metasploit-framework/lib/rex/text.rb

1562 lines
41 KiB
Ruby
Raw Normal View History

# -*- coding: binary -*-
require 'digest/md5'
require 'digest/sha1'
require 'stringio'
require 'cgi'
%W{ iconv zlib }.each do |libname|
begin
old_verbose = $VERBOSE
$VERBOSE = nil
require libname
rescue ::LoadError
ensure
$VERBOSE = old_verbose
end
end
module Rex
###
#
# This class formats text in various fashions and also provides
# a mechanism for wrapping text at a given column.
#
###
module Text
@@codepage_map_cache = nil
##
#
# Constants
#
##
States = ["AK", "AL", "AR", "AZ", "CA", "CO", "CT", "DE", "FL", "GA", "HI",
"IA", "ID", "IL", "IN", "KS", "KY", "LA", "MA", "MD", "ME", "MI", "MN",
"MO", "MS", "MT", "NC", "ND", "NE", "NH", "NJ", "NM", "NV", "NY", "OH",
"OK", "OR", "PA", "RI", "SC", "SD", "TN", "TX", "UT", "VA", "VT", "WA",
"WI", "WV", "WY"]
UpperAlpha = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
LowerAlpha = "abcdefghijklmnopqrstuvwxyz"
Numerals = "0123456789"
2013-02-09 21:50:12 +00:00
Base32 = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567"
Alpha = UpperAlpha + LowerAlpha
AlphaNumeric = Alpha + Numerals
HighAscii = [*(0x80 .. 0xff)].pack("C*")
LowAscii = [*(0x00 .. 0x1f)].pack("C*")
DefaultWrap = 60
AllChars = [*(0x00 .. 0xff)].pack("C*")
Punctuation = ( [*(0x21 .. 0x2f)] + [*(0x3a .. 0x3F)] + [*(0x5b .. 0x60)] + [*(0x7b .. 0x7e)] ).flatten.pack("C*")
DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ]
# In case Iconv isn't loaded
Iconv_EBCDIC = ["\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05", "%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "<", "=", "2", "&", "\x18", "\x19", "?", "'", "\x1C", "\x1D", "\x1E", "\x1F", "@", "Z", "\x7F", "{", "[", "l", "P", "}", "M", "]", "\\", "N", "k", "`", "K", "a", "\xF0", "\xF1", "\xF2", "\xF3", "\xF4", "\xF5", "\xF6", "\xF7", "\xF8", "\xF9", "z", "^", "L", "~", "n", "o", "|", "\xC1", "\xC2", "\xC3", "\xC4", "\xC5", "\xC6", "\xC7", "\xC8", "\xC9", "\xD1", "\xD2", "\xD3", "\xD4", "\xD5", "\xD6", "\xD7", "\xD8", "\xD9", "\xE2", "\xE3", "\xE4", "\xE5", "\xE6", "\xE7", "\xE8", "\xE9", nil, "\xE0", nil, nil, "m", "y", "\x81", "\x82", "\x83", "\x84", "\x85", "\x86", "\x87", "\x88", "\x89", "\x91", "\x92", "\x93", "\x94", "\x95", "\x96", "\x97", "\x98", "\x99", "\xA2", "\xA3", "\xA4", "\xA5", "\xA6", "\xA7", "\xA8", "\xA9", "\xC0", "O", "\xD0", "\xA1", "\a", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
Iconv_ASCII = ["\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\a", "\b", "\t", "\n", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x19", "\x1A", "\e", "\x1C", "\x1D", "\x1E", "\x1F", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", nil, "\\", nil, nil, "_", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "\x7F", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil]
##
#
# Serialization
#
##
#
# Converts a raw string into a ruby buffer
#
def self.to_ruby(str, wrap = DefaultWrap, name = "buf")
return hexify(str, wrap, '"', '" +', "#{name} = \n", '"')
end
#
# Creates a ruby-style comment
#
def self.to_ruby_comment(str, wrap = DefaultWrap)
return wordwrap(str, 0, wrap, '', '# ')
end
#
# Converts a raw string into a C buffer
#
def self.to_c(str, wrap = DefaultWrap, name = "buf")
return hexify(str, wrap, '"', '"', "unsigned char #{name}[] = \n", '";')
end
def self.to_csharp(str, wrap = DefaultWrap, name = "buf")
ret = "byte[] #{name} = new byte[#{str.length}] {"
i = -1;
while (i += 1) < str.length
ret << "\n" if i%(wrap/4) == 0
ret << "0x" << str[i].unpack("H*")[0] << ","
end
ret = ret[0..ret.length-2] #cut off last comma
ret << " };\n"
end
#
# Creates a c-style comment
#
def self.to_c_comment(str, wrap = DefaultWrap)
return "/*\n" + wordwrap(str, 0, wrap, '', ' * ') + " */\n"
end
#
# Creates a javascript-style comment
#
def self.to_js_comment(str, wrap = DefaultWrap)
return wordwrap(str, 0, wrap, '', '// ')
end
#
# Converts a raw string into a perl buffer
#
def self.to_perl(str, wrap = DefaultWrap, name = "buf")
return hexify(str, wrap, '"', '" .', "my $#{name} = \n", '";')
end
#
# Converts a raw string into a python buffer
#
def self.to_python(str, wrap = DefaultWrap, name = "buf")
return hexify(str, wrap, "#{name} += \"", '"', "#{name} = \"\"\n", '"')
end
#
# Converts a raw string into a Bash buffer
#
def self.to_bash(str, wrap = DefaultWrap, name = "buf")
return hexify(str, wrap, '$\'', '\'\\', "export #{name}=\\\n", '\'')
end
#
# Converts a raw string into a java byte array
#
def self.to_java(str, name = "shell")
buff = "byte #{name}[] = new byte[]\n{\n"
cnt = 0
max = 0
str.unpack('C*').each do |c|
buff << ", " if max > 0
buff << "\t" if max == 0
buff << sprintf('(byte) 0x%.2x', c)
max +=1
cnt +=1
if (max > 7)
buff << ",\n" if cnt != str.length
max = 0
end
end
buff << "\n};\n"
return buff
end
#
# Creates a perl-style comment
#
def self.to_perl_comment(str, wrap = DefaultWrap)
return wordwrap(str, 0, wrap, '', '# ')
end
#
# Creates a Bash-style comment
#
def self.to_bash_comment(str, wrap = DefaultWrap)
return wordwrap(str, 0, wrap, '', '# ')
end
#
# Returns the raw string
#
def self.to_raw(str)
return str
end
#
# Converts ISO-8859-1 to UTF-8
#
def self.to_utf8(str)
if str.respond_to?(:encode)
# Skip over any bytes that fail to convert to UTF-8
return str.encode('utf-8', { :invalid => :replace, :undef => :replace, :replace => '' })
end
begin
Iconv.iconv("utf-8","iso-8859-1", str).join(" ")
rescue
raise ::RuntimeError, "Your installation does not support iconv (needed for utf8 conversion)"
end
end
#
# Converts ASCII to EBCDIC
#
class IllegalSequence < ArgumentError; end
# A native implementation of the ASCII->EBCDIC table, used to fall back from using
# Iconv
def self.to_ebcdic_rex(str)
new_str = []
str.each_byte do |x|
if Iconv_ASCII.index(x.chr)
new_str << Iconv_EBCDIC[Iconv_ASCII.index(x.chr)]
else
raise Rex::Text::IllegalSequence, ("\\x%x" % x)
end
end
new_str.join
end
# A native implementation of the EBCDIC->ASCII table, used to fall back from using
# Iconv
def self.from_ebcdic_rex(str)
new_str = []
str.each_byte do |x|
if Iconv_EBCDIC.index(x.chr)
new_str << Iconv_ASCII[Iconv_EBCDIC.index(x.chr)]
else
raise Rex::Text::IllegalSequence, ("\\x%x" % x)
end
end
new_str.join
end
def self.to_ebcdic(str)
begin
Iconv.iconv("EBCDIC-US", "ASCII", str).first
rescue ::Iconv::IllegalSequence => e
raise e
rescue
self.to_ebcdic_rex(str)
end
end
#
# Converts EBCIDC to ASCII
#
def self.from_ebcdic(str)
begin
Iconv.iconv("ASCII", "EBCDIC-US", str).first
rescue ::Iconv::IllegalSequence => e
raise e
rescue
self.from_ebcdic_rex(str)
