spelling fixes for lib folder
This commit is contained in:
h00die
parent
ee3b8b40b6
commit
6a851855a8
|
|
@ -22,7 +22,7 @@ Synopsis:
|
|||
|
||||
Options:
|
||||
-r, --relative Output relative URLs (rather than absolute)
|
||||
-o, --output filename Filename to save URL list to. Defautls to urls.txt.
|
||||
-o, --output filename Filename to save URL list to. Defaults to urls.txt.
|
||||
INFO
|
||||
exit(0)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ module Anemone
|
|||
end
|
||||
|
||||
#
|
||||
# Add one ore more Regex patterns for URLs which should not be
|
||||
# Add one or more Regex patterns for URLs which should not be
|
||||
# followed
|
||||
#
|
||||
def skip_links_like(*patterns)
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
|
||||
== 0.4.0 / 2010-04-08
|
||||
|
||||
* Major enchancements
|
||||
* Major enhancements
|
||||
|
||||
* Cookies can be accepted and sent with each HTTP request.
|
||||
|
||||
|
|
@ -38,7 +38,7 @@
|
|||
|
||||
== 0.3.0 / 2009-12-15
|
||||
|
||||
* Major enchancements
|
||||
* Major enhancements
|
||||
|
||||
* Option for persistent storage of pages during crawl with TokyoCabinet or PStore
|
||||
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ module Metasploit
|
|||
when -5001 #kFPAuthContinue
|
||||
return parse_login_response_add_send_login_count(response, {:p => p, :g => g, :ra => ra, :ma => ma,
|
||||
:password => pass, :user => user})
|
||||
when -5023 #kFPUserNotAuth (User dosen't exists)
|
||||
when -5023 #kFPUserNotAuth (User doesn't exists)
|
||||
return :skip_user
|
||||
else
|
||||
return :connection_error
|
||||
|
|
@ -273,7 +273,7 @@ module Metasploit
|
|||
parsed_addreses << IPAddr.ntop(address[1..4]).to_s
|
||||
when 2 # Four-byte IP address followed by a two-byte port number
|
||||
parsed_addreses << "#{IPAddr.ntop(address[1..4])}:#{address[5..6].unpack("n").first}"
|
||||
when 3 # DDP address (depricated)
|
||||
when 3 # DDP address (deprecated)
|
||||
next
|
||||
when 4 # DNS name (maximum of 254 bytes)
|
||||
parsed_addreses << address[1..address.length - 1]
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ module Metasploit
|
|||
module Framework
|
||||
module API
|
||||
# @note This is a lie. The API version is not semantically version and it's version has actually never changed
|
||||
# even though API changes have occured. DO NOT base compatibility on this version.
|
||||
# even though API changes have occurred. DO NOT base compatibility on this version.
|
||||
module Version
|
||||
MAJOR = 1
|
||||
MINOR = 0
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ module Metasploit
|
|||
# Module Methods
|
||||
#
|
||||
|
||||
# Returns first configuration pathname from configuration_pathnames or the overridding `:path`.
|
||||
# Returns first configuration pathname from configuration_pathnames or the overriding `:path`.
|
||||
#
|
||||
# @param options [Hash{Symbol=>String}]
|
||||
# @option options [String] :path Path to use instead of first element of configurations_pathnames
|
||||
|
|
|
|||
|
|
@ -165,7 +165,7 @@ module Metasploit
|
|||
|
||||
# dispatch to the proper method
|
||||
if (type == "get")
|
||||
# failed listings jsut disconnect..
|
||||
# failed listings just disconnect..
|
||||
begin
|
||||
data = self.datasocket.get_once(-1, ftp_timeout)
|
||||
rescue ::EOFError
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ module Metasploit
|
|||
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attmpt to login with
|
||||
# @param credential [Credential] The credential object to attempt to login with
|
||||
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
|
||||
def attempt_login(credential)
|
||||
result_options = {
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ module Metasploit
|
|||
# @return [Object] The framework instance object
|
||||
attr_accessor :framework
|
||||
# @!attribute framework_module
|
||||
# @return [Object] The framework module caller, if availale
|
||||
# @return [Object] The framework module caller, if available
|
||||
attr_accessor :framework_module
|
||||
# @!attribute connection_timeout
|
||||
# @return [Integer] The timeout in seconds for a single SSH connection
|
||||
|
|
@ -91,7 +91,7 @@ module Metasploit
|
|||
# Attempt a single login against the service with the given
|
||||
# {Credential credential}.
|
||||
#
|
||||
# @param credential [Credential] The credential object to attmpt to
|
||||
# @param credential [Credential] The credential object to attempt to
|
||||
# login with
|
||||
# @return [Result] A Result object indicating success or failure
|
||||
# @abstract Protocol-specific scanners must implement this for their
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ module Metasploit
|
|||
|
||||
# Sends a HTTP request with Rex
|
||||
#
|
||||
# @param (see Rex::Proto::Http::Resquest#request_raw)
|
||||
# @param (see Rex::Proto::Http::Request#request_raw)
|
||||
# @return [Rex::Proto::Http::Response] The HTTP response
|
||||
def send_request(opts)
|
||||
res = super(opts)
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ module Metasploit
|
|||
auth_token = res.body.scan(/<input name="authenticity_token" type="hidden" value="(.*?)"/).flatten[0]
|
||||
|
||||
# New versions of GitLab use an alternative scheme
|
||||
# Try it, if the old one was not successfull
|
||||
# Try it, if the old one was not successful
|
||||
auth_token = res.body.scan(/<input type="hidden" name="authenticity_token" value="(.*?)"/).flatten[0] unless auth_token
|
||||
|
||||
fail RuntimeError, 'Unable to get Session Cookie' unless local_session_cookie
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ module Metasploit
|
|||
|
||||
# Sends a HTTP request with Rex
|
||||
#
|
||||
# @param (see Rex::Proto::Http::Resquest#request_raw)
|
||||
# @param (see Rex::Proto::Http::Request#request_raw)
|
||||
# @return [Rex::Proto::Http::Response] The HTTP response
|
||||
def send_request(opts)
|
||||
res = super(opts)
|
||||
|
|
|
|||
|
|
@ -235,9 +235,9 @@ module Metasploit
|
|||
# @option opts [Credential] 'credential' A credential object
|
||||
# @option opts [Rex::Proto::Http::Client] 'http_client' object that can be used by the function
|
||||
# @option opts ['Hash'] 'context' A context
|
||||
# @raise [Rex::ConnectionError] One of these errors has occured: EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
|
||||
# @raise [Rex::ConnectionError] One of these errors has occurred: EOFError, Errno::ETIMEDOUT, Rex::ConnectionError, ::Timeout::Error
|
||||
# @return [Rex::Proto::Http::Response] The HTTP response
|
||||
# @return [NilClass] An error has occured while reading the response (see #Rex::Proto::Http::Client#read_response)
|
||||
# @return [NilClass] An error has occurred while reading the response (see #Rex::Proto::Http::Client#read_response)
|
||||
def send_request(opts)
|
||||
close_client = !opts.key?(:http_client)
|
||||
cli = opts.fetch(:http_client) { create_client(opts) }
|
||||
|
|
@ -418,7 +418,7 @@ module Metasploit
|
|||
self.http_success_codes = DEFAULT_HTTP_SUCCESS_CODES if self.http_success_codes.nil?
|
||||
|
||||
# Note that this doesn't cover the case where ssl is unset and
|
||||
# port is something other than a default. In that situtation,
|
||||
# port is something other than a default. In that situation,
|
||||
# we don't know what the user has in mind so we have to trust
|
||||
# that they're going to do something sane.
|
||||
if !(self.ssl) && self.port.nil?
|
||||
|
|
|
|||
|
|
@ -12,7 +12,7 @@ module Metasploit
|
|||
LOGIN_STATUS = Metasploit::Model::Login::Status # Shorter name
|
||||
|
||||
|
||||
# Checks if the target is ManageEngine Dekstop Central.
|
||||
# Checks if the target is ManageEngine Desktop Central.
|
||||
#
|
||||
# @return [Boolean] TrueClass if target is MSP, otherwise FalseClass
|
||||
def check_setup
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ module Metasploit
|
|||
attr_accessor :client_id
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attmpt to login with
|
||||
# @param credential [Credential] The credential object to attempt to login with
|
||||
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
|
||||
def attempt_login(credential)
|
||||
result_options = {
|
||||
|
|
|
|||
|
|
@ -39,7 +39,7 @@ module Metasploit
|
|||
connect
|
||||
select([sock],nil,nil,0.4)
|
||||
|
||||
# Check to see if we recieved an OK?
|
||||
# Check to see if we received an OK?
|
||||
result_options[:proof] = sock.get_once
|
||||
if result_options[:proof] && result_options[:proof][/^\+OK.*/]
