Top Level Namespace

Includes:
ERB::Util

Defined Under Namespace

Modules: Rex Classes: ConnectionTest, FunctionTest

Constant Summary collapse

SHUT_RDWR =

Globalized socket constants

::Socket::SHUT_RDWR
SHUT_RD = 
::Socket::SHUT_RD
SHUT_WR = 
::Socket::SHUT_WR
LOG_ERROR =

Log severities

'error'
LOG_DEBUG = 
'debug'
LOG_INFO = 
'info'
LOG_WARN = 
'warn'
LOG_RAW = 
'raw'
LEV_0 =

LEV_0 - Default

This log level is the default log level if none is specified. It should be used when a log message should always be displayed when logging is enabled. Very few log messages should occur at this level aside from necessary information logging and error/warning logging. Debug logging at level zero is not advised.

0
LEV_1 =

LEV_1 - Extra

This log level should be used when extra information may be needed to understand the cause of an error or warning message or to get debugging information that might give clues as to why something is happening. This log level should be used only when information may be useful to understanding the behavior of something at a basic level. This log level should not be used in an exhaustively verbose fashion.

1
LEV_2 =

LEV_2 - Verbose

This log level should be used when verbose information may be needed to analyze the behavior of the framework. This should be the default log level for all detailed information not falling into LEV_0 or LEV_1. It is recommended that this log level be used by default if you are unsure.

2
LEV_3 =

LEV_3 - Insanity

This log level should contain very verbose information about the behavior of the framework, such as detailed information about variable states at certain phases including, but not limited to, loop iterations, function calls, and so on. This log level will rarely be displayed, but when it is the information provided should make it easy to analyze any problem.

3
ARCH_ANY =

Architecture constants

'_any_'
ARCH_X86 = 
'x86'
ARCH_X86_64 = 
'x86_64'
ARCH_X64 =

To be used for compatability with ARCH_X86_64

'x64'
ARCH_MIPS = 
'mips'
ARCH_MIPSLE = 
'mipsle'
ARCH_MIPSBE = 
'mipsbe'
ARCH_PPC = 
'ppc'
ARCH_PPC64 = 
'ppc64'
ARCH_CBEA = 
'cbea'
ARCH_CBEA64 = 
'cbea64'
ARCH_SPARC = 
'sparc'
ARCH_CMD = 
'cmd'
ARCH_PHP = 
'php'
ARCH_TTY = 
'tty'
ARCH_ARMLE = 
'armle'
ARCH_ARMBE = 
'armbe'
ARCH_JAVA = 
'java'
ARCH_TYPES = 
[
	ARCH_X86,
	ARCH_X86_64,
	ARCH_MIPS,
	ARCH_MIPSLE,
	ARCH_MIPSBE,
	ARCH_PPC,
	ARCH_PPC64,
	ARCH_CBEA,
	ARCH_CBEA64,
	ARCH_SPARC,
	ARCH_ARMLE,
	ARCH_ARMBE,
	ARCH_CMD,
	ARCH_PHP,
	ARCH_TTY,
	ARCH_JAVA
]
ARCH_ALL = 
ARCH_TYPES
ENDIAN_LITTLE =

Endian constants

0
ENDIAN_BIG = 
1
IS_ENDIAN_LITTLE = 
( [1].pack('s') == "\x01\x00" ) ? true : false
IS_ENDIAN_BIG = 
( not IS_ENDIAN_LITTLE )
PROT_NONE =

Generic page protection flags

0
PROT_READ = 
(1 <<  0)
PROT_WRITE = 
(1 <<  1)
PROT_EXEC = 
(1 <<  2)
PROT_COW = 
(1 << 20)
GEN_NONE =

Generic permissions

0
GEN_READ = 
(1 <<  0)
GEN_WRITE = 
(1 <<  1)
GEN_EXEC = 
(1 <<  2)
PROCESS_READ =

Generic process open permissions

(1 <<  0)
PROCESS_WRITE = 
(1 <<  1)
PROCESS_EXECUTE = 
(1 <<  2)
PROCESS_ALL = 
0xffffffff
THREAD_READ =

Generic thread open permissions

(1 <<  0)
THREAD_WRITE = 
(1 <<  1)
THREAD_EXECUTE = 
(1 <<  2)
THREAD_ALL = 
0xffffffff
ExceptionCallStack =

An instance of the log dispatcher exists in the global namespace, along with stubs for many of the common logging methods. Various sources can register themselves as a log sink such that logs can be directed at various targets depending on where they’re sourced from. By doing it this way, things like sessions can use the global logging stubs and still be directed at the correct log file.

