Top Level Namespace

Includes:
ERB::Util

Defined Under Namespace

Modules: Msf, Rex Classes: ConstBugTestA, ConstBugTestB, RouteArray

Constant Summary collapse

ConstBugTestC =
ConstBugTestA.dup
MSF_LICENSE =

Licenses

"Metasploit Framework License (BSD)"
GPL_LICENSE =
"GNU Public License v2.0"
BSD_LICENSE =
"BSD License"
ARTISTIC_LICENSE =
"Perl Artistic License"
UNKNOWN_LICENSE =
"Unknown License"
LICENSES =
[
  MSF_LICENSE,
  GPL_LICENSE,
  BSD_LICENSE,
  ARTISTIC_LICENSE,
  UNKNOWN_LICENSE
]
SHUT_RDWR =

Globalized socket constants

::Socket::SHUT_RDWR
SHUT_RD =
::Socket::SHUT_RD
SHUT_WR =
::Socket::SHUT_WR
LOG_ERROR =

Log severities

'error'
LOG_DEBUG =
'debug'
LOG_INFO =
'info'
LOG_WARN =
'warn'
LOG_RAW =
'raw'
LEV_0 =

LEV_0 - Default

This log level is the default log level if none is specified. It should be used when a log message should always be displayed when logging is enabled. Very few log messages should occur at this level aside from necessary information logging and error/warning logging. Debug logging at level zero is not advised.

0
LEV_1 =

LEV_1 - Extra

This log level should be used when extra information may be needed to understand the cause of an error or warning message or to get debugging information that might give clues as to why something is happening. This log level should be used only when information may be useful to understanding the behavior of something at a basic level. This log level should not be used in an exhaustively verbose fashion.

1
LEV_2 =

LEV_2 - Verbose

This log level should be used when verbose information may be needed to analyze the behavior of the framework. This should be the default log level for all detailed information not falling into LEV_0 or LEV_1. It is recommended that this log level be used by default if you are unsure.

2
LEV_3 =

LEV_3 - Insanity

This log level should contain very verbose information about the behavior of the framework, such as detailed information about variable states at certain phases including, but not limited to, loop iterations, function calls, and so on. This log level will rarely be displayed, but when it is the information provided should make it easy to analyze any problem.

3
ARCH_ANY =

Architecture constants

'_any_'
ARCH_X86 =
'x86'
ARCH_X86_64 =
'x86_64'
ARCH_X64 =

To be used for compatability with ARCH_X86_64

'x64'
ARCH_MIPS =
'mips'
ARCH_MIPSLE =
'mipsle'
ARCH_MIPSBE =
'mipsbe'
ARCH_PPC =
'ppc'
ARCH_PPC64 =
'ppc64'
ARCH_CBEA =
'cbea'
ARCH_CBEA64 =
'cbea64'
ARCH_SPARC =
'sparc'
ARCH_CMD =
'cmd'
ARCH_PHP =
'php'
ARCH_TTY =
'tty'
ARCH_ARMLE =
'armle'
ARCH_ARMBE =
'armbe'
ARCH_JAVA =
'java'
ARCH_RUBY =
'ruby'
ARCH_DALVIK =
'dalvik'
ARCH_PYTHON =
'python'
ARCH_NODEJS =
'nodejs'
ARCH_FIREFOX =
'firefox'
ARCH_TYPES =
[
  ARCH_X86,
  ARCH_X86_64,
  ARCH_MIPS,
  ARCH_MIPSLE,
  ARCH_MIPSBE,
  ARCH_PPC,
  ARCH_PPC64,
  ARCH_CBEA,
  ARCH_CBEA64,
  ARCH_SPARC,
  ARCH_ARMLE,
  ARCH_ARMBE,
  ARCH_CMD,
  ARCH_PHP,
  ARCH_TTY,
  ARCH_JAVA,
  ARCH_RUBY,
  ARCH_DALVIK,
  ARCH_PYTHON,
  ARCH_NODEJS,
  ARCH_FIREFOX
]
ARCH_ALL =
ARCH_TYPES
ENDIAN_LITTLE =