|
||||
# If we received an OK we should send the USER
|
||||
|
|
|
|||
|
|
@ -15,7 +15,7 @@ module Metasploit
|
|||
# @return [Credential] the Credential object the result is for
|
||||
attr_accessor :credential
|
||||
# @!attribute host
|
||||
# @return [String] the addess of the target host for this result
|
||||
# @return [String] the address of the target host for this result
|
||||
attr_accessor :host
|
||||
# @!attribute port
|
||||
# @return [Integer] the port number of the service for this result
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ module Metasploit
|
|||
# and the socket is not immediately closed
|
||||
attr_accessor :use_client_as_proof
|
||||
|
||||
# If login is successul and {Result#access_level} is not set
|
||||
# If login is successful and {Result#access_level} is not set
|
||||
# then arbitrary credentials are accepted. If it is set to
|
||||
# Guest, then arbitrary credentials are accepted, but given
|
||||
# Guest permissions.
|
||||
|
|
|
|||
|
|
@ -34,7 +34,7 @@ module Metasploit
|
|||
]
|
||||
|
||||
# This method attempts a single login with a single credential against the target
|
||||
# @param credential [Credential] The credential object to attmpt to login with
|
||||
# @param credential [Credential] The credential object to attempt to login with
|
||||
# @return [Metasploit::Framework::LoginScanner::Result] The LoginScanner Result object
|
||||
def attempt_login(credential)
|
||||
result_options = {
|
||||
|
|
@ -119,7 +119,7 @@ module Metasploit
|
|||
end
|
||||
break unless retry?(client.error)
|
||||
|
||||
# Wait for an increasing ammount of time before retrying
|
||||
# Wait for an increasing amount of time before retrying
|
||||
delay = (2**(n+1)) + 1
|
||||
::Rex.sleep(delay)
|
||||
end
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ module Metasploit
|
|||
|
||||
# Sends a HTTP request with Rex
|
||||
#
|
||||
# @param (see Rex::Proto::Http::Resquest#request_raw)
|
||||
# @param (see Rex::Proto::Http::Request#request_raw)
|
||||
# @return [Rex::Proto::Http::Response] The HTTP response
|
||||
def send_request(opts)
|
||||
res = super(opts)
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ module Metasploit
|
|||
0x0000, #length
|
||||
0x0000, # SPID
|
||||
0x01, # PacketID (unused upon specification
|
||||
# but ms network monitor stil prefer 1 to decode correctly, wireshark don't care)
|
||||
# but ms network monitor still prefer 1 to decode correctly, wireshark don't care)
|
||||
0x00 #Window
|
||||
]
|
||||
|
||||
|
|
@ -138,7 +138,7 @@ module Metasploit
|
|||
0x0000, #length
|
||||
0x0000, # SPID
|
||||
0x01, # PacketID (unused upon specification
|
||||
# but ms network monitor stil prefer 1 to decode correctly, wireshark don't care)
|
||||
# but ms network monitor still prefer 1 to decode correctly, wireshark don't care)
|
||||
0x00 #Window
|
||||
]
|
||||
|
||||
|
|
@ -262,7 +262,7 @@ module Metasploit
|
|||
resp = mssql_send_recv(pkt)
|
||||
end
|
||||
|
||||
#SQL Server Authentification
|
||||
#SQL Server Authentication
|
||||
else
|
||||
idx = 0
|
||||
pkt = ''
|
||||
|
|
|
|||
|
|
@ -2,7 +2,7 @@ module Metasploit
|
|||
module Framework
|
||||
module NTDS
|
||||
require 'metasploit/framework/ntds/account'
|
||||
# This class respresent an NTDS parser. It interacts with the Meterpreter Client
|
||||
# This class represent an NTDS parser. It interacts with the Meterpreter Client
|
||||
# to provide a simple interface for enumerating AD user accounts.
|
||||
class Parser
|
||||
|
||||
|
|
|
|||
|
|
@ -337,7 +337,7 @@ module Metasploit
|
|||
# This method returns the version of John the Ripper or Hashcat being used.
|
||||
#
|
||||
# @raise [PasswordCrackerNotFoundError] if a suitable cracker binary was never found
|
||||
# @return [Sring] the version detected
|
||||
# @return [String] the version detected
|
||||
def cracker_version
|
||||
if cracker == 'john'
|
||||
cmd = binary_path
|
||||
|
|
@ -527,7 +527,7 @@ module Metasploit
|
|||
|
||||
# This runs the show command in john and yields cracked passwords.
|
||||
#
|
||||
# @return [Array] the output from teh command split on newlines
|
||||
# @return [Array] the output from the command split on newlines
|
||||
def each_cracked_password
|
||||
::IO.popen(show_command, 'rb').readlines
|
||||
end
|
||||
|
|
|
|||
|
|
@ -71,7 +71,7 @@ module Metasploit
|
|||
# This is just md5(unicode($p)), where $p is the password.
|
||||
# Avira uses to store their passwords, there may be other apps that also use this though.
|
||||
# The trailing : shows an empty salt. This is because hashcat only has one unicode hash
|
||||
# format which is combatible, type 30, but that is listed as md5(utf16le($pass).$salt)
|
||||
# format which is compatible, type 30, but that is listed as md5(utf16le($pass).$salt)
|
||||
# with a sample hash of b31d032cfdcf47a399990a71e43c5d2a:144816. So this just outputs
|
||||
# The hash as *hash*: so that it is both JTR and hashcat compatible
|
||||
return "#{cred.private.data}:"
|
||||
|
|
|
|||
|
|
@ -360,7 +360,7 @@ module Metasploit
|
|||
results.flatten.uniq
|
||||
end
|
||||
|
||||
# A getter for a memoized version fo the mutation keys list
|
||||
# A getter for a memoized version of the mutation keys list
|
||||
#
|
||||
# @return [Array<Array>] a 2D array of all mutation combinations
|
||||
def mutation_keys
|
||||
|
|
|
|||
|
|
@ -346,7 +346,7 @@ Shell Banner:
|
|||
print_status("Using `script` to pop up an interactive shell")
|
||||
# Payload: script /dev/null
|
||||
# Using /dev/null to make sure there is no log file on the target machine
|
||||
# Prevent being detected by the admin or antivirus softwares
|
||||
# Prevent being detected by the admin or antivirus software
|
||||
shell_command("#{script_path} /dev/null")
|
||||
return
|
||||
end
|
||||
|
|
|
|||
|
|
@ -266,7 +266,7 @@ class Encoder < Module
|
|||
# If this encoder is key-based and we don't already have a key, find one
|
||||
if ((decoder_key_size) and
|
||||
(state.key == nil))
|
||||
# Find a key that doesn't contain and wont generate any bad
|
||||
# Find a key that doesn't contain and won't generate any bad
|
||||
# characters
|
||||
state.init_key(obtain_key(buf, badchars, state))
|
||||
|
||||
|
|
|
|||
|
|
@ -211,7 +211,7 @@ module BindAwsSsm
|
|||
ctimeout = exploit_config['active_timeout'].to_i
|
||||
end
|
||||
|
||||
# Ignore this if one of the requried options is missing
|
||||
# Ignore this if one of the required options is missing
|
||||
return if datastore['EC2_ID'].blank?
|
||||
|
||||
# Only try the same host/port combination once
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ class OpenPipeSock < Rex::Proto::SMB::SimpleClient::OpenPipe
|
|||
self.simple = simple
|
||||
self.client = simple.client
|
||||
self.mutex = Mutex.new # synchronize read/writes
|
||||
self.last_comm = Time.now # last successfull read/write
|
||||
self.last_comm = Time.now # last successful read/write
|
||||
self.write_queue = Queue.new # messages to send
|
||||
self.write_thread = Thread.new { dispatcher }
|
||||
self.echo_thread = Thread.new { force_read }
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ module ReverseTcpDoubleSSL
|
|||
#
|
||||
def setup_handler
|
||||
if !datastore['Proxies'].blank? && !datastore['ReverseAllowProxy']
|
||||
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overriden by setting ReverseAllowProxy to true'
|
||||
raise RuntimeError, 'TCP connect-back payloads cannot be used with Proxies. Can be overridden by setting ReverseAllowProxy to true'
|
||||
end
|
||||
|
||||
ex = false
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ class Msf::Payload::MachO
|
|||
end
|
||||
|
||||
#
|
||||
# Return the VM respresentation of a macho file
|
||||
# Return the VM representation of a macho file
|
||||
#
|
||||
def flatten
|
||||
raw_data = @macho.serialize
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ module Msf::Payload::Mainframe
|
|||
# are defined here. It is optional for other mainframe payloads.
|
||||
###
|
||||
def jcl_jobcard
|
||||
# format paramaters with basic constraints
|
||||
# format parameters with basic constraints
|
||||
# see http://www.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/
|
||||
# com.ibm.zos.v2r1.ieab600/iea3b6_Parameter_field8.htm
|
||||
#
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@
|
|||
###
|
||||
module Msf::Payload::Multi
|
||||
|
||||
# TOOD: require the appropriate stuff!
|
||||
# TODO: require the appropriate stuff!
|
||||
# TODO: figure out what to do here
|
||||
def apply_prepends(raw)
|
||||
''
|
||||
|
|
|
|||
|
|
@ -126,7 +126,7 @@ module Payload::Windows::BindTcp
|
|||
|
||||
mov eax, 0x0190 ; EAX = sizeof( struct WSAData )
|
||||
sub esp, eax ; alloc some space for the WSAData structure
|
||||
push esp ; push a pointer to this stuct
|
||||
push esp ; push a pointer to this struct
|
||||
push eax ; push the wVersionRequested parameter
|
||||
push #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
call ebp ; WSAStartup( 0x0190, &WSAData );
|
||||
|
|
@ -221,7 +221,7 @@ module Payload::Windows::BindTcp
|
|||
mov esi, [esi] ; dereference the pointer to the second stage length
|
||||
push 0x40 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ; MEM_COMMIT
|
||||
push esi ; push the newly recieved second stage length.
|
||||
push esi ; push the newly received second stage length.
|
||||
push 0 ; NULL as we dont care where the allocation is.
|
||||
push #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call ebp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ module Payload::Windows::BindTcpRc4
|
|||
lea ecx, [esi+0x100] ; ECX = stage length + S-box length (alloc length)
|
||||
push 0x40 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ; MEM_COMMIT
|
||||
; push esi ; push the newly recieved second stage length.
|
||||
; push esi ; push the newly received second stage length.
|
||||
push ecx ; push the alloc length
|
||||
push 0 ; NULL as we dont care where the allocation is.
