From efe44ba6b58b5193d198cbc4f9f460a9464ac58e Mon Sep 17 00:00:00 2001 From: kris <> Date: Fri, 16 Oct 2009 18:27:18 +0000 Subject: [PATCH] bleh.. a bit of tabs vs spaces git-svn-id: file:///home/svn/framework3/trunk@7171 4d416f70-5f16-0410-b530-b9f4589650da --- lib/msf/core/data_store.rb | 2 +- lib/msf/core/db.rb | 26 ++--- lib/msf/core/encoder.rb | 16 +-- lib/msf/core/exploit.rb | 16 +-- lib/msf/core/exploit/http.rb | 107 ++++++++++--------- lib/msf/core/exploit/oracle.rb | 12 +-- lib/msf/core/exploit/smtp_deliver.rb | 61 +++++------ lib/msf/core/payload/php.rb | 10 +- lib/msf/core/payload/windows.rb | 17 ++- lib/rex/encoder/ndr.rb | 148 +++++++++++++-------------- lib/rex/encoder/nonalpha.rb | 85 ++++++++------- lib/rex/peparsey/pebase.rb | 2 +- lib/rex/socket/ssl_tcp_server.rb | 2 +- lib/rex/text.rb | 88 ++++++++-------- 14 files changed, 293 insertions(+), 299 deletions(-) diff --git a/lib/msf/core/data_store.rb b/lib/msf/core/data_store.rb index c7d31550f0..7e4b478c2a 100644 --- a/lib/msf/core/data_store.rb +++ b/lib/msf/core/data_store.rb @@ -106,7 +106,7 @@ class DataStore < Hash # Remove trailing whitespaces from the value val.gsub!(/\s+$/, '') - + # Store the value hash[var] = val } diff --git a/lib/msf/core/db.rb b/lib/msf/core/db.rb index c125c0ae9b..8360330ab4 100644 --- a/lib/msf/core/db.rb +++ b/lib/msf/core/db.rb @@ -425,22 +425,22 @@ class DBManager Note.delete_all(["host_id = ?", host[:id]]) Host.delete(host[:id]) end - - # - # Deletes a port and associated vulns matching this port - # - def del_service(context, address, proto, port, comm='') - host = get_host(context, address, comm) - return unless host + # + # Deletes a port and associated vulns matching this port + # + def del_service(context, address, proto, port, comm='') + host = get_host(context, address, comm) - services = Service.find(:all, :conditions => ["host_id = ? and proto = ? and port = ?", host[:id], proto, port]).map { |s| s[:id] } + return unless host - services.each do |sid| - Vuln.delete_all(["service_id = ?", sid]) - Service.delete(sid) - end - end + services = Service.find(:all, :conditions => ["host_id = ? and proto = ? and port = ?", host[:id], proto, port]).map { |s| s[:id] } + + services.each do |sid| + Vuln.delete_all(["service_id = ?", sid]) + Service.delete(sid) + end + end # # Find a reference matching this name diff --git a/lib/msf/core/encoder.rb b/lib/msf/core/encoder.rb index 397cf4889b..2053d7ad46 100644 --- a/lib/msf/core/encoder.rb +++ b/lib/msf/core/encoder.rb @@ -91,14 +91,14 @@ class Encoder < Module # Unicode-safe 'a' - 'z', 'A' - 'Z', '0' - '9' # AlphanumUnicodeMixed = "alpha_unicode_mixed" - # - # toupper/tolower safe ascii - not 'a' - 'z', 'A' - 'Z' - # - NonAlpha = "non_alpha" - # - # tolower safe ascii - not 'A' - 'Z' (more flexable than nonalpha) - # - NonUpper = "non_upper" + # + # toupper/tolower safe ascii - not 'a' - 'z', 'A' - 'Z' + # + NonAlpha = "non_alpha" + # + # tolower safe ascii - not 'A' - 'Z' (more flexable than nonalpha) + # + NonUpper = "non_upper" # # tolower safe ascii UTF8-safe (<= 0x7f only) # diff --git a/lib/msf/core/exploit.rb b/lib/msf/core/exploit.rb index e77de66c03..78bb36bf74 100644 --- a/lib/msf/core/exploit.rb +++ b/lib/msf/core/exploit.rb @@ -729,7 +729,7 @@ class Exploit < Msf::Module # def compatible_encoders encoders = [] - + c_platform = (target and target.platform) ? target.platform : platform c_arch = (target and target.arch) ? target.arch : (arch == []) ? nil : arch @@ -738,7 +738,7 @@ class Exploit < Msf::Module encoders << [ name, mod ] } - + return encoders; end @@ -1036,12 +1036,12 @@ class Exploit < Msf::Module # characters. # def