Endian constants

0
ENDIAN_BIG =
1
IS_ENDIAN_LITTLE =
( [1].pack('s') == "\x01\x00" ) ? true : false
IS_ENDIAN_BIG =
( not IS_ENDIAN_LITTLE )
PROT_NONE =

Generic page protection flags

0
PROT_READ =
(1 <<  0)
PROT_WRITE =
(1 <<  1)
PROT_EXEC =
(1 <<  2)
PROT_COW =
(1 << 20)
GEN_NONE =

Generic permissions

0
GEN_READ =
(1 <<  0)
GEN_WRITE =
(1 <<  1)
GEN_EXEC =
(1 <<  2)
PROCESS_READ =

Generic process open permissions

(1 <<  0)
PROCESS_WRITE =
(1 <<  1)
PROCESS_EXECUTE =
(1 <<  2)
PROCESS_ALL =
0xffffffff
THREAD_READ =

Generic thread open permissions

(1 <<  0)
THREAD_WRITE =
(1 <<  1)
THREAD_EXECUTE =
(1 <<  2)
THREAD_ALL =
0xffffffff
ExceptionCallStack =

An instance of the log dispatcher exists in the global namespace, along with stubs for many of the common logging methods. Various sources can register themselves as a log sink such that logs can be directed at various targets depending on where they're sourced from. By doing it this way, things like sessions can use the global logging stubs and still be directed at the correct log file.

"__EXCEPTCALLSTACK__"
AF_INET =

Net

2
AF_INET6 =
23
DELETE =

Permissions

0x00010000
READ_CONTROL =
0x00020000
WRITE_DAC =
0x00040000
WRITE_OWNER =
0x00080000
SYNCHRONIZE =
0x00100000
STANDARD_RIGHTS_REQUIRED =
0x000f0000
STANDARD_RIGHTS_READ =
READ_CONTROL
STANDARD_RIGHTS_WRITE =
READ_CONTROL
STANDARD_RIGHTS_EXECUTE =
READ_CONTROL
STANDARD_RIGHTS_ALL =
0x001f0000
SPECIFIC_RIGHTS_ALL =
0x0000ffff
MAXIMUM_ALLOWED =
0x02000000
GENERIC_READ =
0x80000000
GENERIC_WRITE =
0x40000000
GENERIC_EXECUTE =
0x20000000
GENERIC_ALL =
0x10000000
PAGE_NOACCESS =

Page Protections

0x00000001
PAGE_READONLY =
0x00000002
PAGE_READWRITE =
0x00000004
PAGE_WRITECOPY =
0x00000008
PAGE_EXECUTE =
0x00000010
PAGE_EXECUTE_READ =
0x00000020
PAGE_EXECUTE_READWRITE =
0x00000040
PAGE_EXECUTE_WRITECOPY =
0x00000080
PAGE_GUARD =
0x00000100
PAGE_NOCACHE =
0x00000200
PAGE_WRITECOMBINE =
0x00000400
MEM_COMMIT =
0x00001000
MEM_RESERVE =
0x00002000
MEM_DECOMMIT =
0x00004000
MEM_RELEASE =
0x00008000
MEM_FREE =
0x00010000
MEM_PRIVATE =
0x00020000
MEM_MAPPED =
0x00040000
MEM_RESET =
0x00080000
MEM_TOP_DOWN =
0x00100000
MEM_WRITE_WATCH =
0x00200000
MEM_PHYSICAL =
0x00400000
MEM_LARGE_PAGES =
0x20000000
MEM_4MB_PAGES =
0x80000000
SEC_FILE =
0x00800000
SEC_IMAGE =
0x01000000
SEC_RESERVE =
0x04000000
SEC_COMMIT =
0x08000000
SEC_NOCACHE =
0x10000000
MEM_IMAGE =
SEC_IMAGE
KEY_QUERY_VALUE =