|
||||
push #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
|
|
|
|||
|
|
@ -83,7 +83,7 @@ module Msf::Payload::Windows::PrependMigrate
|
|||
not_lowercase: ;
|
||||
ror edi, 13 ; Rotate right our hash value
|
||||
add edi, eax ; Add the next byte of the name
|
||||
loop loop_modname ; Loop untill we have read enough
|
||||
loop loop_modname ; Loop until we have read enough
|
||||
|
||||
; We now have the module hash computed
|
||||
push edx ; Save the current position in the module list for later
|
||||
|
|
@ -135,7 +135,7 @@ module Msf::Payload::Windows::PrependMigrate
|
|||
pop ebx ; Clear off the current modules hash
|
||||
pop ebx ; Clear off the current position in the module list
|
||||
popad ; Restore all of the callers registers, bar EAX, ECX and EDX which are clobbered
|
||||
pop ecx ; Pop off the origional return address our caller will have pushed
|
||||
pop ecx ; Pop off the original return address our caller will have pushed
|
||||
pop edx ; Pop off the hash value our caller will have pushed
|
||||
push ecx ; Push back the correct return value
|
||||
jmp eax ; Jump into the required function
|
||||
|
|
@ -330,11 +330,11 @@ module Msf::Payload::Windows::PrependMigrate
|
|||
not_lowercase: ;
|
||||
ror r9d, 13 ; Rotate right our hash value
|
||||
add r9d, eax ; Add the next byte of the name
|
||||
loop loop_modname ; Loop untill we have read enough
|
||||
loop loop_modname ; Loop until we have read enough
|
||||
; We now have the module hash computed
|
||||
push rdx ; Save the current position in the module list for later
|
||||
push r9 ; Save the current module hash for later
|
||||
; Proceed to itterate the export address table
|
||||
; Proceed to iterate the export address table
|
||||
mov rdx, [rdx+32] ; Get this modules base address
|
||||
mov eax, dword [rdx+60] ; Get PE header
|
||||
add rax, rdx ; Add the modules base address
|
||||
|
|
@ -494,7 +494,7 @@ module Msf::Payload::Windows::PrependMigrate
|
|||
mov r8, #{payloadsize} ; stageless size
|
||||
EOS
|
||||
else
|
||||
# otherwise we'll juse reuse r9 (4096) for size
|
||||
# otherwise we'll just reuse r9 (4096) for size
|
||||
migrate_asm << <<-EOS
|
||||
mov r8,r9 ; size
|
||||
EOS
|
||||
|
|
|
|||
|
|
@ -131,8 +131,8 @@ LoadLibraryA:
|
|||
push eax ; Push the address of linrary name string
|
||||
push #{Rex::Text.block_api_hash('kernel32.dll', 'LoadLibraryA')} ; ror13( "kernel32.dll", "LoadLibraryA" )
|
||||
call ebp ; LoadLibraryA([esp+4])
|
||||
pop edx ; Retreive edx
|
||||
pop ecx ; Retreive ecx
|
||||
pop edx ; Retrieve edx
|
||||
pop ecx ; Retrieve ecx
|
||||
ret ; <-
|
||||
GetProcAddress:
|
||||
push ecx ; Save ecx to stack
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ module Payload::Windows::ReverseTcp
|
|||
|
||||
mov eax, 0x0190 ; EAX = sizeof( struct WSAData )
|
||||
sub esp, eax ; alloc some space for the WSAData structure
|
||||
push esp ; push a pointer to this stuct
|
||||
push esp ; push a pointer to this struct
|
||||
push eax ; push the wVersionRequested parameter
|
||||
push #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
call ebp ; WSAStartup( 0x0190, &WSAData );
|
||||
|
|
@ -207,7 +207,7 @@ module Payload::Windows::ReverseTcp
|
|||
end
|
||||
|
||||
asm << %Q^
|
||||
; this lable is required so that reconnect attempts include
|
||||
; this label is required so that reconnect attempts include
|
||||
; the UUID stuff if required.
|
||||
connected:
|
||||
^
|
||||
|
|
@ -249,7 +249,7 @@ module Payload::Windows::ReverseTcp
|
|||
mov esi, [esi] ; dereference the pointer to the second stage length
|
||||
push 0x40 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ; MEM_COMMIT
|
||||
push esi ; push the newly recieved second stage length.
|
||||
push esi ; push the newly received second stage length.
|
||||
push 0 ; NULL as we dont care where the allocation is.
|
||||
push #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call ebp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -84,12 +84,12 @@ module Payload::Windows::ReverseTcpDns
|
|||
|
||||
mov eax, 0x0190 ; EAX = sizeof( struct WSAData )
|
||||
sub esp, eax ; alloc some space for the WSAData structure
|
||||
push esp ; push a pointer to this stuct
|
||||
push esp ; push a pointer to this struct
|
||||
push eax ; push the wVersionRequested parameter
|
||||
push #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
call ebp ; WSAStartup( 0x0190, &WSAData );
|
||||
|
||||
push eax ; if we succeed, eax wil be zero, push zero for the flags param.
|
||||
push eax ; if we succeed, eax will be zero, push zero for the flags param.
|
||||
push eax ; push null for reserved parameter
|
||||
push eax ; we do not specify a WSAPROTOCOL_INFO structure
|
||||
push eax ; we do not specify a protocol
|
||||
|
|
@ -148,7 +148,7 @@ module Payload::Windows::ReverseTcpDns
|
|||
end
|
||||
|
||||
asm << %Q^
|
||||
; this lable is required so that reconnect attempts include
|
||||
; this label is required so that reconnect attempts include
|
||||
; the UUID stuff if required.
|
||||
connected:
|
||||
^
|
||||
|
|
|
|||
|
|
@ -90,7 +90,7 @@ module Payload::Windows::ReverseTcpRc4
|
|||
lea ecx, [esi+0x100] ; ECX = stage length + S-box length (alloc length)
|
||||
push 0x40 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ; MEM_COMMIT
|
||||
; push esi ; push the newly recieved second stage length.
|
||||
; push esi ; push the newly received second stage length.
|
||||
push ecx ; push the alloc length
|
||||
push 0 ; NULL as we dont care where the allocation is.
|
||||
push #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ module Payload::Windows::ReverseUdp
|
|||
|
||||
mov eax, 0x0190 ; EAX = sizeof( struct WSAData )
|
||||
sub esp, eax ; alloc some space for the WSAData structure
|
||||
push esp ; push a pointer to this stuct
|
||||
push esp ; push a pointer to this struct
|
||||
push eax ; push the wVersionRequested parameter
|
||||
push #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
call ebp ; WSAStartup( 0x0190, &WSAData );
|
||||
|
|
@ -135,7 +135,7 @@ module Payload::Windows::ReverseUdp
|
|||
end
|
||||
|
||||
asm << %Q^
|
||||
; this lable is required so that reconnect attempts include
|
||||
; this label is required so that reconnect attempts include
|
||||
; the UUID stuff if required.
|
||||
connected:
|
||||
^
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ module Payload::Windows::AddrLoader_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx, rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -244,7 +244,7 @@ module Payload::Windows::BindNamedPipe_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx, rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -84,7 +84,7 @@ module Payload::Windows::BindTcpRc4_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx,rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -147,7 +147,7 @@ module Payload::Windows::BindTcp_x64
|
|||
call rbp ; LoadLibraryA( "ws2_32" )
|
||||
|
||||
; perform the call to WSAStartup...
|
||||
mov rdx, r13 ; second param is a pointer to this stuct
|
||||
mov rdx, r13 ; second param is a pointer to this struct
|
||||
push 0x0101 ;
|
||||
pop rcx ; set the param for the version requested
|
||||
mov r10d, #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
|
|
@ -156,7 +156,7 @@ module Payload::Windows::BindTcp_x64
|
|||
; perform the call to WSASocketA...
|
||||
push #{addr_fam} ; push AF_INET/6
|
||||
pop rcx ; pop family into rcx
|
||||
push rax ; if we succeed, rax wil be zero, push zero for the flags param.
|
||||
push rax ; if we succeed, rax will be zero, push zero for the flags param.
|
||||
push rax ; push null for reserved parameter
|
||||
xor r9, r9 ; we do not specify a WSAPROTOCOL_INFO structure
|
||||
xor r8, r8 ; we do not specify a protocol
|
||||
|
|
@ -224,7 +224,7 @@ module Payload::Windows::BindTcp_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx, rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -151,7 +151,7 @@ module Payload::Windows::ReverseNamedPipe_x64
|
|||
end
|
||||
|
||||
asm << %Q^
|
||||
; this lable is required so that reconnect attempts include
|
||||
; this label is required so that reconnect attempts include
|
||||
; the UUID stuff if required.
|
||||
connected:
|
||||
xchg rdi, rax ; Save the file handler for later
|
||||
|
|
@ -197,7 +197,7 @@ module Payload::Windows::ReverseNamedPipe_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx, rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -99,7 +99,7 @@ module Payload::Windows::ReverseTcpRc4_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx,rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -124,7 +124,7 @@ module Payload::Windows::ReverseTcp_x64
|
|||
call rbp ; LoadLibraryA( "ws2_32" )
|
||||
|
||||
; perform the call to WSAStartup...
|
||||
mov rdx, r13 ; second param is a pointer to this stuct
|
||||
mov rdx, r13 ; second param is a pointer to this struct
|
||||
push 0x0101 ;
|
||||
pop rcx ; set the param for the version requested
|
||||
mov r10d, #{Rex::Text.block_api_hash('ws2_32.dll', 'WSAStartup')}
|
||||
|
|
@ -136,7 +136,7 @@ module Payload::Windows::ReverseTcp_x64
|
|||
|
||||
create_socket:
|
||||
; perform the call to WSASocketA...
|
||||
push rax ; if we succeed, rax wil be zero, push zero for the flags param.
|
||||
push rax ; if we succeed, rax will be zero, push zero for the flags param.