rand_text_highascii(length, bad=payload_badchars) - if debugging? - "A" * length - else - Rex::Text.rand_text_highascii(length, bad) - end - end + if debugging? + "A" * length + else + Rex::Text.rand_text_highascii(length, bad) + end + end # # Generate random alpha characters avoiding the exploit's bad diff --git a/lib/msf/core/exploit/http.rb b/lib/msf/core/exploit/http.rb index c942eef07e..9f586a077b 100644 --- a/lib/msf/core/exploit/http.rb +++ b/lib/msf/core/exploit/http.rb @@ -32,10 +32,10 @@ module Exploit::Remote::HttpClient register_advanced_options( [ - OptString.new('UserAgent', [false, 'The User-Agent header to use for all requests']) + OptString.new('UserAgent', [false, 'The User-Agent header to use for all requests']) ], self.class ) - + register_evasion_options( [ OptEnum.new('HTTP::uri_encode_mode', [false, 'Enable URI encoding', 'hex-normal', ['none', 'hex-normal', 'hex-all', 'hex-random', 'u-normal', 'u-all', 'u-random']]), @@ -174,7 +174,7 @@ module Exploit::Remote::HttpClient def send_request_raw(opts={}, timeout = -1) begin c = connect(opts) - r = c.request_raw(opts) + r = c.request_raw(opts) c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout) rescue ::RuntimeError => e print_error("An error occurred sending this request: #{e}") @@ -190,7 +190,7 @@ module Exploit::Remote::HttpClient def send_request_cgi(opts={}, timeout = -1) begin c = connect(opts) - r = c.request_cgi(opts) + r = c.request_cgi(opts) c.send_recv(r, opts[:timeout] ? opts[:timeout] : timeout) rescue ::RuntimeError => e print_error("An error occurred sending this request: #{e}") @@ -266,17 +266,15 @@ module Exploit::Remote::HttpServer [ OptString.new('URIPATH', [ false, "The URI to use for this exploit (default is random)"]), ], Exploit::Remote::HttpServer - ) - - register_evasion_options( - [ - OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', 'false']), - OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']), - OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']), - OptEnum.new('HTTP::compression', [false, 'Enable compression of HTTP responses via content encoding', 'none', ['none','gzip','deflate']]), - ], Exploit::Remote::HttpServer - ) + ) + register_evasion_options( + [ + OptBool.new('HTTP::chunked', [false, 'Enable chunking of HTTP responses via "Transfer-Encoding: chunked"', 'false']), + OptBool.new('HTTP::header_folding', [false, 'Enable folding of HTTP headers', 'false']), + OptBool.new('HTTP::junk_headers', [false, 'Enable insertion of random junk HTTP headers', 'false']), + OptEnum.new('HTTP::compression', [false, 'Enable compression of HTTP responses via content encoding', 'none', ['none','gzip','deflate']]), + ], Exploit::Remote::HttpServer) end # @@ -293,7 +291,7 @@ module Exploit::Remote::HttpServer # def use_zlib if (!Rex::Text.zlib_present? and datastore['HTTP::compression'] == true) - raise RuntimeError, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!" + raise RuntimeError, "zlib support was not detected, yet the HTTP::compression option was set. Don't do that!" end end @@ -500,39 +498,39 @@ module Exploit::Remote::HttpServer res end - # - # Transmits a response to the supplied client, default content-type is text/html - # - # Payload evasions are implemented here! - # - def send_response(cli, body, headers = {}) - response = create_response + # + # Transmits a response to the supplied client, default content-type is text/html + # + # Payload evasions are implemented here! + # + def send_response(cli, body, headers = {}) + response = create_response response['Content-Type'] = 'text/html' - response.body = body - - if (datastore['HTTP::compression']) - self.use_zlib # make sure... - response.compress = datastore['HTTP::compression'] - end + response.body = body - if (datastore['HTTP::chunked'] == true) - response.auto_cl = false - response.transfer_chunked = true - end + if (datastore['HTTP::compression']) + self.use_zlib # make sure... + response.compress = datastore['HTTP::compression'] + end - if (datastore['HTTP::header_folding'] == true) - response.headers.fold = 1 - end - - if (datastore['HTTP::junk_headers'] == true) - response.headers.junk_headers = 1 - end + if (datastore['HTTP::chunked'] == true) + response.auto_cl = false + response.transfer_chunked = true + end + + if (datastore['HTTP::header_folding'] == true) + response.headers.fold = 1 + end + + if (datastore['HTTP::junk_headers'] == true) + response.headers.junk_headers = 1 + end headers.each_pair { |k,v| response[k] = v } cli.send_response(response) - end - + end + # # Sends a 302 redirect to the client # @@ -643,17 +641,16 @@ protected def initialize(info = {}) super - register_evasion_options( - [ + register_evasion_options( + [ # utf-8, utf-7 and utf-7-all are currently not supported by # most browsers. as such, they are not added by default. The # mixin supports encoding using them, however they are not # listed in the Option. - OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]), + OptEnum.new('HTML::unicode', [false, 'Enable HTTP obfuscation via unicode', 'none', ['none', 'utf-16le', 'utf-16be', 'utf-16be-marker', 'utf-32le', 'utf-32be']]), OptEnum.new('HTML::base64', [false, 'Enable HTML obfuscation via an embeded base64 html object', 'none', ['none', 'plain', 'single_pad', 'double_pad', 'random_space_injection']]), OptInt.new('HTML::javascript::escape', [false, 'Enable HTML obfuscation via HTML escaping (number of iterations)', 0]), - ], Exploit::Remote::HttpServer::HTML - ) + ], Exploit::Remote::HttpServer::HTML) end # @@ -667,14 +664,14 @@ protected return js end - # - # Encrypts a given javascript string using the provided key. - # - # Returns a string containing the encrypted string and a loader - # - def encrypt_js(javascript, key) - js_encoded = Rex::Exploitation::EncryptJS.encrypt(javascript, key) - end + # + # Encrypts a given javascript string using the provided key. + # + # Returns a string containing the encrypted string and a loader + # + def encrypt_js(javascript, key) + js_encoded = Rex::Exploitation::EncryptJS.encrypt(javascript, key) + end # # Returns the heaplib javascript, including any custom javascript supplied @@ -898,7 +895,7 @@ protected body = Rex::Text.encode_base64(body) new = '' while (body.size > 0) - new << body.slice!(0, rand(3) + 1) + Rex::Text.rand_text(rand(5) + 1, '', " \n") + new << body.slice!(0, rand(3) + 1) + Rex::Text.rand_text(rand(5) + 1, '', " \n") end body = new end diff --git a/lib/msf/core/exploit/oracle.rb b/lib/msf/core/exploit/oracle.rb index 575001a792..ae5d8f888f 100644 --- a/lib/msf/core/exploit/oracle.rb +++ b/lib/msf/core/exploit/oracle.rb @@ -16,14 +16,14 @@ module Exploit::ORACLE register_options( [ - OptString.new('RHOST', [ true, 'The Oracle host.', '']), - OptString.new('RPORT', [ true, 'The TNS port.', '1521']), - OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']), - OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']), - OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']), + OptString.new('RHOST', [ true, 'The Oracle host.', '']), + OptString.new('RPORT', [ true, 'The TNS port.', '1521']), + OptString.new('SID', [ true, 'The sid to authenticate with.', 'ORCL']), + OptString.new('DBUSER', [ true, 'The username to authenticate with.', 'SCOTT']), + OptString.new('DBPASS', [ true, 'The password to authenticate with.', 'TIGER']), ], Msf::Exploit::ORACLE ) - + begin require 