From f3afedf4907ec912b98938e38431ba7320d7aba6 Mon Sep 17 00:00:00 2001 From: HD Moore Date: Mon, 5 Jul 2010 13:38:39 +0000 Subject: [PATCH] Fix an issue caused by pad_data being a string not an integer, this caused the evasion code to return a nil. Fixed a couple of ambiguities in how options are passed git-svn-id: file:///home/svn/framework3/trunk@9674 4d416f70-5f16-0410-b530-b9f4589650da --- lib/rex/proto/smb/evasions.rb | 35 ++++++++++++++++++----------------- lib/rex/text.rb | 8 ++++---- 2 files changed, 22 insertions(+), 21 deletions(-) diff --git a/lib/rex/proto/smb/evasions.rb b/lib/rex/proto/smb/evasions.rb index e50e1c7533..2e68c9af5d 100644 --- a/lib/rex/proto/smb/evasions.rb +++ b/lib/rex/proto/smb/evasions.rb @@ -11,55 +11,56 @@ EVASION_HIGH = 2 EVASION_MAX = 3 # Add bogus filler at the end of the SMB packet and before the data - def self.make_offset_filler(level, max_size = 60000, min_size = 512) + def self.make_offset_filler(level, max_size = 60000, min_size = 512) if (max_size < 0) max_size = 4096 end - + if (min_size < max_size) min_size = max_size - 1 end - - case level - when nil, EVASION_NONE - return '' + + case level.to_i when EVASION_LOW Rex::Text.rand_text(32) when EVASION_HIGH Rex::Text.rand_text( rand(max_size - min_size) + min_size ) when EVASION_MAX Rex::Text.rand_text( rand(max_size) ) + else EVASION_NONE + return '' end end - + # Obscures a named pipe pathname via leading and trailing slashes def self.make_named_pipe_path(level, pipe) - case level - when nil, EVASION_NONE - return '\\' + pipe + case level.to_i when EVASION_LOW return ('\\' * (1024 + rand(512))) + pipe when EVASION_HIGH, EVASION_MAX return ('\\' * (1024 + rand(512))) + pipe + ('\\' * (1024 + rand(512))) - end + else + return '\\' + pipe + end end - + # Obscures the TransactNamedPipe \PIPE\ string def self.make_trans_named_pipe_name(level) - case level - when nil, EVASION_NONE - return '\\PIPE\\' + case level.to_i when EVASION_LOW return ('\\' * (256 - rand(64)) + 'PIPE\\') when EVASION_HIGH return Rex::Text.rand_text(512 - rand(128)) when EVASION_MAX return Rex::Text.rand_text(1024 - rand(256)) + else + return '\\PIPE\\' end - end + end end end end -end \ No newline at end of file +end + diff --git a/lib/rex/text.rb b/lib/rex/text.rb index 6ac65e68b1..454a49429b 100644 --- a/lib/rex/text.rb +++ b/lib/rex/text.rb @@ -39,7 +39,7 @@ module Text AllChars = [*(0x00 .. 0xff)].pack("C*") DefaultPatternSets = [ Rex::Text::UpperAlpha, Rex::Text::LowerAlpha, Rex::Text::Numerals ] - + # In case Iconv isn't loaded Iconv_EBCDIC = ["\x00", "\x01", "\x02", "\x03", "7", "-", ".", "/", "\x16", "\x05", "%", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "<", "=", "2", "&", "\x18", "\x19", "?", "'", "\x1C", "\x1D", "\x1E", "\x1F", "@", "Z", "\x7F", "{", "[", "l", "P", "}", "M", "]", "\\", "N", "k", "`", "K", "a", "\xF0", "\xF1", "\xF2", "\xF3", "\xF4", "\xF5", "\xF6", "\xF7", "\xF8", "\xF9", "z", "^", "L", "~", "n", "o", "|", "\xC1", "\xC2", "\xC3", "\xC4", "\xC5", "\xC6", "\xC7", "\xC8", "\xC9", "\xD1", "\xD2", "\xD3", "\xD4", "\xD5", "\xD6", "\xD7", "\xD8", "\xD9", "\xE2", "\xE3", "\xE4", "\xE5", "\xE6", "\xE7", "\xE8", "\xE9", nil, "\xE0", nil, nil, "m", "y", "\x81", "\x82", "\x83", "\x84", "\x85", "\x86", "\x87", "\x88", "\x89", "\x91", "\x92", "\x93", "\x94", "\x95", "\x96", "\x97", "\x98", "\x99", "\xA2", "\xA3", "\xA4", "\xA5", "\xA6", "\xA7", "\xA8", "\xA9", "\xC0", "O", "\xD0", "\xA1", "\a", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil] Iconv_ASCII = ["\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\a", "\b", "\t", "\n", "\v", "\f", "\r", "\x0E", "\x0F", "\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17", "\x18", "\x19", "\x1A", "\e", "\x1C", "\x1D", "\x1E", "\x1F", " ", "!", "\"", "#", "$", "%", "&", "'", "(", ")", "*", "+", ",", "-", ".", "/", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", ":", ";", "<", "=", ">", "?", "@", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", nil, "\\", nil, nil, "_", "`", "a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "{", "|", "}", "~", "\x7F", nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil, nil] @@ -149,7 +149,7 @@ module Text # Iconv def self.to_ebcdic_rex(str) new_str = [] - str.each_byte do |x| + str.each_byte do |x| if Iconv_ASCII.index(x.chr) new_str << Iconv_EBCDIC[Iconv_ASCII.index(x.chr)] else @@ -163,7 +163,7 @@ module Text # Iconv def self.from_ebcdic_rex(str) new_str = [] - str.each_byte do |x| + str.each_byte do |x| if Iconv_EBCDIC.index(x.chr) new_str << Iconv_ASCII[Iconv_EBCDIC.index(x.chr)] else @@ -661,7 +661,7 @@ module Text # Base text generator method def self.rand_base(len, bad, *foo) cset = (foo.join.unpack("C*") - bad.to_s.unpack("C*")).uniq - return if cset.length == 0 + return "" if cset.length == 0 outp = [] len.times { outp << cset[rand(cset.length)] } outp.pack("C*")