|
||||
push rax ; push null for reserved parameter
|
||||
xor r9, r9 ; we do not specify a WSAPROTOCOL_INFO structure
|
||||
xor r8, r8 ; we do not specify a protocol
|
||||
|
|
@ -179,7 +179,7 @@ module Payload::Windows::ReverseTcp_x64
|
|||
end
|
||||
|
||||
asm << %Q^
|
||||
; this lable is required so that reconnect attempts include
|
||||
; this label is required so that reconnect attempts include
|
||||
; the UUID stuff if required.
|
||||
connected:
|
||||
^
|
||||
|
|
@ -226,7 +226,7 @@ module Payload::Windows::ReverseTcp_x64
|
|||
pop r9 ; PAGE_EXECUTE_READWRITE
|
||||
push 0x1000 ;
|
||||
pop r8 ; MEM_COMMIT
|
||||
mov rdx, rsi ; the newly recieved second stage length.
|
||||
mov rdx, rsi ; the newly received second stage length.
|
||||
xor rcx, rcx ; NULL as we dont care where the allocation is.
|
||||
mov r10d, #{Rex::Text.block_api_hash('kernel32.dll', 'VirtualAlloc')}
|
||||
call rbp ; VirtualAlloc( NULL, dwLength, MEM_COMMIT, PAGE_EXECUTE_READWRITE );
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of postgres users and password hashes from the database
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @return [Array] list of hash tables where each table is a user, nil on error
|
||||
|
|
@ -79,7 +79,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of postgres users and password hashes from the database
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @return [Array] list of hash tables where each table is a user, nil on error
|
||||
|
|
@ -110,7 +110,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of vpx users and password hashes from the database
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @param symkey [String] string of they symkey
|
||||
|
|
@ -163,8 +163,8 @@ module Msf
|
|||
end
|
||||
|
||||
#
|
||||
# A helper function to return the command line statement string to connect to the postgress server
|
||||
# @param pg_password [String] postgress password
|
||||
# A helper function to return the command line statement string to connect to the postgresql server
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @param vcdb_host [String] virtual center hostname. Defaults to 'localhost'
|
||||
|
|
@ -180,7 +180,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of vpc customization contents
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @return [Hash] where the customization name is the key and value is the parsed xml doc, nil on error
|
||||
|
|
@ -214,7 +214,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of virtual machines located on the server
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @param _vc_sym_key [String] sym key from virtual center
|
||||
|
|
@ -248,7 +248,7 @@ module Msf
|
|||
|
||||
#
|
||||
# Returns a list of vpc customization contents
|
||||
# @param pg_password [String] postgress password
|
||||
# @param pg_password [String] postgresql password
|
||||
# @param vcdb_user [String] virtual center database username
|
||||
# @param vcdb_name [String] virtual center database name
|
||||
# @param vc_sym_key [String] sym key from virtual center
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ protected
|
|||
|
||||
#
|
||||
# Performs the actual raw interaction with the remote side. This can be
|
||||
# overriden by derived classes if they wish to do this another way.
|
||||
# overridden by derived classes if they wish to do this another way.
|
||||
#
|
||||
def _interact
|
||||
framework.events.on_session_interact(self)
|
||||
|
|
|
|||
|
|
@ -125,8 +125,8 @@ protected
|
|||
# Judge the user wants to abort the reverse shell session
|
||||
# Or just want to abort the process running on the target machine
|
||||
# If the latter, just send ASCII Control Character \u0003 (End of Text) to the socket fd
|
||||
# The character will be handled by the line dicipline program of the pseudo-terminal on target machine
|
||||
# It will send the SEGINT singal to the foreground process
|
||||
# The character will be handled by the line discipline program of the pseudo-terminal on target machine
|
||||
# It will send the SEGINT signal to the foreground process
|
||||
if !intent
|
||||
# TODO: Check the shell is interactive or not
|
||||
# If the current shell is not interactive, the ASCII Control Character will not work
|
||||
|
|
|
|||
|
|
@ -2430,7 +2430,7 @@ class Core
|
|||
print_line "Usage: unset [-g] var1 var2 var3 ..."
|
||||
print_line
|
||||
print_line "The unset command is used to unset one or more variables."
|
||||
print_line "To flush all entires, specify 'all' as the variable name."
|
||||
print_line "To flush all entries, specify 'all' as the variable name."
|
||||
print_line "With -g, operates on global datastore variables."
|
||||
print_line
|
||||
else
|
||||
|
|
@ -2719,7 +2719,7 @@ class Core
|
|||
all_lines.each_with_index do |line, line_num|
|
||||
next if (output_mods[:skip] and line_num < output_mods[:skip])
|
||||
our_lines << line if (output_mods[:keep] and line_num < output_mods[:keep])
|
||||
# we don't wan't to keep processing if we have a :max and we've reached it already (not counting skips/keeps)
|
||||
# we don't want to keep processing if we have a :max and we've reached it already (not counting skips/keeps)
|
||||
break if match_mods[:max] and count >= match_mods[:max]
|
||||
if eval statement
|
||||
count += 1
|
||||
|
|
@ -2874,7 +2874,7 @@ class Core
|
|||
# from all_lines by supplying the +before+ and/or +after+ parameters which are always positive
|
||||
#
|
||||
# @param all_lines [Array<String>] An array of all lines being considered for matching
|
||||
# @param line_num [Integer] The line number in all_lines which has satisifed the match
|
||||
# @param line_num [Integer] The line number in all_lines which has satisfied the match
|
||||
# @param after [Integer] The number of lines after the match line to include (should always be positive)
|
||||
# @param before [Integer] The number of lines before the match line to include (should always be positive)
|
||||
# @return [Array<String>] Array of lines including the line at line_num and any +before+ and/or +after+
|
||||
|
|
|
|||
|
|
@ -1044,7 +1044,7 @@ module Msf
|
|||
#
|
||||
# @param str [String] the string currently being typed before tab was hit
|
||||
# @param words [Array<String>] the previously completed words on the command line. words is always
|
||||
# at least 1 when tab completion has reached this stage since the command itself has been completd
|
||||
# at least 1 when tab completion has reached this stage since the command itself has been completed
|
||||
|
||||
def cmd_use_tabs(str, words)
|
||||
return [] if words.length > 1
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ module Net # :nodoc:
|
|||
# Size of the question portion (type and class)
|
||||
QFIXEDSZ = 4
|
||||
|
||||
# Size of an RR portion (type,class,lenght and ttl)
|
||||
# Size of an RR portion (type,class,length and ttl)
|
||||
RRFIXEDSZ = 10
|
||||
|
||||
# Size of an int 32 bit
|
||||
|
|
|
|||
|
|
@ -89,7 +89,7 @@ module Net # :nodoc:
|
|||
# =Description
|
||||
#
|
||||
# The RCode class represents the RCode field in the Header portion of a
|
||||
# DNS packet. This field (called Response Code) is used to get informations
|
||||
# DNS packet. This field (called Response Code) is used to get information
|
||||
# about the status of a DNS operation, such as a query or an update. These
|
||||
# are the values in the original Mockapetris's standard (RFC1035):
|
||||
#
|
||||
|
|
@ -318,7 +318,7 @@ module Net # :nodoc:
|
|||
# # | 0 |
|
||||
# # +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
||||
#
|
||||
# This can be very usefull for didactical purpouses :)
|
||||
# This can be very useful for didactical purpouses :)
|
||||
#
|
||||
def format
|
||||
del = ("+-" * 16) + "+\n"
|
||||
|
|
@ -488,7 +488,7 @@ module Net # :nodoc:
|
|||
#
|
||||
# The truncated flag is used in response packets to indicate
|
||||
# that the amount of data to be trasmitted exceedes the
|
||||
# maximum allowed by the protocol in use, tipically UDP, and
|
||||
# maximum allowed by the protocol in use, typically UDP, and
|
||||
# that the data present in the packet has been truncated.
|
||||
# A different protocol (such has TCP) need to be used to
|
||||
# retrieve full data.
|
||||
|
|
|
|||
|
|
@ -113,7 +113,7 @@ module Net # :nodoc:
|
|||
attr_reader :answerfrom, :answersize
|
||||
|
||||
# Create a new instance of Net::DNS::Packet class. Arguments are the
|
||||
# canonical name of the resourse, an optional type field and an optional
|
||||
# canonical name of the resource, an optional type field and an optional
|
||||
# class field. The record type and class can be omitted; they default
|
||||
# to +A+ and +IN+.
|
||||
#
|
||||
|
|
@ -146,7 +146,7 @@ module Net # :nodoc:
|
|||
# the method will accept it.
|
||||
#
|
||||
# Be sure that your network data is clean from any UDP/TCP header,
|
||||
# expecially when using RAW sockets.
|
||||
# especially when using RAW sockets.
|
||||
#
|
||||
def Packet.parse(*args)
|
||||
o = allocate
|
||||
|
|
@ -300,7 +300,7 @@ module Net # :nodoc:
|
|||
@header.truncated?
|
||||
end
|
||||
|
||||
# Assing a Net::DNS::Header object to a Net::DNS::Packet
|
||||
# Assign a Net::DNS::Header object to a Net::DNS::Packet
|
||||
# instance.
|
||||
#
|
||||
def header=(object)
|
||||
|
|
|
|||
|
|
@ -121,7 +121,7 @@ module Net # :nodoc:
|
|||
# do, look at the description of each.
|
||||
# Some example:
|
||||
#
|
||||
# # Use the sistem defaults
|
||||
# # Use the system defaults
|
||||
# res = Net::DNS::Resolver.new
|
||||
#
|
||||
# # Specify a configuration file
|
||||
|
|
@ -402,12 +402,12 @@ module Net # :nodoc:
|
|||
#
|
||||
# res.source_port = 40000
|
||||
#
|
||||
# Note that if you want to set a port you need root priviledges, as
|
||||
# Note that if you want to set a port you need root privileges, as
|
||||
# raw sockets will be used to generate packets. The class will then
|
||||
# generate the exception ResolverPermissionError if you're not root.
|
||||
#
|
||||
# The default is 0, which means that the port will be chosen by the
|
||||
# underlaying layers.
|
||||
# underlying layers.
|
||||
#
|
||||
def source_port=(num)
|
||||
unless root?
