Add some basic libc definitions for railgun

Author: zeroSteiner

lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/api_constants.rb

@@ -0,0 +1,153 @@
+# -*- coding: binary -*-
+require 'rex/post/meterpreter/extensions/stdapi/railgun/const_manager'
+
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+module Def
+
+#
+# A container holding useful Linux API Constants.
+#
+class DefApiConstants_linux < ApiConstants
+
+  #
+  # Slurp in a giant list of known constants.
+  #
+  def self.add_constants(const_mgr)
+    const_mgr.add_const('MAP_FILE',       0x00)
+    const_mgr.add_const('MAP_SHARED',     0x01)
+    const_mgr.add_const('MAP_PRIVATE',    0x02)
+    const_mgr.add_const('MAP_FIXED',      0x10)
+    const_mgr.add_const('MAP_ANON',       0x20)
+    const_mgr.add_const('MAP_ANONYMOUS',  0x20)
+    const_mgr.add_const('PROT_NONE',      0x00)
+    const_mgr.add_const('PROT_READ',      0x01)
+    const_mgr.add_const('PROT_WRITE',     0x02)
+    const_mgr.add_const('PROT_EXEC',      0x04)
+    const_mgr.add_const('PROT_GROWSDOWN', 0x01000000)
+    const_mgr.add_const('PROT_GROWSUP',   0x02000000)
+
+    const_mgr.add_const("PF_UNSPEC",         0x00000000)
+    const_mgr.add_const("PF_LOCAL",          0x00000001)
+    const_mgr.add_const("PF_UNIX",           0x00000000)
+    const_mgr.add_const("PF_FILE",           0x00000000)
+    const_mgr.add_const("PF_INET",           0x00000002)
+    const_mgr.add_const("PF_AX25",           0x00000003)
+    const_mgr.add_const("PF_IPX",            0x00000004)
+    const_mgr.add_const("PF_APPLETALK",      0x00000005)
+    const_mgr.add_const("PF_NETROM",         0x00000006)
+    const_mgr.add_const("PF_BRIDGE",         0x00000007)
+    const_mgr.add_const("PF_ATMPVC",         0x00000008)
+    const_mgr.add_const("PF_X25",            0x00000009)
+    const_mgr.add_const("PF_INET6",          0x0000000a)
+    const_mgr.add_const("PF_ROSE",           0x0000000b)
+    const_mgr.add_const("PF_DECnet",         0x0000000c)
+    const_mgr.add_const("PF_NETBEUI",        0x0000000d)
+    const_mgr.add_const("PF_SECURITY",       0x0000000e)
+    const_mgr.add_const("PF_KEY",            0x0000000f)
+    const_mgr.add_const("PF_NETLINK",        0x00000010)
+    const_mgr.add_const("PF_ROUTE",          0x00000000)
+    const_mgr.add_const("PF_PACKET",         0x00000011)
+    const_mgr.add_const("PF_ASH",            0x00000012)
+    const_mgr.add_const("PF_ECONET",         0x00000013)
+    const_mgr.add_const("PF_ATMSVC",         0x00000014)
+    const_mgr.add_const("PF_RDS",            0x00000015)
+    const_mgr.add_const("PF_SNA",            0x00000016)
+    const_mgr.add_const("PF_IRDA",           0x00000017)
+    const_mgr.add_const("PF_PPPOX",          0x00000018)
+    const_mgr.add_const("PF_WANPIPE",        0x00000019)
+    const_mgr.add_const("PF_LLC",            0x0000001a)
+    const_mgr.add_const("PF_IB",             0x0000001b)
+    const_mgr.add_const("PF_MPLS",           0x0000001c)
+    const_mgr.add_const("PF_CAN",            0x0000001d)
+    const_mgr.add_const("PF_TIPC",           0x0000001e)
+    const_mgr.add_const("PF_BLUETOOTH",      0x0000001f)
+    const_mgr.add_const("PF_IUCV",           0x00000020)
+    const_mgr.add_const("PF_RXRPC",          0x00000021)
+    const_mgr.add_const("PF_ISDN",           0x00000022)
+    const_mgr.add_const("PF_PHONET",         0x00000023)
+    const_mgr.add_const("PF_IEEE802154",     0x00000024)
+    const_mgr.add_const("PF_CAIF",           0x00000025)
+    const_mgr.add_const("PF_ALG",            0x00000026)
+    const_mgr.add_const("PF_NFC",            0x00000027)
+    const_mgr.add_const("PF_VSOCK",          0x00000028)
+    const_mgr.add_const("PF_KCM",            0x00000029)
+    const_mgr.add_const("PF_MAX",            0x0000002a)
+
+    const_mgr.add_const("AF_UNSPEC",         0x00000000)
+    const_mgr.add_const("AF_LOCAL",          0x00000001)