"__EXCEPTCALLSTACK__"
DELETE =

Permissions

0x00010000
READ_CONTROL = 
0x00020000
WRITE_DAC = 
0x00040000
WRITE_OWNER = 
0x00080000
SYNCHRONIZE = 
0x00100000
STANDARD_RIGHTS_REQUIRED = 
0x000f0000
STANDARD_RIGHTS_READ = 
READ_CONTROL
STANDARD_RIGHTS_WRITE = 
READ_CONTROL
STANDARD_RIGHTS_EXECUTE = 
READ_CONTROL
STANDARD_RIGHTS_ALL = 
0x001f0000
SPECIFIC_RIGHTS_ALL = 
0x0000ffff
MAXIMUM_ALLOWED = 
0x02000000
GENERIC_READ = 
0x80000000
GENERIC_WRITE = 
0x40000000
GENERIC_EXECUTE = 
0x20000000
GENERIC_ALL = 
0x10000000
PAGE_NOACCESS =

Page Protections

0x00000001
PAGE_READONLY = 
0x00000002
PAGE_READWRITE = 
0x00000004
PAGE_WRITECOPY = 
0x00000008
PAGE_EXECUTE = 
0x00000010
PAGE_EXECUTE_READ = 
0x00000020
PAGE_EXECUTE_READWRITE = 
0x00000040
PAGE_EXECUTE_WRITECOPY = 
0x00000080
PAGE_GUARD = 
0x00000100
PAGE_NOCACHE = 
0x00000200
PAGE_WRITECOMBINE = 
0x00000400
MEM_COMMIT = 
0x00001000
MEM_RESERVE = 
0x00002000
MEM_DECOMMIT = 
0x00004000
MEM_RELEASE = 
0x00008000
MEM_FREE = 
0x00010000
MEM_PRIVATE = 
0x00020000
MEM_MAPPED = 
0x00040000
MEM_RESET = 
0x00080000
MEM_TOP_DOWN = 
0x00100000
MEM_WRITE_WATCH = 
0x00200000
MEM_PHYSICAL = 
0x00400000
MEM_LARGE_PAGES = 
0x20000000
MEM_4MB_PAGES = 
0x80000000
SEC_FILE = 
0x00800000
SEC_IMAGE = 
0x01000000
SEC_RESERVE = 
0x04000000
SEC_COMMIT = 
0x08000000
SEC_NOCACHE = 
0x10000000
MEM_IMAGE = 
SEC_IMAGE
KEY_QUERY_VALUE =

Registry Permissions

0x00000001
KEY_SET_VALUE = 
0x00000002
KEY_CREATE_SUB_KEY = 
0x00000004
KEY_ENUMERATE_SUB_KEYS = 
0x00000008
KEY_NOTIFY = 
0x00000010
0x00000020
KEY_WOW64_64KEY = 
0x00000100
KEY_WOW64_32KEY = 
0x00000200
KEY_READ = 
(STANDARD_RIGHTS_READ | KEY_QUERY_VALUE |
KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY) & ~SYNCHRONIZE
KEY_WRITE = 
(STANDARD_RIGHTS_WRITE | KEY_SET_VALUE |
KEY_CREATE_SUB_KEY) & ~SYNCHRONIZE
KEY_EXECUTE = 
KEY_READ
KEY_ALL_ACCESS = 
(STANDARD_RIGHTS_ALL | KEY_QUERY_VALUE |
KEY_SET_VALUE | KEY_CREATE_SUB_KEY |
KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY |
KEY_CREATE_LINK) & ~SYNCHRONIZE
HKEY_CLASSES_ROOT =

Registry

0x80000000
HKEY_CURRENT_USER = 
0x80000001
HKEY_LOCAL_MACHINE = 
0x80000002
HKEY_USERS = 
0x80000003
HKEY_PERFORMANCE_DATA = 
0x80000004
HKEY_CURRENT_CONFIG = 
0x80000005
HKEY_DYN_DATA = 
0x80000006
REG_NONE = 
0
REG_SZ = 
1
REG_EXPAND_SZ = 
2
REG_BINARY = 
3
REG_DWORD = 
4
REG_DWORD_LITTLE_ENDIAN = 
4
REG_DWORD_BIG_ENDIAN = 
5
6
REG_MULTI_SZ = 
7
PROCESS_TERMINATE =

