Project

turborex

0.0
No commit activity in last 3 years
No release in over 3 years
turborexexistxfx/turborexHomepageDocumentationSource CodeBug TrackerWiki
This gem is mainly a proof of concept for the topic "Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM" on Code Blue 2020. It is a locator for RPC server/client routines and COM interface methods/client calls, so it can be used to search for Cross-Server Xrefs scenes. In addition, it also has other functions such as ALPC client/server.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
1,608
Stars
4
Forks
0
Watchers
2
 Releases
Current version
0.1.1
Total releases
1
First release
2020-10-30
Latest release
2020-10-30
 Issues
Open Issues
1
Closed Issues
0
Total Issues
1
Issue Closure Rate
0%
 Development
Primary Language
Ruby
Licenses
GPLv3
Average date of last 50 commits
2020-10-30
Reverse Dependencies
0

 Dependencies

Development

bundler
>= 0
juwelier
>= 0
pry-byebug
>= 0
rdoc
~> 3.12
rspec
>= 0
shoulda
>= 0
simplecov
>= 0

Runtime

docile
~> 1.3.2
os
>= 0
rex
~> 2.0.11
rgl
~> 0.5.6
win32-api
>= 0
 Project Readme

TurboRex

TurboRex is a Ruby gem for exploring MSRPC and COM. It is mainly a proof of concept for the topic "Automated Hunting for Cross-Server Xrefs in Microsoft RPC and COM" on Code Blue 2020.

Author

Exist@SycloverSecurity

Features

  • MSRPC server/client routines finder
  • COM interface methods finder
  • COM client finder(Not very useful)
  • ALPC server/client
  • COM client

Installation

To install Turborex, run

gem install turborex

And then install Metasm, please DON'T use the old version of Metasm hosted by Rubygems

Examples

Please take a look at the examples directory.

Troubleshooting

It is too slow, especially when searching for RPC client routines

There are many reasons for this result, such as my poor code quality, and the Ruby interpreter runs slower on Windows than Linux. There is a trick that can greatly increase the speed without changing too much code: running in WSL. But I did not fully test whether it is available in WSL, it may be necessary to modify the core library code.

License

See this license at LICENSE file.