Hiddenden/beef
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commented all ruby patches

Browse Source 
git-svn-id: https://beef.googlecode.com/svn/trunk@1321 b87d56ec-f9c0-11de-8c8a-61c5e9addfc9
This commit is contained in:
passbe
2011-09-29 23:48:20 +00:00
parent 87020e89f3
commit 1f61418c87
12 changed files with 93 additions and 192 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/ruby/hash.rb
View File

@@ -15,7 +15,11 @@
#
class Hash
# http://snippets.dzone.com/posts/show/4706
# Recursively deep merge two hashes together
# @param [Hash] hash Hash to be merged
# @return [Hash] Combined hash
# @note Duplicate keys are overwritten by the value defined in the hash calling deep_merge (not the parameter hash)
# @note http://snippets.dzone.com/posts/show/4706
def deep_merge(hash)
target = dup
hash.keys.each do |key|

64
core/ruby/module.rb
View File

@@ -14,25 +14,9 @@
# limitations under the License.
#
class Module
# Returns the classes in the current ObjectSpace where this module has been
# mixed in according to Module#included_modules.
#
# module M
# end
#
# module N
# include M
# end
#
# class C
# include M
# end
#
# class D < C
# end
#
# p M.included_in_classes # => [C, D]
#
# Returns the classes in the current ObjectSpace where this module has been mixed in according to Module#included_modules.
# @return [Array] An array of classes
def included_in_classes
classes = []
ObjectSpace.each_object(Class) { |k| classes << k if k.included_modules.include?(self) }
@@ -42,19 +26,9 @@ class Module
unique_classes
end
end
# Returns the modules in the current ObjectSpace where this module has been
# mixed in according to Module#included_modules.
#
# module M
# end
#
# module N
# include M
# end
#
# p M.included_in_modules # => [N]
#
# Returns the modules in the current ObjectSpace where this module has been mixed in according to Module#included_modules.
# @return [Array] An array of modules
def included_in_modules
modules = []
ObjectSpace.each_object(Module) { |k| modules << k if k.included_modules.include?(self) }
@@ -65,30 +39,14 @@ class Module
end
end
#
# module M
# end
#
# module N
# extend M
# end
#
# p N.extended_modules # => [M]
#
# Returns the modules extended inside the target module
# @return [Array] Array of modules
def extended_modules
(class << self; self end).included_modules
end
#
# module M
# end
#
# module N
# extend M
# end
#
# p M.extended_in_modules # => [N]
#
# Returns the modules extending the target module
# @return [Array] Array of modules
def extended_in_modules
modules = []
ObjectSpace.each_object(Module) { |k| modules << k if k.extended_modules.include?(self) }
@@ -98,4 +56,4 @@ class Module
unique_modules
end
end
end
end

50
core/ruby/object.rb
View File

@@ -15,72 +15,34 @@
#
class Object
#
# Returns true if the object is a Boolean
#
# Example:
#
# a = true
# b = false
# c = 1234 # Integer
#
# a.boolean? # => true
# b.boolean? # => false
# c.boolean? # => false
#
# @return [Boolean] Whether the object is boolean
def boolean?
self.is_a?(TrueClass) || self.is_a?(FalseClass)
end
#
# Returns true if the object is a String
#
# Example:
#
# 1.string? # => false
# 'abc'.string? # => true
#
# @return [Boolean] Whether the object is a string
def string?
self.is_a?(String)
end
#
# Returns true if the object is an Integer
#
# Example:
#
# 1.integer? # => true
# 'abc'.integer? # => false
#
# @return [Boolean] Whether the object is an integer
def integer?
self.is_a?(Integer)
end
#
# Returns true if the object is a hash
#
# Example:
#
# {}.hash? # => true
# 1.hash? # => false
#
# @return [Boolean] Whether the object is a hash
def hash?
self.is_a?(Hash)
end
#
# Returns true if the object is a class
#
# Example:
#
# class A
# end
#
# obj = A.new
# obj.class? # => true
#
# @return [Boolean] Whether the object is a class
def class?
self.is_a?(Class)
end
end
end

11
core/ruby/patches/dm-do-adapter/adapter.rb
View File

@@ -13,13 +13,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for DataMapper Data Objects Adapter (dm-do-adapter)
# This patch fixes the following error:
# DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/home/username/.rvm/gems/ruby-1.9.2-p290/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new')
# The error is patched in dm-do-adapter 1.1.1 however it has yet to be released.
# Patch: https://github.com/datamapper/dm-do-adapter/commit/7f0b53d1ada8735910e04ff37d60c6ff037ce288
# @note The following file contains patches for DataMapper Data Objects Adapter (dm-do-adapter)
# This patch fixes the following error:
# DataObjects::URI.new with arguments is deprecated, use a Hash of URI components (/home/username/.rvm/gems/ruby-1.9.2-p290/gems/dm-do-adapter-1.1.0/lib/dm-do-adapter/adapter.rb:231:in `new')
# The error is patched in dm-do-adapter 1.1.1 however it has yet to be released.
# Patch: https://github.com/datamapper/dm-do-adapter/commit/7f0b53d1ada8735910e04ff37d60c6ff037ce288
=begin
Deleted:
@@ -53,7 +53,6 @@ module DataMapper
module Adapters
class DataObjectsAdapter < AbstractAdapter
# @api private
def normalized_uri
@normalized_uri ||=
begin

