex/exploitation/cmdstager/debug_asm.rb
 - lib/rex/exploitation/cmdstager/debug_write.rb
 - lib/rex/exploitation/cmdstager/echo.rb
@@ -87,17 +89,10 @@ files:
 - lib/rex/exploitation/obfuscatejs.rb
 - lib/rex/exploitation/omelet.rb
 - lib/rex/exploitation/opcodedb.rb
-- lib/rex/exploitation/powershell.rb
-- lib/rex/exploitation/powershell/function.rb
-- lib/rex/exploitation/powershell/obfu.rb
-- lib/rex/exploitation/powershell/output.rb
-- lib/rex/exploitation/powershell/param.rb
-- lib/rex/exploitation/powershell/parser.rb
-- lib/rex/exploitation/powershell/psh_methods.rb
-- lib/rex/exploitation/powershell/script.rb
 - lib/rex/exploitation/ropdb.rb
 - lib/rex/exploitation/seh.rb
 - lib/rex/file.rb
+- lib/rex/google/geolocation.rb
 - lib/rex/image_source.rb
 - lib/rex/image_source/disk.rb
 - lib/rex/image_source/image_source.rb
@@ -111,6 +106,8 @@ files:
 - lib/rex/java.rb
 - lib/rex/java/serialization.rb
 - lib/rex/java/serialization/builder.rb
+- lib/rex/java/serialization/decode_error.rb
+- lib/rex/java/serialization/encode_error.rb
 - lib/rex/java/serialization/model.rb
 - lib/rex/java/serialization/model/annotation.rb
 - lib/rex/java/serialization/model/block_data.rb
@@ -122,20 +119,24 @@ files:
 - lib/rex/java/serialization/model/field.rb
 - lib/rex/java/serialization/model/long_utf.rb
 - lib/rex/java/serialization/model/new_array.rb
+- lib/rex/java/serialization/model/new_class.rb
 - lib/rex/java/serialization/model/new_class_desc.rb
 - lib/rex/java/serialization/model/new_enum.rb
 - lib/rex/java/serialization/model/new_object.rb
 - lib/rex/java/serialization/model/null_reference.rb
+- lib/rex/java/serialization/model/proxy_class_desc.rb
 - lib/rex/java/serialization/model/reference.rb
 - lib/rex/java/serialization/model/reset.rb
 - lib/rex/java/serialization/model/stream.rb
 - lib/rex/java/serialization/model/utf.rb
 - lib/rex/job_container.rb
+- lib/rex/json_hash_file.rb
 - lib/rex/logging.rb
 - lib/rex/logging/log_dispatcher.rb
 - lib/rex/logging/log_sink.rb
 - lib/rex/logging/sinks/flatfile.rb
 - lib/rex/logging/sinks/stderr.rb
+- lib/rex/logging/sinks/timestamp_flatfile.rb
 - lib/rex/mac_oui.rb
 - lib/rex/machparsey.rb
 - lib/rex/machparsey/exceptions.rb
@@ -196,9 +197,11 @@ files:
 - lib/rex/parser/retina_xml.rb
 - lib/rex/parser/unattend.rb
 - lib/rex/parser/wapiti_nokogiri.rb
+- lib/rex/parser/winscp.rb
+- lib/rex/parser/x509_certificate.rb
 - lib/rex/payloads.rb
-- lib/rex/payloads/meterpreter.rb
-- lib/rex/payloads/meterpreter/patch.rb
+- lib/rex/payloads/meterpreter/config.rb
+- lib/rex/payloads/meterpreter/uri_checksum.rb
 - lib/rex/payloads/win32.rb
 - lib/rex/payloads/win32/common.rb
 - lib/rex/payloads/win32/kernel.rb
@@ -249,6 +252,8 @@ files:
 - lib/rex/post/meterpreter/extensions/extapi/adsi/adsi.rb
 - lib/rex/post/meterpreter/extensions/extapi/clipboard/clipboard.rb
 - lib/rex/post/meterpreter/extensions/extapi/extapi.rb
+- lib/rex/post/meterpreter/extensions/extapi/ntds/ntds.rb
+- lib/rex/post/meterpreter/extensions/extapi/pageant/pageant.rb
 - lib/rex/post/meterpreter/extensions/extapi/service/service.rb
 - lib/rex/post/meterpreter/extensions/extapi/tlv.rb
 - lib/rex/post/meterpreter/extensions/extapi/window/window.rb
@@ -269,6 +274,8 @@ files:
 - lib/rex/post/meterpreter/extensions/priv/passwd.rb
 - lib/rex/post/meterpreter/extensions/priv/priv.rb
 - lib/rex/post/meterpreter/extensions/priv/tlv.rb
+- lib/rex/post/meterpreter/extensions/python/python.rb
+- lib/rex/post/meterpreter/extensions/python/tlv.rb
 - lib/rex/post/meterpreter/extensions/sniffer/sniffer.rb
 - lib/rex/post/meterpreter/extensions/sniffer/tlv.rb