Process Permissions

0x00000001
PROCESS_CREATE_THREAD = 
0x00000002
PROCESS_SET_SESSIONID = 
0x00000004
PROCESS_VM_OPERATION = 
0x00000008
PROCESS_VM_READ = 
0x00000010
PROCESS_VM_WRITE = 
0x00000020
PROCESS_DUP_HANDLE = 
0x00000040
PROCESS_CREATE_PROCESS = 
0x00000080
PROCESS_SET_QUOTA = 
0x00000100
PROCESS_SET_INFORMATION = 
0x00000200
PROCESS_QUERY_INFORMATION = 
0x00000400
PROCESS_SUSPEND_RESUME = 
0x00000800
PROCESS_ALL_ACCESS = 
STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF
THREAD_TERMINATE =

Thread Permissions

0x00000001
THREAD_SUSPEND_RESUME = 
0x00000002
THREAD_GET_CONTEXT = 
0x00000008
THREAD_SET_CONTEXT = 
0x00000010
THREAD_SET_INFORMATION = 
0x00000020
THREAD_QUERY_INFORMATION = 
0x00000040
THREAD_SET_THREAD_TOKEN = 
0x00000080
THREAD_IMPERSONATE = 
0x00000100
THREAD_DIRECT_IMPERSONATION = 
0x00000200
THREAD_ALL_ACCESS = 
STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF
CREATE_SUSPENDED =

Creation flags

0x00000004
EVENTLOG_SEQUENTIAL_READ =

Event Log

0x00000001
EVENTLOG_SEEK_READ = 
0x00000002
EVENTLOG_FORWARDS_READ = 
0x00000004
EVENTLOG_BACKWARDS_READ = 
0x00000008
EWX_LOGOFF =

Event Log

0
EWX_SHUTDOWN = 
0x00000001
EWX_REBOOT = 
0x00000002
EWX_FORCE = 
0x00000004
EWX_POWEROFF = 
0x00000008
EWX_FORCEIFHUNG = 
0x00000010
VirtualKeyCodes =

Keyboard Mappings

{
	1 => %W{ LClick },
	2 => %W{ RClick },
	3 => %W{ Cancel },
	4 => %W{ MClick },
	8 => %W{ Back  },
	9 => %W{ Tab  },
	10 => %W{ Newline },
	12 => %W{ Clear },
	13 => %W{ Return },

	16 => %W{ Shift },
	17 => %W{ Ctrl },
	18 => %W{ Alt },
	19 => %W{ Pause },
	20 => %W{ CapsLock },

	27 => %W{ Esc },

	32 => %W{ Space },
	33 => %W{ Prior },
	34 => %W{ Next },
	35 => %W{ End },
	36 => %W{ Home },
	37 => %W{ Left },
	38 => %W{ Up },
	39 => %W{ Right },
	40 => %W{ Down  },
	41 => %W{ Select },
	42 => %W{ Print },
	43 => %W{ Execute },
	44 => %W{ Snapshot },
	45 => %W{ Insert },
	46 => %W{ Delete },
	47 => %W{ Help },
	48 => %W{ 0  )},
	49 => %W{ 1  !},
	50 => %W{ 2  @},
	51 => %W{ 3  #},
	52 => %W{ 4  $},
	53 => %W{ 5  %},
	54 => %W{ 6  ^},
	55 => %W{ 7  &},
	56 => %W{ 8  *},
	57 => %W{ 9  (},
	65 => %W{ a  A},
	66 => %W{ b  B},
	67 => %W{ c  C},
	68 => %W{ d  D},
	69 => %W{ e  E},
	70 => %W{ f  F},
	71 => %W{ g  G},
	72 => %W{ h  H},
	73 => %W{ i  I},
	74 => %W{ j  J},
	75 => %W{ k  K},
	76 => %W{ l  L},
	77 => %W{ m  M},
	78 => %W{ n  N},
	79 => %W{ o  O},
	80 => %W{ p  P},
	81 => %W{ q  Q},
	82 => %W{ r  R},
	83 => %W{ s  S},
	84 => %W{ t  T},
	85 => %W{ u  U},
	86 => %W{ v  V},
	87 => %W{ w  W},
	88 => %W{ x  X},
	89 => %W{ y  Y},
	90 => %W{ z  Z},
	91 => %W{ LWin },
	92 => %W{ RWin },
	93 => %W{ Apps },

	95 => %W{ Sleep },
	96 => %W{ N0 },
	97 => %W{ N1 },
	98 => %W{ N2 },
	99 => %W{ N3 },
	100 => %W{ N4 },
	101 => %W{ N5 },
	102 => %W{ N6 },
	103 => %W{ N7 },
	104 => %W{ N8 },
	105 => %W{ N9 },
	106 => %W{ Multiply },
	107 => %W{ Add },
	108 => %W{ Separator },
	109 => %W{ Subtract },
	110 => %W{ Decimal },
	111 => %W{ Divide },
	112 => %W{ F1 },
	113 => %W{ F2 },
	114 => %W{ F3 },
	115 => %W{ F4 },
	116 => %W{ F5 },
	117 => %W{ F6 },
	118 => %W{ F7 },
	119 => %W{ F8 },
	120 => %W{ F9 },
	121 => %W{ F10 },
	122 => %W{ F11 },
	123 => %W{ F12 },
	124 => %W{ F13 },
	125 => %W{ F14 },
	126 => %W{ F15 },
	127 => %W{ F16 },
	128 => %W{ F17 },
	129 => %W{ F18 },
	130 => %W{ F19 },
	131 => %W{ F20 },
	132 => %W{ F21 },
	133 => %W{ F22 },
	134 => %W{ F23 },
	135 => %W{ F24 },
	144 => %W{ NumLock },
	145 => %W{ Scroll },
	160 => %W{ LShift },
	161 => %W{ RShift },
	162 => %W{ LCtrl },
	163 => %W{ RCtrl },
	164 => %W{ LMenu },
	165 => %W{ RMenu },
	166 => %W{ Back },
	167 => %W{ Forward },
	168 => %W{ Refresh },
	169 => %W{ Stop },
	170 => %W{ Search },
	171 => %W{ Favorites },
	172 => %W{ Home },
	176 => %W{ Forward },
	177 => %W{ Reverse },
	178 => %W{ Stop },
	179 => %W{ Play },
	186 => %W{ ;  :},
	187 => %W{ =  +},
	188 => %W{ ,  <},
	189 => %W{ -  _},
	190 => %W{ .  >},
	191 => %W{ /  ?},
	192 => %W{ '  ~},
	219 => %W| [  {|,
	220 => %W{ \  |},
	221 => %W| ]  }|,
	222 => %W{ '  Quotes},
}

Instance Method Summary collapse

Instance Method Details

#add_file(zip, path) ⇒ Object 



17
18
19
 
# File 'lib/rex/zip/samples/recursive.rb', line 17

def add_file(zip, path)
	zip.add_file(path)
end

#add_files(zip, path, recursive = nil) ⇒ Object

If it’s a directory, Walk the directory and add each item



25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'lib/rex/zip/samples/recursive.rb', line 25

def add_files(zip, path, recursive = nil)

	if (not add_file(zip, path))
		return nil
	end

	if (recursive and File.stat(path).directory?)
		begin
			dir = Dir.open(path)
		rescue
			# skip this file
			return nil
		end

		dir.each { |f|
			next if (f == '.')
			next if (f == '..')

			full_path = path + '/' + f
			st = File.stat(full_path)
			if (st.directory?)
				puts "adding dir  #{full_path}"
				add_files(zip, full_path, recursive)
			elsif (st.file?)
				puts "adding file #{full_path}"
				add_file(zip, full_path)
			end
		}
	end
end

#deregister_log_source(src) ⇒ Object 



167
168
169
 
# File 'lib/rex/logging/log_dispatcher.rb', line 167

def deregister_log_source(src)
	$dispatcher.delete(src)
end

#dlog(msg, src = 'core', level = 0, from = caller) ⇒ Object 



133
134
135
 
# File 'lib/rex/logging/log_dispatcher.rb', line 133

def dlog(msg, src = 'core', level = 0, from = caller)
	$dispatcher.log(LOG_DEBUG, src, level, msg, from)
end

#elog(msg, src = 'core', level = 0, from = caller) ⇒ Object 



137
138
139
 
# File 'lib/rex/logging/log_dispatcher.rb', line 137

def elog(msg, src = 'core', level = 0, from = caller)
	$dispatcher.log(LOG_ERROR, src, level, msg, from)
end

#get_log_level(src) ⇒ Object 



175
176
177
 
# File 'lib/rex/logging/log_dispatcher.rb', line 175

def get_log_level(src)
	$dispatcher.get_level(src)
end

#ilog(msg, src = 'core', level = 0, from = caller) ⇒ Object 



145
146
147
 
# File 'lib/rex/logging/log_dispatcher.rb', line 145

def ilog(msg, src = 'core', level = 0, from = caller)
	$dispatcher.log(LOG_INFO, src, level, msg, from)
end

#log_source_registered?(src) ⇒ Boolean

Returns:

  • (Boolean) 


157
158
159
 
# File 'lib/rex/logging/log_dispatcher.rb', line 157

def log_source_registered?(src)
	($dispatcher[src] != nil)
end

#rand_text_alpha(len) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'lib/rex/zip/samples/mkwar.rb', line 19

def rand_text_alpha(len)
	buff = ""

	foo = []
	foo += ('A' .. 'Z').to_a
	foo += ('a' .. 'z').to_a

	# Generate a buffer from the remaining bytes
	if foo.length >= 256
		len.times { buff << Kernel.rand(256) }
	else
		len.times { buff << foo[ rand(foo.length) ] }
	end

	return buff
end

#register_log_source(src, sink, level = nil) ⇒ Object 



161
162
163
164
165
 
# File 'lib/rex/logging/log_dispatcher.rb', line 161

def register_log_source(src, sink, level = nil)
	$dispatcher[src] = sink

	set_log_level(src, level) if (level)
end

#rexObject

Rex::OLE - an OLE implementation written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>

License: MSF_LICENSE

This module implements Object-Linking-and-Embedding otherwise known as Compound File Binary File Format or Windows Compound Binary File Format. OLE is the container format for modern Excel, Word, PowerPoint, and many other file formats.

NOTE: This implementation is almost fully compliant with [MS-CFB] v1.1

SUPPORTS:

1. R/W v3 OLE files (v4 may work, but wasn't tested)
2. RO double-indirect fat sectors
3. RO fat sectors (including those in double-indirect parts)
4. WO support for less than 109 fat sectors :)
5. R/W minifat sectors
6. R/W ministream
7. R/W normal streams
8. R/W substorages (including nesting)
9. full directory support (hierarchal and flattened access)

  1. big and little endian files (although only little endian was tested)

  2. PropertySet streams (except .to_s)

TODO (in order of priority):

1. support deleting storages/streams
2. create copyto and other typical interface functions
3. support writing DIF sectors > 109
   - may lead to allocating more fat sectors :-/
4. properly support mode params for open_stream/open_storage/etc
5. optimize to prevent unecessary loading/writing
6. support non-committal editing (open, change, close w/o save)
7. support timestamps
8. provide interface to change paramters (endian, etc)

TO INVESTIGATE:

1. moving storage interface functions into something used by both
   the main storage and substorages (unifying the code) (mixin?)
2. eliminating flattening the directory prior to writing it out



58
 
# File 'lib/rex/ole.rb', line 58

require 'rex'

#rlog(msg, src = 'core', level = 0, from = caller) ⇒ Object 



149
150
151
152
153
154
155
 
# File 'lib/rex/logging/log_dispatcher.rb', line 149

def rlog(msg, src = 'core', level = 0, from = caller)
	if (msg == ExceptionCallStack)
		msg = "\nCall stack:\n" + $@.join("\n") + "\n"
	end

	$dispatcher.log(LOG_RAW, src, level, msg, from)
end

#set_log_level(src, level) ⇒ Object 



171
172
173
 
# File 'lib/rex/logging/log_dispatcher.rb', line 171

def set_log_level(src, level)
	$dispatcher.set_level(src, level)
end

#show_entries(ent, spaces = 0) ⇒ Object

recursive printer :)



24
25
26
27
28
29
30
31
 
# File 'lib/rex/ole/samples/dir.rb', line 24

def show_entries(ent, spaces=0)
	spstr = " " * spaces

	puts "%s + #{ent.name}" % spstr
	ent.each { |el|
		show_entries(el, spaces+2)
	}
end

#wlog(msg, src = 'core', level = 0, from = caller) ⇒ Object 



141
142
143
 
# File 'lib/rex/logging/log_dispatcher.rb', line 141

def wlog(msg, src = 'core', level = 0, from = caller)
	$dispatcher.log(LOG_WARN, src, level, msg, from)
end