5
core/ruby/patches/webrick/cookie.rb
View File

@@ -13,12 +13,13 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for WEBrick.
module WEBrick
class Cookie
attr_accessor :httponly
# Convert cookie object to a string representation
# @return [String] ret String of information about cookie
def to_s
ret = ""
ret << @name << "=" << @value
@@ -35,4 +36,4 @@ module WEBrick
end
end
end

13
core/ruby/patches/webrick/genericserver.rb
View File

@@ -13,18 +13,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for WEBrick.
module WEBrick
class HTTPServer < ::WEBrick::GenericServer
# I'm patching WEBrick so it does not log http requests anymore.
# The reason being that it seems to considerably slow down BeEF which receives
# numerous requests simultaneously. Additionally, it was also found to crash
# the thread when not being able to write to the log file (which happened when
# overloaded).
# @note I'm patching WEBrick so it does not log http requests anymore.
# The reason being that it seems to considerably slow down BeEF which receives
# numerous requests simultaneously. Additionally, it was also found to crash
# the thread when not being able to write to the log file (which happened when
# overloaded).
def access_log(config, req, res); return; end
end
end
end

52
core/ruby/patches/webrick/httprequest.rb
View File

@@ -13,23 +13,19 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for WEBrick.
module WEBrick
class HTTPRequest
# I'm patching the HTTPRequest class so that it when it receives POST
# http requests, it parses the query present in the body even if the
# content type is not set.
#
# The reason for this patch is that when a zombie sends back data to
# BeEF, that data was not parsed because by default the content-type
# was not set directly. I prefer patching WEBrick rather than editing
# the BeEFJS library because cross domain http requests would be harder
# to implement at the server level.
#
# Note: this function would need to be modified if we ever needed to
# use multipart POST requests.
# @note I'm patching the HTTPRequest class so that it when it receives POST
# http requests, it parses the query present in the body even if the
# content type is not set.
# The reason for this patch is that when a zombie sends back data to
# BeEF, that data was not parsed because by default the content-type
# was not set directly. I prefer patching WEBrick rather than editing
# the BeEFJS library because cross domain http requests would be harder
# to implement at the server level.
# @note This function would need to be modified if we ever needed to use multipart POST requests.
def parse_query()
begin
if @request_method == "GET" || @request_method == "HEAD"
@@ -47,51 +43,45 @@ module WEBrick
end
end
# Get cookie value
# @param [String] name Key name
# @return [String] Value stored against the key name or nil if not found
def get_cookie_value(name)
return nil if name.nil?
@cookies.each{|cookie|
c = WEBrick::Cookie.parse_set_cookie(cookie.to_s)
return c.value if (c.name.to_s.eql? name)
}
nil
end
# Get Referrer domain name
# @return [String] Domain name or nil
def get_referer_domain
referer = header['referer'][0]
if referer =~ /\:\/\/([0-9a-zA-A\.]*(\:[0-9]+)?)\//
return $1
end
nil
end
# Get hook session id
# @return [String] Hook session id or nil
def get_hook_session_id()
config = BeEF::Core::Configuration.instance
hook_session_name = config.get('beef.http.hook_session_name')
@query[hook_session_name] || nil
end
# return the command module command_id value from the request
# Return the command module command_id value from the request
# @return [String] Command module id or nil
def get_command_id()
@query['command_id'] || nil
end
#
# Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent.
# For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e<a>7918817a3ad
# is blocked (ERROR bad URI)
# We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser)
#
# @note Attack vectors send through the Requester/Proxy by default are parsed as Bad URIs, and not sent.
# For example: request like the following: http://192.168.10.128/dvwa/vulnerabilities/xss_r/?name=ciccioba83e<a>7918817a3ad is blocked (ERROR bad URI)
# We're overwriting the URI Parser UNRESERVED regex to prevent such behavior (see tolerant_parser)
def parse_uri(str, scheme="http")
if @config[:Escape8bitURI]
str = HTTPUtils::escape8bit(str)