Registry Permissions

0x00000001
KEY_SET_VALUE =
0x00000002
KEY_CREATE_SUB_KEY =
0x00000004
KEY_ENUMERATE_SUB_KEYS =
0x00000008
KEY_NOTIFY =
0x00000010
0x00000020
KEY_WOW64_64KEY =
0x00000100
KEY_WOW64_32KEY =
0x00000200
KEY_READ =
(STANDARD_RIGHTS_READ | KEY_QUERY_VALUE |
KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY) & ~SYNCHRONIZE
KEY_WRITE =
(STANDARD_RIGHTS_WRITE | KEY_SET_VALUE |
KEY_CREATE_SUB_KEY) & ~SYNCHRONIZE
KEY_EXECUTE =
KEY_READ
KEY_ALL_ACCESS =
(STANDARD_RIGHTS_ALL | KEY_QUERY_VALUE |
KEY_SET_VALUE | KEY_CREATE_SUB_KEY |
KEY_ENUMERATE_SUB_KEYS | KEY_NOTIFY |
KEY_CREATE_LINK) & ~SYNCHRONIZE
HKEY_CLASSES_ROOT =

Registry

0x80000000
HKEY_CURRENT_USER =
0x80000001
HKEY_LOCAL_MACHINE =
0x80000002
HKEY_USERS =
0x80000003
HKEY_PERFORMANCE_DATA =
0x80000004
HKEY_CURRENT_CONFIG =
0x80000005
HKEY_DYN_DATA =
0x80000006
REG_NONE =
0
REG_SZ =
1
REG_EXPAND_SZ =
2
REG_BINARY =
3
REG_DWORD =
4
REG_DWORD_LITTLE_ENDIAN =
4
REG_DWORD_BIG_ENDIAN =
5
6
REG_MULTI_SZ =
7
PROCESS_TERMINATE =

Process Permissions

0x00000001
PROCESS_CREATE_THREAD =
0x00000002
PROCESS_SET_SESSIONID =
0x00000004
PROCESS_VM_OPERATION =
0x00000008
PROCESS_VM_READ =
0x00000010
PROCESS_VM_WRITE =
0x00000020
PROCESS_DUP_HANDLE =
0x00000040
PROCESS_CREATE_PROCESS =
0x00000080
PROCESS_SET_QUOTA =
0x00000100
PROCESS_SET_INFORMATION =
0x00000200
PROCESS_QUERY_INFORMATION =
0x00000400
PROCESS_SUSPEND_RESUME =
0x00000800
PROCESS_ALL_ACCESS =
STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0xFFF
THREAD_TERMINATE =

Thread Permissions

0x00000001
THREAD_SUSPEND_RESUME =
0x00000002
THREAD_GET_CONTEXT =
0x00000008
THREAD_SET_CONTEXT =
0x00000010
THREAD_SET_INFORMATION =
0x00000020
THREAD_QUERY_INFORMATION =
0x00000040
THREAD_SET_THREAD_TOKEN =
0x00000080
THREAD_IMPERSONATE =
0x00000100
THREAD_DIRECT_IMPERSONATION =
0x00000200
THREAD_ALL_ACCESS =
STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF
CREATE_SUSPENDED =

Creation flags

0x00000004
EVENTLOG_SEQUENTIAL_READ =

Event Log

0x00000001
EVENTLOG_SEEK_READ =
0x00000002
EVENTLOG_FORWARDS_READ =
0x00000004
EVENTLOG_BACKWARDS_READ =
0x00000008
EWX_LOGOFF =

Event Log

0
EWX_SHUTDOWN =
0x00000001
EWX_REBOOT =
0x00000002
EWX_FORCE =
0x00000004
EWX_POWEROFF =
0x00000008
EWX_FORCEIFHUNG =
0x00000010
SHTDN_REASON_MINOR_DC_PROMOTION =

Shutdown Reason Codes

0x00000021
SHTDN_REASON_MAJOR_APPLICATION =
0x00040000
SHTDN_REASON_MAJOR_HARDWARE =
0x00010000
SHTDN_REASON_FLAG_COMMENT_REQUIRED =
0x01000000
SHTDN_REASON_FLAG_DIRTY_UI =
0x08000000
SHTDN_REASON_MINOR_UNSTABLE =
0x00000006
SHTDN_REASON_MINOR_SECURITYFIX_UNINSTALL =
0x00000018
SHTDN_REASON_MINOR_ENVIRONMENT =
0x00000000
SHTDN_REASON_MAJOR_LEGACY_API =
0x00070000
SHTDN_REASON_MINOR_DC_DEMOTION =
0x00000022
SHTDN_REASON_MINOR_SECURITYFIX =
0x00000012
SHTDN_REASON_FLAG_CLEAN_UI =
0x04000000
SHTDN_REASON_MINOR_HOTFIX =
0x00000011
SHTDN_REASON_MINOR_CORDUNPLUGGED =
0x00000000
SHTDN_REASON_MINOR_HOTFIX_UNINSTALL =
0x00000017
SHTDN_REASON_FLAG_USER_DEFINED =
0x40000000
SHTDN_REASON_MINOR_SYSTEMRESTORE =
0x00000001
SHTDN_REASON_MINOR_OTHERDRIVER =
0x00000000
SHTDN_REASON_MINOR_WMI =
0x00000015
SHTDN_REASON_MINOR_INSTALLATION =
0x00000002
SHTDN_REASON_MINOR_BLUESCREEN =
0x0000000F
SHTDN_REASON_MAJOR_SOFTWARE =
0x00030000
SHTDN_REASON_MINOR_NETWORKCARD =
0x00000009
SHTDN_REASON_MINOR_SERVICEPACK_UNINSTALL =
0x00000016
SHTDN_REASON_MINOR_SERVICEPACK =
0x00000010
SHTDN_REASON_MINOR_UPGRADE =
0x00000003
SHTDN_REASON_FLAG_PLANNED =
0x80000000
SHTDN_REASON_MINOR_MMC =
0x00000019
SHTDN_REASON_MINOR_POWER_SUPPLY =
0x00000000
SHTDN_REASON_MINOR_MAINTENANCE =
0x00000001
SHTDN_REASON_VALID_BIT_MASK =
0x00000000
SHTDN_REASON_MAJOR_NONE =
0x00000000
SHTDN_REASON_MAJOR_POWER =
0x00060000
SHTDN_REASON_FLAG_DIRTY_PROBLEM_ID_REQUIRED =
0x02000000
SHTDN_REASON_MINOR_OTHER =
0x00000000
SHTDN_REASON_MINOR_PROCESSOR =
0x00000008
SHTDN_REASON_MAJOR_OTHER =
0x00000000
SHTDN_REASON_MINOR_DISK =
0x00000007
SHTDN_REASON_MINOR_NETWORK_CONNECTIVITY =
0x00000014
SHTDN_REASON_MAJOR_OPERATINGSYSTEM =
0x00020000
SHTDN_REASON_MINOR_HUNG =
0x00000005
SHTDN_REASON_MINOR_TERMSRV =
0x00000020
SHTDN_REASON_MINOR_NONE =
0x00000000
SHTDN_REASON_MINOR_RECONFIG =
0x00000004
SHTDN_REASON_MAJOR_SYSTEM =
0x00050000
SHTDN_REASON_MINOR_HARDWARE_DRIVER =
0x00000000
SHTDN_REASON_MINOR_SECURITY =
0x00000013
SHTDN_REASON_DEFAULT =
SHTDN_REASON_MAJOR_OTHER | SHTDN_REASON_MINOR_OTHER
VirtualKeyCodes =

Keyboard Mappings

{
  1 => %W{ LClick },
  2 => %W{ RClick },
  3 => %W{ Cancel },
  4 => %W{ MClick },
  8 => %W{ Back  },
  9 => %W{ Tab  },
  10 => %W{ Newline },
  12 => %W{ Clear },
  13 => %W{ Return },

  16 => %W{ Shift },
  17 => %W{ Ctrl },
  18 => %W{ Alt },
  19 => %W{ Pause },
  20 => %W{ CapsLock },

  27 => %W{ Esc },

  32 => %W{ Space },
  33 => %W{ Prior },
  34 => %W{ Next },
  35 => %W{ End },
  36 => %W{ Home },
  37 => %W{ Left },
  38 => %W{ Up },
  39 => %W{ Right },
  40 => %W{ Down  },
  41 => %W{ Select },
  42 => %W{ Print },
  43 => %W{ Execute },
  44 => %W{ Snapshot },
  45 => %W{ Insert },
  46 => %W{ Delete },
  47 => %W{ Help },
  48 => %W{ 0  )},
  49 => %W{ 1  !},
  50 => %W{ 2  @},
  51 => %W{ 3  #},
  52 => %W{ 4  $},
  53 => %W{ 5  %},
  54 => %W{ 6  ^},
  55 => %W{ 7  &},
  56 => %W{ 8  *},
  57 => %W{ 9  (},
  65 => %W{ a  A},
  66 => %W{ b  B},
  67 => %W{ c  C},
  68 => %W{ d  D},
  69 => %W{ e  E},
  70 => %W{ f  F},
  71 => %W{ g  G},
  72 => %W{ h  H},
  73 => %W{ i  I},
  74 => %W{ j  J},
  75 => %W{ k  K},
  76 => %W{ l  L},
  77 => %W{ m  M},
  78 => %W{ n  N},
  79 => %W{ o  O},
  80 => %W{ p  P},
  81 => %W{ q  Q},
  82 => %W{ r  R},
  83 => %W{ s  S},
  84 => %W{ t  T},
  85 => %W{ u  U},
  86 => %W{ v  V},
  87 => %W{ w  W},
  88 => %W{ x  X},
  89 => %W{ y  Y},
  90 => %W{ z  Z},
  91 => %W{ LWin },
  92 => %W{ RWin },
  93 => %W{ Apps },

  95 => %W{ Sleep },
  96 => %W{ N0 },
  97 => %W{ N1 },
  98 => %W{ N2 },
  99 => %W{ N3 },
  100 => %W{ N4 },
  101 => %W{ N5 },
  102 => %W{ N6 },
  103 => %W{ N7 },
  104 => %W{ N8 },
  105 => %W{ N9 },
  106 => %W{ Multiply },
  107 => %W{ Add },
  108 => %W{ Separator },
  109 => %W{ Subtract },
  110 => %W{ Decimal },
  111 => %W{ Divide },
  112 => %W{ F1 },
  113 => %W{ F2 },
  114 => %W{ F3 },
  115 => %W{ F4 },
  116 => %W{ F5 },
  117 => %W{ F6 },
  118 => %W{ F7 },
  119 => %W{ F8 },
  120 => %W{ F9 },
  121 => %W{ F10 },
  122 => %W{ F11 },
  123 => %W{ F12 },
  124 => %W{ F13 },
  125 => %W{ F14 },
  126 => %W{ F15 },
  127 => %W{ F16 },
  128 => %W{ F17 },
  129 => %W{ F18 },
  130 => %W{ F19 },
  131 => %W{ F20 },
  132 => %W{ F21 },
  133 => %W{ F22 },
  134 => %W{ F23 },
  135 => %W{ F24 },
  144 => %W{ NumLock },
  145 => %W{ Scroll },
  160 => %W{ LShift },
  161 => %W{ RShift },
  162 => %W{ LCtrl },
  163 => %W{ RCtrl },
  164 => %W{ LMenu },
  165 => %W{ RMenu },
  166 => %W{ Back },
  167 => %W{ Forward },
  168 => %W{ Refresh },
  169 => %W{ Stop },
  170 => %W{ Search },
  171 => %W{ Favorites },
  172 => %W{ Home },
  176 => %W{ Forward },
  177 => %W{ Reverse },
  178 => %W{ Stop },
  179 => %W{ Play },
  186 => %W{ ;  :},
  187 => %W{ =  +},
  188 => %W{ ,  <},
  189 => %W{ -  _},
  190 => %W{ .  >},
  191 => %W{ /  ?},
  192 => %W{ '  ~},
  219 => %W| [  {|,
  220 => %W{ \  |},
  221 => %W| ]  }|,
  222 => %W{ '  Quotes},
}

Instance Method Summary collapse

Instance Method Details

#deregister_log_source(src) ⇒ Object


167
168
169
# File 'lib/rex/logging/log_dispatcher.rb', line 167

def deregister_log_source(src)
  $dispatcher.delete(src)
end

#dlog(msg, src = 'core', level = 0, from = caller) ⇒ Object


133
134
135
# File 'lib/rex/logging/log_dispatcher.rb', line 133

def dlog(msg, src = 'core', level = 0, from = caller)
  $dispatcher.log(LOG_DEBUG, src, level, msg, from)
end

#elog(msg, src = 'core', level = 0, from = caller) ⇒ Object


137
138
139
# File 'lib/rex/logging/log_dispatcher.rb', line 137

def elog(msg, src = 'core', level = 0, from = caller)
  $dispatcher.log(LOG_ERROR, src, level, msg, from)
end

#get_log_level(src) ⇒ Object


175
176
177
# File 'lib/rex/logging/log_dispatcher.rb', line 175

def get_log_level(src)
  $dispatcher.get_level(src)
end

#ilog(msg, src = 'core', level = 0, from = caller) ⇒ Object


145
146
147
# File 'lib/rex/logging/log_dispatcher.rb', line 145

def ilog(msg, src = 'core', level = 0, from = caller)
  $dispatcher.log(LOG_INFO, src, level, msg, from)
end

#log_source_registered?(src) ⇒ Boolean


157
158
159
# File 'lib/rex/logging/log_dispatcher.rb', line 157

def log_source_registered?(src)
  ($dispatcher[src] != nil)
end

#register_log_source(src, sink, level = nil) ⇒ Object


161
162
163
164
165
# File 'lib/rex/logging/log_dispatcher.rb', line 161

def register_log_source(src, sink, level = nil)
  $dispatcher[src] = sink

  set_log_level(src, level) if (level)
end

#rexObject

Rex::OLE - an OLE implementation written in 2010 by Joshua J. Drake <jduck [at] metasploit.com>

License: MSF_LICENSE

This module implements Object-Linking-and-Embedding otherwise known as Compound File Binary File Format or Windows Compound Binary File Format. OLE is the container format for modern Excel, Word, PowerPoint, and many other file formats.

NOTE: This implementation is almost fully compliant with [MS-CFB] v1.1

SUPPORTS:

1. R/W v3 OLE files (v4 may work, but wasn't tested)
2. RO double-indirect fat sectors
3. RO fat sectors (including those in double-indirect parts)
4. WO support for less than 109 fat sectors :)
5. R/W minifat sectors
6. R/W ministream
7. R/W normal streams
8. R/W substorages (including nesting)
9. full directory support (hierarchal and flattened access)
  1. big and little endian files (although only little endian was tested)

  2. PropertySet streams (except .to_s)

TODO (in order of priority):

1. support deleting storages/streams
2. create copyto and other typical interface functions
3. support writing DIF sectors > 109
   - may lead to allocating more fat sectors :-/
4. properly support mode params for open_stream/open_storage/etc
5. optimize to prevent unecessary loading/writing
6. support non-committal editing (open, change, close w/o save)
7. support timestamps
8. provide interface to change paramters (endian, etc)

TO INVESTIGATE:

1. moving storage interface functions into something used by both
   the main storage and substorages (unifying the code) (mixin?)
2. eliminating flattening the directory prior to writing it out

54
# File 'lib/rex/ole.rb', line 54

require 'rex'

#rlog(msg, src = 'core', level = 0, from = caller) ⇒ Object


149
150
151
152
153
154
155
# File 'lib/rex/logging/log_dispatcher.rb', line 149

def rlog(msg, src = 'core', level = 0, from = caller)
  if (msg == ExceptionCallStack)
    msg = "\nCall stack:\n" + [email protected].join("\n") + "\n"
  end

  $dispatcher.log(LOG_RAW, src, level, msg, from)
end

#ruby_187_const_bugObject


90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/msf/sanity.rb', line 90

def ruby_187_const_bug
  bugged = false

  begin
    ConstBugTestA.new.test()
    ConstBugTestB.new.test()
  rescue ::NameError
    bugged = true
  end

  bugged
end

#set_log_level(src, level) ⇒ Object


171
172
173
# File 'lib/rex/logging/log_dispatcher.rb', line 171

def set_log_level(src, level)
  $dispatcher.set_level(src, level)
end

#uriObject

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. metasploit.com/framework/


8
# File 'lib/msf/core/auxiliary/web/http.rb', line 8

require 'uri'

#wlog(msg, src = 'core', level = 0, from = caller) ⇒ Object


141
142
143
# File 'lib/rex/logging/log_dispatcher.rb', line 141

def wlog(msg, src = 'core', level = 0, from = caller)
  $dispatcher.log(LOG_WARN, src, level, msg, from)
end