|
||||
|
|
@ -445,11 +445,11 @@ module Net # :nodoc:
|
|||
#
|
||||
# Another way to use this option is for some kind of spoofing attacks
|
||||
# towards weak nameservers, to probe the security of your network.
|
||||
# This includes specifing ranged attacks such as DoS and others. For
|
||||
# This includes specifying ranged attacks such as DoS and others. For
|
||||
# a paper on DNS security, checks http://www.marcoceresa.com/security/
|
||||
#
|
||||
# Note that if you want to set a non-binded source address you need
|
||||
# root priviledges, as raw sockets will be used to generate packets.
|
||||
# root privileges, as raw sockets will be used to generate packets.
|
||||
# The class will then generate an exception if you're not root.
|
||||
#
|
||||
# The default is 0.0.0.0, meaning any local address (chosen on routing
|
||||
|
|
@ -562,7 +562,7 @@ module Net # :nodoc:
|
|||
end
|
||||
alias_method :recurse=, :recursive=
|
||||
|
||||
# Return a string rapresenting the resolver state, suitable
|
||||
# Return a string representing the resolver state, suitable
|
||||
# for printing on the screen.
|
||||
#
|
||||
# puts "Resolver state:"
|
||||
|
|
@ -681,7 +681,7 @@ module Net # :nodoc:
|
|||
# Return an object representing the value of the stored TCP
|
||||
# timeout the resolver will use in is queries. This object
|
||||
# is an instance of the class +TcpTimeout+, and two methods
|
||||
# are available for printing informations: TcpTimeout#to_s
|
||||
# are available for printing information: TcpTimeout#to_s
|
||||
# and TcpTimeout#pretty_to_s.
|
||||
#
|
||||
# Here's some example:
|
||||
|
|
@ -714,7 +714,7 @@ module Net # :nodoc:
|
|||
# Return an object representing the value of the stored UDP
|
||||
# timeout the resolver will use in is queries. This object
|
||||
# is an instance of the class +UdpTimeout+, and two methods
|
||||
# are available for printing informations: UdpTimeout#to_s
|
||||
# are available for printing information: UdpTimeout#to_s
|
||||
# and UdpTimeout#pretty_to_s.
|
||||
#
|
||||
# Here's some example:
|
||||
|
|
@ -751,7 +751,7 @@ module Net # :nodoc:
|
|||
#
|
||||
# res.log_file = $stderr
|
||||
#
|
||||
# Note that a new logging facility will be create, destroing
|
||||
# Note that a new logging facility will be create, destroying
|
||||
# the old one, which will then be impossibile to recover.
|
||||
#
|
||||
def log_file=(log)
|
||||
|
|
@ -801,7 +801,7 @@ module Net # :nodoc:
|
|||
# -d switch is used at the command line) the logger level is
|
||||
# automatically set at DEGUB.
|
||||
#
|
||||
# For further informations, see Logger documentation in the
|
||||
# For further information, see Logger documentation in the
|
||||
# Ruby standard library.
|
||||
#
|
||||
def log_level=(level)
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ class RawSocket # :nodoc:
|
|||
# Set correct protocol version in the header
|
||||
@version = @dest_addr.ipv4? ? "0100" : "0110"
|
||||
|
||||
# Total lenght: must be overridden by subclasses
|
||||
# Total length: must be overridden by subclasses
|
||||
@tot_lenght = 20
|
||||
|
||||
# Protocol: must be overridden by subclasses
|
||||
|
|
@ -121,7 +121,7 @@ class UdpRawSocket < RawSocket # :nodoc:
|
|||
@src_port = check_port src_port
|
||||
@dest_port = check_port dest_port
|
||||
|
||||
# Total lenght: must be overridden by subclasses
|
||||
# Total length: must be overridden by subclasses
|
||||
@tot_lenght = 20 + 8 # 8 bytes => UDP Header
|
||||
|
||||
# Protocol: must be overridden by subclasses
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ module Net # :nodoc:
|
|||
# The Net::DNS::RR is the base class for DNS Resource
|
||||
# Record (RR) objects. A RR is a pack of data that represents
|
||||
# resources for a DNS zone. The form in which this data is
|
||||
# shows can be drawed as follow:
|
||||
# shows can be drawn as follow:
|
||||
#
|
||||
# "name ttl class type data"
|
||||
#
|
||||
|
|
@ -92,7 +92,7 @@ module Net # :nodoc:
|
|||
# Create a new instance of Net::DNS::RR class, or an instance of
|
||||
# any of the subclass of the appropriate type.
|
||||
#
|
||||
# Argument can be a string or an hash. With a sting, we can pass
|
||||
# Argument can be a string or an hash. With a string, we can pass
|
||||
# a RR resource record in the canonical format:
|
||||
#
|
||||
# a = Net::DNS::RR.new("foo.example.com. 86400 A 10.1.2.3")
|
||||
|
|
@ -104,7 +104,7 @@ module Net # :nodoc:
|
|||
# respectively Net::DNS::RR::A, Net::DNS::RR::MX, Net::DNS::RR::CNAME and
|
||||
# Net::DNS::RR::TXT classes.
|
||||
#
|
||||
# The name and RR data are required; all other informations are optional.
|
||||
# The name and RR data are required; all other information are optional.
|
||||
# If omitted, the +TTL+ defaults to 10800, +type+ default to +A+ and the RR class
|
||||
# defaults to +IN+. Omitting the optional fields is useful for creating the
|
||||
# empty RDATA sections required for certain dynamic update operations.
|
||||
|
|
@ -165,7 +165,7 @@ module Net # :nodoc:
|
|||
end
|
||||
|
||||
# Same as RR.parse, but takes an entire packet binary data to
|
||||
# perform name expansion. Default when analizing a packet
|
||||
# perform name expansion. Default when analyzing a packet
|
||||
# just received from a network stream.
|
||||
#
|
||||
# Return an instance of appropriate class and the offset
|
||||
|
|
|
|||
|
|
@ -35,9 +35,9 @@ module Net # :nodoc:
|
|||
# :type => Net::DNS::A,
|
||||
# :address => "127.0.0.1")
|
||||
#
|
||||
# When computing binary data to trasmit the RR, the RDATA section is an
|
||||
# When computing binary data to transmit the RR, the RDATA section is an
|
||||
# Internet address expressed as four decimal numbers separated by dots
|
||||
# without any imbedded spaces (e.g.,"10.2.0.52" or "192.0.5.6").
|
||||
# without any embedded spaces (e.g.,"10.2.0.52" or "192.0.5.6").
|
||||
#
|
||||
class A < RR
|
||||
attr_reader :address
|
||||
|
|
|
|||
|
|
@ -102,7 +102,7 @@ module Net # :nodoc:
|
|||
end
|
||||
end
|
||||
|
||||
# Contructor for numeric data class
|
||||
# Constructor for numeric data class
|
||||
# *PRIVATE* method
|
||||
def new_from_num(cls)
|
||||
raise ClassArgumentError, "Invalid class #{cls}" if cls < 0 || cls > 0xFFFF
|
||||
|
|
|
|||
|
|
@ -35,14 +35,14 @@ module Net # :nodoc:
|
|||
'RT' => 21, # RFC 1183, Section 3.3
|
||||
'NSAP' => 22, # RFC 1706, Section 5
|
||||
'NSAP_PTR' => 23, # RFC 1348 (obsolete)
|
||||
# The following 2 RRs are impemented in Net::DNS::SEC, TODO
|
||||
# The following 2 RRs are implemented in Net::DNS::SEC, TODO
|
||||
'SIG' => 24, # RFC 2535, Section 4.1
|
||||
'KEY' => 25, # RFC 2535, Section 3.1
|
||||
'PX' => 26, # RFC 2163,
|
||||
'GPOS' => 27, # RFC 1712 (obsolete)
|
||||
'AAAA' => 28, # RFC 1886, Section 2.1
|
||||
'LOC' => 29, # RFC 1876
|
||||
# The following RR is impemented in Net::DNS::SEC, TODO
|
||||
# The following RR is implemented in Net::DNS::SEC, TODO
|
||||
'NXT' => 30, # RFC 2535, Section 5.2
|
||||
'EID' => 31, # draft-ietf-nimrod-dns-xx.txt
|
||||
'NIMLOC' => 32, # draft-ietf-nimrod-dns-xx.txt
|
||||
|
|
@ -53,7 +53,7 @@ module Net # :nodoc:
|
|||
'CERT' => 37, # RFC 2538
|
||||
'DNAME' => 39, # RFC 2672
|
||||
'OPT' => 41, # RFC 2671
|
||||
# The following 4 RRs are impemented in Net::DNS::SEC TODO
|