end
end
2012-11-16 21:11:48 +00:00
#
# Returns the words in +str+ as an Array.
#
# strict - include *only* words, no boundary characters (like spaces, etc.)
#
def self.to_words( str, strict = false )
splits = str.split( /\b/ )
splits.reject! { |w| !(w =~ /\w/) } if strict
splits
end
#
# Removes noise from 2 Strings and return a refined String version.
#
def self.refine( str1, str2 )
return str1 if str1 == str2
# get the words of the first str in an array
s_words = to_words( str1 )
# get the words of the second str in an array
o_words = to_words( str2 )
# get what hasn't changed (the rdiff, so to speak) as a string
(s_words - (s_words - o_words)).join
end
#
# Returns a unicode escaped string for Javascript
#
def self.to_unescape(data, endian=ENDIAN_LITTLE)
data << "\x41" if (data.length % 2 != 0)
dptr = 0
buff = ''
while (dptr < data.length)
c1 = data[dptr,1].unpack("C*")[0]
dptr += 1
c2 = data[dptr,1].unpack("C*")[0]
dptr += 1
if (endian == ENDIAN_LITTLE)
buff << sprintf('%%u%.2x%.2x', c2, c1)
else
buff << sprintf('%%u%.2x%.2x', c1, c2)
end
end
return buff
end
#
# Returns the escaped octal version of the supplied string
#
# @example
# Rex::Text.to_octal("asdf") # => "\\141\\163\\144\\146"
#
# @param str [String] The string to be converted
# @param prefix [String]
# @return [String] The escaped octal version of +str+
Squashed commit of the following: commit 6a3ad1d887df9d277e4878de94f8700ed8e404f9 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 16:22:49 2012 -0600 Add register_command calls for md5 and sha1 commit dbd52c5a1edfe1818a580d4d46aac0a9ca038e9c Author: James Lee <egypt@metasploit.com> Date: Wed May 9 16:22:09 2012 -0600 Read the file instead of downloading it commit 55b84ad8e2a8532b3f8520ccb1162169b8e9c056 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 15:27:11 2012 -0600 Re-compile linux meterp to support the loadlib api commit d112e84e490aa30aa9533fb0bdb33a9713ce01a5 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 14:50:25 2012 -0600 Re-compile java meterp to support the loadlib api commit c137187b346b708487245a849b95343223e4e7b0 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 14:44:10 2012 -0600 Don't try to get interfaces if this session doesn't implement it commit 88bba1e6c360c5725c4174623f56bcb6d8b54228 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 14:38:17 2012 -0600 Remove debugging load commit 02954cbf93e2a13da967780cb703103b3f83ecf4 Merge: d9ef256 88b35a3 Author: James Lee <egypt@metasploit.com> Date: Wed May 9 12:06:53 2012 -0600 Merge branch 'rapid7' into feature/4905 Conflicts: data/meterpreter/ext_server_stdapi.php modules/exploits/windows/browser/adobe_flashplayer_flash10o.rb commit d9ef2569b88ae8bce67f13316f6eff76311fd846 Author: James Lee <egypt@metasploit.com> Date: Wed May 2 18:06:06 2012 -0600 PHP doesn't support rev2self commit bf13ea0ff25541da07b8c099218e5ad7ea6ae8ba Author: James Lee <egypt@metasploit.com> Date: Tue May 1 18:21:59 2012 -0600 Add php support for returning new extension commands commit 7e35f2d671d3797fc3fab12e54015387f44b0b33 Author: James Lee <egypt@metasploit.com> Date: Tue May 1 16:03:26 2012 -0600 Reset CVE-2012-0507 back to master Purges commits unrelated to this branch. commit 86a77b3cd017e1e3a3f23d9fba3b9ed173761f80 Author: James Lee <egypt@metasploit.com> Date: Tue May 1 15:59:35 2012 -0600 Revert "Make building the jar for cve-2012-0507 a bit easier" This reverts commit 27ef76522ad10436ec785728445ed2cc0657f85f. Conflicts: external/source/exploits/CVE-2012-0507/Makefile external/source/exploits/CVE-2012-0507/src/msf/x/PayloadX.java commit 8c259fb779f736be16fe972215ddff1dd32fd0f3 Merge: fe2c273 1c03c2b Author: James Lee <egypt@metasploit.com> Date: Tue May 1 15:35:44 2012 -0600 Merge branch 'rapid7' into feature/4905 Conflicts: data/meterpreter/ext_server_stdapi.jar data/meterpreter/meterpreter.jar external/source/meterpreter/java/src/meterpreter/com/metasploit/meterpreter/Meterpreter.java modules/auxiliary/server/browser_autopwn.rb commit fe2c273a6d840c67040d6c9e337f908204337e18 Merge: 8caff47 4e955e5 Author: James Lee <egypt@metasploit.com> Date: Fri Apr 6 10:19:53 2012 -0600 Merge branch 'rapid7' into feature/4905 commit 8caff47d97469f1a5459c04461fd1098487ea514 Author: James Lee <egypt@metasploit.com> Date: Thu Apr 5 17:51:18 2012 -0600 Fix requires to find the test library commit 51c33574cee3c47f0b2900c388d3d1213dd0a90d Author: James Lee <egypt@metasploit.com> Date: Thu Apr 5 17:48:35 2012 -0600 Fix a load order problem with solaris post mods commit 81b658362e5e6bdd215d18b53d14429d163aff72 Merge: adad2cf 6ef4257 Author: James Lee <egypt@metasploit.com> Date: Thu Apr 5 15:43:19 2012 -0600 Merge branch 'master' into feature/4905 commit 6ef42579471c6fde4bba71d0d4ce2c6c3e836180 Merge: 70ab8c0 5852455 Author: James Lee <egypt@metasploit.com> Date: Thu Apr 5 15:16:56 2012 -0600 Merge branch 'rapid7' Conflicts: lib/rex/exploitation/javascriptosdetect.rb commit adad2cf04c501c2a787e5475b62abd31871c06a0 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 20:20:21 2012 -0600 Deal with null data/jar Not sure why "" turns into null sometimes, but it was breaking shells; this fixes it. commit 4f8a437b490e2b2774f9efd23b4891eaf007cf16 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 18:10:59 2012 -0600 Prev commit moved these to src/a commit 27ef76522ad10436ec785728445ed2cc0657f85f Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 18:08:32 2012 -0600 Make building the jar for cve-2012-0507 a bit easier Mostly stolen from cve-2008-5353 commit db3dbad0a5ff20b05758be073c3502138ff095c2 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 14:52:23 2012 -0600 Fix incorrect option name commit 776976af31795bdf1b405e208a2d4b78a6b6c2cf Author: James Lee <egypt@metasploit.com> Date: Wed Mar 28 15:36:20 2012 -0600 Add bap support to java_rhino commit a611ab16e06bd324d6616d0bd69f2c09d671bca0 Author: James Lee <egypt@metasploit.com> Date: Wed Mar 28 15:35:16 2012 -0600 Put next_exploit on the window object so it's always in scope Solves some issues with Chrome not running more than one exploit commit 5114d35de7c2f234ac7fe4288b344d4f2bb9731f Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 14:31:53 2012 -0600 Pull common stuff up out of the body commit 748309465a029593e2fe2fd445149745367513f4 Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 11:04:03 2012 -0600 Fix indentation level commit 954d485e3b8ffea9a7451bd495c1956a098e0eda Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 11:02:42 2012 -0600 Abstract out copy-pasted methods Need to do the same thing for OSX, but it's a different implementation. commit cba8d7c911fb184f6358948022fd4a0e010878d0 Author: James Lee <egypt@metasploit.com> Date: Fri Mar 23 18:04:50 2012 -0600 Linux doesn't implement (drop|steal)_token commit 1cfda3a7b045c08ecfae1ad688e0124e76bd0c8f Author: James Lee <egypt@metasploit.com> Date: Fri Mar 23 17:57:37 2012 -0600 Add availability checks for net, sys, ui, and webcam commit 4bdf39a8bf4b5aab293fc47cb8282d0346db0811 Author: James Lee <egypt@metasploit.com> Date: Fri Mar 23 16:45:59 2012 -0600 add requirement checking for fs and core