Sha256: 9147d527b566cbd792396a043cdc8cf307e024a11f1c14601c1a6b88faba8edd

Contents?: true

Size: 1.34 KB

Versions: 41

Compression:

Stored size: 1.34 KB

Contents

module Rex
module Proto
module SMB
class Evasions

require 'rex/text'

EVASION_NONE  = 0
EVASION_LOW   = 1
EVASION_HIGH  = 2
EVASION_MAX   = 3

	# Add bogus filler at the end of the SMB packet and before the data
	def self.make_offset_filler(level, max_size = 60000, min_size = 512)

		if (max_size < 0)
			max_size = 4096
		end

		if (min_size < max_size)
			min_size = max_size - 1
		end

		case level.to_i
			when EVASION_LOW
				Rex::Text.rand_text(32)
			when EVASION_HIGH
				Rex::Text.rand_text( rand(max_size - min_size) + min_size )
			when EVASION_MAX
				Rex::Text.rand_text( rand(max_size) )
			else EVASION_NONE
				return ''
		end
	end

	# Obscures a named pipe pathname via leading and trailing slashes
	def self.make_named_pipe_path(level, pipe)
		case level.to_i
			when EVASION_LOW
				return ('\\' * (1024 + rand(512))) + pipe
			when EVASION_HIGH, EVASION_MAX
				return ('\\' * (1024 + rand(512))) + pipe + ('\\' * (1024 + rand(512)))
			else
				return '\\' + pipe
		end
	end

	# Obscures the TransactNamedPipe \PIPE\ string
	def self.make_trans_named_pipe_name(level)
		case level.to_i
			when EVASION_LOW
				return ('\\' * (256 - rand(64)) + 'PIPE\\')
			when EVASION_HIGH
				return Rex::Text.rand_text(512 - rand(128))
			when EVASION_MAX
				return Rex::Text.rand_text(1024 - rand(256))
			else
				return '\\PIPE\\'
		end
	end

end
end
end
end

Version data entries

41 entries across 41 versions & 1 rubygems

Version Path
librex-0.0.35 lib/rex/proto/smb/evasions.rb
librex-0.0.34 lib/rex/proto/smb/evasions.rb
librex-0.0.33 lib/rex/proto/smb/evasions.rb
librex-0.0.32 lib/rex/proto/smb/evasions.rb
librex-0.0.31 lib/rex/proto/smb/evasions.rb
librex-0.0.30 lib/rex/proto/smb/evasions.rb
librex-0.0.29 lib/rex/proto/smb/evasions.rb
librex-0.0.28 lib/rex/proto/smb/evasions.rb
librex-0.0.27 lib/rex/proto/smb/evasions.rb
librex-0.0.26 lib/rex/proto/smb/evasions.rb
librex-0.0.25 lib/rex/proto/smb/evasions.rb
librex-0.0.23 lib/rex/proto/smb/evasions.rb
librex-0.0.21 lib/rex/proto/smb/evasions.rb
librex-0.0.19 lib/rex/proto/smb/evasions.rb
librex-0.0.17 lib/rex/proto/smb/evasions.rb
librex-0.0.13 lib/rex/proto/smb/evasions.rb
librex-0.0.12 lib/rex/proto/smb/evasions.rb
librex-0.0.7 lib/rex/proto/smb/evasions.rb
librex-0.0.6 lib/rex/proto/smb/evasions.rb
librex-0.0.5 lib/rex/proto/smb/evasions.rb