||||
# The following 4 RRs are implemented in Net::DNS::SEC TODO
|
||||
'DS' => 43, # draft-ietf-dnsext-delegation-signer
|
||||
'SSHFP' => 44, # draft-ietf-secsh-dns (No RFC # yet at time of coding)
|
||||
'RRSIG' => 46, # draft-ietf-dnsext-dnssec-2535typecode-change
|
||||
|
|
@ -180,7 +180,7 @@ module Net # :nodoc:
|
|||
end
|
||||
end
|
||||
|
||||
# Contructor for numeric data type
|
||||
# Constructor for numeric data type
|
||||
# *PRIVATE* method
|
||||
def new_from_num(type)
|
||||
raise TypeArgumentError, "Invalid type #{type}" if type < 0 || type > 0xFFFF
|
||||
|
|
|
|||
|
|
@ -100,7 +100,7 @@ class Connection
|
|||
raise "unknown auth type '#{msg.auth_type}' with buffer content:\n#{Rex::Text.to_hex_dump(msg.buffer.content)}"
|
||||
|
||||
when AuthentificationKerberosV4, AuthentificationKerberosV5, AuthentificationSCMCredential
|
||||
raise "unsupported authentification"
|
||||
raise "unsupported authentication"
|
||||
|
||||
when AuthentificationOk
|
||||
when ErrorResponse
|
||||
|
|
|
|||
|
|
@ -109,7 +109,7 @@ class UnknownMessageType < Message
|
|||
end
|
||||
end
|
||||
|
||||
class Authentification < Message
|
||||
class Authentication < Message
|
||||
register_message_type 'R'
|
||||
|
||||
AuthTypeMap = {}
|
||||
|
|
@ -152,7 +152,7 @@ class Authentification < Message
|
|||
end
|
||||
end
|
||||
|
||||
class UnknownAuthType < Authentification
|
||||
class UnknownAuthType < Authentication
|
||||
attr_reader :auth_type
|
||||
attr_reader :buffer
|
||||
|
||||
|
|
@ -162,19 +162,19 @@ class UnknownAuthType < Authentification
|
|||
end
|
||||
end
|
||||
|
||||
class AuthentificationOk < Authentification
|
||||
class AuthentificationOk < Authentication
|
||||
register_auth_type 0
|
||||
end
|
||||
|
||||
class AuthentificationKerberosV4 < Authentification
|
||||
class AuthentificationKerberosV4 < Authentication
|
||||
register_auth_type 1
|
||||
end
|
||||
|
||||
class AuthentificationKerberosV5 < Authentification
|
||||
class AuthentificationKerberosV5 < Authentication
|
||||
register_auth_type 2
|
||||
end
|
||||
|
||||
class AuthentificationClearTextPassword < Authentification
|
||||
class AuthentificationClearTextPassword < Authentication
|
||||
register_auth_type 3
|
||||
end
|
||||
|
||||
|
|
@ -201,20 +201,20 @@ module SaltedAuthentificationMixin
|
|||
end
|
||||
end
|
||||
|
||||
class AuthentificationCryptPassword < Authentification
|
||||
class AuthentificationCryptPassword < Authentication
|
||||
register_auth_type 4
|
||||
include SaltedAuthentificationMixin
|
||||
def salt_size; 2 end
|
||||
end
|
||||
|
||||
|
||||
class AuthentificationMD5Password < Authentification
|
||||
class AuthentificationMD5Password < Authentication
|
||||
register_auth_type 5
|
||||
include SaltedAuthentificationMixin
|
||||
def salt_size; 4 end
|
||||
end
|
||||
|
||||
class AuthentificationSCMCredential < Authentification
|
||||
class AuthentificationSCMCredential < Authentication
|
||||
register_auth_type 6
|
||||
end
|
||||
|
||||
|
|
@ -223,7 +223,7 @@ end
|
|||
#
|
||||
# Binary format:
|
||||
# https://www.postgresql.org/docs/current/protocol-message-formats.html
|
||||
class AuthenticationSASL < Authentification
|
||||
class AuthenticationSASL < Authentication
|
||||
# Int32(10) - Specifies that SASL authentication is required.
|
||||
register_auth_type 10
|
||||
|
||||
|
|
@ -264,7 +264,7 @@ end
|
|||
|
||||
# AuthenticationSASLContinue (B)
|
||||
# https://www.postgresql.org/docs/current/protocol-message-formats.html
|
||||
class AuthenticationSASLContinue < Authentification
|
||||
class AuthenticationSASLContinue < Authentication
|
||||
# Int32(11) - Specifies that this message contains a SASL challenge.
|
||||
register_auth_type 11
|
||||
|
||||
|
|
@ -294,7 +294,7 @@ end
|
|||
|
||||
# AuthenticationSASLFinal (B)
|
||||
# https://www.postgresql.org/docs/current/protocol-message-formats.html
|
||||
class AuthenticationSASLFinal < Authentification
|
||||
class AuthenticationSASLFinal < Authentication
|
||||
# Int32(11) - Specifies that this message contains a SASL challenge.
|
||||
register_auth_type 12
|
||||
|
||||
|
|
|
|||
|
|
@ -354,7 +354,7 @@ class RbMysql
|
|||
end
|
||||
|
||||
# @private
|
||||
# retrun corresponding Ruby encoding
|
||||
# return corresponding Ruby encoding
|
||||
# @return [Encoding] encoding
|
||||
def encoding
|
||||
enc = CHARSET_ENCODING[@name.downcase]
|
||||
|
|
@ -363,7 +363,7 @@ class RbMysql
|
|||
end
|
||||
|
||||
# @private
|
||||
# convert encoding to corrensponding to MySQL charset
|
||||
# convert encoding to corresponding to MySQL charset
|
||||
# @param [String] value
|
||||
# @return [String]
|
||||
def convert(value)
|
||||
|
|
|
|||
|
|
@ -377,7 +377,7 @@ module Rex
|
|||
web_vuln_info[:risk] = 5
|
||||
web_vuln_info[:params] = []
|
||||
unless @state[:report_item][:parameter].blank?
|
||||
# Acunetix only lists a single paramter...
|
||||
# Acunetix only lists a single parameter...
|
||||
web_vuln_info[:params] << [ @state[:report_item][:parameter].to_s, "" ]
|
||||
end
|
||||
web_vuln_info[:category] = "imported"
|
||||
|
|
|
|||
|
|
@ -64,7 +64,7 @@ module Rex
|
|||
|
||||
#
|
||||
# Get the file from the MFT number
|
||||
# The size must be gived because the $FILENAME attribute
|
||||
# The size must be given because the $FILENAME attribute
|
||||
# in the MFT entry does not contain it
|
||||
# The file is in $DATA (128) Attribute
|
||||
#
|
||||
|
|
|
|||
|
|
@ -62,7 +62,7 @@ private
|
|||
end
|
||||
session_data = [
|
||||
0, # comms socket, patched in by the stager
|
||||
exit_func, # exit function identifer
|
||||
exit_func, # exit function identifier
|
||||
opts[:expiration], # Session expiry
|
||||
uuid, # the UUID
|
||||
session_guid, # the Session GUID
|
||||
|
|
|
|||
|
|
@ -22,7 +22,7 @@ module Stager
|
|||
# * Our sysenter handler and ring3 stagers are copied over to safe location.
|
||||
# * The SYSENTER_EIP_MSR is patched to point to our sysenter handler.
|
||||
# * The ring0 thread we are in is placed in a halted state.
|
||||
# * Upon any ring3 proces issuing a sysenter command our ring0 sysenter handler gets control.
|
||||
# * Upon any ring3 process issuing a sysenter command our ring0 sysenter handler gets control.
|
||||
# * The ring3 return address is modified to force our ring3 stub to be called if certain conditions met.
|
||||
# * If NX is enabled we patch the respective page table entry to disable it for the ring3 code.
|
||||
# * Control is passed to real sysenter handler, upon the real sysenter handler finishing, sysexit will return to our ring3 stager.
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ require 'rex/post/io'
|
|||
module Rex
|
||||
module Post
|
||||
|
||||
# make this a module so we can mix it in, and have inheritence like..
|
||||
# make this a module so we can mix it in, and have inheritance like..
|
||||
# => [Rex::Post::DispatchNinja::File, Rex::Post::File,
|
||||
# Rex::Post::DispatchNinja::IO, Rex::Post::IO, Object, Kernel]
|
||||
|
||||
|
|
@ -47,7 +47,7 @@ module File
|
|||
def File.extname(*a)
|
||||
::File.extname(*a)
|
||||
end
|
||||
# !!! we might actually want to handle this File::SEPERATOR stuff
|
||||
# !!! we might actually want to handle this File::SEPARATOR stuff
|
||||
# for win32 support, etc.
|
||||
def File.join(*a)
|
||||
::File.join(*a)