 - lib/rex/post/meterpreter/extensions/stdapi/constants.rb
@@ -276,6 +283,7 @@ files:
 - lib/rex/post/meterpreter/extensions/stdapi/fs/file.rb
 - lib/rex/post/meterpreter/extensions/stdapi/fs/file_stat.rb
 - lib/rex/post/meterpreter/extensions/stdapi/fs/io.rb
+- lib/rex/post/meterpreter/extensions/stdapi/fs/mount.rb
 - lib/rex/post/meterpreter/extensions/stdapi/net/arp.rb
 - lib/rex/post/meterpreter/extensions/stdapi/net/config.rb
 - lib/rex/post/meterpreter/extensions/stdapi/net/interface.rb
@@ -359,6 +367,7 @@ files:
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/elevate.rb
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/passwd.rb
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/priv/timestomp.rb
+- lib/rex/post/meterpreter/ui/console/command_dispatcher/python.rb
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/sniffer.rb
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi.rb
 - lib/rex/post/meterpreter/ui/console/command_dispatcher/stdapi/fs.rb
@@ -371,6 +380,16 @@ files:
 - lib/rex/post/process.rb
 - lib/rex/post/thread.rb
 - lib/rex/post/ui.rb
+- lib/rex/powershell.rb
+- lib/rex/powershell/command.rb
+- lib/rex/powershell/function.rb
+- lib/rex/powershell/obfu.rb
+- lib/rex/powershell/output.rb
+- lib/rex/powershell/param.rb
+- lib/rex/powershell/parser.rb
+- lib/rex/powershell/payload.rb
+- lib/rex/powershell/psh_methods.rb
+- lib/rex/powershell/script.rb
 - lib/rex/proto.rb
 - lib/rex/proto/acpp.rb
 - lib/rex/proto/acpp/client.rb
@@ -488,8 +507,11 @@ files:
 - lib/rex/proto/rfb/client.rb
 - lib/rex/proto/rfb/constants.rb
 - lib/rex/proto/rmi.rb
+- lib/rex/proto/rmi/decode_error.rb
+- lib/rex/proto/rmi/exception.rb
 - lib/rex/proto/rmi/model.rb
 - lib/rex/proto/rmi/model/call.rb
+- lib/rex/proto/rmi/model/call_data.rb
 - lib/rex/proto/rmi/model/continuation.rb
 - lib/rex/proto/rmi/model/dgc_ack.rb
 - lib/rex/proto/rmi/model/element.rb
@@ -498,6 +520,8 @@ files:
 - lib/rex/proto/rmi/model/ping_ack.rb
 - lib/rex/proto/rmi/model/protocol_ack.rb
 - lib/rex/proto/rmi/model/return_data.rb
+- lib/rex/proto/rmi/model/return_value.rb
+- lib/rex/proto/rmi/model/unique_identifier.rb
 - lib/rex/proto/sip.rb
 - lib/rex/proto/sip/response.rb
 - lib/rex/proto/smb.rb
@@ -510,6 +534,8 @@ files:
 - lib/rex/proto/smb/simpleclient/open_file.rb
 - lib/rex/proto/smb/simpleclient/open_pipe.rb
 - lib/rex/proto/smb/utils.rb
+- lib/rex/proto/steam.rb
+- lib/rex/proto/steam/message.rb
 - lib/rex/proto/sunrpc.rb
 - lib/rex/proto/sunrpc/client.rb
 - lib/rex/proto/tftp.rb
@@ -590,6 +616,7 @@ files:
 - lib/rex/ui/text/progress_tracker.rb
 - lib/rex/ui/text/shell.rb
 - lib/rex/ui/text/table.rb
+- lib/rex/user_agent.rb
 - lib/rex/zip.rb
 - lib/rex/zip/archive.rb
 - lib/rex/zip/blocks.rb
@@ -620,7 +647,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.4.3
+rubygems_version: 2.4.8
 signing_key: 
 specification_version: 4
 summary: Ruby Exploitation Library

data/lib/rex/exploitation/powershell.rb

@@ -1,62 +0,0 @@
-# -*- coding: binary -*-
-
-require 'rex/exploitation/powershell/output'
-require 'rex/exploitation/powershell/parser'
-require 'rex/exploitation/powershell/obfu'
-require 'rex/exploitation/powershell/param'
-require 'rex/exploitation/powershell/function'
-require 'rex/exploitation/powershell/script'
-require 'rex/exploitation/powershell/psh_methods'
-
-module Rex
-  module Exploitation
-    module Powershell
-      #
-      # Reads script into a PowershellScript
-      #
-      # @param script_path [String] Path to the Script File
-      #
-      # @return [Script] Powershell Script object
-      def self.read_script(script_path)
-        Rex::Exploitation::Powershell::Script.new(script_path)
-      end
-
-      #
-      # Insert substitutions into the powershell script
-      # If script is a path to a file then read the file
-      # otherwise treat it as the contents of a file
-      #
-      # @param script [String] Script file or path to script
-      # @param subs [Array] Substitutions to insert
-      #
-      # @return [String] Modified script file
-      def self.make_subs(script, subs)
-        if ::File.file?(script)
-          script = ::File.read(script)
-        end
-
-        subs.each do |set|
-          script.gsub!(set[0], set[1])
-        end
-
-        script
-      end
-
-      #
-      # Return an array of substitutions for use in make_subs
-      #
-      # @param subs [String] A ; seperated list of substitutions
-      #
-      # @return [Array] An array of substitutions
-      def self.process_subs(subs)
-        return [] if subs.nil? or subs.empty?
-        new_subs = []
-        subs.split(';').each do |set|
-          new_subs << set.split(',', 2)
-        end
-
-        new_subs
-      end
-    end
-  end
-end

data/lib/rex/exploitation/powershell/parser.rb

@@ -1,183 +0,0 @@
-# -*- coding: binary -*-
-
-module Rex
-  module Exploitation
-    module Powershell
-      module Parser
-        # Reserved special variables
-        # Acquired with: Get-Variable | Format-Table name, value -auto
-        RESERVED_VARIABLE_NAMES = [
-          '$$',
-          '$?',
-          '$^',
-          '$_',
-          '$args',
-          '$ConfirmPreference',
-          '$ConsoleFileName',
-          '$DebugPreference',
-          '$Env',
-          '$Error',
-          '$ErrorActionPreference',
-          '$ErrorView',
-          '$ExecutionContext',
-          '$false',
-          '$FormatEnumerationLimit',
-          '$HOME',
-          '$Host',
-          '$input',
-          '$LASTEXITCODE',
-          '$MaximumAliasCount',
-          '$MaximumDriveCount',
-          '$MaximumErrorCount',
-          '$MaximumFunctionCount',
-          '$MaximumHistoryCount',
-          '$MaximumVariableCount',
-          '$MyInvocation',
-          '$NestedPromptLevel',
-          '$null',
-          '$OutputEncoding',
-          '$PID',
-          '$PROFILE',
-          '$ProgressPreference',
-          '$PSBoundParameters',
-          '$PSCulture',
-          '$PSEmailServer',
-          '$PSHOME',
-          '$PSSessionApplicationName',
-          '$PSSessionConfigurationName',
-          '$PSSessionOption',
-          '$PSUICulture',
-          '$PSVersionTable',
-          '$PWD',
-          '$ReportErrorShowExceptionClass',
-          '$ReportErrorShowInnerException',
-          '$ReportErrorShowSource',
-          '$ReportErrorShowStackTrace',
-          '$ShellId',
-          '$StackTrace',
-          '$true',
-          '$VerbosePreference',
-          '$WarningPreference',
-          '$WhatIfPreference'
-        ].map(&:downcase).freeze
-
-        #
-        # Get variable names from code, removes reserved names from return
-        #
-        # @return [Array] variable names
-        def get_var_names
-          our_vars = code.scan(/\$[a-zA-Z\-\_0-9]+/).uniq.flatten.map(&:strip)
-          our_vars.select { |v| !RESERVED_VARIABLE_NAMES.include?(v.downcase) }
-        end
-
-        #
-        # Get function names from code
-        #
-        # @return [Array] function names
-        def get_func_names
-          code.scan(/function\s([a-zA-Z\-\_0-9]+)/).uniq.flatten
-        end
-
-        #
-        # Attempt to find string literals in PSH expression
-        #
-        # @return [Array] string literals
-        def get_string_literals
-          code.scan(/@"(.+?)"@|@'(.+?)'@/m)
-        end
-
-        #
-        # Scan code and return matches with index
-        #
-        # @param str [String] string to match in code
-        # @param source [String] source code to match, defaults to @code
-        #
-        # @return [Array[String,Integer]] matched items with index
-        def scan_with_index(str, source = code)
-          ::Enumerator.new do |y|
-            source.scan(str) do
-              y << ::Regexp.last_match
-            end
-          end.map { |m| [m.to_s, m.offset(0)[0]] }
-        end
-
-        #
-        # Return matching bracket type
-        #
-        # @param char [String] opening bracket character
-        #
-        # @return [String] matching closing bracket
-        def match_start(char)
-          case char
-          when '{'
-            '}'
-          when '('
-            ')'
-          when '['
-            ']'
-          when '<'
-            '>'
-          else
-            fail ArgumentError, 'Unknown starting bracket'
-          end
-        end
-
-        #
-        # Extract block of code inside brackets/parenthesis
-        #
-        # Attempts to match the bracket at idx, handling nesting manually
-        # Once the balanced matching bracket is found, all script content
-        # between idx and the index of the matching bracket is returned
-        #
-        # @param idx [Integer] index of opening bracket
-        #
-        # @return [String] content between matching brackets
-        def block_extract(idx)
-          fail ArgumentError unless idx
-
-          if idx < 0 || idx >= code.length
-            fail ArgumentError, 'Invalid index'
-          end
-
-          start = code[idx]
-          stop = match_start(start)
-          delims = scan_with_index(/#{Regexp.escape(start)}|#{Regexp.escape(stop)}/, code[idx + 1..-1])
-          delims.map { |x| x[1] = x[1] + idx + 1 }
-          c = 1
-          sidx = nil
-          # Go through delims till we balance, get idx
-          while (c != 0) && (x = delims.shift)
-            sidx = x[1]
-            x[0] == stop ? c -= 1 : c += 1
-          end
-
-          code[idx..sidx]
-        end
-
-        #
-        # Extract a block of function code
-        #
-        # @param func_name [String] function name
-        # @param delete [Boolean] delete the function from the code
-        #
-        # @return [String] function block
-        def get_func(func_name, delete = false)
-          start = code.index(func_name)
-
-          return nil unless start
-
-          idx = code[start..-1].index('{') + start
-          func_txt = block_extract(idx)
-
-          if delete
-            delete_code = code[0..idx]
-            delete_code << code[(idx + func_txt.length)..-1]
-            @code = delete_code
-          end
-
-          Function.new(func_name, func_txt)
-        end
-      end # Parser
-    end
-  end
-end

data/lib/rex/payloads/meterpreter.rb

@@ -1,2 +0,0 @@
-# -*- coding: binary -*-
-require 'rex/payloads/meterpreter/patch'

data/lib/rex/payloads/meterpreter/patch.rb

@@ -1,136 +0,0 @@
-# -*- coding: binary -*-
-
-module Rex
-  module Payloads
-    module Meterpreter
-      ###
-      #
-      # Provides methods to patch options into metsrv stagers
-      #
-      ###
-      module Patch
-
-        # Replace the transport string
-        def self.patch_transport! blob, ssl
-
-          i = blob.index("METERPRETER_TRANSPORT_SSL")
-          if i
-            str = ssl ? "METERPRETER_TRANSPORT_HTTPS\x00" : "METERPRETER_TRANSPORT_HTTP\x00"