'rubygems' gem 'dbi' diff --git a/lib/msf/core/exploit/smtp_deliver.rb b/lib/msf/core/exploit/smtp_deliver.rb index 2f96837dd0..74bc43ccb5 100644 --- a/lib/msf/core/exploit/smtp_deliver.rb +++ b/lib/msf/core/exploit/smtp_deliver.rb @@ -34,51 +34,52 @@ module Exploit::Remote::SMTPDeliver # This method connects to the server and sends a message def send_message(data) - if datastore['VERBOSE'] - print_status("Connecting to SMTP server #{rhost}:#{rport}...") - end + if datastore['VERBOSE'] + print_status("Connecting to SMTP server #{rhost}:#{rport}...") + end + msock = connect(false) res = msock.get_once - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end res = raw_send_recv("EHLO #{Rex::Text.rand_text_alpha(rand(32)+1)}\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end res = raw_send_recv("MAIL FROM: #{datastore['MAILFROM']}\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end res = raw_send_recv("RCPT TO: #{datastore['MAILTO']}\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end - if datastore['VERBOSE'] - print_status("Sending the message (#{data.length} bytes)...") - end + if datastore['VERBOSE'] + print_status("Sending the message (#{data.length} bytes)...") + end res = raw_send_recv("DATA\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end res = raw_send_recv("#{data}\r\n.\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end - if datastore['VERBOSE'] - print_status("Closing the connection...") - end + if datastore['VERBOSE'] + print_status("Closing the connection...") + end res = raw_send_recv("QUIT\r\n", msock) - if datastore['VERBOSE'] - print_status("SMTP: #{res.strip}") - end + if datastore['VERBOSE'] + print_status("SMTP: #{res.strip}") + end msock.close end diff --git a/lib/msf/core/payload/php.rb b/lib/msf/core/payload/php.rb index ce8257ad82..dd7c2d6839 100644 --- a/lib/msf/core/payload/php.rb +++ b/lib/msf/core/payload/php.rb @@ -13,7 +13,7 @@ module Msf::Payload::Php dis = options[:disabled_varname] || '$' + Rex::Text.rand_text_alpha(rand(4) + 4) dis = '$' + dis if (dis[0,1] != '$') - @dis = dis + @dis = dis preamble = " @set_time_limit(0); @ignore_user_abort(1); @ini_set('max_execution_time',0); @@ -34,9 +34,9 @@ module Msf::Payload::Php dis = options[:disabled_varname] || @dis || '$' + Rex::Text.rand_text_alpha(rand(4) + 4) output = options[:output_varname] || '$' + Rex::Text.rand_text_alpha(rand(4) + 4) - if (@dis.nil?) - @dis = dis - end + if (@dis.nil?) + @dis = dis + end cmd = '$' + cmd if (cmd[0,1] != '$') dis = '$' + dis if (dis[0,1] != '$') @@ -143,4 +143,4 @@ module Msf::Payload::Php return buf end -end \ No newline at end of file +end diff --git a/lib/msf/core/payload/windows.rb b/lib/msf/core/payload/windows.rb index 2fda520798..0585369ae5 100644 --- a/lib/msf/core/payload/windows.rb +++ b/lib/msf/core/payload/windows.rb @@ -51,8 +51,8 @@ module Msf::Payload::Windows [ Msf::OptRaw.new('EXITFUNC', [ true, "Exit technique: #{@@exit_types.keys.join(", ")}", 'thread' ]) ], Msf::Payload::Windows ) - - ret + + ret end # @@ -77,13 +77,12 @@ module Msf::Payload::Windows # ensure that the entire stage is read in. # def handle_intermediate_stage(conn, payload) - - if( self.module_info['Stager']['RequiresMidstager'] == false ) - conn.put( [ payload.length ].pack('V') ) - # returning false allows stager.rb!handle_connection() to prepend the stage_prefix if needed - return false - end - + if( self.module_info['Stager']['RequiresMidstager'] == false ) + conn.put( [ payload.length ].pack('V') ) + # returning false allows stager.rb!handle_connection() to prepend the stage_prefix if needed + return false + end + return false if (payload.length < 512) # The mid-stage works by reading in a four byte length in host-byte diff --git a/lib/rex/encoder/ndr.rb b/lib/rex/encoder/ndr.rb index 9b5747213f..421e13768c 100644 --- a/lib/rex/encoder/ndr.rb +++ b/lib/rex/encoder/ndr.rb @@ -5,83 +5,83 @@ module Encoder module NDR # Provide padding to align the string to the 32bit boundary - def NDR.align(string) - return "\x00" * ((4 - (string.length & 3)) & 3) - end - - # Encode a 4 byte long - # use to encode: - # long element_1; - def NDR.long(string) - return [string].pack('V') - end - - # Encode a 2 byte short - # use to encode: - # short element_1; - def NDR.short(string) - return [string].pack('v') - end - - # Encode a single byte - # use to encode: - # byte element_1; - def NDR.byte(string) - return [string].pack('c') - end - - # Encode a byte array - # use to encode: - # char element_1 - def NDR.UniConformantArray(string) - return long(string.length) + string + align(string) - end + def NDR.align(string) + return "\x00" * ((4 - (string.length & 3)) & 3) + end - # Encode a string - # use to encode: - # char *element_1; - def NDR.string(string) - string << "\x00" # null pad - return long(string.length) + long(0) + long(string.length) + string + align(string) - end - - # Encode a string - # use to encode: - # w_char *element_1; - def NDR.wstring(string) - string << "\x00" # null pad - return long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) - end + # Encode a 4 byte long + # use to encode: + # long element_1; + def NDR.long(string) + return [string].pack('V') + end - # Encode a string and make it unique - # use to encode: - # [unique] w_char *element_1; - def NDR.uwstring(string) - string << "\x00" # null pad - return long(rand(0xffffffff))+long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) - end - - # Encode a string that is already unicode encoded - # use to encode: - # w_char *element_1; - def NDR.wstring_prebuilt(string) - # if the string len is odd, thats bad! - if string.length % 2 > 0 - string << "\x00" - end - len = string.length / 2; - return long(len) + long(0) + long(len) + string + align(string) - end + # Encode a 2 byte short + # use to encode: + # short element_1; + def NDR.short(string) + return [string].pack('v') + end + + # Encode a single byte + # use to encode: + # byte element_1; + def NDR.byte(string) + return [string].pack('c') + end - # alias to wstring, going away soon - def NDR.UnicodeConformantVaryingString(string) - NDR.wstring(string) - end - - # alias to wstring_prebuilt, going away soon - def NDR.UnicodeConformantVaryingStringPreBuilt(string) - NDR.wstring_prebuilt(string) - end + # Encode a byte array + # use to encode: + # char element_1 + def NDR.UniConformantArray(string) + return long(string.length) + string + align(string) + end + + # Encode a string + # use to encode: + # char *element_1; + def NDR.string(string) + string << "\x00" # null pad + return long(string.length) + long(0) + long(string.length) + string + align(string) + end + + # Encode a string + # use to encode: + # w_char *element_1; + def NDR.wstring(string) + string << "\x00" # null pad + return long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) + end + + # Encode a string and make it unique + # use to encode: + # [unique] w_char *element_1; + def NDR.uwstring(string) + string << "\x00" # null pad + return long(rand(0xffffffff))+long(string.length) + long(0) + long(string.length) + Rex::Text.to_unicode(string) + align(Rex::Text.to_unicode(string)) + end + + # Encode a string that is already unicode encoded + # use to encode: + # w_char *element_1; + def NDR.wstring_prebuilt(string) + # if the string len is odd, thats bad! + if string.length % 2 > 0 + string << "\x00" + end + len = string.length / 2; + return long(len) + long(0) + long(len) + string + align(string) + end + + # alias to wstring, going away soon + def NDR.UnicodeConformantVaryingString(string) + NDR.wstring(string) + end + + # alias to wstring_prebuilt, going away soon + def NDR.UnicodeConformantVaryingStringPreBuilt(string) + NDR.wstring_prebuilt(string) + end end end diff --git a/lib/rex/encoder/nonalpha.rb b/lib/rex/encoder/nonalpha.rb index bf4dc1a41b..cc6927768f 100644 --- a/lib/rex/encoder/nonalpha.rb +++ b/lib/rex/encoder/nonalpha.rb @@ -6,59 +6,56 @@ module Rex module Encoder class NonAlpha - - + def NonAlpha.gen_decoder() - decoder = - "\x66\xB9\xFF\xFF" + - "\xEB\x19" + # Jmp to table - "\x5E" + # pop esi - "\x8B\xFE" + # mov edi, esi - Get table addr - "\x83\xC7" + "A" + # add edi, tablelen - Get shellcode addr - "\x8B\xD7" + # mov edx, edi - Hold end of table ptr - "\x3B\xF2" + # cmp esi, edx - "\x7D\x0B" + # jle to end - "\xB0\x7B" + # mov eax, 0x7B - Set up eax with magic - "\xF2\xAE" + # repne scasb - Find magic! - "\xFF\xCF" + # dec edi - scasb purs us one ahead - "\xAC" + # lodsb - "\x28\x07" + # subb [edi], al - "\xEB\xF1" + # jmp BACK! - "\xEB" + "B" + # jmp [shellcode] - "\xE8\xE2\xFF\xFF\xFF" - end + decoder = + "\x66\xB9\xFF\xFF" + + "\xEB\x19" + # Jmp to table + "\x5E" + # pop esi + "\x8B\xFE" + # mov edi, esi - Get table addr + "\x83\xC7" + "A" + # add edi, tablelen - Get shellcode addr + "\x8B\xD7" + # mov edx, edi - Hold end of table ptr + "\x3B\xF2" + # cmp esi, edx + "\x7D\x0B" + # jle to end + "\xB0\x7B" + # mov eax, 0x7B - Set up eax with magic + "\xF2\xAE" + # repne scasb - Find magic! + "\xFF\xCF" + # dec edi - scasb purs us one ahead + "\xAC" + # lodsb + "\x28\x07" + # subb [edi], al + "\xEB\xF1" + # jmp BACK! + "\xEB" + "B" + # jmp [shellcode] + "\xE8\xE2\xFF\xFF\xFF" + end def NonAlpha.encode_byte(block, table, tablelen) - if (tablelen > 255) or (block == 0x7B) - raise RuntimeError, "BadChar" - end + if (tablelen > 255) or (block == 0x7B) + raise RuntimeError, "BadChar" + end - if (block >= 0x41 and block <= 0x5A) or (block >= 0x61 and block <= 0x7A) - # gen offset, return magic - offset = 0x7b - block; - table += offset.chr - tablelen = tablelen + 1 - block = 0x7B - end + if (block >= 0x41 and block <= 0x5A) or (block >= 0x61 and block <= 0x7A) + # gen offset, return magic + offset = 0x7b - block; + table += offset.chr + tablelen = tablelen + 1 + block = 0x7B + end - return [block.chr, table, tablelen] - end + return [block.chr, table, tablelen] + end def NonAlpha.encode(buf) - table = "" - tablelen = 0 - nonascii = "" - encoded = gen_decoder() - buf.each_byte { - |block| - + table = "" + tablelen = 0 + nonascii = "" + encoded = gen_decoder() + buf.each_byte { |block| newchar, table, tablelen = encode_byte(block.unpack('C')[0], table, tablelen) - nonascii += newchar + nonascii += newchar } - encoded.gsub!(/A/, tablelen) - encoded.gsub!(/B/, tablelen+5) - encoded += table + encoded.gsub!(/A/, tablelen) + encoded.gsub!(/B/, tablelen+5) + encoded += table encoded += nonascii end -end end end \ No newline at end of file +end end end diff --git a/lib/rex/peparsey/pebase.rb b/lib/rex/peparsey/pebase.rb index a8d5b8bb89..4f21f74c2a 100644 --- a/lib/rex/peparsey/pebase.rb +++ b/lib/rex/peparsey/pebase.rb @@ -1456,7 +1456,7 @@ class PeBase end def _resource_lookup(i) - tbl = { + tbl = { '1' => 'RT_CURSOR', '2' => 'RT_BITMAP', '3' => 'RT_ICON', diff --git a/lib/rex/socket/ssl_tcp_server.rb b/lib/rex/socket/ssl_tcp_server.rb index 6e6e8d1785..e00fb18aa4 100644 --- a/lib/rex/socket/ssl_tcp_server.rb +++ b/lib/rex/socket/ssl_tcp_server.rb @@ -47,7 +47,7 @@ module Rex::Socket::SslTcpServer t.peerhost = pn[1] t.peerport = pn[2] t.accept - t + t rescue ::OpenSSL::SSL::SSLError sock.close nil diff --git a/lib/rex/text.rb b/lib/rex/text.rb index 383b0c50e9..b224e61399 100644 --- a/lib/rex/text.rb +++ b/lib/rex/text.rb @@ -324,18 +324,18 @@ module Text raise TypeError, "Invalid codepage #{mode}, only 1252 supported for uhwtfms_half" end str.each_byte {|byte| - if ((byte >= 33 && byte <= 63) || (byte >= 96 && byte <= 126)) - string << "\xFF" + [byte ^ 32].pack('C') - elsif (byte >= 64 && byte <= 95) - string << "\xFF" + [byte ^ 96].pack('C') - else - char = [byte].pack('C') + if ((byte >= 33 && byte <= 63) || (byte >= 96 && byte <= 126)) + string << "\xFF" + [byte ^ 32].pack('C') + elsif (byte >= 64 && byte <= 95) + string << "\xFF" + [byte ^ 96].pack('C') + else + char = [byte].pack('C') possible = @@codepage_map_cache[mode]['data'][char] if possible.nil? raise TypeError, "codepage #{mode} does not provide an encoding for 0x#{char.unpack('H*')[0]}" end string << possible[ rand(possible.length) ] - end + end } return string else @@ -352,41 +352,41 @@ module Text return str if mode == 'none' # fast track no encoding all = /[^\/\\]+/ - normal = /[^a-zA-Z0-9\/\\\.\-]+/ + normal = /[^a-zA-Z0-9\/\\\.\-]+/ normal_na = /[a-zA-Z0-9\/\\\.\-]/ - case mode - when 'hex-normal' - return str.gsub(normal) { |s| Rex::Text.to_hex(s, '%') } - when 'hex-all' - return str.gsub(all) { |s| Rex::Text.to_hex(s, '%') } - when 'hex-random' - res = '' - str.each_byte do |c| - b = c.chr - res << ((rand(2) == 0) ? - b.gsub(all) { |s| Rex::Text.to_hex(s, '%') } : - b.gsub(normal){ |s| Rex::Text.to_hex(s, '%') } ) - end - return res - when 'u-normal' - return str.gsub(normal) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } - when 'u-all' - return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } - when 'u-random' - res = '' - str.each_byte do |c| - b = c.chr - res << ((rand(2) == 0) ? - b.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } : - b.gsub(normal){ |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } ) - end - return res - when 'u-half' - return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms-half'), '%u', 2) } - else - raise TypeError, 'invalid mode' - end + case mode + when 'hex-normal' + return str.gsub(normal) { |s| Rex::Text.to_hex(s, '%') } + when 'hex-all' + return str.gsub(all) { |s| Rex::Text.to_hex(s, '%') } + when 'hex-random' + res = '' + str.each_byte do |c| + b = c.chr + res << ((rand(2) == 0) ? + b.gsub(all) { |s| Rex::Text.to_hex(s, '%') } : + b.gsub(normal){ |s| Rex::Text.to_hex(s, '%') } ) + end + return res + when 'u-normal' + return str.gsub(normal) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } + when 'u-all' + return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } + when 'u-random' + res = '' + str.each_byte do |c| + b = c.chr + res << ((rand(2) == 0) ? + b.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } : + b.gsub(normal){ |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms'), '%u', 2) } ) + end + return res + when 'u-half' + return str.gsub(all) { |s| Rex::Text.to_hex(Rex::Text.to_unicode(s, 'uhwtfms-half'), '%u', 2) } + else + raise TypeError, 'invalid mode' + end end # Encode a string in a manor useful for HTTP URIs and URI Parameters. @@ -940,10 +940,10 @@ module Text # Generate random bytes of high ascii data def self.rand_text_highascii(len, bad='') foo = [] - foo += (0x80 .. 0xff).map{ |c| c.chr } - rand_base(len, bad, *foo ) - end - + foo += (0x80 .. 0xff).map{ |c| c.chr } + rand_base(len, bad, *foo ) + end + # # Creates a pattern that can be used for offset calculation purposes. This # routine is capable of generating patterns using a supplied set and a