25
core/ruby/patches/webrick/httpresponse.rb
View File

@@ -13,21 +13,17 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
# The following file contains patches for WEBrick.
module WEBrick
class HTTPResponse
#
# Add/Update HTTP response headers with those contained in original_headers Hash
#
# @param [Hash] original_headers Hash of headers
def override_headers(original_headers)
original_headers.each{ |key, value| @header[key.downcase] = value }
end
#
# set caching headers none
#
# Set caching headers none
def set_no_cache()
@header['ETag'] = nil
@header['Last-Modified'] = Time.now + 100**4
@@ -36,12 +32,14 @@ module WEBrick
@header['Pragma'] = 'no-cache'
end
#
# set the cookie in the response
# Limit: only one set-cookie will be within the response
#
# Set the cookie in the response
# @param [String] name Name of the cookie
# @param [String] value Value of the cookie
# @param [String] path Path of the cookie
# @param [Boolean] httponly If the cookie is HTTP only
# @param [Boolean] secure If the cookie is secure only
# @note Limit: only one set-cookie will be within the response
def set_cookie(name, value, path = '/', httponly = true, secure = true)
cookie = WEBrick::Cookie.new(name, value)
cookie.path = path
cookie.httponly = httponly
@@ -51,10 +49,7 @@ module WEBrick
@header['Set-Cookie'] = cookie.to_s
end
#
# This patch should prevent leakage of directory listing, access
# auth errors, etc.
#
# @note This patch should prevent leakage of directory listing, access auth errors, etc.
def set_error(ex, backtrace=false)
# set repsonse headers

8
core/ruby/patches/webrick/httpservlet/filehandler.rb
View File

@@ -20,7 +20,9 @@ module HTTPServlet
class FileHandler
# prevent directory traversal attacks
# Prevent directory traversal attacks
# @param [Object] req Request object
# @param [Object] res Response object
def prevent_directory_traversal(req, res)
raise WEBrick::HTTPStatus::BadRequest, "null character in path" if has_null?(req.path_info)
@@ -33,7 +35,9 @@ module HTTPServlet
req.path_info = expanded
end
# checks if a string contains null characters
# Checks if a string contains null characters
# @param [String] str String to test for null characters
# @param [Boolean] Whether the string has null characters
def has_null? (str)
str.split(//).each {|c|
return true if c.eql?("\000")

6
core/ruby/patches/webrick/httputils.rb
View File

@@ -13,12 +13,14 @@ module WEBrick
module HTTPUtils
# Add support for additional mime types
# Add support for additional mime types
# @param [String] filename Filename
# @param [Hash] mime_tab Mime Type Hash
def mime_type(filename, mime_tab)
suffix1 = (/\.(\w+)$/ =~ filename && $1.downcase)
suffix2 = (/\.(\w+)\.[\w\-]+$/ =~ filename && $1.downcase)
# Add support for additional mime types
# @todo Add support for additional mime types
supported_mime_types = {
'wav' => 'audio/x-wav'
}

33
core/ruby/print.rb
View File

@@ -13,23 +13,23 @@
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# Function used to print errors to the console
#
# @param [String] s String to be printed
def print_error(s)
puts Time.now.localtime.strftime("[%k:%M:%S]")+'[!]'.red+' '+s
end
#
# Function used to print information to the console
#
# @param [String] s String to be printed
def print_info(s)
puts Time.now.localtime.strftime("[%k:%M:%S]")+'[*]'.blue+' '+s
end
#
# Function used to print debug information
#
# @param [String] s String to be printed
# @note This function will only print messages if the debug flag is set to true
# @todo Once the console extension has been merged into the core, remove the extension checks.
def print_debug(s)
config = BeEF::Core::Configuration.instance
if config.get('beef.debug') || (BeEF::Extension.is_loaded('console') && BeEF::Extension::Console.verbose?)
@@ -37,24 +37,15 @@ def print_debug(s)
end
end
#
# Function used to print successes to the console
#
# @param [String] s String to be printed
def print_success(s)
puts Time.now.localtime.strftime("[%k:%M:%S]")+'[+]'.green+' '+s
end
#
# Produces something that looks like that:
#
# [12:16:32] | Hook URL: http://127.0.0.1:3000/hook.js
# [12:16:32] | UI URL: http://127.0.0.1:3000/ui/panel
# [12:16:32] |_ Demo URL: http://127.0.0.1:3000/demos/basic.html
#
# The Template is like this:
#
# [date] | content
#
# Print multiple lines with decoration split by the return character
# @param [String] s String to be printed
# @note The string passed needs to be separated by the "\n" for multiple lines to be printed
def print_more(s)
time = Time.now.localtime.strftime("[%k:%M:%S]")
lines = s.split("\n")
@@ -68,9 +59,9 @@ def print_more(s)
end
end
#
# Function used to print over the current line
#
# @param [String] s String to print over current line
# @note To terminate the print_over functionality your last print_over line must include a "\n" return
def print_over(s)
time = Time.now.localtime.strftime("[%k:%M:%S]")
print "\r#{time}"+"[*]".blue+" #{s}"

12
core/ruby/string.rb
View File

@@ -14,13 +14,9 @@
# limitations under the License.
#
class String
#
# Use a gem to colorize the console.
#
# See: http://flori.github.com/term-ansicolor/
#
# Example: print "red bold".red.bold, "\n"
#
# @note Use a gem to colorize the console.
# @note http://flori.github.com/term-ansicolor/
include Term::ANSIColor
end
end