commands commit 42e35971c9f7348b57293b2b94a42dd0260ac7e4 Author: James Lee <egypt@metasploit.com> Date: Wed Mar 21 17:20:59 2012 -0600 Add a to_octal method that converts e.g. "A" to \0101 commit c3b9415a0a9e2b55b1effbaf2396e11f88301aaa Author: James Lee <egypt@metasploit.com> Date: Wed Mar 21 17:20:07 2012 -0600 Don't use "echo -n" It's not portable commit b0f3ceccfaedbeaf67fbbe76f1a0a9aec7b44548 Author: James Lee <egypt@metasploit.com> Date: Tue Mar 20 17:01:10 2012 -0600 Return a list of new commands after core_loadlib, java version Thanks mihi for the patch and the awesome responsiveness! commit d65303e1b6458bd4b95138dc0d61e5354c4e8d3a Author: James Lee <egypt@metasploit.com> Date: Tue Mar 20 13:21:06 2012 -0600 Make sure we have a response before doing stuff with it commit 721001ead474a17d1a16de543f78b548879f5e7e Author: James Lee <egypt@metasploit.com> Date: Mon Mar 19 21:25:31 2012 -0600 Add missing rmdir and mkdir protocol commands to PHP Now passes all the stdapi tests that it can [*] Session type is meterpreter and platform is php/php [+] should return a user id [+] should return a sysinfo Hash [-] FAILED: should return network interfaces [-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1 [-] FAILED: should have an interface that matches session_host [-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_interfaces: Operation failed: 1 [-] FAILED: should return network routes [-] Exception: Rex::Post::Meterpreter::RequestError : stdapi_net_config_get_routes: Operation failed: 1 [+] should return the proper directory separator [+] should return the current working directory [+] should list files in the current directory [+] should stat a directory [+] should create and remove a dir [+] should change directories [+] should create and remove files [+] should upload a file [-] Passed: 10; Failed: 3 commit 024e99167a025f4678a707e1ee809a1524007d4d Author: James Lee <egypt@metasploit.com> Date: Mon Mar 19 15:26:00 2012 -0600 Use a proper TLV type instead of a generic one commit 1836d915cbe0bfd2f536a667e74d8d6a6ccee72a Author: James Lee <egypt@metasploit.com> Date: Mon Mar 19 15:24:25 2012 -0600 Fix a counting error that caused segfaults (Linux) commit 1e419d3fc392e435ae0af703561ce10bd5a45eb0 Author: James Lee <egypt@metasploit.com> Date: Mon Mar 19 15:06:02 2012 -0600 Return a list of new commands after core_loadlib Gets Windows back in sync with Linux commit 3d3959f720de68e2f36ebfabe8196e01f98fe904 Author: James Lee <egypt@metasploit.com> Date: Mon Mar 19 14:50:55 2012 -0600 Refactor extensionList -> extension_commands It's not the same as extension_list. commit a7acb638af803732fc5f3975e0c0632f427e0deb Author: sinn3r <msfsinn3r@gmail.com> Date: Sun Mar 18 00:07:27 2012 -0500 Massive whitespace cleanup commit ef8b9fd5cea7db43860a5b88d7397ba84393ecd5 Author: sinn3r <msfsinn3r@gmail.com> Date: Sat Mar 17 16:00:20 2012 -0500 Add back enum_protections with some new changes commit d778eec36953bb9bf4985e967ad2c119a1acd79b Author: ohdae <bindshell@live.com> Date: Sat Mar 17 13:28:31 2012 -0400 Added fix for enum_protections commit 64611819d43bf13ab2d68f4353513c39e5a64fe0 Author: sinn3r <msfsinn3r@gmail.com> Date: Sat Mar 17 03:14:26 2012 -0500 A bunch of fixes commit bb1a0205d73e75a61a8fbf5ff6440dd09f9780f9 Author: sinn3r <msfsinn3r@gmail.com> Date: Sat Mar 17 00:28:05 2012 -0500 The comments in get_chatlogs need an update commit 666477e42a734f3120dcc4282b01b5ab5819384a Author: sinn3r <msfsinn3r@gmail.com> Date: Sat Mar 17 00:25:41 2012 -0500 Correct license format commit 3c8eecbcd7b952abaca0b1ce14dca41e1d4cabb7 Author: sinn3r <msfsinn3r@gmail.com> Date: Sat Mar 17 00:22:03 2012 -0500 Add enum_adium.rb post module commit d290cf4fef1309df9a1af748e7c6c259a6788576 Author: ohdae <bindshell@live.com> Date: Fri Mar 16 16:54:36 2012 -0300 Changed store_note to store_loot. Fixed local/remote file retrieval commit ccb830b594ea0f0a8ce7c29b24f2f137ecfd5c4c Author: James Lee <egypt@metasploit.com> Date: Fri Mar 16 11:29:07 2012 -0600 Fall back to MIB method if we can't get netmasks Misses IPv6 addresses, but at least doesn't break everything. [Fixes #6525] commit a9a30232dd5fcc0854c10b4d58df8511a23f3091 Author: sinn3r <msfsinn3r@gmail.com> Date: Fri Mar 16 11:49:31 2012 -0500 This module is not ready, yanked. commit 6bb34f7fd0785d31902f1edc938a6b05b91a1495 Author: Gregory Man <man.gregory@gmail.com> Date: Fri Mar 16 18:09:08 2012 +0200 sockso_traversal 1.8 compatibility fix commit e76965ce565a8ae634dc0d3c743542f1a6d977d7 Author: ohdae <bindshell@live.com> Date: Fri Mar 16 09:17:35 2012 -0400 fix commit 61ce7b587de54363f7071bc19df5a29eb29e9aa7 Author: ohdae <bindshell@live.com> Date: Fri Mar 16 09:14:48 2012 -0400 saves each config to loot instead of notes commit f4713974fa82d8b13017cb0817b5fd36696194d9 Author: James Lee <egypt@metasploit.com> Date: Fri Mar 16 03:46:10 2012 -0600 Check for a 0 prefix length If the OnLinkPrefixLength is 0, something is wrong, try the value in the prefix linked list. Appears to fix v4 addresses on XP but not 2k3. [See #6525] commit cde7fcc012e04880f2faa28226a1fc5834a2e3d5 Author: James Lee <egypt@metasploit.com> Date: Fri Mar 16 01:46:41 2012 -0600 Return network prefixes when available Solves #6525 on Vista+. Win2k still works using the old MIB method (which doesn't support ipv6). Win2k3 and XP are still busted for unknown reasons. commit 98bd9a7bd09149f524ebbe1501ec916bf99b078d Author: ohdae <bindshell@live.com> Date: Thu Mar 15 22:59:42 2012 -0400 Enumerate important and interesting configuration files commit 9336df2ac28ee2df10a0e66e7006df3d23493492 Author: David Maloney <David_Maloney@rapid7.com> Date: Thu Mar 15 19:06:48 2012 -0500 More Virtualisation SSL fixes commit f24c378281ee6c85f687d4823f09ef5848812daf Author: David Maloney <David_Maloney@rapid7.com> Date: Thu Mar 15 18:15:29 2012 -0500 Default SSL to true for esx_fingerprint module commit d6e14c42120df0fd16b79709ac5723d0e2818810 Author: sinn3r <msfsinn3r@gmail.com> Date: Thu Mar 15 15:56:24 2012 -0500 Fix typo commit b24dcfe43e625740ec8a1465f33be02f7ec40162 Author: sinn3r <msfsinn3r@gmail.com> Date: Thu Mar 15 15:55:54 2012 -0500 Add sockso dir traversal commit 033052c1e075fcf43e9c17e5ee4a5006247cb375 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 15 14:31:25 2012 -0600 Fix syntax error in 1.8, thanks Jun Koi for the patch commit 4529efaeaa22e52c9c7c1528c68efb60af8af729 Author: sinn3r <msfsinn3r@gmail.com> Date: Thu Mar 15 14:27:40 2012 -0500 enum_protections is now find_apps commit 49e823802bd8f2cb1940545e74db04f3788352d1 Author: sinn3r <msfsinn3r@gmail.com> Date: Thu Mar 15 14:22:23 2012 -0500 File rename, as well as design and cosmetic changes commit ccf6b011145cf9db444f7e2d3fb3ec61738e88cb Author: ohdae <bindshell@live.com> Date: Thu Mar 15 15:29:52 2012 -0300 added report_note, removed store_loot function, cleaned up info/author commit 27d571932e51afbac0c0fcd95c52f038786a9a28 Author: ohdae <bindshell@live.com> Date: Thu Mar 15 12:18:29 2012 -0300 fixed output newline issue commit 5a828e35d1629dc68825fe7d9322d1316888f8d7 Author: ohdae <bindshell@live.com> Date: Thu Mar 15 01:05:35 2012 -0300 fixed