+    const_mgr.add_const("AF_UNIX",           0x00000000)
+    const_mgr.add_const("AF_FILE",           0x00000000)
+    const_mgr.add_const("AF_INET",           0x00000002)
+    const_mgr.add_const("AF_AX25",           0x00000003)
+    const_mgr.add_const("AF_IPX",            0x00000004)
+    const_mgr.add_const("AF_APPLETALK",      0x00000005)
+    const_mgr.add_const("AF_NETROM",         0x00000006)
+    const_mgr.add_const("AF_BRIDGE",         0x00000007)
+    const_mgr.add_const("AF_ATMPVC",         0x00000008)
+    const_mgr.add_const("AF_X25",            0x00000009)
+    const_mgr.add_const("AF_INET6",          0x0000000a)
+    const_mgr.add_const("AF_ROSE",           0x0000000b)
+    const_mgr.add_const("AF_DECnet",         0x0000000c)
+    const_mgr.add_const("AF_NETBEUI",        0x0000000d)
+    const_mgr.add_const("AF_SECURITY",       0x0000000e)
+    const_mgr.add_const("AF_KEY",            0x0000000f)
+    const_mgr.add_const("AF_NETLINK",        0x00000010)
+    const_mgr.add_const("AF_ROUTE",          0x00000000)
+    const_mgr.add_const("AF_PACKET",         0x00000011)
+    const_mgr.add_const("AF_ASH",            0x00000012)
+    const_mgr.add_const("AF_ECONET",         0x00000013)
+    const_mgr.add_const("AF_ATMSVC",         0x00000014)
+    const_mgr.add_const("AF_RDS",            0x00000015)
+    const_mgr.add_const("AF_SNA",            0x00000016)
+    const_mgr.add_const("AF_IRDA",           0x00000017)
+    const_mgr.add_const("AF_PPPOX",          0x00000018)
+    const_mgr.add_const("AF_WANPIPE",        0x00000019)
+    const_mgr.add_const("AF_LLC",            0x0000001a)
+    const_mgr.add_const("AF_IB",             0x0000001b)
+    const_mgr.add_const("AF_MPLS",           0x0000001c)
+    const_mgr.add_const("AF_CAN",            0x0000001d)
+    const_mgr.add_const("AF_TIPC",           0x0000001e)
+    const_mgr.add_const("AF_BLUETOOTH",      0x0000001f)
+    const_mgr.add_const("AF_IUCV",           0x00000020)
+    const_mgr.add_const("AF_RXRPC",          0x00000021)
+    const_mgr.add_const("AF_ISDN",           0x00000022)
+    const_mgr.add_const("AF_PHONET",         0x00000023)
+    const_mgr.add_const("AF_IEEE802154",     0x00000024)
+    const_mgr.add_const("AF_CAIF",           0x00000025)
+    const_mgr.add_const("AF_ALG",            0x00000026)
+    const_mgr.add_const("AF_NFC",            0x00000027)
+    const_mgr.add_const("AF_VSOCK",          0x00000028)
+    const_mgr.add_const("AF_KCM",            0x00000029)
+    const_mgr.add_const("AF_MAX",            0x0000002a)
+
+    const_mgr.add_const("SOL_RAW",           0x000000ff)
+    const_mgr.add_const("SOL_DECNET",        0x00000105)
+    const_mgr.add_const("SOL_X25",           0x00000106)
+    const_mgr.add_const("SOL_PACKET",        0x00000107)
+    const_mgr.add_const("SOL_ATM",           0x00000108)
+    const_mgr.add_const("SOL_AAL",           0x00000109)
+    const_mgr.add_const("SOL_IRDA",          0x0000010a)
+    const_mgr.add_const("SOL_NETBEUI",       0x0000010b)
+    const_mgr.add_const("SOL_LLC",           0x0000010c)
+    const_mgr.add_const("SOL_DCCP",          0x0000010d)
+    const_mgr.add_const("SOL_NETLINK",       0x0000010e)
+    const_mgr.add_const("SOL_TIPC",          0x0000010f)
+    const_mgr.add_const("SOL_RXRPC",         0x00000110)
+    const_mgr.add_const("SOL_PPPOL2TP",      0x00000111)
+    const_mgr.add_const("SOL_BLUETOOTH",     0x00000112)
+    const_mgr.add_const("SOL_PNPIPE",        0x00000113)
+    const_mgr.add_const("SOL_RDS",           0x00000114)
+    const_mgr.add_const("SOL_IUCV",          0x00000115)
+    const_mgr.add_const("SOL_CAIF",          0x00000116)
+    const_mgr.add_const("SOL_ALG",           0x00000117)
+    const_mgr.add_const("SOL_NFC",           0x00000118)
+    const_mgr.add_const("SOL_KCM",           0x00000119)
+  end
+end
+
+end; end; end; end; end; end; end

lib/rex/post/meterpreter/extensions/stdapi/railgun/def/linux/def_libc.rb

@@ -0,0 +1,121 @@
+# -*- coding: binary -*-
+module Rex
+module Post
+module Meterpreter
+module Extensions
+module Stdapi
+module Railgun
+module Def
+
+class Def_libc
+
+  def self.create_dll(constant_manager, dll_path = 'libc.so.6')
+    dll = DLL.new(dll_path, constant_manager)
+
+    dll.add_function(
+      'calloc',
+      'LPVOID',
+      [
+        ['SIZE_T', 'nmemb', 'in'],
+        ['SIZE_T', 'size', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'free',
+      'VOID',
+      [
+        ['LPVOID', 'ptr', 'in']
+      ],
+      nil,
+      'cdecl',
+    )
+    dll.add_function(
+      'getpid',
+      'DWORD',
+      [],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'inet_ntop',
+      'LPVOID',
+      [
+        ['DWORD', 'af', 'in'],
+        ['PBLOB', 'src', 'in'],
+        ['PBLOB', 'dst', 'out'],
+        ['DWORD', 'size', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'inet_pton',
+      'DWORD',
+      [
+        ['DWORD', 'af', 'in'],
+        ['PBLOB', 'src', 'in'],
+        ['PBLOB', 'dst', 'out']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'malloc',
+      'LPVOID',
+      [['SIZE_T', 'size', 'in']],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'memfrob',
+      'LPVOID',
+      [
+        ['PBLOB', 'mem', 'inout'],
+        ['SIZE_T', 'length', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'mmap',
+      'LPVOID',
+      [
+        ['LPVOID', 'addr', 'in'],
+        ['SIZE_T', 'length', 'in'],
+        ['DWORD', 'prot', 'in'],
+        ['DWORD', 'flags', 'in'],
+        ['DWORD', 'fd', 'in'],
+        ['SIZE_T', 'offset', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'mprotect',
+      'DWORD',
+      [
+        ['LPVOID', 'addr', 'in'],
+        ['SIZE_T', 'length', 'in'],
+        ['DWORD', 'prot', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    dll.add_function(
+      'munmap',
+      'DWORD',
+      [
+        ['LPVOID', 'addr', 'in'],
+        ['SIZE_T', 'length', 'in']
+      ],
+      nil,
+      'cdecl'
+    )
+    return dll
+  end
+
+end
+
+end; end; end; end; end; end; end

test/modules/post/test/railgun.rb

@@ -19,66 +19,9 @@ def initialize(info={})
     ))
   end
 
-  def init_railgun_defs
-    unless session.railgun.dlls.has_key?('libc')
-      session.railgun.add_dll('libc', 'libc.so.6')
-    end
-    session.railgun.add_function(
-      'libc',
-      'calloc',
-      'LPVOID',
-      [
-        ['SIZE_T', 'nmemb', 'in'],
-        ['SIZE_T', 'size', 'in']
-      ],
-      nil,
-      'cdecl'
-    )
-    session.railgun.add_function(
-      'libc',
-      'getpid',
-      'DWORD',
-      [],
-      nil,
-      'cdecl'
-    )
-    session.railgun.add_function(
-      'libc',
-      'inet_ntop',
-      'LPVOID',
-      [
-        ['DWORD', 'af', 'in'],
-        ['PBLOB', 'src', 'in'],
-        ['PBLOB', 'dst', 'out'],
-        ['DWORD', 'size', 'in']
-      ],
-      nil,
-      'cdecl'
-    )
-    session.railgun.add_function(
-      'libc',
-      'malloc',
-      'LPVOID',
-      [['SIZE_T', 'size', 'in']],
-      nil,
-      'cdecl'
-    )
-    session.railgun.add_function(
-      'libc',
-      'memfrob',
-      'LPVOID',
-      [
-        ['PBLOB', 'mem', 'inout'],
-        ['SIZE_T', 'length', 'in']
-      ],
-      nil,
-      'cdecl'
-    )
-  end
-
   def test_api_function_calls_linux
     return unless session.platform == 'linux'
-    init_railgun_defs
+
     buffer = nil
     buffer_size = 128
     buffer_value = nil
@@ -107,7 +50,7 @@ def test_api_function_calls_linux
     it "Should support functions with in/out/inout parameter types" do
       ret = true
       # first test in/out parameter types
-      result = session.railgun.libc.inet_ntop(2, "\x0a\x00\x00\x01", 128, 128)
+      result = session.railgun.libc.inet_ntop('AF_INET', "\x0a\x00\x00\x01", 128, 128)
       ret &&= result['GetLastError'] == 0
       ret &&= result['return'] != 0
       ret &&= result['dst'][0...8] == '10.0.0.1'
@@ -140,6 +83,8 @@ def test_api_function_calls_linux
       ret = true
       ret &&= session.railgun.memread(buffer, buffer_size) == buffer_value
     end
+
+    session.railgun.libc.free(buffer)
   end
 
   def test_api_function_calls_windows