|
||||
|
|
@ -79,7 +79,7 @@ module File
|
|||
end
|
||||
|
||||
# this, along with all the other globbing/search stuff, probably
|
||||
# won't get implemented, atleast for a bit...
|
||||
# won't get implemented, at least for a bit...
|
||||
def File.expand_path
|
||||
raise NotImplementedError
|
||||
end
|
||||
|
|
|
|||
|
|
@ -149,7 +149,7 @@ class FileStat
|
|||
# S_IXGRP 00010 group has execute permission
|
||||
# S_IRWXO 00007 mask for permissions for others (not in group)
|
||||
# S_IROTH 00004 others have read permission
|
||||
# S_IWOTH 00002 others have write permisson
|
||||
# S_IWOTH 00002 others have write permission
|
||||
# S_IXOTH 00001 others have execute permission
|
||||
#
|
||||
|
||||
|
|
|
|||
|
|
@ -33,7 +33,7 @@ class CustomMethods < Extension
|
|||
# cmd is the cmd without a path
|
||||
# args are all KEY=value pairs. All checks are assumed to have already been done
|
||||
# methods is a hash of all methods and their formatting
|
||||
# returns a formated response
|
||||
# returns a formatted response
|
||||
#
|
||||
def send_request(cmd, args, methods)
|
||||
arguments = ""
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ class RFTransceiver < Extension
|
|||
# Receives a packet
|
||||
# @param idx [Integer] HW Index
|
||||
# @param opt [Hash] Optional parameters: "timeout" => Integer, "blocksize" => Integer
|
||||
# @return [Hash] "data" => <recieved data> "timestamp" => When it was received
|
||||
# @return [Hash] "data" => <received data> "timestamp" => When it was received
|
||||
def rfrecv(idx, opt={})
|
||||
request = "/rftransceiver/#{idx}/rfrecv"
|
||||
if opt.size() > 0
|
||||
|
|
|
|||
|
|
@ -66,7 +66,7 @@ class Console::CommandDispatcher::Automotive
|
|||
end
|
||||
|
||||
#
|
||||
# Retrives the current confiugration of a bus
|
||||
# Retrieves the current confiugration of a bus
|
||||
#
|
||||
def cmd_busconfig(*args)
|
||||
bus = ''
|
||||
|
|
@ -93,7 +93,7 @@ class Console::CommandDispatcher::Automotive
|
|||
end
|
||||
|
||||
#
|
||||
# 'connects' to a bus, this retrives the supported_methods
|
||||
# 'connects' to a bus, this retrieves the supported_methods
|
||||
# specific to this bus
|
||||
#
|
||||
def cmd_connect(*args)
|
||||
|
|
|
|||
|
|
@ -196,7 +196,7 @@ class Console::CommandDispatcher::Core
|
|||
def cmd_status_help
|
||||
print_line("Usage: status")
|
||||
print_line
|
||||
print_line "Retrives the devices current status and statistics"
|
||||
print_line "Retrieves the devices current status and statistics"
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -262,7 +262,7 @@ class Console::CommandDispatcher::RFtransceiver
|
|||
end
|
||||
|
||||
#
|
||||
# Recieve data packet
|
||||
# Receive data packet
|
||||
#
|
||||
def cmd_recv(*args)
|
||||
self.idx ||= 0
|
||||
|
|
@ -496,7 +496,7 @@ class Console::CommandDispatcher::RFtransceiver
|
|||
|
||||
def cmd_preamble_help
|
||||
print_line("get the minimum number of preamble bits to be transmitted. note this is a flag, not a count")
|
||||
print_line("so the return value must be interpeted - e.g. 0x30 == 0x03 << 4 == MFMCFG1_NUM_PREAMBLE_6 == 6 bytes")
|
||||
print_line("so the return value must be interpreted - e.g. 0x30 == 0x03 << 4 == MFMCFG1_NUM_PREAMBLE_6 == 6 bytes")
|
||||
end
|
||||
|
||||
#
|
||||
|
|
|
|||
|
|
@ -170,7 +170,7 @@ class Client
|
|||
self.debug_build = opts[:debug_build]
|
||||
|
||||
|
||||
# Protocol specific dispatch mixins go here, this may be neader with explicit Client classes
|
||||
# Protocol specific dispatch mixins go here, this may be neater with explicit Client classes
|
||||
opts[:dispatch_ext].each {|dx| self.extend(dx)} if opts[:dispatch_ext]
|
||||
initialize_passive_dispatcher if opts[:passive_dispatcher]
|
||||
|
||||
|
|
|
|||
|
|
@ -603,7 +603,7 @@ class ClientCore < Extension
|
|||
target_process = nil
|
||||
current_process = nil
|
||||
|
||||
# Load in the stdapi extension if not allready present so we can determine the target pid architecture...
|
||||
# Load in the stdapi extension if not already present so we can determine the target pid architecture...
|
||||
client.core.use('stdapi') if not client.ext.aliases.include?('stdapi')
|
||||
|
||||
current_pid = client.sys.process.getpid
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ class Clipboard
|
|||
end
|
||||
|
||||
#
|
||||
# Dump the conents of the clipboard monitor to the local machine.
|
||||
# Dump the contents of the clipboard monitor to the local machine.
|
||||
#
|
||||
def monitor_dump(opts)
|
||||
pull_img = opts[:include_images]
|
||||
|
|
|
|||
|
|
@ -461,7 +461,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
|
|||
stat.call(msg, src_file, dest_file)
|
||||
end while (data != nil)
|
||||
else
|
||||
# do the simple copying quiting on the first error
|
||||
# do the simple copying quitting on the first error
|
||||
while ((data = src_fd.read(block_size)) != nil)
|
||||
dst_fd.write(data)
|
||||
percent = dst_fd.pos.to_f / src_stat.size.to_f * 100.0
|
||||
|
|
@ -515,7 +515,7 @@ class File < Rex::Post::Meterpreter::Extensions::Stdapi::Fs::IO
|
|||
|
||||
##
|
||||
#
|
||||
# IO implementators
|
||||
# IO implementers
|
||||
#
|
||||
##
|
||||
|
||||
|
|
|
|||
|
|
@ -230,7 +230,7 @@ class Config
|
|||
end
|
||||
|
||||
#
|
||||
# Get's the current proxy configuration
|
||||
# Gets the current proxy configuration
|
||||
#
|
||||
def get_proxy_config()
|
||||
request = Packet.create_request(COMMAND_ID_STDAPI_NET_CONFIG_GET_PROXY)
|
||||
|
|
|
|||
|
|
@ -94,7 +94,7 @@ class ConstManager
|
|||
consts[name] = value
|
||||
end
|
||||
|
||||
# parses a string constaining constants and returns an integer
|
||||
# parses a string containing constants and returns an integer
|
||||
# the string can be either "CONST" or "CONST1 | CONST2"
|
||||
#
|
||||
# this function will NOT throw an exception but return "nil" if it can't parse a string
|
||||
|
|
|
|||
|
|
@ -14,8 +14,8 @@ class LibraryWrapper
|
|||
@_client = client
|
||||
end
|
||||
|
||||
# For backwards compatability. People check if functions are added this way
|
||||
# XXX: Depricate this
|
||||
# For backwards compatibility. People check if functions are added this way
|
||||
# XXX: Deprecate this
|
||||
def functions
|
||||
# warn 'Depricated.'
|
||||
_library.functions
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ class Process < Rex::Post::Process
|
|||
end
|
||||
|
||||
#
|
||||
# Attachs to the supplied process with a given set of permissions.
|
||||
# Attaches to the supplied process with a given set of permissions.
|
||||
#
|
||||
def Process.open(pid = nil, perms = nil)
|
||||
real_perms = 0
|
||||
|
|
@ -388,7 +388,7 @@ class Process < Rex::Post::Process
|
|||
|
||||
#
|
||||
# Block until this process terminates on the remote side.
|
||||
# By default we choose not to allow a packet responce timeout to
|
||||
# By default we choose not to allow a packet response timeout to
|
||||
# occur as we may be waiting indefinatly for the process to terminate.
|
||||
#
|
||||
def wait( timeout = -1 )
|
||||
|
|
|
|||
|
|
@ -203,7 +203,7 @@ class UI < Rex::Post::UI
|
|||
request.add_tlv( TLV_TYPE_DESKTOP_SCREENSHOT_PE32DLL_BUFFER, screenshot_dll, false, true )
|
||||
end
|
||||
|
||||
# send the request and return the jpeg image if successfull.
|
||||
# send the request and return the jpeg image if successful.
|
||||
response = client.send_request( request )
|
||||
if( response.result == 0 )
|
||||
return response.get_tlv_value( TLV_TYPE_DESKTOP_SCREENSHOT )
|
||||
|
|
|
|||
|
|
@ -178,7 +178,7 @@ package com.metasploit.meterpreter.command;
|
|||
/**
|
||||
* All supported Command Identifiers
|
||||
*
|
||||
* @author Genereated by a tool @ #{::Time.now.utc}
|
||||
* @author Generated by a tool @ #{::Time.now.utc}
|
||||
*/
|
||||
public interface CommandId {
|
||||
#{command_ids.join("\n")}
|
||||
|
|
@ -459,7 +459,7 @@ class Tlv
|
|||
# compress the raw data
|
||||
raw_compressed = Rex::Text.zlib_deflate( raw_uncompressed )
|
||||
# check we have actually made the raw data smaller...
|
||||
# (small blobs often compress slightly larger then the origional)
|
||||
# (small blobs often compress slightly larger then the original)
|
||||
# if the compressed data is not smaller, we dont use the compressed data
|
||||
if( raw_compressed.length < raw_uncompressed.length )
|
||||
# if so, set the TLV's type to indicate compression is used
|
||||
|
|
@ -486,7 +486,7 @@ class Tlv
|
|||
# set this TLV as using compression
|
||||
@compress = true
|
||||
# remove the TLV_META_TYPE_COMPRESSED flag from the tlv type to restore the
|
||||
# tlv type to its origional, allowing for transparent data compression.
|
||||
# tlv type to its original, allowing for transparent data compression.
|
||||
self.type = self.type ^ TLV_META_TYPE_COMPRESSED
|
||||
# decompress the compressed data (skipping the length and type DWORD's)
|
||||
raw_decompressed = Rex::Text.zlib_inflate( raw[HEADER_SIZE..length-1] )
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ end
|
|||
###
|
||||
module PacketDispatcher
|
||||
|
||||
# Defualt time, in seconds, to wait for a response after sending a packet
|
||||
# Default time, in seconds, to wait for a response after sending a packet
|
||||
PACKET_TIMEOUT = 600
|
||||
|
||||
# Number of seconds to wait without getting any packets before we try to
|
||||
|
|
|
|||
|
|
@ -24,7 +24,7 @@ class Console::CommandDispatcher::AppApi
|
|||
def commands
|
||||
all = {
|
||||
'app_list' => 'List installed apps in the device',
|
||||
'app_run' => 'Start Main Activty for package name',
|
||||
'app_run' => 'Start Main Activity for package name',
|
||||
'app_install' => 'Request to install apk file',
|
||||
'app_uninstall' => 'Request to uninstall application'
|
||||
}
|
||||
|
|
@ -125,12 +125,12 @@ class Console::CommandDispatcher::AppApi
|
|||
end
|
||||
|
||||
#
|
||||
# Start Main Activty for installed application by Package name
|
||||
# Start Main Activity for installed application by Package name
|
||||
#
|
||||
def cmd_app_run(*args)
|
||||
if (args.length < 1)
|
||||
print_error('[-] Usage: app_run <package_name>')
|
||||
print_error('[-] Start Main Activty for package name.')