save line commit 805c2ee9871c076a8c0ac62b028a7942af70b6a5 Author: ohdae <bindshell@live.com> Date: Thu Mar 15 01:02:07 2012 -0300 removed unneeded comments commit 5861e1512f2949c0d7848d9ebed8241277462085 Author: ohdae <bindshell@live.com> Date: Thu Mar 15 01:00:55 2012 -0300 fixed output issue commit 593a3648111f1db1f56a410250539261c2a7cd9f Author: ohdae <bindshell@live.com> Date: Wed Mar 14 18:26:53 2012 -0300 removed unneeded dependency commit 05053e6e74b0ac99bbd4005c40ecc3b1196fd13f Author: ohdae <bindshell@live.com> Date: Wed Mar 14 13:30:16 2012 -0400 locates installed 3rd part av, fws, etc commit 5bf512d0e9d2b412c4107228db178a7078111443 Author: sinn3r <msfsinn3r@gmail.com> Date: Wed Mar 14 16:50:54 2012 -0500 Add OSVDB-79863 NetDecision Directory Traversal commit 18715d0367f4ef01b5998d732043cbe224e1787e Author: James Lee <egypt@metasploit.com> Date: Wed Mar 14 23:03:01 2012 -0600 Store the retrieved commands on the session commit b752cb8b31fd8dcd221fb6caa483f6202bf5a4fd Author: James Lee <egypt@metasploit.com> Date: Wed Mar 14 22:45:16 2012 -0600 Retrieve the list of new commands The client side doesn't do anything with them yet commit 69ce8ef42d4089a0b26644bd4d6bebf57c4cfd50 Author: James Lee <egypt@metasploit.com> Date: Wed Mar 14 22:41:16 2012 -0600 Return a list of the new commands in response to core_loadlib Linux commit 354c754aa4cce63ffebb4567f3bbfd621ffef46c Author: James Lee <egypt@metasploit.com> Date: Wed Mar 14 15:13:45 2012 -0600 Whitespace at EOL commit 4afcb4cb9da1921ede29b03b149433cc65d680da Author: James Lee <egypt@metasploit.com> Date: Wed Mar 14 14:30:09 2012 -0600 Create instance methods that return extensions Before this change, meterpreter sessions would not #respond_to? their extensions despite having a pseudo-accessor for them: ``` >> client.respond_to? :sys => false >> client.sys => #<Rex::Post::Meterpreter::ObjectAliases:0x0000000e263488 @aliases={"config"=>#<Rex::Post::Meterpreter::Extensions::Stdapi::Sys::Config:0x0000000e268dc8 @client=#<Session:meterpreter 192.168.99.1:55882 (192.168.99.1) "uid=1000, gid=1000, euid=1000, egid=1000, suid=1000, sgid=1000 @ wpad">>, "process"=>#<Class:0x0000000e268d20>, "registry"=>#<Class:0x0000000e266da0>, "eventlog"=>#<Class:0x0000000e2654e8>, "power"=>#<Class:0x0000000e263c30>}> ``` After: ``` >> client.respond_to? :sys => true ``` commit 70ab8c018f67d15929b6f41322540837ab7b37c5 Merge: a8a3938 5f2bace Author: James Lee <egypt@metasploit.com> Date: Tue Apr 3 11:46:25 2012 -0600 Merge branch 'master' into bap-refactor Conflicts: external/source/exploits/CVE-2012-0507/Help.java external/source/exploits/CVE-2012-0507/Makefile external/source/exploits/CVE-2012-0507/msf/x/Help.java external/source/exploits/CVE-2012-0507/src/a/Exploit.java external/source/exploits/CVE-2012-0507/src/a/Help.java commit a8a393891588a8b5c18e3c2173f1cd9c2480b2d0 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 20:20:21 2012 -0600 Deal with null data/jar Not sure why "" turns into null sometimes, but it was breaking shells; this fixes it. commit 5e5eb39d3ccb62a9fc006be8241cfb97723caa06 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 18:10:59 2012 -0600 Prev commit moved these to src/a commit 5074eadbea426fc4f83d6d165a01e640ef42b4de Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 18:08:32 2012 -0600 Make building the jar for cve-2012-0507 a bit easier Mostly stolen from cve-2008-5353 commit bdb3fbe7fd19aa76b4069edca5a78c53fec668c0 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 14:52:23 2012 -0600 Fix incorrect option name commit 78824ef60084510d3befe0ded6eed314d55eeb12 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 13:24:33 2012 -0600 Add the detected browser version to the DOM Doing it this way lets modules grab the info a bit more easily. commit 9813ccb8d6b14e0e728b8a13bacf59dd31b9c4b9 Merge: 0faa3f6 b5fc8e4 Author: James Lee <egypt@metasploit.com> Date: Thu Mar 29 13:19:05 2012 -0600 Merge branch 'master' into bap-refactor commit 0faa3f65240c3a2b3ab0e72f4aeb2e9f50ed54ee Author: James Lee <egypt@metasploit.com> Date: Wed Mar 28 15:36:20 2012 -0600 Add bap support to java_rhino commit 66ca27f994e3b11c9c8adae85642820768158860 Author: James Lee <egypt@metasploit.com> Date: Wed Mar 28 15:35:16 2012 -0600 Put next_exploit on the window object so it's always in scope Solves some issues with Chrome not running more than one exploit commit 7fc2ca1a0690c7a973307772aed42ab3514e1761 Merge: 325d306 e48c47e Author: James Lee <egypt@metasploit.com> Date: Wed Mar 28 15:10:54 2012 -0600 Merge branch 'master' into bap-refactor commit 325d3060599bc79674e93dd5f55a4e60061e9bdb Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 14:31:53 2012 -0600 Pull common stuff up out of the body commit 4f2b3260bf7f14f4d763625792adb0c3cfd1ed7c Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 11:04:03 2012 -0600 Fix indentation level commit 9b905c53b4d46beb86da8168a1c2c5b2da340f6d Author: James Lee <egypt@metasploit.com> Date: Tue Mar 27 11:02:42 2012 -0600 Abstract out copy-pasted methods Need to do the same thing for OSX, but it's a different implementation.
2012-05-15 23:00:02 +00:00
def self.to_octal(str, prefix = "\\")
octal = ""
str.each_byte { |b|
octal << "#{prefix}#{b.to_s 8}"
}
return octal
end
#
# Returns the escaped hex version of the supplied string
#
# @example
# Rex::Text.to_hex("asdf") # => "\\x61\\x73\\x64\\x66"
#
# @param str (see to_octal)
# @param prefix (see to_octal)
# @param count [Fixnum] Number of bytes to put in each escape chunk
# @return [String] The escaped hex version of +str+
def self.to_hex(str, prefix = "\\x", count = 1)
raise ::RuntimeError, "unable to chunk into #{count} byte chunks" if ((str.length % count) > 0)
# XXX: Regexp.new is used here since using /.{#{count}}/o would compile
# the regex the first time it is used and never check again. Since we
# want to know how many to capture on every instance, we do it this
# way.
return str.unpack('H*')[0].gsub(Regexp.new(".{#{count * 2}}", nil, 'n')) { |s| prefix + s }
end
#
# Returns the string with nonprintable hex characters sanitized to ascii.
# Similiar to {.to_hex}, but regular ASCII is not translated if +count+ is 1.
#
# @example
# Rex::Text.to_hex_ascii("\x7fABC\0") # => "\\x7fABC\\x00"
#
# @param str (see to_hex)
# @param prefix (see to_hex)
# @param count (see to_hex)
# @param suffix [String,nil] A string to append to the converted bytes
# @return [String] The original string with non-printables converted to
# their escaped hex representation
def self.to_hex_ascii(str, prefix = "\\x", count = 1, suffix=nil)
raise ::RuntimeError, "unable to chunk into #{count} byte chunks" if ((str.length % count) > 0)
return str.unpack('H*')[0].gsub(Regexp.new(".{#{count * 2}}", nil, 'n')) { |s|
(0x20..0x7e) === s.to_i(16) ? s.to_i(16).chr : prefix + s + suffix.to_s
}
end
#
# Converts standard ASCII text to a unicode string.
#
# Supported unicode types include: utf-16le, utf16-be, utf32-le, utf32-be, utf-7, and utf-8
#
2013-02-09 21:50:12 +00:00
# Providing 'mode' provides hints to the actual encoder as to how it should encode the string. Only UTF-7 and UTF-8 use "mode".
#
# utf-7 by default does not encode alphanumeric and a few other characters. By specifying the mode of "all", then all of the characters are encoded, not just the non-alphanumeric set.
# to_unicode(str, 'utf-7', 'all')
#
# utf-8 specifies that alphanumeric characters are used directly, eg "a" is just "a". However, there exist 6 different overlong encodings of "a" that are technically not valid, but parse just fine in most utf-8 parsers. (0xC1A1, 0xE081A1, 0xF08081A1, 0xF8808081A1, 0xFC80808081A1, 0xFE8080808081A1). How many bytes to use for the overlong enocding is specified providing 'size'.
2013-02-09 21:50:12 +00:00
# to_unicode(str, 'utf-8', 'overlong', 2)
#
2013-02-09 21:50:12 +00:00
# Many utf-8 parsers also allow invalid overlong encodings, where bits that are unused when encoding a single byte are modified. Many parsers will ignore these bits, rendering simple string matching to be ineffective for dealing with UTF-8 strings. There are many more invalid overlong encodings possible for "a". For example, three encodings are available for an invalid 2 byte encoding of "a". (0xC1E1 0xC161 0xC121). By specifying "invalid", a random invalid encoding is chosen for the given byte size.
# to_unicode(str, 'utf-8', 'invalid', 2)
#
# utf-7 defaults to 'normal' utf-7 encoding
# utf-8 defaults to 2 byte 'normal' encoding
#
def self.to_unicode(str='', type = 'utf-16le', mode = '', size = '')
return '' if not str
case type
when 'utf-16le'
return str.unpack('C*').pack('v*')
when 'utf-16be'
return str.unpack('C*').pack('n*')
when 'utf-32le'
return str.unpack('C*').pack('V*')
when 'utf-32be'
return str.unpack('C*').pack('N*')
when 'utf-7'
case mode
when 'all'
return str.gsub(/./){ |a|
out = ''
if 'a' != '+'
out = encode_base64(to_unicode(a, 'utf-16be')).gsub(/[=\r\n]/, '')
end
'+' + out + '-'
}
else
return str.gsub(/[^\n\r\t\ A-Za-z0-9\'\(\),-.\/\:\?]/){ |a|
out = ''
if a != '+'
out = encode_base64(to_unicode(a, 'utf-16be')).gsub(/[=\r\n]/, '')
end
'+' + out + '-'
}
end
when 'utf-8'
if size == ''
size = 2
end
if size >= 2 and size <= 7
string = ''
str.each_byte { |a|
if (a < 21 || a > 0x7f) || mode != ''
2013-02-09 21:50:12 +00:00
# ugh. turn a single byte into the binary representation of it, in array form
bin = [a].pack('C').unpack('B8')[0].split(//)
# even more ugh.
bin.collect!{|a_| a_.to_i}
out = Array.new(8 * size, 0)
0.upto(size - 1) { |i|
out[i] = 1
out[i * 8] = 1
}
i = 0
byte = 0
bin.reverse.each { |bit|
if i < 6
mod = (((size * 8) - 1) - byte * 8) - i
out[mod] = bit
else
byte = byte + 1
i = 0
redo
end
i = i + 1
}
if mode != ''
case mode
when 'overlong'
# do nothing, since we already handle this as above...
when 'invalid'
done = 0
while done == 0
# the ghetto...
bits = [7, 8, 15, 16, 23, 24, 31, 32, 41]
bits.each { |bit|
bit = (size * 8) - bit
if bit > 1
set = rand(2)
if out[bit] != set
out[bit] = set
done = 1
end
end
}
end
else
raise TypeError, 'Invalid mode. Only "overlong" and "invalid" are acceptable modes for utf-8'
end
end
string << [out.join('')].pack('B*')
else
string << [a].pack('C')
end
}
return string
else
raise TypeError, 'invalid utf-8 size'
end
when 'uhwtfms' # suggested name from HD :P
load_codepage()
string = ''
# overloading mode as codepage
if mode == ''
mode = 1252 # ANSI - Latan 1, default for US installs of MS products
else
mode = mode.to_i
end
if @@codepage_map_cache[mode].nil?
raise TypeError, "Invalid codepage #{mode}"
end
str.each_byte {|byte|
char = [byte].pack('C*')
possible = @@codepage_map_cache[mode]['data'][char]
if possible.nil?
raise TypeError, "codepage #{mode} does not provide an encoding for 0x#{char.unpack('H*')[0]}"
end
string << possible[ rand(possible.length) ]
}
return string
when 'uhwtfms-half' # suggested name from HD :P
load_codepage()
string = ''
# overloading mode as codepage
if mode == ''
mode = 1252 # ANSI - Latan 1, default for US installs of MS products
else
mode = mode.to_i
end
if mode != 1252
raise TypeError, "Invalid codepage #{mode}, only 1252 supported for uhwtfms_half"
end
str.each_byte {|byte|
if ((byte >= 33 && byte <= 63) || (byte >= 96 && byte <= 126))
string << "\xFF" + [byte ^ 32].pack('C')
elsif (byte >= 64 && byte <= 95)
string << "\xFF" + [byte ^ 96].pack('C')
else
char = [byte].pack('C')
possible = @@codepage_map_cache[mode]['data'][char]
if possible.nil?
raise TypeError, "codepage #{mode} does not provide an encoding for 0x#{char.unpack('H*')[0]}"
end
string << possible[ rand(possible.length) ]
end
}
return string
else
raise TypeError, 'invalid utf type'
end
end
#
# Converts a unicode string to standard ASCII text.
#
def self.to_ascii(str='', type = 'utf-16le', mode = '', size = '')
return '' if not str
case type
when 'utf-16le'
return str.unpack('v*').pack('C*')
when 'utf-16be'
return str.unpack('n*').pack('C*')
when 'utf-32le'
return str.unpack('V*').pack('C*')
when 'utf-32be'
return str.unpack('N*').pack('C*')
when 'utf-7'
raise TypeError, 'invalid utf type, not yet implemented'
when 'utf-8'
raise TypeError, 'invalid utf type, not yet implemented'
when 'uhwtfms' # suggested name from HD :P
raise TypeError, 'invalid utf type, not yet implemented'
when 'uhwtfms-half' # suggested name from HD :P
raise TypeError, 'invalid utf type, not yet implemented'
else
raise TypeError, 'invalid utf type'
end
end
#
# Encode a string in a manor useful for HTTP URIs and URI Parameters.
#
def self.uri_encode(str, mode = 'hex-normal')
return "" if str == nil
return str if mode == 'none' # fast track no encoding
all = /[^\/\\]+/
normal = /[^a-zA-Z0-9\/\\\.\-]+/
normal_na = /[a-zA-Z0-9\/\\\.\-]/
case mode
when 'hex-normal'
return str.gsub(normal) { |s| Rex::Text.to_hex(s, '%') }
when 'hex-all'
return str.gsub(all) { |s| Rex::Text.to_hex(s, '%') }
2012-06-12 20:32:50 +00:00
when 'hex-random'
res = ''
str.each_byte do |c|
b = c.chr
res << ((rand(2) == 0) ?
b.gsub(all) { |s| Rex::Text.to_hex(s, '%') } :
b.gsub(normal){ |s| Rex::Text.to_hex(s, '%') } )
end
return res
when 'u-normal'
return str.gsub(normal) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) }
when 'u-all'
return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) }
2012-06-12 20:32:50 +00:00
when 'u-random'
res = ''
str.each_byte do |c|
b = c.chr
res << ((rand(2) == 0) ?
b.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } :
b.gsub(normal){ |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } )
end
return res
when 'u-half'
return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms-half'), '%u', 2) }
else
raise TypeError, "invalid mode #{mode.inspect}"
end
end
#
# Encode a string in a manner useful for HTTP URIs and URI Parameters.
#
# @param str [String] The string to be encoded
# @param mode ["hex","int","int-wide"]
# @return [String]
# @raise [TypeError] if +mode+ is not one of the three available modes
def self.html_encode(str, mode = 'hex')
case mode
when 'hex'
return str.unpack('C*').collect{ |i| "&#x" + ("%.2x" % i) + ";"}.join
when 'int'
return str.unpack('C*').collect{ |i| "&#" + i.to_s + ";"}.join
when 'int-wide'
return str.unpack('C*').collect{ |i| "&#" + ("0" * (7 - i.to_s.length)) + i.to_s + ";" }.join
else
raise TypeError, 'invalid mode'
end
end
#
# Decode a string that's html encoded
#
def self.html_decode(str)
decoded_str = CGI.unescapeHTML(str)
return decoded_str
end
#
# Encode an ASCII string so it's safe for XML. It's a wrapper for to_hex_ascii.
#
def self.xml_char_encode(str)
self.to_hex_ascii(str, "&#x", 1, ";")
end
#
# Decode a URI encoded string
#
def self.uri_decode(str)
str.gsub(/(%[a-z0-9]{2})/i){ |c| [c[1,2]].pack("H*") }
end
#
# Converts a string to random case
#
# @example
# Rex::Text.to_rand_case("asdf") # => "asDf"
#
# @param str [String] The string to randomize
# @return [String]
# @see permute_case
# @see to_mixed_case_array
def self.to_rand_case(str)
buf = str.dup
0.upto(str.length) do |i|
buf[i,1] = rand(2) == 0 ? str[i,1].upcase : str[i,1].downcase
end
return buf
end
#
# Takes a string, and returns an array of all mixed case versions.
#
# @example
# >> Rex::Text.to_mixed_case_array "abc1"
# => ["abc1", "abC1", "aBc1", "aBC1", "Abc1", "AbC1", "ABc1", "ABC1"]
#
# @param str [String] The string to randomize
# @return [Array<String>]
# @see permute_case
def self.to_mixed_case_array(str)
letters = []
str.scan(/./).each { |l| letters << [l.downcase, l.upcase] }
coords = []
(1 << str.size).times { |i| coords << ("%0#{str.size}b" % i) }
mixed = []
coords.each do |coord|
c = coord.scan(/./).map {|x| x.to_i}
this_str = ""
c.each_with_index { |d,i| this_str << letters[i][d] }
mixed << this_str
end
return mixed.uniq
end
#
# Converts a string to a nicely formatted hex dump
#
# @param str [String] The string to convert
# @param width [Fixnum] Number of bytes to convert before adding a newline
def self.to_hex_dump(str, width=16)
buf = ''
idx = 0
cnt = 0
snl = false
lst = 0
while (idx < str.length)
chunk = str[idx, width]
line = chunk.unpack("H*")[0].scan(/../).join(" ")
buf << line
if (lst == 0)
lst = line.length
buf << " " * 4
else
buf << " " * ((lst - line.length) + 4).abs
end
chunk.unpack("C*").each do |c|
if (c > 0x1f and c < 0x7f)
buf << c.chr
else
buf << "."
end
end
buf << "\n"
idx += width
end
buf << "\n"
end
2013-02-09 21:50:12 +00:00
#
# Converts a string a nicely formatted and addressed ex dump
#
def self.to_addr_hex_dump(str, start_addr=0, width=16)
buf = ''
idx = 0
cnt = 0
snl = false
lst = 0
addr = start_addr
while (idx < str.length)
buf << "%08x" % addr
buf << " " * 4
chunk = str[idx, width]
line = chunk.unpack("H*")[0].scan(/../).join(" ")
buf << line
if (lst == 0)
lst = line.length
buf << " " * 4
else
buf << " " * ((lst - line.length) + 4).abs
end
chunk.unpack("C*").each do |c|
if (c > 0x1f and c < 0x7f)
buf << c.chr
else
buf << "."
end
end
buf << "\n"
idx += width
addr += width
end
buf << "\n"
end
#
# Converts a hex string to a raw string
#
# @example
# Rex::Text.hex_to_raw("\\x41\\x7f\\x42") # => "A\x7fB"
#
def self.hex_to_raw(str)
[ str.downcase.gsub(/'/,'').gsub(/\\?x([a-f0-9][a-f0-9])/, '\1') ].pack("H*")
end
#
# Turn non-printable chars into hex representations, leaving others alone
#
# If +whitespace+ is true, converts whitespace (0x20, 0x09, etc) to hex as
# well.
#
# @see hexify
# @see to_hex Converts all the chars
#
def self.ascii_safe_hex(str, whitespace=false)
if whitespace
str.gsub(/([\x00-\x20\x80-\xFF])/){ |x| "\\x%.2x" % x.unpack("C*")[0] }
else
str.gsub(/([\x00-\x08\x0b\x0c\x0e-\x1f\x80-\xFF])/n){ |x| "\\x%.2x" % x.unpack("C*")[0]}
end
end
#
# Wraps text at a given column using a supplied indention
#
def self.wordwrap(str, indent = 0, col = DefaultWrap, append = '', prepend = '')
return str.gsub(/.{1,#{col - indent}}(?:\s|\Z)/){
( (" " * indent) + prepend + $& + append + 5.chr).gsub(/\n\005/,"\n").gsub(/\005/,"\n")}
end
#
# Converts a string to a hex version with wrapping support
#
def self.hexify(str, col = DefaultWrap, line_start = '', line_end = '', buf_start = '', buf_end = '')
2013-02-09 21:50:12 +00:00
output = buf_start
cur = 0
count = 0
new_line = true
# Go through each byte in the string
str.each_byte { |byte|
count += 1
2013-02-09 21:50:12 +00:00
append = ''
# If this is a new line, prepend with the
# line start text
if (new_line == true)
2013-02-09 21:50:12 +00:00
append << line_start
new_line = false
end
# Append the hexified version of the byte
append << sprintf("\\x%.2x", byte)
cur += append.length
# If we're about to hit the column or have gone past it,
# time to finish up this line
if ((cur + line_end.length >= col) or (cur + buf_end.length >= col))
new_line = true
2013-02-09 21:50:12 +00:00
cur = 0
# If this is the last byte, use the buf_end instead of
# line_end
if (count == str.length)
append << buf_end + "\n"
else
append << line_end + "\n"
end
end
output << append
}
# If we were in the middle of a line, finish the buffer at this point
if (new_line == false)
output << buf_end + "\n"
end
return output
end
##
#
# Transforms
#
##
2012-03-21 21:02:46 +00:00
#
# Base32 code
#
# Based on --> https://github.com/stesla/base32
# Copyright (c) 2007-2011 Samuel Tesla
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
# THE SOFTWARE.
#
# Base32 encoder
#
def self.b32encode(bytes_in)
n = (bytes_in.length * 8.0 / 5.0).ceil
p = n < 8 ? 5 - (bytes_in.length * 8) % 5 : 0
c = bytes_in.inject(0) {|m,o| (m << 8) + o} << p
[(0..n-1).to_a.reverse.collect {|i| Base32[(c >> i * 5) & 0x1f].chr},
("=" * (8-n))]
end
def self.encode_base32(str)
bytes = str.bytes
result = ''
size= 5
while bytes.any? do
bytes.each_slice(size) do |a|
bytes_out = b32encode(a).flatten.join
result << bytes_out
bytes = bytes.drop(size)
end
end
return result
end
#
# Base32 decoder
#
def self.b32decode(bytes_in)
bytes = bytes_in.take_while {|c| c != 61} # strip padding
n = (bytes.length * 5.0 / 8.0).floor
p = bytes.length < 8 ? 5 - (n * 8) % 5 : 0
c = bytes.inject(0) {|m,o| (m << 5) + Base32.index(o.chr)} >> p
(0..n-1).to_a.reverse.collect {|i| ((c >> i * 8) & 0xff).chr}
end
def self.decode_base32(str)
bytes = str.bytes
result = ''
size= 8
while bytes.any? do
bytes.each_slice(size) do |a|
bytes_out = b32decode(a).flatten.join
result << bytes_out
bytes = bytes.drop(size)
end
end
return result
end
#
# Base64 encoder
#
def self.encode_base64(str, delim='')
[str.to_s].pack("m").gsub(/\s+/, delim)
end
#
# Base64 decoder
#
def self.decode_base64(str)
str.to_s.unpack("m")[0]
end
#
# Raw MD5 digest of the supplied string
#
def self.md5_raw(str)
Digest::MD5.digest(str)
end
#
# Hexidecimal MD5 digest of the supplied string
#
def self.md5(str)
Digest::MD5.hexdigest(str)
end
#
# Raw SHA1 digest of the supplied string
#
def self.sha1_raw(str)
Digest::SHA1.digest(str)
end
#
# Hexidecimal SHA1 digest of the supplied string
#
def self.sha1(str)
Digest::SHA1.hexdigest(str)
end
#
# Convert hex-encoded characters to literals.
#
# @example
# Rex::Text.dehex("AA\\x42CC") # => "AABCC"
#
# @see hex_to_raw
# @param str [String]
def self.dehex(str)
return str unless str.respond_to? :match
return str unless str.respond_to? :gsub
regex = /\x5cx[0-9a-f]{2}/mi
if str.match(regex)
str.gsub(regex) { |x| x[2,2].to_i(16).chr }
else
str
end
end
#
# Convert and replace hex-encoded characters to literals.
#
# @param (see dehex)
def self.dehex!(str)
return str unless str.respond_to? :match
return str unless str.respond_to? :gsub
regex = /\x5cx[0-9a-f]{2}/mi
str.gsub!(regex) { |x| x[2,2].to_i(16).chr }
end
##
#
# Generators
#
##
# Generates a random character.
def self.rand_char(bad, chars = AllChars)
rand_text(1, bad, chars)
end
# Base text generator method
def self.rand_base(len, bad, *foo)
cset = (foo.join.unpack("C*") - bad.to_s.unpack("C*")).uniq
return "" if cset.length == 0
outp = []
len.times { outp << cset[rand(cset.length)] }
outp.pack("C*")
end
# Generate random bytes of data
def self.rand_text(len, bad='', chars = AllChars)
foo = chars.split('')
rand_base(len, bad, *foo)
end
# Generate random bytes of alpha data
def self.rand_text_alpha(len, bad='')
foo = []
foo += ('A' .. 'Z').to_a
foo += ('a' .. 'z').to_a
rand_base(len, bad, *foo )
end
# Generate random bytes of lowercase alpha data
def self.rand_text_alpha_lower(len, bad='')
rand_base(len, bad, *('a' .. 'z').to_a)
end
# Generate random bytes of uppercase alpha data
def self.rand_text_alpha_upper(len, bad='')
rand_base(len, bad, *('A' .. 'Z').to_a)
end
# Generate random bytes of alphanumeric data
def self.rand_text_alphanumeric(len, bad='')
foo = []
foo += ('A' .. 'Z').to_a
foo += ('a' .. 'z').to_a
foo += ('0' .. '9').to_a
rand_base(len, bad, *foo )
end
# Generate random bytes of alphanumeric hex.
def self.rand_text_hex(len, bad='')
foo = []
foo += ('0' .. '9').to_a
foo += ('a' .. 'f').to_a
rand_base(len, bad, *foo)
end
# Generate random bytes of numeric data
def self.rand_text_numeric(len, bad='')
foo = ('0' .. '9').to_a
rand_base(len, bad, *foo )
end
# Generate random bytes of english-like data
def self.rand_text_english(len, bad='')
foo = []
foo += (0x21 .. 0x7e).map{ |c| c.chr }
rand_base(len, bad, *foo )
end
# Generate random bytes of high ascii data
def self.rand_text_highascii(len, bad='')
foo = []
foo += (0x80 .. 0xff).map{ |c| c.chr }
rand_base(len, bad, *foo )
end
# Generate a random GUID
#
# @example
# Rex::Text.rand_guid # => "{ca776ced-4ab8-2ed6-6510-aa71e5e2508e}"
#
# @return [String]
def self.rand_guid
"{#{[8,4,4,4,12].map {|a| rand_text_hex(a) }.join("-")}}"
end
#
# Creates a pattern that can be used for offset calculation purposes. This
# routine is capable of generating patterns using a supplied set and a
# supplied number of identifiable characters (slots). The supplied sets
# should not contain any duplicate characters or the logic will fail.
#
# @param length [Fixnum]
# @param sets [Array<(String,String,String)>] The character sets to choose
# from. Should have 3 elements, each of which must be a string containing
# no characters contained in the other sets.
# @return [String] A pattern of +length+ bytes, in which any 4-byte chunk is
# unique
# @see pattern_offset
def self.pattern_create(length, sets = nil)
buf = ''
offsets = []
# Make sure there's something in sets even if we were given an explicit nil
sets ||= [ UpperAlpha, LowerAlpha, Numerals ]
# Return stupid uses
return "" if length.to_i < 1
return sets[0][0].chr * length if sets.size == 1 and sets[0].size == 1
sets.length.times { offsets << 0 }
until buf.length >= length
begin
buf << converge_sets(sets, 0, offsets, length)
end
end
# Maximum permutations reached, but we need more data
if (buf.length < length)
buf = buf * (length / buf.length.to_f).ceil
end
buf[0,length]
end
# Step through an arbitrary number of sets of bytes to build up a findable pattern.
# This is mostly useful for experimentially determining offset lengths into memory
# structures. Note that the supplied sets should never contain duplicate bytes, or
# else it can become impossible to measure the offset accurately.
def self.patt2(len, sets = nil)
buf = ""
counter = []
sets ||= [ UpperAlpha, LowerAlpha, Numerals ]
len ||= len.to_i
return "" if len.zero?
sets = sets.map {|a| a.split(//)}
sets.size.times { counter << 0}
0.upto(len-1) do |i|
setnum = i % sets.size
#puts counter.inspect
end
return buf
end
#
# Calculate the offset to a pattern
#
# @param pattern [String] The pattern to search. Usually the return value
# from {.pattern_create}
# @param value [String,Fixnum,Bignum]
# @return [Fixnum] Index of the given +value+ within +pattern+, if it exists
# @return [nil] if +pattern+ does not contain +value+
# @see pattern_create
def self.pattern_offset(pattern, value, start=0)
if (value.kind_of?(String))
pattern.index(value, start)
elsif (value.kind_of?(Fixnum) or value.kind_of?(Bignum))
pattern.index([ value ].pack('V'), start)
else
raise ::ArgumentError, "Invalid class for value: #{value.class}"
end
end
#
# Compresses a string, eliminating all superfluous whitespace before and
# after lines and eliminating all lines.
#
# @param str [String] The string in which to crunch whitespace
# @return [String] Just like +str+, but with repeated whitespace characters
# trimmed down to a single space
def self.compress(str)
str.gsub(/\n/m, ' ').gsub(/\s+/, ' ').gsub(/^\s+/, '').gsub(/\s+$/, '')
end
#
# Randomize the whitespace in a string
#
def self.randomize_space(str)
str.gsub(/\s+/) { |s|
len = rand(50)+2
set = "\x09\x20\x0d\x0a"
buf = ''
while (buf.length < len)
buf << set[rand(set.length),1]
end
buf
}
end
# Returns true if zlib can be used.
def self.zlib_present?
begin
temp = Zlib
return true
rescue
return false
end
end
# backwards compat for just a bit...
def self.gzip_present?
self.zlib_present?
end
#
# Compresses a string using zlib
#
# @param str [String] The string to be compressed
# @param level [Fixnum] One of the Zlib compression level constants
# @return [String] The compressed version of +str+
def self.zlib_deflate(str, level = Zlib::BEST_COMPRESSION)
if self.zlib_present?
z = Zlib::Deflate.new(level)
dst = z.deflate(str, Zlib::FINISH)
z.close
return dst
else
raise RuntimeError, "Gzip support is not present."
end
end
#
# Uncompresses a string using zlib
#
# @param str [String] Compressed string to inflate
# @return [String] The uncompressed version of +str+
def self.zlib_inflate(str)
if(self.zlib_present?)
zstream = Zlib::Inflate.new
buf = zstream.inflate(str)
zstream.finish
zstream.close
return buf
else
raise RuntimeError, "Gzip support is not present."
end
end
#
# Compresses a string using gzip
#
# @param str (see zlib_deflate)
# @param level [Fixnum] Compression level, 1 (fast) to 9 (best)
# @return (see zlib_deflate)
def self.gzip(str, level = 9)
raise RuntimeError, "Gzip support is not present." if (!zlib_present?)
raise RuntimeError, "Invalid gzip compression level" if (level < 1 or level > 9)
s = ""
s.force_encoding('ASCII-8BIT') if s.respond_to?(:encoding)
gz = Zlib::GzipWriter.new(StringIO.new(s, 'wb'), level)
gz << str
gz.close
return s
end
#
# Uncompresses a string using gzip
#
# @param str (see zlib_inflate)
# @return (see zlib_inflate)
def self.ungzip(str)
raise RuntimeError, "Gzip support is not present." if (!zlib_present?)
s = ""
s.force_encoding('ASCII-8BIT') if s.respond_to?(:encoding)
gz = Zlib::GzipReader.new(StringIO.new(str, 'rb'))
s << gz.read
gz.close
return s
end
#
# Return the index of the first badchar in +data+, otherwise return
# nil if there wasn't any badchar occurences.
#
# @param data [String] The string to check for bad characters
# @param badchars [String] A list of characters considered to be bad
# @return [Fixnum] Index of the first bad character if any exist in +data+
# @return [nil] If +data+ contains no bad characters
def self.badchar_index(data, badchars = '')
badchars.unpack("C*").each { |badchar|
pos = data.index(badchar.chr)
return pos if pos
}
return nil
end
#
# Removes bad characters from a string.
#
# Modifies +data+ in place
#
# @param data [#delete]
# @param badchars [String] A list of characters considered to be bad
def self.remove_badchars(data, badchars = '')
data.delete(badchars)
end
#
# Returns all chars that are not in the supplied set
#
# @param keepers [String]
# @return [String] All characters not contained in +keepers+
def self.charset_exclude(keepers)
[*(0..255)].pack('C*').delete(keepers)
end
#
# Shuffles a byte stream
#
# @param str [String]
# @return [String] The shuffled result
# @see shuffle_a
def self.shuffle_s(str)
shuffle_a(str.unpack("C*")).pack("C*")
end
#
# Performs a Fisher-Yates shuffle on an array
#
# Modifies +arr+ in place
#
# @param arr [Array] The array to be shuffled
# @return [Array]
def self.shuffle_a(arr)
len = arr.length
max = len - 1
cyc = [* (0..max) ]
for d in cyc
e = rand(d+1)
next if e == d
f = arr[d];
g = arr[e];
arr[d] = g;
arr[e] = f;
end
return arr
end
# Permute the case of a word
def self.permute_case(word, idx=0)
res = []
if( (UpperAlpha+LowerAlpha).index(word[idx,1]))
word_ucase = word.dup
word_ucase[idx, 1] = word[idx, 1].upcase
word_lcase = word.dup
word_lcase[idx, 1] = word[idx, 1].downcase
if (idx == word.length)
return [word]
else
res << permute_case(word_ucase, idx+1)
res << permute_case(word_lcase, idx+1)
end
else
res << permute_case(word, idx+1)
end
res.flatten
end
# Generate a random hostname
#
# @return [String] A random string conforming to the rules of FQDNs
def self.rand_hostname
host = []
(rand(5) + 1).times {
host.push(Rex::Text.rand_text_alphanumeric(rand(10) + 1))
}
d = ['com', 'net', 'org', 'gov']
host.push(d[rand(d.size)])
host.join('.').downcase
end
# Generate a state
def self.rand_state()
States[rand(States.size)]
end
#
# Calculate the ROR13 hash of a given string
#
# @return [Fixnum]
def self.ror13_hash(name)
hash = 0
name.unpack("C*").each {|c| hash = ror(hash, 13); hash += c }
hash
end
#
# Rotate a 32-bit value to the right by +cnt+ bits
#
# @param val [Fixnum] The value to rotate
# @param cnt [Fixnum] Number of bits to rotate by
def self.ror(val, cnt)
bits = [val].pack("N").unpack("B32")[0].split(//)
1.upto(cnt) do |c|
bits.unshift( bits.pop )
end
[bits.join].pack("B32").unpack("N")[0]
end
#
# Rotate a 32-bit value to the left by +cnt+ bits
#
# @param val (see ror)
# @param cnt (see ror)
# @return (see ror)
def self.rol(val, cnt)
bits = [val].pack("N").unpack("B32")[0].split(//)
1.upto(cnt) do |c|
bits.push( bits.shift )
end
[bits.join].pack("B32").unpack("N")[0]
end
#
# Split a string by n character into an array
#
def self.split_to_a(str, n)
if n > 0
s = str.dup
until s.empty?
(ret ||= []).push s.slice!(0, n)
end
else
ret = str
end
2013-02-09 21:50:12 +00:00
ret
end
#
# Pack a value as 64 bit litle endian; does not exist for Array.pack
#
def self.pack_int64le(val)
[val & 0x00000000ffffffff, val >> 32].pack("V2")
end
#
# A custom unicode filter for dealing with multi-byte strings on a 8-bit console
# Punycode would have been more "standard", but it requires valid Unicode chars
#
def self.unicode_filter_encode(str)
if (str.to_s.unpack("C*") & ( LowAscii + HighAscii + "\x7f" ).unpack("C*")).length > 0
str = "$U$" + str.unpack("C*").select{|c| c < 0x7f and c > 0x1f and c != 0x2d}.pack("C*") + "-0x" + str.unpack("H*")[0]
else
str
end
end
def self.unicode_filter_decode(str)
str.to_s.gsub( /\$U\$([\x20-\x2c\x2e-\x7E]*)\-0x([A-Fa-f0-9]+)/ ){|m| [$2].pack("H*") }
end
protected
def self.converge_sets(sets, idx, offsets, length) # :nodoc:
buf = sets[idx][offsets[idx]].chr
# If there are more sets after use, converage with them.
if (sets[idx + 1])
buf << converge_sets(sets, idx + 1, offsets, length)
else
# Increment the current set offset as well as previous ones if we
# wrap back to zero.
while (idx >= 0 and ((offsets[idx] = (offsets[idx] + 1) % sets[idx].length)) == 0)
idx -= 1
end
# If we reached the point where the idx fell below zero, then that
# means we've reached the maximum threshold for permutations.
if (idx < 0)
return buf
end
end
buf
end
def self.load_codepage()
return if (!@@codepage_map_cache.nil?)
file = File.join(File.dirname(__FILE__),'codepage.map')
page = ''
name = ''
map = {}
File.open(file).each { |line|
next if line =~ /^#/
next if line =~ /^\s*$/
data = line.split
if data[1] =~ /^\(/
page = data.shift.to_i
name = data.join(' ').sub(/^\(/,'').sub(/\)$/,'')
map[page] = {}
map[page]['name'] = name
map[page]['data'] = {}
else
data.each { |entry|
wide, char = entry.split(':')
char = [char].pack('H*')
wide = [wide].pack('H*')
if map[page]['data'][char].nil?
map[page]['data'][char] = [wide]
else
map[page]['data'][char].push(wide)
end
}
end
}
@@codepage_map_cache = map
end
def self.checksum8(str)
str.unpack("C*").inject(:+) % 0x100
end
2012-03-21 21:02:46 +00:00
def self.checksum16_le(str)
str.unpack("v*").inject(:+) % 0x10000
end
def self.checksum16_be(str)
str.unpack("n*").inject(:+) % 0x10000
end
def self.checksum32_le(str)
str.unpack("V*").inject(:+) % 0x100000000
end
def self.checksum32_be(str)
str.unpack("N*").inject(:+) % 0x100000000
end
end
end