-            blob[i, str.length] = str
-          end
-
-        end
-
-        # Replace the URL
-        def self.patch_url! blob, url
-
-          i = blob.index("https://" + ("X" * 256))
-          if i
-            str = url
-            blob[i, str.length] = str
-          end
-
-        end
-
-        # Replace the session expiration timeout
-        def self.patch_expiration! blob, expiration
-
-          i = blob.index([0xb64be661].pack("V"))
-          if i
-            str = [ expiration ].pack("V")
-            blob[i, str.length] = str
-          end
-
-        end
-
-        # Replace the session communication timeout
-        def self.patch_comm_timeout! blob, comm_timeout
-
-          i = blob.index([0xaf79257f].pack("V"))
-          if i
-            str = [ comm_timeout ].pack("V")
-            blob[i, str.length] = str
-          end
-
-        end
-
-        # Replace the user agent string with our option
-        def self.patch_ua! blob, ua
-
-          ua = ua[0,255] + "\x00"
-          i = blob.index("METERPRETER_UA\x00")
-          if i
-            blob[i, ua.length] = ua
-          end
-
-        end
-
-        # Activate a custom proxy
-        def self.patch_proxy! blob, proxyhost, proxyport, proxy_type
-
-          i = blob.index("METERPRETER_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
-          if i
-            if proxyhost
-              if proxyhost.to_s != ""
-                proxyhost = proxyhost.to_s
-                proxyport = proxyport.to_s || "8080"
-                proxyinfo = proxyhost + ":" + proxyport
-                if proxyport == "80"
-                  proxyinfo = proxyhost
-                end
-                if proxy_type.to_s == 'HTTP'
-                  proxyinfo = 'http://' + proxyinfo
-                else #socks
-                  proxyinfo = 'socks=' + proxyinfo
-                end
-                proxyinfo << "\x00"
-                blob[i, proxyinfo.length] = proxyinfo
-              end
-            end
-          end
-
-        end
-
-        # Proxy authentification
-        def self.patch_proxy_auth! blob, proxy_username, proxy_password, proxy_type
-
-          unless (proxy_username.nil? or proxy_username.empty?) or
-            (proxy_password.nil? or proxy_password.empty?) or
-            proxy_type == 'SOCKS'
-
-            proxy_username_loc = blob.index("METERPRETER_USERNAME_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
-            proxy_username = proxy_username << "\x00"
-            blob[proxy_username_loc, proxy_username.length] = proxy_username
-
-            proxy_password_loc = blob.index("METERPRETER_PASSWORD_PROXY\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")
-            proxy_password = proxy_password << "\x00"
-            blob[proxy_password_loc, proxy_password.length] = proxy_password
-          end
-
-        end
-
-        # Patch options into metsrv for reverse HTTP payloads
-        def self.patch_passive_service! blob, options
-
-          patch_transport! blob, options[:ssl]
-          patch_url! blob, options[:url]
-          patch_expiration! blob, options[:expiration]
-          patch_comm_timeout! blob, options[:comm_timeout]
-          patch_ua! blob, options[:ua]
-          patch_proxy!(blob,
-            options[:proxyhost],
-            options[:proxyport],
-            options[:proxy_type]
-          )
-          patch_proxy_auth!(blob,
-            options[:proxy_username],
-            options[:proxy_password],
-            options[:proxy_type]
-          )
-
-        end
-
-      end
-    end
-  end
-end