|
||||
print_error('[-] Start Main Activity for package name.')
|
||||
print_error('[-] You can use "app_list" to pick your packagename.')
|
||||
print_status('eg. app_run com.corrm.clac')
|
||||
return
|
||||
|
|
@ -140,14 +140,14 @@ class Console::CommandDispatcher::AppApi
|
|||
|
||||
case client.appapi.app_run(package_name)
|
||||
when 1
|
||||
print_good("Main Activty for '#{package_name}' has started.")
|
||||
print_good("Main Activity for '#{package_name}' has started.")
|
||||
when 2
|
||||
print_error("'#{package_name}' Not Found.")
|
||||
end
|
||||
end
|
||||
|
||||
#
|
||||
# Function to help printing list of informations
|
||||
# Function to help printing list of information
|
||||
#
|
||||
def to_table(data)
|
||||
column_headers = ['Name', 'Package', 'Running', 'IsSystem']
|
||||
|
|
|
|||
|
|
@ -513,7 +513,7 @@ class Console::CommandDispatcher::Core
|
|||
|
||||
@@set_timeouts_opts = Rex::Parser::Arguments.new(
|
||||
'-c' => [true, 'Comms timeout (seconds)'],
|
||||
'-x' => [true, 'Expiration timout (seconds)'],
|
||||
'-x' => [true, 'Expiration timeout (seconds)'],
|
||||
'-t' => [true, 'Retry total time (seconds)'],
|
||||
'-w' => [true, 'Retry wait time (seconds)'],
|
||||
'-h' => [false, 'Help menu'])
|
||||
|
|
@ -748,7 +748,7 @@ class Console::CommandDispatcher::Core
|
|||
'-N' => [true, 'Proxy password for HTTP/S transports (optional)'],
|
||||
'-B' => [true, 'Proxy type for HTTP/S transports (optional: http, socks; default: http)'],
|
||||
'-C' => [true, 'Comms timeout (seconds) (default: same as current session)'],
|
||||
'-X' => [true, 'Expiration timout (seconds) (default: same as current session)'],
|
||||
'-X' => [true, 'Expiration timeout (seconds) (default: same as current session)'],
|
||||
'-T' => [true, 'Retry total time (seconds) (default: same as current session)'],
|
||||
'-W' => [true, 'Retry wait time (seconds) (default: same as current session)'],
|
||||
'-v' => [false, 'Show the verbose format of the transport list'],
|
||||
|
|
|
|||
|
|
@ -52,7 +52,7 @@ class Console::CommandDispatcher::Espia
|
|||
secs = args[0].to_i
|
||||
if secs > 0 and secs <= maxrec
|
||||
milsecs = secs*1000
|
||||
print_line("[*] Recording #{milsecs} miliseconds.\n")
|
||||
print_line("[*] Recording #{milsecs} milliseconds.\n")
|
||||
client.espia.espia_audio_get_dev_audio(milsecs)
|
||||
print_line("[*] Done.")
|
||||
else
|
||||
|
|
|
|||
|
|
@ -57,7 +57,7 @@ class Console::CommandDispatcher::Kiwi
|
|||
#
|
||||
def commands
|
||||
{
|
||||
'kiwi_cmd' => 'Execute an arbitary mimikatz command (unparsed)',
|
||||
'kiwi_cmd' => 'Execute an arbitrary mimikatz command (unparsed)',
|
||||
'dcsync' => 'Retrieve user account information via DCSync (unparsed)',
|
||||
'dcsync_ntlm' => 'Retrieve user account NTLM hash, SID and RID via DCSync',
|
||||
'creds_wdigest' => 'Retrieve WDigest creds (parsed)',
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ class Console::CommandDispatcher::Lanattacks::Dhcp
|
|||
|
||||
print_status( "Starting DHCP server ...")
|
||||
client.lanattacks.dhcp.start
|
||||
print_good( "DHCP server startd.")
|
||||
print_good( "DHCP server started.")
|
||||
end
|
||||
|
||||
@@dhcp_stop_opts = Rex::Parser::Arguments.new(
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ class Console::CommandDispatcher::Lanattacks::Tftp
|
|||
|
||||
print_status( "Starting TFTP server ..." )
|
||||
client.lanattacks.tftp.start
|
||||
print_good( "TFTP server startd." )
|
||||
print_good( "TFTP server started." )
|
||||
end
|
||||
|
||||
@@tftp_stop_opts = Rex::Parser::Arguments.new(
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ class Console::CommandDispatcher::Peinjector
|
|||
|
||||
|
||||
@@injectpe_opts = Rex::Parser::Arguments.new(
|
||||
'-p' => [true, 'Windows Payload to inject into the targer executable.'],
|
||||
'-p' => [true, 'Windows Payload to inject into the target executable.'],
|
||||
'-t' => [true, 'Path of the target executable to be injected'],
|
||||
'-o' => [true, 'Comma separated list of additional options for payload if needed in \'opt1=val,opt2=val\' format.'],
|
||||
'-h' => [false, 'Help banner']
|
||||
|
|
|
|||
|
|
@ -1120,7 +1120,7 @@ class Console::CommandDispatcher::Stdapi::Fs
|
|||
#
|
||||
# Provide a generic tab completion for client file names.
|
||||
# This tab complete method would create request to the client, so
|
||||
# sometimes it wouldn't execute successfully especailly on bad network.
|
||||
# sometimes it wouldn't execute successfully especially on bad network.
|
||||
#
|
||||
def tab_complete_cfilenames(str, words)
|
||||
tab_complete_path(str, words, false)
|
||||
|
|
|
|||
|
|
@ -660,7 +660,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
|
||||
#
|
||||
# validates an array of pids against the running processes on target host
|
||||
# behavior can be controlled to allow/deny proces 0 and the session's process
|
||||
# behavior can be controlled to allow/deny process 0 and the session's process
|
||||
# the pids:
|
||||
# - are converted to integers
|
||||
# - have had pid 0 removed unless allow_pid_0
|
||||
|
|
@ -686,7 +686,7 @@ class Console::CommandDispatcher::Stdapi::Sys
|
|||
# get the current session pid so we don't suspend it later
|
||||
mypid = client.sys.process.getpid.to_i
|
||||
|
||||
# remove nils & redundant pids, conver to int
|
||||
# remove nils & redundant pids, convert to int
|
||||
clean_pids = pids.compact.uniq.map{|x| x.to_i}
|
||||
# now we look up the pids & remove bad stuff if nec
|
||||
clean_pids.delete_if do |p|
|
||||
|
|
|
|||
|
|
@ -390,7 +390,7 @@ class Console::CommandDispatcher::Stdapi::Ui
|
|||
|
||||
keyscan_opts = Rex::Parser::Arguments.new(
|
||||
"-h" => [ false, "Help Banner." ],
|
||||
"-v" => [ false, "Verbose logging: tracks the current active window in which keystrokes are occuring." ]
|
||||
"-v" => [ false, "Verbose logging: tracks the current active window in which keystrokes are occurring." ]
|
||||
)
|
||||
|
||||
keyscan_opts.parse(args) { | opt |
|
||||
|
|
|
|||
|
|
@ -25,7 +25,7 @@ module ACPP
|
|||
# There are several possible message types:
|
||||
#
|
||||
# * 20 -- retrieve settings (payload is some list of settings to obtain)
|
||||
# * 21 -- update setttings (and if the 'acRB' setting is set, it reboots)
|
||||
# * 21 -- update settings (and if the 'acRB' setting is set, it reboots)
|
||||
# * 3 -- Upload firmware
|
||||
#
|
||||
# TODO: if you find more, add them above.
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ class Server
|
|||
if ipstart
|
||||
self.start_ip = Rex::Socket.addr_atoi(ipstart)
|
||||
else
|
||||
# Use the first 3 octects of the server's IP to construct the
|
||||
# Use the first 3 octets of the server's IP to construct the
|
||||
# default range of x.x.x.32-254
|
||||
self.start_ip = "#{self.ipstring[0..2]}\x20".unpack("N").first
|
||||
end
|
||||
|
|
@ -46,7 +46,7 @@ class Server
|
|||
if ipend
|
||||
self.end_ip = Rex::Socket.addr_atoi(ipend)
|
||||
else
|
||||
# Use the first 3 octects of the server's IP to construct the
|
||||
# Use the first 3 octets of the server's IP to construct the
|
||||
# default range of x.x.x.32-254
|
||||
self.end_ip = "#{self.ipstring[0..2]}\xfe".unpack("N").first
|
||||
end
|
||||
|
|
@ -88,7 +88,7 @@ class Server
|
|||
end
|
||||
|
||||
self.leasetime = 600
|
||||
self.relayip = "\x00\x00\x00\x00" # relay ip - not currently suported
|
||||
self.relayip = "\x00\x00\x00\x00" # relay ip - not currently supported
|
||||
self.pxeconfigfile = "update2"
|
||||
self.pxealtconfigfile = "update0"
|
||||
self.pxepathprefix = ""
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ module DRDA
|
|||
class Utils
|
||||
|
||||
# Creates a packet with EXCSAT_DDM and an ACCSEC_DDM. This will elicit
|
||||
# a reponse from the target server.
|
||||
# a response from the target server.
|
||||
def self.client_probe(dbname=nil)
|
||||
pkt = [
|
||||
Rex::Proto::DRDA::Packet::EXCSAT_DDM.new,
|
||||
|
|
@ -111,7 +111,7 @@ class Utils
|
|||
next
|
||||
end
|
||||
end
|
||||
if info_hash[:serverity].to_i.zero? and info_hash[:security_check_code].to_i.zero?
|
||||
if info_hash[:severity].to_i.zero? and info_hash[:security_check_code].to_i.zero?
|
||||
info_hash[:db_login_success] = true
|
||||
end
|
||||
return info_hash
|
||||
|
|
|
|||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue